← Back

AWS CloudTrail Cost Optimization Guide

Service Overview

What is AWS CloudTrail?

• Service that enables governance, compliance, operational auditing, and risk auditing
• Tracks user activity and API calls across AWS infrastructure
• Provides event history, trails, CloudTrail Lake, and CloudTrail Insights capabilities
• Essential for security monitoring, compliance, and operational troubleshooting

Why Cost Optimization Matters

• CloudTrail costs can escalate quickly with high-volume API activity
• Data events and duplicate trails are common cost drivers
• CloudTrail Lake ingestion and retention can become expensive at scale
• Proper configuration can reduce costs by 60-80% while maintaining compliance

---

Cost Analysis & Monitoring

Key Cost Drivers

Primary Cost Components:

• **Management Events**: First copy FREE, additional copies $2.00 per 100,000 events
• **Data Events**: $0.10 per 100,000 events (all copies charged)
• **CloudTrail Insights**: $0.35 per 100,000 events analyzed per Insight type
• **CloudTrail Lake Ingestion**: $0.75/GB (management/data), $0.50/GB (other events)
• **CloudTrail Lake Retention**: $0.023/GB from Year 2, tiered pricing for 7-year retention
• **CloudTrail Lake Analysis**: $0.005 per GB scanned

Cost Allocation Tags:

• `Environment` (prod, staging, dev)
• `ComplianceRequirement` (SOX, PCI, HIPAA)
• `LoggingPurpose` (security, audit, operations)
• `DataClassification` (sensitive, internal, public)

Using the Power's Tools

Get CloudTrail costs by usage type:

usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}}"
})

Analyze CloudTrail usage patterns:

usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "granularity": "DAILY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"RESOURCE_ID\"}]",
  "metrics": "[\"UsageQuantity\", \"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}}"
})

Get CloudTrail pricing information:

usePower("aws-cost-optimization", "awslabs.aws-pricing-mcp-server", "get_pricing", {
  "service_code": "AWSCloudTrail",
  "region": ["us-east-1", "us-west-2"],
  "filters": [
    {"Field": "productFamily", "Value": "API Request", "Type": "EQUALS"}
  ]
})

Monitor CloudTrail API activity:

usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "get_metric_statistics", {
  "namespace": "AWS/CloudTrailMetrics",
  "metric_name": "EventCount",
  "dimensions": [{"Name": "TrailName", "Value": "my-organization-trail"}],
  "start_time": "2024-11-01T00:00:00Z",
  "end_time": "2024-12-01T00:00:00Z",
  "period": 3600,
  "statistics": ["Sum"]
})

---

Optimization Strategies

1. Management Events Optimization

Strategy Overview:

First copy of management events is FREE, but additional copies cost $2.00 per 100,000 events. Eliminate duplicate trails to avoid unnecessary charges.

Implementation Steps:

1. Audit current trail configuration:

   usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
     "operation": "getCostAndUsage",
     "start_date": "2024-11-01",
     "end_date": "2024-12-01",
     "granularity": "MONTHLY",
     "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
     "metrics": "[\"UnblendedCost\"]",
     "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"PaidEventsRecorded\"]}}]}"
   })

2. Identify duplicate trails:

• Look for "PaidEventsRecorded" charges in billing
• Review trails across all regions and accounts
• Check for overlapping trail configurations

3. Implement organization trails:

• Create single organization-wide trail for management events
• Enable across all regions and accounts
• Disable duplicate regional/account-specific trails

4. Use S3 replication instead of multiple trails:

• When multiple copies needed, use S3 bucket replication
• Much cheaper than maintaining duplicate CloudTrail configurations

2. Data Events Optimization

Strategy Overview:

All data events are charged at $0.10 per 100,000 events. Selective enablement and filtering can dramatically reduce costs.

Implementation Steps:

1. Analyze current data event costs:

   usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
     "operation": "getCostAndUsage",
     "start_date": "2024-11-01",
     "end_date": "2024-12-01",
     "granularity": "DAILY",
     "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
     "metrics": "[\"UsageQuantity\", \"UnblendedCost\"]",
     "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"DataEvents\"]}}]}"
   })

2. Implement selective enablement:

• Enable data events only on critical resources
• Select specific S3 buckets instead of all buckets
• Choose specific Lambda functions instead of all functions
• Focus on production and sensitive resources

3. Configure event selectors (up to 5 per trail):

• Filter by specific operations (e.g., only DeleteObject operations)
• Filter by specific resources using ARNs
• Exclude high-volume, low-value operations

4. Filter out high-volume events:

• Exclude KMS events (can be very high volume)
• Filter out RDS API events if not needed
• Remove routine operational events that don't add security value

3. CloudTrail Insights Optimization

Strategy Overview:

CloudTrail Insights costs $0.35 per 100,000 events analyzed per Insight type. Enable selectively on critical trails only.

Implementation Steps:

1. Analyze Insights costs:

   usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
     "operation": "getCostAndUsage",
     "start_date": "2024-11-01",
     "end_date": "2024-12-01",
     "granularity": "MONTHLY",
     "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
     "metrics": "[\"UnblendedCost\"]",
     "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"InsightEvents\"]}}]}"
   })

2. Enable selectively:

• Focus on trails monitoring critical infrastructure
• Enable only necessary Insight types
• Consider business value vs cost for each Insight type

3. Monitor Insights effectiveness:

   usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "get_metric_statistics", {
     "namespace": "AWS/CloudTrailMetrics",
     "metric_name": "InsightCount",
     "dimensions": [{"Name": "TrailName", "Value": "critical-infrastructure-trail"}],
     "start_time": "2024-11-01T00:00:00Z",
     "end_time": "2024-12-01T00:00:00Z",
     "period": 86400,
     "statistics": ["Sum"]
   })

4. CloudTrail Lake Optimization

Strategy Overview:

CloudTrail Lake has ingestion, retention, and analysis costs. Optimize through selective ingestion and query efficiency.

Implementation Steps:

1. Analyze CloudTrail Lake costs:

   usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
     "operation": "getCostAndUsage",
     "start_date": "2024-11-01",
     "end_date": "2024-12-01",
     "granularity": "MONTHLY",
     "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
     "metrics": "[\"UnblendedCost\"]",
     "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"CloudTrailLake-Ingestion\", \"CloudTrailLake-Storage\", \"CloudTrailLake-Query\"]}}]}"
   })

2. Optimize ingestion:

• Use filters to select read and/or write events only
• Exclude high-volume KMS and RDS API events
• Filter by event source and event name

3. Choose appropriate retention:

• 1-year extendable: Lower cost, flexible retention
• 7-year retention: Tiered pricing for compliance requirements
• Match retention to actual compliance needs

4. Optimize queries:

• Always constrain queries with eventTime ranges
• Use specific filters to reduce data scanned
• Monitor query costs and optimize frequently-run queries

5. Storage and Delivery Optimization

Strategy Overview:

Optimize where CloudTrail logs are delivered and how long they're retained to minimize storage costs.

Implementation Steps:

1. Configure S3 lifecycle policies:

   // Monitor S3 storage costs for CloudTrail logs
   usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
     "operation": "getCostAndUsage",
     "start_date": "2024-11-01",
     "end_date": "2024-12-01",
     "granularity": "MONTHLY",
     "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
     "metrics": "[\"UnblendedCost\"]",
     "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"Amazon Simple Storage Service\"]}}"
   })

2. Set up S3 transition rules:

• Move logs to IA after 30 days
• Move to Glacier after 90 days
• Move to Deep Archive after 1 year (if compliance allows)

3. Configure CloudWatch Logs retention:

• Set retention periods based on operational needs
• Delete logs after 30-90 days if stored elsewhere
• Monitor CloudWatch Logs costs

4. Optimize delivery locations:

• S3: Cost-effective for long-term storage
• CloudWatch Logs: Good for real-time monitoring (higher cost)
• EventBridge: For event-driven processing

6. Operational Monitoring & Alerting

Cost-Performance Correlation:

Monitor CloudTrail usage patterns and costs to identify optimization opportunities and unusual activity.

Implementation Examples:

// Monitor CloudTrail cost-related alarms
usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "describe_alarms", {
  "alarm_name_prefix": "CloudTrailCost",
  "state_value": "ALARM"
})

// Analyze CloudTrail event volume trends
usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "get_metric_statistics", {
  "namespace": "AWS/CloudTrailMetrics",
  "metric_name": "EventCount",
  "start_time": "2024-11-01T00:00:00Z",
  "end_time": "2024-12-01T00:00:00Z",
  "period": 86400,
  "statistics": ["Sum"]
})

---

Common Cost Pitfalls & Solutions

Pitfall 1: Duplicate Management Event Trails

Problem Description:

Multiple trails capturing the same management events across regions or accounts, resulting in "PaidEventsRecorded" charges.

Detection:

// Look for paid management events charges
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"PaidEventsRecorded\"]}}]}"
})

Solution:

• Audit all trails across regions and accounts
• Implement single organization-wide trail for management events
• Disable duplicate regional trails
• Use S3 replication for multiple copies instead of multiple trails

Pitfall 2: Unfiltered Data Events on All Resources

Problem Description:

Enabling data events on all S3 buckets or Lambda functions without filtering, generating massive volumes of low-value events.

Detection:

// Analyze data events volume and cost
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "granularity": "DAILY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UsageQuantity\", \"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"DataEvents\"]}}]}"
})

Solution:

• Enable data events only on critical resources
• Use event selectors to filter by specific operations
• Focus on security-relevant events (DeleteObject, not GetObject)
• Exclude high-volume, routine operations

Pitfall 3: Inefficient CloudTrail Lake Queries

Problem Description:

Running broad queries without time constraints or filters, scanning unnecessary data and incurring high analysis costs.

Detection:

// Monitor CloudTrail Lake query costs
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "granularity": "DAILY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UsageQuantity\", \"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"CloudTrailLake-Query\"]}}]}"
})

Solution:

• Always include eventTime constraints in queries
• Use specific filters to reduce data scanned
• Optimize frequently-run queries
• Consider caching results for repeated analysis

---

Real-World Scenarios

Scenario 1: Enterprise Multi-Account CloudTrail Optimization

Situation:

Large enterprise with 50 AWS accounts, each with regional CloudTrail trails. High costs from duplicate management events and unfiltered data events.

Analysis Approach:

// Step 1: Analyze current CloudTrail costs across organization
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-10-01",
  "end_date": "2024-11-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"LINKED_ACCOUNT\"}, {\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}}"
})

// Step 2: Identify paid events (duplicate trails)
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-10-01",
  "end_date": "2024-11-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"LINKED_ACCOUNT\"}]",
  "metrics": "[\"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"PaidEventsRecorded\"]}]}"
})

// Step 3: Analyze data events volume
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-10-01",
  "end_date": "2024-11-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UsageQuantity\", \"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"DataEvents\"]}]}"
})

Solution Implementation:

1. Consolidate to organization trail - Single trail for all management events

2. Eliminate duplicate trails - Remove 150+ regional trails across accounts

3. Selective data events - Enable only on production S3 buckets and critical Lambda functions

4. Filter high-volume events - Exclude KMS and routine RDS API events

Results:

• **Management events savings**: 95% reduction (eliminated paid events)
• **Data events savings**: 70% reduction through selective enablement
• **Total cost savings**: 80-85% reduction in monthly CloudTrail costs

Scenario 2: Compliance-Driven CloudTrail Lake Optimization

Situation:

Financial services company with 7-year retention requirements using CloudTrail Lake. High ingestion and storage costs from unfiltered events.

Analysis Approach:

// Analyze CloudTrail Lake costs by component
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-09-01",
  "end_date": "2024-12-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"USAGE_TYPE\"}]",
  "metrics": "[\"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}, \"And\": [{\"Dimensions\": {\"Key\": \"USAGE_TYPE\", \"Values\": [\"CloudTrailLake-Ingestion\", \"CloudTrailLake-Storage\", \"CloudTrailLake-Query\"]}}]}"
})

Solution Implementation:

1. Filter ingestion events - Exclude KMS and RDS API events (60% volume reduction)

2. Optimize retention strategy - Use 7-year tiered pricing for compliance data

3. Query optimization - Implement time-constrained queries with specific filters

4. Selective event sources - Focus on security-relevant event sources only

Results:

• **Ingestion cost savings**: 60% reduction through filtering
• **Query cost savings**: 75% reduction through optimization
• **Maintained compliance**: Full 7-year retention for required events
• **Total cost savings**: 65% reduction while meeting regulatory requirements

---

Integration with Other Services

Cost Impact of Service Integrations

Common Integration Patterns:

• **Amazon S3**: CloudTrail log storage with lifecycle policies
• **CloudWatch Logs**: Real-time log streaming and monitoring
• **AWS Config**: Combined compliance and configuration monitoring
• **Amazon EventBridge**: Event-driven processing of CloudTrail events
• **AWS Security Hub**: Centralized security findings from CloudTrail

Cross-Service Optimization:

• Coordinate S3 lifecycle policies with compliance requirements
• Use EventBridge filtering to reduce downstream processing costs
• Optimize CloudWatch Logs retention based on operational needs
• Integrate with Security Hub to reduce duplicate security monitoring

Analysis Commands:

// Analyze cross-service costs for CloudTrail ecosystem
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_explorer", {
  "operation": "getCostAndUsage",
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "granularity": "MONTHLY",
  "group_by": "[{\"Type\": \"DIMENSION\", \"Key\": \"SERVICE\"}]",
  "metrics": "[\"UnblendedCost\"]",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\", \"Amazon Simple Storage Service\", \"Amazon CloudWatch Logs\", \"Amazon EventBridge\", \"AWS Config\"]}}"
})

---

Monitoring & Alerting

Key Metrics to Monitor

Cost Metrics:

• Monthly CloudTrail spend by usage type
• Cost per million events for data events
• CloudTrail Lake ingestion and query costs

Usage Metrics:

• Management events volume (free vs paid)
• Data events volume by resource type
• CloudTrail Lake data ingestion rates

Operational Metrics (via CloudWatch):

• Event count trends by trail
• Insights generation frequency
• Query execution patterns in CloudTrail Lake

Recommended Alerts

Budget Alerts:

// Monitor CloudTrail-specific budget performance
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "budgets", {
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}}"
})

Anomaly Detection:

// Set up anomaly monitoring for CloudTrail
usePower("aws-cost-optimization", "awslabs.billing-cost-management-mcp-server", "cost_anomaly", {
  "start_date": "2024-11-01",
  "end_date": "2024-12-01",
  "filters": "{\"Dimensions\": {\"Key\": \"SERVICE\", \"Values\": [\"AWS CloudTrail\"]}}"
})

Operational Alerts:

// Monitor CloudTrail event volume spikes
usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "describe_alarms", {
  "alarm_name_prefix": "CloudTrail",
  "state_value": "ALARM"
})

Dashboard Creation

Key Visualizations:

• Cost trends by CloudTrail usage type
• Event volume trends (management vs data events)
• CloudTrail Lake ingestion and query costs
• Cross-service cost correlation (CloudTrail + S3 + CloudWatch)

Implementation:

// Get existing CloudTrail dashboards
usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "list_dashboards", {})

// Retrieve specific dashboard configuration
usePower("aws-cost-optimization", "awslabs.cloudwatch-mcp-server", "get_dashboard", {
  "dashboard_name": "CloudTrailCostOptimization"
})

---

Best Practices Summary

✅ Do:

• **Use organization trails** - Eliminate duplicate management event charges
• **Enable data events selectively** - Focus on critical resources and security-relevant operations
• **Filter high-volume events** - Exclude KMS and routine RDS API events
• **Optimize CloudTrail Lake queries** - Always use time constraints and specific filters
• **Implement S3 lifecycle policies** - Transition logs to cheaper storage classes over time

❌ Don't:

• **Create duplicate trails** - Avoid paid management events charges
• **Enable data events on all resources** - Massive cost impact with limited security value
• **Run unfiltered CloudTrail Lake queries** - High analysis costs for broad queries
• **Ignore compliance requirements** - Balance cost optimization with regulatory needs
• **Forget about storage costs** - CloudTrail logs in S3 and CloudWatch add up over time

🔄 Regular Review Cycle:

• **Weekly:** Monitor event volume trends and cost spikes
• **Monthly:** Review trail configurations and data event settings
• **Quarterly:** Assess CloudTrail Lake usage and query optimization
• **Annually:** Review compliance requirements and retention policies

---

Additional Resources

AWS Documentation

• [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/)
• [CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/)
• [CloudTrail Lake User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake.html)

Tools & Calculators

• AWS Pricing Calculator for CloudTrail configurations
• CloudTrail event volume estimation tools
• Compliance retention requirement calculators

Related Power Guidance

• S3 cost optimization for CloudTrail log storage
• CloudWatch cost optimization for log streaming
• AWS Config optimization for compliance monitoring

---

Service Code: AWSCloudTrail

Last Updated: January 6, 2025

Review Cycle: Quarterly