Daily Blog #809: Testing AWS Log Latency - CreateAccessKey

Continuing from yesterday's post, it's time for another AWS CloudTrail speed test. Today, we're putting IAM activity to the test by examining the CreateAccessKey event, which occurs when a new Access Key ID is created for an IAM user.

One thing I noticed while running this test was that I wasn't entirely sure which region the log would appear in. Unlike the console sign-in URL, IAM is a global service, meaning there's no region-specific endpoint that clearly indicates where CloudTrail logs will land for IAM activity. This lack of clarity left me wondering which region the event would be recorded in.

I had a theory that the CreateAccessKey event would appear in us-east-1, mainly because it's always listed first in AWS's list of regions. However, I wanted to test this hypothesis and verify its accuracy.

To put my theory to the test, I switched between us-east-1 and us-east-2 during testing. This allowed me to observe how CloudTrail handles event delivery for IAM activity across different regions.

Surprisingly, after just 90 seconds, the CreateAccessKey event appeared in us-east-1, confirming my initial suspicion. The delivery of the log was consistent with what I'd seen previously for the ConsoleLogin event – a swift and reliable process that gets results quickly.

While this test provided valuable insights into CloudTrail's handling of IAM activity, there's still more to explore. In tomorrow's blog post, I'll be testing the log delay for changing account permissions, so stay tuned for that upcoming update!