AWS requirements for Control Plane auditing

If you would like to configure Control Plane auditing, you should create an S3 bucket and a cross-account IAM role with an attached policy that allows CDP to write to a specific location within the bucket.

To learn more about the auditing feature, refer to Auditing Control Plane activity.

To review the S3 and IAM requirements for auditing, refer to Setting up an AWS policy.