AWS Documentation » AWS CloudTrail » User Guide » Working with CloudTrail » Controlling User Permissions for CloudTrail

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Controlling User Permissions for CloudTrail

AWS CloudTrail integrates with AWS Identity and Access Management (IAM), which allows you to control access to CloudTrail and to other AWS resources that CloudTrail requires, including Amazon S3 buckets and Amazon Simple Notification Service (Amazon SNS) topics. You can use AWS Identity and Access Management to control which AWS users can create, configure, or delete AWS CloudTrail trails, start and stop logging, and access the buckets that contain log information. To learn more, see Identity and Access Management for AWS CloudTrail.

The following topics might also help you understand permissions, policies, and CloudTrail security:

• Amazon S3 Bucket Naming Requirements

• Amazon S3 Bucket Policy for CloudTrail

• An example of a bucket policy for an organization trail in Creating a Trail for an Organization with the AWS Command Line Interface.

• Amazon SNS Topic Policy for CloudTrail

• Encrypting CloudTrail Log Files with AWS KMS–Managed Keys (SSE-KMS)

• Default Key Policy Created in CloudTrail Console

• Granting Permission to View AWS Config Information on the CloudTrail Console

• Sharing CloudTrail Log Files Between AWS Accounts

• Required permissions for creating an organization trail

• Using a previously-existing IAM role to add monitoring of an organization trail to Amazon CloudWatch Logs