Start your 14-day free trial today

No Credit Card Required

Try Free

Already have an account? Sign In

Send data via CloudTrail to your Logstash instance provided by


Ship logs from CloudTrail to logstash

Step 1 - Confirm S3 BucketCopy

Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already:

Cloudtrail to S3

Step 2 - Ensure Adequate Bucket PermissionsCopy

The following permissions applied to the AWS IAM Policy being used:

  • s3:ListBucket to check if the S3 bucket exists and list objects in it.
  • s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
            "Resource": [

Step 3 - Start Sending Logs to a StackCopy

To start sending logs from CloudTrail to your stack you need to setup and apply an AWS input on an available stack. will verify your input before it is applied. This should be actioned in less than 24 hours, we will contact you to verify.


Step 4 - Check for your logsCopy

Now you should view your logs:

Launch Dashboard

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 5 - Cloudtrail Logging OverviewCopy

AWS CloudTrail is a service that provides governance, compliance, operational auditing, and risk auditing of your AWS account. CloudTrail records all the API calls made in your AWS account by you, AWS services, or third-party applications, and stores the data in an S3 bucket. You can use this information for security analysis, resource change tracking, troubleshooting, and compliance auditing.

CloudTrail logs contain information such as the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. These logs are stored as JSON files and can be analyzed using and the power of Opensearch.

CloudTrail logs can be used for a wide range of use cases, such as:

Security Analysis: You can use CloudTrail logs to monitor and analyze suspicious activity, such as unauthorized access attempts or policy changes.

Compliance Auditing: You can use CloudTrail logs to demonstrate compliance with various industry or regulatory standards, such as PCI DSS, HIPAA, or SOC 2.

Troubleshooting: You can use CloudTrail logs to troubleshoot issues, such as identifying the root cause of a resource deletion or a configuration change.

Resource Change Tracking: You can use CloudTrail logs to track changes to your AWS resources over time, such as the creation, modification, or deletion of an S3 bucket.

CloudTrail logs are an essential part of AWS security and compliance. By enabling CloudTrail, you can gain greater visibility into your AWS environment and ensure that your account remains secure and compliant.

As well as Cloudtrail’s logs,’s centralised log management platform allows you to view RTMP & web distribution Logs.

If you need any assistance with analysing or viewing your logs we're here to help. Feel free to reach out by contacting the support team via live chat & we'll be happy to help you get started.

Toggle View

Compact View

Return to Search

© 2023 Ltd, All rights reserved.