hands-on labAnalyzing Account Activity With AWS CloudTrail
1h 30m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab steps
Logging In to the Amazon Web Services Console
Reviewing management events in AWS CloudTrail event history
Tracking S3 data events with an AWS CloudTrail trail
Generating S3 data events
Aggregating data with an AWS CloudTrail event data store
Querying an AWS CloudTrail Lake
Lab description

AWS CloudTrail is an account management tool that records user activity and API usage in AWS services. CloudTrail stores various types of events as logs in an Amazon S3 bucket, and provides various services that allow you to track, aggregate, and analyze the data.

In this lab, you will explore the offerings of the AWS CloudTrail service. You will review and track activity with CloudTrail by observing the event history dashboard and creating a trail. You will also aggregate specific data events into an event data store to form a CloudTrail lake.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Access CloudTrail Event history to look up and filter management events
  • Create a CloudTrail Trail to log S3 data events
  • Apply advanced event selectors to scope event criteria
  • Aggregate CloudTrail events into an Event Data Store
  • Form and query a CloudTrail Lake

Intended audience

  • Candidates for the AWS Certified Security - Specialty certification
  • Cloud Architects
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS CloudTrail

The following content can be used to fulfill the prerequisites:

Environment before
environment before preview
Environment after
environment after preview
About the author
Jun Fritz
Cloud Labs Developer
Learning Paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics