AWS CloudTrail is an important service that provides logging and monitoring functionality to track user activity and API usage. How does it work? CloudTrail continuously records API calls to AWS services across your AWS environment, then delivers a log file to your S3 bucket. This visibility into user activity and actions is crucial to governance, compliance, and analysis. 

It’s vital to configure CloudTrail to operate in all Regions so that AWS account activity and API calls are captured in all Regions. To do so, Amazon instructs, “In the CloudTrail console, you select yes to apply to all regions in the trail configuration page. If you are using the SDKs or AWS CLI, You set the IsMultiRegionTrail to true.” 

Learn more about CloudTrail in Security at Scale: Logging in AWS and AWS CloudTrail FAQs. 

AWS CloudTrail represents the logging functionality primary to AWS. It can be Multi-Region or Single-Region, but it represents a concatenation and a normalization of all of the logs from the environment. From elastic servers to administrative interfaces, it will collect and report on all of the logs as necessary. It’s also the primary place where CloudWatch will generate alerts from, so it’s something that you definitely want to be sure you have enabled across all of the Regions in your AWS environment.