Menu
AWS CloudTrail
User Guide (Version 1.0)

Document History

The following table describes the documentation release history of AWS CloudTrail.

  • API version: 2013-11-01

  • Latest documentation update: October 13, 2017

Change Description Release Date

Updated documentation

This release updates the documentation of APIs supported in in CloudTrail Event history for Amazon Athena, AWS CodeBuild, Amazon EC2 Container Registry, and AWS Migration Hub.

For more information, see Services Supported by CloudTrail Event History.

October 13, 2017
Added service support This release supports Amazon Chime. See Business Productivity. September 27, 2017
Added functionality and documentation This release supports configuring data event logging for all Amazon S3 buckets in your AWS account. See Logging Data and Management Events for Trails. September 20, 2017
Added service support This release supports Amazon Lex. See Artificial Intelligence. August 15, 2017

Added service support

This release supports AWS Migration Hub. See Migration. August 14, 2017

Added functionality and documentation

This release supports CloudTrail being enabled by default for all AWS accounts. The past seven days of account activity are available in CloudTrail event history, and the most recent events appear on the console dashboard. The feature formerly known as API activity history has been replaced by Event history.

For more information, see How CloudTrail Works.

August 14, 2017

Added functionality and documentation

This release supports downloading events from the CloudTrail console on the API activity history page. You can download events in JSON or CSV format.

For more information, see Downloading Events.

July 27, 2017
Added functionality

This release supports logging Amazon S3 object level API operations in two additional regions, EU (London) and Canada (Central).

For more information, see Logging Data and Management Events for Trails.

July 19, 2017

Added service support

This release supports looking up APIs for Amazon CloudWatch Events in the CloudTrail API activity history feature.

For more information, see Amazon CloudWatch APIs.

June 27, 2017

Added functionality and documentation

This release supports additional APIs in the CloudTrail API activity history feature for the following services:

  • AWS CloudHSM

  • Amazon Cognito

  • Amazon DynamoDB

  • Amazon EC2

  • Kinesis

  • AWS Storage Gateway

For more information, see Services Supported by CloudTrail Event History.

June 27, 2017
Added service support This release supports AWS CodeStar. See Developer Tools. June 14, 2017
Added functionality and documentation

This release supports the following updates to the CloudTrail Processing Library:

  • Add support for different formats for SQS messages from the same SQS queue to identify CloudTrail log files. The following formats are supported:

    • Notifications that CloudTrail sends to an SNS topic

    • Notifications that Amazon S3 sends to an SNS topic

    • Notifications that Amazon S3 sends directly to an SQS queue

  • Add support for the deleteMessageUponFailure property, which you can use to delete messages that can't be processed.

For more information, see Using the CloudTrail Processing Library and the CloudTrail Processing Library on GitHub.

June 1, 2017

Added service support

This release supports Amazon Athena. See Analytics.

May 19, 2017
Added functionality

This release supports sending data events to Amazon CloudWatch Logs.

For more information about configuring your trail to log data events, see Data Events.

For more information about sending events to CloudWatch Logs, see Monitoring CloudTrail Log Files with Amazon CloudWatch Logs.

May 9, 2017
Added service support This release supports the AWS Marketplace Metering Service. See Additional Software & Services. May 2, 2017

Added service support

This release supports Amazon QuickSight. See Analytics.

April 28, 2017
Added functionality and documentation This release supports an updated console experience for creating new trails. You can now configure a new trail to log management and data events. For more information, see Creating a Trail. April 11, 2017
Added documentation

If CloudTrail is not delivering logs to your S3 bucket or sending SNS notifications from some regions in your account, you may need to update the policies.

To learn more about updating your S3 bucket policy, see Common S3 Policy Configuration Errors.

To learn more about updating your SNS topic policy, see Common SNS Policy Configuration Errors.

March 31, 2017
Added service support This release supports AWS Organizations. See Management Tools. February 27, 2017
Added functionality and documentation This release supports an updated console experience for configuring trails for logging management and data events. For more information, see Logging Data and Management Events for Trails. February 10, 2017

Added service support

This release supports Amazon Cloud Directory. See Security, Identity & Compliance.

January 26, 2017

Added functionality and documentation

This release supports looking up APIs for AWS CodeCommit, Amazon GameLift, and AWS Managed Services in the CloudTrail API activity history.

For more information, see Services Supported by CloudTrail Event History.

January 26, 2017

Added functionality

This release supports integration with the AWS Personal Health Dashboard.

You can use the Personal Health Dashboard to identify if your trails are unable to deliver logs to an SNS topic or S3 bucket. This can occur when there is an issue with the policy for the S3 bucket or SNS topic. Personal Health Dashboard notifies you about the affected trails and recommends ways to fix the policy.

For more information, see the AWS Health User Guide.

January 24, 2017

Added functionality and documentation

This release supports filtering by event source in the CloudTrail console. Event source shows the AWS service to which the request was made.

For more information, see Viewing CloudTrail Events in the CloudTrail Console.

January 12, 2017
Added service support This release supports AWS CodeCommit. See Developer Tools. January 11, 2017
Added service support This release supports Amazon Lightsail. See Compute. December 23, 2016
Added service support This release supports AWS Managed Services. See Management Tools. December 21, 2016
Added region support This release supports the EU (London) Region. See CloudTrail Supported Regions. December 13, 2016
Added region support This release supports the Canada (Central) Region. See CloudTrail Supported Regions. December 8, 2016

Added service support

This release supports AWS CodeBuild See Developer Tools.

This release supports AWS Health. See Support.

This release supports AWS Step Functions. See Application Services.

December 1, 2016

Added service support This release supports Amazon Polly. See Artificial Intelligence. November 30, 2016
Added service support This release supports AWS OpsWorks for Chef Automate. See Management Tools. November 23, 2016

Added functionality and documentation

This release supports configuring your trail to log read-only, write-only, or all events.

CloudTrail supports logging Amazon S3 object level API operations such as GetObject, PutObject, and DeleteObject. You can configure your trails to log object level API operations.

For more information, see Logging Data and Management Events for Trails.

November 21, 2016
Added functionality and documentation This release supports additional values for the type field in the userIdentity element: AWSAccount and AWSService. For more information, see the Fields for userIdentity. November 16, 2016
Added service support This release supports AWS Server Migration Service. See Migration. November 14, 2016
Added service support This release supports Application Auto Scaling. See Compute. October 31, 2016
Added region support This release supports the US East (Ohio) Region. See CloudTrail Supported Regions. October 17, 2016
Added functionality and documentation This release supports logging non-API AWS service events. For more information, see AWS Service Events. September 23, 2016
Added functionality and documentation This release supports using the CloudTrail console to view resource types that are supported by AWS Config. For more information, see Viewing Resources Referenced with AWS Config. July 7, 2016
Added service support This release supports AWS Service Catalog. See Management Tools. July 6, 2016

Added service support

This release supports Amazon Elastic File System (Amazon EFS). See Storage.

June 28, 2016

Added region support This release supports one additional region: ap-south-1 (Asia Pacific (Mumbai)). See CloudTrail Supported Regions. June 27, 2016
Added service support This release supports AWS Application Discovery Service. See Management Tools. May 12, 2016

Added service support

This release supports CloudWatch Logs in the South America (São Paulo) Region. For more information, see Monitoring CloudTrail Log Files with Amazon CloudWatch Logs.

May 6, 2016
Added service support This release supports AWS WAF. See Security, Identity & Compliance. April 28, 2016
Added service support This release supports AWS Support. See Support. April 21, 2016
Added service support This release supports Amazon Inspector. See Security, Identity & Compliance. April 20, 2016
Added service support This release supports AWS IoT. See Internet of Things. April 11, 2016
Added functionality and documentation This release supports logging AWS Security Token Service (AWS STS) API calls made with Security Assertion Markup Language (SAML) and web identity federation. For more information, see Values for AWS STS APIs with SAML and Web Identity Federation. March 28, 2016
Added service support This release supports AWS Certificate Manager. See Security, Identity & Compliance. March 25, 2016
Added service support This release supports Amazon Kinesis Firehose. See Analytics. March 17, 2016

Added service support

This release supports Amazon CloudWatch Logs. See Management Tools.

March 10, 2016

Added service support This release supports Amazon Cognito. See Mobile Services. February 18, 2016
Added service support This release supports AWS Database Migration Service. See Migration. February 4, 2016

Added service support

This release supports Amazon GameLift (GameLift). See Game Development.

January 27, 2016

Added service support

This release supports Amazon CloudWatch Events. See Management Tools.

January 16, 2016

Added region support This release supports one additional region: ap-northeast-2 (Asia Pacific (Seoul)). See CloudTrail Supported Regions. January 6, 2016

Added service support

This release supports Amazon EC2 Container Registry (Amazon ECR). See Compute.

December 21, 2015

Added functionality and documentation This release supports turning on CloudTrail across all regions and support for multiple trails per region. For more information, see How Does CloudTrail Behave Regionally and Globally?. December 17, 2015
Added service support This release supports Amazon Machine Learning. See Artificial Intelligence. December 10, 2015
Added functionality and documentation This release supports log file encryption, log file integrity validation, and tagging. For more information, see Encrypting CloudTrail Log Files with AWS KMS–Managed Keys (SSE-KMS), Validating CloudTrail Log File Integrity, and Updating a Trail. October 1, 2015
Added service support This release supports Amazon Elasticsearch Service. See Analytics. October 1, 2015
Added service support This release supports Amazon S3 bucket level events. See Storage. September 1, 2015

Added service support

This release supports AWS Device Farm. See Mobile Services.

July 13, 2015

Added service support

This release supports Amazon API Gateway. See Application Services.

July 9, 2015

Added service support

This release supports AWS CodePipeline. See Developer Tools.

July 9, 2015

Added service support

This release supports Amazon DynamoDB. See Database.

May 28, 2015

Added service support

This release supports CloudWatch Logs in the US West (N. California) region. See the CloudTrail release notes. For more information about CloudTrail support for CloudWatch Logs monitoring, see Monitoring CloudTrail Log Files with Amazon CloudWatch Logs.

May 19, 2015

Added service support

This release supports AWS Directory Service. See Security, Identity & Compliance.

May 14, 2015

Added service support

This release supports Amazon Simple Email Service (Amazon SES). See Application Services.

May 7, 2015

Added service support

This release supports Amazon EC2 Container Service See Compute.

April 9, 2015

Added service support

This release supports AWS Lambda. See Compute.

April 9, 2015

Added service support

This release supports Amazon WorkSpaces. See Desktop & App Streaming.

April 9, 2015

This release supports the lookup of AWS activity captured by CloudTrail (CloudTrail events). You can look up and filter events in your account related to creation, modification, or deletion. To look up these events, you can use the CloudTrail console, the AWS Command Line Interface (AWS CLI), or the AWS SDK. For more information, see Viewing Events with CloudTrail Event History.

March 12, 2015

Added service support and new documentation

This release supports Amazon CloudWatch Logs in the Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and EU (Frankfurt) regions. Additional CloudWatch alarm examples have been added to Creating CloudWatch Alarms for CloudTrail Events, and a new page has been added: Using a AWS CloudFormation Template to Create CloudWatch Alarms.

March 5, 2015

Added API support

This release supports Amazon EC2 Systems Manager (SSM). SSM lets you configure, manage and easily deploy custom Windows instance configurations. For more information about SSM, see Managing Windows Instance Configuration. For information about the SSM API calls logged by CloudTrail, see Logging SSM API Calls Using AWS CloudTrail.

February 17, 2015

New documentation

A new section that describes CloudTrail support for AWS Security Token Service (AWS STS) regional endpoints has been added to the CloudTrail Concepts page.

February 17, 2015

Added service support

This release supports Amazon Route 53. See Networking & Content Delivery.

February 11, 2015

Added service support

This release supports AWS Config. See Management Tools.

February 10, 2015

Added service support

This release supports AWS CloudHSM. See Security, Identity & Compliance.

January 8, 2015

Added service support

This release supports AWS CodeDeploy. See Developer Tools.

December 17, 2014

Added service support

This release supports AWS Storage Gateway. See Storage.

December 16, 2014

Added region support

This release supports one additional region: us-gov-west-1 (AWS GovCloud (US)). See CloudTrail Supported Regions.

December 16, 2014

Added service support

This release supports Amazon Glacier. See Storage.

December 11, 2014

Added service support

This release supports AWS Data Pipeline. See Analytics.

December 2, 2014

Added service support

This release supports AWS Key Management Service. See Security, Identity & Compliance.

November 12, 2014

New documentation

A new section, Monitoring CloudTrail Log Files with Amazon CloudWatch Logs, has been added to the guide. It describes how to use Amazon CloudWatch Logs to monitor CloudTrail log events.

November 10, 2014

New documentation

A new section, Using the CloudTrail Processing Library, has been added to the guide. It provides information about how to write a CloudTrail log processor in Java using the AWS CloudTrail Processing Library.

November 5, 2014

Added service support

This release supports Amazon Elastic Transcoder. See Application Services.

October 27, 2014

Added region support

This release supports one additional region: eu-central-1 (EU (Frankfurt)). See CloudTrail Supported Regions.

October 23, 2014

Added service support

This release supports Amazon CloudSearch. See Analytics.

October 16, 2014

Added service support

This release supports Amazon Simple Notification Service. See Messaging.

October 09, 2014

Added service support

This release supports Amazon ElastiCache. See Database.

September 15, 2014

Added service support

This release supports Amazon WorkDocs. See Business Productivity.

August 27, 2014

Added new content

This release includes a topic that discusses logging sign-in events. See AWS Console Sign-in Events.

July 24, 2014

Added new content

The eventVersion element for this release has been upgraded to version 1.02 and three new fields have been added. See CloudTrail Record Contents.

July 18, 2014

Added service support

This release supports Auto Scaling (see Compute) and Amazon SQS (see Messaging).

July 17, 2014

Added region support

This release supports three additional regions: ap-southeast-1 (Asia Pacific (Singapore)), ap-northeast-1 (Asia Pacific (Tokyo)), sa-east-1 (South America (São Paulo)). See CloudTrail Supported Regions.

June 30, 2014

Additional service support

This release supports Amazon Redshift. See Analytics.

June 10, 2014

Added service support

This release supports AWS OpsWorks. See Management Tools.

June 5, 2014

Added service support

This release supports Amazon CloudFront. See Networking & Content Delivery.

May 28, 2014

Added region support

This release supports three additional regions: us-west-1 (US West (N. California)), eu-west-1 (EU (Ireland)), ap-southeast-2 (Asia Pacific (Sydney)). See CloudTrail Supported Regions.

May 13, 2014

Added service support

This release supports Amazon Simple Workflow Service. See Application Services.

May 9, 2014

Added new content

This release includes topics that discuss sharing log files between accounts. See Sharing CloudTrail Log Files Between AWS Accounts.

May 2, 2014

Added service support

This release supports Amazon CloudWatch. See Management Tools.

April 28, 2014

Added service support

This release supports Amazon Kinesis. See Analytics.

April 22, 2014

Added service support

This release supports AWS Direct Connect. See Networking & Content Delivery.

April 11, 2014

Added service support

This release supports Amazon EMR. See Analytics.

April 4, 2014

Added service support

This release supports Elastic Beanstalk. See Compute.

April 2, 2014

Additional service support

This release supports AWS CloudFormation. See Management Tools.

March 7, 2014

New guide

This release introduces AWS CloudTrail.

November 13, 2013