AWS CloudTrail event names supported by AWS Audit Manager
You can capture AWS CloudTrail management events and global service events as evidence in Audit Manager. To do this, you specify the CloudTrail event name as a data source mapping when you create a custom control.
As an exception to the above, the following three CloudTrail events aren't supported by Audit Manager:
-
kms_GenerateDataKey
-
kms_Decrypt
-
sts_AssumeRole
Audit Manager captures management events and global service events only. Data events and insights events are not available as evidence. For more information about the different types of CloudTrail events, see CloudTrail concepts in the AWS CloudTrail User Guide.
For instructions on how to view CloudTrail events, see Viewing Events with CloudTrail Event History in the AWS CloudTrail User Guide.