Status: IN
Real-time security alerting from CloudTrail requires configuring a multi-service chain — CloudTrail delivers to CloudWatch Logs (requiring a dedicated IAM role), metric filters extract patterns from log streams, and CloudWatch alarms trigger on the resulting metrics — where each link has independent failure and misconfiguration potential.