Posted On: Nov 30, 2017

You can now log the execution activity of your Amazon Lambda functions with Amazon CloudTrail Lambda data events. Previously, you could only log Lambda management events, which provide information on when and by whom a function was created, modified, or deleted. Now, you can also record Lambda data events and get additional details on when and by whom an Invoke API call was made and which Lambda function was executed. All Lambda data events are delivered to an Amazon S3 bucket and Amazon CloudWatch Events, which allows you to respond to events recorded by CloudTrail. For example, you can quickly determine which Lambda functions were executed in the past three days and identify the source of the Invoke API calls. You can take immediate action to restrict Invoke API calls to known users or roles if you detect inappropriate Lambda activity.

You can turn on logging for Amazon Lambda data events using the Amazon CloudTrail console, Amazon CLI, and SDKs. You can view and select which Lambda functions get logged by creating a new trail or editing an existing trail.

Please visit Amazon CloudTrail documentation page for more information.