How to reduce the cost for cloudtrail logging

The first management event in each account is free and when you create multiple trails you enable delivery of multiple management events which increase your cost. Do you have excluded KMS and RDS Data API events from your trails if you don't need them?

It depends on what is configured in your cloudtrails. are these management only trail or it has data and insight events enabled as well. What is the security/compliance requirement? Do you need other events ? If not disable data and insight events.

If the requirement is to have 2 cloudtrails then there is nothing much you can do. But if the requirement is to feed security account and as well as keep local copy of cloudtrail logs then there are multiple ways depending on what you are doing with data in the security account. e.g: You can read from security account directly from the s3 bucket in the local account if you are ingesting that data into some security tool. this will allow you to remove second cloud trail.

The biggest cost you'll see is having more than 1 CloudTrail set up. The "first cloudtrail" (copy) is free: https://aws.amazon.com/cloudtrail/pricing/.

I would check with requirements and see if you could centrally receive CloudTrail Logs in 1 account for security (or even use S3). One example:

• https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html.

If requirements do require 2 CloudTrails set up, there isn't much you can do.

Not much to add for previous answers. Key to potential cost reduction is understanding why there is a requirement for local trail (centralized trail is likely becauce auditability requirement) Maybe Cloudtrail Lake would be interesting when looking for a ways to have both centralized audit trail and sharing that with multiple accounts. https://aws.amazon.com/blogs/mt/announcing-aws-cloudtrail-lake-a-managed-audit-and-security-lake/