AWS announces CloudTrail aggregated events, a new feature that simplifies how enterprises monitor and analyze their CloudTrail data events at scale. Aggregations are available for CloudTrail data events, which could generate thousands of events per minute as users access resources like Amazon S3 buckets or AWS Lambda functions. With this feature, security, compliance, and operations teams can efficiently monitor high-volume data access patterns without processing massive numbers of individual events.
Aggregation for data events streamlines security monitoring by consolidating high-volume AWS API activity into 5-minute summaries. These summaries highlight key trends like access frequency, error rates, and most-used actions, allowing teams to quickly identify patterns while maintaining access to detailed events when needed. Security teams can easily answer questions like “How has this user’s activity changed over the past week?” or “What are the top actions being performed on this critical resource?” without having to scan through voluminous CloudTrail data events.
You can enable aggregation in your trails capturing data events through the AWS console or CLI, and choose from pre-built aggregation templates for API activity, resource access, and user activity summaries. For more information, see the CloudTrail trail documentation. You are charged for aggregations based on the number of CloudTrail data events that are analyzed to create the aggregation. For more information, visit the CloudTrail pricing page.
You can use CloudTrail aggregations for data in all commercial AWS Regions.
Categories: general:products/aws-cloudtrail,marketing:marchitecture/management-and-governance
Source: Amazon Web Services
