Permissions for @turbot/aws-cloudtrail
Taking a look at permissions and associated grant levels for each permission for CloudTrail:
Permission | Grant Level | Help |
---|---|---|
cloudtrail:AddTags | Operator | |
cloudtrail:CreateTrail | Admin | |
cloudtrail:DeleteTrail | Admin | |
cloudtrail:DescribeTrails | Metadata | |
cloudtrail:GetEventSelectors | Metadata | |
cloudtrail:GetInsightSelectors | Metadata | |
cloudtrail:GetTrail | Metadata | |
cloudtrail:GetTrailStatus | Metadata | |
cloudtrail:ListPublicKeys | Metadata | |
cloudtrail:ListTags | Metadata | |
cloudtrail:ListTrails | Metadata | |
cloudtrail:LookupEvents | Metadata | CloudTrail events do not contain any data just information about the API call. |
cloudtrail:PutEventSelectors | Admin | |
cloudtrail:PutInsightSelectors | Admin | |
cloudtrail:RemoveTags | Operator | |
cloudtrail:StartLogging | Operator | |
cloudtrail:StopLogging | Operator | |
cloudtrail:UpdateTrail | Admin | |
kms:ListAliases | Metadata | For console access per http://docs.aws.amazon.com/awscloudtrail/latest/userguide/grant-custom-permissions-for-cloudtrail-users.html |
s3:GetBucketLocation | Metadata | For console access per http://docs.aws.amazon.com/awscloudtrail/latest/userguide/grant-custom-permissions-for-cloudtrail-users.html |
s3:ListAllMyBuckets | Metadata | For console access per http://docs.aws.amazon.com/awscloudtrail/latest/userguide/grant-custom-permissions-for-cloudtrail-users.html |