Logging and monitoring in AWS Directory Service

As a best practice, monitor your organization to ensure that changes are logged. This helps you to ensure that any unexpected change can be investigated and unwanted changes can be rolled back. AWS Directory Service currently supports the following two AWS services, so you can monitor your organization and the activity that happens within it.

Amazon CloudWatch - You can use CloudWatch Events with the AWS Managed Microsoft AD directory type. For more information, see Enabling Amazon CloudWatch Logs log forwarding for AWS Managed Microsoft AD. Additionally, you can use CloudWatch Metrics to monitor domain controller performance. For more information, see Determining when to add domain controllers with CloudWatch metrics.
AWS CloudTrail
- You can use CloudTrail with all AWS Directory Service directory types. For more information, see Logging AWS Directory Service API calls using AWS CloudTrail.
- You can use CloudTrail with AWS Managed Microsoft AD in the Directory Service Data API. For more information, see Logging AWS Directory Service Data API calls using AWS CloudTrail.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Authorization for AWS applications and services using AWS Directory Service

AWS Directory Service logs