Enable governance, compliance, operational & risk auditing. Records events of actions by user/role/service through console, CLI, SDK & APIs. Enabled on account by default upon creation & keeps 90 days of activities.
Trail: a configuration to deliver events to an S3 bucket, also deliver & analyze events with CloudWatch (logs & events)
Scope of trails - all region (default when create with console, automatic add new region), single region (default with API & CLI), "organization trail" for multiple accounts within an organization
Timing: typically within 15 minutes since activity, publishes multiple times an hour.
Encryption
Log file integrity