You can use event logs of ActionTrail to perform security analysis. With the logs you can retrieve logon information including the logon time, IP, and whether the multi-factor authentication is used.
ActionTrail records help you to identify the underlying cause of any abnormal change. For example, if an ECS instance is unexpectedly stopped, you can review the ActionTrail logs associated with that instance to learn who initiated the operation, from which IP, and at what time.
If you have multiple RAM users under your primary account, you can use ActionTrail to audit the operations of each user to meet compliance requirements.