ClickOps #8 - Configure CloudTrail Lake Logging

CloudTrail is available by default in Event History, on a per-account, per-region basis, with a 90-day retention. I prefer to use CloudTrail Lake to centralize logs with 1-year retention, avoiding S3 hassles.

The first step is to delegate CloudTrail administration to a new account to minimize management account overhead.

Switch to the delegated administrator account to start configuring the CloudTrail Lake.

Create event data store

Choose events

Enrich events, enable large events - optional

Termination protection is now enabled by default, so one less step for a new deployment!