{"id":"cloudtrail-cross-account-audit-requires-multi-region-awareness","text":"CloudTrail cross-account audit requires multi-region awareness: AssumeRole events are linked via sharedEventID across accounts, root sign-ins always appear in us-east-1 regardless of location, delegated admins can manage org-wide resources, but Lake dashboards are limited to same-account event data stores.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"cloudtrail-cross-account-audit-requires-multi-region-awareness","truth_value":"IN","reason":"premise"}]}}