Amazon CloudWatch metrics API now supports Amazon CloudTrail data event logging
Amazon CloudWatch now supports Amazon CloudTrail data event logging for all metrics data plane APIs, including GetMetricData, PutMetricData, GetMetricStatistics and ListMetrics APIs. With this launch, customers have full visibility into metric ingestion and egress activity to their Amazon Web Services account for best practices in security, operational troubleshooting, and financial management.
CloudTrail captures API activities related to Amazon CloudWatch metrics APIs as events. Using the information that CloudTrail collects, you can identify a specific request to any of the CloudWatch metric APIs, the IP address of the requester, the requester's identity, and the date and time of the request. Logging CloudWatch PutMetricData and other metrics APIs using CloudTrail helps you enable operational and risk auditing, governance, and compliance of your Amazon Web Services account.
Amazon CloudTrail logging for the data plane metrics API actions is now available in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD.
Data logging incurs charges according to Amazon CloudTrail Pricing. To learn more about this feature, visit the Amazon CloudWatch documentation page. To enable logging for Amazon CloudWatch metrics data events, using the Amazon CloudTrail Management Console, specify CloudWatch metric as the data event type, then choose the APIs that you want to monitor.