docs.aws.amazon.com
Open in
urlscan Pro
13.35.58.82
Public Scan
Submitted URL: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
Effective URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
Submission: On April 11 via api from US — Scanned from DE
Effective URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
Submission: On April 11 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
SELECT YOUR COOKIE PREFERENCES
We use essential cookies and similar tools that are necessary to provide our
site and services. We use performance cookies to collect anonymous statistics so
we can understand how customers use our site and make improvements. Essential
cookies cannot be deactivated, but you can click “Customize cookies” to decline
performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide
useful site features, remember your preferences, and display relevant content,
including relevant advertising. To continue without accepting these cookies,
click “Continue without accepting.” To make more detailed choices or learn more,
click “Customize cookies.”
Accept all cookiesContinue without acceptingCustomize cookies
CUSTOMIZE COOKIE PREFERENCES
We use cookies and similar tools (collectively, "cookies") for the following
purposes.
ESSENTIAL
Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.
PERFORMANCE
Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.
Allow performance category
Allowed
FUNCTIONAL
Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.
Allow functional category
Allowed
ADVERTISING
Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.
Allow advertising category
Allowed
Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice.
CancelSave preferences
UNABLE TO SAVE COOKIE PREFERENCES
We will only store essential cookies at this time, because we were unable to
save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in
the AWS console footer, or contact support if the problem persists.
Dismiss
Contact Us
English
Create an AWS Account
1. AWS
2. ...
3. Documentation
4. AWS CloudTrail
5. User Guide
Feedback
Preferences
AWS CLOUDTRAIL
USER GUIDE
* What Is AWS CloudTrail?
* How CloudTrail works
* Concepts
* Supported Regions
* Supported services and integrations
* Quotas in AWS CloudTrail
* CloudTrail tutorials
* View event history
* Create a trail to log management events
* View your log files
* Create an event data store for S3 data events
* Copy trail events to a CloudTrail Lake event data store
* View CloudTrail Lake dashboards
* View and run CloudTrail Lake sample queries
* Save CloudTrail Lake query results to an S3 bucket
* Working with CloudTrail Event history
* Viewing recent management events in the CloudTrail console
* Viewing recent management events with the AWS CLI
* Working with CloudTrail Lake
* CloudTrail Lake supported Regions
* CloudTrail Lake concepts and terminology
* Event data stores
* Create, update, and manage event data stores with the console
* Create an event data store for CloudTrail events
* Create an event data store for CloudTrail Insights events
* Create an event data store for AWS Config configuration items
* Create an event data store for events outside of AWS
* Update an event data store
* Stop and start event ingestion
* Change termination protection
* Delete an event data store
* Restore an event data store
* Create, update, and manage event data stores with the AWS CLI
* Manage event data store lifecycles
* Copy trail events to an event data store
* Event copy details
* Example: Copy trail events to a new event data store
* Federate an event data store
* Enable Lake query federation
* Disable Lake query federation
* Managing CloudTrail Lake federation resources with AWS Lake
Formation
* Organization event data stores
* Integrations
* Create an integration with a CloudTrail partner with the console
* Create a custom integration with the console
* Create, update, and manage CloudTrail Lake integrations with the AWS
CLI
* CloudTrail Lake integrations event schema
* View Lake dashboards
* Queries
* View sample queries
* Create or edit a query
* Run a query and save query results
* View query results
* Download saved query results
* Validate saved query results
* Run and manage CloudTrail Lake queries with the AWS CLI
* CloudTrail Lake SQL constraints
* Supported SQL schemas for event data stores
* Controlling user permissions
* Managing CloudTrail Lake costs
* Supported CloudWatch metrics
* Working with CloudTrail trails
* Creating a trail for your AWS account
* Creating and updating a trail with the console
* Creating a trail
* Updating a trail
* Deleting a trail
* Turning off logging for a trail
* Creating, updating, and managing trails with the AWS Command Line
Interface
* Using create-trail
* Using update-trail
* Managing trails with the AWS CLI
* Creating a trail for an organization
* Moving from member account trails to organization trails
* Prepare for creating a trail for your organization
* Creating a trail for your organization in the console
* Creating a trail for an organization with the AWS Command Line
Interface
* Troubleshooting
* Viewing CloudTrail Insights events for trails
* Viewing CloudTrail Insights events for trails in the CloudTrail console
* Viewing CloudTrail Insights events for trails with the AWS CLI
* Copying trail events to CloudTrail Lake
* Getting and viewing your CloudTrail log files
* Downloading your CloudTrail log files
* Configuring Amazon SNS notifications for CloudTrail
* Tips for managing trails
* Managing CloudTrail trail costs
* Naming requirements
* Create multiple trails
* Controlling user permissions
* Supported VPC endpoints
* AWS account closure and trails
* Configure CloudTrail settings
* Organization delegated administrator
* Required permissions to assign a delegated administrator
* Add a CloudTrail delegated administrator
* Remove a CloudTrail delegated administrator
* Service-linked channels
* Understanding CloudTrail events
* Management events
* Data events
* Insights events
* CloudTrail record contents
* Example sharedEventID
* Services that support TLS details in CloudTrail
* CloudTrail userIdentity element
* Insights insightDetails element
* Non-API events captured by CloudTrail
* AWS service events
* AWS Management Console sign-in events
* CloudTrail log files
* Receiving CloudTrail log files from multiple Regions
* Managing data consistency
* Monitoring CloudTrail log files with Amazon CloudWatch Logs
* Sending events to CloudWatch Logs
* Creating CloudWatch alarms for CloudTrail events: examples
* Stopping CloudTrail from sending events to CloudWatch Logs
* CloudWatch log group and log stream naming for CloudTrail
* Role policy document for CloudTrail to use CloudWatch Logs for
monitoring
* Receiving CloudTrail log files from multiple accounts
* Setting bucket policy for multiple accounts
* Create trails in additional accounts
* Sharing CloudTrail log files between AWS accounts
* Validating CloudTrail log file integrity
* Enabling log file integrity validation for CloudTrail
* Validating CloudTrail log file integrity with the AWS CLI
* CloudTrail digest file structure
* Custom implementations of CloudTrail log file integrity validation
* CloudTrail log file examples
* Using the CloudTrail Processing Library
* Security
* Data protection
* Identity and Access Management
* How AWS CloudTrail works with IAM
* Identity-based policy examples
* Resource-based policy examples
* Amazon S3 bucket policy for CloudTrail
* Amazon S3 bucket policy for CloudTrail Lake query results
* Amazon SNS topic policy for CloudTrail
* Troubleshooting
* Using service-linked roles
* AWS managed policies
* Compliance validation
* Resilience
* Infrastructure security
* Cross-service confused deputy prevention
* Security best practices
* Encrypting CloudTrail log files with AWS KMS keys (SSE-KMS)
* Granting permissions to create a KMS key
* Configure AWS KMS key policies for CloudTrail
* Default KMS key policy created in CloudTrail console
* Updating a resource to use your KMS key
* Enabling and disabling CloudTrail log file encryption with the AWS CLI
* Document history
* AWS Glossary
Creating a trail for your AWS account - AWS CloudTrail
AWSDocumentationAWS CloudTrailUser Guide
CREATING A TRAIL FOR YOUR AWS ACCOUNT
PDFRSS
When you create a trail, you enable ongoing delivery of events as log files to
an Amazon S3 bucket that you specify. Creating a trail has many benefits,
including:
* A record of events that extends past 90 days.
* The option to automatically monitor and alarm on specified events by sending
log events to Amazon CloudWatch Logs.
* The option to query logs and analyze AWS service activity with Amazon Athena.
Beginning on April 12, 2019, you can view trails only in the AWS Regions where
they log events. If you create a trail that logs events in all AWS Regions, it
appears in the console in all Regions in the AWS partition in which you are
working. If you create a trail that only logs events in a single Region, you can
view and manage it only in that Region. Creating a multi-Region trail is the
default option if you create a trail by using the AWS CloudTrail console, and is
a recommended best practice. To create a single-Region trail, you must use the
AWS CLI.
If you use AWS Organizations, you can create a trail that will log events for
all AWS accounts in the organization. A trail with the same name will be created
in each member account, and events from each trail will be delivered to the
Amazon S3 bucket that you specify.
NOTE
Only the management account or delegated administrator account for an
organization can create a trail for the organization. Creating a trail for an
organization automatically enables integration between CloudTrail and
Organizations. For more information, see Creating a trail for an organization.
TOPICS
* Creating and updating a trail with the console
* Creating, updating, and managing trails with the AWS Command Line Interface
Javascript is disabled or is unavailable in your browser.
To use the Amazon Web Services Documentation, Javascript must be enabled. Please
refer to your browser's Help pages for instructions.
Document Conventions
Working with CloudTrail trails
Creating and updating a trail with the console
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of
it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.
DID THIS PAGE HELP YOU?
Yes
No
Provide feedback
NEXT TOPIC:
Creating and updating a trail with the console
PREVIOUS TOPIC:
Working with CloudTrail trails
NEED HELP?
* Try AWS re:Post
* Connect with an AWS IQ expert
PrivacySite termsCookie preferences
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ON THIS PAGE