Amazon service events delivered via Amazon CloudTrail - Amazon EventBridge
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon service events delivered via Amazon CloudTrail

Amazon CloudTrail is a service that automatically records events such as Amazon API calls. You can create EventBridge rules that use the information from CloudTrail. For more information about CloudTrail, see What is Amazon CloudTrail?.

CloudTrail sends the following types of events to the default EventBridge event bus. In each case, the detail-type value of the event is the listed event type:

  • AWS API Call via CloudTrail

    Events that represent a request to a public Amazon service API.

    For more information, see Understanding CloudTrail events in the Amazon CloudTrail User Guide.

  • AWS Console Signin via CloudTrail

    Attempts to sign in to the Amazon Management Console, the Amazon Discussion Forums, and the Amazon Support Center.

    For more information, see Amazon Management Console sign-in events in the Amazon CloudTrail User Guide.

  • AWS Console Action via CloudTrail

    Actions that were taken in the console that were not an API calls.

    For more information, see Amazon Management Console sign-in events in the Amazon CloudTrail User Guide.

  • AWS Service Event via CloudTrail

    Events created by Amazon services but are not directly triggered by a request to a public Amazon service API.

    For more information, see Amazon service events in the Amazon CloudTrail User Guide.

  • AWS Insight via CloudTrail

    Insights events are triggered by CloudTrail when customer enables the CloudTrail Insight feature.

    For more information, see CloudTrail Insights in the Amazon CloudTrail User Guide.

To record events with one of the CloudTrail detail-type values, you must enable a CloudTrail trail with logging. For more information, see Working with CloudTrail trails in the Amazon CloudTrail User Guide.

Some occurrences in Amazon services can be reported to EventBridge both by the service itself and by CloudTrail. For example, an Amazon EC2 API call that starts an instance generates multiple events:

  • EC2 Instance State-change Notification events sent directly from Amazon EC2 to EventBridge, as the instance enters the pending and then running states. For example:

    {
    . . . 
   "detail-type":"EC2 Instance State-change Notification",
   "source":"aws.ec2",
    . . . 
   "detail":{
      "instance-id":"i-abcd1111",
      "state":"pending"
   }
}

  • An AWS API Call via CloudTrail event sent from CloudTrail to EventBridge that represents the API call itself. For example:

    {
    . . . 
   "detail-type":"AWS API Call via CloudTrail",
   "source":"aws.ec2",
    . . . 
   ],
  "detail": {
    "eventSource": "ec2.amazonaws.com",
    "eventName": "StartInstances"
    }
}
Note

If you use a Put*Events API call event as the basis for creating an event pattern, make sure the final event pattern does not exceed 256 KB. The maximum size of any Put*Events requests is 256 KB. For more information, see .

For more information about the services that CloudTrail supports, see CloudTrail supported services and integrations in the CloudTrail User Guide.