docs.aws.amazon.com Open in urlscan Pro
65.9.63.6  Public Scan

Form analysis
0 forms found in the DOM

Text Content

SELECT YOUR COOKIE PREFERENCES

We use cookies and similar tools to enhance your experience, provide our
services, deliver relevant advertising, and make improvements. Approved third
parties also use these tools to help us deliver advertising and provide certain
site features.

CustomizeAccept all


CUSTOMIZE COOKIE PREFERENCES

We use cookies and similar tools (collectively, "cookies") for the following
purposes.


ESSENTIAL

Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.




PERFORMANCE

Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.

Allow performance category
Allowed


FUNCTIONAL

Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.

Allow functional category
Allowed


ADVERTISING

Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.

Allow advertising category
Allowed

Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice

.

CancelSave preferences


English


Sign In to the Console
 1. AWS
 2. ...
    
 3. Documentation
 4. AWS CloudTrail
 5. User Guide

Feedback
Preferences
AWS CloudTrail
User Guide
 * What Is AWS CloudTrail?
    * How CloudTrail works
    * CloudTrail workflow
    * CloudTrail concepts
    * CloudTrail supported regions
    * CloudTrail log file examples
    * CloudTrail supported services and integrations
       * CloudTrail unsupported services
   
    * Quotas in AWS CloudTrail

 * CloudTrail tutorial
 * Working with CloudTrail
    * Viewing events with CloudTrail Event history
       * Viewing CloudTrail events in the CloudTrail console
       * Viewing CloudTrail events with the AWS CLI
   
    * Viewing CloudTrail Insights events
       * Viewing CloudTrail Insights events in the CloudTrail console
       * Viewing CloudTrail Insights events with the AWS CLI
   
    * Creating a trail for your AWS account
       * Creating and updating a trail with the console
          * Creating a trail
          * Updating a trail
          * Deleting a trail
          * Turning off logging for a trail
      
       * Creating, updating, and managing trails with the AWS Command Line
         Interface
          * Using create-trail
          * Using update-trail
          * Managing trails with the AWS CLI
   
    * Creating a trail for an organization
       * Prepare for creating a trail for your organization
       * Creating a trail for your organization in the console
       * Creating a trail for an organization with the AWS Command Line
         Interface
   
    * Getting and viewing your CloudTrail log files
       * Finding your CloudTrail log files
       * Downloading your CloudTrail log files
   
    * Configuring Amazon SNS notifications for CloudTrail
    * Controlling user permissions for CloudTrail
    * Tips for managing trails
       * Managing CloudTrail costs
       * CloudTrail trail naming requirements
       * Amazon S3 bucket naming requirements
       * AWS KMS alias naming requirements
   
    * Using AWS CloudTrail with interface VPC endpoints

 * Working with CloudTrail Lake
    * Create an event data store
    * Manage event data store lifecycles
    * Create or edit a query
    * Run a query
    * View query results
    * Managing CloudTrail Lake by using the AWS CLI
    * CloudTrail Lake SQL constraints
    * Example queries

 * CloudTrail log files
    * Create multiple trails
    * Logging management events for trails
    * Logging data events for trails
    * Logging Insights events for trails
    * Receiving CloudTrail log files from multiple regions
    * Monitoring CloudTrail log files with Amazon CloudWatch Logs
       * Sending events to CloudWatch Logs
       * Creating CloudWatch alarms with an AWS CloudFormation template
       * Creating CloudWatch alarms for CloudTrail events: examples
       * Configuring notifications for CloudWatch Logs alarms
       * Stopping CloudTrail from sending events to CloudWatch Logs
       * CloudWatch log group and log stream naming for CloudTrail
       * Role policy document for CloudTrail to use CloudWatch Logs for
         monitoring
   
    * Receiving CloudTrail log files from multiple accounts
       * Setting bucket policy for multiple accounts
       * Turning on CloudTrail in additional accounts
   
    * Sharing CloudTrail log files between AWS accounts
       * Creating a role
       * Creating an access policy to grant access to accounts you own
       * Creating an access policy to grant access to a third party
       * Assuming a role
       * Stop sharing CloudTrail log files between AWS accounts
   
    * Validating CloudTrail log file integrity
       * Enabling log file integrity validation for CloudTrail
       * Validating CloudTrail log file integrity with the AWS CLI
       * CloudTrail digest file structure
       * Custom implementations of CloudTrail log file integrity validation
   
    * Using the CloudTrail Processing Library

 * Security
    * Data protection
    * Identity and Access Management
       * How AWS CloudTrail works with IAM
       * Identity-based policy examples
       * Amazon S3 bucket policy for CloudTrail
       * Amazon SNS topic policy for CloudTrail
       * Troubleshooting
       * Using service-linked roles
   
    * Compliance validation
    * Resilience
    * Infrastructure security
    * Security best practices
    * Encrypting CloudTrail log files with AWS KMS–managed keys (SSE-KMS)
       * Granting permissions to create a KMS key
       * Configure AWS KMS key policies for CloudTrail
          * Default KMS key policy created in CloudTrail console
      
       * Updating a trail to use your KMS key
       * Enabling and disabling CloudTrail log file encryption with the AWS CLI

 * Log event reference
    * CloudTrail record contents
       * Example sharedEventID
   
    * CloudTrail userIdentity element
    * Insights insightDetails element
    * Non-API events captured by CloudTrail
       * AWS service events
       * AWS Management Console sign-in events

 * Document history
 * AWS glossary

Creating a trail for your AWS account - AWS CloudTrail
AWSDocumentationAWS CloudTrailUser Guide


CREATING A TRAIL FOR YOUR AWS ACCOUNT

PDFRSS

When you create a trail, you enable ongoing delivery of events as log files to
an Amazon S3 bucket that you specify. Creating a trail has many benefits,
including:

 * A record of events that extends past 90 days.

 * The option to automatically monitor and alarm on specified events by sending
   log events to Amazon CloudWatch Logs.

 * The option to query logs and analyze AWS service activity with Amazon Athena.

Beginning on April 12, 2019, you can view trails only in the AWS Regions where
they log events. If you create a trail that logs events in all AWS Regions, it
appears in the console in all Regions. If you create a trail that only logs
events in a single Region, you can view and manage it only in that Region.
Creating a multi-region trail is the default option if you create a trail by
using the AWS CloudTrail console, and is a recommended best practice. To create
a single-region trail, you must use the AWS CLI.

If you use AWS Organizations, you can create a trail that will log events for
all AWS accounts in the organization. A trail with the same name will be created
in each member account, and events from each trail will be delivered to the
Amazon S3 bucket that you specify.

Note

Only the management account for an organization can create a trail for the
organization. Creating a trail for an organization automatically enables
integration between CloudTrail and Organizations. For more information, see
Creating a trail for an organization.

Topics

 * Creating and updating a trail with the console
 * Creating, updating, and managing trails with the AWS Command Line Interface

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.

Document Conventions
Viewing CloudTrail Insights events with the AWS CLI
Creating and updating a trail with the console
Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of
it.



Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.




Did this page help you?
YesNo
Provide feedback
Edit this page on GitHub
Next topic:Creating and updating a trail with the console
Previous topic:Viewing CloudTrail Insights events with the AWS CLI
Need help?
 * Try AWS re:Post
 * Connect with an AWS IQ expert

PrivacySite termsCookie preferences
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.





DID THIS PAGE HELP YOU? - NO



Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.



Feedback