Audit trail logs allow all management/logical events administered within the cloud environment to be captured and stored. AWS CloudTrail, Azure control management logs, and GCP Cloud Audit Logging are all native services that provide administrative audit trails to understand how users are interacting with the cloud environment.
In order to build validated environments (GxP, HIPAA), or just to maintain a scalable and sustainable enterprise cloud environment, it is paramount to be able to track the actions of the hundreds of users who may be interacting with the cloud environment. The native audit logs enable this capability.
Since all cloud providers' services are built on top of scalable APIs, all interactions with the cloud environment can be boiled down to API calls (even changes made using the GUI). The logs these API calls generate contain a wealth of information, including (but not limited to):
- Event type, name, time, and source
- Access key ID
- Account ID
- Username
- Region
- Source IP address
- Request parameters
- Response elements
These logs are stored within cloud storage targets or within the cloud services themselves, but can be exported and assimilated with other logs for centralization, giving users a 360-degree view of multiple accounts.