Logging QuickSight information with AWS CloudTrail

Intended audience: System administrators

CloudTrail is enabled on your AWS account when you create the account. When supported event activity occurs in Amazon QuickSight, that activity is recorded in a CloudTrail event along with other AWS service events in Event history. You can view, search, and download recent events in your AWS account. For more information, see Viewing Events with CloudTrail Event History.

For an ongoing record of events in your AWS account, including events for Amazon QuickSight, create a trail. A trail enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following:

Overview for Creating a Trail
CloudTrail Supported Services and Integrations
Configuring Amazon SNS Notifications for CloudTrail
Receiving CloudTrail Log Files from Multiple Regions and Receiving CloudTrail Log Files from Multiple Accounts
Cross-Account CloudTrail Logging in the AWS Lake Formation Developer Guide Guide – This topic includes instructions for including principal identities in cross-account CloudTrail logs.

Amazon QuickSight supports logging the following actions as events in CloudTrail log files:

Whether the request was made with root or AWS Identity and Access Management user credentials
Whether the request was made with temporary security credentials for an IAM role or federated user
Whether the request was made by another AWS service

For more information on user identity, see the CloudTrail userIdentity Element.

By default, each Amazon QuickSight log entry contains the following information:

userIdentity – User identity
eventTime – Event time
eventId – Event Id
readOnly – Read only
awsRegion – AWS Region
eventSource (quicksight) – Source of the event (Amazon QuickSight)
eventType (AwsServiceEvent) – Event type (AWS service event)
recipientAccountId (customer AWS account) – Recipient account ID (Customer AWS account)

Note

CloudTrail displays users as unknown if they were provisioned by Amazon QuickSight. This display is because these users aren't a known IAM identity type.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Incident response, logging, and monitoring

Tracking non-API events by using CloudTrail logs