Logging and monitoring in Amazon Directory Service

As a best practice, monitor your organization to ensure that changes are logged. This helps you to ensure that any unexpected change can be investigated and unwanted changes can be rolled back. Amazon Directory Service currently supports the following two Amazon services so that you can monitor your organization and the activity that happens within it.

Amazon CloudWatch - You can use CloudWatch Events with the Amazon Managed Microsoft AD directory type. For more information, see Enable log forwarding. Additionally, you can use CloudWatch Metrics to monitor domain controller performance. For more information, see Use Amazon CloudWatch metrics to determine when to add domain controllers.
Amazon CloudTrail - You can use CloudTrail with all Amazon Directory Service directory types. For more information, see Logging Amazon Directory Service API calls with CloudTrail.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Authorizing and Deauthorizing Amazon applications and services

Compliance validation