AWS Organizations emits CloudTrail events for account membership changes

Amazon Web Services has introduced new CloudTrail event logging capabilities for AWS Organizations that automatically tracks account membership changes within organizational structures. The feature generates two new event types—AccountJoinedOrganization and AccountDepartedOrganization—which are automatically emitted to management accounts whenever accounts join or leave an organization, providing security teams with previously unavailable visibility into organizational changes. The AccountJoinedOrganization event captures the method by which an account joined (either Created or Invited) along with timestamp data, while the AccountDepartedOrganization event records departure details including whether the account Left voluntarily, was Removed by administrators, or was Cleaned due to permanent closure. Organizations can integrate these events with CloudWatch alarms or Amazon EventBridge rules to create real-time monitoring and alerting systems for suspicious organizational modifications. The enhancement addresses a significant security gap by enabling automated detection of unauthorized account movements that could indicate compromise or insider threats. Security teams can now implement automated workflows for compliance auditing, fraud detection, and incident response based on organizational membership changes across their AWS environments.