Trail Detail
The Trail Detail page shows comprehensive information about a specific CloudTrail trail, including its configuration, deployment status across accounts, and available management actions.
Accessing Trail Detail
Click on any trail name in the Trail List to open its detail page.
Trail Metadata
The top section of the Trail Detail page displays the trail's configuration:
| Field | Description |
|---|---|
| Name | The trail name (set during creation, cannot be changed). |
| Status | Current trail status displayed as a colored chip. See Trail List - Status Reference. |
| S3 Bucket | The S3 bucket where trail logs are stored. |
| Multi-Region | Whether the trail captures events from all AWS regions or only the home region. |
| Region | The AWS region where the trail was created. |
| Events | A summary of the configured event types (management, data, insight, network activity). |
| Created By | The email address of the user who created the trail. |
| S3 Prefix | The S3 key prefix for log organization (if configured). |
| Created At | The date and time the trail was created. |
If the trail has encountered any errors, an error message is displayed prominently beneath the metadata section.
Action Buttons
The Trail Detail page provides four action buttons:
| Action | Description |
|---|---|
| Add Accounts | Opens a dialog to add additional AWS accounts to the trail. See Adding Accounts. |
| Edit Trail | Opens the Edit Trail page to modify trail configuration. |
| Clone Trail | Opens the Create Trail wizard pre-populated with this trail's settings. See Cloning a Trail. |
| Delete Trail | Opens a confirmation dialog to delete the trail. See Deleting a Trail. |
All action buttons are disabled while the trail has an active operation (creating, updating, deleting). Wait for the current operation to complete before performing additional actions.
Account Status Table
Below the trail metadata, the Account Status Table shows the deployment status of the trail for each AWS account:
| Column | Description |
|---|---|
| Account | The AWS account name and ID. |
| Status | The account-level deployment status (see Account Status Reference). |
| Phase | The current phase of the deployment operation for this account. |
| Trail ARN | The ARN of the CloudTrail trail in the account. Includes a copy button for easy copying. |
| Error | Any error message for this account, if the deployment failed. |
| Updated | The last time the account status was updated. |
| Actions | A Remove button to remove this account from the trail. |
Account Status Reference
Each account in the trail can have one of the following statuses:
| Status | Description |
|---|---|
| completed | Trail is fully deployed and active in this account. |
| in_progress | Trail deployment is actively running. |
| partial_failure | Some operations succeeded but others failed. |
| failed | Trail deployment failed in this account. |
| pending | Deployment has been queued but not started. |
| escalating | Permissions are being escalated to perform the operation. |
| creating_bucket | The S3 bucket is being created in this account. |
| creating_trail | The CloudTrail trail is being created in this account. |
| cleaning_up | Resources are being cleaned up after a failure. |
| deleting | The trail is being deleted from this account. |
| deleting_trail | The CloudTrail trail resource is being removed. |
| deleting_bucket | The S3 bucket is being deleted from this account. |
| updating | The trail configuration is being updated in this account. |
| updating_trail | The CloudTrail trail configuration is being applied. |
| adding_trail | A trail is being added to this account. |
| removing_trail | The trail is being removed from this account. |
| deleted | The trail has been fully removed from this account. |
Auto-Polling
The Account Status Table automatically polls for updates every 5 seconds while any account has an active operation, keeping the status information current in real time.
Adding Accounts
To add more AWS accounts to an existing trail:
- Click Add Accounts on the Trail Detail page
- A dialog appears showing all available AWS accounts that are not already in the trail
- Select the accounts you want to add
- Click Confirm to begin deploying the trail to the selected accounts
- The new accounts appear in the Account Status Table with a
pendingorin_progressstatus
Removing an Account
To remove an account from a trail, click the Remove button in the account's row in the Account Status Table.
You cannot remove an account from a trail in the following situations:
- The trail is currently busy (has an active operation)
- The account hosts the trail's S3 bucket
- It is the last remaining account in the trail
Cloning a Trail
Clicking Clone Trail opens the Create Trail wizard with the current trail's settings pre-populated. This is useful when you want to create a similar trail with minor modifications.
The following settings are carried over from the original trail:
- Multi-region toggle
- Trail region
- Event configuration (management, data, insight, network activity events)
The following settings are not carried over and must be configured fresh:
- Trail name (must be unique)
- Account selection
- S3 bucket configuration
Deleting a Trail
To delete a trail:
- Click Delete Trail on the Trail Detail page
- A confirmation dialog appears
- If the trail created a new S3 bucket (rather than using an existing one), you will see an option to also delete the S3 bucket
- Confirm the deletion
Deleting a trail is permanent. If you choose to also delete the S3 bucket, all stored log data in that bucket will be lost. Ensure you have backed up any logs you need before proceeding.
After deletion, the trail's status changes to deleting and the account statuses update in real time as the cleanup proceeds across accounts.
Related Pages
- Trail List -- Return to the list of all trails
- Edit Trail -- Modify trail configuration
- Create Trail -- Create a new trail or clone this one
- Events -- Learn about event types