{"id":"cloudtrail-cwl-role-two-permissions","text":"The IAM role for CloudTrail-to-CloudWatch Logs integration requires exactly two permissions: `logs:CreateLogStream` and `logs:PutLogEvents`, with a trust policy for `cloudtrail.amazonaws.com`.","truth_value":"IN","source":"entries/2026/03/12/awscloudtrail-latest-userguide-send-cloudtrail-events-to-cloudwatch-logshtml.md","source_url":"","source_hash":"a8a95276c07618d8","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"cloudtrail-cwl-role-two-permissions","truth_value":"IN","reason":"premise"}]}}