CloudTrail API Reference

Programmatically monitor and analyze your cloud environment using the CloudTrail API. View detailed event logs, create trails, and track resource changes at scale.

Get Started with API → Authentication

Authentication

Use AWS Signature Version 4 ( Sigv4 ) to authenticate all API requests. This requires your access key ID and secret access key stored securely in your environment.

Example: CLI Configuration

aws configure set aws_access_key_id YOUR_ACCESS_KEY

Available Endpoints

1. Create Trail

POST

Establish a new CloudTrail configuration with logging parameters.

POST /api/v2/trails/

Required Parameters

  • name: string
  • s3BucketName: string
  • multiRegion: boolean

Response

{"trailName":"MyTrail","status":"Enabled"}

2. List Events

GET

Query recent event logs from your trails.

GET /api/v2/trails/{name}/events

Query Parameters

  • startTime: ISO8601
  • endTime: ISO8601
  • maxResults: integer

Response

[{"eventTime":"2025-08-10T12:00:00Z", "eventSource":"s3.amazonaws.com"}]

Query Logs

Execute advanced event filtering using JSONPath syntax to focus on specific event patterns.

JSONPath Query

Powerful

Use advanced patterns to filter events by resource type, user identity, or other properties.

POST /api/v2/trails/{name}/search

Event Patterns

Flexibility

Combine multiple conditions to create custom monitoring rules for specific workflows.

Pattern query example