Policy: AWS > Turbot > Audit Trail > CloudTrail > Trail > CloudWatch Role
The name of an IAM role that CloudTrail will assume to write logs to CloudWatch logs.
If CloudWatch Log forwarding is enabled, you must also specify a role that CloudTrail can assume to write the logs. This role must have logs:CreateLogStream and logs:PutLogEvents for the CloudWatch Log Group, and must allow the CloudTrail Service (cloudtrail.amazonaws.com) the ability to assume the role
The role must already exist - the stack wont create it
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Policy Specification
Schema Type |
|
---|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceLogging
- tmod:@turbot/aws#/policy/types/trailCloudWatchRole
- turbot graphql policy-type --id "tmod:@turbot/aws#/policy/types/trailCloudWatchRole"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws#/policy/types/trailCloudWatchRole"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI