CloudTrail Event Viewer - Highlight, Filter, and Search AWS CloudTrail Events

First Published:
Last Updated:

View, filter, highlight, and export AWS CloudTrail events directly in your browser. Paste aws cloudtrail lookup-events output, S3-delivered log JSON, or JSON Lines - no AWS credentials needed.

All processing is performed entirely in your browser using client-side JavaScript. No data is transmitted to any server. Your CloudTrail events never leave your device.

  • This tool is provided "AS IS" without any warranties of any kind.
  • The author accepts no responsibility for missed events, misread events, or incorrect security decisions based on its output.
  • CloudTrail events may contain sensitive information (account IDs, IP addresses, resource ARNs). Only load events you are authorized to view.
  • By using this tool, you accept full responsibility for any outcomes.

This tool uses client-side JavaScript for all processing. No data is transmitted to servers, no files are uploaded online, all processing happens locally in your browser. Once loaded, this tool continues to work even without an internet connection. For more details, please refer to our Web Tools Disclaimer.

Load CloudTrail events
Accepts Lookup Events output ({ "Events": [ { "CloudTrailEvent": "..." } ] }), S3 log JSON ({ "Records": [ ... ] }), a single event object, a JSON array of events, or JSON Lines (one event per line).
Drop a .json file here, or click to browse.
Gzipped files (.json.gz) are not supported - decompress first.
Load a preset sample

Events

0
of 0 total after filtering

Top Event Names

  • No data

Top Source IPs

  • No data

Top Users

  • No data
Timestamp Event Name Event Source User Type Source IP Region
No events loaded. Paste JSON, upload a file, or try a sample.

Features

  • Multiple Input Formats: Lookup Events output (CloudTrailEvent auto-unwrapped), S3 log files (Records), single event objects, JSON arrays, and JSON Lines.
  • Rich Filtering: Event name substring, event source, user identity type, error code presence, read/write, and UTC time range.
  • Important-Event Highlighting: ConsoleLogin, AssumeRole, CreateUser, AttachUserPolicy, PutBucketPolicy, CreateAccessKey, StopLogging, DeleteTrail, and other security-relevant events are visually emphasized.
  • Error & Root Warnings: Events with errorCode are shown in red; Root user activity is shown in a warning color.
  • Statistics: Top event names, source IPs, and user identities at a glance.
  • Expandable Details: Click any row to view the full raw JSON of that event.
  • Export: Download the filtered result as CSV (flat summary) or JSON (original events wrapped in Records).
  • Privacy: Everything runs locally in your browser. No event data is sent anywhere.

How to Use

  1. Open the Samples tab to try a preset, or paste your own CloudTrail JSON in the Paste JSON tab.
  2. Click Load Events (for pasted JSON) or drop a .json file in the Upload File tab.
  3. Use the filter panel to narrow down events - the table and statistics update in real time.
  4. Click any row to expand or collapse the full event JSON.
  5. Click Export CSV or Export JSON to download the currently filtered events.
  6. Click Clear All to reset the tool.

Important Notes

  • Out of scope (MVP): S3-delivered .json.gz auto-decompression is not supported. Decompress with gunzip before loading.
  • File size: Uploads are limited to 25 MB per file to keep the browser responsive. For larger audits, filter events server-side (aws cloudtrail lookup-events with --lookup-attributes) before loading.
  • Time range filter interprets datetime-local inputs as local browser time but compares them against CloudTrail's UTC eventTime. Enter times in UTC for exact matches.
  • Highlighting is a best-effort visual aid for common sensitive event names - it is not a substitute for a full security review.
  • Out of scope (MVP): Athena query generation is handled by the CloudWatch Logs Insights Query Builder.

References:
Tech Blog with curated related content
Web Tools Collection

Written by Hidekazu Konishi