Posted On: May 22, 2024

Today, Amazon Kinesis Data Streams announces support for logging data plane APIs using Amazon CloudTrail, enabling customers to have greater visibility into data stream activity in their account for best practices in security and operational troubleshooting. Amazon Kinesis Data Streams is a serverless data streaming service that enables customers to capture, process, and store data streams at any scale. 

CloudTrail captures API activities related to Amazon Kinesis Data Streams as events, including calls from the Amazon Kinesis Data Streams console and calls made programmatically using Amazon Kinesis Data Streams APIs. Using the information that CloudTrail collects, you can identify a specific request to an Amazon Kinesis Data Streams API, the IP address of the requester, the requester's identity, and the date and time of the request. Logging Kinesis Data Streams APIs using CloudTrail helps you enable operational and risk auditing, governance, and compliance of your account. Kinesis Data Streams APIs that are now supported for CloudTrail logging are:

  • GetRecords
  • GetShardIterator
  • PutRecord
  • PutRecords
  • SubscribeToShard

 

To opt-in for CloudTrail logging of the above mentioned data plane APIs, you can simply configure logging on your data stream using the Amazon CloudTrail Console or by using CloudTrail APIs.

Logging data plane Kinesis Data Streams APIs using Amazon CloudTrail is now available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.

To learn more about logging data plane APIs using Amazon CloudTrail, see the documentation. For more information about CloudTrail, see the Amazon CloudTrail User Guide.