CloudTrail should be enabled on every Amazon account you own. [This repo](https://github.com/oramco/aws.setup.cloudtrail) contains a script that creates an S3 bucket and enables CloudTrail for all regions in an Amazon account.
## Automation is king
CloudTrail is the only way to facilitate audit tracking of your AWS infrastructure and can be enabled via the GUI console easily. But I prefer to deploy CloudTrail using CloudFormation.
## What this script does
CloudTrail logs to a bucket, so the script creates an S3 bucket with lifecycle rules to transition logs to glacier after three months and drop log files after seven years. An SNS topic is built to receive notifications and CloudTrail is enabled for all regions.
Please provide feedback via [twitter](https://twitter.com/benzoram) or a pull request!