Hello Reader,
Welcome back to another installment in the AWS CloudTrail speed test series. Today’s focus shifts to the opposite of yesterday’s action: RemoveUserFromGroup. This event is triggered when you revoke permissions by removing an IAM user from a group.
Fifth Test: AWS RemoveUserFromGroup Event
For this test, I removed a user from an existing IAM group, which typically results in an immediate change to their permission set. As with all IAM actions, the key question remained: how long will it take for CloudTrail to log it? And in which region?
Since IAM is a global service, the event should appear in the us-east-1 region, just like all prior IAM tests we've run. To confirm, I initiated the action and started the stopwatch.
Results
Sure enough, the RemoveUserFromGroup event appeared in us-east-1 after just 1 minute and 45 seconds.
Once again, CloudTrail continues to deliver IAM-related logs well within SLA expectations:
- Faster than AWS’s 15-minute SLA
- Close to their 5-minute goal for critical events
Coming Up
In tomorrow’s post, I’ll be testing something a little more involved: creating and attaching an inline policy to a user. Can CloudTrail keep up? We’ll find out—stay tuned!
Post a Comment