IAM Role: AWS/CloudTrail/Operator
| Permission | Grant |
|---|
| cloudtrail:AddTags | Operator |
| cloudtrail:RemoveTags | Operator |
| cloudtrail:StartLogging | Operator |
| cloudtrail:StopLogging | Operator |
| cloudtrail:DescribeTrails | Metadata |
| cloudtrail:GetEventSelectors | Metadata |
| cloudtrail:GetInsightSelectors | Metadata |
| cloudtrail:GetTrail | Metadata |
| cloudtrail:GetTrailStatus | Metadata |
| cloudtrail:ListPublicKeys | Metadata |
| cloudtrail:ListTags | Metadata |
| cloudtrail:ListTrails | Metadata |
| cloudtrail:LookupEvents | Metadata |
| kms:ListAliases | Metadata |
| s3:GetBucketLocation | Metadata |
| s3:ListAllMyBuckets | Metadata |
