AWS CloudTrail allows AWS customers to record API calls, sending log files to Amazon S3 buckets for storage. The service provides API activity data including the identity of an API caller, the time of an API call, the source of the IP address of an API caller, the request parameters and the response elements returned by the AWS service.
CloudTrail can be configured to publish a notification for each log file delivered, allowing users to take action upon log file delivery -- a process that according to AWS should only take about 15 minutes. It can also be configured to aggregate log files across multiple accounts so that log files are delivered to a single S3 bucket.
The service can facilitate regulatory compliance reporting for organizations that use AWS and need to track the API calls for one or more AWS account. CloudTrail can also be configured to support security information (SIEM) and event management platforms and and resource management.