Creating and updating a trail with the console

You can use the CloudTrail console to create, update, or delete your trails. Trails created using the console are multi-Region. To create a trail that logs events in only one AWS Region, use the AWS CLI.

You can create up to five trails for each Region. After you create a trail, CloudTrail automatically starts logging API calls and related events in your account to the Amazon S3 bucket that you specify.

You can change the following settings for your trail using the CloudTrail console:

You can change the S3 bucket location and specify a prefix.
The management account for an AWS Organizations organization can convert an account-level trail to an organization trail, or can convert an organization trail to an account-level trail.
You can enable or disable KMS key encryption.
You can enable or disable log file validation. Log file validation allows you to determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it. By default, log file validation is enabled.
You can configure a trail to send notifications to an Amazon SNS topic.
You can configure a trail to send events to a CloudWatch Logs log group. Both the log group and IAM role must exist in your own account.
You can update settings for management events, data events, network activity events (in preview), and Insights events.
You can add or remove tags. You can add up to 50 tag key pairs to help you identify your trails.

Using the CloudTrail console to create or update a trail provides the following advantages.

If this is your first time creating a trail, using the CloudTrail console allows you to view the available feature and options.
If you are configuring a trail to log data events, using the CloudTrail console allows you to view the available data types. For more information, see Logging data events.
If you are configuring a trail to network activity events (in preview), using the CloudTrail console allows you to view the available event sources. For more information, see Logging network activity events.

For information specific to creating a trail for an organization in AWS Organizations, see Creating a trail for an organization.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating a trail for your AWS account

Creating a trail