Posted On: May 31, 2023

Today, Amazon CloudTrail announces the support for Amazon Organizations. You can now create, manage, and deploy CloudTrail trails across your organization from your management account or delegated administrator account. Through integration with Amazon Organizations, an organization trail lets you define a uniform event logging strategy at an organization level, that is applied automatically to each member account in the organization. Users in member accounts are able to see these trails, but they can’t modify them. 

Using your organization’s management account or a delegated administrator account, you can set up a trail and mark it for deployment across the member accounts. Then, Amazon CloudTrail automatically copies the trail definition to each member account and propagates changes to the member accounts when the trail in the management account is updated. Organization trails capture events for all accounts in the organization and log them to the single centralized Amazon S3 bucket as defined during trail configuration. Regardless of whether an organization trail is created with the management account or delegated administrator account, the management account remains the owner of all CloudTrail organization trails. This helps customers with maintaining continuity of organization-wide CloudTrail audit logs, avoiding any disruption when changes are made to their delegated administrator accounts.

For detail information, please visit the Amazon CloudTrail product page and documentation, and Amazon Organizations product page.