CloudTrail Flashcards
This deck aims to help retain concepts related to the AWS CloudTrail service.
What is the default data retention period for the CloudTrail service?
90 days
Which CloudTrail component allows logs to be delivered to S3, CloudWatch Logs, or CloudWatch Events?
Trail
Is CloudTrail a real-time solution?
No, logs usually take up to 15 minutes to deliver
In which region are CloudTrail log events recorded for global services such as IAM, SNS, and CloudFront?
These events are logged in the us-east-1 region; only global trails can catch these logs
Which types of events does CloudTrail log?
- Management events
- Data events
- Insight events
Which type of CloudTrail events provides information known as control plane operations (e.g., resource creation, policy attachment)?
Management events
Which type of events does CloudTrail log by default?
Management events only
Which type of CloudTrail events provides information known as data plane operations (e.g., object deletion from an S3 bucket, SNS publish)?
Data events
Which type of CloudTrail events provides information on UNUSUAL API call rates or error rate activity (e.g., an account typically logs 20 deleteBucket API calls, but starts to log an average of 100 deleteBucket API calls)?
Insight events
How can you stop incurring charges for an AWS CloudTrail Trail?
By deleting the trail or temporarily stopping logging
