Home icon

Important changes to CloudTrail events for AWS IAM Identity Center

Security Blog

AWS IAM Identity Center is making important changes to its CloudTrail events, effective January 13, 2025, to simplify user identification and enhance security:

  • Will stop emitting `userName` and `principalId` fields in user identity elements
  • Will replace these fields with `userId` and `identityStoreArn`
  • Will change `userIdentity` type from `Unknown` to `IdentityCenterUser` for authenticated users
  • Will emit `credentialId` to help track user actions within a session
  • Will hide group `displayName` in administrative events, replacing it with "HIDDEN_DUE_TO_SECURITY_REASONS"

These changes affect CloudTrail events for AWS access portal, OIDC, sign-in, and Identity Store events. AWS recommends updating workflows that rely on these fields before the January 13, 2025 implementation date.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Related articles

Feb 6
2025
AWS IAM Identity Center now offers improved error messages and AWS CloudTrail logging for provisioning issues
Sep 25
2024
AWS CloudTrail launches network activity events for VPC endpoints (preview)
May 28
2026
AWS Organizations emits CloudTrail events for account membership changes
Dec 5
2025
AWS launches simplified enablement of AWS CloudTrail events in Amazon CloudWatch

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.