Monitoring your change request events
After turning on integration with AWS CloudTrail Lake and creating an event data store, you can view auditable details about the change requests that are run in your account or organization. This includes details such as the following:
-
The identity of the user that initiated the change request
-
The AWS Regions where the changes were made
-
The source IP address for the request
-
The AWS access key used for the request
-
The API actions run for the change request
-
The request parameters included for those actions
-
The resources updated during the process
The following are samples of event details you can view for a change request after creating the event data store in AWS CloudTrail Lake.
Important
If you're using Change Manager for an organization, you can complete the following procedure while signed in to either the management account or the delegated administrator account for Change Manager.
However, to use the delegated administrator account to complete these steps, the same delegated administrator account must be specified for both CloudTrail and Change Manager.
When you sign in to the management account for Change Manager, you can add or change the
delegated administrator account for CloudTrail on the CloudTrail Settings
To turn on CloudTrail Lake event tracking from Change Manager
Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/
. In the navigation pane, choose Change Manager.
-
Choose the Requests tab.
-
Choose any existing change request, and then choose the Associated events tab.
-
Choose Enable CloudTrail Lake.
-
Follow the steps in Create an event data store for CloudTrail events in the AWS CloudTrail User Guide.
To ensure that event data for your change requests is stored, make the following selections as you complete the procedure:
-
For Event type, leave the defaults AWS events and CloudTrail events selected.
-
If you're using Change Manager with an organization, select Enable for all accounts in my organization.
-
For Management events, do not clear the Write check box.
Other options you choose when creating your event data store don't affect the storage of event data for your change requests.
-