Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

CloudTrail Events

  1. Home
  3. AWS Certified DevOps Engineer Professional
  5. CloudTrail Events

Data Events

Data events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations. Data events are often high-volume activities.

Example data events include:

Amazon S3 object-level API activity (for example, GetObject, DeleteObject, and PutObject API operations)

AWS Lambda function execution activity (the Invoke API)

Data events are disabled by default when you create a trail. To record CloudTrail data events, you must explicitly add the supported resources or resource types for which you want to collect activity to a trail.

Management Events

Management events provide insight into management operations that are performed on resources in your AWS account. These are also known as control plane operations. Example management events include:

  • Configuring security (for example, IAM AttachRolePolicy API operations)
  • Registering devices (for example, Amazon EC2 CreateDefaultVpc API operations)
  • Configuring rules for routing data (for example, Amazon EC2 CreateSubnet API operations)
  • Setting up logging (for example, AWS CloudTrail CreateTrail API operations)

Management events can also include non-API events that occur in your account. For example, when a user logs in to your account, CloudTrail logs the ConsoleLogin event.

Read-only and Write-only Events

When you configure your trail to log data and management events, you can specify whether you want read-only events, write-only events, both, or none.

  • Read-only – Read-only events include API operations that read your resources, but don’t make changes. For example, read-only events include the Amazon EC2 DescribeSecurityGroups and DescribeSubnets API operations. These operations return only information about your Amazon EC2 resources and don’t change your configurations.
  • Write-only – Write-only events include API operations that modify (or might modify) your resources. For example, the Amazon EC2 RunInstances and TerminateInstances API operations modify your instances.
  • All – Your trail logs both.
  • None – Your trail logs neither read-only nor write-only management events.
Menu