- Default retention: CloudTrail keeps events for 90 days in its event history.
- For longer retention, configure a trail to deliver logs to Amazon S3.
- Store any combination of:
- Management events
- Data events
- Insights events
Long-Term Analysis
- Archived logs in S3 can be queried using Amazon Athena without moving the data.
- This setup enables auditing, compliance, and historical investigations beyond the default 90-day window.