aws-sdk-cloudtrail 1.19.0 → 1.24.1

data/lib/aws-sdk-cloudtrail/resource.rb

@@ -6,6 +6,7 @@
 # WARNING ABOUT GENERATED CODE
 
 module Aws::CloudTrail
+
   class Resource
 
     # @param options ({})

data/lib/aws-sdk-cloudtrail/types.rb

@@ -49,6 +49,35 @@ module Aws::CloudTrail
     #
     class AddTagsResponse < Aws::EmptyStructure; end
 
+    # This exception is thrown when an operation is called with an invalid
+    # trail ARN. The format of a trail ARN is:
+    #
+    # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailARNInvalidException AWS API Documentation
+    #
+    class CloudTrailARNInvalidException < Aws::EmptyStructure; end
+
+    # This exception is thrown when trusted access has not been enabled
+    # between AWS CloudTrail and AWS Organizations. For more information,
+    # see [Enabling Trusted Access with Other AWS Services][1] and [Prepare
+    # For Creating a Trail For Your Organization][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
+    # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailAccessNotEnabledException AWS API Documentation
+    #
+    class CloudTrailAccessNotEnabledException < Aws::EmptyStructure; end
+
+    # Cannot set a CloudWatch Logs delivery for this region.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudWatchLogsDeliveryUnavailableException AWS API Documentation
+    #
+    class CloudWatchLogsDeliveryUnavailableException < Aws::EmptyStructure; end
+
     # Specifies the settings for each trail.
     #
     # @note When making an API call, you may pass CreateTrailRequest
@@ -301,9 +330,9 @@ module Aws::CloudTrail
 
     # The Amazon S3 buckets or AWS Lambda functions that you specify in your
     # event selectors for your trail to log data events. Data events provide
-    # insight into the resource operations performed on or within a resource
-    # itself. These are also known as data plane operations. You can specify
-    # up to 250 data resources for a trail.
+    # information about the resource operations performed on or within a
+    # resource itself. These are also known as data plane operations. You
+    # can specify up to 250 data resources for a trail.
     #
     # <note markdown="1"> The total number of allowed data resources is 250. This number can be
     # distributed between 1 and 5 event selectors, but the total cannot
@@ -503,7 +532,12 @@ module Aws::CloudTrail
     # returns an error.
     #
     # @!attribute [rw] trail_list
-    #   The list of trail objects.
+    #   The list of trail objects. Trail objects with string values are only
+    #   returned if values for the objects exist in a trail's
+    #   configuration. For example, `SNSTopicName` and `SNSTopicARN` are
+    #   only returned in results if a trail is configured to send SNS
+    #   notifications. Similarly, `KMSKeyId` only appears in results if a
+    #   trail's log files are encrypted with AWS KMS-managed keys.
     #   @return [Array<Types::Trail>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeTrailsResponse AWS API Documentation
@@ -594,6 +628,7 @@ module Aws::CloudTrail
     #             values: ["String"],
     #           },
     #         ],
+    #         exclude_management_event_sources: ["String"],
     #       }
     #
     # @!attribute [rw] read_write_type
@@ -636,12 +671,22 @@ module Aws::CloudTrail
     #   [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
     #   @return [Array<Types::DataResource>]
     #
+    # @!attribute [rw] exclude_management_event_sources
+    #   An optional list of service event sources from which you do not want
+    #   management events to be logged on your trail. In this release, the
+    #   list can be empty (disables the filter), or it can filter out AWS
+    #   Key Management Service events by containing `"kms.amazonaws.com"`.
+    #   By default, `ExcludeManagementEventSources` is empty, and AWS KMS
+    #   events are included in events that are logged to your trail.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventSelector AWS API Documentation
     #
     class EventSelector < Struct.new(
       :read_write_type,
       :include_management_events,
-      :data_resources)
+      :data_resources,
+      :exclude_management_event_sources)
       include Aws::Structure
     end
 
@@ -696,6 +741,60 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetInsightSelectorsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         trail_name: "String", # required
+    #       }
+    #
+    # @!attribute [rw] trail_name
+    #   Specifies the name of the trail or trail ARN. If you specify a trail
+    #   name, the string must meet the following requirements:
+    #
+    #   * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
+    #     underscores (\_), or dashes (-)
+    #
+    #   * Start with a letter or number, and end with a letter or number
+    #
+    #   * Be between 3 and 128 characters
+    #
+    #   * Have no adjacent periods, underscores or dashes. Names like
+    #     `my-_namespace` and `my--namespace` are not valid.
+    #
+    #   * Not be in IP address format (for example, 192.168.5.4)
+    #
+    #   If you specify a trail ARN, it must be in the format:
+    #
+    #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsRequest AWS API Documentation
+    #
+    class GetInsightSelectorsRequest < Struct.new(
+      :trail_name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] trail_arn
+    #   The Amazon Resource Name (ARN) of a trail for which you want to get
+    #   Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #   @return [Array<Types::InsightSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsResponse AWS API Documentation
+    #
+    class GetInsightSelectorsResponse < Struct.new(
+      :trail_arn,
+      :insight_selectors)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetTrailRequest
     #   data as a hash:
     #
@@ -889,6 +988,245 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # If you run `GetInsightSelectors` on a trail that does not have
+    # Insights events enabled, the operation throws the exception
+    # `InsightNotEnabledException`.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightNotEnabledException AWS API Documentation
+    #
+    class InsightNotEnabledException < Aws::EmptyStructure; end
+
+    # A JSON string that contains a list of insight types that are logged on
+    # a trail.
+    #
+    # @note When making an API call, you may pass InsightSelector
+    #   data as a hash:
+    #
+    #       {
+    #         insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight
+    #       }
+    #
+    # @!attribute [rw] insight_type
+    #   The type of insights to log on a trail. In this release, only
+    #   `ApiCallRateInsight` is supported as an insight type.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
+    #
+    class InsightSelector < Struct.new(
+      :insight_type)
+      include Aws::Structure
+    end
+
+    # This exception is thrown when the IAM user or role that is used to
+    # create the organization trail is lacking one or more required
+    # permissions for creating an organization trail in a required service.
+    # For more information, see [Prepare For Creating a Trail For Your
+    # Organization][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientDependencyServiceAccessPermissionException AWS API Documentation
+    #
+    class InsufficientDependencyServiceAccessPermissionException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the policy on the S3 bucket or KMS key
+    # is not sufficient.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientEncryptionPolicyException AWS API Documentation
+    #
+    class InsufficientEncryptionPolicyException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the policy on the S3 bucket is not
+    # sufficient.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientS3BucketPolicyException AWS API Documentation
+    #
+    class InsufficientS3BucketPolicyException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the policy on the SNS topic is not
+    # sufficient.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientSnsTopicPolicyException AWS API Documentation
+    #
+    class InsufficientSnsTopicPolicyException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the provided CloudWatch log group is not
+    # valid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidCloudWatchLogsLogGroupArnException AWS API Documentation
+    #
+    class InvalidCloudWatchLogsLogGroupArnException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the provided role is not valid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidCloudWatchLogsRoleArnException AWS API Documentation
+    #
+    class InvalidCloudWatchLogsRoleArnException < Aws::EmptyStructure; end
+
+    # Occurs if an event category that is not valid is specified as a value
+    # of `EventCategory`.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidEventCategoryException AWS API Documentation
+    #
+    class InvalidEventCategoryException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the `PutEventSelectors` operation is
+    # called with a number of event selectors or data resources that is not
+    # valid. The combination of event selectors and data resources is not
+    # valid. A trail can have up to 5 event selectors. A trail is limited to
+    # 250 data resources. These data resources can be distributed across
+    # event selectors, but the overall total cannot exceed 250.
+    #
+    # You can:
+    #
+    # * Specify a valid number of event selectors (1 to 5) for a trail.
+    #
+    # * Specify a valid number of data resources (1 to 250) for an event
+    #   selector. The limit of number of resources on an individual event
+    #   selector is configurable up to 250. However, this upper limit is
+    #   allowed only if the total number of data resources does not exceed
+    #   250 across all event selectors for a trail.
+    #
+    # * Specify a valid value for a parameter. For example, specifying the
+    #   `ReadWriteType` parameter with a value of `read-only` is invalid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidEventSelectorsException AWS API Documentation
+    #
+    class InvalidEventSelectorsException < Aws::EmptyStructure; end
+
+    # This exception is thrown when an operation is called on a trail from a
+    # region other than the region in which the trail was created.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidHomeRegionException AWS API Documentation
+    #
+    class InvalidHomeRegionException < Aws::EmptyStructure; end
+
+    # The formatting or syntax of the `InsightSelectors` JSON statement in
+    # your `PutInsightSelectors` or `GetInsightSelectors` request is not
+    # valid, or the specified insight type in the `InsightSelectors`
+    # statement is not a valid insight type.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidInsightSelectorsException AWS API Documentation
+    #
+    class InvalidInsightSelectorsException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the KMS key ARN is invalid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidKmsKeyIdException AWS API Documentation
+    #
+    class InvalidKmsKeyIdException < Aws::EmptyStructure; end
+
+    # Occurs when an invalid lookup attribute is specified.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidLookupAttributesException AWS API Documentation
+    #
+    class InvalidLookupAttributesException < Aws::EmptyStructure; end
+
+    # This exception is thrown if the limit specified is invalid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidMaxResultsException AWS API Documentation
+    #
+    class InvalidMaxResultsException < Aws::EmptyStructure; end
+
+    # Invalid token or token that was previously used in a request with
+    # different parameters. This exception is thrown if the token is
+    # invalid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidNextTokenException AWS API Documentation
+    #
+    class InvalidNextTokenException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the combination of parameters provided
+    # is not valid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidParameterCombinationException AWS API Documentation
+    #
+    class InvalidParameterCombinationException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the provided S3 bucket name is not
+    # valid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidS3BucketNameException AWS API Documentation
+    #
+    class InvalidS3BucketNameException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the provided S3 prefix is not valid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidS3PrefixException AWS API Documentation
+    #
+    class InvalidS3PrefixException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the provided SNS topic name is not
+    # valid.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidSnsTopicNameException AWS API Documentation
+    #
+    class InvalidSnsTopicNameException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the specified tag key or values are not
+    # valid. It can also occur if there are duplicate tags or too many tags
+    # on the resource.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidTagParameterException AWS API Documentation
+    #
+    class InvalidTagParameterException < Aws::EmptyStructure; end
+
+    # Occurs if the timestamp values are invalid. Either the start time
+    # occurs after the end time or the time range is outside the range of
+    # possible values.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidTimeRangeException AWS API Documentation
+    #
+    class InvalidTimeRangeException < Aws::EmptyStructure; end
+
+    # Reserved for future use.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidTokenException AWS API Documentation
+    #
+    class InvalidTokenException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the provided trail name is not valid.
+    # Trail names must meet the following requirements:
+    #
+    # * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
+    #   underscores (\_), or dashes (-)
+    #
+    # * Start with a letter or number, and end with a letter or number
+    #
+    # * Be between 3 and 128 characters
+    #
+    # * Have no adjacent periods, underscores or dashes. Names like
+    #   `my-_namespace` and `my--namespace` are invalid.
+    #
+    # * Not be in IP address format (for example, 192.168.5.4)
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidTrailNameException AWS API Documentation
+    #
+    class InvalidTrailNameException < Aws::EmptyStructure; end
+
+    # This exception is thrown when there is an issue with the specified KMS
+    # key and the trail can’t be updated.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsException AWS API Documentation
+    #
+    class KmsException < Aws::EmptyStructure; end
+
+    # This exception is no longer in use.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyDisabledException AWS API Documentation
+    #
+    class KmsKeyDisabledException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the KMS key does not exist, or when the
+    # S3 bucket and the KMS key are not in the same region.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyNotFoundException AWS API Documentation
+    #
+    class KmsKeyNotFoundException < Aws::EmptyStructure; end
+
     # Requests the public keys for a specified time range.
     #
     # @note When making an API call, you may pass ListPublicKeysRequest
@@ -1004,6 +1342,12 @@ module Aws::CloudTrail
     #       }
     #
     # @!attribute [rw] next_token
+    #   The token to use to get the next page of results after a previous
+    #   API call. This token must be passed in with the same parameters that
+    #   were specified in the the original call. For example, if the
+    #   original call specified an AttributeKey of 'Username' with a value
+    #   of 'root', the call with NextToken should include those same
+    #   parameters.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListTrailsRequest AWS API Documentation
@@ -1019,6 +1363,12 @@ module Aws::CloudTrail
     #   @return [Array<Types::TrailInfo>]
     #
     # @!attribute [rw] next_token
+    #   The token to use to get the next page of results after a previous
+    #   API call. If the token does not appear, there are no more results to
+    #   return. The token must be passed in with the same parameters as the
+    #   previous call. For example, if the original call specified an
+    #   AttributeKey of 'Username' with a value of 'root', the call with
+    #   NextToken should include those same parameters.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListTrailsResponse AWS API Documentation
@@ -1069,6 +1419,7 @@ module Aws::CloudTrail
     #         ],
     #         start_time: Time.now,
     #         end_time: Time.now,
+    #         event_category: "insight", # accepts insight
     #         max_results: 1,
     #         next_token: "NextToken",
     #       }
@@ -1090,6 +1441,13 @@ module Aws::CloudTrail
     #   start time, an error is returned.
     #   @return [Time]
     #
+    # @!attribute [rw] event_category
+    #   Specifies the event category. If you do not specify an event
+    #   category, events of the category are not returned in the response.
+    #   For example, if you do not specify `insight` as the value of
+    #   `EventCategory`, no Insights events are returned.
+    #   @return [String]
+    #
     # @!attribute [rw] max_results
     #   The number of events to return. Possible values are 1 through 50.
     #   The default is 50.
@@ -1110,6 +1468,7 @@ module Aws::CloudTrail
       :lookup_attributes,
       :start_time,
       :end_time,
+      :event_category,
       :max_results,
       :next_token)
       include Aws::Structure
@@ -1140,6 +1499,53 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # This exception is thrown when the maximum number of trails is reached.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/MaximumNumberOfTrailsExceededException AWS API Documentation
+    #
+    class MaximumNumberOfTrailsExceededException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the AWS account making the request to
+    # create or update an organization trail is not the master account for
+    # an organization in AWS Organizations. For more information, see
+    # [Prepare For Creating a Trail For Your Organization][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/NotOrganizationMasterAccountException AWS API Documentation
+    #
+    class NotOrganizationMasterAccountException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the requested operation is not
+    # permitted.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/OperationNotPermittedException AWS API Documentation
+    #
+    class OperationNotPermittedException < Aws::EmptyStructure; end
+
+    # This exception is thrown when AWS Organizations is not configured to
+    # support all features. All features must be enabled in AWS Organization
+    # to support creating an organization trail. For more information, see
+    # [Prepare For Creating a Trail For Your Organization][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/OrganizationNotInAllFeaturesModeException AWS API Documentation
+    #
+    class OrganizationNotInAllFeaturesModeException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the request is made from an AWS account
+    # that is not a member of an organization. To make this request, sign in
+    # using the credentials of an account that belongs to an organization.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/OrganizationsNotInUseException AWS API Documentation
+    #
+    class OrganizationsNotInUseException < Aws::EmptyStructure; end
+
     # Contains information about a returned public key.
     #
     # @!attribute [rw] value
@@ -1183,6 +1589,7 @@ module Aws::CloudTrail
     #                 values: ["String"],
     #               },
     #             ],
+    #             exclude_management_event_sources: ["String"],
     #           },
     #         ],
     #       }
@@ -1240,6 +1647,56 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutInsightSelectorsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         trail_name: "String", # required
+    #         insight_selectors: [ # required
+    #           {
+    #             insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] trail_name
+    #   The name of the CloudTrail trail for which you want to change or add
+    #   Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #   @return [Array<Types::InsightSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
+    #
+    class PutInsightSelectorsRequest < Struct.new(
+      :trail_name,
+      :insight_selectors)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] trail_arn
+    #   The Amazon Resource Name (ARN) of a trail for which you want to
+    #   change or add Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #   @return [Array<Types::InsightSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
+    #
+    class PutInsightSelectorsResponse < Struct.new(
+      :trail_arn,
+      :insight_selectors)
+      include Aws::Structure
+    end
+
     # Specifies the tags to remove from a trail.
     #
     # @note When making an API call, you may pass RemoveTagsRequest
@@ -1311,6 +1768,12 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # This exception is thrown when the specified resource is not found.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceNotFoundException AWS API Documentation
+    #
+    class ResourceNotFoundException < Aws::EmptyStructure; end
+
     # A resource tag.
     #
     # @!attribute [rw] resource_id
@@ -1329,6 +1792,19 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # This exception is thrown when the specified resource type is not
+    # supported by CloudTrail.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceTypeNotSupportedException AWS API Documentation
+    #
+    class ResourceTypeNotSupportedException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the specified S3 bucket does not exist.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/S3BucketDoesNotExistException AWS API Documentation
+    #
+    class S3BucketDoesNotExistException < Aws::EmptyStructure; end
+
     # The request to CloudTrail to start logging AWS API calls for an
     # account.
     #
@@ -1422,6 +1898,13 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # The number of tags per trail has exceeded the permitted amount.
+    # Currently, the limit is 50.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TagsLimitExceededException AWS API Documentation
+    #
+    class TagsLimitExceededException < Aws::EmptyStructure; end
+
     # The settings for a trail.
     #
     # @!attribute [rw] name
@@ -1507,6 +1990,11 @@ module Aws::CloudTrail
     #   Specifies if the trail has custom event selectors.
     #   @return [Boolean]
     #
+    # @!attribute [rw] has_insight_selectors
+    #   Specifies whether a trail has insight types specified in an
+    #   `InsightSelector` list.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] is_organization_trail
     #   Specifies whether the trail is an organization trail.
     #   @return [Boolean]
@@ -1528,10 +2016,17 @@ module Aws::CloudTrail
       :cloud_watch_logs_role_arn,
       :kms_key_id,
       :has_custom_event_selectors,
+      :has_insight_selectors,
       :is_organization_trail)
       include Aws::Structure
     end
 
+    # This exception is thrown when the specified trail already exists.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TrailAlreadyExistsException AWS API Documentation
+    #
+    class TrailAlreadyExistsException < Aws::EmptyStructure; end
+
     # Information about a CloudTrail trail, including the trail's name,
     # home region, and Amazon Resource Name (ARN).
     #
@@ -1556,6 +2051,26 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # This exception is thrown when the trail with the given name is not
+    # found.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TrailNotFoundException AWS API Documentation
+    #
+    class TrailNotFoundException < Aws::EmptyStructure; end
+
+    # This exception is no longer in use.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TrailNotProvidedException AWS API Documentation
+    #
+    class TrailNotProvidedException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the requested operation is not
+    # supported.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UnsupportedOperationException AWS API Documentation
+    #
+    class UnsupportedOperationException < Aws::EmptyStructure; end
+
     # Specifies settings to update for the trail.
     #
     # @note When making an API call, you may pass UpdateTrailRequest