Logging Amazon Honeycode API Calls with AWS CloudTrail - Amazon Honeycode

Logging Amazon Honeycode API Calls with AWS CloudTrail

Amazon Honeycode APIs are integrated with AWS CloudTrail, a service that records all API calls and events for AWS accounts. CloudTrail is enabled when you create an AWS account.

Using the information recorded by CloudTrail, you can identify trends and further isolate activity by attributes, such as what API call was made, when, who made the request, and the IP address.

To learn more about CloudTrail, see the AWS CloudTrail User Guide

Honeycode activity in CloudTrail

When API activity occurs in Amazon Honeycode apps, the activity is recorded in a CloudTrail event. You can view, search, and download recent events in your AWS account.

For an ongoing record of events in Amazon Honeycode, as well as your other AWS accounts, you can create a trail. A trail enables CloudTrail to continuously deliver events as log files to an Amazon S3 bucket.

All Amazon Honeycode API actions are logged by CloudTrail. For example, any calls to the GetScreenData or InvokeScreenAutomation actions generate entries in the CloudTrail log files.

Every event or log entry contains information about who generated the request. The identity information helps you determine:

  • Whether the request was made with root or AWS IAM user credentials

  • Whether the request was made with temporary security credentials for a role or federated user

  • Whether the request was made by another AWS service

For more information, see the CloudTrail userIdentity Element .

If you don't configure a trail, you can still view the most recent events in the CloudTrail console's event history. For more information, see Viewing Events with CloudTrail Event History .

Honeycode log files on CloudTrail

CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the Amazon Honeycode API calls, so they won't appear in any specific order.

The following example shows a CloudTrail log entry of the GetScreenData action.

{ "awsRegion": "us-west-2", "eventID": "3b61e597-4bf1-4c17-aac5-70440468f7d9", "eventName": "GetScreenData", "eventSource": "honeycode.amazonaws.com", "eventTime": "2020-05-21T07:07:39Z", "eventType": "AwsApiCall", "eventVersion": "1.05", "readOnly": true, "recipientAccountId": "123456789012", "requestID": "73ae2ce0-214b-4dc8-9378-a7a2e2d7aa4e", "requestParameters": { "appId": "9507a45a-8e7c-4b9b-bdc7-80c29b5ee3e2", "maxResults": 10, "screenId": "44e50421-8b7c-4074-a6bd-ba5d581ab020", "variables": "***", "workbookId": "cf8aff9e-3aa3-45e4-b60e-1512a2fa462c" }, "responseElements": null, "sourceIPAddress": "12.345.67.890", "userAgent": "Jersey/${project.version} (HttpUrlConnection 1.8.0_201)", "userIdentity": { "accessKeyId": "ACESSKEYIDEXAMPLE12", "accountId": "123456789012", "arn": "arn:aws:sts::123456789012:assumed-role/honeycode-full-access/HoneycodeTests-cf9c31ee-dcfd-439c-9ba0-8bb68766bcfe", "principalId": "PRINCIPALIDEXAMPLE1234:HoneycodeTests-cf9c31ee-dcfd-439c-9ba0-8bb68766bcfe", "sessionContext": { "attributes": { "creationDate": "2020-05-21T07:07:39Z", "mfaAuthenticated": "false" }, "sessionIssuer": { "accountId": "123456789012", "arn": "arn:aws:iam::123456789012:role/honeycode-full-access", "principalId": "PRINCIPALIDEXAMPLE1234", "type": "Role", "userName": "honeycode-full-access" }, "webIdFederationData": {} }, "type": "AssumedRole" } }

Similarly, the following example shows a CloudTrail log entry of the InvokeScreenAutomation action.

{ "awsRegion": "us-west-2", "eventID": "30c82beb-4d38-41ef-9dd2-961ed827412a", "eventName": "InvokeScreenAutomation", "eventSource": "honeycode.amazonaws.com", "eventTime": "2020-05-21T07:07:29Z", "eventType": "AwsApiCall", "eventVersion": "1.05", "readOnly": false, "recipientAccountId": "123456789012", "requestID": "18e22c8a-495c-4c0f-b3d3-e308541baef5", "requestParameters": { "appId": "5c132f99-d482-45be-b4f5-6deaf8067d0a", "automationId": "124bb3c9-8ab3-4d39-b380-6a43b63dc666", "clientRequestToken": "c5f201b9-76ed-4329-bb46-d4a6cc4fc638", "rowId": "row:6655a2f2-1e70-45a9-86ec-4d3c63d443b6/f9b70edb-486a-36b4-b72b-89df6f92be44", "screenAutomationId": "124bb3c9-8ab3-4d39-b380-6a43b63dc666", "screenId": "d2d4b6c6-c5e4-45fc-b342-019132ffb4f8", "variables": "***", "workbookId": "aa34dd68-2077-440e-abca-470deef13e9b" }, "responseElements": { "workbookCursor": 815985817 }, "sourceIPAddress": "54.244.61.237", "userAgent": "Jersey/${project.version} (HttpUrlConnection 1.8.0_201)", "userIdentity": { "accessKeyId": "ACESSKEYIDEXAMPLE12", "accountId": "123456789012", "arn": "arn:aws:sts::123456789012:assumed-role/honeycode-full-access/HoneycodeTests-3941fe61-25ee-4df1-ba85-411bb7e01472", "principalId": "PRINCIPALIDEXAMPLE1234:HoneycodeTests-3941fe61-25ee-4df1-ba85-411bb7e01472", "sessionContext": { "attributes": { "creationDate": "2020-05-21T07:07:26Z", "mfaAuthenticated": "false" }, "sessionIssuer": { "accountId": "123456789012", "arn": "arn:aws:iam::123456789012:role/honeycode-full-access", "principalId": "PRINCIPALIDEXAMPLE1234", "type": "Role", "userName": "honeycode-full-access" }, "webIdFederationData": {} }, "type": "AssumedRole" } }

More AWS CloudTrail resources

Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: