When we use server access logs, it’s a bit difficult to analyze and track individual actions performed by an IAM user, a role, or a service on an S3 bucket.

With CloudTrail logging, detailed information is logged that allows easy monitoring of the API call actions performed on an S3 bucket. The logs are stored as JSON files, which can be interpreted easily using the AWS CloudTrail console.

Types of CloudTrail events

CloudTrail logs actions performed as events, which have been further classified into the following:

  • Management events: These events include control plane actions, such as account-level and bucket-level actions. Examples of these include creating a bucket, listing buckets, and so on. These events are enabled by default, and we can access the past 90 days’ events for free using the CloudTrail console.

  • Data events: These events include data plane actions, such as object-level actions. Examples of these include putting an object, deleting an object, and so on. These events are disabled by default, and enabling these events is additionally charged by AWS as per their pricing.

Example event record

Every event log is recorded in the JSON format, which can easily be accessed using the CloudTrail console.

The example event record given below contains details of a put-bucket-lifecycle-configuration API call requested on a bucket named my-pets-accesslogs. We can also see additional important details, such as the event source, requester account ID, username, source IP address, and so on.

Get hands-on with 1200+ tech skills courses.