Up until now, in order to get theCloudTrail logs for each of your regions, you had to manually turn on CloudTrail in each desired region. This was time-consuming and error-prone.

As of last week, AWS now lets you turn on CloudTrail for all regions simultaneously. By doing so, the logs for the all activity in al regions will be sent to a single S3 bucket.

If you are not familiar with CloudFront, it is a system that logs all activity on your account. By logging all events, you have traceability on any configuration changes made to the account. There is also a digest file provided which ensures the integrity of the logs, which means that the junior sysadmin that just terminated your production database cannot cover up his mistake by modifying the activity logs.