Amazon Kinesis Data Streams supports data plane logging to AWS CloudTrail
Today, Amazon Kinesis Data Streams announces support for logging data plane APIs using AWS CloudTrail, enabling customers to have greater visibility into data stream activity in their AWS account for best practices in security and operational troubleshooting. Amazon Kinesis Data Streams is a serverless data streaming service that enables customers to capture, process, and store data streams at any scale.
CloudTrail captures API activities related to Amazon Kinesis Data Streams as events, including calls from the Amazon Kinesis Data Streams console and calls made programmatically using Amazon Kinesis Data Streams APIs. Using the information that CloudTrail collects, you can identify a specific request to an Amazon Kinesis Data Streams API, the IP address of the requester, the requester's identity, and the date and time of the request. Logging Kinesis Data Streams APIs using CloudTrail helps you enable operational and risk auditing, governance, and compliance of your AWS account. Kinesis Data Streams APIs that are now supported for CloudTrail logging are:
- GetRecords
- GetShardIterator
- PutRecord
- PutRecords
- SubscribeToShard
To opt-in for CloudTrail logging of the above mentioned data plane APIs, you can simply configure logging on your data stream using the AWS CloudTrail Console or by using CloudTrail APIs.
Logging data plane Kinesis Data Streams APIs using AWS CloudTrail is now available in all commercial AWS Regions and AWS GovCloud (US) Regions.
To learn more about logging data plane APIs using AWS CloudTrail, see AWS Documentation. For more information about CloudTrail, see the AWS CloudTrail User Guide.