Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Cloud Trail Events

  1. Home
  3. AWS Certified Solutions Architect Professional (SAP-C02)
  5. Cloud Trail Events

Data Events

Data events provide insight into resource operations performed on or within a resource. These are also known as data plane operations. Data events are often high-volume activities.

Example data events include:

Amazon S3 object-level API activity (for example, GetObject, DeleteObject, and PutObject API operations)

AWS Lambda function execution activity (Invoke API)

Data events are disabled by default when you create a trail. To record CloudTrail data events, you must explicitly add supported resources or resource types for which you want to collect activity to a trail.

Management Events

Management events provide insight into management operations that are performed on resources in AWS account. These are also known as control plane operations. Example management events include:

  • Configuring security (for example, IAM AttachRolePolicy API operations)
  • Registering devices (for example, Amazon EC2 CreateDefaultVpc API operations)
  • Configuring rules for routing data (for example, Amazon EC2 CreateSubnet API operations)
  • Setting up logging (for example, AWS CloudTrail CreateTrail API operations)

Management events can also include non-API events that occur in account. For example, when a user logs in to account, CloudTrail logs ConsoleLogin event.

Read-only and Write-only Events

When you configure trail to log data and management events, you can specify whether you want read-only events, write-only events, both, or none.

  • Read-only – Read-only events include API operations that read resources, but don’t make changes. For example, read-only events include Amazon EC2 DescribeSecurityGroups and DescribeSubnets API operations. These operations return only information about Amazon EC2 resources and don’t change configurations.
  • Write-only – Write-only events include API operations that modify (or might modify) resources. For example, Amazon EC2 RunInstances and TerminateInstances API operations modify instances.
  • All – trail logs both.
  • None – trail logs neither read-only nor write-only management events.
Menu