Logging and Monitoring AWS Supply Chain - AWS Supply Chain
AWS Supply Chain data events in CloudTrailAWS Supply Chain management events in CloudTrail

Logging and Monitoring AWS Supply Chain

Logging and Monitoring is an important part of maintaining the reliability, availability, and performance of AWS Supply Chain and your other AWS solutions. AWS provides the AWS CloudTrail monitoring tool to watch AWS Supply Chain, report when something is wrong, and take automatic actions when appropriate.

Note

APIs called only from the AWS Supply Chain console are captured in AWS CloudTrail.

AWS CloudTrail captures API calls and related events made by or on behalf of your AWS account and delivers the log files to an Amazon S3 bucket that you specify. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. You can view the AWS Supply Chain events under scn.amazonaws.com. For more information, see the AWS CloudTrail User Guide.

Note

Note the following with AWS Supply Chain:

  • When you invite users that don't have access to AWS Supply Chain, these users don't receive information in the notifications that they receive from the web application. Invited users receive an email notification with a link to the web application. They can only log in and view the content in the notification if they have the required user permissions.

  • All users with or without user permissions to a particular Insight can view the Insights chat messages.

  • As an application admin, when you are add users to the AWS Supply Chain instance, they have access to the AWS KMS key. You can manage the user permissions to add or remove users. For more information on user permissions, see User permission roles.

AWS Supply Chain data events in CloudTrail

Note

The web application APIs listed under are listed in the data events in CloudTrail.

Data events provide information about the resource operations performed on or in a resource (for example, reading or writing to an Amazon S3 object). These are also known as data plane operations. Data events are often high-volume activities. By default, CloudTrail doesn’t log data events. The CloudTrail Event history doesn't record data events.

Additional charges apply for data events. For more information about CloudTrail pricing, see AWS CloudTrail Pricing.

You can log data events for the AWS Supply Chain resource types by using the CloudTrail console, AWS CLI, or CloudTrail API operations.

  • To log data events using the CloudTrail console, create a trail or event data store to log data events, or update an existing trail or event data store to log data events.

    1. Choose Data events to log data events.

    2. From the Data event type list, choose the resource type for which you want to log data events.

    3. Choose the log selector template you want to use. You can log all data events for the resource type, log all readOnly events, log all writeOnly events, or create a custom log selector template to filter on the readOnly, eventName, and resources.ARN fields.

  • To log data events using the AWS CLI, configure the --advanced-event-selectors parameter to set the eventCategory field equal to Data and the resources.type field equal to the resource type value . You can add conditions to filter on the values of the readOnly, eventName, and resources.ARN fields.

*You can configure advanced event selectors to filter on the eventName, readOnly, and resources.ARN fields to log only those events that are important to you. For more information about these fields, see AdvancedFieldSelector.

AWS Supply Chain management events in CloudTrail

Management events provide information about management operations that are performed on resources in your AWS account. These are also known as control plane operations. By default, CloudTrail logs management events.

AWS Supply Chain logs all control plane operations to CloudTrail as management events.