Reputation: 77
How to see AWS KMS events on AWS cloudtrail?
I am using AWS KMS to encrypt and decrypt some data. I want to track all KMS accesses using AWS cloudtrail. When I open my cloudtrail events page, I can't see KMS related events. On KMS documentation page, it is mentioned that kms events are logged in cloudtrail.
Is there a setting to enable it?
Upvotes: 4
Views: 2614
Answers (2)
Reputation: 5489
The previous answer is no longer correct->
When a KMS key gets deleted, it goes through a scheduled key deletion period (7-30 days) and then gets deleted.
You can track the calls made on the ScheduleKeyDeletion and CancelKeyDeletion APIs through CloudTrail. After the waiting period ends, search in CloudTrail for DeleteKey .
Upvotes: 0
Reputation: 9837
KMS is not supported by CloudTrail Event History.
However, you can see the KMS logs if you setup a trail:
If you're looking for a specific API call that doesn't appear in the event history, create a trail and check the log files in your S3 bucket.
Upvotes: 1
Related Questions
- Cloudtrail not logging my s3 bucket events
- Which CloudWatch log contains EKS' Kubernetes events?
- AWS Cloudtrail Event for S3 Bucket in Terraform
- How to monitoring Cloudformation events in Amazon EventBridge / Amazon CloudWatch?
- How to manage AWS CloudTrail logs events to CloudWatch?
- In CloudTrail (API) how can I list event names only
- Why eks cluster doesn't have corresponding logs in CloudWatch
- How to enable AWS EMR CloudTrail logging?
- Tracking AWS KMS activities
- Get AWS CloudTrail log to Kibana