aws-sdk-cloudtrail 1.26.0 → 1.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b4f077891a25793baaedeb68ec22c9edd75f720bb0d320ef06f52ab1ce5e43f
-  data.tar.gz: 3fe2b49cf0aaa5e69959c2dee5b4bd2a9d4ee742f97604307fe4b749efed61f1
+  metadata.gz: 25be88c90838214f5ca6f378cb0a13c3796aa4effa66ca1afe18145cf027251d
+  data.tar.gz: a75129e0264fed092634dd95f9fd759570072bc64ee8b0565549ae199de8f69e
 SHA512:
-  metadata.gz: 7fbd590b2c8fa2c3ead20b5ae49ae7df00b91253430c6e67cc5edb23962290be0167af59f9ffb76a93ce4df5f1c77e60e476ecd97c32f66bdfff46719a5f306a
-  data.tar.gz: 54a6435bc3f54a2ef8e1f3e0fef874164d99d45a5cf81a3d5d5edc7f0e7aea53928ad7d08f07506e0bcf7f839f1b5e12a65c96f538f13ceb96a32809e94373cd
+  metadata.gz: 3d6eebd327cec31f0f72e218c1558d2f9efaad2006ce88bbc7d94f49b9ee42000093f927d114ad7d209d38ef6badf7d708e5dbb17748c5b19928ead67fbac4ce
+  data.tar.gz: a0e7cef97b036feee7949bbb063cb95308f275e57ecfaba28997aa42b7980cfcf6feaffb12e14f5c3185a3fa158e18ec983eac5bc0ae4d299dbb4d4a120a8f3d

data/lib/aws-sdk-cloudtrail.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 require 'aws-sdk-core'
 require 'aws-sigv4'
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-cloudtrail/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::CloudTrail
 
-  GEM_VERSION = '1.26.0'
+  GEM_VERSION = '1.31.0'
 
 end

data/lib/aws-sdk-cloudtrail/client.rb

@@ -85,13 +85,28 @@ module Aws::CloudTrail
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::CloudTrail
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -674,6 +689,7 @@ module Aws::CloudTrail
     #
     #   * {Types::GetEventSelectorsResponse#trail_arn #trail_arn} => String
     #   * {Types::GetEventSelectorsResponse#event_selectors #event_selectors} => Array<Types::EventSelector>
+    #   * {Types::GetEventSelectorsResponse#advanced_event_selectors #advanced_event_selectors} => Array<Types::AdvancedEventSelector>
     #
     # @example Request syntax with placeholder values
     #
@@ -693,6 +709,22 @@ module Aws::CloudTrail
     #   resp.event_selectors[0].data_resources[0].values[0] #=> String
     #   resp.event_selectors[0].exclude_management_event_sources #=> Array
     #   resp.event_selectors[0].exclude_management_event_sources[0] #=> String
+    #   resp.advanced_event_selectors #=> Array
+    #   resp.advanced_event_selectors[0].name #=> String
+    #   resp.advanced_event_selectors[0].field_selectors #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].field #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectors AWS API Documentation
     #
@@ -1050,8 +1082,8 @@ module Aws::CloudTrail
     # 50, with a maximum of 50 possible. The response includes a token that
     # you can use to get the next page of results.
     #
-    # The rate of lookup requests is limited to two per second per account.
-    # If this limit is exceeded, a throttling error occurs.
+    # The rate of lookup requests is limited to two per second, per account,
+    # per region. If this limit is exceeded, a throttling error occurs.
     #
     #
     #
@@ -1137,16 +1169,17 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
-    # Configures an event selector for your trail. Use event selectors to
-    # further specify the management and data event settings for your trail.
-    # By default, trails created without specific event selectors will be
-    # configured to log all read and write management events, and no data
-    # events.
+    # Configures an event selector or advanced event selectors for your
+    # trail. Use event selectors or advanced event selectors to specify
+    # management and data event settings for your trail. By default, trails
+    # created without specific event selectors are configured to log all
+    # read and write management events, and no data events.
     #
     # When an event occurs in your account, CloudTrail evaluates the event
-    # selectors in all trails. For each trail, if the event matches any
-    # event selector, the trail processes and logs the event. If the event
-    # doesn't match any event selector, the trail doesn't log the event.
+    # selectors or advanced event selectors in all trails. For each trail,
+    # if the event matches any event selector, the trail processes and logs
+    # the event. If the event doesn't match any event selector, the trail
+    # doesn't log the event.
     #
     # Example
     #
@@ -1162,21 +1195,30 @@ module Aws::CloudTrail
     # 4.  The `RunInstances` is a write-only event and it matches your event
     #     selector. The trail logs the event.
     #
-    # 5.  The `GetConsoleOutput` is a read-only event but it doesn't match
+    # 5.  The `GetConsoleOutput` is a read-only event that doesn't match
     #     your event selector. The trail doesn't log the event.
     #
     # The `PutEventSelectors` operation must be called from the region in
     # which the trail was created; otherwise, an
-    # `InvalidHomeRegionException` is thrown.
+    # `InvalidHomeRegionException` exception is thrown.
     #
     # You can configure up to five event selectors for each trail. For more
-    # information, see [Logging Data and Management Events for Trails ][1]
-    # and [Limits in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
+    # information, see [Logging data and management events for trails ][1]
+    # and [Quotas in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
+    #
+    # You can add advanced event selectors, and conditions for your advanced
+    # event selectors, up to a maximum of 500 values for all conditions and
+    # selectors on a trail. You can use either `AdvancedEventSelectors` or
+    # `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
+    # to a trail, any existing `EventSelectors` are overwritten. For more
+    # information about advanced event selectors, see [Logging data events
+    # for trails][3] in the *AWS CloudTrail User Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
     # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
+    # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
     # @option params [required, String] :trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
@@ -1198,20 +1240,38 @@ module Aws::CloudTrail
     #
     #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
     #
-    # @option params [required, Array<Types::EventSelector>] :event_selectors
+    # @option params [Array<Types::EventSelector>] :event_selectors
     #   Specifies the settings for your event selectors. You can configure up
-    #   to five event selectors for a trail.
+    #   to five event selectors for a trail. You can use either
+    #   `EventSelectors` or `AdvancedEventSelectors` in a `PutEventSelectors`
+    #   request, but not both. If you apply `EventSelectors` to a trail, any
+    #   existing `AdvancedEventSelectors` are overwritten.
+    #
+    # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
+    #   Specifies the settings for advanced event selectors. You can add
+    #   advanced event selectors, and conditions for your advanced event
+    #   selectors, up to a maximum of 500 values for all conditions and
+    #   selectors on a trail. You can use either `AdvancedEventSelectors` or
+    #   `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
+    #   to a trail, any existing `EventSelectors` are overwritten. For more
+    #   information about advanced event selectors, see [Logging data events
+    #   for trails][1] in the *AWS CloudTrail User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
     # @return [Types::PutEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutEventSelectorsResponse#trail_arn #trail_arn} => String
     #   * {Types::PutEventSelectorsResponse#event_selectors #event_selectors} => Array&lt;Types::EventSelector&gt;
+    #   * {Types::PutEventSelectorsResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.put_event_selectors({
     #     trail_name: "String", # required
-    #     event_selectors: [ # required
+    #     event_selectors: [
     #       {
     #         read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
     #         include_management_events: false,
@@ -1224,6 +1284,22 @@ module Aws::CloudTrail
     #         exclude_management_event_sources: ["String"],
     #       },
     #     ],
+    #     advanced_event_selectors: [
+    #       {
+    #         name: "SelectorName",
+    #         field_selectors: [ # required
+    #           {
+    #             field: "SelectorField", # required
+    #             equals: ["OperatorValue"],
+    #             starts_with: ["OperatorValue"],
+    #             ends_with: ["OperatorValue"],
+    #             not_equals: ["OperatorValue"],
+    #             not_starts_with: ["OperatorValue"],
+    #             not_ends_with: ["OperatorValue"],
+    #           },
+    #         ],
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -1238,6 +1314,22 @@ module Aws::CloudTrail
     #   resp.event_selectors[0].data_resources[0].values[0] #=> String
     #   resp.event_selectors[0].exclude_management_event_sources #=> Array
     #   resp.event_selectors[0].exclude_management_event_sources[0] #=> String
+    #   resp.advanced_event_selectors #=> Array
+    #   resp.advanced_event_selectors[0].name #=> String
+    #   resp.advanced_event_selectors[0].field_selectors #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].field #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectors AWS API Documentation
     #
@@ -1578,7 +1670,7 @@ module Aws::CloudTrail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudtrail'
-      context[:gem_version] = '1.26.0'
+      context[:gem_version] = '1.31.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudtrail/client_api.rb

@@ -15,10 +15,15 @@ module Aws::CloudTrail
 
     AddTagsRequest = Shapes::StructureShape.new(name: 'AddTagsRequest')
     AddTagsResponse = Shapes::StructureShape.new(name: 'AddTagsResponse')
+    AdvancedEventSelector = Shapes::StructureShape.new(name: 'AdvancedEventSelector')
+    AdvancedEventSelectors = Shapes::ListShape.new(name: 'AdvancedEventSelectors')
+    AdvancedFieldSelector = Shapes::StructureShape.new(name: 'AdvancedFieldSelector')
+    AdvancedFieldSelectors = Shapes::ListShape.new(name: 'AdvancedFieldSelectors')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     ByteBuffer = Shapes::BlobShape.new(name: 'ByteBuffer')
     CloudTrailARNInvalidException = Shapes::StructureShape.new(name: 'CloudTrailARNInvalidException')
     CloudTrailAccessNotEnabledException = Shapes::StructureShape.new(name: 'CloudTrailAccessNotEnabledException')
+    CloudTrailInvalidClientTokenIdException = Shapes::StructureShape.new(name: 'CloudTrailInvalidClientTokenIdException')
     CloudWatchLogsDeliveryUnavailableException = Shapes::StructureShape.new(name: 'CloudWatchLogsDeliveryUnavailableException')
     CreateTrailRequest = Shapes::StructureShape.new(name: 'CreateTrailRequest')
     CreateTrailResponse = Shapes::StructureShape.new(name: 'CreateTrailResponse')
@@ -89,6 +94,8 @@ module Aws::CloudTrail
     NextToken = Shapes::StringShape.new(name: 'NextToken')
     NotOrganizationMasterAccountException = Shapes::StructureShape.new(name: 'NotOrganizationMasterAccountException')
     OperationNotPermittedException = Shapes::StructureShape.new(name: 'OperationNotPermittedException')
+    Operator = Shapes::ListShape.new(name: 'Operator')
+    OperatorValue = Shapes::StringShape.new(name: 'OperatorValue')
     OrganizationNotInAllFeaturesModeException = Shapes::StructureShape.new(name: 'OrganizationNotInAllFeaturesModeException')
     OrganizationsNotInUseException = Shapes::StructureShape.new(name: 'OrganizationsNotInUseException')
     PublicKey = Shapes::StructureShape.new(name: 'PublicKey')
@@ -108,6 +115,8 @@ module Aws::CloudTrail
     ResourceTagList = Shapes::ListShape.new(name: 'ResourceTagList')
     ResourceTypeNotSupportedException = Shapes::StructureShape.new(name: 'ResourceTypeNotSupportedException')
     S3BucketDoesNotExistException = Shapes::StructureShape.new(name: 'S3BucketDoesNotExistException')
+    SelectorField = Shapes::StringShape.new(name: 'SelectorField')
+    SelectorName = Shapes::StringShape.new(name: 'SelectorName')
     StartLoggingRequest = Shapes::StructureShape.new(name: 'StartLoggingRequest')
     StartLoggingResponse = Shapes::StructureShape.new(name: 'StartLoggingResponse')
     StopLoggingRequest = Shapes::StructureShape.new(name: 'StopLoggingRequest')
@@ -134,10 +143,29 @@ module Aws::CloudTrail
 
     AddTagsResponse.struct_class = Types::AddTagsResponse
 
+    AdvancedEventSelector.add_member(:name, Shapes::ShapeRef.new(shape: SelectorName, location_name: "Name"))
+    AdvancedEventSelector.add_member(:field_selectors, Shapes::ShapeRef.new(shape: AdvancedFieldSelectors, required: true, location_name: "FieldSelectors"))
+    AdvancedEventSelector.struct_class = Types::AdvancedEventSelector
+
+    AdvancedEventSelectors.member = Shapes::ShapeRef.new(shape: AdvancedEventSelector)
+
+    AdvancedFieldSelector.add_member(:field, Shapes::ShapeRef.new(shape: SelectorField, required: true, location_name: "Field"))
+    AdvancedFieldSelector.add_member(:equals, Shapes::ShapeRef.new(shape: Operator, location_name: "Equals"))
+    AdvancedFieldSelector.add_member(:starts_with, Shapes::ShapeRef.new(shape: Operator, location_name: "StartsWith"))
+    AdvancedFieldSelector.add_member(:ends_with, Shapes::ShapeRef.new(shape: Operator, location_name: "EndsWith"))
+    AdvancedFieldSelector.add_member(:not_equals, Shapes::ShapeRef.new(shape: Operator, location_name: "NotEquals"))
+    AdvancedFieldSelector.add_member(:not_starts_with, Shapes::ShapeRef.new(shape: Operator, location_name: "NotStartsWith"))
+    AdvancedFieldSelector.add_member(:not_ends_with, Shapes::ShapeRef.new(shape: Operator, location_name: "NotEndsWith"))
+    AdvancedFieldSelector.struct_class = Types::AdvancedFieldSelector
+
+    AdvancedFieldSelectors.member = Shapes::ShapeRef.new(shape: AdvancedFieldSelector)
+
     CloudTrailARNInvalidException.struct_class = Types::CloudTrailARNInvalidException
 
     CloudTrailAccessNotEnabledException.struct_class = Types::CloudTrailAccessNotEnabledException
 
+    CloudTrailInvalidClientTokenIdException.struct_class = Types::CloudTrailInvalidClientTokenIdException
+
     CloudWatchLogsDeliveryUnavailableException.struct_class = Types::CloudWatchLogsDeliveryUnavailableException
 
     CreateTrailRequest.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Name"))
@@ -217,6 +245,7 @@ module Aws::CloudTrail
 
     GetEventSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
     GetEventSelectorsResponse.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
+    GetEventSelectorsResponse.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     GetEventSelectorsResponse.struct_class = Types::GetEventSelectorsResponse
 
     GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
@@ -359,6 +388,8 @@ module Aws::CloudTrail
 
     OperationNotPermittedException.struct_class = Types::OperationNotPermittedException
 
+    Operator.member = Shapes::ShapeRef.new(shape: OperatorValue)
+
     OrganizationNotInAllFeaturesModeException.struct_class = Types::OrganizationNotInAllFeaturesModeException
 
     OrganizationsNotInUseException.struct_class = Types::OrganizationsNotInUseException
@@ -372,11 +403,13 @@ module Aws::CloudTrail
     PublicKeyList.member = Shapes::ShapeRef.new(shape: PublicKey)
 
     PutEventSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
-    PutEventSelectorsRequest.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, required: true, location_name: "EventSelectors"))
+    PutEventSelectorsRequest.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
+    PutEventSelectorsRequest.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     PutEventSelectorsRequest.struct_class = Types::PutEventSelectorsRequest
 
     PutEventSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
     PutEventSelectorsResponse.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
+    PutEventSelectorsResponse.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     PutEventSelectorsResponse.struct_class = Types::PutEventSelectorsResponse
 
     PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
@@ -565,6 +598,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailInvalidClientTokenIdException)
       end)
 
       api.add_operation(:delete_trail, Seahorse::Model::Operation.new.tap do |o|
@@ -827,6 +861,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailInvalidClientTokenIdException)
       end)
     end
 

data/lib/aws-sdk-cloudtrail/errors.rb

@@ -29,6 +29,7 @@ module Aws::CloudTrail
   # ## Error Classes
   # * {CloudTrailARNInvalidException}
   # * {CloudTrailAccessNotEnabledException}
+  # * {CloudTrailInvalidClientTokenIdException}
   # * {CloudWatchLogsDeliveryUnavailableException}
   # * {InsightNotEnabledException}
   # * {InsufficientDependencyServiceAccessPermissionException}
@@ -96,6 +97,16 @@ module Aws::CloudTrail
       end
     end
 
+    class CloudTrailInvalidClientTokenIdException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::CloudTrailInvalidClientTokenIdException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class CloudWatchLogsDeliveryUnavailableException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cloudtrail/types.rb

@@ -52,6 +52,178 @@ module Aws::CloudTrail
     #
     class AddTagsResponse < Aws::EmptyStructure; end
 
+    # Advanced event selectors let you create fine-grained selectors for the
+    # following AWS CloudTrail event record fields. They help you control
+    # costs by logging only those events that are important to you. For more
+    # information about advanced event selectors, see [Logging data events
+    # for trails][1] in the *AWS CloudTrail User Guide*.
+    #
+    # * `readOnly`
+    #
+    # * `eventSource`
+    #
+    # * `eventName`
+    #
+    # * `eventCategory`
+    #
+    # * `resources.type`
+    #
+    # * `resources.ARN`
+    #
+    # You cannot apply both event selectors and advanced event selectors to
+    # a trail.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+    #
+    # @note When making an API call, you may pass AdvancedEventSelector
+    #   data as a hash:
+    #
+    #       {
+    #         name: "SelectorName",
+    #         field_selectors: [ # required
+    #           {
+    #             field: "SelectorField", # required
+    #             equals: ["OperatorValue"],
+    #             starts_with: ["OperatorValue"],
+    #             ends_with: ["OperatorValue"],
+    #             not_equals: ["OperatorValue"],
+    #             not_starts_with: ["OperatorValue"],
+    #             not_ends_with: ["OperatorValue"],
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] name
+    #   An optional, descriptive name for an advanced event selector, such
+    #   as "Log data events for only two S3 buckets".
+    #   @return [String]
+    #
+    # @!attribute [rw] field_selectors
+    #   Contains all selector statements in an advanced event selector.
+    #   @return [Array<Types::AdvancedFieldSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AdvancedEventSelector AWS API Documentation
+    #
+    class AdvancedEventSelector < Struct.new(
+      :name,
+      :field_selectors)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A single selector statement in an advanced event selector.
+    #
+    # @note When making an API call, you may pass AdvancedFieldSelector
+    #   data as a hash:
+    #
+    #       {
+    #         field: "SelectorField", # required
+    #         equals: ["OperatorValue"],
+    #         starts_with: ["OperatorValue"],
+    #         ends_with: ["OperatorValue"],
+    #         not_equals: ["OperatorValue"],
+    #         not_starts_with: ["OperatorValue"],
+    #         not_ends_with: ["OperatorValue"],
+    #       }
+    #
+    # @!attribute [rw] field
+    #   A field in an event record on which to filter events to be logged.
+    #   Supported fields include `readOnly`, `eventCategory`, `eventSource`
+    #   (for management events), `eventName`, `resources.type`, and
+    #   `resources.ARN`.
+    #
+    #   * <b> <code>readOnly</code> </b> - Optional. Can be set to `Equals`
+    #     a value of `true` or `false`. A value of `false` logs both `read`
+    #     and `write` events.
+    #
+    #   * <b> <code>eventSource</code> </b> - For filtering management
+    #     events only. This can be set only to `NotEquals`
+    #     `kms.amazonaws.com`.
+    #
+    #   * <b> <code>eventName</code> </b> - Can use any operator. You can
+    #     use it to filter in or filter out any data event logged to
+    #     CloudTrail, such as `PutBucket`. You can have multiple values for
+    #     this field, separated by commas.
+    #
+    #   * <b> <code>eventCategory</code> </b> - This is required. It must be
+    #     set to `Equals`, and the value must be `Management` or `Data`.
+    #
+    #   * <b> <code>resources.type</code> </b> - This field is required.
+    #     `resources.type` can only use the `Equals` operator, and the value
+    #     can be one of the following: `AWS::S3::Object` or
+    #     `AWS::Lambda::Function`. You can have only one `resources.type`
+    #     field per selector. To log data events on more than one resource
+    #     type, add another selector.
+    #
+    #   * <b> <code>resources.ARN</code> </b> - You can use any operator
+    #     with resources.ARN, but if you use `Equals` or `NotEquals`, the
+    #     value must exactly match the ARN of a valid resource of the type
+    #     you've specified in the template as the value of resources.type.
+    #     For example, if resources.type equals `AWS::S3::Object`, the ARN
+    #     must be in one of the following formats. The trailing slash is
+    #     intentional; do not exclude it.
+    #
+    #     * `arn:partition:s3:::bucket_name/`
+    #
+    #     * `arn:partition:s3:::bucket_name/object_or_file_name/`
+    #
+    #     When resources.type equals `AWS::Lambda::Function`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:partition:lambda:region:account_ID:function:function_name`
+    #
+    #     ^
+    #   @return [String]
+    #
+    # @!attribute [rw] equals
+    #   An operator that includes events that match the exact value of the
+    #   event record field specified as the value of `Field`. This is the
+    #   only valid operator that you can use with the `readOnly`,
+    #   `eventCategory`, and `resources.type` fields.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] starts_with
+    #   An operator that includes events that match the first few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] ends_with
+    #   An operator that includes events that match the last few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_equals
+    #   An operator that excludes events that match the exact value of the
+    #   event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_starts_with
+    #   An operator that excludes events that match the first few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_ends_with
+    #   An operator that excludes events that match the last few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AdvancedFieldSelector AWS API Documentation
+    #
+    class AdvancedFieldSelector < Struct.new(
+      :field,
+      :equals,
+      :starts_with,
+      :ends_with,
+      :not_equals,
+      :not_starts_with,
+      :not_ends_with)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This exception is thrown when an operation is called with an invalid
     # trail ARN. The format of a trail ARN is:
     #
@@ -75,6 +247,15 @@ module Aws::CloudTrail
     #
     class CloudTrailAccessNotEnabledException < Aws::EmptyStructure; end
 
+    # This exception is thrown when a call results in the
+    # `InvalidClientTokenId` error code. This can occur when you are
+    # creating or updating a trail to send notifications to an Amazon SNS
+    # topic that is in a suspended AWS account.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailInvalidClientTokenIdException AWS API Documentation
+    #
+    class CloudTrailInvalidClientTokenIdException < Aws::EmptyStructure; end
+
     # Cannot set a CloudWatch Logs delivery for this region.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudWatchLogsDeliveryUnavailableException AWS API Documentation
@@ -343,6 +524,10 @@ module Aws::CloudTrail
     # distributed between 1 and 5 event selectors, but the total cannot
     # exceed 250 across all selectors.
     #
+    #  If you are using advanced event selectors, the maximum total number of
+    # values for all conditions, across all advanced event selectors for the
+    # trail, is 500.
+    #
     #  </note>
     #
     # The following example demonstrates how logging works when you
@@ -626,6 +811,9 @@ module Aws::CloudTrail
     #
     # You can configure up to five event selectors for a trail.
     #
+    # You cannot apply both event selectors and advanced event selectors to
+    # a trail.
+    #
     # @note When making an API call, you may pass EventSelector
     #   data as a hash:
     #
@@ -659,9 +847,15 @@ module Aws::CloudTrail
     #
     #   By default, the value is `true`.
     #
+    #   The first copy of management events is free. You are charged for
+    #   additional copies of management events that you are logging on any
+    #   subsequent trail in the same region. For more information about
+    #   CloudTrail pricing, see [AWS CloudTrail Pricing][2].
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events
+    #   [2]: http://aws.amazon.com/cloudtrail/pricing/
     #   @return [Boolean]
     #
     # @!attribute [rw] data_resources
@@ -745,11 +939,16 @@ module Aws::CloudTrail
     #   The event selectors that are configured for the trail.
     #   @return [Array<Types::EventSelector>]
     #
+    # @!attribute [rw] advanced_event_selectors
+    #   The advanced event selectors that are configured for the trail.
+    #   @return [Array<Types::AdvancedEventSelector>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectorsResponse AWS API Documentation
     #
     class GetEventSelectorsResponse < Struct.new(
       :trail_arn,
-      :event_selectors)
+      :event_selectors,
+      :advanced_event_selectors)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1094,11 +1293,14 @@ module Aws::CloudTrail
     class InvalidEventCategoryException < Aws::EmptyStructure; end
 
     # This exception is thrown when the `PutEventSelectors` operation is
-    # called with a number of event selectors or data resources that is not
-    # valid. The combination of event selectors and data resources is not
-    # valid. A trail can have up to 5 event selectors. A trail is limited to
-    # 250 data resources. These data resources can be distributed across
-    # event selectors, but the overall total cannot exceed 250.
+    # called with a number of event selectors, advanced event selectors, or
+    # data resources that is not valid. The combination of event selectors
+    # or advanced event selectors and data resources is not valid. A trail
+    # can have up to 5 event selectors. If a trail uses advanced event
+    # selectors, a maximum of 500 total values for all conditions in all
+    # advanced event selectors is allowed. A trail is limited to 250 data
+    # resources. These data resources can be distributed across event
+    # selectors, but the overall total cannot exceed 250.
     #
     # You can:
     #
@@ -1110,6 +1312,9 @@ module Aws::CloudTrail
     #   allowed only if the total number of data resources does not exceed
     #   250 across all event selectors for a trail.
     #
+    # * Specify up to 500 values for all conditions in all advanced event
+    #   selectors for a trail.
+    #
     # * Specify a valid value for a parameter. For example, specifying the
     #   `ReadWriteType` parameter with a value of `read-only` is invalid.
     #
@@ -1240,8 +1445,10 @@ module Aws::CloudTrail
     #
     class KmsKeyDisabledException < Aws::EmptyStructure; end
 
-    # This exception is thrown when the KMS key does not exist, or when the
-    # S3 bucket and the KMS key are not in the same region.
+    # This exception is thrown when the KMS key does not exist, when the S3
+    # bucket and the KMS key are not in the same region, or when the KMS key
+    # associated with the SNS topic either does not exist or is not in the
+    # same region.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyNotFoundException AWS API Documentation
     #
@@ -1609,7 +1816,7 @@ module Aws::CloudTrail
     #
     #       {
     #         trail_name: "String", # required
-    #         event_selectors: [ # required
+    #         event_selectors: [
     #           {
     #             read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
     #             include_management_events: false,
@@ -1622,6 +1829,22 @@ module Aws::CloudTrail
     #             exclude_management_event_sources: ["String"],
     #           },
     #         ],
+    #         advanced_event_selectors: [
+    #           {
+    #             name: "SelectorName",
+    #             field_selectors: [ # required
+    #               {
+    #                 field: "SelectorField", # required
+    #                 equals: ["OperatorValue"],
+    #                 starts_with: ["OperatorValue"],
+    #                 ends_with: ["OperatorValue"],
+    #                 not_equals: ["OperatorValue"],
+    #                 not_starts_with: ["OperatorValue"],
+    #                 not_ends_with: ["OperatorValue"],
+    #               },
+    #             ],
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] trail_name
@@ -1647,14 +1870,35 @@ module Aws::CloudTrail
     #
     # @!attribute [rw] event_selectors
     #   Specifies the settings for your event selectors. You can configure
-    #   up to five event selectors for a trail.
+    #   up to five event selectors for a trail. You can use either
+    #   `EventSelectors` or `AdvancedEventSelectors` in a
+    #   `PutEventSelectors` request, but not both. If you apply
+    #   `EventSelectors` to a trail, any existing `AdvancedEventSelectors`
+    #   are overwritten.
     #   @return [Array<Types::EventSelector>]
     #
+    # @!attribute [rw] advanced_event_selectors
+    #   Specifies the settings for advanced event selectors. You can add
+    #   advanced event selectors, and conditions for your advanced event
+    #   selectors, up to a maximum of 500 values for all conditions and
+    #   selectors on a trail. You can use either `AdvancedEventSelectors` or
+    #   `EventSelectors`, but not both. If you apply
+    #   `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
+    #   are overwritten. For more information about advanced event
+    #   selectors, see [Logging data events for trails][1] in the *AWS
+    #   CloudTrail User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+    #   @return [Array<Types::AdvancedEventSelector>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsRequest AWS API Documentation
     #
     class PutEventSelectorsRequest < Struct.new(
       :trail_name,
-      :event_selectors)
+      :event_selectors,
+      :advanced_event_selectors)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1670,11 +1914,16 @@ module Aws::CloudTrail
     #   Specifies the event selectors configured for your trail.
     #   @return [Array<Types::EventSelector>]
     #
+    # @!attribute [rw] advanced_event_selectors
+    #   Specifies the advanced event selectors configured for your trail.
+    #   @return [Array<Types::AdvancedEventSelector>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsResponse AWS API Documentation
     #
     class PutEventSelectorsResponse < Struct.new(
       :trail_arn,
-      :event_selectors)
+      :event_selectors,
+      :advanced_event_selectors)
       SENSITIVE = []
       include Aws::Structure
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudtrail
 version: !ruby/object:Gem::Version
-  version: 1.26.0
+  version: 1.31.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-02 00:00:00.000000000 Z
+date: 2020-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement