In CloudTrail, how to create a trail that targets only specific type of events?

1

We'd like to create a CloudTrail trail for management events that targets only specific type of events, for example, EBS volume creation, modification, and deletion. I do not see any option to achieve this. Is it not supported by AWS?

Ori
asked 2 months ago266 views
2 Answers
1

Hello.

Events such as creation, modification, and deletion of EBS volumes are included in management events.
I don't think it is possible to create a trail by narrowing down to specific events of a specific service with management events.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html

profile picture
EXPERT
answered 2 months ago
-1

There is a thing called Advanced Event Selectors that let you filter specific events from Cloudtrail. Here is a blog that shows how & what you can do with it https://aws.amazon.com/blogs/mt/optimize-aws-cloudtrail-costs-using-advanced-event-selectors/

API level documentation is

profile picture
EXPERT
Kallu
answered 2 months ago
  • Hi Kallu, thanks for the answer. Unfortunately the Event Selectors are available only for Data Events. EBS events such as I described are not Data Events, but Management Events. In my question I specifically mentioned Management Events.

    How do we get Event Selectors for Management Events?

    Thanks

  • You're correct. Didn't check all the "small print". This would have been nice feature but I guess the typical volume of mgmt events is more manageable than data events so it isn't too much overhead to do filtering when reading the events.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions