1. Expel Support Center
  2. Connect your technology
  3. Cloud integrations

AWS CloudTrail setup for Workbench

  • Updated

This article contains links to all the ways you can connect your new or existing AWS CloudTrail to the Expel Workbench.

In this article

Onboarding a new CloudTrail

You can onboard new CloudTrails in 1 of 2 ways:

If you want Expel to create new CloudTrails on your behalf, use our AWS Onboarding Wizard in Workbench.

Note

Creating duplicate CloudTrails can result in additional AWS costs. Do not use the wizard if you want to connect an existing CloudTrail.

Our wizard supports creating new CloudTrails using:

  • CloudFormation Templates: You can use AWS CloudFormation templates to perform the necessary configuration for an individual account or organization. If you’re onboarding an AWS organization, it creates a CloudFormation StackSet to configure the permissions on each account within the organization. It can even automatically run on accounts you create in the future under the organization. Don’t worry, we won’t run anything in your AWS account. We instead populate CloudFormation with the right steps; you review it and decide to execute.

  • Terraform: We present an open source, fully transparent Terraform module which creates necessary AWS resources used to securely transfer CloudTrail logs to Workbench. All of the resources that we allocate are listed here: https://registry.terraform.io/modules/expel-io/cloudtrail/aws/latest?tab=resources. By default, all methods of communication between these resources and AWS and Workbench are secured by encryption. All means of data storage (S3) follow AWS best practices—access logging enabled, bucket versioning enabled, zero public access.

If you're...

use this...

using the wizard, setting up new AWS CloudTrails

go to the wizard

using the wizard, setting up new AWS CloudTrails with Terraform

go to the wizard and select Terraform

Onboarding an existing AWS CloudTrail

To onboard an existing CloudTrail, the instructions vary depending upon your use of AWS Control Tower:

If you're...

use this...

manually setting up new AWS CloudTrails

the new AWS CloudTrail steps

connecting an existing CloudTrail

the existing installation steps

connecting an existing CloudTrail that includes Control Tower

the Control Tower connection steps

Our Product team is developing a process for onboarding an existing CloudTrail using the AWS wizard. We will update this article when the procedure is ready.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

  • Was this article helpful?

  • 0 out of 0 found this helpful

Related articles