aws-sdk-cloudtrail 1.28.0 → 1.33.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca2e38d223f4319eb07d99fde3ac23664816b975e236292e6ea97da9f2be86ed
-  data.tar.gz: b65a607591cfce51642812a962fd8fa39a5686bca038e9491fbcfa2e86389d54
+  metadata.gz: 49fc047dc2d8263fa56384ecec867cdb0bd7cceeb492efe32ee6c58c445c4a65
+  data.tar.gz: febf25452d46c58817c0f230e6f5fa3e731a3b07f5f740d2c3f7cb027c51d783
 SHA512:
-  metadata.gz: 68cff829f67ece7d4343f5e2ceb084b6f3a78b22fcffae5bc4907189dad5dc6164e0e89213f6e9945936dc6447e2cc6ff755d38e6270d4fc87fc2aba0a175488
-  data.tar.gz: ffde1667a2cf7806cded4e541de21d3a16ec3d651e3faeded54c5c8a51641c6b9b3e4d99cb36ed9b9e6b8c200e33c78d84149e21e6084677003efce8e53d3d2e
+  metadata.gz: 2a5e88c72243fb91648a48072f719476ee8371df75b8dbd2aea77cdcf670e0c2845dac49e0816d90efb2dd9b806ca3c94e3eb834aed94b9517515ccac214cb2a
+  data.tar.gz: 23283771167743f47d5c7ec05ede848b057dc74c3d3e0c06102320a0b879bcb41d1696fdc5bdd7cbd9b1283da3298893054181167d9e8a4c01cbe88e8ca7db10

data/lib/aws-sdk-cloudtrail.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cloudtrail/customizations'
 # @!group service
 module Aws::CloudTrail
 
-  GEM_VERSION = '1.28.0'
+  GEM_VERSION = '1.33.0'
 
 end

data/lib/aws-sdk-cloudtrail/client.rb

@@ -689,6 +689,7 @@ module Aws::CloudTrail
     #
     #   * {Types::GetEventSelectorsResponse#trail_arn #trail_arn} => String
     #   * {Types::GetEventSelectorsResponse#event_selectors #event_selectors} => Array<Types::EventSelector>
+    #   * {Types::GetEventSelectorsResponse#advanced_event_selectors #advanced_event_selectors} => Array<Types::AdvancedEventSelector>
     #
     # @example Request syntax with placeholder values
     #
@@ -708,6 +709,22 @@ module Aws::CloudTrail
     #   resp.event_selectors[0].data_resources[0].values[0] #=> String
     #   resp.event_selectors[0].exclude_management_event_sources #=> Array
     #   resp.event_selectors[0].exclude_management_event_sources[0] #=> String
+    #   resp.advanced_event_selectors #=> Array
+    #   resp.advanced_event_selectors[0].name #=> String
+    #   resp.advanced_event_selectors[0].field_selectors #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].field #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectors AWS API Documentation
     #
@@ -1065,8 +1082,8 @@ module Aws::CloudTrail
     # 50, with a maximum of 50 possible. The response includes a token that
     # you can use to get the next page of results.
     #
-    # The rate of lookup requests is limited to two per second per account.
-    # If this limit is exceeded, a throttling error occurs.
+    # The rate of lookup requests is limited to two per second, per account,
+    # per region. If this limit is exceeded, a throttling error occurs.
     #
     #
     #
@@ -1152,16 +1169,17 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
-    # Configures an event selector for your trail. Use event selectors to
-    # further specify the management and data event settings for your trail.
-    # By default, trails created without specific event selectors will be
-    # configured to log all read and write management events, and no data
-    # events.
+    # Configures an event selector or advanced event selectors for your
+    # trail. Use event selectors or advanced event selectors to specify
+    # management and data event settings for your trail. By default, trails
+    # created without specific event selectors are configured to log all
+    # read and write management events, and no data events.
     #
     # When an event occurs in your account, CloudTrail evaluates the event
-    # selectors in all trails. For each trail, if the event matches any
-    # event selector, the trail processes and logs the event. If the event
-    # doesn't match any event selector, the trail doesn't log the event.
+    # selectors or advanced event selectors in all trails. For each trail,
+    # if the event matches any event selector, the trail processes and logs
+    # the event. If the event doesn't match any event selector, the trail
+    # doesn't log the event.
     #
     # Example
     #
@@ -1177,21 +1195,30 @@ module Aws::CloudTrail
     # 4.  The `RunInstances` is a write-only event and it matches your event
     #     selector. The trail logs the event.
     #
-    # 5.  The `GetConsoleOutput` is a read-only event but it doesn't match
+    # 5.  The `GetConsoleOutput` is a read-only event that doesn't match
     #     your event selector. The trail doesn't log the event.
     #
     # The `PutEventSelectors` operation must be called from the region in
     # which the trail was created; otherwise, an
-    # `InvalidHomeRegionException` is thrown.
+    # `InvalidHomeRegionException` exception is thrown.
     #
     # You can configure up to five event selectors for each trail. For more
-    # information, see [Logging Data and Management Events for Trails ][1]
-    # and [Limits in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
+    # information, see [Logging data and management events for trails ][1]
+    # and [Quotas in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
+    #
+    # You can add advanced event selectors, and conditions for your advanced
+    # event selectors, up to a maximum of 500 values for all conditions and
+    # selectors on a trail. You can use either `AdvancedEventSelectors` or
+    # `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
+    # to a trail, any existing `EventSelectors` are overwritten. For more
+    # information about advanced event selectors, see [Logging data events
+    # for trails][3] in the *AWS CloudTrail User Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
     # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
+    # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
     # @option params [required, String] :trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
@@ -1213,20 +1240,38 @@ module Aws::CloudTrail
     #
     #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
     #
-    # @option params [required, Array<Types::EventSelector>] :event_selectors
+    # @option params [Array<Types::EventSelector>] :event_selectors
     #   Specifies the settings for your event selectors. You can configure up
-    #   to five event selectors for a trail.
+    #   to five event selectors for a trail. You can use either
+    #   `EventSelectors` or `AdvancedEventSelectors` in a `PutEventSelectors`
+    #   request, but not both. If you apply `EventSelectors` to a trail, any
+    #   existing `AdvancedEventSelectors` are overwritten.
+    #
+    # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
+    #   Specifies the settings for advanced event selectors. You can add
+    #   advanced event selectors, and conditions for your advanced event
+    #   selectors, up to a maximum of 500 values for all conditions and
+    #   selectors on a trail. You can use either `AdvancedEventSelectors` or
+    #   `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
+    #   to a trail, any existing `EventSelectors` are overwritten. For more
+    #   information about advanced event selectors, see [Logging data events
+    #   for trails][1] in the *AWS CloudTrail User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
     # @return [Types::PutEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutEventSelectorsResponse#trail_arn #trail_arn} => String
     #   * {Types::PutEventSelectorsResponse#event_selectors #event_selectors} => Array&lt;Types::EventSelector&gt;
+    #   * {Types::PutEventSelectorsResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.put_event_selectors({
     #     trail_name: "String", # required
-    #     event_selectors: [ # required
+    #     event_selectors: [
     #       {
     #         read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
     #         include_management_events: false,
@@ -1239,6 +1284,22 @@ module Aws::CloudTrail
     #         exclude_management_event_sources: ["String"],
     #       },
     #     ],
+    #     advanced_event_selectors: [
+    #       {
+    #         name: "SelectorName",
+    #         field_selectors: [ # required
+    #           {
+    #             field: "SelectorField", # required
+    #             equals: ["OperatorValue"],
+    #             starts_with: ["OperatorValue"],
+    #             ends_with: ["OperatorValue"],
+    #             not_equals: ["OperatorValue"],
+    #             not_starts_with: ["OperatorValue"],
+    #             not_ends_with: ["OperatorValue"],
+    #           },
+    #         ],
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
@@ -1253,6 +1314,22 @@ module Aws::CloudTrail
     #   resp.event_selectors[0].data_resources[0].values[0] #=> String
     #   resp.event_selectors[0].exclude_management_event_sources #=> Array
     #   resp.event_selectors[0].exclude_management_event_sources[0] #=> String
+    #   resp.advanced_event_selectors #=> Array
+    #   resp.advanced_event_selectors[0].name #=> String
+    #   resp.advanced_event_selectors[0].field_selectors #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].field #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
+    #   resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectors AWS API Documentation
     #
@@ -1593,7 +1670,7 @@ module Aws::CloudTrail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudtrail'
-      context[:gem_version] = '1.28.0'
+      context[:gem_version] = '1.33.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudtrail/client_api.rb

@@ -15,11 +15,17 @@ module Aws::CloudTrail
 
     AddTagsRequest = Shapes::StructureShape.new(name: 'AddTagsRequest')
     AddTagsResponse = Shapes::StructureShape.new(name: 'AddTagsResponse')
+    AdvancedEventSelector = Shapes::StructureShape.new(name: 'AdvancedEventSelector')
+    AdvancedEventSelectors = Shapes::ListShape.new(name: 'AdvancedEventSelectors')
+    AdvancedFieldSelector = Shapes::StructureShape.new(name: 'AdvancedFieldSelector')
+    AdvancedFieldSelectors = Shapes::ListShape.new(name: 'AdvancedFieldSelectors')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     ByteBuffer = Shapes::BlobShape.new(name: 'ByteBuffer')
     CloudTrailARNInvalidException = Shapes::StructureShape.new(name: 'CloudTrailARNInvalidException')
     CloudTrailAccessNotEnabledException = Shapes::StructureShape.new(name: 'CloudTrailAccessNotEnabledException')
+    CloudTrailInvalidClientTokenIdException = Shapes::StructureShape.new(name: 'CloudTrailInvalidClientTokenIdException')
     CloudWatchLogsDeliveryUnavailableException = Shapes::StructureShape.new(name: 'CloudWatchLogsDeliveryUnavailableException')
+    ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     CreateTrailRequest = Shapes::StructureShape.new(name: 'CreateTrailRequest')
     CreateTrailResponse = Shapes::StructureShape.new(name: 'CreateTrailResponse')
     DataResource = Shapes::StructureShape.new(name: 'DataResource')
@@ -89,6 +95,8 @@ module Aws::CloudTrail
     NextToken = Shapes::StringShape.new(name: 'NextToken')
     NotOrganizationMasterAccountException = Shapes::StructureShape.new(name: 'NotOrganizationMasterAccountException')
     OperationNotPermittedException = Shapes::StructureShape.new(name: 'OperationNotPermittedException')
+    Operator = Shapes::ListShape.new(name: 'Operator')
+    OperatorValue = Shapes::StringShape.new(name: 'OperatorValue')
     OrganizationNotInAllFeaturesModeException = Shapes::StructureShape.new(name: 'OrganizationNotInAllFeaturesModeException')
     OrganizationsNotInUseException = Shapes::StructureShape.new(name: 'OrganizationsNotInUseException')
     PublicKey = Shapes::StructureShape.new(name: 'PublicKey')
@@ -108,6 +116,8 @@ module Aws::CloudTrail
     ResourceTagList = Shapes::ListShape.new(name: 'ResourceTagList')
     ResourceTypeNotSupportedException = Shapes::StructureShape.new(name: 'ResourceTypeNotSupportedException')
     S3BucketDoesNotExistException = Shapes::StructureShape.new(name: 'S3BucketDoesNotExistException')
+    SelectorField = Shapes::StringShape.new(name: 'SelectorField')
+    SelectorName = Shapes::StringShape.new(name: 'SelectorName')
     StartLoggingRequest = Shapes::StructureShape.new(name: 'StartLoggingRequest')
     StartLoggingResponse = Shapes::StructureShape.new(name: 'StartLoggingResponse')
     StopLoggingRequest = Shapes::StructureShape.new(name: 'StopLoggingRequest')
@@ -134,12 +144,33 @@ module Aws::CloudTrail
 
     AddTagsResponse.struct_class = Types::AddTagsResponse
 
+    AdvancedEventSelector.add_member(:name, Shapes::ShapeRef.new(shape: SelectorName, location_name: "Name"))
+    AdvancedEventSelector.add_member(:field_selectors, Shapes::ShapeRef.new(shape: AdvancedFieldSelectors, required: true, location_name: "FieldSelectors"))
+    AdvancedEventSelector.struct_class = Types::AdvancedEventSelector
+
+    AdvancedEventSelectors.member = Shapes::ShapeRef.new(shape: AdvancedEventSelector)
+
+    AdvancedFieldSelector.add_member(:field, Shapes::ShapeRef.new(shape: SelectorField, required: true, location_name: "Field"))
+    AdvancedFieldSelector.add_member(:equals, Shapes::ShapeRef.new(shape: Operator, location_name: "Equals"))
+    AdvancedFieldSelector.add_member(:starts_with, Shapes::ShapeRef.new(shape: Operator, location_name: "StartsWith"))
+    AdvancedFieldSelector.add_member(:ends_with, Shapes::ShapeRef.new(shape: Operator, location_name: "EndsWith"))
+    AdvancedFieldSelector.add_member(:not_equals, Shapes::ShapeRef.new(shape: Operator, location_name: "NotEquals"))
+    AdvancedFieldSelector.add_member(:not_starts_with, Shapes::ShapeRef.new(shape: Operator, location_name: "NotStartsWith"))
+    AdvancedFieldSelector.add_member(:not_ends_with, Shapes::ShapeRef.new(shape: Operator, location_name: "NotEndsWith"))
+    AdvancedFieldSelector.struct_class = Types::AdvancedFieldSelector
+
+    AdvancedFieldSelectors.member = Shapes::ShapeRef.new(shape: AdvancedFieldSelector)
+
     CloudTrailARNInvalidException.struct_class = Types::CloudTrailARNInvalidException
 
     CloudTrailAccessNotEnabledException.struct_class = Types::CloudTrailAccessNotEnabledException
 
+    CloudTrailInvalidClientTokenIdException.struct_class = Types::CloudTrailInvalidClientTokenIdException
+
     CloudWatchLogsDeliveryUnavailableException.struct_class = Types::CloudWatchLogsDeliveryUnavailableException
 
+    ConflictException.struct_class = Types::ConflictException
+
     CreateTrailRequest.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Name"))
     CreateTrailRequest.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "S3BucketName"))
     CreateTrailRequest.add_member(:s3_key_prefix, Shapes::ShapeRef.new(shape: String, location_name: "S3KeyPrefix"))
@@ -217,6 +248,7 @@ module Aws::CloudTrail
 
     GetEventSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
     GetEventSelectorsResponse.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
+    GetEventSelectorsResponse.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     GetEventSelectorsResponse.struct_class = Types::GetEventSelectorsResponse
 
     GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
@@ -359,6 +391,8 @@ module Aws::CloudTrail
 
     OperationNotPermittedException.struct_class = Types::OperationNotPermittedException
 
+    Operator.member = Shapes::ShapeRef.new(shape: OperatorValue)
+
     OrganizationNotInAllFeaturesModeException.struct_class = Types::OrganizationNotInAllFeaturesModeException
 
     OrganizationsNotInUseException.struct_class = Types::OrganizationsNotInUseException
@@ -372,11 +406,13 @@ module Aws::CloudTrail
     PublicKeyList.member = Shapes::ShapeRef.new(shape: PublicKey)
 
     PutEventSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
-    PutEventSelectorsRequest.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, required: true, location_name: "EventSelectors"))
+    PutEventSelectorsRequest.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
+    PutEventSelectorsRequest.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     PutEventSelectorsRequest.struct_class = Types::PutEventSelectorsRequest
 
     PutEventSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
     PutEventSelectorsResponse.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
+    PutEventSelectorsResponse.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     PutEventSelectorsResponse.struct_class = Types::PutEventSelectorsResponse
 
     PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
@@ -565,6 +601,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailInvalidClientTokenIdException)
       end)
 
       api.add_operation(:delete_trail, Seahorse::Model::Operation.new.tap do |o|
@@ -580,6 +617,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: InsufficientDependencyServiceAccessPermissionException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
 
       api.add_operation(:describe_trails, Seahorse::Model::Operation.new.tap do |o|
@@ -743,6 +781,8 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: InvalidInsightSelectorsException)
         o.errors << Shapes::ShapeRef.new(shape: InsufficientS3BucketPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InsufficientEncryptionPolicyException)
+        o.errors << Shapes::ShapeRef.new(shape: S3BucketDoesNotExistException)
+        o.errors << Shapes::ShapeRef.new(shape: KmsException)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
         o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
@@ -827,6 +867,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailInvalidClientTokenIdException)
       end)
     end
 

data/lib/aws-sdk-cloudtrail/errors.rb

@@ -29,7 +29,9 @@ module Aws::CloudTrail
   # ## Error Classes
   # * {CloudTrailARNInvalidException}
   # * {CloudTrailAccessNotEnabledException}
+  # * {CloudTrailInvalidClientTokenIdException}
   # * {CloudWatchLogsDeliveryUnavailableException}
+  # * {ConflictException}
   # * {InsightNotEnabledException}
   # * {InsufficientDependencyServiceAccessPermissionException}
   # * {InsufficientEncryptionPolicyException}
@@ -96,6 +98,16 @@ module Aws::CloudTrail
       end
     end
 
+    class CloudTrailInvalidClientTokenIdException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::CloudTrailInvalidClientTokenIdException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class CloudWatchLogsDeliveryUnavailableException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -106,6 +118,16 @@ module Aws::CloudTrail
       end
     end
 
+    class ConflictException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::ConflictException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class InsightNotEnabledException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cloudtrail/types.rb

@@ -52,6 +52,186 @@ module Aws::CloudTrail
     #
     class AddTagsResponse < Aws::EmptyStructure; end
 
+    # Advanced event selectors let you create fine-grained selectors for the
+    # following AWS CloudTrail event record fields. They help you control
+    # costs by logging only those events that are important to you. For more
+    # information about advanced event selectors, see [Logging data events
+    # for trails][1] in the *AWS CloudTrail User Guide*.
+    #
+    # * `readOnly`
+    #
+    # * `eventSource`
+    #
+    # * `eventName`
+    #
+    # * `eventCategory`
+    #
+    # * `resources.type`
+    #
+    # * `resources.ARN`
+    #
+    # You cannot apply both event selectors and advanced event selectors to
+    # a trail.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+    #
+    # @note When making an API call, you may pass AdvancedEventSelector
+    #   data as a hash:
+    #
+    #       {
+    #         name: "SelectorName",
+    #         field_selectors: [ # required
+    #           {
+    #             field: "SelectorField", # required
+    #             equals: ["OperatorValue"],
+    #             starts_with: ["OperatorValue"],
+    #             ends_with: ["OperatorValue"],
+    #             not_equals: ["OperatorValue"],
+    #             not_starts_with: ["OperatorValue"],
+    #             not_ends_with: ["OperatorValue"],
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] name
+    #   An optional, descriptive name for an advanced event selector, such
+    #   as "Log data events for only two S3 buckets".
+    #   @return [String]
+    #
+    # @!attribute [rw] field_selectors
+    #   Contains all selector statements in an advanced event selector.
+    #   @return [Array<Types::AdvancedFieldSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AdvancedEventSelector AWS API Documentation
+    #
+    class AdvancedEventSelector < Struct.new(
+      :name,
+      :field_selectors)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A single selector statement in an advanced event selector.
+    #
+    # @note When making an API call, you may pass AdvancedFieldSelector
+    #   data as a hash:
+    #
+    #       {
+    #         field: "SelectorField", # required
+    #         equals: ["OperatorValue"],
+    #         starts_with: ["OperatorValue"],
+    #         ends_with: ["OperatorValue"],
+    #         not_equals: ["OperatorValue"],
+    #         not_starts_with: ["OperatorValue"],
+    #         not_ends_with: ["OperatorValue"],
+    #       }
+    #
+    # @!attribute [rw] field
+    #   A field in an event record on which to filter events to be logged.
+    #   Supported fields include `readOnly`, `eventCategory`, `eventSource`
+    #   (for management events), `eventName`, `resources.type`, and
+    #   `resources.ARN`.
+    #
+    #   * <b> <code>readOnly</code> </b> - Optional. Can be set to `Equals`
+    #     a value of `true` or `false`. A value of `false` logs both `read`
+    #     and `write` events.
+    #
+    #   * <b> <code>eventSource</code> </b> - For filtering management
+    #     events only. This can be set only to `NotEquals`
+    #     `kms.amazonaws.com`.
+    #
+    #   * <b> <code>eventName</code> </b> - Can use any operator. You can
+    #     use it to filter in or filter out any data event logged to
+    #     CloudTrail, such as `PutBucket`. You can have multiple values for
+    #     this field, separated by commas.
+    #
+    #   * <b> <code>eventCategory</code> </b> - This is required. It must be
+    #     set to `Equals`, and the value must be `Management` or `Data`.
+    #
+    #   * <b> <code>resources.type</code> </b> - This field is required.
+    #     `resources.type` can only use the `Equals` operator, and the value
+    #     can be one of the following: `AWS::S3::Object`,
+    #     `AWS::Lambda::Function`, or `AWS::S3Outposts::Object`. You can
+    #     have only one `resources.type` field per selector. To log data
+    #     events on more than one resource type, add another selector.
+    #
+    #   * <b> <code>resources.ARN</code> </b> - You can use any operator
+    #     with resources.ARN, but if you use `Equals` or `NotEquals`, the
+    #     value must exactly match the ARN of a valid resource of the type
+    #     you've specified in the template as the value of resources.type.
+    #     For example, if resources.type equals `AWS::S3::Object`, the ARN
+    #     must be in one of the following formats. The trailing slash is
+    #     intentional; do not exclude it.
+    #
+    #     * `arn:partition:s3:::bucket_name/`
+    #
+    #     * `arn:partition:s3:::bucket_name/object_or_file_name/`
+    #
+    #     When resources.type equals `AWS::Lambda::Function`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:partition:lambda:region:account_ID:function:function_name`
+    #
+    #     ^
+    #
+    #     When `resources.type` equals `AWS::S3Outposts::Object`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:partition:s3-outposts:region:>account_ID:object_path`
+    #
+    #     ^
+    #   @return [String]
+    #
+    # @!attribute [rw] equals
+    #   An operator that includes events that match the exact value of the
+    #   event record field specified as the value of `Field`. This is the
+    #   only valid operator that you can use with the `readOnly`,
+    #   `eventCategory`, and `resources.type` fields.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] starts_with
+    #   An operator that includes events that match the first few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] ends_with
+    #   An operator that includes events that match the last few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_equals
+    #   An operator that excludes events that match the exact value of the
+    #   event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_starts_with
+    #   An operator that excludes events that match the first few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] not_ends_with
+    #   An operator that excludes events that match the last few characters
+    #   of the event record field specified as the value of `Field`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AdvancedFieldSelector AWS API Documentation
+    #
+    class AdvancedFieldSelector < Struct.new(
+      :field,
+      :equals,
+      :starts_with,
+      :ends_with,
+      :not_equals,
+      :not_starts_with,
+      :not_ends_with)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This exception is thrown when an operation is called with an invalid
     # trail ARN. The format of a trail ARN is:
     #
@@ -75,12 +255,31 @@ module Aws::CloudTrail
     #
     class CloudTrailAccessNotEnabledException < Aws::EmptyStructure; end
 
+    # This exception is thrown when a call results in the
+    # `InvalidClientTokenId` error code. This can occur when you are
+    # creating or updating a trail to send notifications to an Amazon SNS
+    # topic that is in a suspended AWS account.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailInvalidClientTokenIdException AWS API Documentation
+    #
+    class CloudTrailInvalidClientTokenIdException < Aws::EmptyStructure; end
+
     # Cannot set a CloudWatch Logs delivery for this region.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudWatchLogsDeliveryUnavailableException AWS API Documentation
     #
     class CloudWatchLogsDeliveryUnavailableException < Aws::EmptyStructure; end
 
+    # This exception is thrown when the specified resource is not ready for
+    # an operation. This can occur when you try to run an operation on a
+    # trail before CloudTrail has time to fully load the trail. If this
+    # exception occurs, wait a few minutes, and then try the operation
+    # again.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ConflictException AWS API Documentation
+    #
+    class ConflictException < Aws::EmptyStructure; end
+
     # Specifies the settings for each trail.
     #
     # @note When making an API call, you may pass CreateTrailRequest
@@ -343,6 +542,10 @@ module Aws::CloudTrail
     # distributed between 1 and 5 event selectors, but the total cannot
     # exceed 250 across all selectors.
     #
+    #  If you are using advanced event selectors, the maximum total number of
+    # values for all conditions, across all advanced event selectors for the
+    # trail, is 500.
+    #
     #  </note>
     #
     # The following example demonstrates how logging works when you
@@ -396,6 +599,10 @@ module Aws::CloudTrail
     # @!attribute [rw] type
     #   The resource type in which you want to log data events. You can
     #   specify `AWS::S3::Object` or `AWS::Lambda::Function` resources.
+    #
+    #   The `AWS::S3Outposts::Object` resource type is not valid in basic
+    #   event selectors. To log data events on this resource type, use
+    #   advanced event selectors.
     #   @return [String]
     #
     # @!attribute [rw] values
@@ -626,6 +833,9 @@ module Aws::CloudTrail
     #
     # You can configure up to five event selectors for a trail.
     #
+    # You cannot apply both event selectors and advanced event selectors to
+    # a trail.
+    #
     # @note When making an API call, you may pass EventSelector
     #   data as a hash:
     #
@@ -659,9 +869,15 @@ module Aws::CloudTrail
     #
     #   By default, the value is `true`.
     #
+    #   The first copy of management events is free. You are charged for
+    #   additional copies of management events that you are logging on any
+    #   subsequent trail in the same region. For more information about
+    #   CloudTrail pricing, see [AWS CloudTrail Pricing][2].
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events
+    #   [2]: http://aws.amazon.com/cloudtrail/pricing/
     #   @return [Boolean]
     #
     # @!attribute [rw] data_resources
@@ -745,11 +961,16 @@ module Aws::CloudTrail
     #   The event selectors that are configured for the trail.
     #   @return [Array<Types::EventSelector>]
     #
+    # @!attribute [rw] advanced_event_selectors
+    #   The advanced event selectors that are configured for the trail.
+    #   @return [Array<Types::AdvancedEventSelector>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectorsResponse AWS API Documentation
     #
     class GetEventSelectorsResponse < Struct.new(
       :trail_arn,
-      :event_selectors)
+      :event_selectors,
+      :advanced_event_selectors)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1094,11 +1315,14 @@ module Aws::CloudTrail
     class InvalidEventCategoryException < Aws::EmptyStructure; end
 
     # This exception is thrown when the `PutEventSelectors` operation is
-    # called with a number of event selectors or data resources that is not
-    # valid. The combination of event selectors and data resources is not
-    # valid. A trail can have up to 5 event selectors. A trail is limited to
-    # 250 data resources. These data resources can be distributed across
-    # event selectors, but the overall total cannot exceed 250.
+    # called with a number of event selectors, advanced event selectors, or
+    # data resources that is not valid. The combination of event selectors
+    # or advanced event selectors and data resources is not valid. A trail
+    # can have up to 5 event selectors. If a trail uses advanced event
+    # selectors, a maximum of 500 total values for all conditions in all
+    # advanced event selectors is allowed. A trail is limited to 250 data
+    # resources. These data resources can be distributed across event
+    # selectors, but the overall total cannot exceed 250.
     #
     # You can:
     #
@@ -1110,6 +1334,9 @@ module Aws::CloudTrail
     #   allowed only if the total number of data resources does not exceed
     #   250 across all event selectors for a trail.
     #
+    # * Specify up to 500 values for all conditions in all advanced event
+    #   selectors for a trail.
+    #
     # * Specify a valid value for a parameter. For example, specifying the
     #   `ReadWriteType` parameter with a value of `read-only` is invalid.
     #
@@ -1240,8 +1467,10 @@ module Aws::CloudTrail
     #
     class KmsKeyDisabledException < Aws::EmptyStructure; end
 
-    # This exception is thrown when the KMS key does not exist, or when the
-    # S3 bucket and the KMS key are not in the same region.
+    # This exception is thrown when the KMS key does not exist, when the S3
+    # bucket and the KMS key are not in the same region, or when the KMS key
+    # associated with the SNS topic either does not exist or is not in the
+    # same region.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyNotFoundException AWS API Documentation
     #
@@ -1609,7 +1838,7 @@ module Aws::CloudTrail
     #
     #       {
     #         trail_name: "String", # required
-    #         event_selectors: [ # required
+    #         event_selectors: [
     #           {
     #             read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
     #             include_management_events: false,
@@ -1622,6 +1851,22 @@ module Aws::CloudTrail
     #             exclude_management_event_sources: ["String"],
     #           },
     #         ],
+    #         advanced_event_selectors: [
+    #           {
+    #             name: "SelectorName",
+    #             field_selectors: [ # required
+    #               {
+    #                 field: "SelectorField", # required
+    #                 equals: ["OperatorValue"],
+    #                 starts_with: ["OperatorValue"],
+    #                 ends_with: ["OperatorValue"],
+    #                 not_equals: ["OperatorValue"],
+    #                 not_starts_with: ["OperatorValue"],
+    #                 not_ends_with: ["OperatorValue"],
+    #               },
+    #             ],
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] trail_name
@@ -1647,14 +1892,35 @@ module Aws::CloudTrail
     #
     # @!attribute [rw] event_selectors
     #   Specifies the settings for your event selectors. You can configure
-    #   up to five event selectors for a trail.
+    #   up to five event selectors for a trail. You can use either
+    #   `EventSelectors` or `AdvancedEventSelectors` in a
+    #   `PutEventSelectors` request, but not both. If you apply
+    #   `EventSelectors` to a trail, any existing `AdvancedEventSelectors`
+    #   are overwritten.
     #   @return [Array<Types::EventSelector>]
     #
+    # @!attribute [rw] advanced_event_selectors
+    #   Specifies the settings for advanced event selectors. You can add
+    #   advanced event selectors, and conditions for your advanced event
+    #   selectors, up to a maximum of 500 values for all conditions and
+    #   selectors on a trail. You can use either `AdvancedEventSelectors` or
+    #   `EventSelectors`, but not both. If you apply
+    #   `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
+    #   are overwritten. For more information about advanced event
+    #   selectors, see [Logging data events for trails][1] in the *AWS
+    #   CloudTrail User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+    #   @return [Array<Types::AdvancedEventSelector>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsRequest AWS API Documentation
     #
     class PutEventSelectorsRequest < Struct.new(
       :trail_name,
-      :event_selectors)
+      :event_selectors,
+      :advanced_event_selectors)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1670,11 +1936,16 @@ module Aws::CloudTrail
     #   Specifies the event selectors configured for your trail.
     #   @return [Array<Types::EventSelector>]
     #
+    # @!attribute [rw] advanced_event_selectors
+    #   Specifies the advanced event selectors configured for your trail.
+    #   @return [Array<Types::AdvancedEventSelector>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsResponse AWS API Documentation
     #
     class PutEventSelectorsResponse < Struct.new(
       :trail_arn,
-      :event_selectors)
+      :event_selectors,
+      :advanced_event_selectors)
       SENSITIVE = []
       include Aws::Structure
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudtrail
 version: !ruby/object:Gem::Version
-  version: 1.28.0
+  version: 1.33.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-15 00:00:00.000000000 Z
+date: 2021-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement