Viewing Events with CloudTrail API Activity History
To troubleshoot operational and security incidents, you can use the CloudTrail API
Activity History feature. This feature lets you look up and filter events
captured by CloudTrail. You can look up events related to the creation, modification, or deletion
of resources in your AWS account on a per-region basis. Events can be looked up by using the
AWS CloudTrail console, or programmatically by using the AWS SDKs or AWS Command Line Interface. This section
describes how to look up events by using the CloudTrail console and the AWS CLI. For information on
LookupEvents API to retrieve information from CloudTrail events, see the
AWS CloudTrail API Reference.
When you stop logging, CloudTrail stops delivering events to your Amazon S3 bucket. As a result, any events that occurred when CloudTrail logging was disabled will not be captured, and they will not be available for viewing.
You can use the CloudTrail console, AWS CLI, or AWS SDKs to review API activity for a region for the times in which you had CloudTrail turned on in that region during the last seven days. For information on other ways to get and view CloudTrail log files, including those older than seven days, see Getting and Viewing Your CloudTrail Log Files.