aws-sdk-cloudtrail 1.30.0 → 1.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 60b8c1effd0a3fa2af94daaaec0d61839a32804e915af6558ce4ac9d3efe9421
-  data.tar.gz: edae4a6d5773ff73315edd7d935d50f964a5d39dc5f38baf0631c20b054f4942
+  metadata.gz: 25be88c90838214f5ca6f378cb0a13c3796aa4effa66ca1afe18145cf027251d
+  data.tar.gz: a75129e0264fed092634dd95f9fd759570072bc64ee8b0565549ae199de8f69e
 SHA512:
-  metadata.gz: 8c6b1f56809811b24c18ff283f48c4cb6a1cade669cb854883ba78abbb5c5797902e0715131acba2d480ec0eacbdeb96de2fd395eee417f702a4ab88fa4e8d83
-  data.tar.gz: 0e344c658117fc5edb0ac7419ac17f35419d40cb03cce07872ec8a73d3aed6d2e1051148d6b95f7f19dbd6c5a7bd74363bc9ed648168544424ee419f8e97aeb5
+  metadata.gz: 3d6eebd327cec31f0f72e218c1558d2f9efaad2006ce88bbc7d94f49b9ee42000093f927d114ad7d209d38ef6badf7d708e5dbb17748c5b19928ead67fbac4ce
+  data.tar.gz: a0e7cef97b036feee7949bbb063cb95308f275e57ecfaba28997aa42b7980cfcf6feaffb12e14f5c3185a3fa158e18ec983eac5bc0ae4d299dbb4d4a120a8f3d

data/lib/aws-sdk-cloudtrail.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cloudtrail/customizations'
 # @!group service
 module Aws::CloudTrail
 
-  GEM_VERSION = '1.30.0'
+  GEM_VERSION = '1.31.0'
 
 end

data/lib/aws-sdk-cloudtrail/client.rb

@@ -1169,16 +1169,17 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
-    # Configures an event selector for your trail. Use event selectors to
-    # further specify the management and data event settings for your trail.
-    # By default, trails created without specific event selectors will be
-    # configured to log all read and write management events, and no data
-    # events.
+    # Configures an event selector or advanced event selectors for your
+    # trail. Use event selectors or advanced event selectors to specify
+    # management and data event settings for your trail. By default, trails
+    # created without specific event selectors are configured to log all
+    # read and write management events, and no data events.
     #
     # When an event occurs in your account, CloudTrail evaluates the event
-    # selectors in all trails. For each trail, if the event matches any
-    # event selector, the trail processes and logs the event. If the event
-    # doesn't match any event selector, the trail doesn't log the event.
+    # selectors or advanced event selectors in all trails. For each trail,
+    # if the event matches any event selector, the trail processes and logs
+    # the event. If the event doesn't match any event selector, the trail
+    # doesn't log the event.
     #
     # Example
     #
@@ -1194,21 +1195,30 @@ module Aws::CloudTrail
     # 4.  The `RunInstances` is a write-only event and it matches your event
     #     selector. The trail logs the event.
     #
-    # 5.  The `GetConsoleOutput` is a read-only event but it doesn't match
+    # 5.  The `GetConsoleOutput` is a read-only event that doesn't match
     #     your event selector. The trail doesn't log the event.
     #
     # The `PutEventSelectors` operation must be called from the region in
     # which the trail was created; otherwise, an
-    # `InvalidHomeRegionException` is thrown.
+    # `InvalidHomeRegionException` exception is thrown.
     #
     # You can configure up to five event selectors for each trail. For more
-    # information, see [Logging Data and Management Events for Trails ][1]
-    # and [Limits in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
+    # information, see [Logging data and management events for trails ][1]
+    # and [Quotas in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
+    #
+    # You can add advanced event selectors, and conditions for your advanced
+    # event selectors, up to a maximum of 500 values for all conditions and
+    # selectors on a trail. You can use either `AdvancedEventSelectors` or
+    # `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
+    # to a trail, any existing `EventSelectors` are overwritten. For more
+    # information about advanced event selectors, see [Logging data events
+    # for trails][3] in the *AWS CloudTrail User Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
     # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
+    # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
     # @option params [required, String] :trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
@@ -1232,9 +1242,24 @@ module Aws::CloudTrail
     #
     # @option params [Array<Types::EventSelector>] :event_selectors
     #   Specifies the settings for your event selectors. You can configure up
-    #   to five event selectors for a trail.
+    #   to five event selectors for a trail. You can use either
+    #   `EventSelectors` or `AdvancedEventSelectors` in a `PutEventSelectors`
+    #   request, but not both. If you apply `EventSelectors` to a trail, any
+    #   existing `AdvancedEventSelectors` are overwritten.
     #
     # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
+    #   Specifies the settings for advanced event selectors. You can add
+    #   advanced event selectors, and conditions for your advanced event
+    #   selectors, up to a maximum of 500 values for all conditions and
+    #   selectors on a trail. You can use either `AdvancedEventSelectors` or
+    #   `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
+    #   to a trail, any existing `EventSelectors` are overwritten. For more
+    #   information about advanced event selectors, see [Logging data events
+    #   for trails][1] in the *AWS CloudTrail User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
     # @return [Types::PutEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1261,7 +1286,7 @@ module Aws::CloudTrail
     #     ],
     #     advanced_event_selectors: [
     #       {
-    #         name: "SelectorName", # required
+    #         name: "SelectorName",
     #         field_selectors: [ # required
     #           {
     #             field: "SelectorField", # required
@@ -1645,7 +1670,7 @@ module Aws::CloudTrail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudtrail'
-      context[:gem_version] = '1.30.0'
+      context[:gem_version] = '1.31.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudtrail/client_api.rb

@@ -23,6 +23,7 @@ module Aws::CloudTrail
     ByteBuffer = Shapes::BlobShape.new(name: 'ByteBuffer')
     CloudTrailARNInvalidException = Shapes::StructureShape.new(name: 'CloudTrailARNInvalidException')
     CloudTrailAccessNotEnabledException = Shapes::StructureShape.new(name: 'CloudTrailAccessNotEnabledException')
+    CloudTrailInvalidClientTokenIdException = Shapes::StructureShape.new(name: 'CloudTrailInvalidClientTokenIdException')
     CloudWatchLogsDeliveryUnavailableException = Shapes::StructureShape.new(name: 'CloudWatchLogsDeliveryUnavailableException')
     CreateTrailRequest = Shapes::StructureShape.new(name: 'CreateTrailRequest')
     CreateTrailResponse = Shapes::StructureShape.new(name: 'CreateTrailResponse')
@@ -142,7 +143,7 @@ module Aws::CloudTrail
 
     AddTagsResponse.struct_class = Types::AddTagsResponse
 
-    AdvancedEventSelector.add_member(:name, Shapes::ShapeRef.new(shape: SelectorName, required: true, location_name: "Name"))
+    AdvancedEventSelector.add_member(:name, Shapes::ShapeRef.new(shape: SelectorName, location_name: "Name"))
     AdvancedEventSelector.add_member(:field_selectors, Shapes::ShapeRef.new(shape: AdvancedFieldSelectors, required: true, location_name: "FieldSelectors"))
     AdvancedEventSelector.struct_class = Types::AdvancedEventSelector
 
@@ -163,6 +164,8 @@ module Aws::CloudTrail
 
     CloudTrailAccessNotEnabledException.struct_class = Types::CloudTrailAccessNotEnabledException
 
+    CloudTrailInvalidClientTokenIdException.struct_class = Types::CloudTrailInvalidClientTokenIdException
+
     CloudWatchLogsDeliveryUnavailableException.struct_class = Types::CloudWatchLogsDeliveryUnavailableException
 
     CreateTrailRequest.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Name"))
@@ -595,6 +598,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailInvalidClientTokenIdException)
       end)
 
       api.add_operation(:delete_trail, Seahorse::Model::Operation.new.tap do |o|
@@ -857,6 +861,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
         o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
         o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailInvalidClientTokenIdException)
       end)
     end
 

data/lib/aws-sdk-cloudtrail/errors.rb

@@ -29,6 +29,7 @@ module Aws::CloudTrail
   # ## Error Classes
   # * {CloudTrailARNInvalidException}
   # * {CloudTrailAccessNotEnabledException}
+  # * {CloudTrailInvalidClientTokenIdException}
   # * {CloudWatchLogsDeliveryUnavailableException}
   # * {InsightNotEnabledException}
   # * {InsufficientDependencyServiceAccessPermissionException}
@@ -96,6 +97,16 @@ module Aws::CloudTrail
       end
     end
 
+    class CloudTrailInvalidClientTokenIdException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::CloudTrailInvalidClientTokenIdException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class CloudWatchLogsDeliveryUnavailableException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cloudtrail/types.rb

@@ -52,11 +52,36 @@ module Aws::CloudTrail
     #
     class AddTagsResponse < Aws::EmptyStructure; end
 
+    # Advanced event selectors let you create fine-grained selectors for the
+    # following AWS CloudTrail event record fields. They help you control
+    # costs by logging only those events that are important to you. For more
+    # information about advanced event selectors, see [Logging data events
+    # for trails][1] in the *AWS CloudTrail User Guide*.
+    #
+    # * `readOnly`
+    #
+    # * `eventSource`
+    #
+    # * `eventName`
+    #
+    # * `eventCategory`
+    #
+    # * `resources.type`
+    #
+    # * `resources.ARN`
+    #
+    # You cannot apply both event selectors and advanced event selectors to
+    # a trail.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
+    #
     # @note When making an API call, you may pass AdvancedEventSelector
     #   data as a hash:
     #
     #       {
-    #         name: "SelectorName", # required
+    #         name: "SelectorName",
     #         field_selectors: [ # required
     #           {
     #             field: "SelectorField", # required
@@ -71,9 +96,12 @@ module Aws::CloudTrail
     #       }
     #
     # @!attribute [rw] name
+    #   An optional, descriptive name for an advanced event selector, such
+    #   as "Log data events for only two S3 buckets".
     #   @return [String]
     #
     # @!attribute [rw] field_selectors
+    #   Contains all selector statements in an advanced event selector.
     #   @return [Array<Types::AdvancedFieldSelector>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AdvancedEventSelector AWS API Documentation
@@ -85,6 +113,8 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # A single selector statement in an advanced event selector.
+    #
     # @note When making an API call, you may pass AdvancedFieldSelector
     #   data as a hash:
     #
@@ -99,24 +129,85 @@ module Aws::CloudTrail
     #       }
     #
     # @!attribute [rw] field
+    #   A field in an event record on which to filter events to be logged.
+    #   Supported fields include `readOnly`, `eventCategory`, `eventSource`
+    #   (for management events), `eventName`, `resources.type`, and
+    #   `resources.ARN`.
+    #
+    #   * <b> <code>readOnly</code> </b> - Optional. Can be set to `Equals`
+    #     a value of `true` or `false`. A value of `false` logs both `read`
+    #     and `write` events.
+    #
+    #   * <b> <code>eventSource</code> </b> - For filtering management
+    #     events only. This can be set only to `NotEquals`
+    #     `kms.amazonaws.com`.
+    #
+    #   * <b> <code>eventName</code> </b> - Can use any operator. You can
+    #     use it to filter in or filter out any data event logged to
+    #     CloudTrail, such as `PutBucket`. You can have multiple values for
+    #     this field, separated by commas.
+    #
+    #   * <b> <code>eventCategory</code> </b> - This is required. It must be
+    #     set to `Equals`, and the value must be `Management` or `Data`.
+    #
+    #   * <b> <code>resources.type</code> </b> - This field is required.
+    #     `resources.type` can only use the `Equals` operator, and the value
+    #     can be one of the following: `AWS::S3::Object` or
+    #     `AWS::Lambda::Function`. You can have only one `resources.type`
+    #     field per selector. To log data events on more than one resource
+    #     type, add another selector.
+    #
+    #   * <b> <code>resources.ARN</code> </b> - You can use any operator
+    #     with resources.ARN, but if you use `Equals` or `NotEquals`, the
+    #     value must exactly match the ARN of a valid resource of the type
+    #     you've specified in the template as the value of resources.type.
+    #     For example, if resources.type equals `AWS::S3::Object`, the ARN
+    #     must be in one of the following formats. The trailing slash is
+    #     intentional; do not exclude it.
+    #
+    #     * `arn:partition:s3:::bucket_name/`
+    #
+    #     * `arn:partition:s3:::bucket_name/object_or_file_name/`
+    #
+    #     When resources.type equals `AWS::Lambda::Function`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:partition:lambda:region:account_ID:function:function_name`
+    #
+    #     ^
     #   @return [String]
     #
     # @!attribute [rw] equals
+    #   An operator that includes events that match the exact value of the
+    #   event record field specified as the value of `Field`. This is the
+    #   only valid operator that you can use with the `readOnly`,
+    #   `eventCategory`, and `resources.type` fields.
     #   @return [Array<String>]
     #
     # @!attribute [rw] starts_with
+    #   An operator that includes events that match the first few characters
+    #   of the event record field specified as the value of `Field`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] ends_with
+    #   An operator that includes events that match the last few characters
+    #   of the event record field specified as the value of `Field`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] not_equals
+    #   An operator that excludes events that match the exact value of the
+    #   event record field specified as the value of `Field`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] not_starts_with
+    #   An operator that excludes events that match the first few characters
+    #   of the event record field specified as the value of `Field`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] not_ends_with
+    #   An operator that excludes events that match the last few characters
+    #   of the event record field specified as the value of `Field`.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AdvancedFieldSelector AWS API Documentation
@@ -156,6 +247,15 @@ module Aws::CloudTrail
     #
     class CloudTrailAccessNotEnabledException < Aws::EmptyStructure; end
 
+    # This exception is thrown when a call results in the
+    # `InvalidClientTokenId` error code. This can occur when you are
+    # creating or updating a trail to send notifications to an Amazon SNS
+    # topic that is in a suspended AWS account.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailInvalidClientTokenIdException AWS API Documentation
+    #
+    class CloudTrailInvalidClientTokenIdException < Aws::EmptyStructure; end
+
     # Cannot set a CloudWatch Logs delivery for this region.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudWatchLogsDeliveryUnavailableException AWS API Documentation
@@ -424,6 +524,10 @@ module Aws::CloudTrail
     # distributed between 1 and 5 event selectors, but the total cannot
     # exceed 250 across all selectors.
     #
+    #  If you are using advanced event selectors, the maximum total number of
+    # values for all conditions, across all advanced event selectors for the
+    # trail, is 500.
+    #
     #  </note>
     #
     # The following example demonstrates how logging works when you
@@ -707,6 +811,9 @@ module Aws::CloudTrail
     #
     # You can configure up to five event selectors for a trail.
     #
+    # You cannot apply both event selectors and advanced event selectors to
+    # a trail.
+    #
     # @note When making an API call, you may pass EventSelector
     #   data as a hash:
     #
@@ -833,6 +940,7 @@ module Aws::CloudTrail
     #   @return [Array<Types::EventSelector>]
     #
     # @!attribute [rw] advanced_event_selectors
+    #   The advanced event selectors that are configured for the trail.
     #   @return [Array<Types::AdvancedEventSelector>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectorsResponse AWS API Documentation
@@ -1185,11 +1293,14 @@ module Aws::CloudTrail
     class InvalidEventCategoryException < Aws::EmptyStructure; end
 
     # This exception is thrown when the `PutEventSelectors` operation is
-    # called with a number of event selectors or data resources that is not
-    # valid. The combination of event selectors and data resources is not
-    # valid. A trail can have up to 5 event selectors. A trail is limited to
-    # 250 data resources. These data resources can be distributed across
-    # event selectors, but the overall total cannot exceed 250.
+    # called with a number of event selectors, advanced event selectors, or
+    # data resources that is not valid. The combination of event selectors
+    # or advanced event selectors and data resources is not valid. A trail
+    # can have up to 5 event selectors. If a trail uses advanced event
+    # selectors, a maximum of 500 total values for all conditions in all
+    # advanced event selectors is allowed. A trail is limited to 250 data
+    # resources. These data resources can be distributed across event
+    # selectors, but the overall total cannot exceed 250.
     #
     # You can:
     #
@@ -1201,6 +1312,9 @@ module Aws::CloudTrail
     #   allowed only if the total number of data resources does not exceed
     #   250 across all event selectors for a trail.
     #
+    # * Specify up to 500 values for all conditions in all advanced event
+    #   selectors for a trail.
+    #
     # * Specify a valid value for a parameter. For example, specifying the
     #   `ReadWriteType` parameter with a value of `read-only` is invalid.
     #
@@ -1717,7 +1831,7 @@ module Aws::CloudTrail
     #         ],
     #         advanced_event_selectors: [
     #           {
-    #             name: "SelectorName", # required
+    #             name: "SelectorName",
     #             field_selectors: [ # required
     #               {
     #                 field: "SelectorField", # required
@@ -1756,10 +1870,27 @@ module Aws::CloudTrail
     #
     # @!attribute [rw] event_selectors
     #   Specifies the settings for your event selectors. You can configure
-    #   up to five event selectors for a trail.
+    #   up to five event selectors for a trail. You can use either
+    #   `EventSelectors` or `AdvancedEventSelectors` in a
+    #   `PutEventSelectors` request, but not both. If you apply
+    #   `EventSelectors` to a trail, any existing `AdvancedEventSelectors`
+    #   are overwritten.
     #   @return [Array<Types::EventSelector>]
     #
     # @!attribute [rw] advanced_event_selectors
+    #   Specifies the settings for advanced event selectors. You can add
+    #   advanced event selectors, and conditions for your advanced event
+    #   selectors, up to a maximum of 500 values for all conditions and
+    #   selectors on a trail. You can use either `AdvancedEventSelectors` or
+    #   `EventSelectors`, but not both. If you apply
+    #   `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
+    #   are overwritten. For more information about advanced event
+    #   selectors, see [Logging data events for trails][1] in the *AWS
+    #   CloudTrail User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #   @return [Array<Types::AdvancedEventSelector>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsRequest AWS API Documentation
@@ -1784,6 +1915,7 @@ module Aws::CloudTrail
     #   @return [Array<Types::EventSelector>]
     #
     # @!attribute [rw] advanced_event_selectors
+    #   Specifies the advanced event selectors configured for your trail.
     #   @return [Array<Types::AdvancedEventSelector>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsResponse AWS API Documentation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudtrail
 version: !ruby/object:Gem::Version
-  version: 1.30.0
+  version: 1.31.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-24 00:00:00.000000000 Z
+date: 2020-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core