{ "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awscloudtrail.html", "name": "AWS CloudTrail", "prefix": "cloudtrail", "timestamp": "1781568006", "actions": [ { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AddTags.html", "name": "AddTags", "description": "Grants permission to add one or more tags to a trail, event data store, channel or dashboard, up to a limit of 50", "access": "Tagging", "resources": [ { "name": "channel", "is_required": false }, { "name": "dashboard", "is_required": false }, { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CancelQuery.html", "name": "CancelQuery", "description": "Grants permission to cancel a running query", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateChannel.html", "name": "CreateChannel", "description": "Grants permission to create a channel", "access": "Write", "resources": [ { "name": "channel", "is_required": true }, { "name": "eventdatastore", "is_required": true } ], "conditions": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependents": [ "cloudtrail:AddTags" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateDashboard.html", "name": "CreateDashboard", "description": "Grants permission to create a dashboard", "access": "Write", "resources": [ { "name": "dashboard", "is_required": true } ], "conditions": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependents": [ "cloudtrail:AddTags", "cloudtrail:StartDashboardRefresh", "cloudtrail:StartQuery" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateEventDataStore.html", "name": "CreateEventDataStore", "description": "Grants permission to create an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependents": [ "cloudtrail:AddTags", "iam:CreateServiceLinkedRole", "iam:GetRole", "kms:Decrypt", "kms:GenerateDataKey", "organizations:ListAWSServiceAccessForOrganization" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events", "name": "CreateServiceLinkedChannel", "description": "Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service", "access": "Write", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateTrail.html", "name": "CreateTrail", "description": "Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket", "access": "Write", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependents": [ "cloudtrail:AddTags", "iam:CreateServiceLinkedRole", "iam:GetRole", "organizations:ListAWSServiceAccessForOrganization" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteChannel.html", "name": "DeleteChannel", "description": "Grants permission to delete a channel", "access": "Write", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteDashboard.html", "name": "DeleteDashboard", "description": "Grants permission to delete a dashboard", "access": "Write", "resources": [ { "name": "dashboard", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteEventDataStore.html", "name": "DeleteEventDataStore", "description": "Grants permission to delete an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteResourcePolicy.html", "name": "DeleteResourcePolicy", "description": "Grants permission to delete a resource policy from the provided resource", "access": "Write", "resources": [ { "name": "channel", "is_required": false }, { "name": "dashboard", "is_required": false }, { "name": "eventdatastore", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events", "name": "DeleteServiceLinkedChannel", "description": "Grants permission to delete a service-linked channel", "access": "Write", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteTrail.html", "name": "DeleteTrail", "description": "Grants permission to delete a trail", "access": "Write", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeregisterOrganizationDelegatedAdmin.html", "name": "DeregisterOrganizationDelegatedAdmin", "description": "Grants permission to deregister an AWS Organizations member account as a delegated administrator", "access": "Write", "resources": [], "conditions": [], "dependents": [ "organizations:DeregisterDelegatedAdministrator", "organizations:ListAWSServiceAccessForOrganization" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeQuery.html", "name": "DescribeQuery", "description": "Grants permission to list details for the query", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeTrails.html", "name": "DescribeTrails", "description": "Grants permission to list settings for the trails associated with the current region for your account", "access": "Read", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DisableFederation.html", "name": "DisableFederation", "description": "Grants permission to disable federation of event data store data by using the AWS Glue Data Catalog", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "glue:DeleteDatabase", "glue:DeleteTable", "glue:PassConnection", "lakeformation:DeregisterResource", "lakeformation:RegisterResource" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EnableFederation.html", "name": "EnableFederation", "description": "Grants permission to enable federation of event data store data by using the AWS Glue Data Catalog", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "glue:CreateDatabase", "glue:CreateTable", "iam:GetRole", "iam:PassRole", "lakeformation:DeregisterResource", "lakeformation:RegisterResource" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-query-generator.html", "name": "GenerateQuery", "description": "Grants permission to generate a query for a specified event data store using the CloudTrail Lake query generator", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-results-summary.html", "name": "GenerateQueryResultsSummary", "description": "Grants permission to generate a results summary for specified queries using the CloudTrail natural language generator", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "cloudtrail:GetQueryResults", "kms:Decrypt", "kms:GenerateDataKey" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetChannel.html", "name": "GetChannel", "description": "Grants permission to return information about a specific channel", "access": "Read", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetDashboard.html", "name": "GetDashboard", "description": "Grants permission to list settings for the dashboard", "access": "Read", "resources": [ { "name": "dashboard", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventConfiguration.html", "name": "GetEventConfiguration", "description": "Grants permission to list event configurations that are configured for a trail or an event data store", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventDataStore.html", "name": "GetEventDataStore", "description": "Grants permission to list settings for the event data store", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions", "name": "GetEventDataStoreData", "description": "Grants permission to get data from an event data store by using the AWS Glue Data Catalog", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "kms:Decrypt", "kms:GenerateDataKey" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetEventSelectors.html", "name": "GetEventSelectors", "description": "Grants permission to list settings for event selectors configured for a trail", "access": "Read", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetImport.html", "name": "GetImport", "description": "Grants permission to return information about a specific import", "access": "Read", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetInsightSelectors.html", "name": "GetInsightSelectors", "description": "Grants permission to list CloudTrail Insights selectors that are configured for a trail or event data store", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetQueryResults.html", "name": "GetQueryResults", "description": "Grants permission to fetch results of a complete query", "access": "Read", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "kms:Decrypt", "kms:GenerateDataKey" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetResourcePolicy.html", "name": "GetResourcePolicy", "description": "Grants permission to get the resource policy attached to the provided resource", "access": "Read", "resources": [ { "name": "channel", "is_required": false }, { "name": "dashboard", "is_required": false }, { "name": "eventdatastore", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events", "name": "GetServiceLinkedChannel", "description": "Grants permission to list settings for the service-linked channel", "access": "Read", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrail.html", "name": "GetTrail", "description": "Grants permission to list settings for the trail", "access": "Read", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_GetTrailStatus.html", "name": "GetTrailStatus", "description": "Grants permission to retrieve a JSON-formatted list of information about the specified trail", "access": "Read", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListChannels.html", "name": "ListChannels", "description": "Grants permission to list the channels in the current account, and their source names", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListDashboards.html", "name": "ListDashboards", "description": "Grants permission to list dashboards associated with the current region for your account", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListEventDataStores.html", "name": "ListEventDataStores", "description": "Grants permission to list event data stores associated with the current region for your account", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImportFailures.html", "name": "ListImportFailures", "description": "Grants permission to return a list of failures for the specified import", "access": "Read", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListImports.html", "name": "ListImports", "description": "Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListInsightsData.html", "name": "ListInsightsData", "description": "Grants permission to retrieve data captured by CloudTrail Insights", "access": "List", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListPublicKeys.html", "name": "ListPublicKeys", "description": "Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range", "access": "Read", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListQueries.html", "name": "ListQueries", "description": "Grants permission to list queries associated with an event data store", "access": "List", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events", "name": "ListServiceLinkedChannels", "description": "Grants permission to list service-linked channels associated with the current region for a specified account", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTags.html", "name": "ListTags", "description": "Grants permission to list the tags for trails, event data stores, channels or dashboards in the current region", "access": "Read", "resources": [ { "name": "channel", "is_required": false }, { "name": "dashboard", "is_required": false }, { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTrails.html", "name": "ListTrails", "description": "Grants permission to list trails associated with the current region for your account", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html", "name": "LookupEvents", "description": "Grants permission to look up and retrieve metric data for API activity events captured by CloudTrail that create, update, or delete resources in your account", "access": "Read", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutEventConfiguration.html", "name": "PutEventConfiguration", "description": "Grants permission to create and update event configurations for a trail or an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [], "dependents": [ "iam:CreateServiceLinkedRole", "iam:GetRole" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutEventSelectors.html", "name": "PutEventSelectors", "description": "Grants permission to create and update event selectors for a trail", "access": "Write", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutInsightSelectors.html", "name": "PutInsightSelectors", "description": "Grants permission to create and update CloudTrail Insights selectors for a trail or event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_PutResourcePolicy.html", "name": "PutResourcePolicy", "description": "Grants permission to attach a resource policy to the provided resource", "access": "Write", "resources": [ { "name": "channel", "is_required": false }, { "name": "dashboard", "is_required": false }, { "name": "eventdatastore", "is_required": false } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RegisterOrganizationDelegatedAdmin.html", "name": "RegisterOrganizationDelegatedAdmin", "description": "Grants permission to register an AWS Organizations member account as a delegated administrator", "access": "Write", "resources": [], "conditions": [], "dependents": [ "iam:CreateServiceLinkedRole", "iam:GetRole", "organizations:ListAWSServiceAccessForOrganization", "organizations:RegisterDelegatedAdministrator" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RemoveTags.html", "name": "RemoveTags", "description": "Grants permission to remove tags from a trail, event data store, channel or dashboard", "access": "Tagging", "resources": [ { "name": "channel", "is_required": false }, { "name": "dashboard", "is_required": false }, { "name": "eventdatastore", "is_required": false }, { "name": "trail", "is_required": false } ], "conditions": [ "aws:TagKeys" ], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_RestoreEventDataStore.html", "name": "RestoreEventDataStore", "description": "Grants permission to restore an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-console-queries.html", "name": "SearchSampleQueries", "description": "Grants permission to perform semantic search for CloudTrail Lake sample queries", "access": "Read", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartDashboardRefresh.html", "name": "StartDashboardRefresh", "description": "Grants permission to start a refresh on the specified dashboard", "access": "Write", "resources": [ { "name": "dashboard", "is_required": true } ], "conditions": [], "dependents": [ "cloudtrail:StartQuery" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartEventDataStoreIngestion.html", "name": "StartEventDataStoreIngestion", "description": "Grants permission to start ingestion on an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartImport.html", "name": "StartImport", "description": "Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store", "access": "Write", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartLogging.html", "name": "StartLogging", "description": "Grants permission to start the recording of AWS API calls and log file delivery for a trail", "access": "Write", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StartQuery.html", "name": "StartQuery", "description": "Grants permission to start a new query on a specified event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "kms:Decrypt", "kms:GenerateDataKey" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopEventDataStoreIngestion.html", "name": "StopEventDataStoreIngestion", "description": "Grants permission to stop ingestion on an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopImport.html", "name": "StopImport", "description": "Grants permission to stop a specified import", "access": "Write", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopLogging.html", "name": "StopLogging", "description": "Grants permission to stop the recording of AWS API calls and log file delivery for a trail", "access": "Write", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateChannel.html", "name": "UpdateChannel", "description": "Grants permission to update a channel", "access": "Write", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateDashboard.html", "name": "UpdateDashboard", "description": "Grants permission to update a dashboard", "access": "Write", "resources": [ { "name": "dashboard", "is_required": true } ], "conditions": [], "dependents": [ "cloudtrail:StartDashboardRefresh", "cloudtrail:StartQuery" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateEventDataStore.html", "name": "UpdateEventDataStore", "description": "Grants permission to update an event data store", "access": "Write", "resources": [ { "name": "eventdatastore", "is_required": true } ], "conditions": [], "dependents": [ "iam:CreateServiceLinkedRole", "iam:GetRole", "kms:Decrypt", "kms:GenerateDataKey", "organizations:ListAWSServiceAccessForOrganization" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/viewing-service-linked-channels.html#slc-service-events", "name": "UpdateServiceLinkedChannel", "description": "Grants permission to update the service-linked channel settings for delivery of log data to an AWS service", "access": "Write", "resources": [ { "name": "channel", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateTrail.html", "name": "UpdateTrail", "description": "Grants permission to update the settings that specify delivery of log files", "access": "Write", "resources": [ { "name": "trail", "is_required": true } ], "conditions": [], "dependents": [ "iam:CreateServiceLinkedRole", "iam:GetRole", "organizations:ListAWSServiceAccessForOrganization" ] } ], "resources": [ { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-trails", "name": "trail", "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}", "conditions": [ "aws:ResourceTag/${TagKey}" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-lake", "name": "eventdatastore", "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}", "conditions": [ "aws:ResourceTag/${TagKey}" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html#how-cloudtrail-works-channels", "name": "channel", "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", "conditions": [ "aws:ResourceTag/${TagKey}" ] }, { "url": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html", "name": "dashboard", "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:dashboard/${DashboardName}", "conditions": [ "aws:ResourceTag/${TagKey}" ] } ], "conditions": [ { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", "name": "aws:RequestTag/${TagKey}", "description": "Filters access by the tag key-value pairs in the request", "type": "String" }, { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", "name": "aws:ResourceTag/${TagKey}", "description": "Filters access by the tags attached to the resource", "type": "String" }, { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", "name": "aws:TagKeys", "description": "Filters access by the tag keys in a request", "type": "ArrayOfString" } ] }