How can I check to see who modified a Lambda function what changes were made?

3 minute read

I want to find out who modified an AWS Lambda function and what changes were made.

Resolution

You can use AWS CloudTrail to track which users are modifying Lambda functions and what changes were made. CloudTrail is turned on by default for your AWS account.

For an ongoing record of events in your AWS account, create a trail. Using a trail, CloudTrail creates logs of API calls made on your account. These logs are delivered to an Amazon Simple Storage Service (Amazon S3) bucket that you specify. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history.

Event history

1. Open the CloudTrail console.

2. In the navigation pane, choose Event history.

3. Follow the instructions for viewing, displaying, and filtering CloudTrail events for your use case.

You can also download recorded event history as a file in CSV or JSON format.

For an example CloudTrail log entry for the GetFunction and DeleteFunction API actions, see Understanding Lambda log file entries in the Lambda Developer Guide.

Important: The eventName might include date and version information, such as "GetFunction20150331", but it's still referring to the same public API.

For a list of all supported Lambda APIs, see Actions in the Lambda Developer Guide.

CloudTrail logs

1. Open the CloudTrail console.

2. In the navigation pane, choose Trails.

3. Select the S3 bucket value for the trail that you want to view. The Amazon S3 console opens and shows that bucket, at the top level for the log files.

4. Choose the folder for the AWS Region where you want to review log files.

5. Navigate the bucket folder structure to the year, the month, and the day where you want to review logs of activity in that Region.

6. Select the file name, and then choose Download.

7. Unzip the file, and then use your favorite JSON file viewer to see the log.

The log contains information about requests for resources in your account. For example, who made the request, the services used, and the actions performed. For more information, see Understanding Lambda log file entries.

Related information

Using AWS Lambda with AWS CloudTrail

Logging Lambda API calls with CloudTrail

How do I know which user made a particular change to my AWS infrastructure?

Topics

Serverless Compute Management & Governance

Relevant content

How can I lock my Lambda function to prevent accidental changes?
Accepted Answer
Nir_Sh
asked 5 years ago
What public objects were accessed?
jkpk2023
asked 9 months ago
How to track calls which were not in compliance?
Muhammad Imran
asked 7 months ago
AWS Lambda function not displaying logs to CloudWatch unless the function is modified and re-deployed
Arturo Avila
asked 6 months ago
Can I trigger a lambda function to execute based on a change to a user in amazon connect?
Accepted Answer
ChrisConnect
asked a year ago
How do I set up a Lambda function to invoke when a state changes in AWS Step Functions?
AWS OFFICIALUpdated 2 years ago
How do I know which user made a particular change to my AWS infrastructure?
AWS OFFICIALUpdated 2 years ago
How can I be notified when changes are made to Route 53 hosted zone records?
AWS OFFICIALUpdated 2 years ago
Can I change the environment variables in a published version of my Lambda function?
AWS OFFICIALUpdated 2 years ago
How to customize audit logs in OpenSearch to see which queries were run by users?
EXPERT
Cathy W
published 2 months ago