Edit Trail
The Edit Trail page allows you to modify the configuration of an existing CloudTrail trail. You can change the multi-region setting, S3 key prefix, and the full event configuration without recreating the trail.
Accessing Edit Trail
- Navigate to the Trail List
- Click on the trail name to open the Trail Detail page
- Click the Edit Trail button
The Edit Trail button is disabled while the trail has an active operation (creating, updating, or deleting). Wait for the current operation to complete before editing.
Read-Only Fields
The following fields are set during trail creation and cannot be changed:
| Field | Description |
|---|---|
| Trail Name | The name of the trail. To use a different name, clone the trail and create a new one. |
| Region | The AWS region where the trail was created. This is fixed for the lifetime of the trail. |
Editable Fields
Multi-Region Trail
Toggle whether the trail captures events from all AWS regions or only the home region.
- Enabled (recommended) -- The trail records events from every AWS region, providing complete visibility
- Disabled -- The trail only records events from the region specified during creation
S3 Key Prefix
Optionally set or change the S3 key prefix to organize log files within the S3 bucket. For example, setting the prefix to production would store logs under s3://bucket-name/production/AWSLogs/....
Event Configuration
The event configuration section works identically to Step 4 (Event Configuration) of the Create Trail wizard. You can modify all four event types:
- Management Events -- Toggle on/off, set Read/Write type, configure KMS and RDS Data API exclusions
- Data Events -- Add, edit, or remove data event selectors with resource type and ARN filtering
- Insight Events -- Enable or disable API call rate and API error rate insights
- Network Activity Events -- Add, edit, or remove network activity selectors with event source configuration
For detailed information about each event type, see the Events section.
Saving Changes
After making your changes:
- Review the updated configuration
- Click Save to apply the changes
- The trail status changes to updating while the new configuration is deployed across all accounts
- You are returned to the Trail Detail page where you can monitor the update progress
The update is applied to all accounts in the trail simultaneously. The Account Status Table on the Trail Detail page shows the per-account update progress in real time.
What Happens During an Update
When you save edits to a trail:
- The trail status changes to
updating - Each account's status changes to
updating_trailas the new configuration is applied - Accounts transition to
completedas they finish updating - Once all accounts are updated, the trail status changes to
completed - If any accounts fail to update, the trail shows
partial_failure
You cannot make additional edits or perform other trail operations while an update is in progress. Wait for the update to complete before making further changes.
Related Pages
- Trail Detail -- View trail information and status
- Create Trail -- Create a new trail
- Event Configuration -- Detailed event configuration reference
- Events -- Understanding CloudTrail event types