Sending AWS CloudTrail logs to the S3 Bucket

data codes through eyeglasses
Reading Time: 5 minutes

Hello Readers!!! We are again back with a new exciting service of AWS i.e CloudTrail. This blog will show how to send AWS CloudTrail logs to the S3 bucket. So, before moving to the S3 bucket let’s first discuss what is AWS CloudTrail and its uses.

AWS CloudTrail:

AWS CloudTrail is a service by which you can track changes to your AWS resources, including Amazon S3 buckets, Amazon EC2 instances, and AWS Identity and Access Management (IAM) users and roles. You can also use CloudTrail to help detect security incidents, troubleshoot operational issues, and analyze usage patterns.

It provides a record of all API calls made in your AWS account, including calls made through the AWS Management Console, AWS CLI, and AWS SDKs. CloudTrail logs include details such as the identity of the user or resource that made the call, the time of the call, and the parameters passed to the API.

How it works:

  • AWS CloudTrail works by recording API calls made in your AWS account and storing them as log files in an S3 bucket or CloudWatch Logs log group.
  • Enable CloudTrail: First, you need to enable CloudTrail in your AWS account. This can be done through the AWS Management Console as well as by using the AWS CLI.
  • CloudTrail Records API Activity: Once enabled, CloudTrail will start recording API activity in your account. This includes API calls made through the AWS Management Console, AWS CLI, and AWS SDKs.
  • Store Log Files: CloudTrail stores the log files in an S3 bucket or CloudWatch Logs log group that you specify. You can use S3 lifecycle policies to manage the retention of log files and to automatically archive or delete them as needed.
  • Analyze and Visualize Log Data: You can use tools such as Amazon Athena, Amazon QuickSight, or third-party tools to analyze and visualize the CloudTrail log data. This can help you identify trends, detect security incidents, and troubleshoot operational issues.
  • Monitor and Alert: You can set up CloudTrail to send notifications or alerts when specific API activity or changes to resources occur in your account. This can help you detect potential security threats or unauthorized access.

Overall, AWS CloudTrail provides a comprehensive audit trail of all API activity in your AWS account, enabling you to monitor, manage, and secure your AWS environment.

Sending AWS CloudTrail logs to the S3 Bucket:

Step 1: Create an S3 Bucket for sending logs to it. If you haven’t already, create an S3 bucket where you want to store your CloudTrail logs.

create bucket

The S3 bucket is created here. This bucket is empty and has no objects for now.


Step 2: In AWS Management Console, Open the CloudTrail service. We will be able to see the account event history here as below. Event history shows you the last 90 days of events.

event history

Create a trail here. For this move to dashboard > CloudTrail Insights > Create a trail

create trail

Choose trail attributes. Give here a name to the trail.

trail attributes

Now choose here storage location. We have already created a bucket so select here to use the existing s3 bucket and give the trail log bucket name.


Click on Next.

Step 3: Choose log events. So, select the events you want to see for all current and future resources in the AWS account.

log events

Select the management events.

management events

Choose data events. Data events show information about the resource operations performed on or within a resource.

data events

So, Click on next. Review and click on Create trail. CloudTrail is created.


Now, we are all done. Once you’ve configured your CloudTrail Trail to send logs to your S3 bucket, you can verify that logs are being delivered by checking the S3 bucket for new log files. We should now able to see some objects inside our S3 bucket. We can see one object got created itself by the name of AWSLogs/.

Inside this we can see objects.


Now, all the AWS CloudTrail logs can be seen in the S3 bucket. With your CloudTrail logs stored in S3, you can use tools such as Amazon Athena or Amazon QuickSight to analyze and visualize the log data. You can also use third-party tools or create custom scripts to process and analyze the log data.

By sending CloudTrail logs to an S3 bucket, you can store your log data in a durable, scalable, and cost-effective manner, and gain insights into your AWS account activity.


Thank you for sticking to the end. In this blog, we have learned how we can send AWS CloudTrail logs to the S3 bucket. So, this is really very useful. I hope this blog helped you somewhere. Please share if you liked this blog. Kindly reach out to me for any related queries.


Written by 

Naincy Kumari is a DevOps Consultant at Knoldus Inc. She is always ready to learn new technologies and tools. She loves painting and dancing.