I am setting up a S3 cloudtrail collector and I would like to not ingest events that are from s3.amazonaws.com using the following regex:
The reason I am not configuring cloudtrail to not publish s3 events is because I still want those events to appear in cloudwatch. I also want to avoid creating a separate cloudtrail.
One solution I am looking into is using processing roles with the regex above via the exclude rule, however I can confused on how this affects pricing. Does excluded data still contribute to my Ingestion budget as ingested data? Is there any cost to excluding data?
Any clarification or if you have any other ideas for how I resolve this would be greatly appreciated!
Please sign in to leave a comment.