From 36ae9ce279fb980b4f313a0f691f40560513b8c2 Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 5 Jan 2026 11:36:17 -0500 Subject: [PATCH] update to indicate started actions --- aws/proposals/cloudtrail/README.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/aws/proposals/cloudtrail/README.md b/aws/proposals/cloudtrail/README.md index b35ae900..707ce35a 100644 --- a/aws/proposals/cloudtrail/README.md +++ b/aws/proposals/cloudtrail/README.md @@ -20,8 +20,8 @@ As such, we asked AI about what this means, if we can reduce cost, and if we los What we plan to do: -1. Remove all the non-org cloudtrails from every account and region (other than the one disconnected from our organization, used for the OpenData project). -1. Remove the cloudtrail setup from the baseline (objectlogging is already removed from the baseline). +1. Remove all the non-org cloudtrails from every account and region (other than the one disconnected from our organization, used for the OpenData project). [DONE] +1. Remove the cloudtrail setup from the baseline (objectlogging is already removed from the baseline). [DONE] 1. Remove the objectlog cloudtrail configuration from each account and region. 1. Remove the redundant local account cloudtrail configuration from each account and region. 1. Remove the associated S3 buckets for these cloudtrails (as they are copied into the org trail, and Sentinel is maintaining that). @@ -29,6 +29,24 @@ What we plan to do: To further help keep costs down, we will be adding a lifecycle rule to the Organization CloudTrail bucket, moving data after 30 days to IA, after 90 days to Glacier, and then deleting from Glacier after 18 months. +## Actions + +We have started this process. As of 2026-01-02, all non-organization trails have been disabled. The table below shows the number of trails stopped (and those which +had already been stopped, primarily the inf-objectlogging trails). + +| Organization | trails stopped | trails previously stopped | +|--------------+----------------+---------------------------+ +| ent-gov | 348 | 184 | +| ent-ew | 554 | 342 | +| lab-gov | 41 | 0 | +| TOTAL | 943 | 526 + +A grand total of 1469 trails exist and are stopped. The cleanup of this will take some time, but it will be started immediatley. + +The first full day of trails being off showed a cost of $110 (1-3). A prior day that week, 12-29, showed a cost of $860. This is a savings of $750. It is +likely that our total savings will not always be $750/day, but our 2025 cost for CloudTrail was $212,516, an average of $17,709 per month and $582 per day. +CloudTrail is usage based, so as more stuff is used, more cost will be incurred. + ## Prompt > I have a large AWS environment. My cloudtrail costs are quite high. In each account and region I have a cloudtrail defined. @@ -87,3 +105,6 @@ To optimize costs while maintaining local visibility: * 1.0.0 -- 2025-12-30 - initial + +* 1.0.1 -- 2026-01-05 + - add