Auditing and logging Change Manager activity - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Auditing and logging Change Manager activity

You can audit activity in Change Manager, a capability of Amazon Systems Manager, by using Amazon CloudWatch and Amazon CloudTrail alarms.

For more information about auditing and logging options for Systems Manager, see Monitoring Amazon Systems Manager.

Audit Change Manager activity using CloudWatch alarms

You can configure and assign a CloudWatch alarm to a change template. If any conditions defined in the alarm are met, the actions specified for the alarm are taken. In the alarm configuration, you can specify an Amazon Simple Notification Service (Amazon SNS) topic to notify when an alarm condition is met.

For information about creating a Change Manager template, see Working with change templates.

For information about creating CloudWatch alarms, see Using CloudWatch Alarms in the Amazon CloudWatch User Guide.

Audit Change Manager activity using CloudTrail

CloudTrail captures API calls made in the Systems Manager console, the Amazon Command Line Interface (Amazon CLI), and the Systems Manager SDK. You can view the information in the CloudTrail console or in an Amazon Simple Storage Service (Amazon S3) bucket, where it's stored. One bucket is used for all CloudTrail logs for your account.

Logs of Change Manager actions show change template document creation, change template and change request approvals and rejections, activity generated by Automation runbooks, and more. For more information about viewing and using CloudTrail logs of Systems Manager activity, see Logging Amazon Systems Manager API calls with Amazon CloudTrail.