Welcome, Guest Login

Support Center

Integrating with CloudTrail

Last Updated: Jul 23, 2014 02:08PM EDT
Unlike most of Stackdriver, CloudTrail has to be configured on a per-region basis.  So be sure to complete the steps below for each region that you wish Stackdriver to receive CloudTrail data from.
  1. Go to the Amazon console and enable CloudTrail.  Select the bucket you wish to use and set up an SNS topic for notifications.

  2. Go to the SNS console (https://console.aws.amazon.com/sns/home?region=us-east-1#) and find the topic you created in the topics list on the left hand side.  Click on it and then click the Create Subscription button in the right pane

  3. Specify Amazon SQS and put in the Stackdriver arn (arn:aws:sqs:us-east-1:152022173758:stacklog-consumer).  Note that the same queue is used for all regions.

  4. Watch for new event data to begin appearing in Stackdriver

Note: CloudTrail places your event log data into an s3 bucket.  If you have used a more minimal access policy than the default “Read-Only IAM” policy, you will need to add permissions for Stackdriver to read the objects in the bucket you set up for CloudTrail.  See the example policy below (with BUCKET_NAME and ACCOUNT_ID replaced accordingly) 
  "Version": "2012-10-17",
  "Statement": [
      "Action": [
      "Sid": "Stmt1383622584000",
      "Resource": [
      "Effect": "Allow"

Supported Events:

  • Create Security Group
  • Authorize Security Group
  • Revoke Security Group
  • Terminate Instances
  • Run Instances
  • Run Spot Instances
  • Start Instances
  • Stop Instances
  • Reboot Instances
  • Attach Volume
  • Detach Volume
  • Create Volume
  • Delete Volume
  • Create DB Instance
  • Reboot DB Instance
  • Modify DB Instance
  • Delete DB Instance
  • ELB Creation 
  • ELB Deletion
  • ELB Instance Registration
  • ELB Instance Deregistration
  • ELB Policy Change
  • ELB Configuration Change
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found