Step 2: Add Permissions to Read AWS CloudTrail Logs to the Workflow Role - AWS Lake Formation

Step 2: Add Permissions to Read AWS CloudTrail Logs to the Workflow Role

  1. Attach the following inline policy to the role LakeFormationWorkflowRole. The policy grants permission to read your AWS CloudTrail logs. Name the policy DatalakeGetCloudTrail.

    Important

    Replace <your-s3-cloudtrail-bucket> with the Amazon S3 location of your CloudTrail data.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetObject", "Resource": ["arn:aws:s3:::<your-s3-cloudtrail-bucket>/*"] } ] }
  2. Verify that there are three policies attached to the role.