CloudTrail Is Not Just a Log, It's Your AWS Security Camera

Nobody told me AWS CloudTrail was this important until something went wrong.
An unexpected API call showed up in our environment. No one on the team claimed it.
That one moment changed how I think about cloud monitoring forever.
Before that I treated CloudTrail like a checkbox. Enabled it because best practices said so. Never actually looked at the logs.
After that I started treating it like a security camera. Always on. Always watching. And you better know how to read what it's recording.
The fix wasn't complicated. Set up proper log filtering. Created alerts for suspicious API calls. Made it a habit to review weekly.
But the lesson hit hard.
Enabling a security tool is not the same as using it. Most breaches don't happen because the tool wasn't there. They happen because nobody was watching.
Turn it on. Then actually look at it.