What are the differences between data and management events in CloudTrail?
Last updated: 2019-10-31
I want to understand the differences between data and management events in AWS CloudTrail.
CloudTrail management events
CloudTrail records management events for the last 90 days free of charge, and are viewable in the Event History with the CloudTrail console. For Amazon Simple Storage Service (Amazon S3) delivery of CloudTrail events, the first copy delivered is free. Additional copies of management events are charged. Management events are also known as control plane operations. For more information, see Viewing Events with CloudTrail Event History.
CloudTrail data events
CloudTrail data events are disabled by default. You can enable logging at an additional cost. Data events are also known as data plane operations and are often high-volume activities. Data events aren't viewable in CloudTrail event history and are charged for all copies at a reduced rate compared to management events. For instructions to log data events to an Amazon S3 bucket, see Logging Data Events with the AWS Management Console.
Note: You must have a trail enabled to log to an S3 bucket.
For information on the additional costs associated with data and management events, see AWS CloudTrail pricing.
For a list of supported logging events, see CloudTrail Supported Services and Integrations.
To review CloudTrail event history and query event logs, see How can I use CloudTrail to review what API calls and actions have occurred in my AWS account?