mtesch
Ryan stated in the lecture that CloudTrail Logs every API Call in your AWS Account, well that’s not quite correct as CloudTrail does not support every AWS Service nor does CloudTrail log every API Call for supported AWS Services.
1 Answers
stephenosei74
According to Amazon; CloudTrail captures all API calls for Amazon EC2, Amazon EBS, and Amazon VPC as events, including calls from the console and from code calls to the APIs
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/using-cloudtrail.html
I guess it’s possible it might not cover all APIs looking at the pace AWS deploy newer services but for the exams or now, there is no service on AWS that captures API logs better than cloudtrail.
Well that’s a completely different statement. And I totally agree with that, CloudTrail is the go to service for auditlogging on AWS without a question. I just wanted to state that the statement every call is logged is not quite true and might become a pain point if someone relies on that.