Permissions for @turbot/aws-cloudtrail
Taking a look at permissions and associated grant levels for each permission for CloudTrail:
| Permission | Grant Level | Help |
|---|---|---|
| cloudtrail:AddTags | Operator | |
| cloudtrail:CreateTrail | Admin | |
| cloudtrail:DeleteTrail | Admin | |
| cloudtrail:DescribeTrails | Metadata | |
| cloudtrail:GetEventSelectors | Metadata | |
| cloudtrail:GetInsightSelectors | Metadata | |
| cloudtrail:GetTrail | Metadata | |
| cloudtrail:GetTrailStatus | Metadata | |
| cloudtrail:ListPublicKeys | Metadata | |
| cloudtrail:ListTags | Metadata | |
| cloudtrail:ListTrails | Metadata | |
| cloudtrail:LookupEvents | Metadata | CloudTrail events do not contain any data just information about the API call. |
| cloudtrail:PutEventSelectors | Admin | |
| cloudtrail:PutInsightSelectors | Admin | |
| cloudtrail:RemoveTags | Operator | |
| cloudtrail:StartLogging | Operator | |
| cloudtrail:StopLogging | Operator | |
| cloudtrail:UpdateTrail | Admin | |
| kms:ListAliases | Metadata | For console access per http://docs.aws.amazon.com/awscloudtrail/latest/userguide/grant-custom-permissions-for-cloudtrail-users.html |
| s3:GetBucketLocation | Metadata | For console access per http://docs.aws.amazon.com/awscloudtrail/latest/userguide/grant-custom-permissions-for-cloudtrail-users.html |
| s3:ListAllMyBuckets | Metadata | For console access per http://docs.aws.amazon.com/awscloudtrail/latest/userguide/grant-custom-permissions-for-cloudtrail-users.html |