diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
index 1a487cad2e3f..a8ac7197c422 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
@@ -924,6 +924,9 @@
           },
           "Get an AAD data connector.": {
             "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json"
+          },
+          "Get an AwsCloudTrail data connector.": {
+            "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json"
           }
         },
         "tags": [
@@ -2224,7 +2227,8 @@
             "AzureSecurityCenter",
             "MicrosoftCloudAppSecurity",
             "ThreatIntelligence",
-            "Office365"
+            "Office365",
+            "AmazonWebServicesCloudTrail"
           ],
           "x-ms-enum": {
             "name": "DataConnectorKind",
@@ -2244,6 +2248,9 @@
               },
               {
                 "value": "Office365"
+              },
+              {
+                "value": "AmazonWebServicesCloudTrail"
               }
             ]
           }
@@ -2363,6 +2370,52 @@
         }
       }
     },
+    "AwsCloudTrailDataConnector": {
+      "x-ms-discriminator-value": "AmazonWebServicesCloudTrail",
+      "type": "object",
+      "description": "Represents Amazon Web Services CloudTrail data connector.",
+      "allOf": [
+          {
+              "$ref": "#/definitions/DataConnector"
+          }
+      ],
+      "properties": {
+          "properties": {
+              "x-ms-client-flatten": true,
+              "description": "Amazon Web Services CloudTrail data connector properties.",
+              "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties"
+          }
+      }
+   },
+    "AwsCloudTrailDataConnectorProperties": {
+        "type": "object",
+        "description": "Amazon Web Services CloudTrail data connector properties.",
+        "properties": {
+            "awsRoleArn": {
+                "type": "string",
+                "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account."
+            },
+            "dataTypes": {
+                "description": "The available data types for the connector.",
+                "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes"
+            }
+        }
+    },
+    "AwsCloudTrailDataConnectorDataTypes": {
+        "type": "object",
+        "description": "The available data types for Amazon Web Services CloudTrail data connector.",
+        "properties": {
+            "logs": {
+                "type": "object",
+                "description": "Logs data type.",
+                "allOf": [
+                    {
+                        "$ref": "#/definitions/DataConnectorDataTypeCommon"
+                    }
+                ]
+            }
+        }
+    },
     "AADDataConnector": {
       "x-ms-discriminator-value": "AzureActiveDirectory",
       "type": "object",
@@ -3334,4 +3387,4 @@
       "x-ms-parameter-location": "method"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json
new file mode 100644
index 000000000000..b8153e3fe5bb
--- /dev/null
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json
@@ -0,0 +1,29 @@
+{
+    "parameters": {
+        "api-version": "2019-01-01-preview",
+        "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+        "resourceGroupName": "myRg",
+        "workspaceName": "myWorkspace",
+        "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights",
+        "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04"
+    },
+    "responses": {
+        "200": {
+            "body": {
+                "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04",
+                "name": "c345bf40-8509-4ed2-b947-50cb773aaf04",
+                "type": "Microsoft.SecurityInsights/dataConnectors",
+                "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+                "kind": "AmazonWebServicesCloudTrail",
+                "properties": {
+                    "awsRoleArn": "myAwsRoleArn",
+                    "dataTypes": {
+                        "logs": {
+                            "state": "Enabled"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
\ No newline at end of file