AWS Stack Parameters for Account-Level CloudTrail

This topic covers the parameters in the CloudFormation template to provision a single account stack. This template creates and configures CloudTrail event-driven pipeline used by Tenable Cloud Security to detect configuration changes in your AWS environment.

Parameter Description Default Value
Stack name

Name of the stack.

Stack name can include letters (A-Z and a-z), numbers (0-9), and dashes (-).

  Cloud Events
Access token for Tenable Cloud Security

Access token that is required for the Tenable Cloud Security SNS subscription.

For more information, see Generate API Tokens.

EventRuleName Name of event rule. TenableTrailMasterEventRule
SNSTopicName SNS topic that acts as the target for event rules triggered by CloudTrail events. TenableSNSTopic
  CloudTrail Configuration
CreateTrail Indicates whether CloudTrail must be created. true

Name of the trail to be created.

Note: This trail is not created if the CreateTrail parameter is set to false.
Enable log file validation Indicates whether CloudTrail validates the integrity of log files. true

Name of the S3 bucket where CloudTrail stores the logs.

Note: To avoid namespace conflicts, the AWS account ID is suffixed to the S3 bucket name. If an S3 bucket with the same name exists within your account, delete it before creating this CloudFormation stack.


Name of the CloudWatch log group to be created.

Note: The log group is not created if the CreateTrail parameter is set to false.
RetentionPeriod Retention period of the CloudWatch log group, in days. 5