CloudWatchLogsLogGroupArn => Str

Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will be delivered.

CloudWatchLogsRoleArn => Str

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

IncludeGlobalServiceEvents => Bool

Specifies whether the trail is publishing events from global services such as IAM to the log files.

IsMultiRegionTrail => Bool

Specifies whether the trail exists in one region or in all regions.

IsOrganizationTrail => Bool

Specifies whether the trail is an organization trail.

KmsKeyId => Str

Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the format:


LogFileValidationEnabled => Bool

Specifies whether log file integrity validation is enabled.

Name => Str

Specifies the name of the trail.

S3BucketName => Str

Specifies the name of the Amazon S3 bucket designated for publishing log files.

S3KeyPrefix => Str

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files (

SnsTopicARN => Str

Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The format of a topic ARN is:


SnsTopicName => Str

This field is deprecated. Use SnsTopicARN.

TrailARN => Str

Specifies the ARN of the trail that was updated. The format of a trail ARN is:


_request_id => Str