Resilience in Amazon CloudTrail

The Amazon global infrastructure is built around Amazon Regions and Availability Zones. Amazon Regions provide multiple physically separated and isolated Availability Zones, which are connected with low-latency, high-throughput, and highly redundant networking. With Availability Zones, you can design and operate applications and databases that automatically fail over between Availability Zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures. If you specifically need to replicate your CloudTrail log files over greater geographic distances, you can use Cross-Region Replication for your trail Amazon S3 buckets, which enables automatic, asynchronous copying of objects across buckets in different Amazon Regions.

For more information about Amazon Regions and Availability Zones, see Amazon Global Infrastructure.

In addition to the Amazon global infrastructure, CloudTrail offers several features to help support your data resiliency and backup needs.

Trails and event data stores that log events in all Amazon Regions

When you apply a trail to all Amazon Regions, CloudTrail creates trails with identical configurations in all other Amazon Web Services Regions in the Amazon partition in which you are working. When Amazon adds a new Region, that trail configuration is automatically created in the new Region.

When you create a multi-Region event data store, CloudTrail collects events that occur in all Amazon Web Services Regions in your account.

Versioning, lifecycle configuration, and object lock protection for CloudTrail log data

Because CloudTrail uses Amazon S3 buckets to store log files, you can also use the features provided by Amazon S3 to help support your data resiliency and backup needs. For more information, see Resilience in Amazon S3.