This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::CloudTrail::Dashboard **Important** CloudTrail Lake will no longer be open to new customers starting May 31, 2026. If you would like to use CloudTrail Lake, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [CloudTrail Lake availability change](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-service-availability-change.html). Creates a custom dashboard or the Highlights dashboard. + **Custom dashboards** - Custom dashboards allow you to query events in any event data store type. You can add up to 10 widgets to a custom dashboard. You can manually refresh a custom dashboard, or you can set a refresh schedule. + **Highlights dashboard** - You can create the Highlights dashboard to see a summary of key user activities and API usage across all your event data stores. CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard every 6 hours. To create the Highlights dashboard, you must set and enable a refresh schedule. CloudTrail runs queries to populate the dashboard's widgets during a manual or scheduled refresh. CloudTrail must be granted permissions to run the `StartQuery` operation on your behalf. To provide permissions, run the `PutResourcePolicy` operation to attach a resource-based policy to each event data store. For more information, see [Example: Allow CloudTrail to run queries to populate a dashboard](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-eds-dashboard) in the *AWS CloudTrail User Guide*. To set a refresh schedule, CloudTrail must be granted permissions to run the `StartDashboardRefresh` operation to refresh the dashboard on your behalf. To provide permissions, run the `PutResourcePolicy` operation to attach a resource-based policy to the dashboard. For more information, see [ Resource-based policy example for a dashboard](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html#security_iam_resource-based-policy-examples-dashboards) in the *AWS CloudTrail User Guide*. For more information about dashboards, see [CloudTrail Lake dashboards](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-dashboard.html) in the *AWS CloudTrail User Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::CloudTrail::Dashboard", "Properties" : { "[Name](#cfn-cloudtrail-dashboard-name)" : String, "[RefreshSchedule](#cfn-cloudtrail-dashboard-refreshschedule)" : RefreshSchedule, "[Tags](#cfn-cloudtrail-dashboard-tags)" : [ Tag, ... ], "[TerminationProtectionEnabled](#cfn-cloudtrail-dashboard-terminationprotectionenabled)" : Boolean, "[Widgets](#cfn-cloudtrail-dashboard-widgets)" : [ Widget, ... ] } } ``` ### YAML ``` Type: AWS::CloudTrail::Dashboard Properties: [Name](#cfn-cloudtrail-dashboard-name): String [RefreshSchedule](#cfn-cloudtrail-dashboard-refreshschedule): RefreshSchedule [Tags](#cfn-cloudtrail-dashboard-tags): - Tag [TerminationProtectionEnabled](#cfn-cloudtrail-dashboard-terminationprotectionenabled): Boolean [Widgets](#cfn-cloudtrail-dashboard-widgets): - Widget ``` ## Properties `Name` The name of the dashboard. The name must be unique to your account. To create the Highlights dashboard, the name must be `AWSCloudTrail-Highlights`. *Required*: No *Type*: String *Pattern*: `^[a-zA-Z0-9_\-]+$` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RefreshSchedule` The schedule for a dashboard refresh. *Required*: No *Type*: [RefreshSchedule](aws-properties-cloudtrail-dashboard-refreshschedule.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` A list of tags. *Required*: No *Type*: Array of [Tag](aws-properties-cloudtrail-dashboard-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TerminationProtectionEnabled` Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Widgets` An array of widgets for a custom dashboard. A custom dashboard can have a maximum of ten widgets. You do not need to specify widgets for the Highlights dashboard. *Required*: No *Type*: Array of [Widget](aws-properties-cloudtrail-dashboard-widget.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt #### `CreatedTimestamp` The timestamp that shows when the dashboard was created. `DashboardArn` The ARN for the dashboard. `Status` The status of the dashboard. `Type` The type of dashboard. `UpdatedTimestamp` The timestamp that shows when the dashboard was updated. ## Examples ### Example: Create a custom dashboard The following example creates a custom dashboard named `AccountActivityDashboard` with four widgets. In this example, a refresh schedule has been set for every 6 hours and termination protection is enabled to prevent the dashboard from being accidentally deleted. #### JSON ``` { "Resources": { "Dashboard": { "Type": "AWS::CloudTrail::Dashboard", "Properties": { "Name": "AccountActivityDashboard", "RefreshSchedule": { "Frequency": { "Unit": "HOURS", "Value": 6 }, "Status": "ENABLED", "TimeOfDay": "00:00" }, "Tags": [{ "Key": "k1", "Value": "v1" }, { "Key": "k2", "Value": "v2" } ], "TerminationProtectionEnabled": true, "Widgets": [{ "ViewProperties": { "Height": "2", "Width": "4", "Title": "TopErrors", "View": "Table" }, "QueryStatement": "SELECT errorCode, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' AND (errorCode is not null) GROUP BY errorCode ORDER BY eventCount DESC LIMIT 100", "QueryParameters": ["$StartTime$", "$EndTime$"] }, { "ViewProperties": { "Height": "2", "Width": "4", "Title": "MostActiveRegions", "View": "PieChart", "LabelColumn": "awsRegion", "ValueColumn": "eventCount", "FilterColumn": "awsRegion" }, "QueryStatement": "SELECT awsRegion, COUNT(*) AS eventCount FROM eds where eventTime > '?' and eventTime < '?' GROUP BY awsRegion ORDER BY eventCount LIMIT 100", "QueryParameters": ["$StartTime$", "$EndTime$"] }, { "ViewProperties": { "Height": "2", "Width": "4", "Title": "AccountActivity", "View": "LineChart", "YAxisColumn": "eventCount", "XAxisColumn": "eventDate", "FilterColumn": "readOnly" }, "QueryStatement": "SELECT DATE_TRUNC('?', eventTime) AS eventDate, IF(readOnly, 'read', 'write') AS readOnly, COUNT(*) as eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY DATE_TRUNC('?', eventTime), readOnly ORDER BY DATE_TRUNC('?', eventTime), readOnly", "QueryParameters": ["$Period$", "$StartTime$", "$EndTime$", "$Period$", "$Period$"] }, { "ViewProperties": { "Height": "2", "Width": "4", "Title": "TopServices", "View": "BarChart", "LabelColumn": "service", "ValueColumn": "eventCount", "FilterColumn": "service", "Orientation": "Horizontal" }, "QueryStatement": "SELECT REPLACE(eventSource, '.amazonaws.com') AS service, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY eventSource ORDER BY eventCount DESC LIMIT 100", "QueryParameters": ["$StartTime$", "$EndTime$"] } ] } } } } ``` #### YAML ``` Resources: Dashboard: Type: 'AWS::CloudTrail::Dashboard' Properties: Name: "AccountActivityDashboard" TerminationProtectionEnabled: true RefreshSchedule: Frequency: Unit: "HOURS" Value: 6 Status: "ENABLED" TimeOfDay: "00:00" Tags: - Key: "k1" Value: "v1" - Key: "k2" Value: "v2" Widgets: - QueryStatement: "SELECT errorCode, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' AND (errorCode is not null) GROUP BY errorCode ORDER BY eventCount DESC LIMIT 100" QueryParameters: - "$StartTime$" - "$EndTime$" ViewProperties: Height: "2" Width: "4" Title: "TopErrors" View: "Table" - QueryStatement: "SELECT awsRegion, COUNT(*) AS eventCount FROM eds where eventTime > '?' and eventTime < '?' GROUP BY awsRegion ORDER BY eventCount LIMIT 100" QueryParameters: - "$StartTime$" - "$EndTime$" ViewProperties: Height: "2" Width: "4" Title: "MostActiveRegions" View: "PieChart" LabelColumn: "awsRegion" ValueColumn: "eventCount" FilterColumn: "awsRegion" - QueryStatement: "SELECT DATE_TRUNC('?', eventTime) AS eventDate, IF(readOnly, 'read', 'write') AS readOnly, COUNT(*) as eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY DATE_TRUNC('?', eventTime), readOnly ORDER BY DATE_TRUNC('?', eventTime), readOnly" QueryParameters: - "$Period$" - "$StartTime$" - "$EndTime$" - "$Period$" - "$Period$" ViewProperties: Height: "2" Width: "4" Title: "AccountActivity" View: "LineChart" YAxisColumn: "eventCount" XAxisColumn: "eventDate" FilterColumn: "readOnly" - QueryStatement: "SELECT REPLACE(eventSource, '.amazonaws.com') AS service, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY eventSource ORDER BY eventCount DESC LIMIT 100" QueryParameters: - "$StartTime$" - "$EndTime$" ViewProperties: Height: "2" Width: "4" Title: "TopServices" View: "BarChart" LabelColumn: "service" ValueColumn: "eventCount" FilterColumn: "service" Orientation: "Horizontal" ``` # AWS::CloudTrail::Dashboard Frequency Specifies the frequency for a dashboard refresh schedule. For a custom dashboard, you can schedule a refresh for every 1, 6, 12, or 24 hours, or every day. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Unit](#cfn-cloudtrail-dashboard-frequency-unit)" : String, "[Value](#cfn-cloudtrail-dashboard-frequency-value)" : Integer } ``` ### YAML ``` [Unit](#cfn-cloudtrail-dashboard-frequency-unit): String [Value](#cfn-cloudtrail-dashboard-frequency-value): Integer ``` ## Properties `Unit` The unit to use for the refresh. For custom dashboards, the unit can be `HOURS` or `DAYS`. For the Highlights dashboard, the `Unit` must be `HOURS`. *Required*: Yes *Type*: String *Allowed values*: `HOURS | DAYS` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value for the refresh schedule. For custom dashboards, the following values are valid when the unit is `HOURS`: `1`, `6`, `12`, `24` For custom dashboards, the only valid value when the unit is `DAYS` is `1`. For the Highlights dashboard, the `Value` must be `6`. *Required*: Yes *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::CloudTrail::Dashboard RefreshSchedule The schedule for a dashboard refresh. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Frequency](#cfn-cloudtrail-dashboard-refreshschedule-frequency)" : Frequency, "[Status](#cfn-cloudtrail-dashboard-refreshschedule-status)" : String, "[TimeOfDay](#cfn-cloudtrail-dashboard-refreshschedule-timeofday)" : String } ``` ### YAML ``` [Frequency](#cfn-cloudtrail-dashboard-refreshschedule-frequency): Frequency [Status](#cfn-cloudtrail-dashboard-refreshschedule-status): String [TimeOfDay](#cfn-cloudtrail-dashboard-refreshschedule-timeofday): String ``` ## Properties `Frequency` The frequency at which you want the dashboard refreshed. *Required*: No *Type*: [Frequency](aws-properties-cloudtrail-dashboard-frequency.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Status` Specifies whether the refresh schedule is enabled. Set the value to `ENABLED` to enable the refresh schedule, or to `DISABLED` to turn off the refresh schedule. *Required*: No *Type*: String *Allowed values*: `ENABLED | DISABLED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TimeOfDay` The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00. *Required*: No *Type*: String *Pattern*: `^[0-9]{2}:[0-9]{2}` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::CloudTrail::Dashboard Tag A custom key-value pair associated with a dashboard resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-cloudtrail-dashboard-tag-key)" : String, "[Value](#cfn-cloudtrail-dashboard-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-cloudtrail-dashboard-tag-key): String [Value](#cfn-cloudtrail-dashboard-tag-value): String ``` ## Properties `Key` The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::CloudTrail::Dashboard Widget Contains information about a widget on a CloudTrail Lake dashboard. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[QueryParameters](#cfn-cloudtrail-dashboard-widget-queryparameters)" : [ String, ... ], "[QueryStatement](#cfn-cloudtrail-dashboard-widget-querystatement)" : String, "[ViewProperties](#cfn-cloudtrail-dashboard-widget-viewproperties)" : {Key: Value, ...} } ``` ### YAML ``` [QueryParameters](#cfn-cloudtrail-dashboard-widget-queryparameters): - String [QueryStatement](#cfn-cloudtrail-dashboard-widget-querystatement): String [ViewProperties](#cfn-cloudtrail-dashboard-widget-viewproperties): Key: Value ``` ## Properties `QueryParameters` The optional query parameters. The following query parameters are valid: `$StartTime$`, `$EndTime$`, and `$Period$`. *Required*: No *Type*: Array of String *Minimum*: `1` *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `QueryStatement` The query statement for the widget. For custom dashboard widgets, you can query across multiple event data stores as long as all event data stores exist in your account. When a query uses `?` with `eventTime`, `?` must be surrounded by single quotes as follows: `'?'`. *Required*: Yes *Type*: String *Pattern*: `(?s).*` *Minimum*: `1` *Maximum*: `10000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ViewProperties` The view properties for the widget. For more information about view properties, see [ View properties for widgets ](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-widget-properties.html) in the *AWS CloudTrail User Guide*. *Required*: No *Type*: Object of String *Pattern*: `^[a-zA-Z0-9._-]{3,128}$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)