Feature in S3 Protection - Amazon GuardDuty
Amazon CloudTrail data events for S3
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Feature in S3 Protection

Amazon CloudTrail data events for S3

Data events, also known as data plane operations, provide insight into the resource operations performed on or within a resource. They are often high-volume activities.

The following are examples of CloudTrail data events for S3 that GuardDuty can monitor:

  • GetObject API operations

  • PutObject API operations

  • ListObjects API operations

  • DeleteObject API operations

When you enable GuardDuty for the first time, S3 Protection is enabled by default and is also included in the 30-day free trial period. However, this feature is optional and you can choose to enable or disable it for any account or Region at any time. For more information about configuring Amazon S3 as a feature, see GuardDuty S3 Protection.