AWS CloudTrail Reviews

Whenever we need to find out who made the API call or who terminated the instance or service. AWS CloudTrail was really helpful for me to figure out who the user is and who has triggered the action or made the API call. It helps find who terminated an instance or service. The tool was very helpful for me. I always check my CloudTrail logs and by username, and I could find a lot of helpful information.

It would be good if we were able to integrate with other services as well. From what I am aware of, we do the monitoring. We can integrate AWS CloudTrail with CloudWatch, Amazon Athena, and EventBridge. If we can integrate AWS CloudTrail with more services, then it can be a more helpful product for the organization.

I have been using AWS CloudTrail for years. I am a customer and user of Amazon tools.

From a scalability point of view, the tool has no issue, and it is completely fine. Scalability-wise, I rate the solution a nine out of ten.

The tool has been set up and integrated with our company's services, so it exists in the cloud environment. Whoever has access to the cloud, mainly the DevOps team uses AWS CloudTrail to identify or zero down the event or the user who made the API call. The DevOps team mostly uses the tool to manage the cloud environment.

I have used AWS CloudFormation.

The product's initial setup phase is not pretty straightforward. I will say that the setup phase is a little bit complex. You should have some knowledge when you are setting up AWS CloudTrail. On a scale of one to ten, I would rate the setup phase a six for the visibility.

From the time perspective, it doesn't take much time if you are aware of how to set up the tool, as it is quite a fast process and can be done in very less time.

AWS CloudTrail's most valuable feature in enhancing your compliance audit is that it gives me the ability to search for users who have made different API calls, which is something I find really helpful in AWS in most cases. I searched for the user who made that API call or identified it easily by using the search feature in AWS CloudTrail.

My company has integrated AWS CloudTrail with Amazon EventBridge and Amazon Athena. When we integrated AWS CloudTrail with Amazon Athena, we could easily enhance our analysis. For example, if I want to identify the trend and isolate some activity by attribute or source IP address, then I will use CloudTrail logs integrated with Amazon Athena. I could easily isolate activities associated with the source IP address.

The tool is easy to use, and I rate it seven out of ten. You need to have some knowledge of AWS CloudTrail because you have to run some queries or filter the source IP address. You should have some knowledge about the tool.

I recommend the tool to others.

I have not used the tool's AI capabilities.

I rate the tool a nine out of ten.

It's like a native feature. It's like a single audit point for everything AWS. Any changes made by users or roles get saved in CloudTrail. It's gotta be enabled; it's the most important security feature on AWS.

Maybe if we could do direct queries on CloudTrail without needing to export it to Athena, that'd be great. 

I have been using it for three years now. 

It is a stable solution. AWS handles it well.

There are five to six admins using this solution, we don't have separate user groups.

It is a one-click deployment.

CloudTrail itself is free of cost. 

I'd advise to integrate it with your security solution and correlate logs across AWS. That's the single point to start understanding if your account is compromised. And always keep a backup of the logs.

And make sure those logs are kept in a separate AWS account from the main one. First thing any attacker would do is delete those logs to cover their tracks. Forensics becomes very tough without them.

Overall, I would rate the solution a ten out of ten.

We use it for auditing to ensure secure AWS environments. Most of our customers require FSA compliance, which necessitates proper logging and auditing. We've enabled CloudTrail for most services for this reason.

AWS CloudTrail helps in accelerating incident investigation and response. It increases it because I pull out the logs to CloudTrail, and from CloudTrail watch, I'll send it to the Security Hub and do a visualization with Prometheus and Grafana. 

Our software engineer can then visualize and perform a root cause analysis (RCA) of any issues that happen. So, it has accelerated both troubleshooting scenarios and proactive monitoring.

CloudTrail is invaluable for compliance, security, and auditing, especially during audits. It allows me to easily retrieve necessary details for our organization.

However, it does increase the security and compliance angle. This covers everything. For example, if we take a customer from a healthcare perspective, I have all the HIPAA-related compliance services to ensure I can meet those requirements. It's not a problem.

I like Active Directory group policy auditing. If enabled, I receive automatic notifications when someone changes a password, eliminating the need to manually check Active Directory for these events.

It's getting better, but it's not perfect because technology landscapes and use cases constantly evolve. There's a lot happening, so it's not perfect. It's improving.

It is a very stable product. I have not faced any issues in the cloud environment. 

Anyone in our organization using AWS will be using CloudTrail. Security is built into our DNS, it doesn't separate.

So, there are about 40 to 45 end users. 

In the initial stages, when I faced challenges, I used to contact support very frequently. 

However, once I started using CloudTrail for all accounts and became familiar with it, I was able to handle most configuration aspects from a CloudTrail standpoint without needing much assistance from AWS support.

The initial setu is easy. There is a lot of documentation available on the AWS website. I can easily refer to that if I get stuck anywhere. 

Plus, there's a great community available. If I just post a question there, I'm happy to get all the details. 

Whether I was stuck, the community, all the documentation, or white papers provided me with the right solutions and answers. So there were no deployment roadblocks for me.

CloudTrail is a native AWS service, so on-premises deployment isn't possible.

It is a very cheap service because management is a SaaS offering from AWS.

The cost depends on how many files you enable, but it's very compatible with other AWS tools.

My advice depends on whether you're a BFSA customer or a healthcare customer. Specific parameters need to be enabled based on your industry. With that configuration, you'll be able to trigger notifications and pull out data.  

Overall, I would rate the solution an eight out of ten because when you consider all business sectors like healthcare, shipping, retail, manufacturing, and research & development, each generates different types of files and events.  

We use the product for monitoring activities of AWS accounts in terms of operational review, governance, and compliance.

The product’s most valuable feature is monitoring. Changes in AWS account at the application and resource level are easily audited with cloudtrail.

The platform’s reporting log sheet feature could be more user-friendly.

We have been using AWS CloudTrail for three years now.

It is a stable product.

We have three administrators using AWS CloudTrail in our organization.

The initial setup is easy. It has default functionality for application and resource-level monitoring of databases.

I rate AWS CloudTrail an eight out of ten. I recommend the solution if you are auditing compliance and security for data usage.