aws-sdk-cloudtrail 1.0.0.rc1 → 1.0.0.rc2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-cloudtrail.rb +1 -1
- data/lib/aws-sdk-cloudtrail/client.rb +1079 -972
- data/lib/aws-sdk-cloudtrail/client_api.rb +557 -553
- data/lib/aws-sdk-cloudtrail/errors.rb +4 -13
- data/lib/aws-sdk-cloudtrail/resource.rb +12 -14
- data/lib/aws-sdk-cloudtrail/types.rb +1466 -1385
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f4f870ac3f116952ae21e32b33cd141dec97dd4a
|
|
4
|
+
data.tar.gz: 4dcc736b491e565474e8cf6aefcdd52e5f41b46a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4fb1348604584289380867f8d59d96d401a984e4c6fff8fe0fc8c7f5cabbd971beedb9b8ef6e5a3646da5fece98587019143fddc2dbeccf48d7ab8e138448d12
|
|
7
|
+
data.tar.gz: 93b5e3f1c77cba2849294b9f4ca633135749ae287dba21f2d6f0e31a2b97053ec1dbe879b0df47c0e5e730679c4604eef66075eca3dff08453997dbe5829af1b
|
data/lib/aws-sdk-cloudtrail.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# WARNING ABOUT GENERATED CODE
|
|
2
2
|
#
|
|
3
|
-
# This file is generated. See the contributing for
|
|
3
|
+
# This file is generated. See the contributing guide for more information:
|
|
4
4
|
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
|
5
5
|
#
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# WARNING ABOUT GENERATED CODE
|
|
2
2
|
#
|
|
3
|
-
# This file is generated. See the contributing for
|
|
3
|
+
# This file is generated. See the contributing guide for more information:
|
|
4
4
|
# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
|
|
5
5
|
#
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
|
@@ -23,1004 +23,1111 @@ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
|
|
23
23
|
|
|
24
24
|
Aws::Plugins::GlobalConfiguration.add_identifier(:cloudtrail)
|
|
25
25
|
|
|
26
|
-
module Aws
|
|
27
|
-
|
|
28
|
-
class Client < Seahorse::Client::Base
|
|
26
|
+
module Aws::CloudTrail
|
|
27
|
+
class Client < Seahorse::Client::Base
|
|
29
28
|
|
|
30
|
-
|
|
29
|
+
include Aws::ClientStubs
|
|
31
30
|
|
|
32
|
-
|
|
31
|
+
@identifier = :cloudtrail
|
|
33
32
|
|
|
34
|
-
|
|
33
|
+
set_api(ClientApi::API)
|
|
35
34
|
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
35
|
+
add_plugin(Seahorse::Client::Plugins::ContentLength)
|
|
36
|
+
add_plugin(Aws::Plugins::CredentialsConfiguration)
|
|
37
|
+
add_plugin(Aws::Plugins::Logging)
|
|
38
|
+
add_plugin(Aws::Plugins::ParamConverter)
|
|
39
|
+
add_plugin(Aws::Plugins::ParamValidator)
|
|
40
|
+
add_plugin(Aws::Plugins::UserAgent)
|
|
41
|
+
add_plugin(Aws::Plugins::HelpfulSocketErrors)
|
|
42
|
+
add_plugin(Aws::Plugins::RetryErrors)
|
|
43
|
+
add_plugin(Aws::Plugins::GlobalConfiguration)
|
|
44
|
+
add_plugin(Aws::Plugins::RegionalEndpoint)
|
|
45
|
+
add_plugin(Aws::Plugins::ResponsePaging)
|
|
46
|
+
add_plugin(Aws::Plugins::StubResponses)
|
|
47
|
+
add_plugin(Aws::Plugins::IdempotencyToken)
|
|
48
|
+
add_plugin(Aws::Plugins::SignatureV4)
|
|
49
|
+
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
|
51
50
|
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
51
|
+
# @option options [required, Aws::CredentialProvider] :credentials
|
|
52
|
+
# Your AWS credentials. This can be an instance of any one of the
|
|
53
|
+
# following classes:
|
|
54
|
+
#
|
|
55
|
+
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
|
56
|
+
# credentials.
|
|
57
|
+
#
|
|
58
|
+
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
|
59
|
+
# from an EC2 IMDS on an EC2 instance.
|
|
60
|
+
#
|
|
61
|
+
# * `Aws::SharedCredentials` - Used for loading credentials from a
|
|
62
|
+
# shared file, such as `~/.aws/config`.
|
|
63
|
+
#
|
|
64
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
|
65
|
+
#
|
|
66
|
+
# When `:credentials` are not configured directly, the following
|
|
67
|
+
# locations will be searched for credentials:
|
|
68
|
+
#
|
|
69
|
+
# * `Aws.config[:credentials]`
|
|
70
|
+
# * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
|
|
71
|
+
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
|
72
|
+
# * `~/.aws/credentials`
|
|
73
|
+
# * `~/.aws/config`
|
|
74
|
+
# * EC2 IMDS instance profile - When used by default, the timeouts are
|
|
75
|
+
# very aggressive. Construct and pass an instance of
|
|
76
|
+
# `Aws::InstanceProfileCredentails` to enable retries and extended
|
|
77
|
+
# timeouts.
|
|
78
|
+
#
|
|
79
|
+
# @option options [required, String] :region
|
|
80
|
+
# The AWS region to connect to. The configured `:region` is
|
|
81
|
+
# used to determine the service `:endpoint`. When not passed,
|
|
82
|
+
# a default `:region` is search for in the following locations:
|
|
83
|
+
#
|
|
84
|
+
# * `Aws.config[:region]`
|
|
85
|
+
# * `ENV['AWS_REGION']`
|
|
86
|
+
# * `ENV['AMAZON_REGION']`
|
|
87
|
+
# * `ENV['AWS_DEFAULT_REGION']`
|
|
88
|
+
# * `~/.aws/credentials`
|
|
89
|
+
# * `~/.aws/config`
|
|
90
|
+
#
|
|
91
|
+
# @option options [String] :access_key_id
|
|
92
|
+
#
|
|
93
|
+
# @option options [Boolean] :convert_params (true)
|
|
94
|
+
# When `true`, an attempt is made to coerce request parameters into
|
|
95
|
+
# the required types.
|
|
96
|
+
#
|
|
97
|
+
# @option options [String] :endpoint
|
|
98
|
+
# The client endpoint is normally constructed from the `:region`
|
|
99
|
+
# option. You should only configure an `:endpoint` when connecting
|
|
100
|
+
# to test endpoints. This should be avalid HTTP(S) URI.
|
|
101
|
+
#
|
|
102
|
+
# @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
|
|
103
|
+
# The log formatter.
|
|
104
|
+
#
|
|
105
|
+
# @option options [Symbol] :log_level (:info)
|
|
106
|
+
# The log level to send messages to the `:logger` at.
|
|
107
|
+
#
|
|
108
|
+
# @option options [Logger] :logger
|
|
109
|
+
# The Logger instance to send log messages to. If this option
|
|
110
|
+
# is not set, logging will be disabled.
|
|
111
|
+
#
|
|
112
|
+
# @option options [String] :profile ("default")
|
|
113
|
+
# Used when loading credentials from the shared credentials file
|
|
114
|
+
# at HOME/.aws/credentials. When not specified, 'default' is used.
|
|
115
|
+
#
|
|
116
|
+
# @option options [Integer] :retry_limit (3)
|
|
117
|
+
# The maximum number of times to retry failed requests. Only
|
|
118
|
+
# ~ 500 level server errors and certain ~ 400 level client errors
|
|
119
|
+
# are retried. Generally, these are throttling errors, data
|
|
120
|
+
# checksum errors, networking errors, timeout errors and auth
|
|
121
|
+
# errors from expired credentials.
|
|
122
|
+
#
|
|
123
|
+
# @option options [String] :secret_access_key
|
|
124
|
+
#
|
|
125
|
+
# @option options [String] :session_token
|
|
126
|
+
#
|
|
127
|
+
# @option options [Boolean] :simple_json (false)
|
|
128
|
+
# Disables request parameter conversion, validation, and formatting.
|
|
129
|
+
# Also disable response data type conversions. This option is useful
|
|
130
|
+
# when you want to ensure the highest level of performance by
|
|
131
|
+
# avoiding overhead of walking request parameters and response data
|
|
132
|
+
# structures.
|
|
133
|
+
#
|
|
134
|
+
# When `:simple_json` is enabled, the request parameters hash must
|
|
135
|
+
# be formatted exactly as the DynamoDB API expects.
|
|
136
|
+
#
|
|
137
|
+
# @option options [Boolean] :stub_responses (false)
|
|
138
|
+
# Causes the client to return stubbed responses. By default
|
|
139
|
+
# fake responses are generated and returned. You can specify
|
|
140
|
+
# the response data to return or errors to raise by calling
|
|
141
|
+
# {ClientStubs#stub_responses}. See {ClientStubs} for more information.
|
|
142
|
+
#
|
|
143
|
+
# ** Please note ** When response stubbing is enabled, no HTTP
|
|
144
|
+
# requests are made, and retries are disabled.
|
|
145
|
+
#
|
|
146
|
+
# @option options [Boolean] :validate_params (true)
|
|
147
|
+
# When `true`, request parameters are validated before
|
|
148
|
+
# sending the request.
|
|
149
|
+
#
|
|
150
|
+
def initialize(*args)
|
|
151
|
+
super
|
|
152
|
+
end
|
|
139
153
|
|
|
140
|
-
|
|
154
|
+
# @!group API Operations
|
|
141
155
|
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
# Specifies the name of the trail. The name must meet the following
|
|
179
|
-
# requirements:
|
|
180
|
-
#
|
|
181
|
-
# * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
|
|
182
|
-
# underscores (\_), or dashes (-)
|
|
183
|
-
#
|
|
184
|
-
# * Start with a letter or number, and end with a letter or number
|
|
185
|
-
#
|
|
186
|
-
# * Be between 3 and 128 characters
|
|
187
|
-
#
|
|
188
|
-
# * Have no adjacent periods, underscores or dashes. Names like
|
|
189
|
-
# `my-_namespace` and `my--namespace` are invalid.
|
|
190
|
-
#
|
|
191
|
-
# * Not be in IP address format (for example, 192.168.5.4)
|
|
192
|
-
# @option params [required, String] :s3_bucket_name
|
|
193
|
-
# Specifies the name of the Amazon S3 bucket designated for publishing
|
|
194
|
-
# log files. See [Amazon S3 Bucket Naming Requirements][1].
|
|
195
|
-
#
|
|
196
|
-
#
|
|
197
|
-
#
|
|
198
|
-
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
|
|
199
|
-
# @option params [String] :s3_key_prefix
|
|
200
|
-
# Specifies the Amazon S3 key prefix that comes after the name of the
|
|
201
|
-
# bucket you have designated for log file delivery. For more
|
|
202
|
-
# information, see [Finding Your CloudTrail Log Files][1]. The maximum
|
|
203
|
-
# length is 200 characters.
|
|
204
|
-
#
|
|
205
|
-
#
|
|
206
|
-
#
|
|
207
|
-
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
|
|
208
|
-
# @option params [String] :sns_topic_name
|
|
209
|
-
# Specifies the name of the Amazon SNS topic defined for notification of
|
|
210
|
-
# log file delivery. The maximum length is 256 characters.
|
|
211
|
-
# @option params [Boolean] :include_global_service_events
|
|
212
|
-
# Specifies whether the trail is publishing events from global services
|
|
213
|
-
# such as IAM to the log files.
|
|
214
|
-
# @option params [Boolean] :is_multi_region_trail
|
|
215
|
-
# Specifies whether the trail is created in the current region or in all
|
|
216
|
-
# regions. The default is false.
|
|
217
|
-
# @option params [Boolean] :enable_log_file_validation
|
|
218
|
-
# Specifies whether log file integrity validation is enabled. The
|
|
219
|
-
# default is false.
|
|
220
|
-
#
|
|
221
|
-
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
|
222
|
-
# files is broken after one hour. CloudTrail will not create digest
|
|
223
|
-
# files for log files that were delivered during a period in which log
|
|
224
|
-
# file integrity validation was disabled. For example, if you enable log
|
|
225
|
-
# file integrity validation at noon on January 1, disable it at noon on
|
|
226
|
-
# January 2, and re-enable it at noon on January 10, digest files will
|
|
227
|
-
# not be created for the log files delivered from noon on January 2 to
|
|
228
|
-
# noon on January 10. The same applies whenever you stop CloudTrail
|
|
229
|
-
# logging or delete a trail.
|
|
230
|
-
#
|
|
231
|
-
# </note>
|
|
232
|
-
# @option params [String] :cloud_watch_logs_log_group_arn
|
|
233
|
-
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
|
234
|
-
# unique identifier that represents the log group to which CloudTrail
|
|
235
|
-
# logs will be delivered. Not required unless you specify
|
|
236
|
-
# CloudWatchLogsRoleArn.
|
|
237
|
-
# @option params [String] :cloud_watch_logs_role_arn
|
|
238
|
-
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
|
239
|
-
# to a user's log group.
|
|
240
|
-
# @option params [String] :kms_key_id
|
|
241
|
-
# Specifies the KMS key ID to use to encrypt the logs delivered by
|
|
242
|
-
# CloudTrail. The value can be a an alias name prefixed by "alias/", a
|
|
243
|
-
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
|
244
|
-
# globally unique identifier.
|
|
245
|
-
#
|
|
246
|
-
# Examples:
|
|
247
|
-
#
|
|
248
|
-
# * alias/MyAliasName
|
|
249
|
-
#
|
|
250
|
-
# * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
|
|
251
|
-
#
|
|
252
|
-
# * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
|
|
253
|
-
#
|
|
254
|
-
# * 12345678-1234-1234-1234-123456789012
|
|
255
|
-
# @return [Types::CreateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
256
|
-
#
|
|
257
|
-
# * {Types::CreateTrailResponse#name #Name} => String
|
|
258
|
-
# * {Types::CreateTrailResponse#s3_bucket_name #S3BucketName} => String
|
|
259
|
-
# * {Types::CreateTrailResponse#s3_key_prefix #S3KeyPrefix} => String
|
|
260
|
-
# * {Types::CreateTrailResponse#sns_topic_name #SnsTopicName} => String
|
|
261
|
-
# * {Types::CreateTrailResponse#sns_topic_arn #SnsTopicARN} => String
|
|
262
|
-
# * {Types::CreateTrailResponse#include_global_service_events #IncludeGlobalServiceEvents} => Boolean
|
|
263
|
-
# * {Types::CreateTrailResponse#is_multi_region_trail #IsMultiRegionTrail} => Boolean
|
|
264
|
-
# * {Types::CreateTrailResponse#trail_arn #TrailARN} => String
|
|
265
|
-
# * {Types::CreateTrailResponse#log_file_validation_enabled #LogFileValidationEnabled} => Boolean
|
|
266
|
-
# * {Types::CreateTrailResponse#cloud_watch_logs_log_group_arn #CloudWatchLogsLogGroupArn} => String
|
|
267
|
-
# * {Types::CreateTrailResponse#cloud_watch_logs_role_arn #CloudWatchLogsRoleArn} => String
|
|
268
|
-
# * {Types::CreateTrailResponse#kms_key_id #KmsKeyId} => String
|
|
269
|
-
#
|
|
270
|
-
# @example Request syntax with placeholder values
|
|
271
|
-
# resp = client.create_trail({
|
|
272
|
-
# name: "String", # required
|
|
273
|
-
# s3_bucket_name: "String", # required
|
|
274
|
-
# s3_key_prefix: "String",
|
|
275
|
-
# sns_topic_name: "String",
|
|
276
|
-
# include_global_service_events: false,
|
|
277
|
-
# is_multi_region_trail: false,
|
|
278
|
-
# enable_log_file_validation: false,
|
|
279
|
-
# cloud_watch_logs_log_group_arn: "String",
|
|
280
|
-
# cloud_watch_logs_role_arn: "String",
|
|
281
|
-
# kms_key_id: "String",
|
|
282
|
-
# })
|
|
283
|
-
#
|
|
284
|
-
# @example Response structure
|
|
285
|
-
# resp.name #=> String
|
|
286
|
-
# resp.s3_bucket_name #=> String
|
|
287
|
-
# resp.s3_key_prefix #=> String
|
|
288
|
-
# resp.sns_topic_name #=> String
|
|
289
|
-
# resp.sns_topic_arn #=> String
|
|
290
|
-
# resp.include_global_service_events #=> Boolean
|
|
291
|
-
# resp.is_multi_region_trail #=> Boolean
|
|
292
|
-
# resp.trail_arn #=> String
|
|
293
|
-
# resp.log_file_validation_enabled #=> Boolean
|
|
294
|
-
# resp.cloud_watch_logs_log_group_arn #=> String
|
|
295
|
-
# resp.cloud_watch_logs_role_arn #=> String
|
|
296
|
-
# resp.kms_key_id #=> String
|
|
297
|
-
# @overload create_trail(params = {})
|
|
298
|
-
# @param [Hash] params ({})
|
|
299
|
-
def create_trail(params = {}, options = {})
|
|
300
|
-
req = build_request(:create_trail, params)
|
|
301
|
-
req.send_request(options)
|
|
302
|
-
end
|
|
156
|
+
# Adds one or more tags to a trail, up to a limit of 50. Tags must be
|
|
157
|
+
# unique per trail. Overwrites an existing tag's value when a new value
|
|
158
|
+
# is specified for an existing tag key. If you specify a key without a
|
|
159
|
+
# value, the tag will be created with the specified key and a value of
|
|
160
|
+
# null. You can tag a trail that applies to all regions only from the
|
|
161
|
+
# region in which the trail was created (that is, from its home region).
|
|
162
|
+
#
|
|
163
|
+
# @option params [required, String] :resource_id
|
|
164
|
+
# Specifies the ARN of the trail to which one or more tags will be
|
|
165
|
+
# added. The format of a trail ARN is:
|
|
166
|
+
#
|
|
167
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
168
|
+
#
|
|
169
|
+
# @option params [Array<Types::Tag>] :tags_list
|
|
170
|
+
# Contains a list of CloudTrail tags, up to a limit of 50
|
|
171
|
+
#
|
|
172
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
173
|
+
#
|
|
174
|
+
# @example Request syntax with placeholder values
|
|
175
|
+
#
|
|
176
|
+
# resp = client.add_tags({
|
|
177
|
+
# resource_id: "String", # required
|
|
178
|
+
# tags_list: [
|
|
179
|
+
# {
|
|
180
|
+
# key: "String", # required
|
|
181
|
+
# value: "String",
|
|
182
|
+
# },
|
|
183
|
+
# ],
|
|
184
|
+
# })
|
|
185
|
+
#
|
|
186
|
+
# @overload add_tags(params = {})
|
|
187
|
+
# @param [Hash] params ({})
|
|
188
|
+
def add_tags(params = {}, options = {})
|
|
189
|
+
req = build_request(:add_tags, params)
|
|
190
|
+
req.send_request(options)
|
|
191
|
+
end
|
|
303
192
|
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
193
|
+
# Creates a trail that specifies the settings for delivery of log data
|
|
194
|
+
# to an Amazon S3 bucket. A maximum of five trails can exist in a
|
|
195
|
+
# region, irrespective of the region in which they were created.
|
|
196
|
+
#
|
|
197
|
+
# @option params [required, String] :name
|
|
198
|
+
# Specifies the name of the trail. The name must meet the following
|
|
199
|
+
# requirements:
|
|
200
|
+
#
|
|
201
|
+
# * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
|
|
202
|
+
# underscores (\_), or dashes (-)
|
|
203
|
+
#
|
|
204
|
+
# * Start with a letter or number, and end with a letter or number
|
|
205
|
+
#
|
|
206
|
+
# * Be between 3 and 128 characters
|
|
207
|
+
#
|
|
208
|
+
# * Have no adjacent periods, underscores or dashes. Names like
|
|
209
|
+
# `my-_namespace` and `my--namespace` are invalid.
|
|
210
|
+
#
|
|
211
|
+
# * Not be in IP address format (for example, 192.168.5.4)
|
|
212
|
+
#
|
|
213
|
+
# @option params [required, String] :s3_bucket_name
|
|
214
|
+
# Specifies the name of the Amazon S3 bucket designated for publishing
|
|
215
|
+
# log files. See [Amazon S3 Bucket Naming Requirements][1].
|
|
216
|
+
#
|
|
217
|
+
#
|
|
218
|
+
#
|
|
219
|
+
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
|
|
220
|
+
#
|
|
221
|
+
# @option params [String] :s3_key_prefix
|
|
222
|
+
# Specifies the Amazon S3 key prefix that comes after the name of the
|
|
223
|
+
# bucket you have designated for log file delivery. For more
|
|
224
|
+
# information, see [Finding Your CloudTrail Log Files][1]. The maximum
|
|
225
|
+
# length is 200 characters.
|
|
226
|
+
#
|
|
227
|
+
#
|
|
228
|
+
#
|
|
229
|
+
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
|
|
230
|
+
#
|
|
231
|
+
# @option params [String] :sns_topic_name
|
|
232
|
+
# Specifies the name of the Amazon SNS topic defined for notification of
|
|
233
|
+
# log file delivery. The maximum length is 256 characters.
|
|
234
|
+
#
|
|
235
|
+
# @option params [Boolean] :include_global_service_events
|
|
236
|
+
# Specifies whether the trail is publishing events from global services
|
|
237
|
+
# such as IAM to the log files.
|
|
238
|
+
#
|
|
239
|
+
# @option params [Boolean] :is_multi_region_trail
|
|
240
|
+
# Specifies whether the trail is created in the current region or in all
|
|
241
|
+
# regions. The default is false.
|
|
242
|
+
#
|
|
243
|
+
# @option params [Boolean] :enable_log_file_validation
|
|
244
|
+
# Specifies whether log file integrity validation is enabled. The
|
|
245
|
+
# default is false.
|
|
246
|
+
#
|
|
247
|
+
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
|
248
|
+
# files is broken after one hour. CloudTrail will not create digest
|
|
249
|
+
# files for log files that were delivered during a period in which log
|
|
250
|
+
# file integrity validation was disabled. For example, if you enable log
|
|
251
|
+
# file integrity validation at noon on January 1, disable it at noon on
|
|
252
|
+
# January 2, and re-enable it at noon on January 10, digest files will
|
|
253
|
+
# not be created for the log files delivered from noon on January 2 to
|
|
254
|
+
# noon on January 10. The same applies whenever you stop CloudTrail
|
|
255
|
+
# logging or delete a trail.
|
|
256
|
+
#
|
|
257
|
+
# </note>
|
|
258
|
+
#
|
|
259
|
+
# @option params [String] :cloud_watch_logs_log_group_arn
|
|
260
|
+
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
|
261
|
+
# unique identifier that represents the log group to which CloudTrail
|
|
262
|
+
# logs will be delivered. Not required unless you specify
|
|
263
|
+
# CloudWatchLogsRoleArn.
|
|
264
|
+
#
|
|
265
|
+
# @option params [String] :cloud_watch_logs_role_arn
|
|
266
|
+
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
|
267
|
+
# to a user's log group.
|
|
268
|
+
#
|
|
269
|
+
# @option params [String] :kms_key_id
|
|
270
|
+
# Specifies the KMS key ID to use to encrypt the logs delivered by
|
|
271
|
+
# CloudTrail. The value can be a an alias name prefixed by "alias/", a
|
|
272
|
+
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
|
273
|
+
# globally unique identifier.
|
|
274
|
+
#
|
|
275
|
+
# Examples:
|
|
276
|
+
#
|
|
277
|
+
# * alias/MyAliasName
|
|
278
|
+
#
|
|
279
|
+
# * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
|
|
280
|
+
#
|
|
281
|
+
# * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
|
|
282
|
+
#
|
|
283
|
+
# * 12345678-1234-1234-1234-123456789012
|
|
284
|
+
#
|
|
285
|
+
# @return [Types::CreateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
286
|
+
#
|
|
287
|
+
# * {Types::CreateTrailResponse#name #name} => String
|
|
288
|
+
# * {Types::CreateTrailResponse#s3_bucket_name #s3_bucket_name} => String
|
|
289
|
+
# * {Types::CreateTrailResponse#s3_key_prefix #s3_key_prefix} => String
|
|
290
|
+
# * {Types::CreateTrailResponse#sns_topic_name #sns_topic_name} => String
|
|
291
|
+
# * {Types::CreateTrailResponse#sns_topic_arn #sns_topic_arn} => String
|
|
292
|
+
# * {Types::CreateTrailResponse#include_global_service_events #include_global_service_events} => Boolean
|
|
293
|
+
# * {Types::CreateTrailResponse#is_multi_region_trail #is_multi_region_trail} => Boolean
|
|
294
|
+
# * {Types::CreateTrailResponse#trail_arn #trail_arn} => String
|
|
295
|
+
# * {Types::CreateTrailResponse#log_file_validation_enabled #log_file_validation_enabled} => Boolean
|
|
296
|
+
# * {Types::CreateTrailResponse#cloud_watch_logs_log_group_arn #cloud_watch_logs_log_group_arn} => String
|
|
297
|
+
# * {Types::CreateTrailResponse#cloud_watch_logs_role_arn #cloud_watch_logs_role_arn} => String
|
|
298
|
+
# * {Types::CreateTrailResponse#kms_key_id #kms_key_id} => String
|
|
299
|
+
#
|
|
300
|
+
# @example Request syntax with placeholder values
|
|
301
|
+
#
|
|
302
|
+
# resp = client.create_trail({
|
|
303
|
+
# name: "String", # required
|
|
304
|
+
# s3_bucket_name: "String", # required
|
|
305
|
+
# s3_key_prefix: "String",
|
|
306
|
+
# sns_topic_name: "String",
|
|
307
|
+
# include_global_service_events: false,
|
|
308
|
+
# is_multi_region_trail: false,
|
|
309
|
+
# enable_log_file_validation: false,
|
|
310
|
+
# cloud_watch_logs_log_group_arn: "String",
|
|
311
|
+
# cloud_watch_logs_role_arn: "String",
|
|
312
|
+
# kms_key_id: "String",
|
|
313
|
+
# })
|
|
314
|
+
#
|
|
315
|
+
# @example Response structure
|
|
316
|
+
#
|
|
317
|
+
# resp.name #=> String
|
|
318
|
+
# resp.s3_bucket_name #=> String
|
|
319
|
+
# resp.s3_key_prefix #=> String
|
|
320
|
+
# resp.sns_topic_name #=> String
|
|
321
|
+
# resp.sns_topic_arn #=> String
|
|
322
|
+
# resp.include_global_service_events #=> Boolean
|
|
323
|
+
# resp.is_multi_region_trail #=> Boolean
|
|
324
|
+
# resp.trail_arn #=> String
|
|
325
|
+
# resp.log_file_validation_enabled #=> Boolean
|
|
326
|
+
# resp.cloud_watch_logs_log_group_arn #=> String
|
|
327
|
+
# resp.cloud_watch_logs_role_arn #=> String
|
|
328
|
+
# resp.kms_key_id #=> String
|
|
329
|
+
#
|
|
330
|
+
# @overload create_trail(params = {})
|
|
331
|
+
# @param [Hash] params ({})
|
|
332
|
+
def create_trail(params = {}, options = {})
|
|
333
|
+
req = build_request(:create_trail, params)
|
|
334
|
+
req.send_request(options)
|
|
335
|
+
end
|
|
324
336
|
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
# @option params [Boolean] :include_shadow_trails
|
|
350
|
-
# Specifies whether to include shadow trails in the response. A shadow
|
|
351
|
-
# trail is the replication in a region of a trail that was created in a
|
|
352
|
-
# different region. The default is true.
|
|
353
|
-
# @return [Types::DescribeTrailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
354
|
-
#
|
|
355
|
-
# * {Types::DescribeTrailsResponse#trail_list #trailList} => Array<Types::Trail>
|
|
356
|
-
#
|
|
357
|
-
# @example Request syntax with placeholder values
|
|
358
|
-
# resp = client.describe_trails({
|
|
359
|
-
# trail_name_list: ["String"],
|
|
360
|
-
# include_shadow_trails: false,
|
|
361
|
-
# })
|
|
362
|
-
#
|
|
363
|
-
# @example Response structure
|
|
364
|
-
# resp.trail_list #=> Array
|
|
365
|
-
# resp.trail_list[0].name #=> String
|
|
366
|
-
# resp.trail_list[0].s3_bucket_name #=> String
|
|
367
|
-
# resp.trail_list[0].s3_key_prefix #=> String
|
|
368
|
-
# resp.trail_list[0].sns_topic_name #=> String
|
|
369
|
-
# resp.trail_list[0].sns_topic_arn #=> String
|
|
370
|
-
# resp.trail_list[0].include_global_service_events #=> Boolean
|
|
371
|
-
# resp.trail_list[0].is_multi_region_trail #=> Boolean
|
|
372
|
-
# resp.trail_list[0].home_region #=> String
|
|
373
|
-
# resp.trail_list[0].trail_arn #=> String
|
|
374
|
-
# resp.trail_list[0].log_file_validation_enabled #=> Boolean
|
|
375
|
-
# resp.trail_list[0].cloud_watch_logs_log_group_arn #=> String
|
|
376
|
-
# resp.trail_list[0].cloud_watch_logs_role_arn #=> String
|
|
377
|
-
# resp.trail_list[0].kms_key_id #=> String
|
|
378
|
-
# resp.trail_list[0].has_custom_event_selectors #=> Boolean
|
|
379
|
-
# @overload describe_trails(params = {})
|
|
380
|
-
# @param [Hash] params ({})
|
|
381
|
-
def describe_trails(params = {}, options = {})
|
|
382
|
-
req = build_request(:describe_trails, params)
|
|
383
|
-
req.send_request(options)
|
|
384
|
-
end
|
|
337
|
+
# Deletes a trail. This operation must be called from the region in
|
|
338
|
+
# which the trail was created. `DeleteTrail` cannot be called on the
|
|
339
|
+
# shadow trails (replicated trails in other regions) of a trail that is
|
|
340
|
+
# enabled in all regions.
|
|
341
|
+
#
|
|
342
|
+
# @option params [required, String] :name
|
|
343
|
+
# Specifies the name or the CloudTrail ARN of the trail to be deleted.
|
|
344
|
+
# The format of a trail ARN is:
|
|
345
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
346
|
+
#
|
|
347
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
348
|
+
#
|
|
349
|
+
# @example Request syntax with placeholder values
|
|
350
|
+
#
|
|
351
|
+
# resp = client.delete_trail({
|
|
352
|
+
# name: "String", # required
|
|
353
|
+
# })
|
|
354
|
+
#
|
|
355
|
+
# @overload delete_trail(params = {})
|
|
356
|
+
# @param [Hash] params ({})
|
|
357
|
+
def delete_trail(params = {}, options = {})
|
|
358
|
+
req = build_request(:delete_trail, params)
|
|
359
|
+
req.send_request(options)
|
|
360
|
+
end
|
|
385
361
|
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
362
|
+
# Retrieves settings for the trail associated with the current region
|
|
363
|
+
# for your account.
|
|
364
|
+
#
|
|
365
|
+
# @option params [Array<String>] :trail_name_list
|
|
366
|
+
# Specifies a list of trail names, trail ARNs, or both, of the trails to
|
|
367
|
+
# describe. The format of a trail ARN is:
|
|
368
|
+
#
|
|
369
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
370
|
+
#
|
|
371
|
+
# If an empty list is specified, information for the trail in the
|
|
372
|
+
# current region is returned.
|
|
373
|
+
#
|
|
374
|
+
# * If an empty list is specified and `IncludeShadowTrails` is false,
|
|
375
|
+
# then information for all trails in the current region is returned.
|
|
376
|
+
#
|
|
377
|
+
# * If an empty list is specified and IncludeShadowTrails is null or
|
|
378
|
+
# true, then information for all trails in the current region and any
|
|
379
|
+
# associated shadow trails in other regions is returned.
|
|
380
|
+
#
|
|
381
|
+
# <note markdown="1"> If one or more trail names are specified, information is returned only
|
|
382
|
+
# if the names match the names of trails belonging only to the current
|
|
383
|
+
# region. To return information about a trail in another region, you
|
|
384
|
+
# must specify its trail ARN.
|
|
385
|
+
#
|
|
386
|
+
# </note>
|
|
387
|
+
#
|
|
388
|
+
# @option params [Boolean] :include_shadow_trails
|
|
389
|
+
# Specifies whether to include shadow trails in the response. A shadow
|
|
390
|
+
# trail is the replication in a region of a trail that was created in a
|
|
391
|
+
# different region. The default is true.
|
|
392
|
+
#
|
|
393
|
+
# @return [Types::DescribeTrailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
394
|
+
#
|
|
395
|
+
# * {Types::DescribeTrailsResponse#trail_list #trail_list} => Array<Types::Trail>
|
|
396
|
+
#
|
|
397
|
+
# @example Request syntax with placeholder values
|
|
398
|
+
#
|
|
399
|
+
# resp = client.describe_trails({
|
|
400
|
+
# trail_name_list: ["String"],
|
|
401
|
+
# include_shadow_trails: false,
|
|
402
|
+
# })
|
|
403
|
+
#
|
|
404
|
+
# @example Response structure
|
|
405
|
+
#
|
|
406
|
+
# resp.trail_list #=> Array
|
|
407
|
+
# resp.trail_list[0].name #=> String
|
|
408
|
+
# resp.trail_list[0].s3_bucket_name #=> String
|
|
409
|
+
# resp.trail_list[0].s3_key_prefix #=> String
|
|
410
|
+
# resp.trail_list[0].sns_topic_name #=> String
|
|
411
|
+
# resp.trail_list[0].sns_topic_arn #=> String
|
|
412
|
+
# resp.trail_list[0].include_global_service_events #=> Boolean
|
|
413
|
+
# resp.trail_list[0].is_multi_region_trail #=> Boolean
|
|
414
|
+
# resp.trail_list[0].home_region #=> String
|
|
415
|
+
# resp.trail_list[0].trail_arn #=> String
|
|
416
|
+
# resp.trail_list[0].log_file_validation_enabled #=> Boolean
|
|
417
|
+
# resp.trail_list[0].cloud_watch_logs_log_group_arn #=> String
|
|
418
|
+
# resp.trail_list[0].cloud_watch_logs_role_arn #=> String
|
|
419
|
+
# resp.trail_list[0].kms_key_id #=> String
|
|
420
|
+
# resp.trail_list[0].has_custom_event_selectors #=> Boolean
|
|
421
|
+
#
|
|
422
|
+
# @overload describe_trails(params = {})
|
|
423
|
+
# @param [Hash] params ({})
|
|
424
|
+
def describe_trails(params = {}, options = {})
|
|
425
|
+
req = build_request(:describe_trails, params)
|
|
426
|
+
req.send_request(options)
|
|
427
|
+
end
|
|
447
428
|
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
|
|
429
|
+
# Describes the settings for the event selectors that you configured for
|
|
430
|
+
# your trail. The information returned for your event selectors includes
|
|
431
|
+
# the following:
|
|
432
|
+
#
|
|
433
|
+
# * The S3 objects that you are logging for data events.
|
|
434
|
+
#
|
|
435
|
+
# * If your event selector includes management events.
|
|
436
|
+
#
|
|
437
|
+
# * If your event selector includes read-only events, write-only events,
|
|
438
|
+
# or all.
|
|
439
|
+
#
|
|
440
|
+
# For more information, see [Configuring Event Selectors for Trails][1]
|
|
441
|
+
# in the *AWS CloudTrail User Guide*.
|
|
442
|
+
#
|
|
443
|
+
#
|
|
444
|
+
#
|
|
445
|
+
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-event-selectors-for-a-trail.html
|
|
446
|
+
#
|
|
447
|
+
# @option params [String] :trail_name
|
|
448
|
+
# Specifies the name of the trail or trail ARN. If you specify a trail
|
|
449
|
+
# name, the string must meet the following requirements:
|
|
450
|
+
#
|
|
451
|
+
# * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
|
|
452
|
+
# underscores (\_), or dashes (-)
|
|
453
|
+
#
|
|
454
|
+
# * Start with a letter or number, and end with a letter or number
|
|
455
|
+
#
|
|
456
|
+
# * Be between 3 and 128 characters
|
|
457
|
+
#
|
|
458
|
+
# * Have no adjacent periods, underscores or dashes. Names like
|
|
459
|
+
# `my-_namespace` and `my--namespace` are invalid.
|
|
460
|
+
#
|
|
461
|
+
# * Not be in IP address format (for example, 192.168.5.4)
|
|
462
|
+
#
|
|
463
|
+
# If you specify a trail ARN, it must be in the format:
|
|
464
|
+
#
|
|
465
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
466
|
+
#
|
|
467
|
+
# @return [Types::GetEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
468
|
+
#
|
|
469
|
+
# * {Types::GetEventSelectorsResponse#trail_arn #trail_arn} => String
|
|
470
|
+
# * {Types::GetEventSelectorsResponse#event_selectors #event_selectors} => Array<Types::EventSelector>
|
|
471
|
+
#
|
|
472
|
+
# @example Request syntax with placeholder values
|
|
473
|
+
#
|
|
474
|
+
# resp = client.get_event_selectors({
|
|
475
|
+
# trail_name: "String",
|
|
476
|
+
# })
|
|
477
|
+
#
|
|
478
|
+
# @example Response structure
|
|
479
|
+
#
|
|
480
|
+
# resp.trail_arn #=> String
|
|
481
|
+
# resp.event_selectors #=> Array
|
|
482
|
+
# resp.event_selectors[0].read_write_type #=> String, one of "ReadOnly", "WriteOnly", "All"
|
|
483
|
+
# resp.event_selectors[0].include_management_events #=> Boolean
|
|
484
|
+
# resp.event_selectors[0].data_resources #=> Array
|
|
485
|
+
# resp.event_selectors[0].data_resources[0].type #=> String
|
|
486
|
+
# resp.event_selectors[0].data_resources[0].values #=> Array
|
|
487
|
+
# resp.event_selectors[0].data_resources[0].values[0] #=> String
|
|
488
|
+
#
|
|
489
|
+
# @overload get_event_selectors(params = {})
|
|
490
|
+
# @param [Hash] params ({})
|
|
491
|
+
def get_event_selectors(params = {}, options = {})
|
|
492
|
+
req = build_request(:get_event_selectors, params)
|
|
493
|
+
req.send_request(options)
|
|
494
|
+
end
|
|
510
495
|
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
496
|
+
# Returns a JSON-formatted list of information about the specified
|
|
497
|
+
# trail. Fields include information on delivery errors, Amazon SNS and
|
|
498
|
+
# Amazon S3 errors, and start and stop logging times for each trail.
|
|
499
|
+
# This operation returns trail status from a single region. To return
|
|
500
|
+
# trail status from all regions, you must call the operation on each
|
|
501
|
+
# region.
|
|
502
|
+
#
|
|
503
|
+
# @option params [required, String] :name
|
|
504
|
+
# Specifies the name or the CloudTrail ARN of the trail for which you
|
|
505
|
+
# are requesting status. To get the status of a shadow trail (a
|
|
506
|
+
# replication of the trail in another region), you must specify its ARN.
|
|
507
|
+
# The format of a trail ARN is:
|
|
508
|
+
#
|
|
509
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
510
|
+
#
|
|
511
|
+
# @return [Types::GetTrailStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
512
|
+
#
|
|
513
|
+
# * {Types::GetTrailStatusResponse#is_logging #is_logging} => Boolean
|
|
514
|
+
# * {Types::GetTrailStatusResponse#latest_delivery_error #latest_delivery_error} => String
|
|
515
|
+
# * {Types::GetTrailStatusResponse#latest_notification_error #latest_notification_error} => String
|
|
516
|
+
# * {Types::GetTrailStatusResponse#latest_delivery_time #latest_delivery_time} => Time
|
|
517
|
+
# * {Types::GetTrailStatusResponse#latest_notification_time #latest_notification_time} => Time
|
|
518
|
+
# * {Types::GetTrailStatusResponse#start_logging_time #start_logging_time} => Time
|
|
519
|
+
# * {Types::GetTrailStatusResponse#stop_logging_time #stop_logging_time} => Time
|
|
520
|
+
# * {Types::GetTrailStatusResponse#latest_cloud_watch_logs_delivery_error #latest_cloud_watch_logs_delivery_error} => String
|
|
521
|
+
# * {Types::GetTrailStatusResponse#latest_cloud_watch_logs_delivery_time #latest_cloud_watch_logs_delivery_time} => Time
|
|
522
|
+
# * {Types::GetTrailStatusResponse#latest_digest_delivery_time #latest_digest_delivery_time} => Time
|
|
523
|
+
# * {Types::GetTrailStatusResponse#latest_digest_delivery_error #latest_digest_delivery_error} => String
|
|
524
|
+
# * {Types::GetTrailStatusResponse#latest_delivery_attempt_time #latest_delivery_attempt_time} => String
|
|
525
|
+
# * {Types::GetTrailStatusResponse#latest_notification_attempt_time #latest_notification_attempt_time} => String
|
|
526
|
+
# * {Types::GetTrailStatusResponse#latest_notification_attempt_succeeded #latest_notification_attempt_succeeded} => String
|
|
527
|
+
# * {Types::GetTrailStatusResponse#latest_delivery_attempt_succeeded #latest_delivery_attempt_succeeded} => String
|
|
528
|
+
# * {Types::GetTrailStatusResponse#time_logging_started #time_logging_started} => String
|
|
529
|
+
# * {Types::GetTrailStatusResponse#time_logging_stopped #time_logging_stopped} => String
|
|
530
|
+
#
|
|
531
|
+
# @example Request syntax with placeholder values
|
|
532
|
+
#
|
|
533
|
+
# resp = client.get_trail_status({
|
|
534
|
+
# name: "String", # required
|
|
535
|
+
# })
|
|
536
|
+
#
|
|
537
|
+
# @example Response structure
|
|
538
|
+
#
|
|
539
|
+
# resp.is_logging #=> Boolean
|
|
540
|
+
# resp.latest_delivery_error #=> String
|
|
541
|
+
# resp.latest_notification_error #=> String
|
|
542
|
+
# resp.latest_delivery_time #=> Time
|
|
543
|
+
# resp.latest_notification_time #=> Time
|
|
544
|
+
# resp.start_logging_time #=> Time
|
|
545
|
+
# resp.stop_logging_time #=> Time
|
|
546
|
+
# resp.latest_cloud_watch_logs_delivery_error #=> String
|
|
547
|
+
# resp.latest_cloud_watch_logs_delivery_time #=> Time
|
|
548
|
+
# resp.latest_digest_delivery_time #=> Time
|
|
549
|
+
# resp.latest_digest_delivery_error #=> String
|
|
550
|
+
# resp.latest_delivery_attempt_time #=> String
|
|
551
|
+
# resp.latest_notification_attempt_time #=> String
|
|
552
|
+
# resp.latest_notification_attempt_succeeded #=> String
|
|
553
|
+
# resp.latest_delivery_attempt_succeeded #=> String
|
|
554
|
+
# resp.time_logging_started #=> String
|
|
555
|
+
# resp.time_logging_stopped #=> String
|
|
556
|
+
#
|
|
557
|
+
# @overload get_trail_status(params = {})
|
|
558
|
+
# @param [Hash] params ({})
|
|
559
|
+
def get_trail_status(params = {}, options = {})
|
|
560
|
+
req = build_request(:get_trail_status, params)
|
|
561
|
+
req.send_request(options)
|
|
562
|
+
end
|
|
557
563
|
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
564
|
+
# Returns all public keys whose private keys were used to sign the
|
|
565
|
+
# digest files within the specified time range. The public key is needed
|
|
566
|
+
# to validate digest files that were signed with its corresponding
|
|
567
|
+
# private key.
|
|
568
|
+
#
|
|
569
|
+
# <note markdown="1"> CloudTrail uses different private/public key pairs per region. Each
|
|
570
|
+
# digest file is signed with a private key unique to its region.
|
|
571
|
+
# Therefore, when you validate a digest file from a particular region,
|
|
572
|
+
# you must look in the same region for its corresponding public key.
|
|
573
|
+
#
|
|
574
|
+
# </note>
|
|
575
|
+
#
|
|
576
|
+
# @option params [Time,DateTime,Date,Integer,String] :start_time
|
|
577
|
+
# Optionally specifies, in UTC, the start of the time range to look up
|
|
578
|
+
# public keys for CloudTrail digest files. If not specified, the current
|
|
579
|
+
# time is used, and the current public key is returned.
|
|
580
|
+
#
|
|
581
|
+
# @option params [Time,DateTime,Date,Integer,String] :end_time
|
|
582
|
+
# Optionally specifies, in UTC, the end of the time range to look up
|
|
583
|
+
# public keys for CloudTrail digest files. If not specified, the current
|
|
584
|
+
# time is used.
|
|
585
|
+
#
|
|
586
|
+
# @option params [String] :next_token
|
|
587
|
+
# Reserved for future use.
|
|
588
|
+
#
|
|
589
|
+
# @return [Types::ListPublicKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
590
|
+
#
|
|
591
|
+
# * {Types::ListPublicKeysResponse#public_key_list #public_key_list} => Array<Types::PublicKey>
|
|
592
|
+
# * {Types::ListPublicKeysResponse#next_token #next_token} => String
|
|
593
|
+
#
|
|
594
|
+
# @example Request syntax with placeholder values
|
|
595
|
+
#
|
|
596
|
+
# resp = client.list_public_keys({
|
|
597
|
+
# start_time: Time.now,
|
|
598
|
+
# end_time: Time.now,
|
|
599
|
+
# next_token: "String",
|
|
600
|
+
# })
|
|
601
|
+
#
|
|
602
|
+
# @example Response structure
|
|
603
|
+
#
|
|
604
|
+
# resp.public_key_list #=> Array
|
|
605
|
+
# resp.public_key_list[0].value #=> String
|
|
606
|
+
# resp.public_key_list[0].validity_start_time #=> Time
|
|
607
|
+
# resp.public_key_list[0].validity_end_time #=> Time
|
|
608
|
+
# resp.public_key_list[0].fingerprint #=> String
|
|
609
|
+
# resp.next_token #=> String
|
|
610
|
+
#
|
|
611
|
+
# @overload list_public_keys(params = {})
|
|
612
|
+
# @param [Hash] params ({})
|
|
613
|
+
def list_public_keys(params = {}, options = {})
|
|
614
|
+
req = build_request(:list_public_keys, params)
|
|
615
|
+
req.send_request(options)
|
|
616
|
+
end
|
|
590
617
|
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
# The number of events to return. Possible values are 1 through 50. The
|
|
630
|
-
# default is 10.
|
|
631
|
-
# @option params [String] :next_token
|
|
632
|
-
# The token to use to get the next page of results after a previous API
|
|
633
|
-
# call. This token must be passed in with the same parameters that were
|
|
634
|
-
# specified in the the original call. For example, if the original call
|
|
635
|
-
# specified an AttributeKey of 'Username' with a value of 'root',
|
|
636
|
-
# the call with NextToken should include those same parameters.
|
|
637
|
-
# @return [Types::LookupEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
638
|
-
#
|
|
639
|
-
# * {Types::LookupEventsResponse#events #Events} => Array<Types::Event>
|
|
640
|
-
# * {Types::LookupEventsResponse#next_token #NextToken} => String
|
|
641
|
-
#
|
|
642
|
-
# @example Request syntax with placeholder values
|
|
643
|
-
# resp = client.lookup_events({
|
|
644
|
-
# lookup_attributes: [
|
|
645
|
-
# {
|
|
646
|
-
# attribute_key: "EventId", # required, accepts EventId, EventName, Username, ResourceType, ResourceName, EventSource
|
|
647
|
-
# attribute_value: "String", # required
|
|
648
|
-
# },
|
|
649
|
-
# ],
|
|
650
|
-
# start_time: Time.now,
|
|
651
|
-
# end_time: Time.now,
|
|
652
|
-
# max_results: 1,
|
|
653
|
-
# next_token: "NextToken",
|
|
654
|
-
# })
|
|
655
|
-
#
|
|
656
|
-
# @example Response structure
|
|
657
|
-
# resp.events #=> Array
|
|
658
|
-
# resp.events[0].event_id #=> String
|
|
659
|
-
# resp.events[0].event_name #=> String
|
|
660
|
-
# resp.events[0].event_time #=> Time
|
|
661
|
-
# resp.events[0].event_source #=> String
|
|
662
|
-
# resp.events[0].username #=> String
|
|
663
|
-
# resp.events[0].resources #=> Array
|
|
664
|
-
# resp.events[0].resources[0].resource_type #=> String
|
|
665
|
-
# resp.events[0].resources[0].resource_name #=> String
|
|
666
|
-
# resp.events[0].cloud_trail_event #=> String
|
|
667
|
-
# resp.next_token #=> String
|
|
668
|
-
# @overload lookup_events(params = {})
|
|
669
|
-
# @param [Hash] params ({})
|
|
670
|
-
def lookup_events(params = {}, options = {})
|
|
671
|
-
req = build_request(:lookup_events, params)
|
|
672
|
-
req.send_request(options)
|
|
673
|
-
end
|
|
618
|
+
# Lists the tags for the trail in the current region.
|
|
619
|
+
#
|
|
620
|
+
# @option params [required, Array<String>] :resource_id_list
|
|
621
|
+
# Specifies a list of trail ARNs whose tags will be listed. The list has
|
|
622
|
+
# a limit of 20 ARNs. The format of a trail ARN is:
|
|
623
|
+
#
|
|
624
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
625
|
+
#
|
|
626
|
+
# @option params [String] :next_token
|
|
627
|
+
# Reserved for future use.
|
|
628
|
+
#
|
|
629
|
+
# @return [Types::ListTagsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
630
|
+
#
|
|
631
|
+
# * {Types::ListTagsResponse#resource_tag_list #resource_tag_list} => Array<Types::ResourceTag>
|
|
632
|
+
# * {Types::ListTagsResponse#next_token #next_token} => String
|
|
633
|
+
#
|
|
634
|
+
# @example Request syntax with placeholder values
|
|
635
|
+
#
|
|
636
|
+
# resp = client.list_tags({
|
|
637
|
+
# resource_id_list: ["String"], # required
|
|
638
|
+
# next_token: "String",
|
|
639
|
+
# })
|
|
640
|
+
#
|
|
641
|
+
# @example Response structure
|
|
642
|
+
#
|
|
643
|
+
# resp.resource_tag_list #=> Array
|
|
644
|
+
# resp.resource_tag_list[0].resource_id #=> String
|
|
645
|
+
# resp.resource_tag_list[0].tags_list #=> Array
|
|
646
|
+
# resp.resource_tag_list[0].tags_list[0].key #=> String
|
|
647
|
+
# resp.resource_tag_list[0].tags_list[0].value #=> String
|
|
648
|
+
# resp.next_token #=> String
|
|
649
|
+
#
|
|
650
|
+
# @overload list_tags(params = {})
|
|
651
|
+
# @param [Hash] params ({})
|
|
652
|
+
def list_tags(params = {}, options = {})
|
|
653
|
+
req = build_request(:list_tags, params)
|
|
654
|
+
req.send_request(options)
|
|
655
|
+
end
|
|
674
656
|
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
693
|
-
|
|
694
|
-
|
|
695
|
-
|
|
696
|
-
|
|
697
|
-
|
|
698
|
-
|
|
699
|
-
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
728
|
-
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
req.send_request(options)
|
|
768
|
-
end
|
|
657
|
+
# Looks up API activity events captured by CloudTrail that create,
|
|
658
|
+
# update, or delete resources in your account. Events for a region can
|
|
659
|
+
# be looked up for the times in which you had CloudTrail turned on in
|
|
660
|
+
# that region during the last seven days. Lookup supports the following
|
|
661
|
+
# attributes:
|
|
662
|
+
#
|
|
663
|
+
# * Event ID
|
|
664
|
+
#
|
|
665
|
+
# * Event name
|
|
666
|
+
#
|
|
667
|
+
# * Resource name
|
|
668
|
+
#
|
|
669
|
+
# * Resource type
|
|
670
|
+
#
|
|
671
|
+
# * User name
|
|
672
|
+
#
|
|
673
|
+
# All attributes are optional. The default number of results returned is
|
|
674
|
+
# 10, with a maximum of 50 possible. The response includes a token that
|
|
675
|
+
# you can use to get the next page of results.
|
|
676
|
+
#
|
|
677
|
+
# The rate of lookup requests is limited to one per second per account.
|
|
678
|
+
# If this limit is exceeded, a throttling error occurs.
|
|
679
|
+
#
|
|
680
|
+
# Events that occurred during the selected time range will not be
|
|
681
|
+
# available for lookup if CloudTrail logging was not enabled when the
|
|
682
|
+
# events occurred.
|
|
683
|
+
#
|
|
684
|
+
# @option params [Array<Types::LookupAttribute>] :lookup_attributes
|
|
685
|
+
# Contains a list of lookup attributes. Currently the list can contain
|
|
686
|
+
# only one item.
|
|
687
|
+
#
|
|
688
|
+
# @option params [Time,DateTime,Date,Integer,String] :start_time
|
|
689
|
+
# Specifies that only events that occur after or at the specified time
|
|
690
|
+
# are returned. If the specified start time is after the specified end
|
|
691
|
+
# time, an error is returned.
|
|
692
|
+
#
|
|
693
|
+
# @option params [Time,DateTime,Date,Integer,String] :end_time
|
|
694
|
+
# Specifies that only events that occur before or at the specified time
|
|
695
|
+
# are returned. If the specified end time is before the specified start
|
|
696
|
+
# time, an error is returned.
|
|
697
|
+
#
|
|
698
|
+
# @option params [Integer] :max_results
|
|
699
|
+
# The number of events to return. Possible values are 1 through 50. The
|
|
700
|
+
# default is 10.
|
|
701
|
+
#
|
|
702
|
+
# @option params [String] :next_token
|
|
703
|
+
# The token to use to get the next page of results after a previous API
|
|
704
|
+
# call. This token must be passed in with the same parameters that were
|
|
705
|
+
# specified in the the original call. For example, if the original call
|
|
706
|
+
# specified an AttributeKey of 'Username' with a value of 'root',
|
|
707
|
+
# the call with NextToken should include those same parameters.
|
|
708
|
+
#
|
|
709
|
+
# @return [Types::LookupEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
710
|
+
#
|
|
711
|
+
# * {Types::LookupEventsResponse#events #events} => Array<Types::Event>
|
|
712
|
+
# * {Types::LookupEventsResponse#next_token #next_token} => String
|
|
713
|
+
#
|
|
714
|
+
# @example Request syntax with placeholder values
|
|
715
|
+
#
|
|
716
|
+
# resp = client.lookup_events({
|
|
717
|
+
# lookup_attributes: [
|
|
718
|
+
# {
|
|
719
|
+
# attribute_key: "EventId", # required, accepts EventId, EventName, Username, ResourceType, ResourceName, EventSource
|
|
720
|
+
# attribute_value: "String", # required
|
|
721
|
+
# },
|
|
722
|
+
# ],
|
|
723
|
+
# start_time: Time.now,
|
|
724
|
+
# end_time: Time.now,
|
|
725
|
+
# max_results: 1,
|
|
726
|
+
# next_token: "NextToken",
|
|
727
|
+
# })
|
|
728
|
+
#
|
|
729
|
+
# @example Response structure
|
|
730
|
+
#
|
|
731
|
+
# resp.events #=> Array
|
|
732
|
+
# resp.events[0].event_id #=> String
|
|
733
|
+
# resp.events[0].event_name #=> String
|
|
734
|
+
# resp.events[0].event_time #=> Time
|
|
735
|
+
# resp.events[0].event_source #=> String
|
|
736
|
+
# resp.events[0].username #=> String
|
|
737
|
+
# resp.events[0].resources #=> Array
|
|
738
|
+
# resp.events[0].resources[0].resource_type #=> String
|
|
739
|
+
# resp.events[0].resources[0].resource_name #=> String
|
|
740
|
+
# resp.events[0].cloud_trail_event #=> String
|
|
741
|
+
# resp.next_token #=> String
|
|
742
|
+
#
|
|
743
|
+
# @overload lookup_events(params = {})
|
|
744
|
+
# @param [Hash] params ({})
|
|
745
|
+
def lookup_events(params = {}, options = {})
|
|
746
|
+
req = build_request(:lookup_events, params)
|
|
747
|
+
req.send_request(options)
|
|
748
|
+
end
|
|
769
749
|
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
750
|
+
# Configures an event selector for your trail. Use event selectors to
|
|
751
|
+
# specify the type of events that you want your trail to log. When an
|
|
752
|
+
# event occurs in your account, CloudTrail evaluates the event selectors
|
|
753
|
+
# in all trails. For each trail, if the event matches any event
|
|
754
|
+
# selector, the trail processes and logs the event. If the event
|
|
755
|
+
# doesn't match any event selector, the trail doesn't log the event.
|
|
756
|
+
#
|
|
757
|
+
# Example
|
|
758
|
+
#
|
|
759
|
+
# 1. You create an event selector for a trail and specify that you want
|
|
760
|
+
# write-only events.
|
|
761
|
+
#
|
|
762
|
+
# 2. The EC2 `GetConsoleOutput` and `RunInstances` API operations occur
|
|
763
|
+
# in your account.
|
|
764
|
+
#
|
|
765
|
+
# 3. CloudTrail evaluates whether the events match your event
|
|
766
|
+
# selectors.
|
|
767
|
+
#
|
|
768
|
+
# 4. The `RunInstances` is a write-only event and it matches your event
|
|
769
|
+
# selector. The trail logs the event.
|
|
770
|
+
#
|
|
771
|
+
# 5. The `GetConsoleOutput` is a read-only event but it doesn't match
|
|
772
|
+
# your event selector. The trail doesn't log the event.
|
|
773
|
+
#
|
|
774
|
+
# The `PutEventSelectors` operation must be called from the region in
|
|
775
|
+
# which the trail was created; otherwise, an
|
|
776
|
+
# `InvalidHomeRegionException` is thrown.
|
|
777
|
+
#
|
|
778
|
+
# You can configure up to five event selectors for each trail. For more
|
|
779
|
+
# information, see [Configuring Event Selectors for Trails][1] in the
|
|
780
|
+
# *AWS CloudTrail User Guide*.
|
|
781
|
+
#
|
|
782
|
+
#
|
|
783
|
+
#
|
|
784
|
+
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-event-selectors-for-a-trail.html
|
|
785
|
+
#
|
|
786
|
+
# @option params [String] :trail_name
|
|
787
|
+
# Specifies the name of the trail or trail ARN. If you specify a trail
|
|
788
|
+
# name, the string must meet the following requirements:
|
|
789
|
+
#
|
|
790
|
+
# * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
|
|
791
|
+
# underscores (\_), or dashes (-)
|
|
792
|
+
#
|
|
793
|
+
# * Start with a letter or number, and end with a letter or number
|
|
794
|
+
#
|
|
795
|
+
# * Be between 3 and 128 characters
|
|
796
|
+
#
|
|
797
|
+
# * Have no adjacent periods, underscores or dashes. Names like
|
|
798
|
+
# `my-_namespace` and `my--namespace` are invalid.
|
|
799
|
+
#
|
|
800
|
+
# * Not be in IP address format (for example, 192.168.5.4)
|
|
801
|
+
#
|
|
802
|
+
# If you specify a trail ARN, it must be in the format:
|
|
803
|
+
#
|
|
804
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
805
|
+
#
|
|
806
|
+
# @option params [Array<Types::EventSelector>] :event_selectors
|
|
807
|
+
# Specifies the settings for your event selectors. You can configure up
|
|
808
|
+
# to five event selectors for a trail.
|
|
809
|
+
#
|
|
810
|
+
# @return [Types::PutEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
811
|
+
#
|
|
812
|
+
# * {Types::PutEventSelectorsResponse#trail_arn #trail_arn} => String
|
|
813
|
+
# * {Types::PutEventSelectorsResponse#event_selectors #event_selectors} => Array<Types::EventSelector>
|
|
814
|
+
#
|
|
815
|
+
# @example Request syntax with placeholder values
|
|
816
|
+
#
|
|
817
|
+
# resp = client.put_event_selectors({
|
|
818
|
+
# trail_name: "String",
|
|
819
|
+
# event_selectors: [
|
|
820
|
+
# {
|
|
821
|
+
# read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
|
|
822
|
+
# include_management_events: false,
|
|
823
|
+
# data_resources: [
|
|
824
|
+
# {
|
|
825
|
+
# type: "String",
|
|
826
|
+
# values: ["String"],
|
|
827
|
+
# },
|
|
828
|
+
# ],
|
|
829
|
+
# },
|
|
830
|
+
# ],
|
|
831
|
+
# })
|
|
832
|
+
#
|
|
833
|
+
# @example Response structure
|
|
834
|
+
#
|
|
835
|
+
# resp.trail_arn #=> String
|
|
836
|
+
# resp.event_selectors #=> Array
|
|
837
|
+
# resp.event_selectors[0].read_write_type #=> String, one of "ReadOnly", "WriteOnly", "All"
|
|
838
|
+
# resp.event_selectors[0].include_management_events #=> Boolean
|
|
839
|
+
# resp.event_selectors[0].data_resources #=> Array
|
|
840
|
+
# resp.event_selectors[0].data_resources[0].type #=> String
|
|
841
|
+
# resp.event_selectors[0].data_resources[0].values #=> Array
|
|
842
|
+
# resp.event_selectors[0].data_resources[0].values[0] #=> String
|
|
843
|
+
#
|
|
844
|
+
# @overload put_event_selectors(params = {})
|
|
845
|
+
# @param [Hash] params ({})
|
|
846
|
+
def put_event_selectors(params = {}, options = {})
|
|
847
|
+
req = build_request(:put_event_selectors, params)
|
|
848
|
+
req.send_request(options)
|
|
849
|
+
end
|
|
796
850
|
|
|
797
|
-
|
|
798
|
-
|
|
799
|
-
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
|
|
803
|
-
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
851
|
+
# Removes the specified tags from a trail.
|
|
852
|
+
#
|
|
853
|
+
# @option params [required, String] :resource_id
|
|
854
|
+
# Specifies the ARN of the trail from which tags should be removed. The
|
|
855
|
+
# format of a trail ARN is:
|
|
856
|
+
#
|
|
857
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
858
|
+
#
|
|
859
|
+
# @option params [Array<Types::Tag>] :tags_list
|
|
860
|
+
# Specifies a list of tags to be removed.
|
|
861
|
+
#
|
|
862
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
863
|
+
#
|
|
864
|
+
# @example Request syntax with placeholder values
|
|
865
|
+
#
|
|
866
|
+
# resp = client.remove_tags({
|
|
867
|
+
# resource_id: "String", # required
|
|
868
|
+
# tags_list: [
|
|
869
|
+
# {
|
|
870
|
+
# key: "String", # required
|
|
871
|
+
# value: "String",
|
|
872
|
+
# },
|
|
873
|
+
# ],
|
|
874
|
+
# })
|
|
875
|
+
#
|
|
876
|
+
# @overload remove_tags(params = {})
|
|
877
|
+
# @param [Hash] params ({})
|
|
878
|
+
def remove_tags(params = {}, options = {})
|
|
879
|
+
req = build_request(:remove_tags, params)
|
|
880
|
+
req.send_request(options)
|
|
881
|
+
end
|
|
819
882
|
|
|
820
|
-
|
|
821
|
-
|
|
822
|
-
|
|
823
|
-
|
|
824
|
-
|
|
825
|
-
|
|
826
|
-
|
|
827
|
-
|
|
828
|
-
|
|
829
|
-
|
|
830
|
-
|
|
831
|
-
|
|
832
|
-
|
|
833
|
-
|
|
834
|
-
|
|
835
|
-
|
|
836
|
-
|
|
837
|
-
|
|
838
|
-
|
|
839
|
-
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
844
|
-
|
|
845
|
-
|
|
883
|
+
# Starts the recording of AWS API calls and log file delivery for a
|
|
884
|
+
# trail. For a trail that is enabled in all regions, this operation must
|
|
885
|
+
# be called from the region in which the trail was created. This
|
|
886
|
+
# operation cannot be called on the shadow trails (replicated trails in
|
|
887
|
+
# other regions) of a trail that is enabled in all regions.
|
|
888
|
+
#
|
|
889
|
+
# @option params [required, String] :name
|
|
890
|
+
# Specifies the name or the CloudTrail ARN of the trail for which
|
|
891
|
+
# CloudTrail logs AWS API calls. The format of a trail ARN is:
|
|
892
|
+
#
|
|
893
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
894
|
+
#
|
|
895
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
896
|
+
#
|
|
897
|
+
# @example Request syntax with placeholder values
|
|
898
|
+
#
|
|
899
|
+
# resp = client.start_logging({
|
|
900
|
+
# name: "String", # required
|
|
901
|
+
# })
|
|
902
|
+
#
|
|
903
|
+
# @overload start_logging(params = {})
|
|
904
|
+
# @param [Hash] params ({})
|
|
905
|
+
def start_logging(params = {}, options = {})
|
|
906
|
+
req = build_request(:start_logging, params)
|
|
907
|
+
req.send_request(options)
|
|
908
|
+
end
|
|
846
909
|
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
-
|
|
855
|
-
|
|
856
|
-
|
|
857
|
-
|
|
858
|
-
|
|
859
|
-
|
|
860
|
-
|
|
861
|
-
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
|
|
869
|
-
|
|
870
|
-
|
|
871
|
-
|
|
872
|
-
|
|
873
|
-
|
|
874
|
-
|
|
875
|
-
|
|
876
|
-
|
|
877
|
-
#
|
|
878
|
-
#
|
|
879
|
-
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
|
|
880
|
-
# @option params [String] :s3_key_prefix
|
|
881
|
-
# Specifies the Amazon S3 key prefix that comes after the name of the
|
|
882
|
-
# bucket you have designated for log file delivery. For more
|
|
883
|
-
# information, see [Finding Your CloudTrail Log Files][1]. The maximum
|
|
884
|
-
# length is 200 characters.
|
|
885
|
-
#
|
|
886
|
-
#
|
|
887
|
-
#
|
|
888
|
-
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
|
|
889
|
-
# @option params [String] :sns_topic_name
|
|
890
|
-
# Specifies the name of the Amazon SNS topic defined for notification of
|
|
891
|
-
# log file delivery. The maximum length is 256 characters.
|
|
892
|
-
# @option params [Boolean] :include_global_service_events
|
|
893
|
-
# Specifies whether the trail is publishing events from global services
|
|
894
|
-
# such as IAM to the log files.
|
|
895
|
-
# @option params [Boolean] :is_multi_region_trail
|
|
896
|
-
# Specifies whether the trail applies only to the current region or to
|
|
897
|
-
# all regions. The default is false. If the trail exists only in the
|
|
898
|
-
# current region and this value is set to true, shadow trails
|
|
899
|
-
# (replications of the trail) will be created in the other regions. If
|
|
900
|
-
# the trail exists in all regions and this value is set to false, the
|
|
901
|
-
# trail will remain in the region where it was created, and its shadow
|
|
902
|
-
# trails in other regions will be deleted.
|
|
903
|
-
# @option params [Boolean] :enable_log_file_validation
|
|
904
|
-
# Specifies whether log file validation is enabled. The default is
|
|
905
|
-
# false.
|
|
906
|
-
#
|
|
907
|
-
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
|
908
|
-
# files is broken after one hour. CloudTrail will not create digest
|
|
909
|
-
# files for log files that were delivered during a period in which log
|
|
910
|
-
# file integrity validation was disabled. For example, if you enable log
|
|
911
|
-
# file integrity validation at noon on January 1, disable it at noon on
|
|
912
|
-
# January 2, and re-enable it at noon on January 10, digest files will
|
|
913
|
-
# not be created for the log files delivered from noon on January 2 to
|
|
914
|
-
# noon on January 10. The same applies whenever you stop CloudTrail
|
|
915
|
-
# logging or delete a trail.
|
|
916
|
-
#
|
|
917
|
-
# </note>
|
|
918
|
-
# @option params [String] :cloud_watch_logs_log_group_arn
|
|
919
|
-
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
|
920
|
-
# unique identifier that represents the log group to which CloudTrail
|
|
921
|
-
# logs will be delivered. Not required unless you specify
|
|
922
|
-
# CloudWatchLogsRoleArn.
|
|
923
|
-
# @option params [String] :cloud_watch_logs_role_arn
|
|
924
|
-
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
|
925
|
-
# to a user's log group.
|
|
926
|
-
# @option params [String] :kms_key_id
|
|
927
|
-
# Specifies the KMS key ID to use to encrypt the logs delivered by
|
|
928
|
-
# CloudTrail. The value can be a an alias name prefixed by "alias/", a
|
|
929
|
-
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
|
930
|
-
# globally unique identifier.
|
|
931
|
-
#
|
|
932
|
-
# Examples:
|
|
933
|
-
#
|
|
934
|
-
# * alias/MyAliasName
|
|
935
|
-
#
|
|
936
|
-
# * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
|
|
937
|
-
#
|
|
938
|
-
# * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
|
|
939
|
-
#
|
|
940
|
-
# * 12345678-1234-1234-1234-123456789012
|
|
941
|
-
# @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
942
|
-
#
|
|
943
|
-
# * {Types::UpdateTrailResponse#name #Name} => String
|
|
944
|
-
# * {Types::UpdateTrailResponse#s3_bucket_name #S3BucketName} => String
|
|
945
|
-
# * {Types::UpdateTrailResponse#s3_key_prefix #S3KeyPrefix} => String
|
|
946
|
-
# * {Types::UpdateTrailResponse#sns_topic_name #SnsTopicName} => String
|
|
947
|
-
# * {Types::UpdateTrailResponse#sns_topic_arn #SnsTopicARN} => String
|
|
948
|
-
# * {Types::UpdateTrailResponse#include_global_service_events #IncludeGlobalServiceEvents} => Boolean
|
|
949
|
-
# * {Types::UpdateTrailResponse#is_multi_region_trail #IsMultiRegionTrail} => Boolean
|
|
950
|
-
# * {Types::UpdateTrailResponse#trail_arn #TrailARN} => String
|
|
951
|
-
# * {Types::UpdateTrailResponse#log_file_validation_enabled #LogFileValidationEnabled} => Boolean
|
|
952
|
-
# * {Types::UpdateTrailResponse#cloud_watch_logs_log_group_arn #CloudWatchLogsLogGroupArn} => String
|
|
953
|
-
# * {Types::UpdateTrailResponse#cloud_watch_logs_role_arn #CloudWatchLogsRoleArn} => String
|
|
954
|
-
# * {Types::UpdateTrailResponse#kms_key_id #KmsKeyId} => String
|
|
955
|
-
#
|
|
956
|
-
# @example Request syntax with placeholder values
|
|
957
|
-
# resp = client.update_trail({
|
|
958
|
-
# name: "String", # required
|
|
959
|
-
# s3_bucket_name: "String",
|
|
960
|
-
# s3_key_prefix: "String",
|
|
961
|
-
# sns_topic_name: "String",
|
|
962
|
-
# include_global_service_events: false,
|
|
963
|
-
# is_multi_region_trail: false,
|
|
964
|
-
# enable_log_file_validation: false,
|
|
965
|
-
# cloud_watch_logs_log_group_arn: "String",
|
|
966
|
-
# cloud_watch_logs_role_arn: "String",
|
|
967
|
-
# kms_key_id: "String",
|
|
968
|
-
# })
|
|
969
|
-
#
|
|
970
|
-
# @example Response structure
|
|
971
|
-
# resp.name #=> String
|
|
972
|
-
# resp.s3_bucket_name #=> String
|
|
973
|
-
# resp.s3_key_prefix #=> String
|
|
974
|
-
# resp.sns_topic_name #=> String
|
|
975
|
-
# resp.sns_topic_arn #=> String
|
|
976
|
-
# resp.include_global_service_events #=> Boolean
|
|
977
|
-
# resp.is_multi_region_trail #=> Boolean
|
|
978
|
-
# resp.trail_arn #=> String
|
|
979
|
-
# resp.log_file_validation_enabled #=> Boolean
|
|
980
|
-
# resp.cloud_watch_logs_log_group_arn #=> String
|
|
981
|
-
# resp.cloud_watch_logs_role_arn #=> String
|
|
982
|
-
# resp.kms_key_id #=> String
|
|
983
|
-
# @overload update_trail(params = {})
|
|
984
|
-
# @param [Hash] params ({})
|
|
985
|
-
def update_trail(params = {}, options = {})
|
|
986
|
-
req = build_request(:update_trail, params)
|
|
987
|
-
req.send_request(options)
|
|
988
|
-
end
|
|
910
|
+
# Suspends the recording of AWS API calls and log file delivery for the
|
|
911
|
+
# specified trail. Under most circumstances, there is no need to use
|
|
912
|
+
# this action. You can update a trail without stopping it first. This
|
|
913
|
+
# action is the only way to stop recording. For a trail enabled in all
|
|
914
|
+
# regions, this operation must be called from the region in which the
|
|
915
|
+
# trail was created, or an `InvalidHomeRegionException` will occur. This
|
|
916
|
+
# operation cannot be called on the shadow trails (replicated trails in
|
|
917
|
+
# other regions) of a trail enabled in all regions.
|
|
918
|
+
#
|
|
919
|
+
# @option params [required, String] :name
|
|
920
|
+
# Specifies the name or the CloudTrail ARN of the trail for which
|
|
921
|
+
# CloudTrail will stop logging AWS API calls. The format of a trail ARN
|
|
922
|
+
# is:
|
|
923
|
+
#
|
|
924
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
925
|
+
#
|
|
926
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
927
|
+
#
|
|
928
|
+
# @example Request syntax with placeholder values
|
|
929
|
+
#
|
|
930
|
+
# resp = client.stop_logging({
|
|
931
|
+
# name: "String", # required
|
|
932
|
+
# })
|
|
933
|
+
#
|
|
934
|
+
# @overload stop_logging(params = {})
|
|
935
|
+
# @param [Hash] params ({})
|
|
936
|
+
def stop_logging(params = {}, options = {})
|
|
937
|
+
req = build_request(:stop_logging, params)
|
|
938
|
+
req.send_request(options)
|
|
939
|
+
end
|
|
989
940
|
|
|
990
|
-
|
|
941
|
+
# Updates the settings that specify delivery of log files. Changes to a
|
|
942
|
+
# trail do not require stopping the CloudTrail service. Use this action
|
|
943
|
+
# to designate an existing bucket for log delivery. If the existing
|
|
944
|
+
# bucket has previously been a target for CloudTrail log files, an IAM
|
|
945
|
+
# policy exists for the bucket. `UpdateTrail` must be called from the
|
|
946
|
+
# region in which the trail was created; otherwise, an
|
|
947
|
+
# `InvalidHomeRegionException` is thrown.
|
|
948
|
+
#
|
|
949
|
+
# @option params [required, String] :name
|
|
950
|
+
# Specifies the name of the trail or trail ARN. If `Name` is a trail
|
|
951
|
+
# name, the string must meet the following requirements:
|
|
952
|
+
#
|
|
953
|
+
# * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
|
|
954
|
+
# underscores (\_), or dashes (-)
|
|
955
|
+
#
|
|
956
|
+
# * Start with a letter or number, and end with a letter or number
|
|
957
|
+
#
|
|
958
|
+
# * Be between 3 and 128 characters
|
|
959
|
+
#
|
|
960
|
+
# * Have no adjacent periods, underscores or dashes. Names like
|
|
961
|
+
# `my-_namespace` and `my--namespace` are invalid.
|
|
962
|
+
#
|
|
963
|
+
# * Not be in IP address format (for example, 192.168.5.4)
|
|
964
|
+
#
|
|
965
|
+
# If `Name` is a trail ARN, it must be in the format:
|
|
966
|
+
#
|
|
967
|
+
# `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
|
|
968
|
+
#
|
|
969
|
+
# @option params [String] :s3_bucket_name
|
|
970
|
+
# Specifies the name of the Amazon S3 bucket designated for publishing
|
|
971
|
+
# log files. See [Amazon S3 Bucket Naming Requirements][1].
|
|
972
|
+
#
|
|
973
|
+
#
|
|
974
|
+
#
|
|
975
|
+
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
|
|
976
|
+
#
|
|
977
|
+
# @option params [String] :s3_key_prefix
|
|
978
|
+
# Specifies the Amazon S3 key prefix that comes after the name of the
|
|
979
|
+
# bucket you have designated for log file delivery. For more
|
|
980
|
+
# information, see [Finding Your CloudTrail Log Files][1]. The maximum
|
|
981
|
+
# length is 200 characters.
|
|
982
|
+
#
|
|
983
|
+
#
|
|
984
|
+
#
|
|
985
|
+
# [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
|
|
986
|
+
#
|
|
987
|
+
# @option params [String] :sns_topic_name
|
|
988
|
+
# Specifies the name of the Amazon SNS topic defined for notification of
|
|
989
|
+
# log file delivery. The maximum length is 256 characters.
|
|
990
|
+
#
|
|
991
|
+
# @option params [Boolean] :include_global_service_events
|
|
992
|
+
# Specifies whether the trail is publishing events from global services
|
|
993
|
+
# such as IAM to the log files.
|
|
994
|
+
#
|
|
995
|
+
# @option params [Boolean] :is_multi_region_trail
|
|
996
|
+
# Specifies whether the trail applies only to the current region or to
|
|
997
|
+
# all regions. The default is false. If the trail exists only in the
|
|
998
|
+
# current region and this value is set to true, shadow trails
|
|
999
|
+
# (replications of the trail) will be created in the other regions. If
|
|
1000
|
+
# the trail exists in all regions and this value is set to false, the
|
|
1001
|
+
# trail will remain in the region where it was created, and its shadow
|
|
1002
|
+
# trails in other regions will be deleted.
|
|
1003
|
+
#
|
|
1004
|
+
# @option params [Boolean] :enable_log_file_validation
|
|
1005
|
+
# Specifies whether log file validation is enabled. The default is
|
|
1006
|
+
# false.
|
|
1007
|
+
#
|
|
1008
|
+
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
|
1009
|
+
# files is broken after one hour. CloudTrail will not create digest
|
|
1010
|
+
# files for log files that were delivered during a period in which log
|
|
1011
|
+
# file integrity validation was disabled. For example, if you enable log
|
|
1012
|
+
# file integrity validation at noon on January 1, disable it at noon on
|
|
1013
|
+
# January 2, and re-enable it at noon on January 10, digest files will
|
|
1014
|
+
# not be created for the log files delivered from noon on January 2 to
|
|
1015
|
+
# noon on January 10. The same applies whenever you stop CloudTrail
|
|
1016
|
+
# logging or delete a trail.
|
|
1017
|
+
#
|
|
1018
|
+
# </note>
|
|
1019
|
+
#
|
|
1020
|
+
# @option params [String] :cloud_watch_logs_log_group_arn
|
|
1021
|
+
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
|
1022
|
+
# unique identifier that represents the log group to which CloudTrail
|
|
1023
|
+
# logs will be delivered. Not required unless you specify
|
|
1024
|
+
# CloudWatchLogsRoleArn.
|
|
1025
|
+
#
|
|
1026
|
+
# @option params [String] :cloud_watch_logs_role_arn
|
|
1027
|
+
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
|
1028
|
+
# to a user's log group.
|
|
1029
|
+
#
|
|
1030
|
+
# @option params [String] :kms_key_id
|
|
1031
|
+
# Specifies the KMS key ID to use to encrypt the logs delivered by
|
|
1032
|
+
# CloudTrail. The value can be a an alias name prefixed by "alias/", a
|
|
1033
|
+
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
|
1034
|
+
# globally unique identifier.
|
|
1035
|
+
#
|
|
1036
|
+
# Examples:
|
|
1037
|
+
#
|
|
1038
|
+
# * alias/MyAliasName
|
|
1039
|
+
#
|
|
1040
|
+
# * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
|
|
1041
|
+
#
|
|
1042
|
+
# * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
|
|
1043
|
+
#
|
|
1044
|
+
# * 12345678-1234-1234-1234-123456789012
|
|
1045
|
+
#
|
|
1046
|
+
# @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1047
|
+
#
|
|
1048
|
+
# * {Types::UpdateTrailResponse#name #name} => String
|
|
1049
|
+
# * {Types::UpdateTrailResponse#s3_bucket_name #s3_bucket_name} => String
|
|
1050
|
+
# * {Types::UpdateTrailResponse#s3_key_prefix #s3_key_prefix} => String
|
|
1051
|
+
# * {Types::UpdateTrailResponse#sns_topic_name #sns_topic_name} => String
|
|
1052
|
+
# * {Types::UpdateTrailResponse#sns_topic_arn #sns_topic_arn} => String
|
|
1053
|
+
# * {Types::UpdateTrailResponse#include_global_service_events #include_global_service_events} => Boolean
|
|
1054
|
+
# * {Types::UpdateTrailResponse#is_multi_region_trail #is_multi_region_trail} => Boolean
|
|
1055
|
+
# * {Types::UpdateTrailResponse#trail_arn #trail_arn} => String
|
|
1056
|
+
# * {Types::UpdateTrailResponse#log_file_validation_enabled #log_file_validation_enabled} => Boolean
|
|
1057
|
+
# * {Types::UpdateTrailResponse#cloud_watch_logs_log_group_arn #cloud_watch_logs_log_group_arn} => String
|
|
1058
|
+
# * {Types::UpdateTrailResponse#cloud_watch_logs_role_arn #cloud_watch_logs_role_arn} => String
|
|
1059
|
+
# * {Types::UpdateTrailResponse#kms_key_id #kms_key_id} => String
|
|
1060
|
+
#
|
|
1061
|
+
# @example Request syntax with placeholder values
|
|
1062
|
+
#
|
|
1063
|
+
# resp = client.update_trail({
|
|
1064
|
+
# name: "String", # required
|
|
1065
|
+
# s3_bucket_name: "String",
|
|
1066
|
+
# s3_key_prefix: "String",
|
|
1067
|
+
# sns_topic_name: "String",
|
|
1068
|
+
# include_global_service_events: false,
|
|
1069
|
+
# is_multi_region_trail: false,
|
|
1070
|
+
# enable_log_file_validation: false,
|
|
1071
|
+
# cloud_watch_logs_log_group_arn: "String",
|
|
1072
|
+
# cloud_watch_logs_role_arn: "String",
|
|
1073
|
+
# kms_key_id: "String",
|
|
1074
|
+
# })
|
|
1075
|
+
#
|
|
1076
|
+
# @example Response structure
|
|
1077
|
+
#
|
|
1078
|
+
# resp.name #=> String
|
|
1079
|
+
# resp.s3_bucket_name #=> String
|
|
1080
|
+
# resp.s3_key_prefix #=> String
|
|
1081
|
+
# resp.sns_topic_name #=> String
|
|
1082
|
+
# resp.sns_topic_arn #=> String
|
|
1083
|
+
# resp.include_global_service_events #=> Boolean
|
|
1084
|
+
# resp.is_multi_region_trail #=> Boolean
|
|
1085
|
+
# resp.trail_arn #=> String
|
|
1086
|
+
# resp.log_file_validation_enabled #=> Boolean
|
|
1087
|
+
# resp.cloud_watch_logs_log_group_arn #=> String
|
|
1088
|
+
# resp.cloud_watch_logs_role_arn #=> String
|
|
1089
|
+
# resp.kms_key_id #=> String
|
|
1090
|
+
#
|
|
1091
|
+
# @overload update_trail(params = {})
|
|
1092
|
+
# @param [Hash] params ({})
|
|
1093
|
+
def update_trail(params = {}, options = {})
|
|
1094
|
+
req = build_request(:update_trail, params)
|
|
1095
|
+
req.send_request(options)
|
|
1096
|
+
end
|
|
991
1097
|
|
|
992
|
-
|
|
993
|
-
# @api private
|
|
994
|
-
def build_request(operation_name, params = {})
|
|
995
|
-
handlers = @handlers.for(operation_name)
|
|
996
|
-
context = Seahorse::Client::RequestContext.new(
|
|
997
|
-
operation_name: operation_name,
|
|
998
|
-
operation: config.api.operation(operation_name),
|
|
999
|
-
client: self,
|
|
1000
|
-
params: params,
|
|
1001
|
-
config: config)
|
|
1002
|
-
context[:gem_name] = 'aws-sdk-cloudtrail'
|
|
1003
|
-
context[:gem_version] = '1.0.0.rc1'
|
|
1004
|
-
Seahorse::Client::Request.new(handlers, context)
|
|
1005
|
-
end
|
|
1098
|
+
# @!endgroup
|
|
1006
1099
|
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
|
|
1010
|
-
|
|
1011
|
-
|
|
1100
|
+
# @param params ({})
|
|
1101
|
+
# @api private
|
|
1102
|
+
def build_request(operation_name, params = {})
|
|
1103
|
+
handlers = @handlers.for(operation_name)
|
|
1104
|
+
context = Seahorse::Client::RequestContext.new(
|
|
1105
|
+
operation_name: operation_name,
|
|
1106
|
+
operation: config.api.operation(operation_name),
|
|
1107
|
+
client: self,
|
|
1108
|
+
params: params,
|
|
1109
|
+
config: config)
|
|
1110
|
+
context[:gem_name] = 'aws-sdk-cloudtrail'
|
|
1111
|
+
context[:gem_version] = '1.0.0.rc1'
|
|
1112
|
+
Seahorse::Client::Request.new(handlers, context)
|
|
1113
|
+
end
|
|
1012
1114
|
|
|
1013
|
-
|
|
1115
|
+
# @api private
|
|
1116
|
+
# @deprecated
|
|
1117
|
+
def waiter_names
|
|
1118
|
+
[]
|
|
1119
|
+
end
|
|
1014
1120
|
|
|
1015
|
-
|
|
1016
|
-
attr_reader :identifier
|
|
1121
|
+
class << self
|
|
1017
1122
|
|
|
1018
|
-
|
|
1019
|
-
|
|
1020
|
-
Errors
|
|
1021
|
-
end
|
|
1123
|
+
# @api private
|
|
1124
|
+
attr_reader :identifier
|
|
1022
1125
|
|
|
1126
|
+
# @api private
|
|
1127
|
+
def errors_module
|
|
1128
|
+
Errors
|
|
1023
1129
|
end
|
|
1130
|
+
|
|
1024
1131
|
end
|
|
1025
1132
|
end
|
|
1026
1133
|
end
|