How To Create a CloudTrail for DynamoDb in AWS?

Question

In AWS it is indicated that there is support to use Cloudtrail to track events in DynamoDB in the link here.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html

However, in the instructions, there is no option to pick DynamoDB anywhere (only S3 and Lambda options are available) so I am looking for any instructions anywhere on how to track DynamoDb events. Specifically I want to know when a table has been deleted.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html

Has anyone had any luck? Thanks!

DynamoDB now supports data plane CloudTrail events. – Berg Mar 29 '21 at 09:29 — Berg, Mar 29 '21 at 09:29

score 0 · Answer 1 · answered Aug 16 '19 at 13:48

The AWS Console displays only S3 and Lambda, since at the moment only those two services are supported for logging data events. E.g. PutObject etc.

DeleteTable is a management event, and is listed in the documentation you posted. If you configure your Trail to log all management events, all AWS services you use, including DynamoDB, will be logging these management events.

Just create a new trail, and include all management events. Then in your Trail's event history you will find the events like below.

How To Create a CloudTrail for DynamoDb in AWS?

1 Answers1