Integrating Amazon CloudTrail with Access Manager

Amazon CloudTrail logs the actions or events performed on an AWS account. You can use this service to monitor or audit the account events.

When AWS is federated with Access Manager using SAML, you can use CloudTrail to log the federated user activities. For example, you can see all events created while auto scaling Access Manager on AWS or see the events when an Access Manager user uses an AWS service. The CloudTrail dashboard displays the event details of the SAML federated users.

The following is an example event:

{
    "eventVersion": "1.05",
    "userIdentity": {
        "type": "AssumedRole",
        "principalId": "AROAYZ********BWLFGFA:bob",
        "arn": "arn:aws:sts::6043*****611:assumed-role/NAM-EC2User/bob",
        "accountId": "6043*****611"
    },
    "eventTime": "2019-08-29T07:29:18Z",
    "eventSource": "signin.amazonaws.com",
    "eventName": "ConsoleLogin",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "192.31.114.252",
    "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
    "requestParameters": null,
    "responseElements": {
        "ConsoleLogin": "Success"
    },
    "additionalEventData": {
        "LoginTo": "https://console.aws.amazon.com/console/home",
        "MobileVersion": "No",
        "MFAUsed": "No",
        "SamlProviderArn": "arn:aws:iam::604384964611:saml-provider/NAM-IDP"
    },
    "eventID": "5f4cb814-5c71-49f7-8ea6-7b17a114108f",
    "eventType": "AwsConsoleSignIn",
    "recipientAccountId": "604384964611"
}

For more information about CloudTrail, see AWS CloudTrail.