This blog post, part of a series on Amazon Verified Permissions, explores how to integrate it with AWS CloudTrail for auditing purposes. AWS CloudTrail records actions taken by users, roles, or AWS services, providing a 90-day event history for free, with options to store events in Amazon S3 or deliver them to CloudWatch Logs. CloudTrail automatically logs all Verified Permissions management events, such as CreatePolicy and DeletePolicy. However, data events like IsAuthorized and BatchIsAuthorized must be explicitly configured through a custom trail, which incurs additional charges. The post demonstrates how to set up a CloudTrail trail specifically for Verified Permissions data events and test it using the Hero API. By correlating CloudTrail records with Verified Permissions policies, teams can track user access to specific resources, enhancing security, compliance, and overall application observability.