| Action | Description | Resource | Condition |
|---|---|---|---|
| cloudtrail:AddTags | Adds one or more tags to a trail, up to a limit of 50. | ??? | - |
| cloudtrail:CreateTrail | Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. | ??? | - |
| cloudtrail:DeleteTrail | Deletes a trail. | ??? | - |
| cloudtrail:DescribeTrails | Retrieves settings for the trail associated with the current region for your account. | ??? | - |
| cloudtrail:GetTrailStatus | Returns a JSON-formatted list of information about the specified trail. | ??? | - |
| cloudtrail:ListPublicKeys | Returns all public keys whose private keys were used to sign the digest files within the specified time range. | ??? | - |
| cloudtrail:ListTags | Lists the tags for the trail in the current region. | ??? | - |
| cloudtrail:LookupEvents | Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account. | ??? | - |
| cloudtrail:RemoveTags | Removes the specified tags from a trail. | ??? | - |
| cloudtrail:StartLogging | Starts the recording of AWS API calls and log file delivery for a trail. | arn:aws:cloudtrail:$region:$account-id:trail/$trailname | - |
| cloudtrail:StopLogging | Suspends the recording of AWS API calls and log file delivery for the specified trail. | arn:aws:cloudtrail:$region:$account-id:trail/$trailname | - |
| cloudtrail:UpdateTrail | Updates the settings that specify delivery of log files. | ??? | - |