Enable, Centralize, and Secure AWS CloudTrail Logs

It is advisable to use AWS CloudTrail audit logs to investigate incidents by setting them to retain the logs for the period that your security policy determines. It is also recommended to centralize them into a Logging account to protect them from malicious access, or if you use a single account, control access to those logs using IAM policies.

AWS CloudTrail

If you use AWS Control Tower for Multi-Account Management , the Logging account is generated, where the logs are automatically centralized and protected.

AWS CloudTrail Mindmap




Management event activity that AWS CloudTrail recorded during the last 90 days can be viewed and filtered for free through the AWS CloudTrail console or using the AWS CLI.