- 新しい順
- 投票が多い順
- コメントが多い順
That's correct: CloudTrail events that are captured by any of your configured trails in the region are delivered to EventBridge, and events not recorded by any of the trails you've configured do not get delivered. It's summarised in this documentation segment: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-eventbridge
The point about some events being reported both by CloudTrail and the underlying service refers to that information about certain types of events is available directly from the underlying service as well as by listening to CloudTrail events. For example, if an EC2 instance is stopped by the customer calling the StopInstances
API, it can be observed either by listening to CloudTrail for that API call or by using the EC2 instance state change notification that EC2 delivers to EventBridge without involving CloudTrail: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instance-state-changes.html.
However, while both methods would detect an operator shutting down an instance, the event from EC2 wouldn't say which IAM role or user requested it, while the CloudTrail event would contain that information. On the other hand, the EC2 instance state notification would also respond to an AWS-initiated event or hardware failure, while CloudTrail would only log events requested explicitly by calling an API in your account.
関連するコンテンツ
- AWS公式更新しました 1ヶ月前
- AWS公式更新しました 1年前
- AWS公式更新しました 3年前
Thank you fo this clear and thorough answer. Is there also a difference in delivery time of these two mechanisms?
In general, both CloudTrail and other services send messages to EventBridge nearly in real time, but semantics can vary. For example, EC2 might notify about an EBS volume creation completing, while CloudTrail would produce a log entry as soon as the API request is made to create the volume. In many cases, there's no major difference in timing, but with long-lasting operations where the service only notifies about the completion, there can be.