Claude Platform on AWS in Practice

CloudTrail Logging for Claude Platform on AWS

Because Claude Platform on AWS authenticates through IAM, its API calls show up in AWS CloudTrail like any other AWS service — but only if you know which events are on by default and which ones you have to pay to capture.

Claude 3P 101 · Updated July 2026 · Unofficial guide

CloudTrail is AWS's account-wide audit log: it records who called which API, from where, and when. Claude Platform on AWS is an Anthropic-operated service, but its front door is an AWS gateway that signs requests with AWS credentials under the IAM service prefix aws-external-anthropic. That means your existing CloudTrail pipeline — the same one your security team already uses for S3 or IAM changes — can see Claude activity too. The catch is that not all of it is logged by default.

Management events vs. data events

CloudTrail splits activity into two classes, and Claude Platform on AWS uses both deliberately.

Management events are logged by default on every trail at no extra charge. For Claude Platform on AWS, the workspace, vault, and webhook actions are Management events — a choice the documentation attributes to the fact that vaults and webhooks hold secrets. So CreateWorkspace, ArchiveWorkspace, vault changes, webhook changes, and RotateWebhookSecret appear in your trail out of the box.

Data events require explicit, paid opt-in on the trail. Inference, batch, model, file, skill, user profile, and the remaining Managed Agents actions all fall into this class. If you want a record of every CreateInference call (each POST /v1/messages), you must enable data event logging for the service and accept the per-event cost.

Event classActions coveredLogged by default?
ManagementWorkspace, vault, and webhook actionsYes
DataInference, batch, model, file, skill, user profile, remaining Managed Agents actionsNo — opt-in, billed

Filtering for Claude activity

Every action for this platform lives under the aws-external-anthropic namespace, using AWS's usual VerbNoun convention (65 actions in total). That gives you a clean filter: query your CloudTrail store for events whose source or action name belongs to that service prefix. The resource being acted on is a workspace, with ARNs of the form arn:aws:aws-external-anthropic:{region}:{account-id}:workspace/{workspace-id} — the resource segment is the same tagged wrkspc_... ID your applications pass in the anthropic-workspace-id header, so log entries correlate directly with application configuration.

One more correlation aid: every response from the platform carries two request IDs. x-amzn-requestid is the primary one, indexed in CloudTrail and the ID to quote to AWS support; request-id is Anthropic's identifier, for Anthropic support. Logging both from your application makes it possible to walk from an application error to the matching CloudTrail entry and to either support channel.

What to alert on

Since the security-sensitive control-plane actions are Management events, you get useful alerting material for free. Candidates worth wiring into your monitoring:

Workspace lifecycle: CreateWorkspace and ArchiveWorkspace change your isolation boundaries. Note that CreateWorkspace and ListWorkspaces are account-scoped actions, and workspaces support archive only — there is no hard delete.

Secret-bearing resources: vault and webhook changes, and especially RotateWebhookSecret, which is deliberately not matched by Create*/Update*/Delete* IAM wildcards. An unexpected rotation or vault update is a strong signal something is being reconfigured.

If you enable data events: spikes in CreateInference volume from unexpected principals, GetFile or GetBatchInference reads (both return content, not just metadata), and GetSession (which can return full conversation history) are the reads a security team typically cares about.

Rule of thumb: treat Management events as your compliance evidence baseline — they are already flowing — and turn on data events only for the workspaces where per-request audit evidence is actually required, since data event logging is billed per event.

Compliance framing

CloudTrail gives you evidence of who called the AWS gateway. It does not change where inference runs or who processes the content: on Claude Platform on AWS, Anthropic is the data processor for inference inputs and outputs, while AWS handles identity and billing metadata. For audits, pair CloudTrail evidence with your Anthropic data-handling terms, and confirm any certification requirements with the providers directly rather than inferring them from log availability.

Where to go next

For the IAM side of the same story, see the full IAM actions reference and copy-paste IAM policies. For broader monitoring, read observability for Claude Platform on AWS workloads.

Sources