For storing logs for more than 90 days, we need to create a trail and trails will send logs into an S3 bucket. In this recipe, we created a multi-region trail. We configured the options to log all events. We can also select from one of the following options: Read-only, Write-only, and None. We configured to log AWS KMS events. We did not enable log insights. 

We did not enable S3 and Lambda data events. Enabling these will log resource operations (data events) that are performed on or within an S3 bucket or a Lambda function. These operations may also be called data plane operations. There is an additional cost for data events. 

We asked AWS to create a new S3 bucket. Under the Advanced link, we used the defaults for the following parameters:

• Log file prefix to make log files easier to browse.
• Encrypt log files with SSE-KMS instead of the default SSE-S3 encryption.
• Enable log file validation to find if a log file was modified, deleted, or unchanged after CloudTrail delivered the log.
• Send SNS notification for every log file delivery to take immediate action. 

We also saw the option to stop logging for a trail on the trail's Configuration page. Stopping logging will stop any new events being sent to the log, but existing logs will be still available.