Service-linked channels - Amazon CloudTrail
Viewing service-linked channels by using the consoleViewing service-linked channels by using the Amazon CLI
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Service-linked channels

Amazon services can create a service-linked channel to receive CloudTrail events on your behalf. The Amazon service creating the service-linked channel configures advanced event selectors for the channel and specifies whether the channel applies to all Amazon Web Services Regions, or a single Amazon Web Services Region.

Viewing service-linked channels by using the console

Using the CloudTrail console, you can view information about any CloudTrail service-linked channels created by Amazon services. The table is empty if your account does not have any service-linked channels.

Use the following procedure to view information about a service-linked channel.

  1. Choose Settings in the left navigation pane of the CloudTrail console.

  2. From Service-linked channels, choose a service-linked channel to view its details.

  3. On the details page, review the configured settings for the service-linked channel.

    You can view the following information on the details page.

    • Channel name - The full name of the channel. The channel name format is aws-service-channel/Amazon_service_name/slc where Amazon_service_name represents the name of the Amazon service that manages the channel.

    • Channel ARN - The ARN of the channel, which you can use in a API request to get details about the channel.

    • All regions - The value is Yes if the channel is configured for all Amazon Web Services Regions.

    • Amazon service - The name of the Amazon service managing the channel.

    • Management events - Shows any management events configured for the channel.

    • Data events - Shows any data events configured for the channel.

Viewing service-linked channels by using the Amazon CLI

Using the Amazon CLI, you can view information about any CloudTrail service-linked channels created by Amazon services.

Get a CloudTrail service-linked channel

The following example Amazon CLI command returns information about a specific CloudTrail service-linked channel, including the name of the destination Amazon service, any advanced selectors configured for the channel, and whether the channel applies to all Regions or a single Region.

You must specify an ARN or the ID suffix of an ARN for --channel.

aws cloudtrail get-channel --channel EXAMPLE-ee54-4813-92d5-999aeEXAMPLE

The following is an example response. In this example, Amazon_service_name represents the name of the Amazon service that created the channel.

{
    "ChannelArn": "arn:aws:cloudtrail:us-east-1:111122223333:channel/EXAMPLE-ee54-4813-92d5-999aeEXAMPLE",
    "Name": "aws-service-channel/Amazon_service_name/slc",
    "Source": "CloudTrail",
    "SourceConfig": {
        "ApplyToAllRegions": false,
        "AdvancedEventSelectors": [
            {
                "Name": "Management Events Only",
                "FieldSelectors": [
                    {
                        "Field": "eventCategory",
                        "Equals": [
                            "Management"
                        ]
                    }
                ]
            }
        ]
    },
    "Destinations": [
        {
            "Type": "Amazon_SERVICE",
            "Location": "Amazon_service_name"
        }
    ]
}

List all CloudTrail service-linked channels

The following example Amazon CLI command returns information about all CloudTrail service-linked channels that were created on your behalf. Optional parameters include --max-results, to specify a maximum number of results that you want the command to return on a single page. If there are more results than your specified --max-results value, run the command again adding the returned NextToken value to get the next page of results.

aws cloudtrail list-channels

The following is an example response. In this example, Amazon_service_name represents the name of the Amazon service that created the channel.

{
    "Channels": [
        {
            "ChannelArn": "arn:aws:cloudtrail:us-east-1:111122223333:channel/EXAMPLE-ee54-4813-92d5-999aeEXAMPLE",
            "Name": "aws-service-channel/Amazon_service_name/slc"
        }
    ]
}

Amazon service events on service-linked channels

The Amazon service managing the service-linked channel can initiate actions on the service-linked channel (for example, creating or updating a service-linked channel). CloudTrail logs these actions as Amazon service events, and delivers these events to the Event history, and any active trails and event data stores configured for management events. For these events, the eventType field is AwsServiceEvent.

The following is an example log file entry of an Amazon service event for creation of a service-linked channel. 

{
   "eventVersion":"1.08",
   "userIdentity":{
      "accountId":"111122223333",
      "invokedBy":"AWS Internal"
   },
   "eventTime":"2022-08-18T17:11:22Z",
   "eventSource":"cloudtrail.amazonaws.com",
   "eventName":"CreateServiceLinkedChannel",
   "awsRegion":"us-east-1",
   "sourceIPAddress":"AWS Internal",
   "userAgent":"AWS Internal",
   "requestParameters":null,
   "responseElements":null,
   "requestID":"564f004c-EXAMPLE",
   "eventID":"234f004b-EXAMPLE",
   "readOnly":false,
   "resources":[
      {
         "accountId":"184434908391",
         "type":"AWS::CloudTrail::Channel",
         "ARN":"arn:aws:cloudtrail:us-east-1:111122223333:channel/7944f0ec-EXAMPLE"
      }
   ],
   "eventType":"AwsServiceEvent",
   "managementEvent":true,
   "recipientAccountId":"111122223333",
   "eventCategory":"Management"
}