Posted On: Feb 8, 2018

You can now log all your API calls to AWS Shield through AWS CloudTrail, the AWS service that records API calls for your account and delivers log files to your Amazon S3 bucket. CloudTrail logs can be used to enable security analysis, track changes to your AWS resources, and aid in compliance auditing. Integrating AWS Shield and CloudTrail lets you determine which requests were made to the AWS Shield API, the source IP address from which each request was made, who made the request, when it was made, and more. 

If you are already using AWS CloudTrail, you will start seeing AWS Shield API calls in your AWS CloudTrail log. If you haven't turned on AWS CloudTrail for your account, you can turn on CloudTrail from the AWS Management Console. There is no additional charge for turning on AWS CloudTrail, but standard rates for Amazon S3 and Amazon SNS usage apply. Please visit the AWS Shield detail page or the AWS Shield Developer Guide to learn more.