AWS CloudTrail
API Reference (API Version 2013-11-01)


The Amazon S3 objects that you specify in your event selectors for your trail to log data events. Data events are object-level API operations that access S3 objects, such as GetObject, DeleteObject, and PutObject. You can specify up to 250 S3 buckets and object prefixes for a trail.


  1. You create an event selector for a trail and specify an S3 bucket and an empty prefix, such as arn:aws:s3:::bucket-1/.

  2. You upload an image file to bucket-1.

  3. The PutObject API operation occurs on an object in the S3 bucket that you specified in the event selector. The trail processes and logs the event.

  4. You upload another image file to a different S3 bucket named arn:aws:s3:::bucket-2.

  5. The event occurs on an object in an S3 bucket that you didn't specify in the event selector. The trail doesn’t log the event.



The resource type in which you want to log data events. You can specify only the following value: AWS::S3::Object.

Type: String

Required: No


A list of ARN-like strings for the specified S3 objects.

To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this S3 bucket.

To log data events for specific objects, specify the S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in this S3 bucket that match the prefix.

Type: Array of strings

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

On this page: