Log into the AWS Console and in the search type 'cloudtrail'
2. In the dashboard you can either choose to use an existing trail or create a new trail.
2A. If choosing to create a new trail click on Create Trail button
a) Enter a Trail Name
b) Choose to create a new s3 bucket or save to an existing s3 bucket
c) Disable Log file SSE-KMS encryption
d) Enable CloudWatch logs.
e) Create a new Log group name and note it down
f) Create a New IAM Role called CloudtrailRoleforCloudwatchLogs_{trail-name}
g) Under events choose Management events, API activity - Read and Write
h) Review and finally Create Trail
2B ) If using an existing trail, click on it and check if CloudWatch logs is configured for the trail.
If yes, then note down the Cloudwatch Log Group name and use it for configuration.
If not, then Cloudwatch Logs > Edit
a) Enable CloudWatch logs.
b) Create a new Log group name and note it down
c) Create a New IAM Role called CloudtrailRoleforCloudwatchLogs_{trail-name}
d) Save changes and proceed.
