# What Is AWS CloudTrail?
<a name="cloudtrail-user-guide"></a>

AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

CloudTrail provides three ways to record events:
+ **Event history** – The **Event history** provides a viewable, searchable, downloadable, and immutable record of the past 90 days of management events in an AWS Region. You can search events by filtering on a single attribute. You automatically have access to the **Event history** when you create your account. For more information, see [Working with CloudTrail event history](view-cloudtrail-events.md).

  There are no CloudTrail charges for viewing the **Event history**.
+ **CloudTrail Lake** – [AWS CloudTrail Lake](cloudtrail-lake.md) is a managed data lake for capturing, storing, accessing, and analyzing user and API activity on AWS for audit and security purposes. CloudTrail Lake converts existing events in row-based JSON format to [ Apache ORC](https://orc.apache.org/) format. ORC is a columnar storage format that is optimized for fast retrieval of data. Events are aggregated into *event data stores*, which are immutable collections of events based on criteria that you select by applying advanced event selectors. You can keep the event data in an event data store for up to 3,653 days (about 10 years) if you choose the **One-year extendable retention pricing** option, or up to 2,557 days (about 7 years) if you choose the **Seven-year retention pricing** option. You can create an event data store for a single AWS account or for multiple AWS accounts by using AWS Organizations. You can import any existing CloudTrail logs from your S3 buckets into an existing or new event data store. You can also visualize top CloudTrail event trends with [Lake dashboards](lake-dashboard.md). For more information, see [Working with AWS CloudTrail Lake](cloudtrail-lake.md).

  CloudTrail Lake event data stores and queries incur charges. When you create an event data store, you choose the [pricing option](cloudtrail-lake-manage-costs.md#cloudtrail-lake-manage-costs-pricing-option) you want to use for the event data store. The pricing option determines the cost for ingesting and storing events, and the default and maximum retention period for the event data store. When you run queries in Lake, you pay based upon the amount of data scanned. For information about CloudTrail pricing and managing Lake costs, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/) and [Managing CloudTrail Lake costs](cloudtrail-lake-manage-costs.md).
+ **Trails** – *Trails* capture a record of AWS activities, delivering and storing these events in an Amazon S3 bucket, with optional delivery to [CloudWatch Logs](send-cloudtrail-events-to-cloudwatch-logs.md) and [Amazon EventBridge](cloudtrail-aws-service-specific-topics.md#cloudtrail-aws-service-specific-topics-eventbridge). You can input these events into your security monitoring solutions. You can also use your own third-party solutions or solutions such as Amazon Athena to search and analyze your CloudTrail logs. You can create trails for a single AWS account or for multiple AWS accounts by using AWS Organizations. You can [log Insights events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html) to analyze your management events for anomalous behavior in API call rates and error rates. For more information, see [Creating a trail for your AWS account](cloudtrail-create-and-update-a-trail.md).

  You can deliver one copy of your ongoing management events to your S3 bucket at no charge from CloudTrail by creating a trail, however, there are Amazon S3 storage charges. For more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). For information about Amazon S3 pricing, see [Amazon S3 Pricing](https://aws.amazon.com/s3/pricing/).

Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure. You can identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. 

You can integrate CloudTrail into applications using the API, automate trail or event data store creation for your organization, check the status of event data stores and trails you create, and control how users view CloudTrail events.

## Accessing CloudTrail
<a name="cloudtrail-accessing"></a>

You can work with CloudTrail in any of the following ways.

**Topics**
+ [

### CloudTrail console
](#cloudtrail-accessing-console)
+ [

### AWS CLI
](#cloudtrail-accessing-cli)
+ [

### CloudTrail APIs
](#cloudtrail-accessing-api)
+ [

### AWS SDKs
](#cloudtrail-accessing-sdk)

### CloudTrail console
<a name="cloudtrail-accessing-console"></a>

Sign in to the AWS Management Console and open the CloudTrail console at [https://console.aws.amazon.com/cloudtrail/](https://console.aws.amazon.com/cloudtrail/).

The CloudTrail console provides a user interface for performing many CloudTrail tasks such as:
+ Viewing recent events and event history for your AWS account.
+ Downloading a filtered or complete file of the last 90 days of management events from **Event history**.
+ Creating and editing CloudTrail trails.
+ Creating and editing CloudTrail Lake event data stores.
+ Running queries on event data stores.
+ Configuring CloudTrail trails, including: 
  + Selecting an Amazon S3 bucket for trails.
  + Setting a prefix.
  + Configuring delivery to CloudWatch Logs.
  + Using AWS KMS keys for encryption of trail data.
  + Enabling Amazon SNS notifications for log file delivery on trails.
  + Adding and managing tags for your trails.
+ Configuring CloudTrail Lake event data stores, including:
  + Integrating event data stores with CloudTrail partners or with your own applications, to log events from sources outside of AWS.
  + Federating event data stores to run queries from Amazon Athena.
  + Using AWS KMS keys for encryption of event data store data.
  + Adding and managing tags for your event data stores.

For more information about the AWS Management Console, see [AWS Management Console](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/learn-whats-new.html).

### AWS CLI
<a name="cloudtrail-accessing-cli"></a>

The AWS Command Line Interface is a unified tool that you can use to interact with CloudTrail from the command line. For more information, see the [AWS Command Line Interface User Guide](https://docs.aws.amazon.com/cli/latest/userguide/). For a complete list of CloudTrail CLI commands, see [cloudtrail](https://docs.aws.amazon.com/cli/latest/reference/cloudtrail/) and [cloudtrail-data](https://docs.aws.amazon.com/cli/latest/reference/cloudtrail-data/) in the *AWS CLI Command Reference*.

### CloudTrail APIs
<a name="cloudtrail-accessing-api"></a>

In addition to the console and the CLI, you can also use the CloudTrail RESTful APIs to program CloudTrail directly. For more information, see the [AWS CloudTrail API Reference](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/Welcome.html) and the [CloudTrail-Data API Reference](https://docs.aws.amazon.com/awscloudtraildata/latest/APIReference/Welcome.html).

### AWS SDKs
<a name="cloudtrail-accessing-sdk"></a>

As an alternative to using the CloudTrail API, you can use one of the AWS SDKs. Each SDK consists of libraries and sample code for various programming languages and platforms. The SDKs provide a convenient way to create programmatic access to CloudTrail. For example, you can use the SDKs to sign requests cryptographically, manage errors, and retry requests automatically. For more information, see the [Tools to Build on AWS](https://aws.amazon.com/developer/tools/) page.

# How CloudTrail works
<a name="how-cloudtrail-works"></a>

You automatically have access to the CloudTrail **Event history** when you create your AWS account. The **Event history** provides a viewable, searchable, downloadable, and immutable record of the past 90 days of recorded management events in an AWS Region.

For an ongoing record of events in your AWS account past 90 days, create a trail or a CloudTrail Lake event data store.

**Topics**
+ [

## CloudTrail Event history
](#how-cloudtrail-works-eventhistory)
+ [

## CloudTrail Lake and event data stores
](#how-cloudtrail-works-lake)
+ [

## CloudTrail Lake dashboards
](#how-cloudtrail-works-lake-dashboards)
+ [

## CloudTrail trails
](#how-cloudtrail-works-trails)
+ [

## CloudTrail Insights events
](#how-cloudtrail-works-insights)
+ [

## CloudTrail channels
](#how-cloudtrail-works-channels)

## CloudTrail Event history
<a name="how-cloudtrail-works-eventhistory"></a>

You can easily view the last 90 days of management events in the CloudTrail console by going to the **Event history** page. You can also view the event history by running the [https://docs.aws.amazon.com/cli/latest/reference/cloudtrail/lookup-events.html](https://docs.aws.amazon.com/cli/latest/reference/cloudtrail/lookup-events.html) command, or the [https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html) API operation. You can search events in **Event history** by filtering for events on a single attribute. For more information, see [Working with CloudTrail event history](view-cloudtrail-events.md).

The **Event history** is not connected to any trails or event data stores that exist in your account and is not affected by configuration changes you make to your trails and event data stores.

There are no CloudTrail charges for viewing the **Event history** page or running the `lookup-events` command.

## CloudTrail Lake and event data stores
<a name="how-cloudtrail-works-lake"></a>

You can create an event data store to log [CloudTrail events](query-event-data-store-cloudtrail.md) (management events, data events, network activity events), [CloudTrail Insights events](query-event-data-store-insights.md), [AWS Audit Manager evidence](https://docs.aws.amazon.com/audit-manager/latest/userguide/evidence-finder.html#understanding-evidence-finder), [AWS Config configuration items](query-event-data-store-config.md), or [events outside of AWS](event-data-store-integration-events.md).

Event data stores can log events from the current AWS Region, or from all AWS Regions in your AWS account. Event data stores that you are using to log **Integration** events from outside AWS must be for a single Region only; they cannot be multi-Region event data stores.

If you have created an organization in AWS Organizations, you can create an *organization event data store* that logs all events for all AWS accounts in that organization. Organization event data stores can apply to all AWS Regions, or the current Region. Organization event data stores must be created using the management account or delegated administrator account, and when specified as applying to an organization, are automatically applied to all member accounts in the organization. Member accounts cannot see the organization event data store, nor can they modify or delete it. Organization event data stores cannot be used to collect events from outside of AWS. For more information, see [Understanding organization event data stores](cloudtrail-lake-organizations.md).

By default, all events in an event data store are encrypted by CloudTrail. When you configure an event data store, you can choose to use your own AWS KMS key. Using your own KMS key incurs AWS KMS costs for encryption and decryption. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. For more information, see [Encrypting CloudTrail log files, digest files, and event data stores with AWS KMS keys (SSE-KMS)](encrypting-cloudtrail-log-files-with-aws-kms.md).

The following table provides information about tasks you can perform on event data stores.


| Task | Description | 
| --- | --- | 
|  [View and create dashboards](lake-dashboard.md)  |  You can use CloudTrail Lake dashboards to see event trends for the event data stores in your account. You can view managed dashboards, create custom dashboards, and enable the **Highlights** dashboard to see highlights for your event data curated and managed by CloudTrail Lake.  | 
|  [Log management events](logging-management-events-with-cloudtrail.md)  |  Configure your event data store to log read-only, write-only, or all management events. By default, event data stores log management events. You can filter management events on the following advanced event selector fields: `eventName`, `eventSource`, `eventType`, `readOnly`, `sessionCredentialFromConsole`, and `userIdentity.arn`.  | 
|  [Log data events](logging-data-events-with-cloudtrail.md)  |  You can use [advanced event selectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) to create fine-grained selectors to log only those data events of interest. For example, you can filter on the `eventName` field to include or exclude logging of specific API calls, which can help control costs. For more information, see [Filtering data events by using advanced event selectors](filtering-data-events.md).  | 
|  [Log network activity events](logging-network-events-with-cloudtrail.md)  |  Configure your event data store to log network activity events. You can use advanced event selectors to filter on the `eventName`, `errorCode`, and `vpcEndpointId` fields to log only those events of interest.  | 
| [Log Insights events](query-event-data-store-insights.md) | Configure your event data stores to log Insights events to help you identify and respond to unusual activity associated with management API calls. For more information, see [Working with CloudTrail Insights](logging-insights-events-with-cloudtrail.md). Additional charges apply for Insights events. You will be charged separately if you enable Insights for both trails and event data stores. For more information, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). | 
| [Copy trail events](cloudtrail-copy-trail-to-lake-eds.md) | You can copy trail events to a [new](scenario-lake-import.md) or [existing](cloudtrail-copy-trail-events-lake.md) event data store to create a point-in-time snapshot of events logged to the trail. | 
| [Enable federation on an event data store](query-federation.md) | You can federate an event data store to see the metadata associated with the event data store in the AWS Glue [Data Catalog](https://docs.aws.amazon.com/glue/latest/dg/components-overview.html#data-catalog-intro) and run SQL queries on the event data using Amazon Athena. The table metadata stored in the AWS Glue Data Catalog lets the Athena query engine know how to find, read, and process the data that you want to query. | 
| [Stop or start event ingestion on an event data store](query-eds-stop-ingestion.md) | You can stop and start event ingestion on event data stores that collect CloudTrail management and data events, or AWS Config configuration items. | 
| [Create an integration with an event source outside of AWS](query-event-data-store-integration.md) | You can use CloudTrail Lake *integrations* to log and store user activity data from outside of AWS; from any source in your hybrid environments, such as in-house or SaaS applications hosted on-premises or in the cloud, virtual machines, or containers. For information about available integration partners, see [AWS CloudTrail Lake Integrations](https://aws.amazon.com/cloudtrail/partners/). | 
| [View Lake sample queries in the CloudTrail console](lake-console-queries.md) | The CloudTrail console provides a number of sample queries that can help you get started writing your own queries. | 
| [Create or edit a query](query-create-edit-query.md) | Queries in CloudTrail are authored in SQL. You can build a query on the CloudTrail Lake **Editor** tab by writing the query in SQL from scratch, or by opening a saved or sample query and editing it. | 
| [Save query results to an S3 bucket](query-run-query.md#scenario-lake-save-queries) |  When you run a query, you can save the query results to an S3 bucket. | 
| [Download saved query results](view-download-cloudtrail-lake-query-results.md#cloudtrail-download-lake-query-results) | You can download a CSV file containing your saved CloudTrail Lake query results. | 
| [Validate saved query results](cloudtrail-query-results-validation.md) | You can use CloudTrail query results integrity validation to determine whether the query results were modified, deleted, or unchanged after CloudTrail delivered the query results to the S3 bucket. | 

For more information about CloudTrail Lake, see [Working with AWS CloudTrail Lake](cloudtrail-lake.md).

CloudTrail Lake event data stores and queries incur charges. When you create an event data store, you choose the [pricing option](cloudtrail-lake-manage-costs.md#cloudtrail-lake-manage-costs-pricing-option) you want to use for the event data store. The pricing option determines the cost for ingesting and storing events, and the default and maximum retention period for the event data store. When you run queries in Lake, you pay based upon the amount of data scanned. For information about CloudTrail pricing and managing Lake costs, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/) and [Managing CloudTrail Lake costs](cloudtrail-lake-manage-costs.md).

## CloudTrail Lake dashboards
<a name="how-cloudtrail-works-lake-dashboards"></a>

You can use CloudTrail Lake dashboards to see event trends for the event data stores in your account. CloudTrail Lake offers the following types of dashboards:
+ **Managed dashboards** – You can view a managed dashboard to see event trends for an event data store that collects management events, data events, or Insights events. These dashboards are automatically available to you and are managed by CloudTrail Lake. CloudTrail offers 14 managed dashboards to choose from. You can manually refresh managed dashboards. You cannot modify, add, or remove the widgets for these dashboards, however, you can save a managed dashboard as a custom dashboard if you want to modify the widgets or set a refresh schedule.
+ **Custom dashboards** – Custom dashboards allow you to query events in any event data store type. You can add up to 10 widgets to a custom dashboard. You can manually refresh a custom dashboard, or you can set a refresh schedule.
+ **Highlights dashboards** – Enable the Highlights dashboard to view an at-a-glance overview of the AWS activity collected by the event data stores in your account. The Highlights dashboard is managed by CloudTrail and includes widgets that are relevant to your account. The widgets shown on the Highlights dashboard are unique to each account. These widgets could surface detected abnormal activity or anomalies. For example, your Highlights dashboard could include the **Total cross-account access widget**, which shows if there is an increase in abnormal cross-account activity. CloudTrail updates the Highlights dashboard every 6 hours. The dashboard shows the last 24 hours of data from the last update.

Each dashboard consists of one or more widgets and each widget represents a SQL query.

For more information, see [CloudTrail Lake dashboards](lake-dashboard.md).

## CloudTrail trails
<a name="how-cloudtrail-works-trails"></a>

A *trail* is a configuration that enables delivery of events to an Amazon S3 bucket that you specify. You can also deliver and analyze events in a trail with [Amazon CloudWatch Logs](send-cloudtrail-events-to-cloudwatch-logs.md) and [Amazon EventBridge](cloudtrail-aws-service-specific-topics.md#cloudtrail-aws-service-specific-topics-eventbridge).

Trails can log CloudTrail management events, data events, network activity events, and Insights events.

You can create both multi-Region and single-Region trails for your AWS account.

**Multi-Region trails**  
When you create a multi-Region trail, CloudTrail records events in all AWS Regions that are [enabled](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html#manage-acct-regions-enable-standalone) in your AWS account and delivers the CloudTrail event log files to an S3 bucket that you specify. As a best practice, we recommend creating a multi-Region trail because it captures activity in all enabled Regions. All trails created using the CloudTrail console are multi-Region trails. You can convert a single-Region trail to a multi-Region trail by using the AWS CLI. For more information, see [Understanding multi-Region trails and opt-in Regions](cloudtrail-multi-region-trails.md), [Creating a trail with the console](cloudtrail-create-a-trail-using-the-console-first-time.md#creating-a-trail-in-the-console), and [Converting a single-Region trail to a multi-Region trail](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-update-trail.md#cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-examples-convert).

**Single-Region trails**  
When you create a single-Region trail, CloudTrail records the events in that Region only. It then delivers the CloudTrail event log files to an Amazon S3 bucket that you specify. You can only create a single-Region trail by using the AWS CLI. If you create additional single trails, you can have those trails deliver CloudTrail event log files to the same S3 bucket or to separate buckets. This is the default option when you create a trail using the AWS CLI or the CloudTrail API. For more information, see [Creating, updating, and managing trails with the AWS CLI](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli.md).

**Note**  
For both types of trails, you can specify an Amazon S3 bucket from any Region.

If you have created an organization in AWS Organizations, you can create an *organization trail* that logs all events for all AWS accounts in that organization. Organization trails can apply to all AWS Regions, or the current Region. Organization trails must be created using the management account or delegated administrator account, and when specified as applying to an organization, are automatically applied to all member accounts in the organization. Member accounts can see the organization trail, but cannot modify or delete it. By default, member accounts do not have access to the log files for an organization trail in the Amazon S3 bucket.

By default, when you create a trail in the CloudTrail console, your event log files and digest files are encrypted with a KMS key. If you choose not to enable ** SSE-KMS encryption**, your event log files and digest files are encrypted using Amazon S3 server-side encryption (SSE). You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications.

CloudTrail publishes log files multiple times an hour, about every 5 minutes. These log files contain API calls from services in the account that support CloudTrail. For more information, see [CloudTrail supported services and integrations](cloudtrail-aws-service-specific-topics.md).

**Note**  
CloudTrail typically delivers logs within an average of about 5 minutes of an API call. This time is not guaranteed. Review the [AWS CloudTrail Service Level Agreement](https://aws.amazon.com/cloudtrail/sla) for more information.  
If you misconfigure your trail (for example, the S3 bucket is unreachable), CloudTrail will attempt to redeliver the log files to your S3 bucket for 30 days, and these attempted-to-deliver events will be subject to standard CloudTrail charges. To avoid charges on a misconfigured trail, you need to delete the trail.  
CloudTrail captures actions made directly by the user or on behalf of the user by an AWS service. For example, an CloudFormation `CreateStack` call can result in additional API calls to Amazon EC2, Amazon RDS, Amazon EBS, or other services as required by the CloudFormation template. This behavior is normal and expected. You can identify if the action was taken by an AWS service with the `invokedby` field in the CloudTrail event.

The following table provides information about tasks you can perform on trails.


| Task | Description | 
| --- | --- | 
|  [Logging management events](logging-management-events-with-cloudtrail.md)  |  Configure your trails to log read-only, write-only, or all management events.  | 
|  [Log data events](logging-data-events-with-cloudtrail.md)  |  You can use [advanced event selectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) to create fine-grained selectors to log only those data events of interest. For example, you can filter on the `eventName` field to include or exclude logging of specific API calls, which can help control costs. For more information, see [Filtering data events by using advanced event selectors](filtering-data-events.md).  | 
|  [Log network activity events](logging-network-events-with-cloudtrail.md)  |  Configure your trails to log network activity events. You can configure advanced event selectors to filter on the `eventName`, `errorCode`, and `vpcEndpointId` fields to log only those events of interest.  | 
|  [Log Insights events](logging-insights-events-with-cloudtrail.md)  |  Configure your trails to log Insights events to help you identify and respond to unusual activity associated with management API calls. Additional charges apply for Insights events. You will be charged separately if you enable Insights for both trails and event data stores. For more information, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).  | 
|  [View Insights events](view-insights-events.md)  |  After you enable CloudTrail Insights on a trail, you can view up to 90 days of Insights events by using the CloudTrail console or the AWS CLI.  | 
|  [Download Insights events](view-insights-events-console.md#downloading-insights-events)  |  After you enable CloudTrail Insights on a trail, you can download a CSV or JSON file containing up to the past 90 days of Insights events for your trail.  | 
|  [Copy trail events to CloudTrail Lake](cloudtrail-copy-trail-to-lake.md)  |  You can copy existing trail events to a CloudTrail Lake event data store to create a point-in-time snapshot of events logged to the trail.  | 
|  [Create and subscribe to an Amazon SNS topic](configure-sns-notifications-for-cloudtrail.md)  |  Subscribe to a topic to receive notifications about log file delivery to your bucket. Amazon SNS can notify you in multiple ways, including programmatically with Amazon Simple Queue Service.  If you want to receive SNS notifications about log file deliveries from all Regions, specify only one SNS topic for your trail. If you want to programmatically process all events, see [Using the CloudTrail Processing Library](use-the-cloudtrail-processing-library.md).   | 
|  [View your log files](get-and-view-cloudtrail-log-files.md)  |  Find and download your log files from the S3 bucket.  | 
|  [Monitor events with CloudWatch Logs](monitor-cloudtrail-log-files-with-cloudwatch-logs.md)  |  You can configure your trail to send events to CloudWatch Logs. You can then use CloudWatch Logs to monitor your account for specific API calls and events.  If you configure a multi-Region trail to send events to a CloudWatch Logs log group, CloudTrail sends events from all Regions to a single log group.   | 
|  [Enable SSE-KMS encryption](encrypting-cloudtrail-log-files-with-aws-kms.md)  |  Encrypting your log files and digest files with a KMS key provides an extra layer of security for your CloudTrail data.  | 
|  [Enable log file integrity](cloudtrail-log-file-validation-intro.md)  |  Log file integrity validation helps you verify that log files have remained unchanged since CloudTrail delivered them.  | 
|  [Share log files with other AWS accounts](cloudtrail-sharing-logs.md)  |  You can share log files between accounts.  | 
|  [Aggregate logs from multiple accounts](cloudtrail-receive-logs-from-multiple-accounts.md)  |  You can aggregate log files from multiple accounts to a single bucket.  | 
|  [Work with partner solutions](https://aws.amazon.com/cloudtrail/partners/)  |  Analyze your CloudTrail output with a partner solution that integrates with CloudTrail. Partner solutions offer a broad set of capabilities, such as change tracking, troubleshooting, and security analysis.  | 

You can deliver one copy of your ongoing management events to your S3 bucket at no charge from CloudTrail by creating a trail, however, there are Amazon S3 storage charges. For more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). For information about Amazon S3 pricing, see [Amazon S3 Pricing](https://aws.amazon.com/s3/pricing/).

## CloudTrail Insights events
<a name="how-cloudtrail-works-insights"></a>

AWS CloudTrail Insights help AWS users identify and respond to unusual activity associated with API call rates and API error rates by continuously analyzing CloudTrail management events. CloudTrail Insights analyzes your normal patterns of API call volume and API error rates, also called the *baseline*, and generates Insights events when the call volume or error rates are outside normal patterns. Insights events on API call rate are generated for `write` management APIs, and Insights events on API error rate are generated for both `read` and `write` management APIs.

By default, CloudTrail trails and event data stores don't log Insights events. You must configure your trail or event data store to log Insights events. For more information, see [Logging Insights events with the CloudTrail console](insights-events-enable.md) and [Logging Insights events with the AWS CLI](insights-events-CLI-enable.md). 

Additional charges apply for Insights events. You will be charged separately if you enable Insights for both trails and event data stores. For more information, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

### Viewing Insights events for trails and event data stores
<a name="how-cloudtrail-works-insights-viewing"></a>

CloudTrail supports Insights events for both trails and event data stores, however, there are some differences in how you view and access Insights events.

**Viewing Insights events for trails**

If you have Insights events enabled on a trail, and CloudTrail detects unusual activity, Insights events are logged to a different folder or prefix in the destination S3 bucket for your trail. You can also see the type of insight and the incident time period when you view Insights events on the CloudTrail console. For more information, see [Viewing Insights events for trails with the console](view-insights-events-console.md).

After you enable CloudTrail Insights for the first time on a trail, CloudTrail may take up to 36 hours to begin delivering Insights events after you enable Insights events on a trail, provided that unusual activity is detected during that time.

**Viewing Insights events for event data stores**

To log Insights events in CloudTrail Lake, you need a destination event data store that logs Insights events and a source event data store that enables Insights and logs management events. For more information, see [Create an event data store for Insights events with the console](query-event-data-store-insights.md).

 After you enable CloudTrail Insights for the first time on the source event data store, CloudTrail may take up to 7 days to begin delivering Insights events, provided that unusual activity is detected during that time.

If you have CloudTrail Insights enabled on a source event data store and CloudTrail detects unusual activity, CloudTrail delivers Insights events to your destination event data store. You can then query your destination event data store to get information about your Insights events and can optionally save the query results to an S3 bucket. For more information, see [Create or edit a query with the CloudTrail console](query-create-edit-query.md) and [View sample queries with the CloudTrail console](lake-console-queries.md). 

You can view the **Insights events** dashboard to visualize the Insights events in your destination event data store. For more information about Lake dashboards, see [CloudTrail Lake dashboards](lake-dashboard.md).

## CloudTrail channels
<a name="how-cloudtrail-works-channels"></a>

CloudTrail supports two types of *channels*:

**Channels for CloudTrail Lake integrations with event sources outside of AWS**  
CloudTrail Lake uses *channels* to bring events from outside of AWS into CloudTrail Lake from external partners that work with CloudTrail, or from your own sources. When you create a channel, you choose one or more event data stores to store events that arrive from the channel source. You can change the destination event data stores for a channel as needed, as long as the destination event data stores are set to log activity events. When you create a channel for events from an external partner, you provide a channel ARN to the partner or source application. The resource policy attached to the channel allows the source to transmit events through the channel. For more information, see [Create an integration with an event source outside of AWS](query-event-data-store-integration.md) and [https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateChannel.html](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateChannel.html) in the *AWS CloudTrail API Reference*.

**Service-linked channels**  
AWS services can create a service-linked channel to receive CloudTrail events on your behalf. The AWS service creating the service-linked channel configures advanced event selectors for the channel and specifies whether the channel applies to all Regions, or the current Region.  
You can use the [CloudTrail console](cloudtrail-service-linked-channels.md#viewing-service-linked-channels-console) or [AWS CLI](cloudtrail-service-linked-channels.md#viewing-service-linked-channels-cli) to view information about any CloudTrail service-linked channels created by AWS services.

# CloudTrail concepts
<a name="cloudtrail-concepts"></a>

This section summarizes basic concepts related to CloudTrail.

**Topics**
+ [

## CloudTrail events
](#cloudtrail-concepts-events)
+ [

## Event history
](#cloudtrail-concepts-event-history)
+ [

## Trails
](#cloudtrail-concepts-trails)
+ [

## Organization trails
](#cloudtrail-concepts-trails-org)
+ [

## CloudTrail Lake and event data stores
](#cloudtrail-concepts-lake)
+ [

## CloudTrail Insights
](#understanding-insight-selectors)
+ [

## Tags
](#cloudtrail-concepts-tags)
+ [

## AWS Security Token Service and CloudTrail
](#cloudtrail-concepts-sts-regionalization)
+ [

## Global service events
](#cloudtrail-concepts-global-service-events)

## CloudTrail events
<a name="cloudtrail-concepts-events"></a>

An event in CloudTrail is the record of an activity in an AWS account. This activity can be an action taken by an IAM identity, or service that is monitorable by CloudTrail. CloudTrail events provide a history of both API and non-API account activity made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

CloudTrail log files aren't an ordered stack trace of the public API calls, so events don't appear in any specific order.

CloudTrail logs four types of events:
+ [Management events](#cloudtrail-concepts-management-events)
+ [Data events](#cloudtrail-concepts-data-events)
+ [Network activity events](#cloudtrail-concepts-network-events)
+ [Insights events](#cloudtrail-concepts-insights-events)

All event types use a CloudTrail JSON log format.

By default, trails and event data stores log management events, but not data or Insights events.

For information about how AWS services integrate with CloudTrail, see [AWS service topics for CloudTrail](cloudtrail-aws-service-specific-topics.md#cloudtrail-aws-service-specific-topics-list).

### Management events
<a name="cloudtrail-concepts-management-events"></a>

Management events provide information about management operations that are performed on resources in your AWS account. These are also known as *control plane operations*.

Example management events include:
+ Configuring security (for example, AWS Identity and Access Management `AttachRolePolicy` API operations).
+ Registering devices (for example, Amazon EC2 `CreateDefaultVpc` API operations).
+ Configuring rules for routing data (for example, Amazon EC2 `CreateSubnet` API operations).
+ Setting up logging (for example, AWS CloudTrail `CreateTrail` API operations).

Management events can also include non-API events that occur in your account. For example, when a user signs in to your account, CloudTrail logs the `ConsoleLogin` event. For more information, see [Non-API events captured by CloudTrail](cloudtrail-non-api-events.md).

By default, CloudTrail trails and CloudTrail Lake event data stores log management events. For more information about logging management events, see [Logging management events](logging-management-events-with-cloudtrail.md).

### Data events
<a name="cloudtrail-concepts-data-events"></a>

Data events provide information about the resource operations performed on or in a resource. These are also known as *data plane operations*. Data events are often high-volume activities.

Example data events include:
+ [Amazon S3 object-level API activity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-data-events) (for example, `GetObject`, `DeleteObject`, and `PutObject` API operations) on objects in S3 buckets.
+ AWS Lambda function execution activity (the `Invoke` API).
+ CloudTrail [https://docs.aws.amazon.com/awscloudtraildata/latest/APIReference/API_PutAuditEvents.html](https://docs.aws.amazon.com/awscloudtraildata/latest/APIReference/API_PutAuditEvents.html) activity on a [CloudTrail Lake channel](query-event-data-store-integration.md) that is used to log events from outside AWS.
+ Amazon SNS [https://docs.aws.amazon.com/sns/latest/api/API_Publish.html](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) and [https://docs.aws.amazon.com/sns/latest/api/API_PublishBatch.html](https://docs.aws.amazon.com/sns/latest/api/API_PublishBatch.html) API operations on topics.

The following table shows the resource types available for trails and event data stores. The **Resource type (console)** column shows the appropriate selection in the console. The **resources.type value** column shows the `resources.type` value that you would specify to include data events of that type in your trail or event data store using the AWS CLI or CloudTrail APIs.

For trails, you can use basic or advanced event selectors to log data events for Amazon S3 objects in general purpose buckets, Lambda functions, and DynamoDB tables (shown in the first three rows of the table). You can use only advanced event selectors to log the resource types shown in the remaining rows.

For event data stores, you can use only advanced event selectors to include data events.

#### Data events supported by AWS CloudTrail
<a name="w2aab5c23b7c19c17"></a>


****  

| AWS service | Description | Resource type (console) | resources.type value | 
| --- | --- | --- | --- | 
| Amazon RDS | [Amazon RDS API activity](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail-data-api.html#logging-using-cloudtrail-data-api.including-excluding-cloudtrail-events) on a DB Cluster. | RDS Data API - DB Cluster | AWS::RDS::DBCluster | 
| Amazon S3 | [Amazon S3 object-level API activity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-data-events) (for example, `GetObject`, `DeleteObject`, and `PutObject` API operations) on objects in general purpose buckets. | S3 | AWS::S3::Object | 
| Amazon S3 | [Amazon S3 API activity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-data-events) on access points. | S3 Access Point | AWS::S3::AccessPoint | 
| Amazon S3 | [Amazon S3 object-level API activity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-data-events) (for example, `GetObject`, `DeleteObject`, and `PutObject` API operations) on objects in directory buckets. | S3 Express | AWS::S3Express::Object | 
| Amazon S3 | [Amazon S3 Object Lambda access points API activity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-data-events), such as calls to `CompleteMultipartUpload` and `GetObject`. | S3 Object Lambda | AWS::S3ObjectLambda::AccessPoint | 
| Amazon S3 | Amazon FSx API activity on volumes.  | FSx Volume | AWS::FSx::Volume | 
| Amazon S3 Tables | Amazon S3 API activity on [tables](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-create.html). | S3 table | AWS::S3Tables::Table | 
| Amazon S3 Tables | Amazon S3 API activity on [table buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-buckets.html). | S3 table bucket | AWS::S3Tables::TableBucket | 
| Amazon S3 Vectors | Amazon S3 API activity on [vector buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-vectors-buckets.html). | S3 vector bucket | AWS::S3Vectors::VectorBucket | 
| Amazon S3 Vectors | Amazon S3 API activity on [vector indexes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-vectors-indexes.html). | S3 vector index | AWS::S3Vectors::Index | 
| Amazon S3 on Outposts |  [Amazon S3 on Outposts object-level API activity](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging-s3-info.html#cloudtrail-data-events). | S3 Outposts | AWS::S3Outposts::Object | 
| Amazon SNS | Amazon SNS [https://docs.aws.amazon.com/sns/latest/api/API_Publish.html](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) API operations on platform endpoints. | SNS platform endpoint | AWS::SNS::PlatformEndpoint | 
| Amazon SNS | Amazon SNS [https://docs.aws.amazon.com/sns/latest/api/API_Publish.html](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) and [https://docs.aws.amazon.com/sns/latest/api/API_PublishBatch.html](https://docs.aws.amazon.com/sns/latest/api/API_PublishBatch.html) API operations on topics. | SNS topic | AWS::SNS::Topic | 
| Amazon SQS | [Amazon SQS API activity](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-logging-using-cloudtrail.html#sqs-data-events-in-cloud-trail) on messages.  | SQS | AWS::SQS::Queue | 
| AWS Supply Chain | AWS Supply Chain API activity on an instance.  | Supply Chain | AWS::SCN::Instance | 
| Amazon SWF | [Amazon SWF API activity](https://docs.aws.amazon.com/amazonswf/latest/developerguide/ct-logging.html#cloudtrail-data-events) on [domains](https://docs.aws.amazon.com/amazonswf/latest/developerguide/swf-dev-domains.html).  | SWF domain | AWS::SWF::Domain | 
| AWS AppConfig | [AWS AppConfig API activity](https://docs.aws.amazon.com/appconfig/latest/userguide/logging-using-cloudtrail.html#appconfig-data-events-cloudtrail) for configuration operations such as calls to `StartConfigurationSession` and `GetLatestConfiguration`. | AWS AppConfig | AWS::AppConfig::Configuration | 
| AWS AppSync | [AWS AppSync API activity](https://docs.aws.amazon.com/appsync/latest/devguide/cloudtrail-logging.html#cloudtrail-data-events) on AppSync GraphQL APIs. | AppSync GraphQL | AWS::AppSync::GraphQLApi | 
| Amazon Aurora DSQL | Amazon Aurora DSQL API activity on cluster resources.  | Amazon Aurora DSQL | AWS::DSQL::Cluster | 
| AWS B2B Data Interchange | B2B Data Interchange API activity for Transformer operations such as calls to `GetTransformerJob` and `StartTransformerJob`. | B2B Data Interchange | AWS::B2BI::Transformer | 
| AWS Backup | AWS Backup Search Data API activity on search jobs. | AWS Backup Search Data APIs | AWS::Backup::SearchJob | 
| Amazon Bedrock | [Amazon Bedrock API activity](https://docs.aws.amazon.com/bedrock/latest/userguide/logging-using-cloudtrail.html#service-name-data-events-cloudtrail) on an agent alias. | Bedrock agent alias | AWS::Bedrock::AgentAlias | 
| Amazon Bedrock | Amazon Bedrock API activity on async invocations. | Bedrock async invoke | AWS::Bedrock::AsyncInvoke | 
| Amazon Bedrock | Amazon Bedrock API activity on a flow alias. | Bedrock flow alias | AWS::Bedrock::FlowAlias | 
| Amazon Bedrock | Amazon Bedrock API activity on guardrails. | Bedrock guardrail | AWS::Bedrock::Guardrail | 
| Amazon Bedrock | Amazon Bedrock API activity on inline agents. | Bedrock Invoke Inline-Agent | AWS::Bedrock::InlineAgent | 
| Amazon Bedrock | [Amazon Bedrock API activity](https://docs.aws.amazon.com/bedrock/latest/userguide/logging-using-cloudtrail.html#service-name-data-events-cloudtrail) on a knowledge base. | Bedrock knowledge base | AWS::Bedrock::KnowledgeBase | 
| Amazon Bedrock | Amazon Bedrock API activity on models. | Bedrock model | AWS::Bedrock::Model | 
| Amazon Bedrock | Amazon Bedrock API activity on prompts. | Bedrock prompt | AWS::Bedrock::PromptVersion | 
| Amazon Bedrock | Amazon Bedrock API activity on sessions. | Bedrock session | AWS::Bedrock::Session | 
| Amazon Bedrock | Amazon Bedrock API activity on flow executions.  | Bedrock flow execution | AWS::Bedrock::FlowExecution | 
| Amazon Bedrock | Amazon Bedrock API activity on an automated reasoning policy.  | Bedrock automated reasoning policy | AWS::Bedrock::AutomatedReasoningPolicy | 
| Amazon Bedrock | Amazon Bedrock API activity on an automated reasoning policy version.  | Bedrock automated reasoning policy version | AWS::Bedrock::AutomatedReasoningPolicyVersion | 
| Amazon Bedrock | Amazon Bedrock data automation project API activity. | **Bedrock Data Automation project** | `AWS::Bedrock::DataAutomationProject` | 
| Amazon Bedrock | Bedrock data automation invocation API activity. | **Bedrock Data Automation invocation** | `AWS::Bedrock::DataAutomationInvocation` | 
| Amazon Bedrock | Amazon Bedrock data automation profile API activity. | **Bedrock Data Automation profile** | `AWS::Bedrock::DataAutomationProfile` | 
| Amazon Bedrock | Amazon Bedrock blueprint API activity. | **Bedrock blueprint** | `AWS::Bedrock::Blueprint` | 
| Amazon Bedrock | Amazon Bedrock Code-Interpreter API activity. | **Bedrock-AgentCore Code-Interpreter** | `AWS::BedrockAgentCore::CodeInterpreter` | 
| Amazon Bedrock | Amazon Bedrock Browser API activity. | **Bedrock-AgentCore Browser** | `AWS::BedrockAgentCore::Browser` | 
| Amazon Bedrock | Amazon Bedrock Workload Identity API activity. | **Bedrock-AgentCore Workload Identity** | `AWS::BedrockAgentCore::WorkloadIdentity` | 
| Amazon Bedrock | Amazon Bedrock Workload Identity Directory API activity. | **Bedrock-AgentCore Workload Identity Directory** | `AWS::BedrockAgentCore::WorkloadIdentityDirectory` | 
| Amazon Bedrock | Amazon Bedrock Token Vault API activity. | **Bedrock-AgentCore Token Vault** | `AWS::BedrockAgentCore::TokenVault` | 
| Amazon Bedrock | Amazon Bedrock APIKey CredentialProvider API activity. | **Bedrock-AgentCore APIKey CredentialProvider** | `AWS::BedrockAgentCore::APIKeyCredentialProvider` | 
| Amazon Bedrock | Amazon Bedrock Runtime API activity. | **Bedrock-AgentCore Runtime** | `AWS::BedrockAgentCore::Runtime` | 
| Amazon Bedrock | Amazon Bedrock Runtime-Endpoint API activity. | **Bedrock-AgentCore Runtime-Endpoint** | `AWS::BedrockAgentCore::RuntimeEndpoint` | 
| Amazon Bedrock | Amazon Bedrock Gateway API activity. | **Bedrock-AgentCore Gateway** | `AWS::BedrockAgentCore::Gateway` | 
| Amazon Bedrock | Amazon Bedrock Memory API activity. | **Bedrock-AgentCore Memory** | `AWS::BedrockAgentCore::Memory` | 
| Amazon Bedrock | Amazon Bedrock Oauth2 CredentialProvider API activity. | **Bedrock-AgentCore Oauth2 CredentialProvider** | `AWS::BedrockAgentCore::OAuth2CredentialProvider` | 
| Amazon Bedrock | Amazon Bedrock Browser-Custom API activity. | **Bedrock-AgentCore Browser-Custom** | `AWS::BedrockAgentCore::BrowserCustom` | 
| Amazon Bedrock | Amazon Bedrock Code-Interpreter-Custom API activity. | **Bedrock-AgentCore Code-Interpreter-Custom** | `AWS::BedrockAgentCore::CodeInterpreterCustom` | 
| Amazon Bedrock | Amazon Bedrock Tool API activity. | Bedrock Tool | AWS::Bedrock::Tool | 
| AWS Cloud Map | [AWS Cloud Map API activity](https://docs.aws.amazon.com/cloud-map/latest/dg/cloudtrail-data-events.html) on a [namespace](https://docs.aws.amazon.com/cloud-map/latest/api/API_Namespace.html). | AWS Cloud Map namespace | AWS::ServiceDiscovery::Namespace | 
| AWS Cloud Map | [AWS Cloud Map API activity](https://docs.aws.amazon.com/cloud-map/latest/dg/cloudtrail-data-events.html) on a [service](https://docs.aws.amazon.com/cloud-map/latest/api/API_Service.html). | AWS Cloud Map service | AWS::ServiceDiscovery::Service | 
| Amazon CloudFront | CloudFront API activity on a [https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_KeyValueStore.html](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_KeyValueStore.html). | CloudFront KeyValueStore | AWS::CloudFront::KeyValueStore | 
| AWS CloudTrail | CloudTrail [https://docs.aws.amazon.com/awscloudtraildata/latest/APIReference/API_PutAuditEvents.html](https://docs.aws.amazon.com/awscloudtraildata/latest/APIReference/API_PutAuditEvents.html) activity on a [CloudTrail Lake channel](query-event-data-store-integration.md) that is used to log events from outside AWS. | CloudTrail channel | AWS::CloudTrail::Channel | 
| Amazon CloudWatch | [Amazon CloudWatch API activity](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html#CloudWatch-data-plane-events) on metrics. | CloudWatch metric | AWS::CloudWatch::Metric | 
| Amazon CloudWatch Network Flow Monitor | Amazon CloudWatch Network Flow Monitor API activity on monitors. | Network Flow Monitor monitor | AWS::NetworkFlowMonitor::Monitor | 
| Amazon CloudWatch Network Flow Monitor | Amazon CloudWatch Network Flow Monitor API activity on scopes. | Network Flow Monitor scope | AWS::NetworkFlowMonitor::Scope | 
| Amazon CloudWatch RUM | Amazon CloudWatch RUM API activity on app monitors. | RUM app monitor | AWS::RUM::AppMonitor | 
| Amazon CodeGuru Profiler | CodeGuru Profiler API activity on profiling groups. | CodeGuru Profiler profiling group | AWS::CodeGuruProfiler::ProfilingGroup | 
| Amazon CodeWhisperer | Amazon CodeWhisperer API activity on a customization. | CodeWhisperer customization | AWS::CodeWhisperer::Customization | 
| Amazon CodeWhisperer | Amazon CodeWhisperer API activity on a profile. | CodeWhisperer | AWS::CodeWhisperer::Profile | 
| Amazon Cognito | Amazon Cognito API activity on Amazon Cognito [identity pools](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-info-in-cloudtrail.html#identity-pools-cloudtrail-events). | Cognito Identity Pools | AWS::Cognito::IdentityPool | 
| AWS Data Exchange | AWS Data Exchange API activity on assets. | **Data Exchange asset** | `AWS::DataExchange::Asset` | 
| Amazon Data Firehose | Amazon Data Firehose delivery stream API activity. | **Amazon Data Firehose** | `AWS::KinesisFirehose::DeliveryStream` | 
| AWS Deadline Cloud | [Deadline Cloud](https://docs.aws.amazon.com/deadline-cloud/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on fleets. | **Deadline Cloud fleet** | `AWS::Deadline::Fleet` | 
| AWS Deadline Cloud | [Deadline Cloud](https://docs.aws.amazon.com/deadline-cloud/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on jobs. | **Deadline Cloud job** | `AWS::Deadline::Job` | 
| AWS Deadline Cloud | [Deadline Cloud](https://docs.aws.amazon.com/deadline-cloud/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on queues. | **Deadline Cloud queue** | `AWS::Deadline::Queue` | 
| AWS Deadline Cloud | [Deadline Cloud](https://docs.aws.amazon.com/deadline-cloud/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on workers. | **Deadline Cloud worker** | `AWS::Deadline::Worker` | 
| Amazon DynamoDB | [Amazon DynamoDB item-level API activity](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html#ddb-data-plane-events-in-cloudtrail) on tables (for example, `PutItem`, `DeleteItem`, and `UpdateItem` API operations). For tables with streams enabled, the `resources` field in the data event contains both `AWS::DynamoDB::Stream` and `AWS::DynamoDB::Table`. If you specify `AWS::DynamoDB::Table` for the `resources.type`, it will log both DynamoDB table and DynamoDB streams events by default. To exclude [streams events](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html#ddb-data-plane-events-in-cloudtrail), add a filter on the `eventName` field.   | DynamoDB | `AWS::DynamoDB::Table`  | 
| Amazon DynamoDB | [Amazon DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html#ddb-data-plane-events-in-cloudtrail) API activity on streams. | DynamoDB Streams | AWS::DynamoDB::Stream | 
| Amazon Elastic Block Store | [Amazon Elastic Block Store (EBS)](https://docs.aws.amazon.com/ebs/latest/userguide/logging-ebs-apis-using-cloudtrail.html) direct APIs, such as `PutSnapshotBlock`, `GetSnapshotBlock`, and `ListChangedBlocks` on Amazon EBS snapshots. | Amazon EBS direct APIs | AWS::EC2::Snapshot | 
| Amazon Elastic Compute Cloud | Amazon EC2 instance connect endpoint API activity. | **EC2 instance connect endpoint** | `AWS::EC2::InstanceConnectEndpoint` | 
| Amazon Elastic Container Service | Amazon Elastic Container Service API activity on a container instance. | ECS container instance | AWS::ECS::ContainerInstance | 
| Amazon Elastic Kubernetes Service | Amazon Elastic Kubernetes Service API activity on dashboards.  | Amazon Elastic Kubernetes Service dashboard | AWS::EKS::Dashboard | 
| Amazon EMR | [Amazon EMR API activity](https://docs.aws.amazon.com/emr/latest/ManagementGuide/logging-using-cloudtrail.html#cloudtrail-data-events) on a write-ahead log workspace. | EMR write-ahead log workspace | AWS::EMRWAL::Workspace | 
| AWS End User Messaging SMS | [AWS End User Messaging SMS](https://docs.aws.amazon.com/sms-voice/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on origination identities. | SMS Voice origination identity | AWS::SMSVoice::OriginationIdentity | 
| AWS End User Messaging SMS | [AWS End User Messaging SMS](https://docs.aws.amazon.com/sms-voice/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on messages. | SMS Voice message | AWS::SMSVoice::Message | 
| AWS End User Messaging Social | [AWS End User Messaging Social](https://docs.aws.amazon.com/social-messaging/latest/userguide/logging-using-cloudtrail.html#cloudtrail-data-events) API activity on phone number IDs. | Social-Messaging Phone Number Id | AWS::SocialMessaging::PhoneNumberId | 
| AWS End User Messaging Social | AWS End User Messaging Social API activity on Waba IDs. | Social-Messaging Waba ID | AWS::SocialMessaging::WabaId | 
| Amazon FinSpace | [Amazon FinSpace](https://docs.aws.amazon.com/finspace/latest/userguide/logging-cloudtrail-events.html#finspace-dataplane-events) API activity on environments. | FinSpace | AWS::FinSpace::Environment | 
| Amazon GameLift Streams | Amazon GameLift Streams [streaming API activity](https://docs.aws.amazon.com/gameliftstreams/latest/developerguide/logging-using-cloudtrail.html#cloudtrail-data-events) on applications. | GameLift Streams application | AWS::GameLiftStreams::Application | 
| Amazon GameLift Streams | Amazon GameLift Streams [streaming API activity](https://docs.aws.amazon.com/gameliftstreams/latest/developerguide/logging-using-cloudtrail.html#cloudtrail-data-events) on stream groups. | GameLift Streams stream group | AWS::GameLiftStreams::StreamGroup | 
| AWS Glue | AWS Glue API activity on tables that were created by Lake Formation. | Lake Formation | AWS::Glue::Table | 
| Amazon GuardDuty | Amazon GuardDuty API activity for a [detector](https://docs.aws.amazon.com/guardduty/latest/ug/logging-using-cloudtrail.html#guardduty-data-events-in-cloudtrail). | GuardDuty detector | AWS::GuardDuty::Detector | 
| AWS HealthImaging | AWS HealthImaging API activity on data stores. | MedicalImaging data store | AWS::MedicalImaging::Datastore | 
| AWS HealthImaging | AWS HealthImaging image set API activity. | **MedicalImaging image set** | `AWS::MedicalImaging::Imageset` | 
| AWS IoT | [AWS IoT API activity](https://docs.aws.amazon.com/greengrass/v2/developerguide/logging-using-cloudtrail.html#greengrass-data-events-cloudtrail) on [certificates](https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html). | IoT certificate | AWS::IoT::Certificate | 
| AWS IoT | [AWS IoT API activity](https://docs.aws.amazon.com/greengrass/v2/developerguide/logging-using-cloudtrail.html#greengrass-data-events-cloudtrail) on [things](https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html). | IoT thing | AWS::IoT::Thing | 
| AWS IoT Greengrass Version 2 | [Greengrass API activity](https://docs.aws.amazon.com/greengrass/v2/developerguide/logging-using-cloudtrail.html#greengrass-data-events-cloudtrail) from a Greengrass core device on a component version. Greengrass doesn't log access denied events. | IoT Greengrass component version | AWS::GreengrassV2::ComponentVersion | 
| AWS IoT Greengrass Version 2 | [Greengrass API activity](https://docs.aws.amazon.com/greengrass/v2/developerguide/logging-using-cloudtrail.html#greengrass-data-events-cloudtrail) from a Greengrass core device on a deployment. Greengrass doesn't log access denied events. | IoT Greengrass deployment | AWS::GreengrassV2::Deployment | 
| AWS IoT SiteWise | [IoT SiteWise API activity](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/logging-using-cloudtrail.html#service-name-data-events-cloudtrail) on [assets](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_CreateAsset.html). | IoT SiteWise asset | AWS::IoTSiteWise::Asset | 
| AWS IoT SiteWise | [IoT SiteWise API activity](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/logging-using-cloudtrail.html#service-name-data-events-cloudtrail) on [time series](https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_DescribeTimeSeries.html). | IoT SiteWise time series | AWS::IoTSiteWise::TimeSeries | 
| AWS IoT SiteWise Assistant | Sitewise Assistant API activity on conversations. | Sitewise Assistant conversation | AWS::SitewiseAssistant::Conversation | 
| AWS IoT TwinMaker | IoT TwinMaker API activity on an [entity](https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/API_CreateEntity.html). | IoT TwinMaker entity | AWS::IoTTwinMaker::Entity | 
| AWS IoT TwinMaker | IoT TwinMaker API activity on a [workspace](https://docs.aws.amazon.com/iot-twinmaker/latest/apireference/API_CreateWorkspace.html). | IoT TwinMaker workspace | AWS::IoTTwinMaker::Workspace | 
| Amazon Kendra Intelligent Ranking | Amazon Kendra Intelligent Ranking API activity on [rescore execution plans](https://docs.aws.amazon.com/kendra/latest/dg/cloudtrail-intelligent-ranking.html#cloud-trail-intelligent-ranking-log-entry). | Kendra Ranking | AWS::KendraRanking::ExecutionPlan | 
| Amazon Keyspaces (for Apache Cassandra) | [Amazon Keyspaces API activity](https://docs.aws.amazon.com/keyspaces/latest/devguide/logging-using-cloudtrail.html#keyspaces-in-cloudtrail-dml) on a table. | Cassandra table | AWS::Cassandra::Table | 
| Amazon Keyspaces (for Apache Cassandra) | Amazon Keyspaces (for Apache Cassandra) API activity on Cassandra CDC streams.  | Cassandra CDC streams | AWS::Cassandra::Stream | 
| Amazon Kinesis Data Streams | Kinesis Data Streams API activity on [streams](https://docs.aws.amazon.com/streams/latest/dev/working-with-streams.html). | Kinesis stream | AWS::Kinesis::Stream | 
| Amazon Kinesis Data Streams | Kinesis Data Streams API activity on [stream consumers](https://docs.aws.amazon.com/streams/latest/dev/building-consumers.html). | Kinesis stream consumer | AWS::Kinesis::StreamConsumer | 
| Amazon Kinesis Video Streams | Kinesis Video Streams API activity on video streams, such as calls to GetMedia and PutMedia. | Kinesis video stream | AWS::KinesisVideo::Stream | 
| Amazon Kinesis Video Streams | Kinesis Video Streams video signaling channel API activity. | **Kinesis video signaling channel** | `AWS::KinesisVideo::SignalingChannel` | 
| AWS Lambda | AWS Lambda function execution activity (the `Invoke` API). | Lambda | AWS::Lambda::Function | 
| Amazon Location Maps | Amazon Location Maps API activity. | Geo Maps | AWS::GeoMaps::Provider | 
| Amazon Location Places | Amazon Location Places API activity. | Geo Places | AWS::GeoPlaces::Provider | 
| Amazon Location Routes | Amazon Location Routes API activity. | Geo Routes | AWS::GeoRoutes::Provider | 
| Amazon Machine Learning | Machine Learning API activity on ML models. | Maching Learning MlModel | AWS::MachineLearning::MlModel | 
| Amazon Managed Blockchain | Amazon Managed Blockchain API activity on a network. | Managed Blockchain network | AWS::ManagedBlockchain::Network | 
| Amazon Managed Blockchain | [Amazon Managed Blockchain](https://docs.aws.amazon.com/managed-blockchain/latest/ethereum-dev/logging-using-cloudtrail.html#ethereum-jsonrpc-logging) JSON-RPC calls on Ethereum nodes, such as `eth_getBalance` or `eth_getBlockByNumber`. | Managed Blockchain | AWS::ManagedBlockchain::Node | 
| Amazon Managed Blockchain Query | Amazon Managed Blockchain Query API activity. | Managed Blockchain Query | AWS::ManagedBlockchainQuery::QueryAPI | 
| Amazon Managed Workflows for Apache Airflow | Amazon MWAA API activity on environments.  | Managed Apache Airflow | AWS::MWAA::Environment | 
| Amazon Neptune Graph | Data API activities, for example queries, algorithms, or vector search, on a Neptune Graph. | Neptune Graph | AWS::NeptuneGraph::Graph | 
| Amazon One Enterprise | Amazon One Enterprise API activity on a UKey. | Amazon One UKey | AWS::One::UKey | 
| Amazon One Enterprise | Amazon One Enterprise API activity on users. | Amazon One User | AWS::One::User | 
| AWS Payment Cryptography | AWS Payment Cryptography API activity on aliases. | Payment Cryptography Alias | AWS::PaymentCryptography::Alias | 
| AWS Payment Cryptography | AWS Payment Cryptography API activity on keys. | Payment Cryptography Key | AWS::PaymentCryptography::Key | 
| Amazon Pinpoint | Amazon Pinpoint API activity on mobile targeting applications. | Mobile Targeting Application | AWS::Pinpoint::App | 
| AWS Private CA | AWS Private CA Connector for Active Directory API activity. | AWS Private CA Connector for Active Directory | AWS::PCAConnectorAD::Connector | 
| AWS Private CA | AWS Private CA Connector for SCEP API activity. | AWS Private CA Connector for SCEP | AWS::PCAConnectorSCEP::Connector | 
| Amazon Q Apps | Data API activity on [Amazon Q Apps](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/purpose-built-qapps.html). | Amazon Q Apps | AWS::QApps::QApp | 
| Amazon Q Apps | Data API activity on Amazon Q App sessions. | Amazon Q App Session | AWS::QApps::QAppSession | 
| Amazon Q Business | [Amazon Q Business API activity](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/logging-using-cloudtrail.html#service-name-data-plane-events-cloudtrail) on an application. | Amazon Q Business application | AWS::QBusiness::Application | 
| Amazon Q Business | [Amazon Q Business API activity](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/logging-using-cloudtrail.html#service-name-data-plane-events-cloudtrail) on a data source. | Amazon Q Business data source | AWS::QBusiness::DataSource | 
| Amazon Q Business | [Amazon Q Business API activity](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/logging-using-cloudtrail.html#service-name-data-plane-events-cloudtrail) on an index. | Amazon Q Business index | AWS::QBusiness::Index | 
| Amazon Q Business | [Amazon Q Business API activity](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/logging-using-cloudtrail.html#service-name-data-plane-events-cloudtrail) on a web experience. | Amazon Q Business web experience | AWS::QBusiness::WebExperience | 
| Amazon Q Business  | Amazon Q Business integration API activity. | **Amazon Q Business integration** | `AWS::QBusiness::Integration` | 
| Amazon Q Developer | Amazon Q Developer API activity on an integration. | Q Developer integration | AWS::QDeveloper::Integration | 
| Amazon Q Developer | [Amazon Q Developer API activity](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html#Q-Developer-Investigations-Cloudtrail) on operational investigations. | AIOps Investigation Group | AWS::AIOps::InvestigationGroup | 
| Amazon Quick | Amazon Quick API activity on an action connector. | AWSQuickSuite Actions | AWS::Quicksight::ActionConnector | 
| Amazon Quick | Amazon Quick Flow API activity. | **QuickSight flow** | `AWS::QuickSight::Flow` | 
| Amazon Quick | Amazon Quick FlowSession API activity. | **QuickSight flow session** | `AWS::QuickSight::FlowSession` | 
| Amazon SageMaker AI |  Amazon SageMaker AI [https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpointWithResponseStream.html](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpointWithResponseStream.html) activity on endpoints. | SageMaker AI endpoint | AWS::SageMaker::Endpoint | 
| Amazon SageMaker AI | Amazon SageMaker AI API activity on feature stores. | SageMaker AI feature store | AWS::SageMaker::FeatureGroup | 
| Amazon SageMaker AI | Amazon SageMaker AI API activity on [experiment trial components](https://docs.aws.amazon.com/sagemaker/latest/dg/experiments-monitoring.html). | SageMaker AI metrics experiment trial component | AWS::SageMaker::ExperimentTrialComponent | 
| Amazon SageMaker AI | Amazon SageMaker AI MLflow API activity. | **SageMaker MLflow** | `AWS::SageMaker::MlflowTrackingServer` | 
| AWS Signer | Signer API activity on signing jobs. | Signer signing job | AWS::Signer::SigningJob | 
| AWS Signer | Signer API activity on signing profiles. | Signer signing profile | AWS::Signer::SigningProfile | 
| Amazon Simple Email Service | Amazon Simple Email Service (Amazon SES) API activity on configuration sets. | SES configuration set | AWS::SES::ConfigurationSet | 
| Amazon Simple Email Service | Amazon Simple Email Service (Amazon SES) API activity on email identities. | SES identity | AWS::SES::EmailIdentity | 
| Amazon Simple Email Service | Amazon Simple Email Service (Amazon SES) API activity on templates. | SES template | AWS::SES::Template | 
| Amazon SimpleDB | Amazon SimpleDB API activity on domains. | SimpleDB domain | AWS::SDB::Domain | 
| AWS Step Functions | [Step Functions API activity](https://docs.aws.amazon.com/step-functions/latest/dg/procedure-cloud-trail.html#cloudtrail-data-events) on activities.  | Step Functions | AWS::StepFunctions::Activity | 
| AWS Step Functions | [Step Functions API activity](https://docs.aws.amazon.com/step-functions/latest/dg/procedure-cloud-trail.html#cloudtrail-data-events) on state machines.  | Step Functions state machine | AWS::StepFunctions::StateMachine | 
| AWS Systems Manager | [Systems Manager API activity](https://docs.aws.amazon.com/systems-manager/latest/userguide/monitoring-cloudtrail-logs.html#cloudtrail-data-events) on control channels. | Systems Manager | AWS::SSMMessages::ControlChannel | 
| AWS Systems Manager | Systems Manager API activity on impact assessments. | SSM Impact Assessment  | AWS::SSM::ExecutionPreview | 
| AWS Systems Manager | [Systems Manager API activity](https://docs.aws.amazon.com/systems-manager/latest/userguide/monitoring-cloudtrail-logs.html#cloudtrail-data-events) on managed nodes. | Systems Manager managed node | AWS::SSM::ManagedNode | 
| Amazon Timestream | Amazon Timestream [https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_Query.html](https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_Query.html) API activity on databases. | Timestream database | AWS::Timestream::Database | 
| Amazon Timestream | Amazon Timestream API activity on regional endpoints. | Timestream regional endpoint | AWS::Timestream::RegionalEndpoint | 
| Amazon Timestream | Amazon Timestream [https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_Query.html](https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_Query.html) API activity on tables. | Timestream table | AWS::Timestream::Table | 
| Amazon Verified Permissions | Amazon Verified Permissions API activity on a policy store. | Amazon Verified Permissions | AWS::VerifiedPermissions::PolicyStore | 
| Amazon WorkSpaces Thin Client | WorkSpaces Thin Client API activity on a Device. | Thin Client Device | AWS::ThinClient::Device | 
| Amazon WorkSpaces Thin Client | WorkSpaces Thin Client API activity on an Environment. | Thin Client Environment | AWS::ThinClient::Environment | 
| AWS X-Ray | [X-Ray API activity](https://docs.aws.amazon.com/xray/latest/devguide/xray-api-cloudtrail.html#cloudtrail-data-events) on [traces](https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-traces). | X-Ray trace | AWS::XRay::Trace | 
| Amazon AIDevOps | AIDevOps API activity on agent spaces. | Agent Space | AWS::AIDevOps::AgentSpace | 
| Amazon AIDevOps | AIDevOps API activity on associations. | AIDevOps association | AWS::AIDevOps::Association | 
| Amazon AIDevOps | AIDevOps API activity on operator app teams. | AIDevOps operator app team | AWS::AIDevOps::OperatorAppTeam | 
| Amazon AIDevOps | AIDevOps API activity on pipeline metadata. | AIDevOps Pipelines Metadata | AWS::AIDevOps::PipelineMetadata | 
| Amazon AIDevOps | AIDevOps API activity on services. | AIDevOps service | AWS::AIDevOps::Service | 
| Amazon Bedrock | Bedrock API activity on advanced optimize prompt jobs. | AdvancedOptimizePromptJob | AWS::Bedrock::AdvancedOptimizePromptJob | 
| Amazon Bedrock AgentCore | Bedrock AgentCore API activity on evaluators. | Bedrock-AgentCore Evaluator | AWS::BedrockAgentCore::Evaluator | 
| Amazon Cost Optimization | CloudOptimization API activity on profiles. | CloudOptimization Profile | AWS::CloudOptimization::Profile | 
| Amazon Cost Optimization | CloudOptimization API activity on recommendations. | CloudOptimization Recommendation | AWS::CloudOptimization::Recommendation | 
| Amazon GuardDuty | GuardDuty API activity on malware scans. | GuardDuty malware scan | AWS::GuardDuty::MalwareScan | 
| Amazon NovaAct | Amazon NovaAct API activity on workflow definitions. | Workflow definition | AWS::NovaAct::WorkflowDefinition | 
| Amazon NovaAct | Amanzon NovaAct API activity on workflow runs. | Workflow run | AWS::NovaAct::WorkflowRun | 
| Amazon Redshift | Redshift API activity on clusters. | Amazon Redshift Cluster | AWS::Redshift::Cluster | 
| Amazon Support | SupportAccess API activity on tenants. | SupportAccess tenant | AWS::SupportAccess::Tenant | 
| Amazon Support | SupportAccess API activity on trusting accounts. | SupportAccess trusting account | AWS::SupportAccess::TrustingAccount | 
| Amazon Support | SupportAccess API activity on trusting roles. | SupportAccess trusting role | AWS::SupportAccess::TrustingRole | 
| Amazon Transform | Transform API activity on agent instances. | Transform agent instance | AWS::Transform::AgentInstance | 
| Amazon Transform Custom | Transform Custom API activity on campaigns. | Transform-Custom campaign | AWS::TransformCustom::Campaign | 
| Amazon Transform Custom | Transform Custom API activity on conversations. | Transform-Custom conversation | AWS::TransformCustom::Conversation | 
| Amazon Transform Custom | Transform Custom API activity on knowledge items. | Transform-Custom knowledge item | AWS::TransformCustom::KnowledgeItem | 
| Amazon Transform Custom | Transform Custom API activity on packages. | Transform-Custom package | AWS::TransformCustom::Package | 

Data events are not logged by default when you create a trail or event data store. To record CloudTrail data events, you must explicitly add each resource type for which you want to collect activity. For more information about logging data events, see [Logging data events](logging-data-events-with-cloudtrail.md).

Additional charges apply for logging data events. For CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

### Network activity events
<a name="cloudtrail-concepts-network-events"></a>

CloudTrail network activity events enable VPC endpoint owners to record AWS API calls made using their VPC endpoints from a private VPC to the AWS service. Network activity events provide visibility into the resource operations performed within a VPC.

You can log network activity events for the following services:
+ AWS AppConfig
+ AWS App Mesh
+ Amazon Athena
+ AWS B2B Data Interchange
+ AWS Backup gateway
+ Amazon Bedrock
+ Billing and Cost Management
+ AWS Pricing Calculator
+ AWS Cost Explorer
+ AWS Cloud Control API
+ AWS CloudHSM
+ AWS Cloud Map
+ AWS CloudFormation
+ AWS CloudTrail
+ Amazon CloudWatch
+ CloudWatch Application Signals
+ AWS CodeDeploy
+ Amazon Comprehend Medical
+ AWS Config
+ AWS Data Exports
+ Amazon Data Firehose
+ AWS Directory Service
+ Amazon DynamoDB
+ Amazon EC2
+ Amazon Elastic Container Service
+ Amazon Elastic File System
+ Elastic Load Balancing
+ Amazon EventBridge
+ Amazon EventBridge Scheduler
+ Amazon Fraud Detector
+ AWS Free Tier
+ Amazon FSx
+ AWS Glue
+ AWS HealthLake
+ AWS IoT FleetWise
+ AWS IoT Secure Tunneling
+ AWS Invoicing
+ Amazon Keyspaces (for Apache Cassandra)
+ AWS KMS
+ AWS Lake Formation
+ AWS Lambda
+ AWS License Manager
+ Amazon Lookout for Equipment
+ Amazon Lookout for Vision
+ Amazon Personalize
+ Amazon Q Business
+ Amazon Rekognition
+ Amazon Relational Database Service
+ Amazon S3
**Note**  
Amazon S3 [Multi-Region Access Points](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPointRequests.html) are not supported.
+ Amazon SageMaker AI
+ AWS Secrets Manager
+ Amazon Simple Notification Service
+ Amazon Simple Queue Service
+ Amazon Simple Workflow Service
+ AWS Storage Gateway
+ AWS Systems Manager Incident Manager
+ Amazon Textract
+ Amazon Transcribe
+ Amazon Translate
+ AWS Transform
+ Amazon Verified Permissions
+ Amazon WorkMail

Network activity events are not logged by default when you create a trail or event data store. To record CloudTrail network activity events, you must explicitly set the event source for which you want to collect activity. For more information, see [Logging network activity events](logging-network-events-with-cloudtrail.md).

Additional charges apply for logging network activity events. For CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

### Insights events
<a name="cloudtrail-concepts-insights-events"></a>

CloudTrail Insights events capture unusual API call rate or error rate activity in your AWS account by analyzing CloudTrail management activity. Insights events provide relevant information, such as the associated API, error code, incident time, and statistics, that help you understand and act on unusual activity. Unlike other types of events captured in a CloudTrail trail or event data store, Insights events are logged only when CloudTrail detects changes in your account's API usage or error rate logging that differ significantly from the account's typical usage patterns. For more information, see [Working with CloudTrail Insights](logging-insights-events-with-cloudtrail.md).

Examples of activity that might generate Insights events include:
+ Your account typically logs no more than 20 Amazon S3 `deleteBucket` API calls per minute, but your account starts to log an average of 100 `deleteBucket` API calls per minute. An Insights event is logged at the start of the unusual activity, and another Insights event is logged to mark the end of the unusual activity.
+ Your account typically logs 20 calls per minute to the Amazon EC2 `AuthorizeSecurityGroupIngress` API, but your account starts to log zero calls to `AuthorizeSecurityGroupIngress`. An Insights event is logged at the start of the unusual activity, and ten minutes later, when the unusual activity ends, another Insights event is logged to mark the end of the unusual activity.
+ Your account typically logs less than one `AccessDeniedException` error in a seven-day period on the AWS Identity and Access Management API, `DeleteInstanceProfile`. Your account starts to log an average of 12 `AccessDeniedException` errors per minute on the `DeleteInstanceProfile` API call. An Insights event is logged at the start of the unusual error rate activity, and another Insights event is logged to mark the end of the unusual activity.

These examples are provided for illustration purposes only. Your results may vary depending on your use case.

To log CloudTrail Insights events, you must explicitly enable Insights events on a new or existing trail or event data store. For more information about creating a trail, see [Creating a trail with the CloudTrail console](cloudtrail-create-a-trail-using-the-console-first-time.md). For more information about creating an event data store, see [Create an event data store for Insights events with the console](query-event-data-store-insights.md).

Additional charges apply for Insights events. You will be charged separately if you enable Insights for both trails and event data stores. For more information, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

## Event history
<a name="cloudtrail-concepts-event-history"></a>

CloudTrail event history provides a viewable, searchable, downloadable, and immutable record of the past 90 days of CloudTrail management events in an AWS Region. You can use this history to gain visibility into actions taken in your AWS account in the AWS Management Console, AWS SDKs, command line tools, and other AWS services. You can customize your view of event history in the CloudTrail console by selecting which columns are displayed. For more information, see [Working with CloudTrail event history](view-cloudtrail-events.md).

## Trails
<a name="cloudtrail-concepts-trails"></a>

A trail is a configuration that enables delivery of CloudTrail events to an S3 bucket, with optional delivery to [CloudWatch Logs](send-cloudtrail-events-to-cloudwatch-logs.md) and [Amazon EventBridge](cloudtrail-aws-service-specific-topics.md#cloudtrail-aws-service-specific-topics-eventbridge). You can use a trail to choose the CloudTrail events you want delivered, encrypt your CloudTrail event log files with an AWS KMS key, and set up Amazon SNS notifications for log file delivery. For more information about how to create and manage a trail, see [Creating a trail for your AWS account](cloudtrail-create-and-update-a-trail.md).

### Multi-Region and single-Region trails
<a name="cloudtrail-concepts-regional-and-global-services"></a>

You can create both multi-Region and single-Region trails for your AWS account.

**Multi-Region trails**  
When you create a multi-Region trail, CloudTrail records events in all AWS Regions that are [enabled](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html#manage-acct-regions-enable-standalone) in your AWS account and delivers the CloudTrail event log files to an S3 bucket that you specify. As a best practice, we recommend creating a multi-Region trail because it captures activity in all enabled Regions. All trails created using the CloudTrail console are multi-Region trails. You can convert a single-Region trail to a multi-Region trail by using the AWS CLI. For more information, see [Understanding multi-Region trails and opt-in Regions](cloudtrail-multi-region-trails.md), [Creating a trail with the console](cloudtrail-create-a-trail-using-the-console-first-time.md#creating-a-trail-in-the-console), and [Converting a single-Region trail to a multi-Region trail](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-update-trail.md#cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-examples-convert).

**Single-Region trails**  
When you create a single-Region trail, CloudTrail records the events in that Region only. It then delivers the CloudTrail event log files to an Amazon S3 bucket that you specify. You can only create a single-Region trail by using the AWS CLI. If you create additional single trails, you can have those trails deliver CloudTrail event log files to the same S3 bucket or to separate buckets. This is the default option when you create a trail using the AWS CLI or the CloudTrail API. For more information, see [Creating, updating, and managing trails with the AWS CLI](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli.md).

**Note**  
For both types of trails, you can specify an Amazon S3 bucket from any Region.

A multi-Region trail has the following advantages:
+ The configuration settings for the trail apply consistently across all [enabled](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html) AWS Regions.
+ You receive CloudTrail events from all enabled AWS Regions in a single Amazon S3 bucket and, optionally, in a CloudWatch Logs log group.
+ You manage trail configurations for all enabled AWS Regions from one location. 

Creating a multi-Region trail, has the following effects:
+ CloudTrail delivers log files for account activity from all [enabled](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html) AWS Regions to the single Amazon S3 bucket that you specify, and, optionally, to a CloudWatch Logs log group.
+ If you configured an Amazon SNS topic for the trail, SNS notifications about log file deliveries in all enabled AWS Regions are sent to that single SNS topic.
+ You can see the multi-Region trail in all enabled AWS Regions, but you can only modify the trail in the home Region where it was created.

Regardless of whether a trail is multi-Region or single-Region, events sent to Amazon EventBridge are received in each Region's [event bus](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-bus.html), rather than in one single event bus.

#### Multiple trails per Region
<a name="cloudtrail-concepts-trails-multiple-trails-per-region"></a>

If you have different but related user groups, such as developers, security personnel, and IT auditors, you can create multiple trails per Region. This allows each group to receive its own copy of the log files. 

CloudTrail supports five trails per Region. A multi-Region trail counts as one trail per Region.

The following is an example of a Region with five trails:
+ You create two trails in the US West (N. California) Region that apply to this Region only.
+ You create two more multi-Region trails in US West (N. California) Region.
+ You create another multi-Region trail in the Asia Pacific (Sydney) Region. This trail also exists as a trail in the US West (N. California) Region.

You can view a list of trails in an AWS Region in the **Trails** page of the CloudTrail console. For more information, see [Updating a trail with the CloudTrail console](cloudtrail-update-a-trail-console.md). For CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

## Organization trails
<a name="cloudtrail-concepts-trails-org"></a>

An organization trail is a configuration that enables delivery of CloudTrail events in the management account and all member accounts in an AWS Organizations organization to the same Amazon S3 bucket, CloudWatch Logs, and Amazon EventBridge. Creating an organization trail helps you define a uniform event logging strategy for your organization. 

All organization trails created using the console are multi-Region organization trails that log events from the [enabled](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html#manage-acct-regions-enable-organization) AWS Regions in each member account in the organization. To log events in all AWS partitions in your organization, create a multi-Region organization trail in each partition. You can create either a single-Region or multi-Region organization trail by using the AWS CLI. If you create a single-Region trail, you log activity only in the trail's AWS Region (also referred to as the *Home* Region).

Although most AWS Regions are enabled by default for your AWS account, you must manually enable certain Regions (also referred to as *opt-in Regions*). For information about which Regions are enabled by default, see [Considerations before enabling and disabling Regions](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html#manage-acct-regions-considerations) in the *AWS Account Management Reference Guide*. For the list of Regions CloudTrail supports, see [CloudTrail supported Regions](cloudtrail-supported-regions.md). 

When you create an organization trail, a copy of the trail with the name that you give it is created in the member accounts that belongs to your organization.
+ If the organization trail is for a **single-Region** and the trail's home Region **is not an opt-in Region**, a copy of the trail is created in the organization trail's home Region in each member account.
+ If the organization trail is for a **single-Region** and the trail's home Region **is an opt-in Region**, a copy of the trail is created in the organization trail's home Region in the member accounts that have enabled that Region.
+ If the organization trail is **multi-Region** and the trail's home Region **is** **not an opt-in Region**, a copy of the trail is created in each enabled AWS Region in each member account. When a member account enables an opt-in Region, a copy of the multi-Region trail is created in the newly opted in Region for the member account after activation of that Region is complete.
+ If the organization trail is **multi-Region** and the home Region **is** **an opt-in Region**, member accounts will not send activity to the organization trail unless they opt into the AWS Region where the multi-Region trail was created. For example, if you create a multi-Region trail and choose the Europe (Spain) Region as the home Region for the trail, only member accounts that enabled the Europe (Spain) Region for their account will send their account activity to the organization trail.

**Note**  
CloudTrail creates organization trails in member accounts even if a resource validation fails. Examples of validation failures include:  
an incorrect Amazon S3 bucket policy
an incorrect Amazon SNS topic policy
inability to deliver to a CloudWatch Logs log group
insufficient permission to encrypt using a KMS key
A member account with CloudTrail permissions can see any validation failures for an organization trail by viewing the trail's details page on the CloudTrail console, or by running the AWS CLI [https://docs.aws.amazon.com/cli/latest/reference/cloudtrail/get-trail-status.html](https://docs.aws.amazon.com/cli/latest/reference/cloudtrail/get-trail-status.html) command.

Users with CloudTrail permissions in member accounts will be able to see organization trails (including the trail ARN) when they log into the CloudTrail console from their AWS accounts, or when they run AWS CLI commands such as `describe-trails` (although member accounts must use the ARN for the organization trail, and not the name, when using the AWS CLI). However, users in member accounts will not have sufficient permissions to delete organization trails, turn logging on or off, change what types of events are logged, or otherwise alter organization trails in any way. For more information about AWS Organizations, see [Organizations Terminology and Concepts](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html). For more information about creating and working with organization trails, see [Creating a trail for an organization](creating-trail-organization.md).

## CloudTrail Lake and event data stores
<a name="cloudtrail-concepts-lake"></a>

CloudTrail Lake lets you run fine-grained SQL-based queries on your events, and log events from sources outside AWS, including from your own applications, and from partners who are integrated with CloudTrail. You do not need to have a trail configured in your account to use CloudTrail Lake. 

Events are aggregated into event data stores, which are immutable collections of events based on criteria that you select by applying [advanced event selectors](logging-data-events-with-cloudtrail.md#creating-data-event-selectors-advanced). You can keep the event data in an event data store for up to 3,653 days (about 10 years) if you choose the **One-year extendable retention pricing** option, or up to 2,557 days (about 7 years) if you choose the **Seven-year retention pricing** option. You can save Lake queries for future use, and view results of queries for up to seven days. You can also save query results to an S3 bucket. CloudTrail Lake can also store events from an organization in AWS Organizations in an event data store, or events from multiple Regions and accounts. CloudTrail Lake is part of an auditing solution that helps you perform security investigations and troubleshooting. For more information, see [Working with AWS CloudTrail Lake](cloudtrail-lake.md) and [CloudTrail Lake concepts and terminology](cloudtrail-lake-concepts.md).

## CloudTrail Insights
<a name="understanding-insight-selectors"></a>

CloudTrail Insights help AWS users identify and respond to unusual volumes of API calls or errors logged on API calls by continuously analyzing CloudTrail management events. An Insights event is a record of unusual levels of `write` management API activity, or unusual levels of errors returned on management API activity. By default, trails and event data stores don't log CloudTrail Insights events. In the console, you can choose to log Insights events when you create or update a trail or event data store. When you use the CloudTrail API, you can log Insights events by editing the settings of an existing trail or event data store with the [https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutInsightSelectors.html](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutInsightSelectors.html) API. Additional charges apply for logging CloudTrail Insights events. You will be charged separately if you enable Insights for both trails and event data stores. For more information, see [Working with CloudTrail Insights](logging-insights-events-with-cloudtrail.md) and [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

## Tags
<a name="cloudtrail-concepts-tags"></a>

A tag is a customer-defined key and optional value that can be assigned to AWS resources, such as CloudTrail trails, event data stores, and channels, S3 buckets used to store CloudTrail log files, AWS Organizations organizations and organizational units, and many more. By adding the same tags to trails and to the S3 buckets you use to store log files for trails, you can make it easier to manage, search for, and filter these resources with [AWS Resource Groups](https://docs.aws.amazon.com/ARG/latest/userguide/). You can implement tagging strategies to help you consistently, effectively, and easily find and manage your resources. For more information, see [Best Practices for Tagging AWS Resources](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/tagging-best-practices.html).

## AWS Security Token Service and CloudTrail
<a name="cloudtrail-concepts-sts-regionalization"></a>

AWS Security Token Service (AWS STS) is a service that has a global endpoint and also supports Region-specific endpoints. An endpoint is a URL that is the entry point for web service requests. For example, `https://cloudtrail.us-west-2.amazonaws.com` is the US West (Oregon) regional entry point for the AWS CloudTrail service. Regional endpoints help reduce latency in your applications. 

When you use an AWS STS Region-specific endpoint, the trail in that Region delivers only the AWS STS events that occur in that Region. For example, if you are using the endpoint `sts.us-west-2.amazonaws.com`, the trail in us-west-2 delivers only the AWS STS events that originate from us-west-2. For more information about AWS STS regional endpoints, see [Activating and Deactivating AWS STS in an AWS Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the *IAM User Guide*.

For a complete list of AWS regional endpoints, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html) in the *AWS General Reference*. For details about events from the global AWS STS endpoint, see [Global service events](#cloudtrail-concepts-global-service-events).

## Global service events
<a name="cloudtrail-concepts-global-service-events"></a>

**Important**  
As of November 22, 2021, AWS CloudTrail changed how trails capture global service events. Now, events created by Amazon CloudFront, AWS Identity and Access Management, and AWS STS are recorded in the Region in which they were created, the US East (N. Virginia) Region, us-east-1. This makes how CloudTrail treats these services consistent with that of other AWS global services. To continue receiving global service events outside of US East (N. Virginia), be sure to convert *single-Region trails* using global service events outside of US East (N. Virginia) into *multi-Region trails*. For more information about capturing global service events, see [Enabling and disabling global service event logging](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-update-trail.md#cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-examples-gses) later in this section.  
 In contrast, the **Event history** in the CloudTrail console and the **aws cloudtrail lookup-events** command will show these events in the AWS Region where they occurred.

For most services, events are recorded in the Region where the action occurred. For global services such as AWS Identity and Access Management (IAM), AWS STS, and Amazon CloudFront, events are delivered to any trail that includes global services.

For most global services, events are logged as occurring in US East (N. Virginia) Region, but some global service events are logged as occurring in other Regions, such as US East (Ohio) Region or US West (Oregon) Region.

To avoid receiving duplicate global service events, remember the following:
+ Global service events are delivered by default to trails that are created using the CloudTrail console. Events are delivered to the bucket for the trail.
+ If you have multiple single Region trails, consider configuring your trails so that global service events are delivered in only one of the trails. For more information, see [Enabling and disabling global service event logging](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-update-trail.md#cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-examples-gses). 
+ If you convert a multi-Region trail to a single-Region trail, global service event logging is turned off automatically for that trail. Similarly, if you convert a single-Region trail to a multi-Region trail, global service event logging is turned on automatically for that trail. 

  For more information about changing global service event logging for a trail, see [Enabling and disabling global service event logging](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-update-trail.md#cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-examples-gses).

**Example:**

1. You create a trail in the CloudTrail console. By default, this trail logs global service events.

1. You have multiple single Region trails.

1. You do not need to include global services for the single Region trails. Global service events are delivered for the first trail. For more information, see [Creating, updating, and managing trails with the AWS CLI](cloudtrail-create-and-update-a-trail-by-using-the-aws-cli.md).

**Note**  
When you create or update a trail with the AWS CLI, AWS SDKs, or CloudTrail API, you can specify whether to include or exclude global service events for trails. You cannot configure global service event logging from the CloudTrail console.

# CloudTrail supported Regions
<a name="cloudtrail-supported-regions"></a>

**Note**  
For information about Regions supported by CloudTrail Lake, see [CloudTrail Lake supported Regions](cloudtrail-lake-supported-regions.md).  
For information about data plane endpoints, see [Data plane endpoints](https://docs.aws.amazon.com/general/latest/gr/ct.html#ct_region_data_plane) in the *AWS General Reference*.


****  

| Region name | Region | Control plane endpoint | Protocol | Support date | 
| --- | --- | --- | --- | --- | 
| US East (N. Virginia) | us-east-1 | cloudtrail.us-east-1.amazonaws.com | HTTPS | 11/13/2013 | 
| US East (Ohio) | us-east-2 | cloudtrail.us-east-2.amazonaws.com | HTTPS | 10/17/2016 | 
| US West (N. California) | us-west-1 | cloudtrail.us-west-1.amazonaws.com | HTTPS | 05/13/2014 | 
| US West (Oregon) | us-west-2 | cloudtrail.us-west-2.amazonaws.com | HTTPS | 11/13/2013 | 
| Africa (Cape Town) | af-south-1 | cloudtrail.af-south-1.amazonaws.com | HTTPS | 04/22/2020 | 
| Asia Pacific (Hong Kong) | ap-east-1 | cloudtrail.ap-east-1.amazonaws.com | HTTPS | 04/24/2019 | 
| Asia Pacific (Hyderabad) | ap-south-2 | cloudtrail.ap-south-2.amazonaws.com | HTTPS | 11/22/2022 | 
| Asia Pacific (Jakarta) | ap-southeast-3 | cloudtrail.ap-southeast-3.amazonaws.com | HTTPS | 12/13/2021 | 
| Asia Pacific (Malaysia) | ap-southeast-5 | cloudtrail.ap-southeast-5.amazonaws.com | HTTPS | 08/22/2024 | 
| Asia Pacific (Melbourne) | ap-southeast-4 | cloudtrail.ap-southeast-4.amazonaws.com | HTTPS | 01/23/2023 | 
| Asia Pacific (Mumbai) | ap-south-1 | cloudtrail.ap-south-1.amazonaws.com | HTTPS | 06/27/2016 | 
| Asia Pacific (Osaka) | ap-northeast-3 | cloudtrail.ap-northeast-3.amazonaws.com | HTTPS | 02/12/2018 | 
| Asia Pacific (Seoul) | ap-northeast-2 | cloudtrail.ap-northeast-2.amazonaws.com | HTTPS | 01/06/2016 | 
| Asia Pacific (Singapore) | ap-southeast-1 | cloudtrail.ap-southeast-1.amazonaws.com | HTTPS | 06/30/2014 | 
| Asia Pacific (Sydney) | ap-southeast-2 | cloudtrail.ap-southeast-2.amazonaws.com | HTTPS | 05/13/2014 | 
| Asia Pacific (Thailand) | ap-southeast-7 | cloudtrail.ap-southeast-7.amazonaws.com | HTTPS | 01/07/2025 | 
| Asia Pacific (Tokyo) | ap-northeast-1 | cloudtrail.ap-northeast-1.amazonaws.com | HTTPS | 06/30/2014 | 
| Canada (Central) | ca-central-1 | cloudtrail.ca-central-1.amazonaws.com | HTTPS | 12/08/2016 | 
| Canada West (Calgary) | ca-west-1 | cloudtrail.ca-west-1.amazonaws.com | HTTPS | 12/20/2023 | 
| China (Beijing) | cn-north-1 | cloudtrail---cn-north-1.amazonaws.com.rproxy.goskope.com.cn | HTTPS | 03/01/2014 | 
| China (Ningxia) | cn-northwest-1 | cloudtrail---cn-northwest-1.amazonaws.com.rproxy.goskope.com.cn | HTTPS | 12/11/2017 | 
| Europe (Frankfurt) | eu-central-1 | cloudtrail.eu-central-1.amazonaws.com | HTTPS | 10/23/2014 | 
| Europe (Ireland) | eu-west-1 | cloudtrail.eu-west-1.amazonaws.com | HTTPS | 05/13/2014 | 
| Europe (London) | eu-west-2 | cloudtrail.eu-west-2.amazonaws.com | HTTPS | 12/13/2016 | 
| Europe (Milan) | eu-south-1 | cloudtrail.eu-south-1.amazonaws.com | HTTPS | 04/27/2020 | 
| Europe (Paris) | eu-west-3 | cloudtrail.eu-west-3.amazonaws.com | HTTPS | 12/18/2017 | 
| Europe (Spain) | eu-south-2 | cloudtrail.eu-south-2.amazonaws.com | HTTPS | 11/16/2022 | 
| Europe (Stockholm) | eu-north-1 | cloudtrail.eu-north-1.amazonaws.com | HTTPS | 12/11/2018 | 
| Europe (Zurich) | eu-central-2 | cloudtrail.eu-central-2.amazonaws.com | HTTPS | 11/09/2022 | 
| Israel (Tel Aviv) | il-central-1 | cloudtrail.il-central-1.amazonaws.com | HTTPS | 07/31/2023 | 
| Mexico (Central) | mx-central-1 | cloudtrail.mx-central-1.amazonaws.com | HTTPS | 01/13/2025 | 
| Middle East (Bahrain) | me-south-1 | cloudtrail.me-south-1.amazonaws.com | HTTPS | 07/29/2019 | 
| Middle East (UAE) | me-central-1 | cloudtrail.me-central-1.amazonaws.com | HTTPS | 08/30/2022 | 
| South America (São Paulo) | sa-east-1 | cloudtrail.sa-east-1.amazonaws.com | HTTPS | 06/30/2014 | 
| AWS GovCloud (US-East) | us-gov-east-1 | cloudtrail.us-gov-east-1.amazonaws.com | HTTPS | 11/12/2018 | 
| AWS GovCloud (US-West) | us-gov-west-1 | cloudtrail.us-gov-west-1.amazonaws.com | HTTPS | 08/16/2011 | 

For more information about using CloudTrail in the AWS GovCloud (US) Regions, see [Service Endpoints](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html) in the *AWS GovCloud (US) User Guide*. 

For more information about using CloudTrail in the China (Beijing) Region, see [Endpoints and ARNs for AWS in China](https://docs.amazonaws.cn/en_us/aws/latest/userguide/endpoints-arns.html#cnnorth_region) in the *Amazon Web Services General Reference*.

# CloudTrail supported services and integrations
<a name="cloudtrail-aws-service-specific-topics"></a>

CloudTrail supports logging events for many AWS services. You can find the specifics for each supported service in that service's guide. For a list of service-specific topics, see [AWS service topics for CloudTrail](#cloudtrail-aws-service-specific-topics-list). In addition, some AWS services can be used to analyze and act upon data collected in CloudTrail logs.

**Note**  
To see the list of supported Regions for each service, see [Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html) in the *Amazon Web Services General Reference*.

**Topics**
+ [

## AWS service integrations with CloudTrail logs
](#cloudtrail-aws-service-specific-topics-integrations)
+ [

## CloudTrail integration with Amazon EventBridge
](#cloudtrail-aws-service-specific-topics-eventbridge)
+ [

## CloudTrail integration with AWS Organizations
](#cloudtrail-aws-service-specific-topics-organizations)
+ [

## CloudTrail integration with AWS Control Tower
](#cloudtrail-trail-integration-controltower)
+ [

## CloudTrail integration with Amazon Security Lake
](#cloudtrail-trail-integration-seclake)
+ [

## CloudTrail Lake integration with Amazon Athena
](#cloudtrail-lake-integration-athena)
+ [

## CloudTrail Lake integration with AWS Config
](#cloudtrail-lake-integration-config)
+ [

## CloudTrail Lake integration with AWS Audit Manager
](#cloudtrail-lake-integration-audit)
+ [

## AWS service topics for CloudTrail
](#cloudtrail-aws-service-specific-topics-list)
+ [

## CloudTrail unsupported services
](#cloudtrail-unsupported-aws-services)

## AWS service integrations with CloudTrail logs
<a name="cloudtrail-aws-service-specific-topics-integrations"></a>

**Note**  
You can also use CloudTrail Lake to query and analyze your events. CloudTrail Lake queries offer a deeper and more customizable view of events than simple key and value lookups in **Event history**, or running `LookupEvents`. CloudTrail Lake users can run complex Standard Query Language (SQL) queries across multiple fields in a CloudTrail event. For more information, see [Working with AWS CloudTrail Lake](cloudtrail-lake.md) and [Copying trail events to CloudTrail Lake](cloudtrail-copy-trail-to-lake.md).  
CloudTrail Lake event data stores and queries incur CloudTrail charges. For more information about CloudTrail Lake pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/).

You can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following topics.


****  

| AWS Service | Topic | Description | 
| --- | --- | --- | 
| Amazon Athena | [Querying AWS CloudTrail Logs](https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html) | Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity. For example, you can use queries to identify trends and further isolate activity by attribute, such as source IP address or user. You can automatically create tables for querying logs directly from the CloudTrail console, and use those tables to run queries in Athena. For more information, see [Creating a Table for CloudTrail Logs in the CloudTrail Console](https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#create-cloudtrail-table-ct) in the [Amazon Athena User Guide](https://docs.aws.amazon.com/athena/latest/ug/). Running queries in Amazon Athena incurs additional costs. For more information, see [Amazon Athena Pricing.](https://aws.amazon.com/athena/pricing/) | 
| Amazon CloudWatch Logs | [Monitoring CloudTrail Log Files with Amazon CloudWatch Logs](monitor-cloudtrail-log-files-with-cloudwatch-logs.md) | You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs. For example, you can define CloudWatch Logs metric filters that will trigger CloudWatch alarms and send notifications to you when those alarms are triggered.   Standard pricing for Amazon CloudWatch and Amazon CloudWatch Logs applies. For more information, see [Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/).   | 

## CloudTrail integration with Amazon EventBridge
<a name="cloudtrail-aws-service-specific-topics-eventbridge"></a>

Amazon EventBridge is an AWS service that delivers a near real-time stream of system events that describe changes in AWS resources. In EventBridge, you can create rules that responds to events recorded by CloudTrail. For more information, see [ Create a rule in Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-get-started.html#eb-gs-create-rule).

You can deliver events that you are subscribed to on your trail to EventBridge by creating a rule with the EventBridge console.

From the EventBridge console:
+ Choose the `AWS API Call via CloudTrail` detail-type to deliver CloudTrail data and management events with an `eventType` of `AwsApiCall`. To record events with a detail-type value of `AWS API Call via CloudTrail`, you must have a trail that is currently logging management or data events.
+ Choose the `AWS Console Sign In via CloudTrail` detail-type to deliver [AWS Management Console sign-in events](cloudtrail-event-reference-aws-console-sign-in-events.md). To record events with a detail-type of `AWS Console Sign In via CloudTrail`, you must have a trail that is currently logging management events. 
+ Choose the `AWS Insight via CloudTrail` detail-type to deliver Insights events. To record events with a detail-type value of `AWS Insight via CloudTrail`, you must have a trail that is currently logging Insights events. For information about logging Insights events, see [Working with CloudTrail Insights](logging-insights-events-with-cloudtrail.md).

For more information about how to create a trail, see [Creating a trail with the CloudTrail console](cloudtrail-create-a-trail-using-the-console-first-time.md). 

## CloudTrail integration with AWS Organizations
<a name="cloudtrail-aws-service-specific-topics-organizations"></a>

The management account for an AWS Organizations organization can add a [delegated administrator](cloudtrail-delegated-administrator.md) to manage the organization's CloudTrail resources. You can create an organization trail or organization event data store in the management account or delegated administrator account for an organization that collects all event data for all AWS accounts in an organization in AWS Organizations. Creating an [organization trail](creating-trail-organization.md) or [organization event data store](cloudtrail-lake-organizations.md) helps you define a uniform event logging strategy for your organization.

## CloudTrail integration with AWS Control Tower
<a name="cloudtrail-trail-integration-controltower"></a>

AWS Control Tower sets up a new CloudTrail organization trail logging management events when you set up a landing zone. When you enroll an account into AWS Control Tower, your account is governed by the organization trail for the AWS Control Tower organization. If you have an existing organization trail in that account, you may see duplicate charges unless you delete the existing trail for the account before you enroll it in AWS Control Tower. You can view the **Trails** page on the CloudTrail console to see whether any organization trails have been created. For more information about AWS Control Tower, see [About logging in AWS Control Tower](https://docs.aws.amazon.com/controltower/latest/userguide/about-logging.html) in the *AWS CloudTrail User Guide*.

## CloudTrail integration with Amazon Security Lake
<a name="cloudtrail-trail-integration-seclake"></a>

Security Lake can collect logs associated with CloudTrail management events and CloudTrail data events for S3 and Lambda. For more information, see [CloudTrail event logs](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html#cloudtrail-event-logs) in the *Amazon Security Lake User Guide*.

To collect CloudTrail management events in Security Lake, you must have at least one CloudTrail multi-Region organization trail that collects read and write CloudTrail management events. 

## CloudTrail Lake integration with Amazon Athena
<a name="cloudtrail-lake-integration-athena"></a>

You can federate an event data store to see the metadata associated with the event data store in the AWS Glue [Data Catalog](https://docs.aws.amazon.com/glue/latest/dg/components-overview.html#data-catalog-intro) and run SQL queries on the event data using Amazon Athena. The table metadata stored in the AWS Glue Data Catalog lets the Athena query engine know how to find, read, and process the data that you want to query. For more information, see [Federate an event data store](query-federation.md).

## CloudTrail Lake integration with AWS Config
<a name="cloudtrail-lake-integration-config"></a>

You can create an event data store to include [AWS Config configuration items](https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-items), and use the event data store to investigate non-compliant changes to your production environments. For more information, see [Create an event data store for configuration items with the console](query-event-data-store-config.md).

## CloudTrail Lake integration with AWS Audit Manager
<a name="cloudtrail-lake-integration-audit"></a>

You can create an event data store for AWS Audit Manager evidence by using the Audit Manager console. For more information about aggregating evidence in CloudTrail Lake using Audit Manager, see [Understanding how evidence finder works with CloudTrail Lake](https://docs.aws.amazon.com/audit-manager/latest/userguide/evidence-finder.html#understanding-evidence-finder) in the *AWS Audit Manager User Guide*.

## AWS service topics for CloudTrail
<a name="cloudtrail-aws-service-specific-topics-list"></a>

You can learn more about how the events for individual AWS services are recorded in CloudTrail logs, including example events for that service in log files. For more information about how specific AWS services integrate with CloudTrail, see the topic about integration in the individual guide for that service.

Services that are still in preview, or not yet released for general availability (GA), or which don't have public APIs, are not considered supported.

**Note**  
To see the list of supported Regions for each service, see [Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html) in the *Amazon Web Services General Reference*.  
For information about which services log data events, see [Data events](logging-data-events-with-cloudtrail.md#logging-data-events).


| AWS Service | CloudTrail Topics | Support began | 
| --- | --- | --- | 
| Amazon API Gateway | [Log API management calls to Amazon API Gateway Using AWS CloudTrail](https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html) | 07/09/2015 | 
| Amazon AppFlow | [Logging Amazon AppFlow API calls with AWS CloudTrail](https://docs.aws.amazon.com/appflow/latest/userguide/appflow-cloudtrail-logs.html) | 04/22/2020 | 
| Amazon WorkSpaces Applications | [Logging Amazon WorkSpaces Applications API Calls with AWS CloudTrail](https://docs.aws.amazon.com/appstream2/latest/developerguide/logging-using-cloudtrail.html) | 04/25/2019 | 
| Amazon Athena | [Logging Amazon Athena API Calls with AWS CloudTrail](https://docs.aws.amazon.com/athena/latest/ug/monitor-with-cloudtrail.html) | 05/19/2017 | 
| Amazon Aurora | [Monitoring Amazon Aurora API calls in AWS CloudTrail](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail.html) | 08/31/2018 | 
| Amazon Bedrock | [Log Amazon Bedrock API calls using AWS CloudTrail](https://docs.aws.amazon.com/bedrock/latest/userguide/logging-using-cloudtrail.html) | 10/23/2023 | 
| Amazon Braket | [Amazon Braket API logging with CloudTrail](https://docs.aws.amazon.com/braket/latest/developerguide/braket-ctlogs.html) | 08/12/2020 | 
| Amazon Chime | [Log Amazon Chime Administration Calls Using AWS CloudTrail](https://docs.aws.amazon.com/chime/latest/ag/cloudtrail.html) | 09/27/2017 | 
| Amazon Cloud Directory |  [Logging Cloud Directory API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/clouddirectory/latest/APIReference/cloudtrail_logging.html) | 01/26/2017 | 
| Amazon CloudFront | [Using AWS CloudTrail to Capture Requests Sent to the CloudFront API](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/logging_using_cloudtrail.html) | 05/28/2014 | 
| Amazon CloudSearch | [Logging Amazon CloudSearch Configuration Service Calls Using AWS CloudTrail](https://docs.aws.amazon.com/cloudsearch/latest/developerguide/logging-config-api-calls.html) | 10/16/2014 | 
| Amazon CloudWatch | [Logging Amazon CloudWatch API Calls in AWS CloudTrail](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/logging_cw_api_calls.html)  | 04/30/2014 | 
| Amazon CloudWatch Logs | [Logging Amazon CloudWatch Logs API Calls in AWS CloudTrail](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/logging_cw_api_calls_cwl.html) | 03/10/2016 | 
| Amazon CodeCatalyst | [Logging CodeCatalyst API calls in connected AWS accounts using AWS CloudTrail](https://docs.aws.amazon.com/codecatalyst/latest/userguide/ipa-logging-connections.html) | 12/01/2022 | 
| Amazon CodeGuru Reviewer | [Logging Amazon CodeGuru Reviewer API Calls with AWS CloudTrail](https://docs.aws.amazon.com/codeguru/latest/reviewer-ug/logging-using-cloudtrail.html) | 12/02/2019 | 
| Amazon Cognito | [Logging Amazon Cognito API Calls with AWS CloudTrail](https://docs.aws.amazon.com/cognito/latest/developerguide/logging-using-cloudtrail.html) | 02/18/2016 | 
| Amazon Comprehend | [Logging Amazon Comprehend API Calls with AWS CloudTrail](https://docs.aws.amazon.com/comprehend/latest/dg/logging-using-cloudtrail.html) | 01/17/2018 | 
| Amazon Comprehend Medical | [Logging Amazon Comprehend Medical API Calls by Using AWS CloudTrail](https://docs.aws.amazon.com/comprehend-medical/latest/dev/security-cloudtrail.html) | 11/27/2018 | 
| Amazon Connect | [Logging Amazon Connect API Calls with AWS CloudTrail](https://docs.aws.amazon.com/connect/latest/adminguide/logging-using-cloudtrail.html) | 12/11/2019 | 
| Amazon Data Firehose | [Monitoring Amazon Data Firehose API Calls with AWS CloudTrail](https://docs.aws.amazon.com/firehose/latest/dev/monitoring-using-cloudtrail.html) | 03/17/2016 | 
| Amazon Data Lifecycle Manager | [Logging Amazon Data Lifecycle Manager API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/dlm/latest/APIReference/logging-using-cloudtrail.html) | 07/24/2018 | 
| Amazon Detective | [Logging Amazon Detective API calls with AWS CloudTrail](https://docs.aws.amazon.com/detective/latest/adminguide/logging-using-cloudtrail.html) | 03/31/2020 | 
| Amazon DevOps Guru | [Logging Amazon DevOps Guru API calls with AWS CloudTrail](https://docs.aws.amazon.com/devops-guru/latest/userguide/logging-using-cloudtrail.html) | 05/04/2021 | 
| Amazon DocumentDB (with MongoDB compatibility) | [Logging Amazon DocumentDB API Calls with AWS CloudTrail](https://docs.aws.amazon.com/documentdb/latest/developerguide/logging-with-cloudtrail.html) | 01/09/2019 | 
| Amazon DynamoDB | [Logging DynamoDB Operations By Using AWS CloudTrail](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html) | 05/28/2015 | 
| Amazon EC2 | [Log Amazon EC2 API calls using AWS CloudTrail](https://docs.aws.amazon.com/ec2/latest/devguide/using-cloudtrail.html) | 11/13/2013 | 
| Amazon EC2 Auto Scaling | [Logging Auto Scaling API Calls By Using CloudTrail](https://docs.aws.amazon.com/autoscaling/ec2/userguide/logging-using-cloudtrail.html) | 07/16/2014 | 
| Amazon EC2 Capacity Blocks | [Logging Capacity Blocks API calls with AWS CloudTrail](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-blocks-monitor.html#capacity-blocks-logging-using-cloudtrail) | 10/31/2023 | 
| Amazon EC2 Image Builder | [Logging EC2 Image Builder API calls using CloudTrail](https://docs.aws.amazon.com/imagebuilder/latest/userguide/log-cloudtrail.html) | 12/02/2019 | 
|  Amazon Elastic Block Store (Amazon EBS) EBS direct APIs  |  [Logging API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/using-cloudtrail.html) [Log API Calls for the EBS direct APIs with AWS CloudTrail](https://docs.aws.amazon.com/ebs/latest/userguide/logging-ebs-apis-using-cloudtrail.html)  |  Amazon EBS: 11/13/2013 EBS direct APIs: 06/30/2020  | 
| Amazon Elastic Container Registry (Amazon ECR) | [ Logging Amazon ECR API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/AmazonECR/latest/userguide/logging-using-cloudtrail.html) | 12/21/2015 | 
| Amazon Elastic Container Service (Amazon ECS) | [ Logging Amazon ECS API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html) | 04/09/2015 | 
| Amazon Elastic File System (Amazon EFS) | [Logging Amazon EFS API Calls with AWS CloudTrail](https://docs.aws.amazon.com/efs/latest/ug/logging-using-cloudtrail.html) | 06/28/2016 | 
| Amazon Elastic Kubernetes Service (Amazon EKS) | [Logging Amazon EKS API Calls with AWS CloudTrail](https://docs.aws.amazon.com/eks/latest/userguide/logging-using-cloudtrail.html) | 06/05/2018 | 
| Amazon Elastic Transcoder | [Logging Amazon Elastic Transcoder API Calls with AWS CloudTrail](https://docs.aws.amazon.com/elastictranscoder/latest/developerguide/logging-using-cloudtrail.html) | 10/27/2014 | 
| Amazon ElastiCache | [Logging Amazon ElastiCache API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/logging-using-cloudtrail.html) | 09/15/2014 | 
| Amazon EMR | [Logging Amazon EMR API Calls using AWS CloudTrail](https://docs.aws.amazon.com/emr/latest/ManagementGuide/logging-using-cloudtrail.html) | 04/04/2014 | 
| Amazon EMR on EKS | [Logging Amazon EMR on EKS API calls using AWS CloudTrail](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/logging-using-cloudtrail.html) | 12/09/2020 | 
| Amazon EventBridge | [Logging Amazon EventBridge API calls using AWS CloudTrail](https://docs.aws.amazon.com/eventbridge/latest/userguide/logging-using-cloudtrail.html) | 07/11/2019 | 
| Amazon FinSpace | [Querying AWS CloudTrail logs](https://docs.aws.amazon.com/finspace/latest/userguide/logging-cloudtrail-events.html) | 10/18/2022 | 
| Amazon Forecast | [Logging Amazon Forecast API Calls with AWS CloudTrail](https://docs.aws.amazon.com/forecast/latest/dg/logging-using-cloudtrail.html) | 11/28/2018 | 
| Amazon Fraud Detector | [Logging Amazon Fraud Detector API Calls with AWS CloudTrail](https://docs.aws.amazon.com/frauddetector/latest/ug/logging-using-cloudtrail.html) | 01/09/2020 | 
| Amazon FSx for Lustre | [Logging Amazon FSx for Lustre API Calls with AWS CloudTrail](https://docs.aws.amazon.com/fsx/latest/LustreGuide/logging-using-cloudtrail.html) | 01/11/2019 | 
| Amazon FSx for Windows File Server | [Monitoring with AWS CloudTrail](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/logging-using-cloudtrail.html) | 11/28/2018 | 
| Amazon GameLift Servers | [Logging Amazon GameLift Servers API Calls with AWS CloudTrail](https://docs.aws.amazon.com/gamelift/latest/developerguide/logging-using-cloudtrail.html) | 01/27/2016 | 
| Amazon GameLift Streams | [Logging Amazon GameLift Streams API calls using AWS CloudTrail](https://docs.aws.amazon.com/gameliftstreams/latest/developerguide/logging-using-cloudtrail.html) | 03/05/2025 | 
| Amazon GuardDuty | [Logging Amazon GuardDuty API Calls with AWS CloudTrail](https://docs.aws.amazon.com/guardduty/latest/ug/logging-using-cloudtrail.html) | 02/12/2018 | 
| Amazon Inspector | [Logging Amazon Inspector API calls using AWS CloudTrail](https://docs.aws.amazon.com/inspector/latest/user/logging-using-cloudtrail.html) | 11/29/2021 | 
| Amazon Inspector Classic | [Logging Amazon Inspector Classic API calls with AWS CloudTrail](https://docs.aws.amazon.com/inspector/v1/userguide/logging-using-cloudtrail.html) | 04/20/2016 | 
| Amazon Inspector Scan | [Amazon Inspector Scan information in CloudTrail](https://docs.aws.amazon.com/inspector/latest/user/logging-using-cloudtrail.html#inspector-scan-in-cloudtrail) | 11/27/2023 | 
| Amazon Interactive Video Service | [Logging Amazon IVS API Calls with AWS CloudTrail](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/cloudtrail.html) | 07/15/2020 | 
| Amazon Kendra | [Logging Amazon Kendra API calls with AWS CloudTrail](https://docs.aws.amazon.com/kendra/latest/dg/cloudtrail.html) and [Logging Amazon Kendra Intelligent Ranking API calls with AWS CloudTrail logs](https://docs.aws.amazon.com/kendra/latest/dg/cloudtrail-intelligent-ranking.html) | 05/11/2020 | 
| Amazon Keyspaces (for Apache Cassandra) | [Logging Amazon Keyspaces API calls with AWS CloudTrail](https://docs.aws.amazon.com/keyspaces/latest/devguide/logging-using-cloudtrail.html) | 01/13/2020 | 
| Amazon Managed Service for Apache Flink | [Logging Managed Service for Apache Flink API calls with AWS CloudTrail](https://docs.aws.amazon.com/managed-flink/latest/java/logging-using-cloudtrail.html) | 03/22/2019 | 
| Amazon Kinesis Data Streams | [Logging Amazon Kinesis Data Streams API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/streams/latest/dev/logging-using-cloudtrail.html) | 04/25/2014 | 
| Amazon Kinesis Video Streams | [Logging Kinesis Video Streams API Calls with AWS CloudTrail](https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/monitoring-cloudtrail.html) | 05/24/2018 | 
| Amazon Lex | [Logging Amazon Lex API Calls with CloudTrail](https://docs.aws.amazon.com/lex/latest/dg/monitoring-aws-lex-cloudtrail.html)  | 08/15/2017 | 
| Amazon Lightsail | [Logging Lightsail API Calls with AWS CloudTrail](https://docs.aws.amazon.com/lightsail/latest/userguide/logging-lightsail-api-calls-using-aws-cloudtrail.html) | 12/23/2016 | 
| Amazon Location Service | [Logging and monitoring with AWS CloudTrail](https://docs.aws.amazon.com/location/latest/developerguide/logging-using-cloudtrail.html) | 12/15/2020 | 
| Amazon Lookout for Equipment | [Monitoring Amazon Lookout for Equipment](https://docs.aws.amazon.com/lookout-for-equipment/latest/ug/monitoring-overview.html) | 12/01/2020 | 
| Amazon Lookout for Metrics | [Viewing Amazon Lookout for Metrics API activity in AWS CloudTrail](https://docs.aws.amazon.com/lookoutmetrics/latest/dev/monitoring-cloudtrail.html) | 12/08/2020 | 
| Amazon Lookout for Vision | [Logging Amazon Lookout for Vision calls with AWS CloudTrail](https://docs.aws.amazon.com/lookout-for-vision/latest/developer-guide/logging-using-cloudtrail.html) | 12/01/2020 | 
| Amazon Machine Learning |  [Logging Amazon ML API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/machine-learning/latest/dg/logging-using-cloudtrail.html)  | 12/10/2015 | 
| Amazon Macie | [Log Amazon Macie API calls using AWS CloudTrail](https://docs.aws.amazon.com/macie/latest/user/macie-cloudtrail.html) | 05/13/2020 | 
| Amazon Managed Blockchain |  [Logging Amazon Managed Blockchain API calls using AWS CloudTrail](https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/logging-using-cloudtrail.html) [Logging Ethereum for Managed Blockchain API calls using AWS CloudTrail](https://docs.aws.amazon.com/managed-blockchain/latest/ethereum-dev/logging-using-cloudtrail.html) (Preview)  | 04/01/2019 | 
| Amazon Managed Grafana | [Logging Amazon Managed Grafana API calls using AWS CloudTrail](https://docs.aws.amazon.com/grafana/latest/userguide/logging-using-cloudtrail.html) | 12/15/2020 | 
| Amazon Managed Service for Prometheus | [Logging Amazon Managed Service for Prometheus API calls using AWS CloudTrail](https://docs.aws.amazon.com/prometheus/latest/userguide/logging-using-cloudtrail.html) | 12/15/2020 | 
| Amazon Managed Streaming for Apache Kafka | [Logging API Calls with AWS CloudTrail](https://docs.aws.amazon.com/msk/latest/developerguide/msk-logging.html#logging-using-cloudtrail) | 12/11/2018 | 
| Amazon Managed Workflows for Apache Airflow | [Viewing audit logs in AWS CloudTrail](https://docs.aws.amazon.com/mwaa/latest/userguide/monitoring-cloudtrail.html) | 11/24/2020 | 
| Amazon MemoryDB | [Logging Amazon MemoryDB API calls with AWS CloudTrail](https://docs.aws.amazon.com/memorydb/latest/devguide/logging-using-cloudtrail.html) | 08/19/2021 | 
| Amazon MQ | [Logging Amazon MQ API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/security-logging-monitoring-cloudtrail.html) | 07/19/2018 | 
| Amazon Neptune | [Logging Amazon Neptune API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/neptune/latest/userguide/cloudtrail.html) | 05/30/2018 | 
| Amazon One Enterprise | [Logging Amazon One Enterprise API calls using AWS CloudTrail](https://docs.aws.amazon.com/one-enterprise/latest/userguide/logging-using-cloudtrail.html) | 11/27/2023 | 
| Amazon OpenSearch Service | [Monitoring Amazon OpenSearch Service API calls with AWS CloudTrail](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-cloudtrailauditing.html) | 10/01/2015 | 
| Amazon Personalize | [Logging Amazon Personalize API Calls with AWS CloudTrail](https://docs.aws.amazon.com/personalize/latest/dg/logging-using-cloudtrail.html) | 11/28/2018 | 
| Amazon Pinpoint | [Logging Amazon Pinpoint API Calls with AWS CloudTrail](https://docs.aws.amazon.com/pinpoint/latest/developerguide/logging-using-cloudtrail.html) | 02/06/2018 | 
| Amazon Pinpoint SMS and Voice API | [Logging Amazon Pinpoint API Calls with AWS CloudTrail](https://docs.aws.amazon.com/pinpoint/latest/developerguide/logging-using-cloudtrail.html) | 11/16/2018 | 
| Amazon Polly | [Logging Amazon Polly API Calls with AWS CloudTrail](https://docs.aws.amazon.com/polly/latest/dg/logging-using-cloudtrail.html) | 11/30/2016 | 
| Amazon Q Business | [Logging Amazon Q Business API calls using AWS CloudTrail](https://docs.aws.amazon.com/amazonq/latest/business-use-dg/logging-using-cloudtrail.html) | 11/28/2023 | 
| Amazon Q Developer | [Logging Amazon Q Developer API calls using AWS CloudTrail](https://docs.aws.amazon.com/amazonq/latest/aws-builder-use-ug/logging-using-cloudtrail.html) | 11/28/2023 | 
| Amazon Quantum Ledger Database (Amazon QLDB) |  Logging Amazon QLDB API Calls with AWS CloudTrail  | 09/10/2019 | 
| Amazon Quick | [Logging Operations with CloudTrail](https://docs.aws.amazon.com/quick/latest/userguide/logging-using-cloudtrail.html) | 04/28/2017 | 
| Amazon Relational Database Service (Amazon RDS) | [Logging Amazon RDS API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/logging-using-cloudtrail.html) | 11/13/2013 | 
| Amazon RDS Performance Insights | [Logging Amazon RDS API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/logging-using-cloudtrail.html)The Amazon RDS Performance Insights API is a subset of the Amazon RDS API. | 06/21/2018 | 
| Amazon Redshift | [Logging Amazon Redshift API Calls with AWS CloudTrail](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#rs-db-auditing-cloud-trail) | 06/10/2014 | 
| Amazon Rekognition | [Logging Amazon Rekognition API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/rekognition/latest/dg/logging-using-cloudtrail.html) | 04/6/2018 | 
| Amazon Route 53 | [Using AWS CloudTrail to Capture Requests Sent to the Route 53 API](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/logging-using-cloudtrail.html) | 02/11/2015 | 
| Amazon Application Recovery Controller (ARC) | [Logging Amazon Application Recovery Controller (ARC) API calls using AWS CloudTrail](https://docs.aws.amazon.com/r53recovery/latest/dg/cloudtrail.html) | 07/27/2021 | 
| Amazon S3 | [Logging Amazon S3 API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging.html) |  Management events: 09/01/2015 Data events: 11/21/2016  | 
| Amazon Glacier | [Logging Amazon Glacier API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/amazonglacier/latest/dev/audit-logging.html) | 12/11/2014 | 
| Amazon SageMaker AI |  [Logging Amazon SageMaker AI API Calls with AWS CloudTrail](https://docs.aws.amazon.com/sagemaker/latest/dg/logging-using-cloudtrail.html)  | 01/11/2018 | 
| Amazon Security Lake | [Logging Amazon Security Lake API calls using CloudTrail](https://docs.aws.amazon.com/security-lake/latest/userguide/securitylake-cloudtrail.html) | 05/30/2023 | 
| AWS Security Agent | [Logging AWS Security Agent API calls using CloudTrail](https://docs.aws.amazon.com/securityagent/latest/userguide/logging-cloudtrail.html) | 03/18/2025 | 
| Amazon Simple Email Service (Amazon SES) | [Logging Amazon SES API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/ses/latest/dg/logging-using-cloudtrail.html) | 05/07/2015 | 
| Amazon Simple Notification Service (Amazon SNS) | [Logging Amazon SNS API Calls using AWS CloudTrail](https://docs.aws.amazon.com/sns/latest/dg/logging-using-cloudtrail.html) | 10/09/2014 | 
| Amazon Simple Queue Service (Amazon SQS) | [Logging Amazon SQS API Actions Using AWS CloudTrail](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-logging-using-cloudtrail.html) | 07/16/2014 | 
| Amazon Simple Workflow Service (Amazon SWF) | [Recording API calls with AWS CloudTrail](https://docs.aws.amazon.com/amazonswf/latest/developerguide/ct-logging.html) | Management events: 05/13/2014 Data events: 02/14/2024  | 
| Amazon Textract | [Logging Amazon Textract API Calls with AWS CloudTrail](https://docs.aws.amazon.com/textract/latest/dg/logging-using-cloudtrail.html) | 05/29/2019 | 
| Amazon Timestream | [Logging Timestream API calls with AWS CloudTrail](https://docs.aws.amazon.com/timestream/latest/developerguide/logging-using-cloudtrail.html) | 09/30/2020 | 
| Amazon Transcribe | [Logging Amazon Transcribe API Calls with AWS CloudTrail](https://docs.aws.amazon.com/transcribe/latest/dg/monitoring-transcribe-cloud-trail.html) | 06/28/2018 | 
| Amazon Translate | [Logging Amazon Translate API Calls with AWS CloudTrail](https://docs.aws.amazon.com/translate/latest/dg/logging-using-cloudtrail.html) | 04/04/2018 | 
| Amazon Verified Permissions | [Logging Amazon Verified Permissions API calls using AWS CloudTrail](https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/cloudtrail.html) | 06/13/2023 | 
| Amazon Virtual Private Cloud (Amazon VPC) |  [Logging API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/using-cloudtrail.html) The Amazon VPC API is a subset of the Amazon EC2 API.   | 11/13/2013 | 
| Amazon VPC Lattice |  [CloudTrail logs](https://docs.aws.amazon.com/vpc-lattice/latest/ug/monitoring-cloudtrail.html)  | 03/31/2023 | 
| Amazon VPC Reachability Analyzer | [Logging Reachability Analyzer API calls using AWS CloudTrail](https://docs.aws.amazon.com/vpc/latest/reachability/logging-using-cloudtrail.html) | 11/27/2023 | 
| Amazon WorkDocs | Logging Amazon WorkDocs API Calls By Using AWS CloudTrail | 08/27/2014 | 
| Amazon WorkMail | [Logging Amazon WorkMail API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/workmail/latest/adminguide/logging-using-cloudtrail.html) | 12/12/2017 | 
| Amazon WorkSpaces | [Logging Amazon WorkSpaces API Calls by Using CloudTrail](https://docs.aws.amazon.com/workspaces/latest/api/cloudtrail_logging.html) | 04/09/2015 | 
| Amazon WorkSpaces Thin Client | [Logging Amazon WorkSpaces Thin Client API calls using AWS CloudTrail](https://docs.aws.amazon.com/workspaces-thin-client/latest/ag/logging-using-cloudtrail.html) | 11/26/2023 | 
| Amazon WorkSpaces Web | [Logging Amazon WorkSpaces Web API calls using AWS CloudTrail](https://docs.aws.amazon.com/workspaces-web/latest/adminguide/logging-using-cloudtrail.html) | 11/30/2021 | 
| Application Auto Scaling | [Logging Application Auto Scaling API calls with AWS CloudTrail](https://docs.aws.amazon.com/autoscaling/application/userguide/logging-using-cloudtrail.html) | 10/31/2016 | 
| AWS Account Management | [Logging AWS Account Management API calls using AWS CloudTrail](https://docs.aws.amazon.com/accounts/latest/reference/monitoring-cloudtrail.html) | 10/01/2021 | 
| AWS Amplify | [Logging Amplify API calls using AWS CloudTrail](https://docs.aws.amazon.com/amplify/latest/userguide/logging-using-cloudtrail.html) | 11/30/2020 | 
| AWS App Mesh | [Logging App Mesh API Calls with AWS CloudTrail](https://docs.aws.amazon.com/app-mesh/latest/userguide/logging-using-cloudtrail.html) |  AWS App Mesh 10/30/2019 App Mesh Envoy Management Service 03/18/2022  | 
| AWS App Runner | [Logging App Runner API calls with AWS CloudTrail](https://docs.aws.amazon.com/apprunner/latest/dg/monitor-ct.html) | 05/18/2021 | 
| AWS AppConfig | [Logging AWS AppConfig API calls using AWS CloudTrail](https://docs.aws.amazon.com/appconfig/latest/userguide/logging-using-cloudtrail.html) |  Management events: 07/31/2020 Data events: 01/04/2024  | 
| AWS AppFabric | [Logging AWS AppFabric API calls using AWS CloudTrail](https://docs.aws.amazon.com/appfabric/latest/adminguide/logging-using-cloudtrail.html) | 06/27/2023 | 
| AWS Application Discovery Service | [Logging Application Discovery Service API Calls with AWS CloudTrail](https://docs.aws.amazon.com/application-discovery/latest/userguide/logging-using-cloudtrail.html) | 05/12/2016 | 
| AWS Application Transformation Service | (Backend service used by AWS tools, such as AWS Microservice Extractor for .NET) | 08/26/2023 | 
| AWS AppSync | [Logging AWS AppSync API Calls with AWS CloudTrail](https://docs.aws.amazon.com/appsync/latest/devguide/cloudtrail-logging.html) | 02/13/2018 | 
| AWS Artifact | [Logging AWS Artifact API calls with AWS CloudTrail](https://docs.aws.amazon.com/artifact/latest/ug/cloudtrail-logging.html) | 01/27/2023 | 
| AWS Audit Manager | [Logging AWS Audit Manager API calls with AWS CloudTrail](https://docs.aws.amazon.com/audit-manager/latest/userguide/logging-using-cloudtrail.html) | 12/07/2020 | 
| AWS Auto Scaling | [Logging AWS Auto Scaling API Calls By Using CloudTrail](https://docs.aws.amazon.com/autoscaling/plans/APIReference/logging-using-cloudtrail.html) | 08/15/2018 | 
| AWS B2B Data Interchange | [Logging AWS B2B Data Interchange API calls using AWS CloudTrail](https://docs.aws.amazon.com/b2bi/latest/userguide/logging-using-cloudtrail.html) | 12/01/2023 | 
| AWS Backup | [Logging AWS Backup API Calls with AWS CloudTrail](https://docs.aws.amazon.com/aws-backup/latest/devguide/logging-using-cloudtrail.html) | 02/04/2019 | 
| AWS Batch | [Logging AWS Batch API Calls with AWS CloudTrail](https://docs.aws.amazon.com/batch/latest/userguide/logging-using-cloudtrail.html) | 1/10/2018 | 
| AWS Billing and Cost Management | [Logging AWS Billing and Cost Management API Calls with AWS CloudTrail](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/logging-using-cloudtrail.html) | 06/07/2018 | 
| AWS Billing Conductor | [Logging AWS Billing Conductor API calls using AWS CloudTrail](https://docs.aws.amazon.com/billingconductor/latest/userguide/logging-using-cloudtrail.html) | 03/12/2024 | 
| AWS BugBust |  Logging BugBust API calls using CloudTrail  | 06/24/2021 | 
| AWS Certificate Manager | [Using AWS CloudTrail](https://docs.aws.amazon.com/acm/latest/userguide/cloudtrail.html) | 03/25/2016 | 
| AWS Clean Rooms | [Logging AWS Clean Rooms API calls using AWS CloudTrail](https://docs.aws.amazon.com/clean-rooms/latest/userguide/logging-using-cloudtrail.html) | 03/21/2023 | 
| AWS Cloud Map | [Logging AWS Cloud Map API Calls with AWS CloudTrail](https://docs.aws.amazon.com/cloud-map/latest/dg/logging-using-cloudtrail.html) | 11/28/2018 | 
| AWS Cloud9 | [Logging AWS Cloud9 API Calls with AWS CloudTrail](https://docs.aws.amazon.com/cloud9/latest/user-guide/cloudtrail.html) | 01/21/2019 | 
| AWS CloudFormation | [Logging AWS CloudFormation API Calls in AWS CloudTrail](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-api-logging-cloudtrail.html) | 04/02/2014 | 
| AWS CloudHSM | [Logging AWS CloudHSM API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/cloudhsm/latest/userguide/get-api-logs-using-cloudtrail.html) | 01/08/2015 | 
| AWS CloudShell |  [Logging and monitoring in AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/logging-and-monitoring.html)  | 12/15/2020 | 
| AWS CloudTrail | [AWS CloudTrail API Reference](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/) (All CloudTrail API calls are logged by CloudTrail.) | 11/13/2013 | 
| AWS CodeArtifact | [Logging CodeArtifact API calls with AWS CloudTrail](https://docs.aws.amazon.com/codeartifact/latest/ug/codeartifact-information-in-cloudtrail.html) | 06/10/2020 | 
| AWS CodeBuild | [Logging AWS CodeBuild API Calls with AWS CloudTrail](https://docs.aws.amazon.com/codebuild/latest/userguide/cloudtrail.html) | 12/01/2016 | 
| AWS CodeCommit | [Logging AWS CodeCommit API Calls with AWS CloudTrail](https://docs.aws.amazon.com/codecommit/latest/userguide/integ-cloudtrail.html) | 01/11/2017 | 
| AWS CodeDeploy | [Monitoring Deployments with AWS CloudTrail](https://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-cloudtrail.html) | 12/16/2014 | 
| AWS CodePipeline | [Logging CodePipeline API calls with AWS CloudTrail](https://docs.aws.amazon.com/codepipeline/latest/userguide/monitoring-cloudtrail-logs.html) | 07/09/2015 | 
| AWS CodeStar | [Logging AWS CodeStar API Calls with AWS CloudTrail](https://docs.aws.amazon.com/dtconsole/latest/userguide/logging-using-cloudtrail.html) | 06/14/2017 | 
| AWS CodeStar Notifications | [Logging AWS CodeStar Notifications API Calls with AWS CloudTrail](https://docs.aws.amazon.com/codestar-notifications/latest/userguide/logging-using-cloudtrail.html) | 11/05/2019 | 
| AWS Config | [Logging AWS Config API Calls By with AWS CloudTrail](https://docs.aws.amazon.com/config/latest/developerguide/log-api-calls.html) | 02/10/2015 | 
| AWS Control Catalog | [Logging AWS Control Catalog API calls using AWS CloudTrail](https://docs.aws.amazon.com/controlcatalog/latest/userguide/logging-using-cloudtrail.html) | 04/08/2024 | 
| AWS Control Tower | [Logging AWS Control Tower Actions with AWS CloudTrail](https://docs.aws.amazon.com/controltower/latest/userguide/logging-using-cloudtrail.html) | 08/12/2019 | 
| AWS Data Pipeline | [Logging AWS Data Pipeline API Calls by using AWS CloudTrail](https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-cloudtrail-logging.html)  | 12/02/2014 | 
| AWS Database Migration Service (AWS DMS) | [Logging AWS Database Migration Service API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Monitoring.html#logging-using-cloudtrail)  | 02/04/2016 | 
| AWS DataSync | [Logging AWS DataSync API Calls with AWS CloudTrail](https://docs.aws.amazon.com/datasync/latest/userguide/logging-using-cloudtrail.html) | 11/26/2018 | 
| AWS Deadline Cloud | [Logging Deadline Cloud API calls using AWS CloudTrail](https://docs.aws.amazon.com/deadline-cloud/latest/userguide/logging-using-cloudtrail.html) | 04/02/2024 | 
| AWS Device Farm | [Logging AWS Device Farm API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/devicefarm/latest/developerguide/logging-using-cloudtrail.html) | 07/13/2015 | 
| Direct Connect | [Logging Direct Connect API Calls in AWS CloudTrail](https://docs.aws.amazon.com/directconnect/latest/UserGuide/logging_dc_api_calls.html) | 03/08/2014 | 
| Directory Service | [Logging Directory Service API Calls by Using CloudTrail](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/logging-using-cloudtrail-ads.html) | 05/14/2015 | 
| Directory Service Data | [Logging Directory Service Data API calls using AWS CloudTrail](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/logging-using-cloudtrail.html) | 09/18/2024 | 
| AWS Elastic Beanstalk (Elastic Beanstalk) | [Using Elastic Beanstalk API Calls with AWS CloudTrail](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.cloudtrail.html) | 03/31/2014 | 
| AWS Elastic Disaster Recovery | [Logging AWS Elastic Disaster Recovery API calls using AWS CloudTrail](https://docs.aws.amazon.com/drs/latest/userguide/logging-using-cloudtrail-.html) | 11/17/2021 | 
| AWS Elemental MediaConnect | [Logging AWS Elemental MediaConnect API Calls with AWS CloudTrail](https://docs.aws.amazon.com/mediaconnect/latest/ug/logging-using-cloudtrail.html) | 11/27/2018 | 
| AWS Elemental MediaConvert | [Logging AWS Elemental MediaConvert API Calls with CloudTrail](http://docs.aws.amazon.com/mediaconvert/latest/ug/logging-using-cloudtrail.html) | 11/27/2017 | 
| AWS Elemental MediaLive | [Logging MediaLive API Calls with AWS CloudTrail](https://docs.aws.amazon.com/medialive/latest/ug/logging-using-cloudtrail.html) | 01/19/2019 | 
| AWS Elemental MediaPackage | [Logging AWS Elemental MediaPackage API Calls with AWS CloudTrail](https://docs.aws.amazon.com/mediapackage/latest/ug/logging-using-cloudtrail.html) | 12/21/2018 | 
| AWS Elemental MediaStore | [Logging AWS Elemental MediaStore API Calls with CloudTrail](https://docs.aws.amazon.com/mediastore/latest/ug/monitoring-service-info-in-cloudtrail.html) | 11/27/2017 | 
| AWS Elemental MediaTailor | [Logging AWS Elemental MediaTailor API Calls with AWS CloudTrail](https://docs.aws.amazon.com/mediatailor/latest/ug/logging-using-cloudtrail.html) | 02/11/2019 | 
| AWS End User Messaging SMS | [ Logging AWS End User Messaging SMS API calls using AWS CloudTrail](https://docs.aws.amazon.com/sms-voice/latest/userguide/logging-using-cloudtrail.html) | 10/10/2024 | 
| AWS End User Messaging Social | [ Logging AWS End User Messaging Social API calls using AWS CloudTrail](https://docs.aws.amazon.com/social-messaging/latest/userguide/logging-using-cloudtrail.html) | 10/10/2024 | 
| AWS Entity Resolution | [Logging AWS Entity Resolution API calls using AAWS CloudTrail](https://docs.aws.amazon.com/entityresolution/latest/userguide/logging-using-cloudtrail.html) | 07/26/2023 | 
| AWS Fault Injection Service | [Log API calls with AWS CloudTrail](https://docs.aws.amazon.com/fis/latest/userguide/logging-using-cloudtrail.html) | 03/15/2021 | 
| AWS Firewall Manager | [Logging AWS Firewall Manager API Calls with AWS CloudTrail](https://docs.aws.amazon.com/waf/latest/developerguide/logging-using-cloudtrail.html#cloudtrail-fms) | 04/05/2018 | 
| AWS Global Accelerator | [Logging AWS Global Accelerator API Calls with AWS CloudTrail](https://docs.aws.amazon.com/global-accelerator/latest/dg/logging-using-cloudtrail.html) | 11/26/2018 | 
| AWS Glue | [Logging AWS Glue Operations Using AWS CloudTrail](https://docs.aws.amazon.com/glue/latest/dg/monitor-cloudtrail.html) | 11/07/2017 | 
| AWS Ground Station | [Logging AWS Ground Station API Calls with AWS CloudTrail](https://docs.aws.amazon.com/ground-station/latest/ug/logging-using-cloudtrail.html) | 05/31/2019 | 
| AWS Health | [Logging AWS Health API Calls with AWS CloudTrail](https://docs.aws.amazon.com/health/latest/ug/logging-using-cloudtrail.html) | 11/21/2016 | 
| AWS Health Dashboard | [Logging AWS Health API Calls with AWS CloudTrail](https://docs.aws.amazon.com/health/latest/ug/logging-using-cloudtrail.html) | 12/01/2016 | 
| AWS HealthImaging | [Logging AWS HealthImaging API calls using AWS CloudTrail](https://docs.aws.amazon.com/healthimaging/latest/devguide/logging-using-cloudtrail.html) | 07/26/2023 | 
| AWS HealthLake | [Logging AWS HealthLake API calls with AWS CloudTrail](https://docs.aws.amazon.com/healthlake/latest/devguide/logging-using-cloudtrail.html) | 12/07/2020 | 
| AWS HealthOmics | [Logging AWS HealthOmics API calls using AWS CloudTrail](https://docs.aws.amazon.com/omics/latest/dev/logging-using-cloudtrail.html) | 11/29/2022 | 
| AWS IAM Identity Center | [Logging IAM Identity Center API Calls with AWS CloudTrail](https://docs.aws.amazon.com/singlesignon/latest/userguide/logging-using-cloudtrail.html) | 12/07/2017 | 
| AWS IAM Identity Center – SCIM | [Logging IAM Identity Center API Calls with AWS CloudTrail](https://docs.aws.amazon.com/singlesignon/latest/userguide/logging-using-cloudtrail.html) | 10/28/2024 | 
| AWS Identity and Access Management (IAM) | [Logging IAM Events with AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) | 11/13/2013 | 
| AWS IoT | [Logging AWS IoT API Calls with AWS CloudTrail](https://docs.aws.amazon.com/iot/latest/developerguide/monitoring_overview.html#iot-using-cloudtrail) | 04/11/2016 | 
| AWS IoT Events | [Understanding AWS IoT Events log file entries](https://docs.aws.amazon.com/iotevents/latest/developerguide/understanding-aws-iotevents-entries.html) | 06/11/2019 | 
| AWS IoT Greengrass | [Logging AWS IoT Greengrass API Calls with AWS CloudTrail](https://docs.aws.amazon.com/greengrass/v1/developerguide/logging-using-cloudtrail.html)  | 10/29/2018 | 
| AWS IoT Greengrass V2 | [Log AWS IoT Greengrass V2 API calls with AWS CloudTrail](https://docs.aws.amazon.com/greengrass/v2/developerguide/logging-using-cloudtrail.html) | 12/14/2020 | 
| AWS IoT SiteWise | [Logging AWS IoT SiteWise API calls with AWS CloudTrail](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/logging-using-cloudtrail.html) | 04/29/2020 | 
| AWS Key Management Service (AWS KMS) | [Logging AWS KMS API Calls using AWS CloudTrail](https://docs.aws.amazon.com/kms/latest/developerguide/logging-using-cloudtrail.html) | 11/12/2014 | 
| AWS Lake Formation | [Logging AWS Lake Formation API Calls Using AWS CloudTrail](https://docs.aws.amazon.com/lake-formation/latest/dg/logging-using-cloudtrail.html) | 08/09/2019 | 
| AWS Lambda |  [Logging AWS Lambda API Calls By Using AWS CloudTrail](https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html)  |  Management events: 04/09/2015 Data events: 11/30/2017  | 
| AWS Launch Wizard |  [Logging AWS Launch Wizard API calls using AWS CloudTrail](https://docs.aws.amazon.com/launchwizard/latest/userguide/logging-using-cloudtrail.html)  | 11/08/2023 | 
| AWS License Manager  | [Logging AWS License Manager API Calls with AWS CloudTrail](https://docs.aws.amazon.com/license-manager/latest/userguide/logging-using-cloudtrail.html) | 03/01/2019 | 
| AWS Mainframe Modernization | [Logging AWS Mainframe Modernization API calls using AWS CloudTrail](https://docs.aws.amazon.com/m2/latest/userguide/logging-using-cloudtrail.html) | 06/08/2022 | 
| Managed integrations for AWS IoT Device Management | [Logging Managed integrations API calls using AWS CloudTrail](https://docs.aws.amazon.com/iot-mi/latest/devguide/logging-using-cloudtrail.html) | 03/03/2025 | 
| AWS Managed Services | [Log management in AMS Accelerate](https://docs.aws.amazon.com/managedservices/latest/accelerate-guide/acc-log-mgmt.html#acc-lm-cloudtrail) | 12/21/2016 | 
| AWS Marketplace Agreements | [Logging Agreements API Calls using AWS CloudTrail](https://docs.aws.amazon.com/marketplace-agreements/latest/api-reference/cloudtrail-logging.html) | 09/01/2023 | 
| AWS Marketplace Deployment Service | [Logging AWS Marketplace Deployment Service calls with CloudTrail](https://docs.aws.amazon.com/marketplace-deployment/latest/api-reference/cloudtrail-logging.html) | 11/29/2023 | 
| AWS Marketplace Discovery | [Logging AWS Marketplace Discovery API calls using AWS CloudTrail](https://docs.aws.amazon.com/marketplace-catalog/latest/api-reference/logging-using-cloudtrail.html)  | 12/15/2022 | 
| AWS Marketplace Metering Service | [Logging AWS Marketplace API Calls with AWS CloudTrail](https://docs.aws.amazon.com/marketplace/latest/userguide/logging-aws-marketplace-api-calls-with-aws-cloudtrail.html) | 08/22/2018 | 
| AWS Migration Hub  | [Logging AWS Migration Hub API Calls with AWS CloudTrail](https://docs.aws.amazon.com/migrationhub/latest/ug/logging-using-cloudtrail.html) | 08/14/2017 | 
| AWS Migration Hub Journeys | [Logging AWS Migration Hub Journeys API calls with AWS CloudTrail](https://docs.aws.amazon.com/mhj/latest/userguide/logging-using-cloudtrail.html) | 12/03/2024 | 
| Multi-party approval | [Logging Multi-party approval API calls using AWS CloudTrail](https://docs.aws.amazon.com/mpa/latest/userguide/logging-using-cloudtrail.html) | 06/17/2025 | 
| AWS Network Firewall | [Logging calls to the AWS Network Firewall API with AWS CloudTrail](https://docs.aws.amazon.com/network-firewall/latest/developerguide/logging-using-cloudtrail.html) | 11/17/2020 | 
| AWS OpsWorks for Chef Automate | Logging AWS OpsWorks for Chef Automate API Calls with AWS CloudTrail | 07/16/2018 | 
| AWS OpsWorks for Puppet Enterprise | Logging OpsWorks for Puppet Enterprise API Calls with AWS CloudTrail | 07/16/2018 | 
| AWS OpsWorks Stacks | Logging AWS OpsWorks Stacks API Calls with AWS CloudTrail | 06/04/2014 | 
| Oracle Database@AWS | [Logging Oracle Database@AWS API Calls with AWS CloudTrail](https://docs.aws.amazon.com/odb/latest/UserGuide/logging-using-cloudtrail.html) | 12/01/2024 | 
| AWS Organizations | [Logging AWS Organizations API calls with AWS CloudTrail](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) | 02/27/2017 | 
| AWS Outposts | [Logging AWS Outposts API calls with AWS CloudTrail](https://docs.aws.amazon.com/outposts/latest/userguide/logging-using-cloudtrail.html) | 02/04/2020 | 
| AWS Panorama | [AWS Panorama API Reference](https://docs.aws.amazon.com/panorama/latest/api/API_Operations.html) | 10/20/2021 | 
| AWS Payment Cryptography | [Logging AWS Payment Cryptography API calls using AWS CloudTrail](https://docs.aws.amazon.com/payment-cryptography/latest/userguide/monitoring-cloudtrail.html) | 06/08/2023 | 
| AWS Private 5G | Logging AWS Private 5G API calls using AWS CloudTrail | 08/11/2022 | 
| AWS Private Certificate Authority (AWS Private CA) | [Using CloudTrail](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCtIntro.html) | 04/04/2018 | 
| AWS Proton | [Logging and monitoring in AWS Proton](https://docs.aws.amazon.com/proton/latest/userguide/security-logging-and-monitoring.html) | 06/09/2021 | 
| AWS re:Post Private | [Logging AWS re:Post Private API calls using AWS CloudTrail](https://docs.aws.amazon.com/repostprivate/latest/caguide/logging-using-cloudtrail.html) | 11/26/2023 | 
| AWS Resilience Hub | [AWS CloudTrail](https://docs.aws.amazon.com/resilience-hub/latest/userguide/integrate-cloudtrail.html) | 11/10/2021 | 
| AWS Resource Access Manager (AWS RAM) | [Logging AWS RAM API Calls with AWS CloudTrail](https://docs.aws.amazon.com/ram/latest/userguide/cloudtrail-logging.html) | 11/20/2018 | 
| AWS Resource Explorer | [Logging AWS Resource Explorer API calls using AWS CloudTrail](https://docs.aws.amazon.com/resource-explorer/latest/userguide/monitoring-cloudtrail.html) | 11/07/2022 | 
| AWS Resource Groups | [Logging and monitoring in Resource Groups](https://docs.aws.amazon.com/ARG/latest/userguide/security_logging-monitoring.html) | 06/29/2018 | 
| AWS RoboMaker | Logging AWS RoboMaker API Calls with AWS CloudTrail | 01/16/2019 | 
| AWS Secrets Manager | [Monitor the Use of Your AWS Secrets Manager Secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail) | 04/05/2018 | 
| AWS Security Hub CSPM | [Logging AWS Security Hub CSPM API Calls with AWS CloudTrail](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-ct.html) | 11/27/2018 | 
| AWS Security Incident Response | [Logging AWS Security Incident Response API calls using AWS CloudTrail](https://docs.aws.amazon.com/security-ir/latest/userguide/logging-using-cloudtrail.html) | 12/01/2024 | 
| AWS Security Token Service (AWS STS) |  [Logging IAM Events with AWS CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) The IAM topic includes information for AWS STS.  | 11/13/2013 | 
| AWS Serverless Application Repository | [Logging AWS Serverless Application Repository API Calls with AWS CloudTrail](https://docs.aws.amazon.com/serverlessrepo/latest/devguide/logging-using-cloudtrail.html) | 02/20/2018 | 
| AWS Service Catalog | [Logging Service Catalog API Calls with AWS CloudTrail](https://docs.aws.amazon.com/servicecatalog/latest/dg/logging-using-cloudtrail.html) | 07/06/2016 | 
| AWS Shield | [Logging Shield Advanced API Calls with AWS CloudTrail](https://docs.aws.amazon.com/waf/latest/developerguide/logging-using-cloudtrail.html#shield-info-in-cloudtrail) | 02/08/2018 | 
| AWS Snowball Edge Edge | [Logging AWS Snowball Edge Edge API Calls with AWS CloudTrail](https://docs.aws.amazon.com/snowball/latest/developer-guide/logging-using-cloudtrail.html) | 01/25/2019 | 
| AWS Step Functions | [Logging AWS Step Functions API Calls with AWS CloudTrail](https://docs.aws.amazon.com/step-functions/latest/dg/procedure-cloud-trail.html) | 12/01/2016 | 
| AWS Storage Gateway |  [Logging Storage Gateway API Calls by Using AWS CloudTrail](https://docs.aws.amazon.com/filegateway/latest/files3/logging-using-cloudtrail.html)  | 12/16/2014 | 
| AWS Support |  [Logging AWS Support API calls with AWS CloudTrail](https://docs.aws.amazon.com/awssupport/latest/user/logging-using-cloudtrail.html)  | 04/21/2016 | 
| Support Recommendations (Preview) | [Logging Support Recommendations API calls with AWS CloudTrail](https://docs.aws.amazon.com/awssupport/latest/user/cloudtrail-logging-support-recommendations.html) | 05/22/2024 | 
| AWS Systems Manager | [Logging AWS Systems Manager API Calls with AWS CloudTrail](https://docs.aws.amazon.com/systems-manager/latest/userguide/monitoring-cloudtrail-logs.html) | 11/29/2017 | 
| AWS Systems Manager Incident Manager | [Logging AWS Systems Manager Incident Manager API calls using AWS CloudTrail](https://docs.aws.amazon.com/incident-manager/latest/userguide/logging-using-cloudtrail.html) | 05/10/2021 | 
| AWS Telco Network Builder (AWS TNB)  | [Logging AWS Telco Network Builder API calls using AWS CloudTrail](https://docs.aws.amazon.com/tnb/latest/ug/logging-using-cloudtrail.html) | 02/21/2023 | 
| AWS Transfer for SFTP | [Logging AWS Transfer for SFTP API Calls with AWS CloudTrail](https://docs.aws.amazon.com/transfer/latest/userguide/cloudtrail-logging.html) | 01/08/2019 | 
| AWS Transit Gateway | [Logging API Calls for Your Transit Gateway Using AWS CloudTrail](https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-cloudtrail-logs.html) | 11/26/2018 | 
| AWS Trusted Advisor | [Logging AWS Trusted Advisor console actions with AWS CloudTrail](https://docs.aws.amazon.com/awssupport/latest/user/logging-using-cloudtrail-for-aws-trusted-advisor.html) | 10/22/2020 | 
| AWS Verified Access | [Log AWS Verified Access API calls using AWS CloudTrail](https://docs.aws.amazon.com/verified-access/latest/ug/logging-using-cloudtrail.html) | 04/27/2023 | 
| AWS WAF | [Logging AWS WAF API Calls with AWS CloudTrail](https://docs.aws.amazon.com/waf/latest/developerguide/logging-using-cloudtrail.html) | 04/28/2016 | 
| AWS Well-Architected Tool | [Logging AWS Well-Architected Tool API Calls with AWS CloudTrail](https://docs.aws.amazon.com/wellarchitected/latest/userguide/logging-using-cloudtrail.html) | 12/15/2020 | 
| AWS X-Ray | [Logging AWS X-Ray API Calls With CloudTrail](https://docs.aws.amazon.com/xray/latest/devguide/xray-api-cloudtrail.html) | 04/25/2018 | 
| Elastic Load Balancing | [AWS CloudTrail Logging for Your Classic Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/ELB-API-Logs.html) and [AWS CloudTrail Logging for Your Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudtrail-logs.html) | 04/04/2014 | 
| FreeRTOS Over-the-Air Updates (OTA) | [Logging AWS IoT OTA API Calls with AWS CloudTrail](https://docs.aws.amazon.com/freertos/latest/userguide/iot-using-cloudtrail-afr.html) | 05/22/2019 | 
| Service Quotas | [Logging Service Quotas API calls using AWS CloudTrail](https://docs.aws.amazon.com/servicequotas/latest/userguide/logging-using-cloudtrail.html) | 06/24/2019 | 

## CloudTrail unsupported services
<a name="cloudtrail-unsupported-aws-services"></a>

Services that are still in preview, or not yet released for general availability (GA), or which don't have public APIs, are not considered supported.

Additionally, the following AWS services and events are not supported:
+ AWS Import/Export

For a list of supported AWS services, see [AWS service topics for CloudTrail](#cloudtrail-aws-service-specific-topics-list).

# Quotas in AWS CloudTrail
<a name="WhatIsCloudTrail-Limits"></a>

This section describes the resource quotas (formerly referred to as limits) in CloudTrail. For information about all quotas in CloudTrail, see [Service quotas](https://docs.aws.amazon.com/general/latest/gr/ct.html#limits_cloudtrail) in the *AWS General Reference*.

**Note**  
CloudTrail has no adjustable quotas.

## CloudTrail resource quotas
<a name="cloudtrail-resource-quotas"></a>

The following table describes the resource quotas within CloudTrail.


| Resource | Default quota | Comments | 
| --- | --- | --- | 
| Trails per Region | 5 |  The maximum number of trails per AWS Region. In shadow Regions, to get latest resource count metric, call the `ListTrails` API. This quota cannot be increased.  | 
| Event data stores | 10 |  The maximum number of event data stores per AWS Region. This includes single-Region event data stores for the Region, multi-Region event data stores across all AWS Regions, and organization event data stores. This includes event data stores in any [lifecycle stage](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-eds-disable-termination.html). In shadow Regions, to get latest resource count metric, call the `ListEventDataStores` API. This quota cannot be increased.  | 
| Channels | 25 |  This quota applies to channels used for CloudTrail Lake integrations with event sources outside of AWS, and does not apply to service-linked channels.  This quota cannot be increased.   | 
| Dashboards per Region | 100 |  The maximum number of CloudTrail Lake custom dashboards per AWS Region. In shadow Regions, to get the latest resource count metric, call the `ListDashboards` API. This quota cannot be increased.   | 
| Widgets per dashboard | 10 |  This maximum number of widgets per CloudTrail Lake dashboard. This quota cannot be increased.   | 
| Concurrent dashboard refreshes | 1 |  The maximum number of ongoing refreshes per dashboard. This quota cannot be increased.   | 
| Concurrent queries | 10 |  The maximum number of queued or running queries that you can run simultaneously in CloudTrail Lake. This quota cannot be increased.  | 
| Events per PutAuditEvents request | 100 |  You can add up to 100 activity events (or up to 1 MB) per `PutAuditEvents` request. This quota cannot be increased.  | 
| Event selectors | 5 per trail | This quota cannot be increased. | 
| Advanced event selectors | 500 conditions across all advanced event selectors |  If a trail or event data store uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. This quota cannot be increased.  | 
| Data resources in event selectors | 250 across all event selectors in a trail | If you choose to limit data events by using event selectors, the total number of data resources cannot exceed 250 across all event selectors in a trail. The limit of number of resources on an individual event selector is configurable up to 250. This upper limit is allowed only if the total number of data resources does not exceed 250 across all event selectors. Examples:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html)Event selectors apply only to trails. For event data stores, you must use advanced event selectors.This quota cannot be increased.The quota does not apply if you choose to log data events on all resources, such as all S3 buckets or all Lambda functions. | 
| Event size |  All event versions: events over 256 KB cannot be sent to CloudWatch Logs Event version 1.05 and newer: total event size limit of 256 KB  |  Amazon CloudWatch Logs and Amazon EventBridge each allow a maximum event size of 256 KB. CloudTrail does not send events over 256 KB to CloudWatch Logs or EventBridge. Starting with event version 1.05, events have a maximum size of 256 KB. This is to help prevent exploitation by malicious actors, and allow events to be consumed by other AWS services, such as CloudWatch Logs and EventBridge.  | 
| CloudTrail file size sent to Amazon S3 |  50 MB before compression  |  For management, data, and network activity events, CloudTrail sends events to S3 in compressed gzip files. The maximum file size before compression is 50 MB. If enabled on the trail, log delivery notifications are sent by Amazon SNS after CloudTrail sends gzip files to S3.  | 

## Transactions per second (TPS) quotas in CloudTrail
<a name="cloudtrail-api-quotas"></a>

The [AWS General Reference](https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html) lists the transactions per second (TPS) quota for AWS APIs. The transactions per second (TPS) quota for an API represents how many requests you can make per second for a given API without being throttled. For example, the TPS quota for the CloudTrail `LookupEvents` API is 2.

For information about the TPS quota for each CloudTrail API, see [Service quotas](https://docs.aws.amazon.com/general/latest/gr/ct.html#limits_cloudtrail) in the *AWS General Reference*.