Skip to main content

Triage AWS CloudTrail Redundant Trails REDUNDANT_GLOBAL_TRAILS

  1. Configure AWS CloudTrail Redundant Trails
  2. Use Case for AWS CloudTrail Redundant Trails
  3. Triage Guides by Violation Type
    1. Triage AWS CloudTrail Redundant Trails REDUNDANT_GLOBAL_TRAILS

Triage Guide for Redundant Global CloudTrail Trails

Step 0: Understand

Why should I care about fixing this issue? Redundant global CloudTrail trails can lead to unnecessary expenses because only the first CloudTrail trail in each account is free, while additional trails incur costs.

Step 1: Validate

How do I ensure that this alert is true and accurate?

  • Data Source: The policy fetches data from the AWS CloudTrail service using ListTrails and GetTrail operations.
  • Manual Retrieval: You can manually list all trails in your account via the AWS Management Console or using AWS CLI command aws cloudtrail describe-trails.
  • Policy Schedule: This policy is reactive, meaning the passage of time alone can change its results.

Step 2: Triage

What is the impact if it is unfixed? Unaddressed redundant global trails will continue to incur unnecessary costs.

  • Does this problem get worse over time if it is unaddressed? No, the cost remains constant but unnecessary.
  • Can remediation cause outages or downtime to any other running service? No, removing redundant CloudTrail trails should not affect other services.

Step 3: Act

What do I do to fix this alarm?

  1. Identify and evaluate all global CloudTrail trails in the AWS Management Console or using AWS CLI.
  2. Determine which trails are redundant and can be safely removed.
  3. Remove the redundant trails via the AWS Management Console or AWS CLI using the aws cloudtrail delete-trail --name <trail_name> command.

Step 4: Reflect

What should I do if this alarm wasn't a good use of time?

  • Adjust thresholds or criteria if needed.
  • Consider disabling the policy if your account's configuration justifies multiple global trails.