amazon-web-servicesamazon-s3amazon-ec2aws-lambdaamazon-cloudtrail

Console login events not showing in Cloudtrail


As the title gives it away, I logged into my AWS console today morning but can't see the logs in Cloudtrail for the same.

My question is

a) Is this default behaviour to log AWS console login to Cloudtrail ? b) What could i possibly have missed ?


Solution

  • Console login events are IAM events and IAM is a global service. Global service events are captured in us-east-1 (N. Virginia) region.

    So, regardless of which AWS region you are working in, when you login to the AWS console this event will only be captured in us-east-1, not the region you are working in (if different to us-east-1).

    To view the console login events for your account, navigate to the CloudTrail event history and select N.Virginia from the region selector. (since Nov. 2021).

    This behaviour was implemented as of Nov. 2021 - read this for more -> https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events