Security event logging in AWS Lake Formation

AWS Lake Formation is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Lake Formation. CloudTrail captures all API calls for Lake Formation as events. The calls captured include calls from the Lake Formation console, the AWS Command Line Interface, and code calls to the Lake Formation API operations.

For more information about event logging in Lake Formation, see Logging AWS Lake Formation API Calls Using AWS CloudTrail.

Note

GetTableObjects, UpdateTableObjects, and GetWorkUnitResults are high-volume data plane operations. Calls to these APIs are not currently logged to CloudTrail. For more information about data plane operations in CloudTrail, see Logging data events for trails in the AWS CloudTrail User Guide.

Changes in Lake Formation to support additional CloudTrail events will be documented at Document history for AWS Lake Formation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Cross-service confused deputy prevention

Integrating with Lake Formation