AWS CloudTrail
User Guide (Version 1.0)

Viewing Events with CloudTrail Event History

You can troubleshoot operational and security incidents over the past 90 days in the CloudTrail console by viewing Event history. You can look up events related to creation, modification, or deletion of resources (such as IAM users or Amazon EC2 instances) in your AWS account on a per-region basis. Events can be viewed and downloaded by using the AWS CloudTrail console. You can customize the view of event history in the console by selecting which columns are displayed and which are hidden. You can programmatically look up events by using the AWS SDKs or AWS Command Line Interface.

This section describes how to look up events by using the CloudTrail console and the AWS CLI. It also describes how to download a file of events. For information on using the LookupEvents API to retrieve information from CloudTrail events, see the AWS CloudTrail API Reference.

For information on other ways to get and view CloudTrail log files, including those older than 90 days, see Getting and Viewing Your CloudTrail Log Files.