CloudTrail supported services and integrations
CloudTrail supports logging events for many AWS services. You can find the specifics for each supported service in that service's guide. Links to those service-specific topics are provided below. In addition, some AWS services can be used to analyze and act upon data collected in CloudTrail logs. You can browse an overview of those service integrations here.
Note
To see the list of supported Regions for each service, see Service endpoints and quotas in the Amazon Web Services General Reference.
Topics
AWS service integrations with CloudTrail logs
Note
You can also use CloudTrail Lake to query and analyze your events. CloudTrail Lake queries offer a
deeper and more customizable view of events than simple key and value lookups in Event history,
or running LookupEvents. CloudTrail Lake users can run complex Standard Query Language (SQL) queries across multiple fields in a CloudTrail event. For more information, see
Working with AWS CloudTrail Lake and Copying trail events to CloudTrail
Lake.
CloudTrail Lake event data stores and queries incur CloudTrail charges. For more information about
CloudTrail Lake pricing, see AWS CloudTrail
Pricing
You can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following topics.
| AWS Service | Topic | Description |
|---|---|---|
| Amazon Athena | Querying AWS CloudTrail Logs | Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity. For example, you can use queries to identify trends and further isolate activity by attribute, such as source IP address or user. You can automatically create tables for querying logs directly from the CloudTrail console, and use those tables to run queries in Athena. For more information, see Creating a Table for CloudTrail Logs in the CloudTrail Console in the Amazon Athena User Guide. NoteRunning queries in Amazon Athena incurs additional costs. For more
information, see Amazon Athena Pricing. |
| Amazon CloudWatch Logs | Monitoring CloudTrail Log Files with Amazon CloudWatch Logs | You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs. For example, you can define CloudWatch Logs metric filters that will trigger CloudWatch alarms and send notifications to you when those alarms are triggered. NoteStandard pricing for Amazon CloudWatch and Amazon CloudWatch Logs
applies. For more information, see Amazon
CloudWatch Pricing |
CloudTrail integration with Amazon EventBridge
Amazon EventBridge is an AWS service that delivers a near real-time stream of system events that describe changes in AWS resources. In EventBridge, you can create rules that responds to events recorded by CloudTrail. For more information, see Create a rule in Amazon EventBridge.
You can deliver events that you are subscribed to
on your trail to EventBridge. When you create a rule with the
EventBridge console, choose either the AWS API Call via CloudTrail detail-type to deliver CloudTrail data and management events, or the AWS Insight via CloudTrail detail-type to deliver Insights events.
To record events with a detail-type value of AWS API Call via CloudTrail, you must have an active trail
that is logging management or data events. For more information about how to create a trail, see Creating a trail.
To record events with a detail-type value of AWS Insight via CloudTrail, you must have an active trail that is logging Insights events.
For information about logging Insights events, see Logging Insights events.
Note
Events from API actions that start with the keywords List, Get, or
Describe are not processed by EventBridge, with the exception of events from the following STS actions:
GetFederationToken and GetSessionToken.
CloudTrail integration with AWS Organizations
The management account for an AWS Organizations organization can add a delegated administrator to manage the organization's CloudTrail resources. You can create an organization trail or organization event data store in the management account or delegated administrator account for an organization that collects all event data for all AWS accounts in an organization in AWS Organizations. Creating an organization trail helps you define a uniform event logging strategy for your organization.
An organization trail is applied automatically to each AWS account in your organization. Users in member accounts can see these trails but cannot modify them, and by default cannot see the log files created for the organization trail. For more information, see Creating a trail for an organization.
AWS service topics for CloudTrail
You can learn more about how the events for individual AWS services are recorded in CloudTrail logs, including example events for that service in log files. For more information about how specific AWS services integrate with CloudTrail, see the topic about integration in the individual guide for that service.
Services that are still in preview, or not yet released for general availability (GA), or which don't have public APIs, are not considered supported. CloudTrail does not currently log Amazon VPC endpoint policy-specific events.
Note
To see the list of supported Regions for each service, see Service endpoints and quotas in the Amazon Web Services General Reference.
For information about which services log data events, see Data events.
