In CloudTrail, how to create a trail that targets only specific type of events?

1

We'd like to create a CloudTrail trail for management events that targets only specific type of events, for example, EBS volume creation, modification, and deletion. I do not see any option to achieve this. Is it not supported by AWS?

Ori
已提问 3 个月前313 查看次数
2 回答
1

Hello.

Events such as creation, modification, and deletion of EBS volumes are included in management events.
I don't think it is possible to create a trail by narrowing down to specific events of a specific service with management events.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html

profile picture
专家
已回答 3 个月前
-1

There is a thing called Advanced Event Selectors that let you filter specific events from Cloudtrail. Here is a blog that shows how & what you can do with it https://aws.amazon.com/blogs/mt/optimize-aws-cloudtrail-costs-using-advanced-event-selectors/

API level documentation is

profile picture
专家
Kallu
已回答 3 个月前
  • Hi Kallu, thanks for the answer. Unfortunately the Event Selectors are available only for Data Events. EBS events such as I described are not Data Events, but Management Events. In my question I specifically mentioned Management Events.

    How do we get Event Selectors for Management Events?

    Thanks

  • You're correct. Didn't check all the "small print". This would have been nice feature but I guess the typical volume of mgmt events is more manageable than data events so it isn't too much overhead to do filtering when reading the events.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则