AWS CloudTrail Adds Logging of Execution Activity for AWS Lambda Functions

Posted on: Nov 30, 2017

You can now log the execution activity of your AWS Lambda functions with AWS CloudTrail Lambda data events. Previously, you could only log Lambda management events, which provide information on when and by whom a function was created, modified, or deleted. Now, you can also record Lambda data events and get additional details on when and by whom an Invoke API call was made and which Lambda function was executed. All Lambda data events are delivered to an Amazon S3 bucket and Amazon CloudWatch Events, which allows you to respond to events recorded by CloudTrail. For example, you can quickly determine which Lambda functions were executed in the past three days and identify the source of the Invoke API calls. You can take immediate action to restrict Invoke API calls to known users or roles if you detect inappropriate Lambda activity.

You can turn on logging for AWS Lambda data events using the AWS CloudTrail console, AWS CLI, and SDKs. You can view and select which Lambda functions get logged by creating a new trail or editing an existing trail.

AWS CloudTrail Lambda data events are available in all AWS public regions, AWS GovCloud (US), and China (Beijing). Please visit here to see the full list of supported regions.

For more information on AWS CloudTrail:
Product Page
Supported Services
Documentation
Release Notes