AWS CloudTrail now supports Amazon S3 Data Events. You can now record all API actions on S3 Objects and receive detailed information such as the AWS account of the caller, IAM user role of the caller, time of the API call, IP address of the API, and other details. All events are delivered to a S3 bucket and CloudWatch Events, allowing you to take programmatic actions on the events. For example, if the Access Control Lists (ACLs) of an object are modified, you can quickly reapply the original ACLs on that object.