My Saved Presets
You must be logged in to view saved presets

Loading Library ...

CloudTrail

Configuration to enable AWS CloudTrail in an AWS account. CloudTrail provides event history of an AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Configuration templates also include the following:

  • Create a new S3 bucket (default) to store CloudTrail logs or enter the name of an existing S3 bucket.
  • Create a CloudWatch Log Group to store CloudTrail logs, and the IAM Role required for this (Or specify an existing CloudWatch log group and IAM role). 
  • Include Data Events for Lambda, DynamoDB, and/or S3 to record data plane operations
  • Additional CloudTrail settings:
    • Log File Validation
    • Log Encryption with KMS
  • Organization Trail: Creates this trail for the whole AWS Organization. When this option is enabled, the configuration should be deployed in the Orgaizations' management account

Trail
AWS::CloudTrail::Trail


EventSelectors
DataResources *

Values

ExcludeManagementEventSources

Bucket
AWS::S3::Bucket


BucketPolicy
AWS::S3::BucketPolicy


CloudFormation Template

Share Template

© 2024 asecurecloud. All rights reserved.