Permissions

The AWS CIS v3.0.0 - Section 3 - Logging policy pack requires 5 permissions:

• cloudtrail:UpdateTrail
• kms:DescribeKey
• kms:ListAliases
• kms:ListKeys
• s3:PutBucketLogging