AWS CloudTrail Reviews

We use it for auditing to ensure secure AWS environments. Most of our customers require FSA compliance, which necessitates proper logging and auditing. We've enabled CloudTrail for most services for this reason.

AWS CloudTrail helps in accelerating incident investigation and response. It increases it because I pull out the logs to CloudTrail, and from CloudTrail watch, I'll send it to the Security Hub and do a visualization with Prometheus and Grafana. 

Our software engineer can then visualize and perform a root cause analysis (RCA) of any issues that happen. So, it has accelerated both troubleshooting scenarios and proactive monitoring.

CloudTrail is invaluable for compliance, security, and auditing, especially during audits. It allows me to easily retrieve necessary details for our organization.

However, it does increase the security and compliance angle. This covers everything. For example, if we take a customer from a healthcare perspective, I have all the HIPAA-related compliance services to ensure I can meet those requirements. It's not a problem.

I like Active Directory group policy auditing. If enabled, I receive automatic notifications when someone changes a password, eliminating the need to manually check Active Directory for these events.

It's getting better, but it's not perfect because technology landscapes and use cases constantly evolve. There's a lot happening, so it's not perfect. It's improving.

It is a very stable product. I have not faced any issues in the cloud environment. 

Anyone in our organization using AWS will be using CloudTrail. Security is built into our DNS, it doesn't separate.

So, there are about 40 to 45 end users. 

In the initial stages, when I faced challenges, I used to contact support very frequently. 

However, once I started using CloudTrail for all accounts and became familiar with it, I was able to handle most configuration aspects from a CloudTrail standpoint without needing much assistance from AWS support.

The initial setu is easy. There is a lot of documentation available on the AWS website. I can easily refer to that if I get stuck anywhere. 

Plus, there's a great community available. If I just post a question there, I'm happy to get all the details. 

Whether I was stuck, the community, all the documentation, or white papers provided me with the right solutions and answers. So there were no deployment roadblocks for me.

CloudTrail is a native AWS service, so on-premises deployment isn't possible.

It is a very cheap service because management is a SaaS offering from AWS.

The cost depends on how many files you enable, but it's very compatible with other AWS tools.

My advice depends on whether you're a BFSA customer or a healthcare customer. Specific parameters need to be enabled based on your industry. With that configuration, you'll be able to trigger notifications and pull out data.  

Overall, I would rate the solution an eight out of ten because when you consider all business sectors like healthcare, shipping, retail, manufacturing, and research & development, each generates different types of files and events.  

It's like a native feature. It's like a single audit point for everything AWS. Any changes made by users or roles get saved in CloudTrail. It's gotta be enabled; it's the most important security feature on AWS.

Maybe if we could do direct queries on CloudTrail without needing to export it to Athena, that'd be great. 

I have been using it for three years now. 

It is a stable solution. AWS handles it well.

There are five to six admins using this solution, we don't have separate user groups.

It is a one-click deployment.

CloudTrail itself is free of cost. 

I'd advise to integrate it with your security solution and correlate logs across AWS. That's the single point to start understanding if your account is compromised. And always keep a backup of the logs.

And make sure those logs are kept in a separate AWS account from the main one. First thing any attacker would do is delete those logs to cover their tracks. Forensics becomes very tough without them.

Overall, I would rate the solution a ten out of ten.

We use the product for monitoring activities of AWS accounts in terms of operational review, governance, and compliance.

The product’s most valuable feature is monitoring. Changes in AWS account at the application and resource level are easily audited with cloudtrail.

The platform’s reporting log sheet feature could be more user-friendly.

We have been using AWS CloudTrail for three years now.

It is a stable product.

We have three administrators using AWS CloudTrail in our organization.

The initial setup is easy. It has default functionality for application and resource-level monitoring of databases.

I rate AWS CloudTrail an eight out of ten. I recommend the solution if you are auditing compliance and security for data usage.