Enhancing Observability and Security: CloudWatch PutMetricData Now Integrates with CloudTrail Data Event Logging
Seattle, WA – July 1, 2025 – Amazon Web Services (AWS) is pleased to announce a significant enhancement to its cloud monitoring and logging capabilities. Effective today, the Amazon CloudWatch PutMetricData API now supports AWS CloudTrail data event logging, providing customers with a more comprehensive and integrated approach to understanding and securing their AWS environments.
This new integration empowers users with deeper insights into how their custom metrics are being collected and managed within their AWS accounts. By enabling CloudTrail data event logging for PutMetricData calls, organizations can now gain visibility into the specific operations that create or update custom metrics in CloudWatch. This granular level of detail is invaluable for a variety of use cases, including security audits, operational troubleshooting, and compliance reporting.
What This Means for You:
Previously, while CloudTrail logged management events for PutMetricData (e.g., when a user invoked the API), it did not capture the specific details of the metric data being sent. With this update, every invocation of the PutMetricData API will be logged as a data event in CloudTrail, including:
- The specific metric names and values being published.
- The dimensions associated with those metrics.
- The timestamps of when the metrics were sent.
- The identity of the principal that made the
PutMetricDatacall. - The region and AWS account where the action occurred.
This enriched data can be invaluable for:
- Security Analysis: Detect and investigate unauthorized or anomalous metric publishing activities. For instance, you can identify if unexpected metrics are being generated or if metrics are being modified in an unauthorized manner.
- Operational Troubleshooting: Understand the exact data flow contributing to metric changes. If you encounter issues with your monitoring dashboards or alerts, having detailed logs of
PutMetricDatacan help pinpoint the source of the problem. - Compliance and Auditing: Meet regulatory requirements by maintaining a detailed audit trail of all metric data submissions. This provides a clear record for auditors and helps demonstrate adherence to internal policies and external regulations.
- Cost Optimization: Monitor the volume and nature of custom metrics being published, which can help identify potential cost inefficiencies related to excessive metric generation.
Seamless Integration for Enhanced Visibility:
This enhancement is designed to be straightforward for existing AWS users. Customers can enable CloudTrail data event logging for CloudWatch PutMetricData through the AWS Management Console, AWS CLI, or AWS SDKs. Once enabled, CloudTrail will begin capturing these data events, which can then be stored in an S3 bucket or sent to CloudWatch Logs for analysis and retention.
By leveraging the power of CloudTrail alongside CloudWatch, organizations can achieve a more robust and unified observability strategy. This integration underscores AWS’s commitment to providing customers with the tools they need to build, deploy, and manage secure and well-performing applications in the cloud.
We are confident that this new capability will significantly benefit our customers by providing enhanced visibility, security, and control over their custom metric data. We encourage you to explore this new feature and discover how it can empower your cloud operations.
Amazon CloudWatch PutMetricData API now supports AWS CloudTrail data event logging
AI has delivered the news.
The answer to the following question is obtained from Google Gemini.
Amazon published ‘Amazon CloudWatch PutMetricData API now supports AWS CloudTrail data event logging’ at 2025-07-01 17:00. Please write a detailed article about this news in a polite tone with relevant information. Please reply in English with the article only.