Types of events that CloudTrail can log.
Read-only events include API operations that read your resources, but don’t make changes.
For example, read-only events include the Amazon EC2 DescribeSecurityGroups and DescribeSubnets API operations.
Write-only events include API operations that modify (or might modify) your resources.
For example, the Amazon EC2 RunInstances and TerminateInstances API operations modify your instances.