Mods
AWS

Policy: AWS > Turbot > Audit Trail > CloudTrail > Trail > CloudWatch Role

The name of an IAM role that CloudTrail will assume to write logs to CloudWatch logs.

If CloudWatch Log forwarding is enabled, you must also specify a role that CloudTrail can assume to write the logs. This role must have logs:CreateLogStream and logs:PutLogEvents for the CloudWatch Log Group, and must allow the CloudTrail Service (cloudtrail.amazonaws.com) the ability to assume the role

The role must already exist - the stack wont create it

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
string

Category

In Your Workspace

Developers