AWS CloudTrail allows you to view and download the last 7 days of your account activity for create, modify, and delete operations of supported services free of charge.

There is no charge from AWS CloudTrail for creating a trail. By creating a CloudTrail trail, you can deliver two types of events to your Amazon S3 bucket.

  • Management Events: Represent administrative type of account activity for AWS services. For example, CloudTrail delivers Management Events for API calls such as launching EC2 instances or creating S3 buckets. The first copy of Management Events within each region is delivered free of charge. Additional copies of Management Events are charged at $2.00 per 100,000 events.
  • Data Events: Represent data or object level account activity for AWS resources. For example, CloudTrail delivers Data Events for S3 object level API such as Get, Put, Delete and List actions. Data Events are recorded only for the buckets you specify and are charged at $0.10 per 100,000 events.


Example

Your AWS account does not have AWS CloudTrail setup. Account activity recorded by AWS CloudTrail for the last 7 days can be viewed and searched free of charge from within the AWS CloudTrail console or AWS CLI.

Your AWS account has AWS CloudTrail setup and is configured to record duplicate copies of Management Events across two trails and Data Events in one trail. In a month, you had 150,000 Management Events and 2M Data Events. Your charges are calculated as follows:

Charges for the first copy of 150,000 Management Events = $0 (first copy of Management Events is free)

Charges for the second copy of 150,000 Management Events = 150,000 at a price of $2 per 100,000 events = $3

Charges for 2M Data Events = 2M at a price of $0.10 per 100,000 events = $2

 


Once a CloudTrail trail is setup, Amazon S3 charges apply based on your usage, since AWS CloudTrail delivers logs to an S3 bucket. Typical Amazon S3 charges are less than $3 per month for most accounts.

You can optionally specify an Amazon SNS topic to get notified about CloudTrail log file delivery to Amazon S3, send CloudTrail logs to CloudWatch Logs, or encrypt your CloudTrail logs using AWS Key Management Service (AWS KMS). When these features are used, standard usage charges for the related services apply. For this pricing information, see the pricing page for each service.