CloudTrail supported services and integrations
CloudTrail supports logging events for many AWS services. You can find the specifics for each supported service in that service's guide. Links to those service-specific topics are provided below. In addition, some AWS services can be used to analyze and act upon data collected in CloudTrail logs. You can browse an overview of those service integrations here.
To see the list of supported regions for each service, see Regions and Endpoints in the Amazon Web Services General Reference.
Topics
AWS service integrations with CloudTrail Logs
You can also use CloudTrail Lake to query and analyze your events. CloudTrail Lake queries offer a
deeper and more customizable view of events than simple key and value lookups in Event history,
or running LookupEvents. CloudTrail Lake users can run complex Standard Query Language (SQL) queries across multiple fields in a CloudTrail event. For more information, see
Working with AWS CloudTrail Lake and Copying trail events to CloudTrail
Lake.
CloudTrail Lake event data stores and queries incur CloudTrail charges. For more information about
CloudTrail Lake pricing, see AWS CloudTrail
Pricing
You can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following topics.
| AWS Service | Topic | Description |
|---|---|---|
| Amazon Athena | Querying AWS CloudTrail Logs | Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity. For example, you can use queries to identify trends and further isolate activity by attribute, such as source IP address or user. You can automatically create tables for querying logs directly from the CloudTrail console, and use those tables to run queries in Athena. For more information, see Creating a Table for CloudTrail Logs in the CloudTrail Console in the Amazon Athena User Guide. Running queries in Amazon Athena incurs additional costs. For more
information, see Amazon Athena Pricing. |
| Amazon CloudWatch Logs | Monitoring CloudTrail Log Files with Amazon CloudWatch Logs | You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs. For example, you can define CloudWatch Logs metric filters that will trigger CloudWatch alarms and send notifications to you when those alarms are triggered. Standard pricing for Amazon CloudWatch and Amazon CloudWatch Logs
applies. For more information, see Amazon
CloudWatch Pricing |
CloudTrail integration with Amazon EventBridge
Amazon EventBridge is an AWS service that delivers a near real-time stream of system events that describe changes in AWS resources. In EventBridge, you can create rules that responds to events recorded by CloudTrail. For more information, see Create a rule in Amazon EventBridge.
You can deliver events that you are subscribed to
on your trail to EventBridge. When you create a rule with the
EventBridge console, choose either the AWS API Call via CloudTrail event type to deliver CloudTrail data and management events, or the AWS Insight via CloudTrail event type to deliver Insights events.
Sending data that is logged by CloudTrail to EventBridge requires that you have at least one trail. For more information about how to create a trail, see Creating a Trail.
Events from API actions that start with the keywords List, Get, or
Describe are not processed by EventBridge, with the exception of events from the following STS actions:
GetFederationToken and GetSessionToken.
CloudTrail integration with AWS Organizations
The management account for an AWS Organizations organization can configure a delegated administrator to manage the organization's CloudTrail resources. You can create a trail in the management account or delegated administrator account for an organization that collects all event data for all AWS accounts in an organization in AWS Organizations. This is called an organization trail. Creating an organization trail helps you define a uniform event logging strategy for your organization. An organization trail is applied automatically to each AWS account in your organization. Users in member accounts can see these trails but cannot modify them, and by default cannot see the log files created for the organization trail. For more information, see Creating a trail for an organization.
AWS service topics for CloudTrail
You can learn more about how the events for individual AWS services are recorded in CloudTrail logs, including example events for that service in log files. For more information about how specific AWS services integrate with CloudTrail, see the topic about integration in the individual guide for that service.
