Skip to main content


Supported platform

  • aws


AWS CloudTrail trail

The aws.cloudtrail.trail object represents an individual AWS CloudTrail configured within an account. For usage, read the aws.cloudtrail resource documentation.


arnstringARN of the trail
namestringName of the trail
kmsKeyaws.kms.keyKMS key used to encrypt the logs
isMultiRegionTrailboolWhether the trail exists in multiple regions (false if single region)
isOrganizationTrailboolWhether trail is an organization trail (logs events for management and member accounts of the organization)
logFileValidationEnabledboolWhether log file validation is enabled
includeGlobalServiceEventsboolWhether API calls from global services are included
s3bucketaws.s3.bucketS3 bucket where trail files are delivered
snsTopicARNstringARN of the SNS topic that the trail uses to send notifications
statusdictJSON list of information about the trail
logGroupaws.cloudwatch.loggroupLog group where trail files are delivered
cloudWatchLogsRoleArnstringRole for logs endpoint to assume when writing to log group
cloudWatchLogsLogGroupArnstringGroup for logs endpoint to assume when writing to log group
eventSelectors[]dictSettings for the trail's configured event selectors
regionstringRegion in which the trail was created (home region)