- Create a trail
A trail enables CloudTrail to deliver log files to your Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all regions. The trail logs events from all regions in the AWS partition and delivers the log files to the S3 bucket that you specify. For more information, see Overview for Creating a Trail.
- Create and subscribe to an Amazon SNS topic
Subscribe to a topic to receive notifications about log file delivery to your bucket. Amazon SNS can notify you in multiple ways, including programmatically with Amazon Simple Queue Service. For information, see Configuring Amazon SNS Notifications for CloudTrail.
If you want to receive SNS notifications about log file deliveries from all regions, specify only one SNS topic for your trail.
- View your log files
Use Amazon S3 to retrieve log files. For information, see Getting and Viewing Your CloudTrail Log Files.
- Manage user permissions
Use AWS Identity and Access Management (IAM) to manage which users have permissions to create, configure, or delete trails; start and stop logging; and access buckets that have log files. For more information, see Controlling User Permissions for CloudTrail.
- Monitor events with CloudWatch Logs
You can configure your trail to send events to CloudWatch Logs. You can then use CloudWatch Logs to monitor your account for specific API calls and events. For more information, see Monitoring CloudTrail Log Files with Amazon CloudWatch Logs.
If you configure a trail that applies to all regions to send events to a CloudWatch Logs log group, CloudTrail sends events from all regions to a single log group.
- Log management and data events
Configure your trails to log read-only, write-only, or all management and data events. By default, trails log management events. For more information, see Logging Data and Management Events for Trails.
- Enable log encryption
Log file encryption provides an extra layer of security for your log files. For more information, see Encrypting CloudTrail Log Files with AWS KMS–Managed Keys (SSE-KMS).
- Enable log file integrity
Log file integrity validation helps you verify that log files have remained unchanged since CloudTrail delivered them. For more information, see Validating CloudTrail Log File Integrity.
- Share log files with other AWS accounts
You can share log files between accounts. For more information, see Sharing CloudTrail Log Files Between AWS Accounts.
- Aggregate logs from multiple accounts
You can aggregate log files from multiple accounts to a single bucket. For more information, see Receiving CloudTrail Log Files from Multiple Accounts.
- Work with partner solutions
Analyze your CloudTrail output with one of the partner solutions that integrate with CloudTrail. These solutions offer a broad set of capabilities, such as change tracking, troubleshooting, and security analysis. For more information, see the AWS CloudTrail page.