docs.aws.amazon.com
Open in
urlscan Pro
108.138.36.2
Public Scan
Submitted URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/loggingmanagement-and-data-events-withcloudtrail.html?icmpid=docs...
Effective URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Submission: On June 14 via api from US — Scanned from DE
Effective URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Submission: On June 14 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
SELECT YOUR COOKIE PREFERENCES We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can click “Customize cookies” to decline performance cookies. If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To continue without accepting these cookies, click “Continue without accepting.” To make more detailed choices or learn more, click “Customize cookies.” Accept all cookiesContinue without acceptingCustomize cookies CUSTOMIZE COOKIE PREFERENCES We use cookies and similar tools (collectively, "cookies") for the following purposes. ESSENTIAL Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms. PERFORMANCE Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes. Allow performance category Allowed FUNCTIONAL Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly. Allow functional category Allowed ADVERTISING Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising. Allow advertising category Allowed Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by clicking Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice . CancelSave preferences UNABLE TO SAVE COOKIE PREFERENCES We will only store essential cookies at this time, because we were unable to save your cookie preferences. If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists. Dismiss Contact Us English Create an AWS Account 1. AWS 2. ... 3. Documentation 4. AWS CloudTrail 5. User Guide Feedback Preferences AWS CLOUDTRAIL USER GUIDE * What Is AWS CloudTrail? * How CloudTrail works * CloudTrail workflow * CloudTrail concepts * CloudTrail supported Regions * CloudTrail log file examples * CloudTrail supported services and integrations * CloudTrail unsupported services * Quotas in AWS CloudTrail * CloudTrail tutorial * Working with CloudTrail * Viewing events with CloudTrail Event history * Viewing CloudTrail events in the CloudTrail console * Viewing CloudTrail events with the AWS CLI * Viewing CloudTrail Insights events * Viewing CloudTrail Insights events in the CloudTrail console * Viewing CloudTrail Insights events with the AWS CLI * Creating a trail for your AWS account * Creating and updating a trail with the console * Creating a trail * Updating a trail * Deleting a trail * Turning off logging for a trail * Creating, updating, and managing trails with the AWS Command Line Interface * Using create-trail * Using update-trail * Managing trails with the AWS CLI * Creating a trail for an organization * Event history and organization trails * Best practices for moving from member account trails to organization trails * Prepare for creating a trail for your organization * Creating a trail for your organization in the console * Creating a trail for an organization with the AWS Command Line Interface * Copying trail events to CloudTrail Lake * Getting and viewing your CloudTrail log files * Finding your CloudTrail log files * Downloading your CloudTrail log files * Configuring Amazon SNS notifications for CloudTrail * Controlling user permissions for CloudTrail * Tips for managing trails * Managing CloudTrail costs * CloudTrail naming requirements * Amazon S3 bucket naming requirements * AWS KMS alias naming requirements * Using AWS CloudTrail with interface VPC endpoints * Viewing service-linked channels by using the AWS CLI * Working with CloudTrail Lake * CloudTrail Lake supported Regions * Create an event data store * Create an event data store for CloudTrail events * Create an event data store for AWS Config configuration items * Configuration item schema * Create an event data store for events outside of AWS * Manage event data store lifecycles * Stop an event data store from ingesting events * Copy trail events to an event data store * Event copy details * Create an integration with an event source outside of AWS * CloudTrail Lake integrations event schema * View Lake dashboards * Create or edit a query * Example queries * Run a query and save query results * Additional information about saved query results * View query results * Get and download saved query results * Find your CloudTrail Lake saved query results * Download saved query results * Validate saved query results * Validate query results with the command line * CloudTrail sign file structure * Custom implementations of CloudTrail query results validation * Learning resources * Managing CloudTrail Lake by using the AWS CLI * CloudTrail Lake SQL constraints * Supported CloudWatch metrics * CloudTrail log files * Create multiple trails * Logging management events * Logging data events * Logging Insights events for trails * Receiving CloudTrail log files from multiple Regions * Managing data consistency * Monitoring CloudTrail log files with Amazon CloudWatch Logs * Sending events to CloudWatch Logs * Creating CloudWatch alarms with an AWS CloudFormation template * Creating CloudWatch alarms for CloudTrail events: examples * Stopping CloudTrail from sending events to CloudWatch Logs * CloudWatch log group and log stream naming for CloudTrail * Role policy document for CloudTrail to use CloudWatch Logs for monitoring * Receiving CloudTrail log files from multiple accounts * Setting bucket policy for multiple accounts * Turning on CloudTrail in additional accounts * Sharing CloudTrail log files between AWS accounts * Creating a role * Creating an access policy to grant access to accounts you own * Creating an access policy to grant access to a third party * Assuming a role * Stop sharing CloudTrail log files between AWS accounts * Validating CloudTrail log file integrity * Enabling log file integrity validation for CloudTrail * Validating CloudTrail log file integrity with the AWS CLI * CloudTrail digest file structure * Custom implementations of CloudTrail log file integrity validation * Using the CloudTrail Processing Library * Settings * Organization delegated administrator * Required permissions to assign a delegated administrator * Add a CloudTrail delegated administrator * Remove a CloudTrail delegated administrator * Security * Data protection * Identity and Access Management * How AWS CloudTrail works with IAM * Identity-based policy examples * Resource-based policy examples * Amazon S3 bucket policy for CloudTrail * Amazon S3 bucket policy for CloudTrail Lake query results * Amazon SNS topic policy for CloudTrail * Troubleshooting * Using service-linked roles * AWS managed policies * Compliance validation * Resilience * Infrastructure security * Cross-service confused deputy prevention * Security best practices * Encrypting CloudTrail log files with AWS KMS keys (SSE-KMS) * Granting permissions to create a KMS key * Configure AWS KMS key policies for CloudTrail * Default KMS key policy created in CloudTrail console * Updating a resource to use your KMS key * Enabling and disabling CloudTrail log file encryption with the AWS CLI * Log event reference * CloudTrail record contents * Example sharedEventID * Services that support TLS details in CloudTrail * CloudTrail userIdentity element * Insights insightDetails element * Non-API events captured by CloudTrail * AWS service events * AWS Management Console sign-in events * Document history * AWS glossary What Is AWS CloudTrail? - AWS CloudTrail AWSDocumentationAWS CloudTrailUser Guide WHAT IS AWS CLOUDTRAIL? PDFRSS AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs. CloudTrail is enabled on your AWS account when you create it. When activity occurs in your AWS account, that activity is recorded in a CloudTrail event. You can easily view recent events in the CloudTrail console by going to Event history. For an ongoing record of activity and events in your AWS account, create an event data store or create a trail. For more information about CloudTrail pricing, see AWS CloudTrail Pricing. Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity. You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of event data stores and trails you create, and control how users view CloudTrail events. TOPICS * How CloudTrail works * CloudTrail workflow * CloudTrail concepts * CloudTrail supported Regions * CloudTrail log file examples * CloudTrail supported services and integrations * Quotas in AWS CloudTrail Javascript is disabled or is unavailable in your browser. To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. Document Conventions How CloudTrail works Did this page help you? - Yes Thanks for letting us know we're doing a good job! If you've got a moment, please tell us what we did right so we can do more of it. Did this page help you? - No Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better. Did this page help you? Yes No Provide feedback Next topic:How CloudTrail works Need help? * Try AWS re:Post * Connect with an AWS IQ expert PrivacySite termsCookie preferences © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. DID THIS PAGE HELP YOU? - NO Thanks for letting us know this page needs work. We're sorry we let you down. If you've got a moment, please tell us how we can make the documentation better. Feedback