☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
AWS CloudTrail/
🔷
CloudTrail Events
🔷

CloudTrail Events

1. Management Events

  • Track control-plane operations that manage AWS resources.
  • Examples:
    • IAM: AttachRolePolicy
    • EC2: CreateSubnet
    • CloudTrail: CreateTrail
  • Logged by default in all trails.
  • Can be filtered into:
    • Read events – non-mutating requests (e.g., DescribeInstances).
    • Write events – mutating requests (e.g., RunInstances).

2. Data Events

  • Track data-plane operations that access or modify resource content.
  • Not enabled by default due to potential high volume.
  • Examples:
    • S3: object-level actions like GetObject, PutObject, DeleteObject.
    • Lambda: function invocation (Invoke).
  • Can be filtered into read and write operations.

3. CloudTrail Insights Events

  • Detect anomalous operational activity by establishing baselines of normal API usage and identifying deviations.
  • Useful for spotting spikes, irregular patterns, or potential security incidents.