Creating and updating a trail with the console - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating and updating a trail with the console

You can use the CloudTrail console to create, update, or delete your trails. Trails created using the console are multi-Region. To create a trail that logs events in only one Amazon Web Services Region, use the Amazon CLI.

You can create up to five trails for each Region. After you create a trail, CloudTrail automatically starts logging API calls and related events in your account to the Amazon S3 bucket that you specify.

You can change the following settings for your trail using the CloudTrail console:

  • You can change the S3 bucket location and specify a prefix.

  • The management account for an Amazon Organizations organization can convert an account-level trail to an organization trail, or can convert an organization trail to an account-level trail.

  • You can enable or disable KMS key encryption.

  • You can enable or disable log file validation. Log file validation allows you to determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it. By default, log file validation is enabled.

  • You can configure a trail to send notifications to an Amazon SNS topic.

  • You can configure a trail to send events to a CloudWatch Logs log group. Both the log group and IAM role must exist in your own account.

  • You can update settings for management events, data events, and Insights events.

  • You can add or remove tags. You can add up to 50 tag key pairs to help you identify your trails.

Using the CloudTrail console to create or update a trail provides the following advantages.

  • If this is your first time creating a trail, using the CloudTrail console lets you view the available feature and options.

  • If you are configuring a trail to log data events, using the CloudTrail console lets you view the available data types. For more information about logging data events, see Logging data events.

  • If your trail is already logging data events, using the console allows you to easily add logging for additional data event types.

For information specific to creating a trail for an organization in Amazon Organizations, see Creating a trail for an organization.