---
title: AWS CloudTrail trail should have global service events enabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > AWS CloudTrail trail should have global
  service events enabled
---

# AWS CloudTrail trail should have global service events enabled
 
## Description{% #description %}

Ensure that an AWS CloudTrail trail has global service events enabled.

## Rationale{% #rationale %}

Easily troubleshoot security issues for global services that aren't region-specific.

## Remediation{% #remediation %}

### From the console{% #from-the-console %}

By default, trail logs created in the CloudTrail console log global service events. For more information, see the [About global service events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events) docs.

### From the command line{% #from-the-command-line %}

1. Run `aws cloudtrail describe-trails`

1. Run `update-trail` on any returned trail name above to [include-global-service-events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail-by-using-the-aws-cli-update-trail.html).

   ```
   aws cloudtrail update-trail \
       --name <INSERT-TRAIL-NAME> \
       --include-global-service-events
   ```

**NOTE:** The trail must be located in `us-east-1` region to include global service events. Enabling global service events automatically updates the trail to be multi-regional.