AWS CloudTrail launches network activity events for VPC endpoints (preview)
With the launch of AWS CloudTrail network activity for VPC endpoints, you now have additional visibility into AWS API activity that traverses your VPC endpoints, enabling you to strengthen your data perimeter and implement better detective controls. At preview launch, you can enable network activity events for VPC endpoints for four AWS Services: Amazon EC2, AWS Key Management Service (AWS KMS), AWS Secrets Manager, and AWS CloudTrail.
With network activity events for VPC endpoints, you can view details of who is accessing resources within your network giving you greater ability to identify and respond to malicious or unauthorized actions in your data perimeter. For example, as the VPC endpoint owner, you can view logs of actions that were denied due to VPC endpoint policies or use these events to validate the impact of updating existing policies.
You can turn on logging for network activity events logging for your VPC endpoints using the AWS CloudTrail console, AWS CLI, and SDKs. When creating a new trail or event data store or editing an existing one, you can select network activity events for supported services that you wish to monitor; you can configure to log all API calls, or log only the access denied calls, and you can use advanced event selectors for additional filtering controls.
Network activity events for VPC endpoint is available in preview in all commercial AWS Regions. Please refer to CloudTrail pricing to learn more about network activity events pricing. To learn more about this feature and get started, please refer to the documentation.