Posted On: Nov 19, 2018

You can now create, manage, and deploy AWS CloudTrail trails across an organization from a single account. Through integration with AWS Organizations, this organization trail enables you to define a uniform event logging strategy for your organization that is applied automatically to each member account in an organization. Users in member accounts are able to see these trails, but they can’t modify them. This helps you uniformly apply and enforce your event logging strategy across the AWS accounts in your organization.

Using your organization's master account, you can set up a trail and mark it for deployment across the member accounts. Then, AWS CloudTrail automatically copies the trail definition to each member account upon creation and propagates changes to the member accounts when the trail in the master account is updated. Organization trails capture events for all accounts in the organization and log them to the same Amazon S3 bucket as defined by the organization trail in the master account.

This feature is available in the Asia Pacific (Mumbai), Asia Pacific (Osaka-Local), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfort), EU (Ireland), EU (London), EU (Paris), South America (Sao Paulo), US East (N. Virginia), US East (Ohio), US West (N. California), and US West (Oregon) AWS Regions.

To learn more about AWS CloudTrail, see the following:

Product page

Documentation

Supported services

AWS Organizations makes it easy for you to implement multi-account use cases by integrating with different AWS services. To learn more about AWS Organizations, see the Product page.