Mods
AWS

Policy: AWS > Turbot > Audit Trail > CloudTrail > Trail > S3 Bucket

The name of an S3 bucket to which the Guardrails Trail will be delivered.

CloudTrail must write to S3, thus this policy is required. The S3 bucket must already exist (the stack will not create it) and the CloudTrail service must be allowed write access. The bucket can reside in any region of any account.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Packs

This policy setting is used by the following policy packs:

Policy Specification

Schema Type
string
Default template
{{ $.bucketName }}
Default template input
- |
{
region {
turbot {
id
}
}
}
- |
{
bucketName: policy(uri:"#/policy/types/loggingBucketDefault", resourceId: "{{ $.region.turbot.id }}")
}

Category

In Your Workspace

Developers