Monitoring Events with CloudTrail - AWS Control Tower

Monitoring Events with CloudTrail

With AWS CloudTrail, you can monitor your AWS environment in the cloud by getting a history of AWS API calls for your accounts. For example, you can identify the users and accounts that called AWS APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred. You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of your trails, and control how administrators turn CloudTrail logging on and off. For more information, see AWS CloudTrail User Guide.

AWS Control Tower sets up a new trail when you set up a landing zone. AWS Control Tower configures CloudTrail to enable centralized logging and auditing. It can be used in the management account to review administrative actions and lifecycle events.

When you enroll an account into AWS Control Tower, your account is governed by the AWS CloudTrail trail for the AWS Control Tower organization. If you have an existing deployment of a CloudTrail trail in that account, you may see duplicate charges unless you delete the existing trail for the account before you enroll it in AWS Control Tower.