2

I have a situation where I need to get all the events that has happened under a user name in AWS account.

I tried using boto3 client's lookup_events() function to get all the events in last hour.

But it looks like some events are not updated immediately in the cloudtrail.

I'm just wondering if there will be any delay that the events to show up in cloudtrail lookup in AWS console.

enter image description here

Underoos
  • 4,708
  • 8
  • 42
  • 85

1 Answers1

6

According to this FAQs page (in the "Event payload, timeliness, and delivery frequency" section), it takes up to 15 minutes for events to get to CloudTrail, and up to 5 minutes for CloudTrail to write to S3. Depending on how the API call gets its events (directly from CloudTrail, or from CloudTrail's S3 trail files), it might take up to 20 minutes before you'd be able to get good results from the API call.

Be alert for gotchas like which regions the events are generated in (if your trail isn't multi-region). Not all trails contain all events.

Paul Hicks
  • 13,289
  • 5
  • 51
  • 78
  • _And in my experience, some events never appear in CloudTrail_. This is not a true statement. If this has ever happened to you, you probably should submit a support ticket. – Asdfg Jan 30 '20 at 20:22
  • Third-party auditors assess the security and compliance of AWS CloudTrail as part of multiple AWS compliance programs. These include SOC, PCI, FedRAMP, HIPAA, and others. – Asdfg Jan 30 '20 at 20:37