By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Will i be charged for the only copy of Cloudtrail management events in account?

0

I have organization in AWS with multiple accounts. I want to create a trail in one of them called "Stage" for management events, and in near future to create an organization trail for all my accounts. If i delete the trail created by memeber account on "Stage" and would left only organization trail, will it be charged, as it is not the first trail, or it does not matter as long as i get only one copy of cloudtrail events?

Topics
Management & GovernanceCloud Financial Management
Tags
Management & GovernanceAWS OrganizationsAWS CloudTrailCloud Financial Management
Language
English
Aliaksei Batsianouski
asked 4 months ago464 views
2 Answers
1

Hello,

  • When you have both an organization trail and individual account trails logging the same events, you will incur charges for duplicate logs from each trail.

  • To avoid duplicate charges but ensure you don't lose any logs during the transition, I would recommend keeping both the "Stage" account trail and the new organization trail active for a short period, such as 1-2 days. This allows the organization trail time to start logging all accounts before removing the individual account trail.

  • After confirming the organization trail is logging successfully in all accounts for a day or two, you can then delete the "Stage" account trail. This ensures a smooth transition without gaps in your logs. Any duplicate charges from the brief period of both trails logging will be minimal.

  • The organization trail on its own will deliver a single copy of events across all accounts once the individual account trail is removed. So as long as only the organization trail remains after the transition period, you will not continue to be charged for duplicate logs going forward.

Let me know if you have any other questions!

Thanks

Abhinav

Abhinav Chauhan
answered 4 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 4 months ago
0
Accepted Answer

Cloudtrail is charged on a per account basis.

  1. So if you have an org enabled trail in ALL accounts this will not be charged.
  2. If you create a 2nd one called stage in one of the accounts, then you will be charged for the 2nd trail just in this account.
  3. If you delete the Stage from this account at a later date, then you will no longer incure charges.

You only really need a 2nd trail if you want to log to a different S3 bucket or to cloudwatch log groups in the local account where you have enabled a NON org trail. You will still be able to search the last 90 days from the Cloudtrail console still even if cloudtrail is not configured.

profile picture
EXPERT
Gary Mclean
answered 4 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content