CloudTrail supported services and integrations
CloudTrail supports logging events for many Amazon Web Services services. You can find the specifics for each supported service in that service's guide. For a list of service-specific topics, see Amazon service topics for CloudTrail. In addition, some Amazon Web Services services can be used to analyze and act upon data collected in CloudTrail logs.
Note
To see the list of supported Regions for each service, see Service endpoints and quotas in the Amazon Web Services General Reference.
Topics
Amazon service integrations with CloudTrail logs
You can configure other Amazon services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following topics.
Amazon Service | Topic | Description |
---|---|---|
Amazon Athena | Querying Amazon CloudTrail Logs | Using Athena with CloudTrail logs is a powerful way to enhance your analysis of Amazon service activity. For example, you can use queries to identify trends and further isolate activity by attribute, such as source IP address or user. You can automatically create tables for querying logs directly from the CloudTrail console, and use those tables to run queries in Athena. For more information, see Creating a Table for CloudTrail Logs in the CloudTrail Console in the Amazon Athena User Guide. NoteRunning queries in Amazon Athena incurs additional costs. For more
information, see Amazon Athena Pricing. |
Amazon CloudWatch Logs | Monitoring CloudTrail Log Files with Amazon CloudWatch Logs | You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs. For example, you can define CloudWatch Logs metric filters that will trigger CloudWatch alarms and send notifications to you when those alarms are triggered. NoteStandard pricing for Amazon CloudWatch and Amazon CloudWatch Logs
applies. For more information, see Amazon
CloudWatch Pricing |
CloudTrail integration with Amazon EventBridge
Amazon EventBridge is an Amazon service that delivers a near real-time stream of system events that describe changes in Amazon resources. In EventBridge, you can create rules that responds to events recorded by CloudTrail. For more information, see Create a rule in Amazon EventBridge.
You can deliver events that you are subscribed to on your trail to EventBridge by creating a rule with the EventBridge console.
From the EventBridge console:
-
Choose the
Amazon API Call via CloudTrail
detail-type to deliver CloudTrail data and management events with aneventType
ofAwsApiCall
. To record events with a detail-type value ofAmazon API Call via CloudTrail
, you must have a trail that is currently logging management or data events. -
Choose the
Amazon Console Sign In via CloudTrail
detail-type to deliver Amazon Web Services Management Console sign-in events. To record events with a detail-type ofAmazon Console Sign In via CloudTrail
, you must have a trail that is currently logging management events. -
Choose the
Amazon Insight via CloudTrail
detail-type to deliver Insights events. To record events with a detail-type value ofAmazon Insight via CloudTrail
, you must have a trail that is currently logging Insights events. For information about logging Insights events, see Logging Insights events.
For more information about how to create a trail, see Creating a trail with the CloudTrail console.
CloudTrail integration with Amazon Organizations
The management account for an Amazon Organizations organization can add a delegated administrator to manage the organization's CloudTrail resources. You can create an organization trail or organization event data store in the management account or delegated administrator account for an organization that collects all event data for all Amazon accounts in an organization in Amazon Organizations. Creating an organization trail helps you define a uniform event logging strategy for your organization.
An organization trail is applied automatically to each Amazon account in your organization. Users in member accounts can see these trails but cannot modify them, and by default cannot see the log files created for the organization trail. For more information, see Creating a trail for an organization.
Amazon service topics for CloudTrail
You can learn more about how the events for individual Amazon services are recorded in CloudTrail logs, including example events for that service in log files. For more information about how specific Amazon services integrate with CloudTrail, see the topic about integration in the individual guide for that service.
Services that are still in preview, or not yet released for general availability (GA), or which don't have public APIs, are not considered supported.
Note
To see the list of supported Regions for each service, see Service endpoints and quotas in the Amazon Web Services General Reference.
For information about which services log data events, see Data events.
CloudTrail unsupported services
Services that are still in preview, or not yet released for general availability (GA), or which don't have public APIs, are not considered supported.
Additionally, the following Amazon services and events are not supported:
-
Amazon Import/Export
For a list of supported Amazon services, see Amazon service topics for CloudTrail.