Controlling user permissions for CloudTrail
AWS CloudTrail integrates with AWS Identity and Access Management (IAM) to help you to control access to CloudTrail and other AWS resources that CloudTrail requires. Examples of these resources include Amazon S3 buckets and Amazon Simple Notification Service (Amazon SNS) topics. You can use IAM to control which AWS users can create, configure, or delete CloudTrail trails, event data stores, or channels, start and stop logging, and access the buckets that contain log information. To learn more, see Identity and Access Management for AWS CloudTrail.
The following topics help you understand permissions, policies, and CloudTrail security:
-
An example of a bucket policy for an organization trail in Creating a trail for an organization with the AWS Command Line Interface.
Granting permission to view AWS Config information on the CloudTrail console