Skip to main content
All CollectionsActionsAmazon Web Services
Create CloudTrail Trails Actions
Create CloudTrail Trails Actions
Matt Houser avatar
Written by Matt Houser
Updated over 6 years ago

Description

The Create CloudTrail trails action can be used to create one or more CloudTrail trails at a specific time of day.

Settings

Please see Common Action Settings for a description of settings common to all action types.

Creation Rule

Indicates the rules in which trails will be created. Possible options include:

  • Create always - Always attempt to create the trails

  • Create if needed - Creates the trails only if appropriate trails don't already exist

  • Create if name does not exist - Creates the trails only if trails with the same names don't already exist

Regions to Apply

Indicates the regions in which trails should be created. Possible options include:

  • All regions - Create trails in all regions

  • Create in the executing region only - Create a trail in the executing region only

Trail Name

The name of the new trail.

Multi-Region Location

Indicates in which region(s) any created trail should apply to all regions.

  • All regions - Trails in all regions should collect data from all regions

  • Enable in the executing region only - Only trails in the executing region should collect data from all regions

Global Service Events Location

Indicates in which region(s) any created trail should collect data from global services (serviced without regions).

  • All regions - Trails in all regions should collect data from global services

  • Enable in the executing region only - Only trails in the executing region should collect data from global services

Enable Log File Validation

Indicates whether the created trails should enable log file validation.

S3 Bucket Name

The name of the bucket to put CloudTrail data.

S3 Prefix

The prefix in S3 under which CloudTrail data will be placed.

KMS Key

The ID, ARN, or alias for a KMS key used to encrypt the CloudTrail data. If left blank, the default S3 server-side encryption key will be used.

SNS Topic Name

Name of an SNS topic to send notifications to when CloudTrail data is put into the bucket.

Resource Tags

Resource tags to be added to the newly created trails.

Amazon Commands Used

The following Amazon AWS commands are used. The credentials should have permission to execute all of them.

  • cloudtrail:AddTags

  • cloudtrail:CreateTrail

  • cloudtrail:DescribeTrails

  • cloudtrail:GetTrailStatus

  • cloudtrail:StartLogging

Did this answer your question?