0
0
AwsHow-ToBeginner · 3 min read

How to Enable AWS CloudTrail: Step-by-Step Guide

To enable AWS CloudTrail, create a trail that records account activity and stores logs in an S3 bucket. You can enable it via the AWS Management Console or AWS CLI by specifying a trail name and S3 bucket for log storage.
📐

Syntax

Use the AWS CLI command aws cloudtrail create-trail to enable CloudTrail. You must provide a trail name and an S3 bucket name where logs will be saved. Optionally, you can specify if the trail applies to all regions.

bash
aws cloudtrail create-trail --name <TrailName> --s3-bucket-name <BucketName> [--is-multi-region-trail]
💻

Example

This example creates a CloudTrail trail named MyTrail that logs events from all AWS regions and stores them in the S3 bucket my-cloudtrail-logs-bucket.

bash
aws cloudtrail create-trail --name MyTrail --s3-bucket-name my-cloudtrail-logs-bucket --is-multi-region-trail
aws cloudtrail start-logging --name MyTrail
Output
{ "Name": "MyTrail", "S3BucketName": "my-cloudtrail-logs-bucket", "IsMultiRegionTrail": true }
⚠️

Common Pitfalls

  • Not creating or specifying an existing S3 bucket before enabling CloudTrail causes errors.
  • Forgetting to start logging after creating the trail means no events are recorded.
  • Not enabling multi-region trails can miss activity in other regions.
bash
aws cloudtrail create-trail --name MyTrail --s3-bucket-name my-cloudtrail-logs-bucket
# Missing start-logging command means no logs are captured

# Correct way:
aws cloudtrail start-logging --name MyTrail
📊

Quick Reference

Remember these key points when enabling CloudTrail:

  • Create or use an existing S3 bucket for logs.
  • Use create-trail to define the trail.
  • Use start-logging to begin capturing events.
  • Enable multi-region trails to cover all AWS regions.

Key Takeaways

Create a trail with a unique name and specify an S3 bucket to store logs.
Always start logging after creating the trail to capture events.
Enable multi-region trails to monitor activity across all AWS regions.
Ensure the S3 bucket exists and has proper permissions before creating the trail.

Related by keyword

How to Enable MFA in AWS: Step-by-Step GuideIAMHow to Configure AWS CLI: Step-by-Step GuideGetting StartedHow to Create AWS Account: Step-by-Step GuideGetting StartedHow to Install AWS CLI: Step-by-Step GuideGetting StartedHow to Create IAM Group in AWS: Step-by-Step GuideIAM

Up next

How to Use AWS Savings Plans to Reduce CostsHow to Use Spot Instances for Savings in AWSHow to Fix Access Denied Errors in AWS QuicklyHow to Fix API Gateway CORS Error Quickly and Easily

More in Security

How to Secure AWS Account: Best Practices and StepsHow to Use AWS GuardDuty: Setup and Best PracticesHow to Use AWS Organizations: Setup and Management GuideHow to Use AWS Security Hub: Setup and Best Practices