Why are the S3 CloudTrail events empty for my bucket?


I'm trying to find CloudTrail events for my-s3-bucket which can show me which account or resource is enabling events or other properties on the bucket. I thought API calls were logged by CloudTrail by default, but my event list is empty. Is my aws-cli command incorrect, or am I missing a configuration item on my bucket to enable API logging?

$  aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType,AttributeValue=AWS::S3::my-s3-bucket
    "Events": []
1 Answer
Accepted Answer


It depends on what kind of events you are looking for, but by default it only records API history at the bucket level.

Also, I think your command has the "AttributeValue" wrong.
If "AttributeKey" is "ResourceType", you need to enter the resource type "AWS::S3::Bucket" as shown below.

aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceType,AttributeValue=AWS::S3::Bucket

If you want to search by resource name, you need to do the following:

aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceName,AttributeValue=S3-BucketName
profile picture
answered 2 months ago
profile picture
reviewed 2 months ago
profile pictureAWS
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions