diff --git a/azurerm/internal/services/sentinel/registration.go b/azurerm/internal/services/sentinel/registration.go
index 1f225cebe7b4..c7825580b462 100644
--- a/azurerm/internal/services/sentinel/registration.go
+++ b/azurerm/internal/services/sentinel/registration.go
@@ -32,6 +32,7 @@ func (r Registration) SupportedResources() map[string]*schema.Resource {
 		"azurerm_sentinel_alert_rule_fusion":                     resourceSentinelAlertRuleFusion(),
 		"azurerm_sentinel_alert_rule_ms_security_incident":       resourceSentinelAlertRuleMsSecurityIncident(),
 		"azurerm_sentinel_alert_rule_scheduled":                  resourceSentinelAlertRuleScheduled(),
+		"azurerm_sentinel_data_connector_aws_cloud_trail":        resourceSentinelDataConnectorAwsCloudTrail(),
 		"azurerm_sentinel_data_connector_azure_active_directory": resourceSentinelDataConnectorAzureActiveDirectory(),
 		"azurerm_sentinel_data_connector_office_365":             resourceSentinelDataConnectorOffice365(),
 		"azurerm_sentinel_data_connector_threat_intelligence":    resourceSentinelDataConnectorThreatIntelligence(),
diff --git a/azurerm/internal/services/sentinel/sentinel_data_connector_aws_cloud_trail.go b/azurerm/internal/services/sentinel/sentinel_data_connector_aws_cloud_trail.go
new file mode 100644
index 000000000000..1200a6c22ee8
--- /dev/null
+++ b/azurerm/internal/services/sentinel/sentinel_data_connector_aws_cloud_trail.go
@@ -0,0 +1,178 @@
+package sentinel
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse"
+	loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse"
+	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceSentinelDataConnectorAwsCloudTrail() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate,
+		Read:   resourceSentinelDataConnectorAwsCloudTrailRead,
+		Update: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate,
+		Delete: resourceSentinelDataConnectorAwsCloudTrailDelete,
+
+		Importer: azSchema.ValidateResourceIDPriorToImportThen(func(id string) error {
+			_, err := parse.DataConnectorID(id)
+			return err
+		}, importSentinelDataConnector(securityinsight.DataConnectorKindAmazonWebServicesCloudTrail)),
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(30 * time.Minute),
+			Read:   schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(30 * time.Minute),
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.StringIsNotEmpty,
+			},
+
+			"log_analytics_workspace_id": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID,
+			},
+
+			"aws_role_arn": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringIsNotEmpty,
+			},
+		},
+	}
+}
+
+func resourceSentinelDataConnectorAwsCloudTrailCreateUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	workspaceId, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string))
+	if err != nil {
+		return err
+	}
+	name := d.Get("name").(string)
+	id := parse.NewDataConnectorID(workspaceId.SubscriptionId, workspaceId.ResourceGroup, workspaceId.WorkspaceName, name)
+
+	if d.IsNewResource() {
+		resp, err := client.Get(ctx, id.ResourceGroup, OperationalInsightsResourceProvider, id.WorkspaceName, name)
+		if err != nil {
+			if !utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("checking for existing %s: %+v", id, err)
+			}
+		}
+
+		if !utils.ResponseWasNotFound(resp.Response) {
+			return tf.ImportAsExistsError("azurerm_sentinel_data_connector_aws_cloud_trail", id.ID())
+		}
+	}
+
+	param := securityinsight.AwsCloudTrailDataConnector{
+		Name: &name,
+		AwsCloudTrailDataConnectorProperties: &securityinsight.AwsCloudTrailDataConnectorProperties{
+			AwsRoleArn: utils.String(d.Get("aws_role_arn").(string)),
+			DataTypes: &securityinsight.AwsCloudTrailDataConnectorDataTypes{
+				Logs: &securityinsight.AwsCloudTrailDataConnectorDataTypesLogs{
+					State: securityinsight.Enabled,
+				},
+			},
+		},
+		Kind: securityinsight.KindAmazonWebServicesCloudTrail,
+	}
+
+	// Service avoid concurrent updates of this resource via checking the "etag" to guarantee it is the same value as last Read.
+	// TODO: following code can be removed once the issue below is fixed:
+	// https://github.com/Azure/azure-rest-api-specs/issues/13203
+	if !d.IsNewResource() {
+		resp, err := client.Get(ctx, id.ResourceGroup, OperationalInsightsResourceProvider, id.WorkspaceName, name)
+		if err != nil {
+			return fmt.Errorf("retrieving %s: %+v", id, err)
+		}
+
+		dc, ok := resp.Value.(securityinsight.AwsCloudTrailDataConnector)
+		if !ok {
+			return fmt.Errorf("%s was not an AWS Cloud Trail Data Connector", id)
+		}
+		param.Etag = dc.Etag
+	}
+
+	if _, err = client.CreateOrUpdate(ctx, id.ResourceGroup, OperationalInsightsResourceProvider, id.WorkspaceName, id.Name, param); err != nil {
+		return fmt.Errorf("creating %s: %+v", id, err)
+	}
+
+	d.SetId(id.ID())
+
+	return resourceSentinelDataConnectorAwsCloudTrailRead(d, meta)
+}
+
+func resourceSentinelDataConnectorAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.DataConnectorID(d.Id())
+	if err != nil {
+		return err
+	}
+	workspaceId := loganalyticsParse.NewLogAnalyticsWorkspaceID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName)
+
+	resp, err := client.Get(ctx, id.ResourceGroup, OperationalInsightsResourceProvider, id.WorkspaceName, id.Name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			log.Printf("[DEBUG] %s was not found - removing from state!", id)
+			d.SetId("")
+			return nil
+		}
+
+		return fmt.Errorf("retrieving %s: %+v", id, err)
+	}
+
+	dc, ok := resp.Value.(securityinsight.AwsCloudTrailDataConnector)
+	if !ok {
+		return fmt.Errorf("%s was not an AWS Cloud Trail Data Connector", id)
+	}
+
+	d.Set("name", id.Name)
+	d.Set("log_analytics_workspace_id", workspaceId.ID())
+	if prop := dc.AwsCloudTrailDataConnectorProperties; prop != nil {
+		d.Set("aws_role_arn", prop.AwsRoleArn)
+	}
+
+	return nil
+}
+
+func resourceSentinelDataConnectorAwsCloudTrailDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.DataConnectorID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	if _, err = client.Delete(ctx, id.ResourceGroup, OperationalInsightsResourceProvider, id.WorkspaceName, id.Name); err != nil {
+		return fmt.Errorf("deleting %s: %+v", id, err)
+	}
+
+	return nil
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
index d748fdfc5e44..00d50a55bdf0 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -2898,11 +2898,15 @@
                 <li>
                   <a href="/docs/providers/azurerm/r/sentinel_alert_rule_scheduled.html">azurerm_sentinel_alert_rule_scheduled</a>
                 </li>
-
+                
+                <li>
+                  <a href="/docs/providers/azurerm/r/sentinel_data_connector_aws_cloud_trail.html">azurerm_sentinel_data_connector_aws_cloud_trail</a>
+                </li>
+                
                 <li>
                   <a href="/docs/providers/azurerm/r/sentinel_data_connector_azure_active_directory.html">azurerm_sentinel_data_connector_azure_active_directory</a>
                 </li>
-
+              
                 <li>
                   <a href="/docs/providers/azurerm/r/sentinel_data_connector_office_365.html">azurerm_sentinel_data_connector_office_365</a>
                 </li>
diff --git a/website/docs/r/sentinel_data_connector_aws_cloud_trail.html.markdown b/website/docs/r/sentinel_data_connector_aws_cloud_trail.html.markdown
new file mode 100644
index 000000000000..dbf717cd1194
--- /dev/null
+++ b/website/docs/r/sentinel_data_connector_aws_cloud_trail.html.markdown
@@ -0,0 +1,66 @@
+---
+subcategory: "Sentinel"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_sentinel_data_connector_aws_cloud_trail"
+description: |-
+  Manages a AWS CloudTrail Data Connector.
+---
+
+# azurerm_sentinel_data_connector_aws_cloud_trail
+
+Manages a AWS CloudTrail Data Connector.
+
+## Example Usage
+
+```hcl
+resource "azurerm_resource_group" "example" {
+  name     = "example-rg"
+  location = "west europe"
+}
+
+resource "azurerm_log_analytics_workspace" "example" {
+  name                = "example-workspace"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  sku                 = "PerGB2018"
+}
+
+resource "azurerm_sentinel_data_connector_aws_cloud_trail" "example" {
+  name                       = "example"
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
+  aws_role_arn               = "arn:aws:iam::000000000000:role/role1"
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `aws_role_arn` - (Required) The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
+
+* `log_analytics_workspace_id` - (Required) The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
+
+* `name` - (Required) The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported:
+
+* `id` - The ID of the AWS CloudTrail Data Connector.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
+
+* `create` - (Defaults to 30 minutes) Used when creating the AWS CloudTrail Data Connector.
+* `read` - (Defaults to 5 minutes) Used when retrieving the AWS CloudTrail Data Connector.
+* `update` - (Defaults to 30 minutes) Used when updating the AWS CloudTrail Data Connector.
+* `delete` - (Defaults to 30 minutes) Used when deleting the AWS CloudTrail Data Connector.
+
+## Import
+
+AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g.
+
+```shell
+terraform import azurerm_sentinel_data_connector_aws_cloud_trail.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1
+```