CloudTrail is AWS's account-wide audit log: it records who called which API, from where, and when. Claude Platform on AWS is an Anthropic-operated service, but its front door is an AWS gateway that signs requests with AWS credentials under the IAM service prefix aws-external-anthropic. That means your existing CloudTrail pipeline — the same one your security team already uses for S3 or IAM changes — can see Claude activity too. The catch is that not all of it is logged by default.
Management events vs. data events
CloudTrail splits activity into two classes, and Claude Platform on AWS uses both deliberately.
Management events are logged by default on every trail at no extra charge. For Claude Platform on AWS, the workspace, vault, and webhook actions are Management events — a choice the documentation attributes to the fact that vaults and webhooks hold secrets. So CreateWorkspace, ArchiveWorkspace, vault changes, webhook changes, and RotateWebhookSecret appear in your trail out of the box.
Data events require explicit, paid opt-in on the trail. Inference, batch, model, file, skill, user profile, and the remaining Managed Agents actions all fall into this class. If you want a record of every CreateInference call (each POST /v1/messages), you must enable data event logging for the service and accept the per-event cost.
| Event class | Actions covered | Logged by default? |
|---|---|---|
| Management | Workspace, vault, and webhook actions | Yes |
| Data | Inference, batch, model, file, skill, user profile, remaining Managed Agents actions | No — opt-in, billed |
Filtering for Claude activity
Every action for this platform lives under the aws-external-anthropic namespace, using AWS's usual VerbNoun convention (65 actions in total). That gives you a clean filter: query your CloudTrail store for events whose source or action name belongs to that service prefix. The resource being acted on is a workspace, with ARNs of the form arn:aws:aws-external-anthropic:{region}:{account-id}:workspace/{workspace-id} — the resource segment is the same tagged wrkspc_... ID your applications pass in the anthropic-workspace-id header, so log entries correlate directly with application configuration.
One more correlation aid: every response from the platform carries two request IDs. x-amzn-requestid is the primary one, indexed in CloudTrail and the ID to quote to AWS support; request-id is Anthropic's identifier, for Anthropic support. Logging both from your application makes it possible to walk from an application error to the matching CloudTrail entry and to either support channel.
What to alert on
Since the security-sensitive control-plane actions are Management events, you get useful alerting material for free. Candidates worth wiring into your monitoring:
Workspace lifecycle: CreateWorkspace and ArchiveWorkspace change your isolation boundaries. Note that CreateWorkspace and ListWorkspaces are account-scoped actions, and workspaces support archive only — there is no hard delete.
Secret-bearing resources: vault and webhook changes, and especially RotateWebhookSecret, which is deliberately not matched by Create*/Update*/Delete* IAM wildcards. An unexpected rotation or vault update is a strong signal something is being reconfigured.
If you enable data events: spikes in CreateInference volume from unexpected principals, GetFile or GetBatchInference reads (both return content, not just metadata), and GetSession (which can return full conversation history) are the reads a security team typically cares about.
Compliance framing
CloudTrail gives you evidence of who called the AWS gateway. It does not change where inference runs or who processes the content: on Claude Platform on AWS, Anthropic is the data processor for inference inputs and outputs, while AWS handles identity and billing metadata. For audits, pair CloudTrail evidence with your Anthropic data-handling terms, and confirm any certification requirements with the providers directly rather than inferring them from log availability.
Where to go next
For the IAM side of the same story, see the full IAM actions reference and copy-paste IAM policies. For broader monitoring, read observability for Claude Platform on AWS workloads.