Posted On: Nov 21, 2016

AWS CloudTrail now supports Amazon S3 Data Events. You can now record all API actions on S3 Objects and receive detailed information such as the AWS account of the caller, IAM user role of the caller, time of the API call, IP address of the API, and other details. All events are delivered to a S3 bucket and CloudWatch Events, allowing you to take programmatic actions on the events. For example, if the Access Control Lists (ACLs) of an object are modified, you can quickly reapply the original ACLs on that object.

You can start using this feature through the new Event Selector section in the CloudTrail console. Events that are already being captured by CloudTrail are called Management Events. You can select Data Events in the Event Selector and specify the S3 Buckets/Prefixes that you wish to monitor. You can also configure whether read only, write only, or both types of events are captured for the trail.

S3 Data Events is available in all public AWS regions. Visit our pricing page to learn more about S3 Data Events pricing. Read our documentation to get started with S3 Data Events. Please visit our product page for more information about AWS CloudTrail.