Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Receiving CloudTrail log files from multiple Regions

PDF
RSS
Focus mode
Receiving CloudTrail log files from multiple Regions - AWS CloudTrail

When you create a multi-Region trail, CloudTrail logs events from all Regions enabled in your account. CloudTrail delivers log files to the same S3 bucket and CloudWatch Logs log group. As long as CloudTrail has permissions to write to an S3 bucket, the bucket for a multi-Region trail does not have to be in the trail's home Region.

Although most AWS Regions are enabled by default for your AWS account, you must manually enable certain Regions (also referred to as opt-in Regions). For information about which Regions are enabled by default, see Considerations before enabling and disabling Regions in the AWS Account Management Reference Guide. For the list of Regions CloudTrail supports, see CloudTrail supported Regions.

After you enable an opt-in Region, CloudTrail creates an identical copy of each multi-Region trail in the opt-in Region that you enabled. For more information, see What happens when you enable an opt-in Region?.

If you later disable an opt-in Region, the copy of the multi-Region trail in that Region will remain. Because your account may have activity in the Region you disabled, such as actions by AWS services to remove resources, CloudTrail will continue to capture activity and attempt to deliver events to the S3 bucket for any trails that are not deleted before the Region is disabled.

To convert an existing single-Region trail to a multi-Region trail, you must use the AWS CLI.

To change an existing trail so that it applies to all enabled Regions, add the --is-multi-region-trail option to the update-trail command.

aws cloudtrail update-trail --name my-trail --is-multi-region-trail

To confirm that the trail is now a multi-Region trail, verify that the IsMultiRegionTrail element in the output shows true.

{
    "IncludeGlobalServiceEvents": true, 
    "Name": "my-trail", 
    "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/my-trail", 
    "LogFileValidationEnabled": false, 
    "IsMultiRegionTrail": true, 
    "IsOrganizationTrail": false,
    "S3BucketName": "amzn-s3-demo-bucket"
}

For more information, see the following resources:

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.