Skip to main content
Latest Documentation
This is the latest documentation for the Cloud Posse Reference Architecture. To determine which version you're currently using, please see Version Identification.
Version: Latest
Sponsor @cloudposse

Setup Organizational CloudTrail

Now that all the accounts have been deployed, we need to deploy CloudTrail for audit logging. This foundational component provides visibility into API activity across your AWS Organization.

StepsActions
Deploy CloudTrailatmos workflow deploy/cloudtrail -f quickstart/foundation/accounts

1 Deploy CloudTrail

Deploy CloudTrail and the CloudTrail bucket to enable audit logging across your organization:

Loading workflow...

This workflow deploys:

  • CloudTrail bucket in core-audit — Centralized S3 bucket for storing CloudTrail logs
  • Organization CloudTrail in core-root — Organization-wide trail that captures API activity from all accounts

Auditing CloudTrail Logs

What's Next?

With CloudTrail deployed, you have completed the accounts layer. The next step is to configure identity and access management.

Next Steps

Now that your accounts are deployed with audit logging enabled, you're ready to set up identity management with IAM Identity Center. Setup Identity