Create Multiple Trails
You can use CloudTrail log files to troubleshoot operational or security issues in your AWS account. You can create trails for different users, who can create and manage their own trails. You can configure trails to deliver log files to separate S3 buckets or shared S3 buckets.
For example, you might have the following users:
A security administrator creates a trail in the EU (Ireland) Region and configures KMS log file encryption. The trail delivers the log files to an S3 bucket in the EU (Ireland) Region.
An IT auditor creates a trail in the EU (Ireland) Region and configures log file integrity validation to ensure the log files have not changed since CloudTrail delivered them. The trail is configured to deliver log files to an S3 bucket in the EU (Frankfurt) Region
A developer creates a trail in the EU (Frankfurt) Region and configures CloudWatch alarms to receive notifications for specific API activity. The trail shares the same S3 bucket as the trail configured for log file integrity.
Another developer creates a trail in the EU (Frankfurt) Region and configures SNS. The log files are delivered to a separate S3 bucket in the EU (Frankfurt) Region.
The following image illustrates this example.
You can create up to five trails per region. A trail that logs activity from all regions counts as one trail per region.
You can use resource-level permissions to manage a user's ability to perform specific operations on CloudTrail.
For example, you might grant one user permission to view trail activity, but restrict the user from starting or stopping logging for a trail. You might grant another user full permission to create and delete trails. This gives you granular control over your trails and user access.
For more information about resource-level permissions, see Controlling User Permissions for Actions on Specific Trails.
For more information about multiple trails, see the following resources: