Amazon CloudTrail - Getting Started with Amazon Web Services in China
Region AvailabilityFeature Availability and Implementation DifferencesGuides and ReferencesGeneral Information About Amazon Web Services in China
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon CloudTrail

With Amazon CloudTrail, you can monitor your Amazon deployments in the cloud by getting a history of Amazon API calls for your account, including API calls made via the Amazon Web Services Management Console, the Amazon SDKs, the command line tools, and higher-level Amazon services. You can also identify which users and accounts called Amazon APIs for services that support CloudTrail, the source IP address the calls were made from, and when the calls occurred. You can integrate CloudTrail into applications using the API, automate trail creation for your organization, check the status of your trails, and control how administrators turn CloudTrail logging on and off.

Region Availability

Amazon CloudTrail is available in the following regions in China:

  • Beijing Region

  • Ningxia Region

Feature Availability and Implementation Differences

The Amazon Web Services in China implementation of Amazon CloudTrail is unique in the following ways:

  • As of November 22, 2021, Amazon CloudTrail changed how trails capture Amazon CloudFront events. Now, Amazon CloudFront events are available only in the Region where the event was processed, the China (Ningxia) Region, cn-northwest-1. For trails monitoring global service events, be sure to convert single-Region trails in China (Beijing) Region, cn-north-1, to multi-Region trails, to include events from China (Ningxia) Region, cn-northwest-1. For more information, see Converting a trail that applies to one Region to apply to all Regions .

    In contrast, the Event history in the CloudTrail console and the aws cloudtrail lookup-events command will show Amazon CloudFront events in the Region where they occurred.

  • CloudTrail Lake is not currently available in China regions.

  • The option to add an Amazon Organizations delegated administrator using the console in the Amazon China Regions is not available. To add a delegated administrator, use the aws cloudtrail register-organization-delegated-admin command.

Guides and References

Amazon Web Services in China user guides are available in HTML and PDF, in both Chinese and English. API references are available in HTML and PDF. Some API references may be available only in English. Currently, not all API references are available in the Beijing and Ningxia Regions. Links to some API references will take you to the global Amazon Web Services site. Note that some features and functionality described in the guides and references may not be available in the current Amazon Web Services in China release.

General Information About Amazon Web Services in China

The following information applies to all Amazon Web Services that are available in the China Regions.

Amazon Web Services Accounts in the China Regions

To use services in the Beijing and Ningxia Regions, you need an account and credentials specific to each of those Regions.

  • Accounts and credentials for other Amazon Regions will not work for services operating in the Beijing and Ningxia Regions.

  • Accounts and credentials for the Beijing and Ningxia Regions will not work for other Amazon Regions.

  • For more information, see Signup, Accounts, and Credentials.

Domain for Amazon Web Services in China

The domain for Amazon Web Services in China is www.amazonaws.cn.

Endpoints & Amazon Resource Names (ARNs)

For information about endpoints and ARNs in Amazon Web Services in China, see Endpoints and ARNs for Amazon Web Services in China.

Availability Zones for the China Regions

  • In the Beijing Region, there are three Availability Zones.

  • In the Ningxia Region, there are three Availability Zones.

General Information for Amazon Web Services in China

The following applies to all Amazon Web Services that are available in the China Regions. For detailed information about specific Amazon Web Services, see the service-specific topic in this guide.

  • Amazon Identity and Access Management (IAM)

    • You can grant or deny a service access to resources using the Principal policy element.

    • Service principal values vary by Region.

  • EC2-Classic Platform

    • The EC2-Classic platform is not supported.

  • Free Usage Tier

    • The free usage tier is supported in the Ningxia Region.

    • The free usage tier is not supported in the Beijing Region.

Amazon Web Services Console

The console for Amazon Web Services in China is unique to China. The screenshots in the Amazon Web Services guides might differ from what you see on your console. For information about differences in service functionality, see the topics for each service in this guide.

Code Examples

The Amazon Web Services documentation might include endpoints and ARNs in code examples that are not specific to the Beijing and Ningxia Regions. When using examples, verify you are using the endpoints and ARNs for your Region.