Permissions

The AWS CIS v3.0.0 - Section 3 - Logging policy pack requires 7 permissions:

• cloudtrail:UpdateTrail
• kms:DescribeKey
• kms:DisableKeyRotation
• kms:EnableKeyRotation
• kms:ListAliases
• kms:ListKeys
• s3:PutBucketLogging