Kiro admins can enable the logging of all inline suggestions and chat conversations that users have in the Kiro IDE. These logs can help with auditing, debugging, analytics, and ensuring compliance.
With prompt logging enabled, Kiro will log both the user prompts and Kiro's responses. Kiro stores the logs in an Amazon S3 bucket of your choice in your own account. For examples and explanations of log file contents, see prompt log examples.
There is no charge for the prompt logging feature other than the storage cost of the Amazon S3 bucket used to hold the logs, and a small fee for the optional KMS key used to encrypt the bucket.
Make sure users are subscribed in a standalone account or, if you're using AWS Organizations, a management account. Currently, Kiro does not support logging the prompts of users who are subscribed in member accounts in AWS Organizations.
Create an Amazon S3 bucket to hold the prompt logs. The bucket must:
Be in the AWS Region where the Kiro profile was installed. This profile was installed when you subscribed users to Kiro Pro for the first time. For more information about this profile and the Regions where it's supported, see Concepts and Supported Regions.
Be in the AWS account where users are subscribed.
Have a bucket policy like the one that follows. Replace bucketName, Region, accountId, and prefix with your own information.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "KiroLogsWrite", "Effect": "Allow", "Principal": { "Service": "q.amazonaws.com" }, "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::bucketName/prefix/*" ], "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" }, "ArnLike": { "aws:SourceArn": "arn:aws:codewhisperer:us-east-1:111122223333:*" } } } ] }
To learn about protecting the data in your Amazon S3 bucket, see Protecting data with encryption in the Amazon Simple Storage Service User Guide.
s3://amzn-s3-demo-bucket/kiro-prompt-logs/This section provides examples of prompt logs generated by Kiro.
Following each example is a table that describes the log file's fields.
The following example shows a log file that is generated when a user accepts an inline suggestion.
{ "records": [ { "generateCompletionsEventRequest": { "leftContext": "import * cdk from 'aws-cdk-lib';\r\nimport * s3 from 'aws-cdk-lib/aws-s3';\r\nimport { Stack, StackProps } from 'constructs';\r\nexport class MyStack extends Stack {\r\n constructor(scope: cdk.App, id: string, props?: StackProps) {\r\n super(scope, id, props);\r\n\r\n new s3.Bucket(this, 'XXXXXXXX', {\r\n versioned: true\r\n });\r\n }\r\n ", "rightContext": "", "fileName": "cdk-modified.ts", "customizationArn": null, "userId": "d-92675051d5.b8f1f340-9081-70ad-5fc5-0f37151937a6", "timeStamp": "2025-01-06T15:09:16.412719Z" }, "generateCompletionsEventResponse": { "completions": ["synth() {\n return cdk.App.prototype.synth.apply(this, arguments);\n }"], "requestId": "797c70ee-abc9-4cc7-a148-b9df17f6ce48" } } ] }
The following table describes the fields in the log file for inline suggestions.
| Field name | Description |
|---|---|
records | Top-level field that contains a set of inline suggestions, also known as inline completions. |
generateCompletionsEventRequest | Describes the request for an inline code suggestion. The request is made by Kiro, on behalf of the user. |
leftContext | Indicates the code before the cursor that Kiro is using for context to generate an inline suggestion. |
rightContext | Indicates the code after the cursor that Kiro is using for context to generate an inline suggestion. |
fileName | Indicates the name of the file in which an inline suggestion was requested. |
userId | Indicates the user ID of the user who requested an inline suggestion. |
timeStamp | Indicates the date and time that the inline suggestion was requested. The timestamp is in Coordinated Universal Time (UTC). |
generateCompletionsEventResponse | Describes the inline suggestion generated by Kiro. |
completions | Indicates the inline suggestion that Kiro provided and that the user accepted. |
requestId | The ID of the inline request that uniquely identifies the event. |
The following example shows a log file that is generated when a user chats using Kiro in their IDE.
{ "records": [ { "generateAssistantResponseEventRequest": { "prompt": "Can you explain how to set up object-level access control in an S3 bucket using AWS CDK?", "chatTriggerType": "MANUAL", "customizationArn": null, "userId": "d-92675051d5.b8f1f340-9081-70ad-5fc5-0f37151937a6", "timeStamp": "2025-01-06T15:05:56.313070Z" }, "generateAssistantResponseEventResponse": { "assistantResponse": "I'll explain how to set up object-level access control for an S3 bucket using AWS CDK...", "followupPrompts": "How can you implement multi-factor authentication for S3 bucket access using AWS CDK?", "messageMetadata": { "conversationId": "491bd3cd-d70d-40c0-a452-5ef3f0878422", "utteranceId": null }, "codeReferenceEvents": [], "supplementaryWebLinksEvent": [ { "uri": "https://docs.aws.amazon.com/AmazonS3/latest/API/s3_example_s3_Scenario_ManageACLs_section.html", "title": "[1] Manage access control lists (ACLs) for Amazon S3 buckets using an AWS SDK", "snippet": "The following code example shows how to manage access control lists (ACLs) for Amazon S3 buckets..." } ], "requestId": "dad38fc0-815c-45f7-970a-db916cb7f131" } } ] }
| Field name | Description |
|---|---|
records | Top-level field that contains a set of prompts and responses. |
generateAssistantResponseEventRequest | Describes the prompt entered by the user in the chat window in their IDE. |
prompt | Indicates the prompt the user entered into the chat window. |
chatTriggerType | MANUAL indicates that the user entered a prompt into the chat window, or clicked on one of the suggested questions in the chat window. INLINE_CHAT indicates that the user entered a prompt into the small input screen in the main coding window. |
userId | Indicates the user ID of the user who entered the prompt. |
timeStamp | Indicates the date and time that the user entered the prompt. The timestamp is in universal time (UTC). |
generateAssistantResponseEventResponse | Describes the response generated by Kiro. |
assistantResponse | Indicates the response that Kiro provided to the user's prompt. |
followupPrompts | Indicates the follow-up example prompts that were displayed to the user at the end of the response. |
messageMetadata | Describes metadata associated with the response. |
conversationId | Indicates the conversation ID of the response. The conversation ID groups together messages in a chat session. |
utteranceId | Indicates the utterance ID of the response. An utterance ID is a label that distinguishes one prompt from another within a dialogue or data set. |
codeReferenceEvents | Describes links to code references included in the response. |
supplementaryWebLinksEvent | Indicates the links that were displayed to the user at the end of the response. |
requestId | The ID of the response that uniquely identifies the event. |
Logging user prompts