Establishing Enterprise Architecture on AWS
AWS Whitepaper

Governance and Auditability

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail you can log every API call made. This enables compliance with governance bodies, internal and external to your organization. CloudTrail gives your organization transparency across its entire AWS landscape. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Amazon CloudWatch is a monitoring service for AWS Cloud resources and the applications you run on AWS. You can use CloudWatch to collect and track metrics, collect, and monitor log files, set alarms, and automatically react to changes in your AWS resources. CloudWatch monitors and logs the behavior of your application landscape. CloudWatch can also trigger events based on the behavior of your application.

While CloudTrail tracks usage of AWS, CloudWatch monitors your application landscape. In combination, these two services help with architecture governance and audit functions.