If you're seeing a "missing permissions" error while trying to connect AWS CloudTrail—even when using CloudFormation and the SecurityAudit policy—this guide will help you identify and resolve the issue.
🔍 Why This Happens
There are two common reasons the CloudTrail connection might fail:
-
No CloudTrail trails exist in the AWS account
-
The required IAM permissions are missing from the connected role
Both are required for the platform to collect audit trail data successfully.
✅ What You Need to Do
🧭 Step 1: Check if Trails Exist
-
Open the AWS CloudTrail console
-
Confirm whether any trails are listed
-
If you're unsure, take a screenshot of the dashboard to review
If no trails are present, the connection will fail because there’s no data to pull.
Next steps:
-
If audit logging isn’t needed, you can ignore CloudTrail for this account
-
Otherwise, create a new trail in CloudTrail, then return to the platform and try reconnecting
🔐 Step 2: Check Role Permissions
If trails do exist, check the IAM permissions:
-
Go to IAM > Roles in the AWS Console
-
Select the
Scytale_ReadOnlyrole -
Ensure the
SecurityAuditmanaged policy is attached
This policy is essential for reading CloudTrail settings and events.
Without it, the connection can’t be completed—even if a trail is configured.