CloudTrail has probably the worst developer experience I had with AWS recently. CloudTrail itself is an immensely useful service: it gives insights into the
events that are happening in an account, such as who made changes to what resource, console logins, and also to some extent who accessed what.