AWS CloudTrail

Log AWS API activity as changes via EventBridge to correlate infrastructure changes with incidents.

InboundCloud Platforms
Start Free Trial

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for AWS CloudTrail.

Configure AWS CloudTrail

Add the webhook URL in your AWS CloudTrail settings.

Auto-Detected

Alert24 auto-detects AWS CloudTrail payloads and maps them to incidents.

Step-by-Step Setup Instructions

AWS CloudTrail Webhook Setup

1.Create an SNS Topic for CloudTrail events
2.In EventBridge, create a rule matching specific CloudTrail API calls:

- Source: aws.cloudtrail or specific service sources

- Filter by detail.eventSource and detail.eventName as needed

3.Set the target to your SNS topic
4.Add an HTTPS subscription using the webhook URL above
5.Confirm the subscription

Example Webhook Payload

This is a sample payload that AWS CloudTrail sends to Alert24 when an alert fires.

{
  "version": "0",
  "source": "aws.cloudtrail",
  "detail-type": "AWS API Call via CloudTrail",
  "detail": {
    "eventSource": "iam.amazonaws.com",
    "eventName": "CreateUser",
    "userIdentity": {
      "type": "IAMUser",
      "userName": "admin"
    },
    "awsRegion": "us-east-1",
    "sourceIPAddress": "203.0.113.50",
    "requestParameters": {
      "userName": "new-user"
    },
    "responseElements": null
  }
}

How Alert24 Maps AWS CloudTrail Data

Status Field

detail.errorCode

Message Field

detail.eventName

Auto-Create Incidents

Yes

Auto-Resolve Incidents

No

Status Mapping

Alert24 StatusAWS CloudTrail Values
operational
down
UnauthorizedAccessAccessDeniedClient.UnauthorizedAccess

Track AWS Infrastructure Changes

Track changes for incident correlation and AI root cause analysis

  1. 1Create an EventBridge rule matching CloudTrail API events
  2. 2Create an API destination with your Alert24 Changes Webhook URL
  3. 3Add the API destination as the rule target

Alert24 auto-detects CloudTrail event payloads and extracts the AWS service, operation, user, and region.

Changes are logged per service. Copy the Changes Webhook URL from your service page in Alert24. When an incident occurs, recent changes are surfaced automatically with AI-powered root cause analysis. Learn more →

Connect AWS CloudTrail to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Cloud Platforms Integrations

AWS CloudWatch

Inbound

Receive CloudWatch alarm notifications via SNS webhook.

Azure Monitor

Inbound

Receive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.

Azure Service Health

Inbound

Receive Azure Service Health incident, maintenance, and advisory notifications.

Azure Resource Health

Inbound

Receive Azure Resource Health notifications for individual resource availability.

Google Cloud Monitoring

Inbound

Receive Google Cloud Monitoring (formerly Stackdriver) alerts.

Google Cloud SCC

Inbound

Receive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.