Hi, Cloud trail logs any/all AWS API calls - these could be from a 'real' end user - for example you yourself doing something in the console. It can also be from services though - for example an Amazon EC2 machine could be calling an API to do 'something'. When an EC2 machine does something cloudtrail logs the username as the instance name - so you can track it back. That same concept is true of lots of other services - you'll most likely see more entries from services than from real users.
There is some more information here that goes in to more detail: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html
If you look up the name you see in the logs in the EC2 screen you will find the machine it's coming from.
Relevant content
- asked 6 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
