AWS CloudTrail
User Guide (Version 1.0)

Controlling User Permissions for CloudTrail

AWS CloudTrail integrates with AWS Identity and Access Management (IAM), which allows you to control access to CloudTrail and to other AWS resources that CloudTrail requires, including Amazon S3 buckets and Amazon Simple Notification Service (Amazon SNS) topics. You can use AWS Identity and Access Management to control which AWS users can create, configure, or delete AWS CloudTrail trails, start and stop logging, and access the buckets that contain log information. To learn more, see Identity and Access Management for AWS CloudTrail.

The following topics might also help you understand permissions, policies, and CloudTrail security: