AWS CloudTrail
User Guide (Version 1.0)

Viewing Events with CloudTrail API Activity History

To troubleshoot operational and security incidents, you can use the CloudTrail API Activity History feature. This feature lets you look up and filter events captured by CloudTrail. You can look up events related to the creation, modification, or deletion of resources in your AWS account on a per-region basis. Events can be looked up by using the AWS CloudTrail console, or programmatically by using the AWS SDKs or AWS Command Line Interface. This section describes how to look up events by using the CloudTrail console and the AWS CLI. For information on using the LookupEvents API to retrieve information from CloudTrail events, see the AWS CloudTrail API Reference.


When you stop logging, CloudTrail stops delivering events to your Amazon S3 bucket. As a result, any events that occurred when CloudTrail logging was disabled will not be captured, and they will not be available for viewing.

You can use the CloudTrail console, AWS CLI, or AWS SDKs to review API activity for a region for the times in which you had CloudTrail turned on in that region during the last seven days. For information on other ways to get and view CloudTrail log files, including those older than seven days, see Getting and Viewing Your CloudTrail Log Files.