What is the minimum and maximum possible delay of CloudTrail events appearing in the S3 bucket? E.g. the delay can range from 5 to 20 mins.
The CloudTrail video states that CloudTrail Event Logs are ‘Delivered every 5 (active) minutes with up to 15-minute delay’. Does this mean that there could be as much as 20 minute delay or just 15?
2 Answers
Hi Vitaly,
Questions 2 & 3 of this section of the FAQ should provide you answers.
Q: How long does it take CloudTrail to deliver an event for an API call? Typically, CloudTrail delivers an event within 15 minutes of the API call. Q: How often will CloudTrail deliver log files to my Amazon S3 bucket? CloudTrail delivers log files to your S3 bucket approximately every 5 minutes. CloudTrail does not deliver log files if no API calls are made on your account.
The wording seems decent: "Every time an API is captured, it’s associated with an event and written to a log. And new logs are created approximately every five minutes or so, but they are not delivered to a nominated S3 bucket for persistent storage for approximately 15 minutes after the API was called. So if you expect to see the log file for an API called seven minutes ago, then you may not see the log as expected for potentially another eight minutes. The log files are held by the CloudTrail service until final processing has been completed. Only then will it be delivered to S3, and optionally, AWS CloudWatch, depending on your configuration of the trail."
I am assuming that while creating CloudWatch rules based on CloudTrails events, they will be triggered with the lag of potentially 15 minutes. Unless AWS does communicate such events to CloudWatch faster. Does anyone know if that is the case?