Posted On: Feb 10, 2017
The AWS CloudTrail console now allows you to separately add data events and management events logging options, making it easy to customize your CloudTrail configuration. With data events logging, you can record all API actions on Amazon S3 Objects and receive detailed information such as the S3 object level API activity, AWS account of the caller, IAM user role of the caller, time of the API call, IP address of the API, and other details. With management events logging, you can record operations that occur on your AWS accounts and resources, such as administrative actions to create, delete, and modify EC2 instances or IAM activities.
Previously, data events and management events logging options were combined into a single event selector section. Now, data events and management events logging are configured independently. You can select individual S3 resources to record object level activity, enable or disable collection of control plane account activity, and filter your CloudTrail configuration to collect read-only or write-only events. Visit data event configuration for more information.
For more information on CloudTrail: