Amazon Monitron information in CloudTrail

CloudTrail is enabled for your AWS users when you create your account. When supported event activity occurs in Amazon Monitron, that activity is recorded in a CloudTrail event along with other AWS service events in Event history. You can view, search, and download recent events in your AWS account. For more information, see Viewing Events with CloudTrail Event History.

For an ongoing record of events in your AWS account, including events for Amazon Monitron, create a trail. A trail enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following:

• Overview for Creating a Trail

• CloudTrail Supported Services and Integrations

• Configuring Amazon SNS Notifications for CloudTrail

• Receiving CloudTrail Log Files from Multiple Regions and Receiving CloudTrail Log Files from Multiple Accounts

Amazon Monitron supports logging a number of actions as events. Although the operations are publicly accessible through the AWS console or the Amazon Monitron mobile app, the APIs themselves are not public and are subject to change. They are meant for logging purposes only, and applications should not be built with them.

Amazon Monitron supports the following actions as events in CloudTrail log files:

• CreateProject

• UpdateProject

• DeleteProject

• GetProject

• ListProjects

• AssociateProjectAdminUser

• DisassociateProjectAdminUser

• ListProjectAdminUsers

• GetProjectAdminUser

• TagResource

• UntagResource

• ListTagsForResource

• CreateSensor

• UpdateSensor

• DeleteSensor

• CreateGateway

• DeleteGateway

• CreateSite

• UpdateSite

• DeleteSite

• CreateAsset

• UpdateAsset

• DeleteAsset

• CreateAssetStateTransition

• CreateUserAccessRoleAssociation

• UpdateUserAccessRoleAssociation

• DeleteUserAccessRoleAssociation

• FinishSensorCommissioning

• StartSensorCommissioning

Every event or log entry contains information about who generated the request. This contains details about the type of IAM identity that made the request, and which credentials were used. If temporary credentials were used, the element shows how the credentials were obtained. The identity information helps you determine the following:

• Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials

• Whether the request was made with temporary security credentials for a role or federated user

• Whether the request was made by another AWS service

For more information, see the CloudTrail userIdentity Element in the AWS CloudTrail User Guide.