In this recipe, we sent logs from one account – the logger account – into another account – the log account. First, we created a trail in the log account. A bucket policy was created that allowed the CloudTrail service to log to the current account's log folder. We modified the bucket policy to allow the CloudTrail service to log to the logger account's log folder. CloudTrail logs each account's log in a folder specific to that account. 

The default bucket policy that was generated by AWS had two statements. The first statement, whose Sid starts with AWSCloudTrailAclCheck, allows CloudTrail to read the bucket's ACL. The second statement, whose Sid starts with AWSCloudTrailWrite, gives CloudTrail permission to write to the specified account's folder. Each account logs into a folder that is specific to that account.

After that, we created a trail in the logger account by specifying the same S3 bucket that we specified in the log account. We went back to the log account and verified the logs that were sent from the logger account. Within the bucket, the logs are present in a folder structure similar to AWSLogs/380701114427/CloudTrail/us-east-1/2019/12/11, where 380701114427 is the account number of the logger account, us-east-1 is the region, and 2019/12/11 is the date.