Status: IN
Organization trail CloudWatch Logs configuration via the console is restricted to the management account; delegated administrators must use the AWS CLI or CreateTrail/UpdateTrail API.
Source: entries/2026/03/12/awscloudtrail-latest-userguide-send-cloudtrail-events-to-cloudwatch-logshtml.md