> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.
# CloudTrail
> Configure AWS CloudTrail integration to sync CloudTrail events using S3 into RAD Security
# AWS CloudTrail Setup
This guide walks you through integrating AWS CloudTrail with RAD Security. This integration imports CloudTrail logs directly from your S3 bucket to provide comprehensive visibility into user activity, API usage, and potential security threats.
The setup process involves:
1. Configuring AWS IAM permissions to allow RAD Security to access CloudTrail buckeet.
2. Configuring the integration in RAD Security
## Prerequisites
Before you begin, ensure you have:
* AWS CloudTrail enabled and configured to log to an **Amazon S3 bucket**. Please check details in [official AWS docs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html).
* Access to the AWS account to configure required IAM settings or apply Terraform
* Access to RAD Security app
***
## Step 1. Enabling access to CloudTrail bucket
You can configure this integration using our official Terraform module (recommended) or manually.
We recommend using our official Terraform module to automatically provision the necessary configuration.
### Usage
You can use the guide in the RAD Security app by navigating to *Data sources* -> *Add new* -> *Cloud provider*.
The following confguration needs to be included in the module to allow access to the S3 bucket.
```hcl theme={null}
module "rad-security-connect" {
source = "rad-security/rad-security-connect/aws"
version = "x.x.x"
aws_external_id = ""
readonly_s3_buckets = [
""
]
}
```
For full variable documentation and examples, visit the [RAD Security Terraform Repository](https://github.com/rad-security/terraform-aws-rad-security-connect/blob/main/variables.tf).
If you cannot use our Terraform module, you can create the required role manually.
The role must be called `rad-security-connect ` and provide allow the following statements:
```json theme={null}
{
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::"
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::/*"
}
],
"Version": "2012-10-17"
}
```
It also has to configure include the trust policy to allow cross-account access:
```json theme={null}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::955322216602:role/rad-security-connector"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": ""
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::955322216602:role/rad-security-connector"
},
"Action": "sts:TagSession"
}
]
}
```
***
## Step 2: Confguring the integration in RAD Security app
Navigate to your *Data sources* -> *Integrations* -> *AWS* -> *CloudTrail* -> *Add integration*
Provide the required options.
| Parameter | Description | Example |
| ---------------------------- | ----------------------------------------------------------- | ---------------------- |
| **Integration Name** | | `Production account` |
| **S3 Bucket Name** | The name of the S3 bucket storing CloudTrail logs | `prod-cloudtrail-logs` |
| **S3 Bucket AWS Account ID** | The AWS Account ID of the S3 bucket storing CloudTrail logs | `1234567890` |
Click `Verify` and `Create`.