AWS::CloudTrail::Trail

CloudTrail Trail

Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. A maximum of five trails can exist in a region, irrespective of the region in which they were created.

Properties

17 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`IsLogging`	`boolean`	Required
`S3BucketName`	`string`	Required
`AdvancedEventSelectors`	`Array<AdvancedEventSelector>`
`AggregationConfigurations`	`Array<AggregationConfiguration>`
`CloudWatchLogsLogGroupArn`	`string`
`CloudWatchLogsRoleArn`	`string`
`EnableLogFileValidation`	`boolean`
`EventSelectors`	`Array<EventSelector>`
`IncludeGlobalServiceEvents`	`boolean`
`InsightSelectors`	`Array<InsightSelector>`
`IsMultiRegionTrail`	`boolean`
`IsOrganizationTrail`	`boolean`
`KMSKeyId`	`string`
`S3KeyPrefix`	`string`
`SnsTopicName`	`string`
`Tags`	`Array<Tag>`
`TrailName`	`string`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Arn`	`string`	-
`SnsTopicArn`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::CloudTrail::Trail

Resources:
  MyResource:
    Type: AWS::CloudTrail::Trail
    Properties:
      S3BucketName: "my-s3bucketname"
      IsLogging: true
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

read

CloudTrail:GetTrailCloudTrail:GetTrailStatusCloudTrail:ListTagsCloudTrail:GetEventSelectorsCloudTrail:GetInsightSelectorsCloudTrail:GetEventConfigurationCloudTrail:DescribeTrails

create

CloudTrail:CreateTrailCloudTrail:StartLoggingCloudTrail:AddTagsCloudTrail:PutEventSelectorsCloudTrail:PutInsightSelectorsCloudTrail:PutEventConfigurationiam:GetRoleiam:PassRole

update

CloudTrail:UpdateTrailCloudTrail:StartLoggingCloudTrail:StopLoggingCloudTrail:AddTagsCloudTrail:RemoveTagsCloudTrail:PutEventSelectorsCloudTrail:PutInsightSelectorsCloudTrail:PutEventConfiguration

list

CloudTrail:ListTrailsCloudTrail:GetTrailCloudTrail:GetTrailStatusCloudTrail:ListTagsCloudTrail:GetEventSelectorsCloudTrail:GetInsightSelectorsCloudTrail:DescribeTrails

delete

CloudTrail:DeleteTrail

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceCloudTrail

Properties19

Required2

TaggingSupported

Primary IDTrailName

Supported Operations

ReadCreateUpdateListDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

TrailName

Related Resources

External Links

AWS Documentation