AWS CloudTrail enables auditing, security monitoring, and operational monitoring by logging your AWS account activity. CloudTrail records two types of events: Management events that capture control plane actions such as creating or deleting Amazon S3 buckets, and data events that capture high-volume data plane actions such as reading or writing an Amazon S3 object.

Free Tier

You can get started with AWS CloudTrail for free. 

Log and search events with Event History
AWS CloudTrail logs management events across AWS services by default. You can view, search, and download the most recent 90-day history of your account’s management events for free using CloudTrail in the AWS console or the AWS CLI Lookup API.
 
Deliver events by creating trails
You can deliver one copy of your ongoing management events to Amazon S3 for free by creating trails. This lets you store events in S3 past 90 days.

You can learn more about the AWS Free Tier here.

Pay only for what you use. There is no minimum fee.

Deliver additional copies of events and data events by using trails
You can deliver additional copies of events, including data events, using trails. Trails can be created for a single AWS account, or for multiple AWS accounts using AWS Organizations. See pricing in the table below.
Note: If the management account has an organization trail delivering management events, the same events delivered with trails created in member accounts are charged as additional copies.
 
Identify unusual activity in your account
AWS CloudTrail Insights analyzes write management event API calls in your AWS account and detects unusual activity. See pricing in the table below.

Integrate with other AWS services

Trails deliver events to you in the Amazon S3 bucket that you choose and can optionally deliver events to Amazon CloudWatch Logs. You can also specify an Amazon SNS topic to get notified of deliveries and encrypt the delivered logs using AWS Key Management Service (KMS). Standard rates for Amazon S3, Amazon CloudWatch Logs, Amazon SNS, and AWS Key Management Service (KMS) apply.

Pricing examples

Example 1 – Delivering management events

Let’s assume you have 300,000,000 management events delivered to S3 in a given month.

First copy of management events delivered @$0 = 300,000,000 * $0 = $0
Monthly CloudTrail charges = $0

Example 2 – Delivering management and data events

Let’s assume you have 300,000,000 management events and 500,000,000 data events delivered to S3 in a given month.

First copy of management events delivered @$0 = 300,000,000 * $0 = $0
Data events @$0.10 per 100,000 events = 500,000,000 / 100,000 * $0.10 = $500
Monthly CloudTrail charges = $500

Example 3 – Delivering management and data events plus additional copies

Let’s assume you have the following usage in a given month:

300,000,000 management events delivered
500,000,000 data events delivered
6,000,000 management events are copies across organization and account-level trails
100,000,000 data events are copies across organization and account-level trails

First copy of management events delivered @$0 = 300,000,000 * $0 = $0
Data events @$0.10 per 100,000 events = (500,000,000 + 100,000,000 additional copies of data events delivered) / 100,000 * $0.10 = $600
Copies of management events delivered @$2.00 per 100,000 events = 6,000,000 / 100,000 * $2.00 = $120
Monthly CloudTrail charges = $720

Example 4 – Identifying unusual activities with CloudTrail Insights

Let’s assume you have the following usage in a given month:

300,000,000 management events delivered to S3
20,000,000 write management events analyzed by CloudTrail Insights

Cost of CloudTrail trails:
First copy of management events delivered @$0 = 300,000,000 * $0 = $0
Monthly CloudTrail trails charges = $0

Cost of CloudTrail Insights:
CloudTrail Insights events analyzed @$0.35 per 100,000 events = 20,000,000 / 100,000 * $0.35 = $70
Monthly CloudTrail Insights charges = $70
Total monthly CloudTrail charges = $70

Additional pricing resources

Managing CloudTrail Costs: Best practices to manage CloudTrail costs
AWS Cost Anomaly Detection: Mitigate unexpected AWS costs

Learn how to get started with AWS CloudTrail

Visit the getting started page
Ready to build?
Get started with AWS CloudTrail
Have more questions?
Contact us