Amazon CloudWatch Events
User Guide

Amazon CloudWatch Events Prerequisites

Amazon CloudWatch Events has the following prerequisites:

  • User accounts—Although you can use your root account, we recommend that you use an AWS Identity and Access Management (IAM) account. If you're using an IAM account, you must have "events:*" and "iam:PassRole" permissions:

      "Version": "2012-10-17",
      "Statement": [
          "Action": [
          "Effect": "Allow",
          "Resource": "*"
  • AWS CloudTrail logging—If you want to log AWS API calls in CloudWatch Events, you must turn on AWS CloudTrail. For more information, see Turning on CloudTrail in Additional Accounts in the AWS CloudTrail User Guide.

  • AWS Security Token Service (AWS STS)—Regional endpoints must be enabled (the default) in order to use Amazon CloudWatch Events. For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.