Cloud Discovery & Visibility (CDV) uses the EventBridge console to get visibility messages and events. The EventBridge console uses Amazon Web Services (AWS) CloudTrail trails to capture API calls made by AWS on behalf of your AWS account, including visibility messages. If your AWS account doesn't have a CloudTrail trail, EventBridge Event rules will not receive messages to pass on to CDV when running visibility jobs. Your AWS account might already have a CloudTrail trail, but if it doesn't, you'll have to create one manually.
For details on creating a new CloudTrail trail, see Creating a trail for your AWS account on the AWS documentation portal.
- The trail must be multi-region.
- Log file validation must be Enabled.
- Management events must include Read and Write API activity.
For example, a valid CloudTrail trail might look like the following.