cloudtrail-cwl-role-two-permissions

Status: IN

The IAM role for CloudTrail-to-CloudWatch Logs integration requires exactly two permissions: `logs:CreateLogStream` and `logs:PutLogEvents`, with a trust policy for `cloudtrail.amazonaws.com`.

Source: entries/2026/03/12/awscloudtrail-latest-userguide-send-cloudtrail-events-to-cloudwatch-logshtml.md

JSON