Stopping CloudTrail from sending events to CloudWatch Logs - Amazon CloudTrail
Stop sending events to CloudWatch Logs (console)Stop sending events to CloudWatch Logs (CLI)
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Stopping CloudTrail from sending events to CloudWatch Logs

You can stop sending Amazon CloudTrail events to Amazon CloudWatch Logs by updating a trail to disable CloudWatch Logs settings.

Stop sending events to CloudWatch Logs (console)

To stop sending CloudTrail events to CloudWatch Logs

  1. Sign in to the Amazon Web Services Management Console and open the CloudTrail console at https://console.amazonaws.cn/cloudtrail/.

  2. In the navigation pane, choose Trails.

  3. Choose the name of the trail for which you want to disable CloudWatch Logs integration.

  4. In CloudWatch Logs, choose Edit.

  5. Clear the Enabled check box.

  6. Choose Save changes.

Stop sending events to CloudWatch Logs (CLI)

You can remove the CloudWatch Logs log group as a delivery endpoint by running the update-trail command. The following command clears the log group and role from the trail configuration by replacing the values for the log group ARN and CloudWatch Logs role ARN with empty values.

aws cloudtrail update-trail --name trail_name --cloud-watch-logs-log-group-arn="" --cloud-watch-logs-role-arn=""