hands-on lab

Analyzing Account Activity With AWS CloudTrail

Up to 1h 30m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


AWS CloudTrail is an account management tool that records user activity and API usage in AWS services. CloudTrail stores various types of events as logs in an Amazon S3 bucket, and provides various services that allow you to track, aggregate, and analyze the data.

In this lab, you will explore the offerings of the AWS CloudTrail service. You will review and track activity with CloudTrail by observing the event history dashboard and creating a trail. You will also aggregate specific data events into an event data store to form a CloudTrail lake.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Access CloudTrail Event history to look up and filter management events
  • Create a CloudTrail Trail to log S3 data events
  • Apply advanced event selectors to scope event criteria
  • Aggregate CloudTrail events into an Event Data Store
  • Form and query a CloudTrail Lake

Intended audience

  • Candidates for the AWS Certified Security - Specialty certification
  • Cloud Architects
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS CloudTrail

The following content can be used to fulfill the prerequisites:



March 4th, 2024 - Resolved CloudTrail issue

February 1st, 2024 - Updated screenshots and instructions to reflect the latest UI

Environment before

Environment after

About the author

Jun Fritz, opens in a new tab
Cloud Labs Developer
Learning paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Reviewing management events in AWS CloudTrail event history
Tracking S3 data events with an AWS CloudTrail trail
Generating S3 data events
Aggregating data with an AWS CloudTrail event data store
Querying an AWS CloudTrail Lake