Audit Trail needs a number of permissions. The majority of these are standard AWS policies that can be used. They are listed below:
- SecretsManagerReadWrite
- AmazonDocDBFullAccess
- AmazonS3ReadOnlyAccess
- AmazonAPIGatewayAdministrator
- AmazonVPCFullAccess
- AWSCloudFormationFullAccess
- AWSLambda_FullAccess
- AmazonDynamoDBFullAccess
As well as these eight AWS managed policies there is one that we have had to create in order to fine tune the permissions. We have called this: