Steps to migrate from traditional to multi account CloudTrail
_This message was extracted from a discussion that originally took place in Gruntwork Community Slack. Names and URLs have been removed where appropriate_ **From a customer** Hey there, I have a short question and I hope that I did not miss the documentation for that. As far as I know you added support for the AWS organization cloud trail to the `aws-security-module` in one of the last versions. Is there a migration path or documentation available which describes which steps are required to move from a traditional multi account cloud trail setup to organization trail with the Gruntwork module. Thanks in advance and best regards
**From a grunt** Hi person, I'd actually advise you to use [v0.48.1](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v0.48.1) or later due to a couple of bugs in the initial release of the Organizations CloudTrail feature. The bugs were resolved in that version. Do note the `WARNING` about undeleting the KMS key to ensure that old CloudTrail logs remain readable after updating. No other specific steps are required to migrate. You can bump the version of `terraform-aws-security` (being sure to review the release notes between your current version and `v0.48.1` in case something else changed), then add `cloudtrail_is_organization_trail = true` to `account-baseline-root`, which I assume you're using, and set `enable_cloudtrail = false` in `account-baseline-app` and `account-baseline-security`. This should update the trail to be an Organization trail. Those steps are covered in the [v0.45.3](https://github.com/gruntwork-io/terraform-aws-security/releases/tag/v0.45.3) release notes. I hope this helps!