IAM Role: AWS/CloudTrail/Metadata
| Permission | Grant |
|---|---|
| cloudtrail:DescribeTrails | Metadata |
| cloudtrail:GetEventSelectors | Metadata |
| cloudtrail:GetInsightSelectors | Metadata |
| cloudtrail:GetTrail | Metadata |
| cloudtrail:GetTrailStatus | Metadata |
| cloudtrail:ListPublicKeys | Metadata |
| cloudtrail:ListTags | Metadata |
| cloudtrail:ListTrails | Metadata |
| cloudtrail:LookupEvents | Metadata |
| kms:ListAliases | Metadata |
| s3:GetBucketLocation | Metadata |
| s3:ListAllMyBuckets | Metadata |