CloudTrail is a service that records all API calls made to the AWS from your account. The tool is very useful for troubleshooting operational issues and, of course, is a key component of managing the security and compliance of an AWS account. The tool articulates around a concept of the "trail." Each trail lets you log any API activity undertaken on your account. Price-wise, the first trail created is always free and therefore, using this service is a no-brainer.

In the following section, we will create a CloudFormation stack using troposphere to log all API activities. CloudTrail stores up to 7 days' worth of activity; in order to extend that duration, we will take advantage of its ability also to export the data to an S3 bucket.