AWS CloudTrail
User Guide (Version 1.0)

Viewing Events with CloudTrail Event History

You can troubleshoot operational and security incidents over the past seven days with the CloudTrail Event history feature. This feature lets you look up and filter the events recorded by CloudTrail. You can look up events related to creation, modification, or deletion of resources (such as IAM users or Amazon EC2 instances) in your AWS account on a per-region basis. Events can be viewed and downloaded by using the AWS CloudTrail console. You can programmatically look up events by using the AWS SDKs or AWS Command Line Interface.

This section describes how to look up events by using the CloudTrail console and the AWS CLI. It also describes how to download a file of events. For information on using the LookupEvents API to retrieve information from CloudTrail events, see the AWS CloudTrail API Reference.

For information on other ways to get and view CloudTrail log files, including those older than seven days, see Getting and Viewing Your CloudTrail Log Files.