Posted On: Apr 17, 2025
Amazon CloudTrail adds support for new advanced event selectors for data events in Trails. Advanced event selectors give you control over which CloudTrail events to log thereby enhancing the efficiency and precision of your security, compliance, and operational investigations while helping reduce costs. With the new selectors, you can further fine tune your logging requirements for data events based on the following attributes:
• eventType: Type of event that generated the event record (e.g., AwsApiCall, AwsServiceEvent, AwsConsoleSignIn, AWSConsoleAction)
• userIdentity.arn: IAM entity that made the request
• sessionCredentialFromConsole: Whether the event originated from an Amazon Web Services Management Console session
• eventSource: The service that the request was made to
For each of these attributes, you can specify values to include or exclude. For example, you can now filter CloudTrail events based on the userIdentity.arn attribute to exclude events generated by specific IAM roles or users. You can exclude a dedicated IAM role used by a service that performs frequent API calls for monitoring purposes. This allows you to significantly reduce the volume of CloudTrail data events captured in your trails, lowering costs while maintaining visibility into relevant user and system activities.
Support for new advanced event selectors for data events on Amazon CloudTrail trails is available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.
For more information about Amazon CloudTrail, please visit Amazon CloudTrail documentation.
