Creating multiple trails - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating multiple trails

You can use CloudTrail log files to troubleshoot operational or security issues in your Amazon account. You can create trails for different users, who can create and manage their own trails. You can configure trails to deliver log files to separate S3 buckets or shared S3 buckets.

Note

The first copy of management events in each Amazon Web Services Region for an account is free. If you create more trails that deliver the same management events to other destinations, those subsequent deliveries incur CloudTrail costs. For more information about CloudTrail costs, see Amazon CloudTrail Pricing and Managing CloudTrail trail costs.

For example, you might have the following users:

  • A security administrator creates a trail and configures SNS to receive notifications when new log files are delivered.

  • A developer creates a trail and configures CloudWatch alarms to receive notifications for specific API activity.

  • An IT auditor creates a trail and configures SNS and CloudWatch alarms.

  • All log files are delivered to the same S3 bucket.

The following image illustrates this example.

An example of log file delivery for multiple trails
Note

You can create up to five trails per Amazon Web Services Region. A multi-Region trail counts as one trail per Region.

You can use resource-level permissions to manage a user's ability to perform specific operations on CloudTrail.

For example, you might grant one user permission to view trail activity, but restrict the user from starting or stopping logging for a trail. You might grant another user full permission to create and delete trails. This gives you granular control over your trails and user access.

For more information about resource-level permissions, see Examples: Creating and applying policies for actions on specific trails.

For more information about multiple trails, see the CloudTrail FAQs.