Where can I view the operation logs of my AWS account? The default is no logging, you need to enable CloudTrail to log.
Enabling CloudTrail is as simple as using the AWS CloudTrail Console or the AWS CLI.
AWS CloudTrail Console
Log in to the AWS Management Console, then open the CloudTrail console, click the Get Stared Now button, and fill out the form. CloudTail saves logs in S3, it is recommended to use the new S3 Buket. There are also log file prefix, log file validation, Amazon SNS notifications options in Advanced. CloudTrail stores multiple events in a single log file, and SNS notification sends notifications once per file, not per event.
Once enabled, you can view logs from the CloudTrail console, add, update, delete, and disable trails.
AWS CLI
Create a trail
# Create a single-region trail
# The specified S3 bucket must already exist and have the appropriate CloudTrail permissions applied.
$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket
# Create a trail that applies to all regions
$ aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket --is-multi-region-trail
Start logging
After the create-trail command completes, run the start-logging command to start logging for that trail.When you create a trail with the CloudTrail console or the create-subscription command, logging is turned on automatically.
$ aws cloudtrail start-logging --name my-trail
Stop logging
$ aws cloudtrail stop-logging --name my-trail
Update Trail
# Converting a multi-region trail to a single-region trail
$ aws cloudtrail update-trail --name my-trail --no-is-multi-region-trail
# Enabling log file validation
$ aws cloudtrail update-trail --name my-trail --enable-log-file-validation
Get trail status
$ aws cloudtrail get-trail-status --name my-trail
Retrieve trail settings
$ aws cloudtrail describe-trails
Delete a trail
$ aws cloudtrail delete-trail --name my-trail
Deleting trail does not delete S3 and SNS topic
Creating and Updating a Trail with the CloudTrail Console
Creating and Updating a Trail with the AWS Command Line Interface