Log and monitor in Amazon EventBridge
Amazon EventBridge works with Amazon CloudTrail, a service that records actions from Amazon services. CloudTrail captures API calls made by or on behalf of your Amazon account from the EventBridge console and to EventBridge API operations.
Using the information collected by CloudTrail, you can determine what request was made to EventBridge, the IP address from which the request was made, who made the request, when it was made, and more.
For more information about CloudTrail, see the Amazon CloudTrail User Guide.
EventBridge information in CloudTrail
CloudTrail is enabled on your Amazon account when you create your account. When an event occurs in EventBridge, CloudTrail records the event in Event history. You can view, search, and download recent events in your Amazon account. For more information, see Viewing Events with CloudTrail Event History.
For a record of events in your Amazon account, including events for EventBridge, create a trail. A trail is a configuration that CloudTrail uses to deliver log files to an Amazon S3 bucket. By default, the trail logs events from all Regions in the Amazon partition and then delivers the log files to an S3 bucket. You can configure other Amazon services to analyze and act on the event data collected in CloudTrail logs. For more information, see the following:
You can log the following EventBridge actions as events in CloudTrail log files:
Every event and log entry contains information about who generated the entry. You can use this information to determine the following:
-
Whether the request was made with root or Amazon Identity and Access Management (IAM) user credentials.
-
Whether the request was made with temporary security credentials for a role or federated user.
-
Whether the request was made by another Amazon service.
For more information, see the CloudTrail userIdentity Element.
Example: EventBridge log file entries
A trail is a configuration that CloudTrail uses to deliver events as log files to an Amazon S3 bucket. CloudTrail log files contain log entries. An event represents a log entry, and it includes information about the requested action, the date and time of the action, and request parameters.
CloudTrail log files don't appear in any specific order.
The following CloudTrail log file entry shows that a user called the EventBridge PutRule action.
{ "eventVersion":"1.03", "userIdentity":{ "type":"Root", "principalId":"123456789012", "arn":"arn:aws:iam::123456789012:root", "accountId":"123456789012", "accessKeyId":"AKIAIOSFODNN7EXAMPLE", "sessionContext":{ "attributes":{ "mfaAuthenticated":"false", "creationDate":"2015-11-17T23:56:15Z" } } }, "eventTime":"2015-11-18T00:11:28Z", "eventSource":"events.amazonaws.com", "eventName":"PutRule", "awsRegion":"us-east-1", "sourceIPAddress":"Amazon Internal", "userAgent":"Amazon CloudWatch Console", "requestParameters":{ "description":"", "name":"cttest2", "state":"ENABLED", "eventPattern":"{\"source\":[\"aws.ec2\"],\"detail-type\":[\"EC2 Instance State-change Notification\"]}", "scheduleExpression":"" }, "responseElements":{ "ruleArn":"arn:aws:events:us-east-1:123456789012:rule/cttest2" }, "requestID":"e9caf887-8d88-11e5-a331-3332aa445952", "eventID":"49d14f36-6450-44a5-a501-b0fdcdfaeb98", "eventType":"AwsApiCall", "apiVersion":"2015-10-07", "recipientAccountId":"123456789012" }