DynamoDB-CloudTrail
user-pcr
DynamoDB includes CloudTrail integration. It captures low-level API requests from or to DynamoDB in an account and sends the log files to the specified S3 bucket. It targets calls from the console or API. You can use this data to determine the requests made and their source, user, timestamp, and more.
When enabled, it monitors activities in log files that include other service entries. It supports eight activities and two streams −
The eight actions are:
- CreateTable
- DeleteTable
- DescribeTable
- ListTables
- update table
- DescribeReservedCapacity
- DescribeReservedCapacityOfferings
- PurchaseReservedCapacityOfferings
While the two streams are
| Control- DescribeStream
- ListStreams
All logs contain information about accounts making requests. You can determine detailed information, such as whether the root or IAM user sent the request, or with temporary credentials, or with federation.
Log files remain in the vault for any amount of time you specify, with archiving and deletion options. By default, encrypted logs are created. You can set alerts for new logs. You can also organize multiple magazines by region and account in one bucket.
Interpreting Log Files
Each file contains one or more entries. Each entry consists of several JSON events. The entry represents the request and includes related information; no order guarantee.
You can view the following log file example −
