Controlling user permissions for CloudTrail Lake - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Controlling user permissions for CloudTrail Lake

Amazon CloudTrail integrates with Amazon Identity and Access Management (IAM) to help you to control access to CloudTrail Lake and other Amazon resources that CloudTrail requires. You can use IAM to control which Amazon users can create, configure, or delete CloudTrail event data stores, or channels, start and stop event ingestion, and copy trail events. To learn more, see Identity and Access Management for Amazon CloudTrail.

The following topics help you understand permissions, policies, and CloudTrail security: