aws-sdk-cloudtrail 1.34.0 → 1.38.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudtrail/client.rb +90 -71
- data/lib/aws-sdk-cloudtrail/customizations.rb +1 -1
- data/lib/aws-sdk-cloudtrail/types.rb +256 -172
- data/lib/aws-sdk-cloudtrail.rb +1 -1
- metadata +8 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a7bee867497989e2495c469e8c8b443d5028c4f5335fbc49f7955a93c475106
|
4
|
+
data.tar.gz: 77964918e38d9a5956cf335babf402f8bfc8bb70a9e41bcdd4f9bf4fd8c1aec4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c84587d519bd3622971bb590b7b04b302387b64193c911ccf52753926dc38de0515f7383afe9ac4aa331ac0cb78f388cc6a8e36da93856eb105178cf6b32e0db
|
7
|
+
data.tar.gz: ba8a7e97a35a774d88e6e8417ca3bfe1bd00447497da8512b8a6be9b8e8db9b49992c3a42409a9c0697f4a2784e09d8757a57e7889283d7e07a339428c36ecbc
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.38.0 (2021-09-01)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Documentation updates for CloudTrail
|
8
|
+
|
9
|
+
1.37.0 (2021-07-30)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.36.0 (2021-07-28)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.35.0 (2021-06-04)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - AWS CloudTrail supports data events on new service resources, including Amazon DynamoDB tables and S3 Object Lambda access points.
|
23
|
+
|
4
24
|
1.34.0 (2021-03-10)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.38.0
|
@@ -342,9 +342,9 @@ module Aws::CloudTrail
|
|
342
342
|
# tag key. Tag key names must be unique for a trail; you cannot have two
|
343
343
|
# keys with the same name but different values. If you specify a key
|
344
344
|
# without a value, the tag will be created with the specified key and a
|
345
|
-
# value of null. You can tag a trail that applies to all
|
346
|
-
# only from the Region in which the trail was created
|
347
|
-
# home region).
|
345
|
+
# value of null. You can tag a trail that applies to all Amazon Web
|
346
|
+
# Services Regions only from the Region in which the trail was created
|
347
|
+
# (also known as its home region).
|
348
348
|
#
|
349
349
|
# @option params [required, String] :resource_id
|
350
350
|
# Specifies the ARN of the trail to which one or more tags will be
|
@@ -353,7 +353,7 @@ module Aws::CloudTrail
|
|
353
353
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
354
354
|
#
|
355
355
|
# @option params [Array<Types::Tag>] :tags_list
|
356
|
-
# Contains a list of
|
356
|
+
# Contains a list of tags, up to a limit of 50
|
357
357
|
#
|
358
358
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
359
359
|
#
|
@@ -393,7 +393,7 @@ module Aws::CloudTrail
|
|
393
393
|
# * Be between 3 and 128 characters
|
394
394
|
#
|
395
395
|
# * Have no adjacent periods, underscores or dashes. Names like
|
396
|
-
# `my-_namespace` and `my--namespace` are
|
396
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
397
397
|
#
|
398
398
|
# * Not be in IP address format (for example, 192.168.5.4)
|
399
399
|
#
|
@@ -434,7 +434,7 @@ module Aws::CloudTrail
|
|
434
434
|
# default is false.
|
435
435
|
#
|
436
436
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
437
|
-
# files is broken after one hour. CloudTrail
|
437
|
+
# files is broken after one hour. CloudTrail does not create digest
|
438
438
|
# files for log files that were delivered during a period in which log
|
439
439
|
# file integrity validation was disabled. For example, if you enable log
|
440
440
|
# file integrity validation at noon on January 1, disable it at noon on
|
@@ -449,7 +449,7 @@ module Aws::CloudTrail
|
|
449
449
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
450
450
|
# unique identifier that represents the log group to which CloudTrail
|
451
451
|
# logs will be delivered. Not required unless you specify
|
452
|
-
# CloudWatchLogsRoleArn
|
452
|
+
# `CloudWatchLogsRoleArn`.
|
453
453
|
#
|
454
454
|
# @option params [String] :cloud_watch_logs_role_arn
|
455
455
|
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
@@ -461,6 +461,10 @@ module Aws::CloudTrail
|
|
461
461
|
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
462
462
|
# globally unique identifier.
|
463
463
|
#
|
464
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
465
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the *Key
|
466
|
+
# Management Service Developer Guide*.
|
467
|
+
#
|
464
468
|
# Examples:
|
465
469
|
#
|
466
470
|
# * alias/MyAliasName
|
@@ -471,12 +475,16 @@ module Aws::CloudTrail
|
|
471
475
|
#
|
472
476
|
# * 12345678-1234-1234-1234-123456789012
|
473
477
|
#
|
478
|
+
#
|
479
|
+
#
|
480
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
481
|
+
#
|
474
482
|
# @option params [Boolean] :is_organization_trail
|
475
483
|
# Specifies whether the trail is created for all accounts in an
|
476
|
-
# organization in
|
477
|
-
# account. The default is false, and cannot be true unless the
|
478
|
-
# made on behalf of an
|
479
|
-
# organization in
|
484
|
+
# organization in Organizations, or only for the current Amazon Web
|
485
|
+
# Services account. The default is false, and cannot be true unless the
|
486
|
+
# call is made on behalf of an Amazon Web Services account that is the
|
487
|
+
# management account for an organization in Organizations.
|
480
488
|
#
|
481
489
|
# @option params [Array<Types::Tag>] :tags_list
|
482
490
|
# A list of tags.
|
@@ -551,7 +559,7 @@ module Aws::CloudTrail
|
|
551
559
|
#
|
552
560
|
# @option params [required, String] :name
|
553
561
|
# Specifies the name or the CloudTrail ARN of the trail to be deleted.
|
554
|
-
# The format of a trail ARN
|
562
|
+
# The following is the format of a trail ARN.
|
555
563
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
556
564
|
#
|
557
565
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
@@ -655,11 +663,11 @@ module Aws::CloudTrail
|
|
655
663
|
#
|
656
664
|
# * If your event selector includes management events.
|
657
665
|
#
|
658
|
-
# * If your event selector includes data events, the
|
659
|
-
#
|
666
|
+
# * If your event selector includes data events, the resources on which
|
667
|
+
# you are logging data events.
|
660
668
|
#
|
661
669
|
# For more information, see [Logging Data and Management Events for
|
662
|
-
# Trails ][1] in the *
|
670
|
+
# Trails ][1] in the *CloudTrail User Guide*.
|
663
671
|
#
|
664
672
|
#
|
665
673
|
#
|
@@ -743,7 +751,7 @@ module Aws::CloudTrail
|
|
743
751
|
# exception `InsightNotEnabledException`
|
744
752
|
#
|
745
753
|
# For more information, see [Logging CloudTrail Insights Events for
|
746
|
-
# Trails ][1] in the *
|
754
|
+
# Trails ][1] in the *CloudTrail User Guide*.
|
747
755
|
#
|
748
756
|
#
|
749
757
|
#
|
@@ -850,7 +858,7 @@ module Aws::CloudTrail
|
|
850
858
|
# Specifies the name or the CloudTrail ARN of the trail for which you
|
851
859
|
# are requesting status. To get the status of a shadow trail (a
|
852
860
|
# replication of the trail in another region), you must specify its ARN.
|
853
|
-
# The format of a trail ARN
|
861
|
+
# The following is the format of a trail ARN.
|
854
862
|
#
|
855
863
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
856
864
|
#
|
@@ -914,10 +922,10 @@ module Aws::CloudTrail
|
|
914
922
|
# to validate digest files that were signed with its corresponding
|
915
923
|
# private key.
|
916
924
|
#
|
917
|
-
# <note markdown="1"> CloudTrail uses different private
|
918
|
-
# digest file is signed with a private key unique to its region.
|
919
|
-
#
|
920
|
-
#
|
925
|
+
# <note markdown="1"> CloudTrail uses different private and public key pairs per region.
|
926
|
+
# Each digest file is signed with a private key unique to its region.
|
927
|
+
# When you validate a digest file from a specific region, you must look
|
928
|
+
# in the same region for its corresponding public key.
|
921
929
|
#
|
922
930
|
# </note>
|
923
931
|
#
|
@@ -971,7 +979,7 @@ module Aws::CloudTrail
|
|
971
979
|
#
|
972
980
|
# @option params [required, Array<String>] :resource_id_list
|
973
981
|
# Specifies a list of trail ARNs whose tags will be listed. The list has
|
974
|
-
# a limit of 20 ARNs. The format of a trail ARN
|
982
|
+
# a limit of 20 ARNs. The following is the format of a trail ARN.
|
975
983
|
#
|
976
984
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
977
985
|
#
|
@@ -1054,7 +1062,7 @@ module Aws::CloudTrail
|
|
1054
1062
|
# in a region within the last 90 days. Lookup supports the following
|
1055
1063
|
# attributes for management events:
|
1056
1064
|
#
|
1057
|
-
# *
|
1065
|
+
# * Amazon Web Services access key
|
1058
1066
|
#
|
1059
1067
|
# * Event ID
|
1060
1068
|
#
|
@@ -1204,7 +1212,7 @@ module Aws::CloudTrail
|
|
1204
1212
|
#
|
1205
1213
|
# You can configure up to five event selectors for each trail. For more
|
1206
1214
|
# information, see [Logging data and management events for trails ][1]
|
1207
|
-
# and [Quotas in
|
1215
|
+
# and [Quotas in CloudTrail][2] in the *CloudTrail User Guide*.
|
1208
1216
|
#
|
1209
1217
|
# You can add advanced event selectors, and conditions for your advanced
|
1210
1218
|
# event selectors, up to a maximum of 500 values for all conditions and
|
@@ -1212,7 +1220,7 @@ module Aws::CloudTrail
|
|
1212
1220
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
1213
1221
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
1214
1222
|
# information about advanced event selectors, see [Logging data events
|
1215
|
-
# for trails][3] in the *
|
1223
|
+
# for trails][3] in the *CloudTrail User Guide*.
|
1216
1224
|
#
|
1217
1225
|
#
|
1218
1226
|
#
|
@@ -1232,11 +1240,11 @@ module Aws::CloudTrail
|
|
1232
1240
|
# * Be between 3 and 128 characters
|
1233
1241
|
#
|
1234
1242
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1235
|
-
# `my-_namespace` and `my--namespace` are
|
1243
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1236
1244
|
#
|
1237
1245
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1238
1246
|
#
|
1239
|
-
# If you specify a trail ARN, it must be in the format
|
1247
|
+
# If you specify a trail ARN, it must be in the following format.
|
1240
1248
|
#
|
1241
1249
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1242
1250
|
#
|
@@ -1255,7 +1263,7 @@ module Aws::CloudTrail
|
|
1255
1263
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
1256
1264
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
1257
1265
|
# information about advanced event selectors, see [Logging data events
|
1258
|
-
# for trails][1] in the *
|
1266
|
+
# for trails][1] in the *CloudTrail User Guide*.
|
1259
1267
|
#
|
1260
1268
|
#
|
1261
1269
|
#
|
@@ -1343,17 +1351,17 @@ module Aws::CloudTrail
|
|
1343
1351
|
# Lets you enable Insights event logging by specifying the Insights
|
1344
1352
|
# selectors that you want to enable on an existing trail. You also use
|
1345
1353
|
# `PutInsightSelectors` to turn off Insights event logging, by passing
|
1346
|
-
# an empty list of insight types.
|
1347
|
-
#
|
1354
|
+
# an empty list of insight types. The valid Insights event type in this
|
1355
|
+
# release is `ApiCallRateInsight`.
|
1348
1356
|
#
|
1349
1357
|
# @option params [required, String] :trail_name
|
1350
1358
|
# The name of the CloudTrail trail for which you want to change or add
|
1351
1359
|
# Insights selectors.
|
1352
1360
|
#
|
1353
1361
|
# @option params [required, Array<Types::InsightSelector>] :insight_selectors
|
1354
|
-
# A JSON string that contains the
|
1355
|
-
# trail.
|
1356
|
-
#
|
1362
|
+
# A JSON string that contains the Insights types that you want to log on
|
1363
|
+
# a trail. The valid Insights type in this release is
|
1364
|
+
# `ApiCallRateInsight`.
|
1357
1365
|
#
|
1358
1366
|
# @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1359
1367
|
#
|
@@ -1420,15 +1428,17 @@ module Aws::CloudTrail
|
|
1420
1428
|
req.send_request(options)
|
1421
1429
|
end
|
1422
1430
|
|
1423
|
-
# Starts the recording of
|
1424
|
-
# trail. For a trail that is enabled in all regions, this
|
1425
|
-
# be called from the region in which the trail was
|
1426
|
-
# operation cannot be called on the shadow trails
|
1427
|
-
# other regions) of a trail that is enabled in all
|
1431
|
+
# Starts the recording of Amazon Web Services API calls and log file
|
1432
|
+
# delivery for a trail. For a trail that is enabled in all regions, this
|
1433
|
+
# operation must be called from the region in which the trail was
|
1434
|
+
# created. This operation cannot be called on the shadow trails
|
1435
|
+
# (replicated trails in other regions) of a trail that is enabled in all
|
1436
|
+
# regions.
|
1428
1437
|
#
|
1429
1438
|
# @option params [required, String] :name
|
1430
1439
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
1431
|
-
# CloudTrail logs
|
1440
|
+
# CloudTrail logs Amazon Web Services API calls. The following is the
|
1441
|
+
# format of a trail ARN.
|
1432
1442
|
#
|
1433
1443
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1434
1444
|
#
|
@@ -1449,19 +1459,20 @@ module Aws::CloudTrail
|
|
1449
1459
|
req.send_request(options)
|
1450
1460
|
end
|
1451
1461
|
|
1452
|
-
# Suspends the recording of
|
1453
|
-
# specified trail. Under most circumstances, there is
|
1454
|
-
# this action. You can update a trail without stopping it
|
1455
|
-
# action is the only way to stop recording. For a trail
|
1456
|
-
# regions, this operation must be called from the region
|
1457
|
-
# trail was created, or an `InvalidHomeRegionException`
|
1458
|
-
# operation cannot be called on the shadow trails
|
1459
|
-
# other regions) of a trail enabled in all
|
1462
|
+
# Suspends the recording of Amazon Web Services API calls and log file
|
1463
|
+
# delivery for the specified trail. Under most circumstances, there is
|
1464
|
+
# no need to use this action. You can update a trail without stopping it
|
1465
|
+
# first. This action is the only way to stop recording. For a trail
|
1466
|
+
# enabled in all regions, this operation must be called from the region
|
1467
|
+
# in which the trail was created, or an `InvalidHomeRegionException`
|
1468
|
+
# will occur. This operation cannot be called on the shadow trails
|
1469
|
+
# (replicated trails in other regions) of a trail enabled in all
|
1470
|
+
# regions.
|
1460
1471
|
#
|
1461
1472
|
# @option params [required, String] :name
|
1462
1473
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
1463
|
-
# CloudTrail will stop logging
|
1464
|
-
# is
|
1474
|
+
# CloudTrail will stop logging Amazon Web Services API calls. The
|
1475
|
+
# following is the format of a trail ARN.
|
1465
1476
|
#
|
1466
1477
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1467
1478
|
#
|
@@ -1482,13 +1493,13 @@ module Aws::CloudTrail
|
|
1482
1493
|
req.send_request(options)
|
1483
1494
|
end
|
1484
1495
|
|
1485
|
-
# Updates
|
1486
|
-
#
|
1487
|
-
#
|
1488
|
-
# bucket
|
1489
|
-
#
|
1490
|
-
# region in which the trail was
|
1491
|
-
# `InvalidHomeRegionException` is thrown.
|
1496
|
+
# Updates trail settings that control what events you are logging, and
|
1497
|
+
# how to handle log files. Changes to a trail do not require stopping
|
1498
|
+
# the CloudTrail service. Use this action to designate an existing
|
1499
|
+
# bucket for log delivery. If the existing bucket has previously been a
|
1500
|
+
# target for CloudTrail log files, an IAM policy exists for the bucket.
|
1501
|
+
# `UpdateTrail` must be called from the region in which the trail was
|
1502
|
+
# created; otherwise, an `InvalidHomeRegionException` is thrown.
|
1492
1503
|
#
|
1493
1504
|
# @option params [required, String] :name
|
1494
1505
|
# Specifies the name of the trail or trail ARN. If `Name` is a trail
|
@@ -1502,11 +1513,11 @@ module Aws::CloudTrail
|
|
1502
1513
|
# * Be between 3 and 128 characters
|
1503
1514
|
#
|
1504
1515
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1505
|
-
# `my-_namespace` and `my--namespace` are
|
1516
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1506
1517
|
#
|
1507
1518
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1508
1519
|
#
|
1509
|
-
# If `Name` is a trail ARN, it must be in the format
|
1520
|
+
# If `Name` is a trail ARN, it must be in the following format.
|
1510
1521
|
#
|
1511
1522
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1512
1523
|
#
|
@@ -1551,7 +1562,7 @@ module Aws::CloudTrail
|
|
1551
1562
|
# false.
|
1552
1563
|
#
|
1553
1564
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
1554
|
-
# files is broken after one hour. CloudTrail
|
1565
|
+
# files is broken after one hour. CloudTrail does not create digest
|
1555
1566
|
# files for log files that were delivered during a period in which log
|
1556
1567
|
# file integrity validation was disabled. For example, if you enable log
|
1557
1568
|
# file integrity validation at noon on January 1, disable it at noon on
|
@@ -1565,8 +1576,8 @@ module Aws::CloudTrail
|
|
1565
1576
|
# @option params [String] :cloud_watch_logs_log_group_arn
|
1566
1577
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
1567
1578
|
# unique identifier that represents the log group to which CloudTrail
|
1568
|
-
# logs
|
1569
|
-
# CloudWatchLogsRoleArn
|
1579
|
+
# logs are delivered. Not required unless you specify
|
1580
|
+
# `CloudWatchLogsRoleArn`.
|
1570
1581
|
#
|
1571
1582
|
# @option params [String] :cloud_watch_logs_role_arn
|
1572
1583
|
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
@@ -1578,6 +1589,10 @@ module Aws::CloudTrail
|
|
1578
1589
|
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
1579
1590
|
# globally unique identifier.
|
1580
1591
|
#
|
1592
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
1593
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the *Key
|
1594
|
+
# Management Service Developer Guide*.
|
1595
|
+
#
|
1581
1596
|
# Examples:
|
1582
1597
|
#
|
1583
1598
|
# * alias/MyAliasName
|
@@ -1588,17 +1603,21 @@ module Aws::CloudTrail
|
|
1588
1603
|
#
|
1589
1604
|
# * 12345678-1234-1234-1234-123456789012
|
1590
1605
|
#
|
1606
|
+
#
|
1607
|
+
#
|
1608
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
1609
|
+
#
|
1591
1610
|
# @option params [Boolean] :is_organization_trail
|
1592
1611
|
# Specifies whether the trail is applied to all accounts in an
|
1593
|
-
# organization in
|
1594
|
-
# account. The default is false, and cannot be true unless the
|
1595
|
-
# made on behalf of an
|
1596
|
-
# organization in
|
1597
|
-
# trail and this is set to true
|
1598
|
-
#
|
1599
|
-
# organization
|
1600
|
-
# the
|
1601
|
-
# organization.
|
1612
|
+
# organization in Organizations, or only for the current Amazon Web
|
1613
|
+
# Services account. The default is false, and cannot be true unless the
|
1614
|
+
# call is made on behalf of an Amazon Web Services account that is the
|
1615
|
+
# management account for an organization in Organizations. If the trail
|
1616
|
+
# is not an organization trail and this is set to `true`, the trail will
|
1617
|
+
# be created in all Amazon Web Services accounts that belong to the
|
1618
|
+
# organization. If the trail is an organization trail and this is set to
|
1619
|
+
# `false`, the trail will remain in the current Amazon Web Services
|
1620
|
+
# account but be deleted from all member accounts in the organization.
|
1602
1621
|
#
|
1603
1622
|
# @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1604
1623
|
#
|
@@ -1670,7 +1689,7 @@ module Aws::CloudTrail
|
|
1670
1689
|
params: params,
|
1671
1690
|
config: config)
|
1672
1691
|
context[:gem_name] = 'aws-sdk-cloudtrail'
|
1673
|
-
context[:gem_version] = '1.
|
1692
|
+
context[:gem_version] = '1.38.0'
|
1674
1693
|
Seahorse::Client::Request.new(handlers, context)
|
1675
1694
|
end
|
1676
1695
|
|
@@ -2,7 +2,7 @@
|
|
2
2
|
# WARNING ABOUT GENERATED CODE
|
3
3
|
#
|
4
4
|
# This file is generated. See the contributing for info on making contributions:
|
5
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
5
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
6
6
|
#
|
7
7
|
# WARNING ABOUT GENERATED CODE
|
8
8
|
|
@@ -33,7 +33,7 @@ module Aws::CloudTrail
|
|
33
33
|
# @return [String]
|
34
34
|
#
|
35
35
|
# @!attribute [rw] tags_list
|
36
|
-
# Contains a list of
|
36
|
+
# Contains a list of tags, up to a limit of 50
|
37
37
|
# @return [Array<Types::Tag>]
|
38
38
|
#
|
39
39
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AddTagsRequest AWS API Documentation
|
@@ -45,18 +45,18 @@ module Aws::CloudTrail
|
|
45
45
|
include Aws::Structure
|
46
46
|
end
|
47
47
|
|
48
|
-
# Returns the objects or data
|
49
|
-
#
|
48
|
+
# Returns the objects or data if successful. Otherwise, returns an
|
49
|
+
# error.
|
50
50
|
#
|
51
51
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AddTagsResponse AWS API Documentation
|
52
52
|
#
|
53
53
|
class AddTagsResponse < Aws::EmptyStructure; end
|
54
54
|
|
55
55
|
# Advanced event selectors let you create fine-grained selectors for the
|
56
|
-
# following
|
57
|
-
#
|
56
|
+
# following CloudTrail event record fields. They help you control costs
|
57
|
+
# by logging only those events that are important to you. For more
|
58
58
|
# information about advanced event selectors, see [Logging data events
|
59
|
-
# for trails][1] in the *
|
59
|
+
# for trails][1] in the *CloudTrail User Guide*.
|
60
60
|
#
|
61
61
|
# * `readOnly`
|
62
62
|
#
|
@@ -144,8 +144,8 @@ module Aws::CloudTrail
|
|
144
144
|
#
|
145
145
|
# * <b> <code>eventName</code> </b> - Can use any operator. You can
|
146
146
|
# use it to filter in or filter out any data event logged to
|
147
|
-
# CloudTrail, such as `PutBucket`. You can
|
148
|
-
# this field, separated by commas.
|
147
|
+
# CloudTrail, such as `PutBucket` or `GetSnapshotBlock`. You can
|
148
|
+
# have multiple values for this field, separated by commas.
|
149
149
|
#
|
150
150
|
# * <b> <code>eventCategory</code> </b> - This is required. It must be
|
151
151
|
# set to `Equals`, and the value must be `Management` or `Data`.
|
@@ -153,8 +153,11 @@ module Aws::CloudTrail
|
|
153
153
|
# * <b> <code>resources.type</code> </b> - This field is required.
|
154
154
|
# `resources.type` can only use the `Equals` operator, and the value
|
155
155
|
# can be one of the following: `AWS::S3::Object`,
|
156
|
-
# `AWS::
|
157
|
-
#
|
156
|
+
# `AWS::S3::AccessPoint`, `AWS::Lambda::Function`,
|
157
|
+
# `AWS::DynamoDB::Table`, `AWS::S3Outposts::Object`,
|
158
|
+
# `AWS::ManagedBlockchain::Node`,
|
159
|
+
# `AWS::S3ObjectLambda::AccessPoint`, or `AWS::EC2::Snapshot`. You
|
160
|
+
# can have only one `resources.type` field per selector. To log data
|
158
161
|
# events on more than one resource type, add another selector.
|
159
162
|
#
|
160
163
|
# * <b> <code>resources.ARN</code> </b> - You can use any operator
|
@@ -162,18 +165,42 @@ module Aws::CloudTrail
|
|
162
165
|
# value must exactly match the ARN of a valid resource of the type
|
163
166
|
# you've specified in the template as the value of resources.type.
|
164
167
|
# For example, if resources.type equals `AWS::S3::Object`, the ARN
|
165
|
-
# must be in one of the following formats.
|
166
|
-
#
|
168
|
+
# must be in one of the following formats. To log all data events
|
169
|
+
# for all objects in a specific S3 bucket, use the `StartsWith`
|
170
|
+
# operator, and include only the bucket ARN as the matching value.
|
171
|
+
#
|
172
|
+
# The trailing slash is intentional; do not exclude it. Replace the
|
173
|
+
# text between less than and greater than symbols (<>) with
|
174
|
+
# resource-specific information.
|
175
|
+
#
|
176
|
+
# * `arn:<partition>:s3:::<bucket_name>/`
|
167
177
|
#
|
168
|
-
# * `arn
|
178
|
+
# * `arn:<partition>:s3:::<bucket_name>/<object_path>/`
|
169
179
|
#
|
170
|
-
#
|
180
|
+
# When `resources.type` equals `AWS::S3::AccessPoint`, and the
|
181
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
182
|
+
# of the following formats. To log events on all objects in an S3
|
183
|
+
# access point, we recommend that you use only the access point ARN,
|
184
|
+
# don’t include the object path, and use the `StartsWith` or
|
185
|
+
# `NotStartsWith` operators.
|
186
|
+
#
|
187
|
+
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
|
188
|
+
#
|
189
|
+
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
|
171
190
|
#
|
172
191
|
# When resources.type equals `AWS::Lambda::Function`, and the
|
173
192
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
174
193
|
# following format:
|
175
194
|
#
|
176
|
-
# * `arn
|
195
|
+
# * `arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`
|
196
|
+
#
|
197
|
+
# ^
|
198
|
+
#
|
199
|
+
# When resources.type equals `AWS::DynamoDB::Table`, and the
|
200
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
201
|
+
# following format:
|
202
|
+
#
|
203
|
+
# * `arn:<partition>:dynamodb:<region>:<account_ID>:table:<table_name>`
|
177
204
|
#
|
178
205
|
# ^
|
179
206
|
#
|
@@ -181,7 +208,31 @@ module Aws::CloudTrail
|
|
181
208
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
182
209
|
# following format:
|
183
210
|
#
|
184
|
-
# * `arn
|
211
|
+
# * `arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`
|
212
|
+
#
|
213
|
+
# ^
|
214
|
+
#
|
215
|
+
# When `resources.type` equals `AWS::ManagedBlockchain::Node`, and
|
216
|
+
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
217
|
+
# the following format:
|
218
|
+
#
|
219
|
+
# * `arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`
|
220
|
+
#
|
221
|
+
# ^
|
222
|
+
#
|
223
|
+
# When `resources.type` equals `AWS::S3ObjectLambda::AccessPoint`,
|
224
|
+
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
225
|
+
# be in the following format:
|
226
|
+
#
|
227
|
+
# * `arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`
|
228
|
+
#
|
229
|
+
# ^
|
230
|
+
#
|
231
|
+
# When `resources.type` equals `AWS::EC2::Snapshot`, and the
|
232
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
233
|
+
# following format:
|
234
|
+
#
|
235
|
+
# * `arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`
|
185
236
|
#
|
186
237
|
# ^
|
187
238
|
# @return [String]
|
@@ -232,8 +283,8 @@ module Aws::CloudTrail
|
|
232
283
|
include Aws::Structure
|
233
284
|
end
|
234
285
|
|
235
|
-
# This exception is thrown when an operation is called with
|
236
|
-
#
|
286
|
+
# This exception is thrown when an operation is called with a trail ARN
|
287
|
+
# that is not valid. The following is the format of a trail ARN.
|
237
288
|
#
|
238
289
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
239
290
|
#
|
@@ -242,9 +293,9 @@ module Aws::CloudTrail
|
|
242
293
|
class CloudTrailARNInvalidException < Aws::EmptyStructure; end
|
243
294
|
|
244
295
|
# This exception is thrown when trusted access has not been enabled
|
245
|
-
# between
|
246
|
-
#
|
247
|
-
# For Creating a Trail For Your Organization][2].
|
296
|
+
# between CloudTrail and Organizations. For more information, see
|
297
|
+
# [Enabling Trusted Access with Other Amazon Web Services Services][1]
|
298
|
+
# and [Prepare For Creating a Trail For Your Organization][2].
|
248
299
|
#
|
249
300
|
#
|
250
301
|
#
|
@@ -258,7 +309,7 @@ module Aws::CloudTrail
|
|
258
309
|
# This exception is thrown when a call results in the
|
259
310
|
# `InvalidClientTokenId` error code. This can occur when you are
|
260
311
|
# creating or updating a trail to send notifications to an Amazon SNS
|
261
|
-
# topic that is in a suspended
|
312
|
+
# topic that is in a suspended Amazon Web Services account.
|
262
313
|
#
|
263
314
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailInvalidClientTokenIdException AWS API Documentation
|
264
315
|
#
|
@@ -317,7 +368,7 @@ module Aws::CloudTrail
|
|
317
368
|
# * Be between 3 and 128 characters
|
318
369
|
#
|
319
370
|
# * Have no adjacent periods, underscores or dashes. Names like
|
320
|
-
# `my-_namespace` and `my--namespace` are
|
371
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
321
372
|
#
|
322
373
|
# * Not be in IP address format (for example, 192.168.5.4)
|
323
374
|
# @return [String]
|
@@ -364,7 +415,7 @@ module Aws::CloudTrail
|
|
364
415
|
# default is false.
|
365
416
|
#
|
366
417
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
367
|
-
# files is broken after one hour. CloudTrail
|
418
|
+
# files is broken after one hour. CloudTrail does not create digest
|
368
419
|
# files for log files that were delivered during a period in which log
|
369
420
|
# file integrity validation was disabled. For example, if you enable
|
370
421
|
# log file integrity validation at noon on January 1, disable it at
|
@@ -380,7 +431,7 @@ module Aws::CloudTrail
|
|
380
431
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
381
432
|
# unique identifier that represents the log group to which CloudTrail
|
382
433
|
# logs will be delivered. Not required unless you specify
|
383
|
-
# CloudWatchLogsRoleArn
|
434
|
+
# `CloudWatchLogsRoleArn`.
|
384
435
|
# @return [String]
|
385
436
|
#
|
386
437
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -394,6 +445,10 @@ module Aws::CloudTrail
|
|
394
445
|
# fully specified ARN to an alias, a fully specified ARN to a key, or
|
395
446
|
# a globally unique identifier.
|
396
447
|
#
|
448
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
449
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the
|
450
|
+
# *Key Management Service Developer Guide*.
|
451
|
+
#
|
397
452
|
# Examples:
|
398
453
|
#
|
399
454
|
# * alias/MyAliasName
|
@@ -403,14 +458,18 @@ module Aws::CloudTrail
|
|
403
458
|
# * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
|
404
459
|
#
|
405
460
|
# * 12345678-1234-1234-1234-123456789012
|
461
|
+
#
|
462
|
+
#
|
463
|
+
#
|
464
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
406
465
|
# @return [String]
|
407
466
|
#
|
408
467
|
# @!attribute [rw] is_organization_trail
|
409
468
|
# Specifies whether the trail is created for all accounts in an
|
410
|
-
# organization in
|
411
|
-
# account. The default is false, and cannot be true unless
|
412
|
-
# made on behalf of an
|
413
|
-
# organization in
|
469
|
+
# organization in Organizations, or only for the current Amazon Web
|
470
|
+
# Services account. The default is false, and cannot be true unless
|
471
|
+
# the call is made on behalf of an Amazon Web Services account that is
|
472
|
+
# the management account for an organization in Organizations.
|
414
473
|
# @return [Boolean]
|
415
474
|
#
|
416
475
|
# @!attribute [rw] tags_list
|
@@ -503,7 +562,7 @@ module Aws::CloudTrail
|
|
503
562
|
# @!attribute [rw] kms_key_id
|
504
563
|
# Specifies the KMS key ID that encrypts the logs delivered by
|
505
564
|
# CloudTrail. The value is a fully specified ARN to a KMS key in the
|
506
|
-
# format
|
565
|
+
# following format.
|
507
566
|
#
|
508
567
|
# `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
|
509
568
|
# @return [String]
|
@@ -532,11 +591,12 @@ module Aws::CloudTrail
|
|
532
591
|
include Aws::Structure
|
533
592
|
end
|
534
593
|
|
535
|
-
# The Amazon S3 buckets
|
536
|
-
# event selectors for your trail to log data
|
537
|
-
# information about the resource operations
|
538
|
-
# resource itself. These are also known as data
|
539
|
-
# can specify up to 250 data resources for a
|
594
|
+
# The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables
|
595
|
+
# that you specify in your event selectors for your trail to log data
|
596
|
+
# events. Data events provide information about the resource operations
|
597
|
+
# performed on or within a resource itself. These are also known as data
|
598
|
+
# plane operations. You can specify up to 250 data resources for a
|
599
|
+
# trail.
|
540
600
|
#
|
541
601
|
# <note markdown="1"> The total number of allowed data resources is 250. This number can be
|
542
602
|
# distributed between 1 and 5 event selectors, but the total cannot
|
@@ -569,22 +629,22 @@ module Aws::CloudTrail
|
|
569
629
|
# trail doesn’t log the event.
|
570
630
|
#
|
571
631
|
# The following example demonstrates how logging works when you
|
572
|
-
# configure logging of
|
573
|
-
#
|
632
|
+
# configure logging of Lambda data events for a Lambda function named
|
633
|
+
# *MyLambdaFunction*, but not for all Lambda functions.
|
574
634
|
#
|
575
635
|
# 1. A user runs a script that includes a call to the
|
576
636
|
# *MyLambdaFunction* function and the *MyOtherLambdaFunction*
|
577
637
|
# function.
|
578
638
|
#
|
579
|
-
# 2. The `Invoke` API operation on *MyLambdaFunction* is an
|
580
|
-
#
|
639
|
+
# 2. The `Invoke` API operation on *MyLambdaFunction* is an Lambda API.
|
640
|
+
# It is recorded as a data event in CloudTrail. Because the
|
581
641
|
# CloudTrail user specified logging data events for
|
582
642
|
# *MyLambdaFunction*, any invocations of that function are logged.
|
583
643
|
# The trail processes and logs the event.
|
584
644
|
#
|
585
|
-
# 3. The `Invoke` API operation on *MyOtherLambdaFunction* is an
|
586
|
-
#
|
587
|
-
#
|
645
|
+
# 3. The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda
|
646
|
+
# API. Because the CloudTrail user did not specify logging data
|
647
|
+
# events for all Lambda functions, the `Invoke` operation for
|
588
648
|
# *MyOtherLambdaFunction* does not match the function specified for
|
589
649
|
# the trail. The trail doesn’t log the event.
|
590
650
|
#
|
@@ -598,23 +658,27 @@ module Aws::CloudTrail
|
|
598
658
|
#
|
599
659
|
# @!attribute [rw] type
|
600
660
|
# The resource type in which you want to log data events. You can
|
601
|
-
# specify `AWS::S3::Object
|
661
|
+
# specify `AWS::S3::Object`, `AWS::Lambda::Function`, or
|
662
|
+
# `AWS::DynamoDB::Table` resources.
|
602
663
|
#
|
603
|
-
# The `AWS::S3Outposts::Object`
|
604
|
-
#
|
605
|
-
#
|
664
|
+
# The `AWS::S3Outposts::Object`, `AWS::ManagedBlockchain::Node`,
|
665
|
+
# `AWS::S3ObjectLambda::AccessPoint`, and `AWS::EC2::Snapshot`
|
666
|
+
# resource types are not valid in basic event selectors. To log data
|
667
|
+
# events on these resource types, use advanced event selectors.
|
606
668
|
# @return [String]
|
607
669
|
#
|
608
670
|
# @!attribute [rw] values
|
609
671
|
# An array of Amazon Resource Name (ARN) strings or partial ARN
|
610
672
|
# strings for the specified objects.
|
611
673
|
#
|
612
|
-
# * To log data events for all objects in all S3 buckets in your
|
613
|
-
# account, specify the prefix as
|
674
|
+
# * To log data events for all objects in all S3 buckets in your
|
675
|
+
# Amazon Web Services account, specify the prefix as
|
676
|
+
# `arn:aws:s3:::`.
|
614
677
|
#
|
615
|
-
# <note markdown="1"> This
|
616
|
-
#
|
617
|
-
# performed on a bucket that belongs to another
|
678
|
+
# <note markdown="1"> This also enables logging of data event activity performed by any
|
679
|
+
# user or role in your Amazon Web Services account, even if that
|
680
|
+
# activity is performed on a bucket that belongs to another Amazon
|
681
|
+
# Web Services account.
|
618
682
|
#
|
619
683
|
# </note>
|
620
684
|
#
|
@@ -628,12 +692,13 @@ module Aws::CloudTrail
|
|
628
692
|
# trail logs data events for objects in this S3 bucket that match
|
629
693
|
# the prefix.
|
630
694
|
#
|
631
|
-
# * To log data events for all functions in your
|
632
|
-
# the prefix as `arn:aws:lambda`.
|
695
|
+
# * To log data events for all Lambda functions in your Amazon Web
|
696
|
+
# Services account, specify the prefix as `arn:aws:lambda`.
|
633
697
|
#
|
634
|
-
# <note markdown="1"> This
|
635
|
-
#
|
636
|
-
# performed on a function that belongs to another
|
698
|
+
# <note markdown="1"> This also enables logging of `Invoke` activity performed by any
|
699
|
+
# user or role in your Amazon Web Services account, even if that
|
700
|
+
# activity is performed on a function that belongs to another Amazon
|
701
|
+
# Web Services account.
|
637
702
|
#
|
638
703
|
# </note>
|
639
704
|
#
|
@@ -649,6 +714,9 @@ module Aws::CloudTrail
|
|
649
714
|
# *arn:aws:lambda:us-west-2:111111111111:function:helloworld2*.
|
650
715
|
#
|
651
716
|
# </note>
|
717
|
+
#
|
718
|
+
# * To log data events for all DynamoDB tables in your Amazon Web
|
719
|
+
# Services account, specify the prefix as `arn:aws:dynamodb`.
|
652
720
|
# @return [Array<String>]
|
653
721
|
#
|
654
722
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DataResource AWS API Documentation
|
@@ -671,7 +739,7 @@ module Aws::CloudTrail
|
|
671
739
|
#
|
672
740
|
# @!attribute [rw] name
|
673
741
|
# Specifies the name or the CloudTrail ARN of the trail to be deleted.
|
674
|
-
# The format of a trail ARN
|
742
|
+
# The following is the format of a trail ARN.
|
675
743
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
676
744
|
# @return [String]
|
677
745
|
#
|
@@ -752,7 +820,7 @@ module Aws::CloudTrail
|
|
752
820
|
# configuration. For example, `SNSTopicName` and `SNSTopicARN` are
|
753
821
|
# only returned in results if a trail is configured to send SNS
|
754
822
|
# notifications. Similarly, `KMSKeyId` only appears in results if a
|
755
|
-
# trail's log files are encrypted with
|
823
|
+
# trail's log files are encrypted with KMS customer managed keys.
|
756
824
|
# @return [Array<Types::Trail>]
|
757
825
|
#
|
758
826
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeTrailsResponse AWS API Documentation
|
@@ -780,9 +848,9 @@ module Aws::CloudTrail
|
|
780
848
|
# @return [String]
|
781
849
|
#
|
782
850
|
# @!attribute [rw] access_key_id
|
783
|
-
# The
|
784
|
-
# request was made with temporary security
|
785
|
-
# access key ID of the temporary credentials.
|
851
|
+
# The Amazon Web Services access key ID that was used to sign the
|
852
|
+
# request. If the request was made with temporary security
|
853
|
+
# credentials, this is the access key ID of the temporary credentials.
|
786
854
|
# @return [String]
|
787
855
|
#
|
788
856
|
# @!attribute [rw] event_time
|
@@ -790,7 +858,7 @@ module Aws::CloudTrail
|
|
790
858
|
# @return [Time]
|
791
859
|
#
|
792
860
|
# @!attribute [rw] event_source
|
793
|
-
# The
|
861
|
+
# The Amazon Web Services service to which the request was made.
|
794
862
|
# @return [String]
|
795
863
|
#
|
796
864
|
# @!attribute [rw] username
|
@@ -864,15 +932,15 @@ module Aws::CloudTrail
|
|
864
932
|
# Specify if you want your event selector to include management events
|
865
933
|
# for your trail.
|
866
934
|
#
|
867
|
-
# For more information, see [Management Events][1] in the *
|
868
|
-
#
|
935
|
+
# For more information, see [Management Events][1] in the *CloudTrail
|
936
|
+
# User Guide*.
|
869
937
|
#
|
870
938
|
# By default, the value is `true`.
|
871
939
|
#
|
872
940
|
# The first copy of management events is free. You are charged for
|
873
941
|
# additional copies of management events that you are logging on any
|
874
942
|
# subsequent trail in the same region. For more information about
|
875
|
-
# CloudTrail pricing, see [
|
943
|
+
# CloudTrail pricing, see [CloudTrail Pricing][2].
|
876
944
|
#
|
877
945
|
#
|
878
946
|
#
|
@@ -881,15 +949,15 @@ module Aws::CloudTrail
|
|
881
949
|
# @return [Boolean]
|
882
950
|
#
|
883
951
|
# @!attribute [rw] data_resources
|
884
|
-
# CloudTrail supports data event logging for Amazon S3 objects
|
885
|
-
#
|
886
|
-
#
|
887
|
-
#
|
888
|
-
#
|
889
|
-
# events.
|
952
|
+
# CloudTrail supports data event logging for Amazon S3 objects, Lambda
|
953
|
+
# functions, and Amazon DynamoDB tables with basic event selectors.
|
954
|
+
# You can specify up to 250 resources for an individual event
|
955
|
+
# selector, but the total number of data resources cannot exceed 250
|
956
|
+
# across all event selectors in a trail. This limit does not apply if
|
957
|
+
# you configure resource logging for all data events.
|
890
958
|
#
|
891
|
-
# For more information, see [Data Events][1] and [Limits in
|
892
|
-
# CloudTrail][2] in the *
|
959
|
+
# For more information, see [Data Events][1] and [Limits in
|
960
|
+
# CloudTrail][2] in the *CloudTrail User Guide*.
|
893
961
|
#
|
894
962
|
#
|
895
963
|
#
|
@@ -900,10 +968,11 @@ module Aws::CloudTrail
|
|
900
968
|
# @!attribute [rw] exclude_management_event_sources
|
901
969
|
# An optional list of service event sources from which you do not want
|
902
970
|
# management events to be logged on your trail. In this release, the
|
903
|
-
# list can be empty (disables the filter), or it can filter out
|
904
|
-
#
|
905
|
-
#
|
906
|
-
#
|
971
|
+
# list can be empty (disables the filter), or it can filter out Key
|
972
|
+
# Management Service or Amazon RDS Data API events by containing
|
973
|
+
# `kms.amazonaws.com` or `rdsdata.amazonaws.com`. By default,
|
974
|
+
# `ExcludeManagementEventSources` is empty, and KMS and Amazon RDS
|
975
|
+
# Data API events are logged to your trail.
|
907
976
|
# @return [Array<String>]
|
908
977
|
#
|
909
978
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventSelector AWS API Documentation
|
@@ -1076,7 +1145,7 @@ module Aws::CloudTrail
|
|
1076
1145
|
# Specifies the name or the CloudTrail ARN of the trail for which you
|
1077
1146
|
# are requesting status. To get the status of a shadow trail (a
|
1078
1147
|
# replication of the trail in another region), you must specify its
|
1079
|
-
# ARN. The format of a trail ARN
|
1148
|
+
# ARN. The following is the format of a trail ARN.
|
1080
1149
|
#
|
1081
1150
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1082
1151
|
# @return [String]
|
@@ -1093,20 +1162,21 @@ module Aws::CloudTrail
|
|
1093
1162
|
# returns an error.
|
1094
1163
|
#
|
1095
1164
|
# @!attribute [rw] is_logging
|
1096
|
-
# Whether the CloudTrail is currently logging
|
1165
|
+
# Whether the CloudTrail trail is currently logging Amazon Web
|
1166
|
+
# Services API calls.
|
1097
1167
|
# @return [Boolean]
|
1098
1168
|
#
|
1099
1169
|
# @!attribute [rw] latest_delivery_error
|
1100
1170
|
# Displays any Amazon S3 error that CloudTrail encountered when
|
1101
1171
|
# attempting to deliver log files to the designated bucket. For more
|
1102
|
-
# information see
|
1172
|
+
# information, see [Error Responses][1] in the Amazon S3 API
|
1103
1173
|
# Reference.
|
1104
1174
|
#
|
1105
1175
|
# <note markdown="1"> This error occurs only when there is a problem with the destination
|
1106
|
-
# S3 bucket and
|
1107
|
-
# create a new bucket and call `UpdateTrail` to
|
1108
|
-
# bucket
|
1109
|
-
# write to the bucket.
|
1176
|
+
# S3 bucket, and does not occur for requests that time out. To resolve
|
1177
|
+
# the issue, create a new bucket, and then call `UpdateTrail` to
|
1178
|
+
# specify the new bucket; or fix the existing objects so that
|
1179
|
+
# CloudTrail can again write to the bucket.
|
1110
1180
|
#
|
1111
1181
|
# </note>
|
1112
1182
|
#
|
@@ -1138,12 +1208,12 @@ module Aws::CloudTrail
|
|
1138
1208
|
#
|
1139
1209
|
# @!attribute [rw] start_logging_time
|
1140
1210
|
# Specifies the most recent date and time when CloudTrail started
|
1141
|
-
# recording API calls for an
|
1211
|
+
# recording API calls for an Amazon Web Services account.
|
1142
1212
|
# @return [Time]
|
1143
1213
|
#
|
1144
1214
|
# @!attribute [rw] stop_logging_time
|
1145
1215
|
# Specifies the most recent date and time when CloudTrail stopped
|
1146
|
-
# recording API calls for an
|
1216
|
+
# recording API calls for an Amazon Web Services account.
|
1147
1217
|
# @return [Time]
|
1148
1218
|
#
|
1149
1219
|
# @!attribute [rw] latest_cloud_watch_logs_delivery_error
|
@@ -1164,14 +1234,14 @@ module Aws::CloudTrail
|
|
1164
1234
|
# @!attribute [rw] latest_digest_delivery_error
|
1165
1235
|
# Displays any Amazon S3 error that CloudTrail encountered when
|
1166
1236
|
# attempting to deliver a digest file to the designated bucket. For
|
1167
|
-
# more information see
|
1168
|
-
#
|
1237
|
+
# more information, see [Error Responses][1] in the Amazon S3 API
|
1238
|
+
# Reference.
|
1169
1239
|
#
|
1170
1240
|
# <note markdown="1"> This error occurs only when there is a problem with the destination
|
1171
|
-
# S3 bucket and
|
1172
|
-
# create a new bucket and call `UpdateTrail` to
|
1173
|
-
# bucket
|
1174
|
-
# write to the bucket.
|
1241
|
+
# S3 bucket, and does not occur for requests that time out. To resolve
|
1242
|
+
# the issue, create a new bucket, and then call `UpdateTrail` to
|
1243
|
+
# specify the new bucket; or fix the existing objects so that
|
1244
|
+
# CloudTrail can again write to the bucket.
|
1175
1245
|
#
|
1176
1246
|
# </note>
|
1177
1247
|
#
|
@@ -1247,8 +1317,8 @@ module Aws::CloudTrail
|
|
1247
1317
|
# }
|
1248
1318
|
#
|
1249
1319
|
# @!attribute [rw] insight_type
|
1250
|
-
# The type of
|
1251
|
-
#
|
1320
|
+
# The type of Insights events to log on a trail. The valid Insights
|
1321
|
+
# type in this release is `ApiCallRateInsight`.
|
1252
1322
|
# @return [String]
|
1253
1323
|
#
|
1254
1324
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
|
@@ -1287,15 +1357,15 @@ module Aws::CloudTrail
|
|
1287
1357
|
#
|
1288
1358
|
class InsufficientS3BucketPolicyException < Aws::EmptyStructure; end
|
1289
1359
|
|
1290
|
-
# This exception is thrown when the policy on the SNS topic is
|
1291
|
-
# sufficient.
|
1360
|
+
# This exception is thrown when the policy on the Amazon SNS topic is
|
1361
|
+
# not sufficient.
|
1292
1362
|
#
|
1293
1363
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientSnsTopicPolicyException AWS API Documentation
|
1294
1364
|
#
|
1295
1365
|
class InsufficientSnsTopicPolicyException < Aws::EmptyStructure; end
|
1296
1366
|
|
1297
|
-
# This exception is thrown when the provided CloudWatch log group
|
1298
|
-
# valid.
|
1367
|
+
# This exception is thrown when the provided CloudWatch Logs log group
|
1368
|
+
# is not valid.
|
1299
1369
|
#
|
1300
1370
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidCloudWatchLogsLogGroupArnException AWS API Documentation
|
1301
1371
|
#
|
@@ -1338,7 +1408,7 @@ module Aws::CloudTrail
|
|
1338
1408
|
# selectors for a trail.
|
1339
1409
|
#
|
1340
1410
|
# * Specify a valid value for a parameter. For example, specifying the
|
1341
|
-
# `ReadWriteType` parameter with a value of `read-only` is
|
1411
|
+
# `ReadWriteType` parameter with a value of `read-only` is not valid.
|
1342
1412
|
#
|
1343
1413
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidEventSelectorsException AWS API Documentation
|
1344
1414
|
#
|
@@ -1360,27 +1430,27 @@ module Aws::CloudTrail
|
|
1360
1430
|
#
|
1361
1431
|
class InvalidInsightSelectorsException < Aws::EmptyStructure; end
|
1362
1432
|
|
1363
|
-
# This exception is thrown when the KMS key ARN is
|
1433
|
+
# This exception is thrown when the KMS key ARN is not valid.
|
1364
1434
|
#
|
1365
1435
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidKmsKeyIdException AWS API Documentation
|
1366
1436
|
#
|
1367
1437
|
class InvalidKmsKeyIdException < Aws::EmptyStructure; end
|
1368
1438
|
|
1369
|
-
# Occurs when
|
1439
|
+
# Occurs when a lookup attribute is specified that is not valid.
|
1370
1440
|
#
|
1371
1441
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidLookupAttributesException AWS API Documentation
|
1372
1442
|
#
|
1373
1443
|
class InvalidLookupAttributesException < Aws::EmptyStructure; end
|
1374
1444
|
|
1375
|
-
# This exception is thrown if the limit specified is
|
1445
|
+
# This exception is thrown if the limit specified is not valid.
|
1376
1446
|
#
|
1377
1447
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidMaxResultsException AWS API Documentation
|
1378
1448
|
#
|
1379
1449
|
class InvalidMaxResultsException < Aws::EmptyStructure; end
|
1380
1450
|
|
1381
|
-
#
|
1382
|
-
# different parameters. This exception is thrown if the
|
1383
|
-
#
|
1451
|
+
# A token that is not valid, or a token that was previously used in a
|
1452
|
+
# request with different parameters. This exception is thrown if the
|
1453
|
+
# token is not valid.
|
1384
1454
|
#
|
1385
1455
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidNextTokenException AWS API Documentation
|
1386
1456
|
#
|
@@ -1421,8 +1491,8 @@ module Aws::CloudTrail
|
|
1421
1491
|
#
|
1422
1492
|
class InvalidTagParameterException < Aws::EmptyStructure; end
|
1423
1493
|
|
1424
|
-
# Occurs if the timestamp values are
|
1425
|
-
# occurs after the end time or the time range is outside the range of
|
1494
|
+
# Occurs if the timestamp values are not valid. Either the start time
|
1495
|
+
# occurs after the end time, or the time range is outside the range of
|
1426
1496
|
# possible values.
|
1427
1497
|
#
|
1428
1498
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidTimeRangeException AWS API Documentation
|
@@ -1446,7 +1516,7 @@ module Aws::CloudTrail
|
|
1446
1516
|
# * Be between 3 and 128 characters
|
1447
1517
|
#
|
1448
1518
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1449
|
-
# `my-_namespace` and `my--namespace` are
|
1519
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1450
1520
|
#
|
1451
1521
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1452
1522
|
#
|
@@ -1469,8 +1539,8 @@ module Aws::CloudTrail
|
|
1469
1539
|
|
1470
1540
|
# This exception is thrown when the KMS key does not exist, when the S3
|
1471
1541
|
# bucket and the KMS key are not in the same region, or when the KMS key
|
1472
|
-
# associated with the SNS topic either does not exist or is not
|
1473
|
-
# same region.
|
1542
|
+
# associated with the Amazon SNS topic either does not exist or is not
|
1543
|
+
# in the same region.
|
1474
1544
|
#
|
1475
1545
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyNotFoundException AWS API Documentation
|
1476
1546
|
#
|
@@ -1549,7 +1619,7 @@ module Aws::CloudTrail
|
|
1549
1619
|
#
|
1550
1620
|
# @!attribute [rw] resource_id_list
|
1551
1621
|
# Specifies a list of trail ARNs whose tags will be listed. The list
|
1552
|
-
# has a limit of 20 ARNs. The format of a trail ARN
|
1622
|
+
# has a limit of 20 ARNs. The following is the format of a trail ARN.
|
1553
1623
|
#
|
1554
1624
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1555
1625
|
# @return [Array<String>]
|
@@ -1763,10 +1833,11 @@ module Aws::CloudTrail
|
|
1763
1833
|
#
|
1764
1834
|
class MaximumNumberOfTrailsExceededException < Aws::EmptyStructure; end
|
1765
1835
|
|
1766
|
-
# This exception is thrown when the
|
1767
|
-
# create or update an organization trail is not the
|
1768
|
-
# an organization in
|
1769
|
-
# [Prepare For Creating a Trail For Your
|
1836
|
+
# This exception is thrown when the Amazon Web Services account making
|
1837
|
+
# the request to create or update an organization trail is not the
|
1838
|
+
# management account for an organization in Organizations. For more
|
1839
|
+
# information, see [Prepare For Creating a Trail For Your
|
1840
|
+
# Organization][1].
|
1770
1841
|
#
|
1771
1842
|
#
|
1772
1843
|
#
|
@@ -1783,9 +1854,9 @@ module Aws::CloudTrail
|
|
1783
1854
|
#
|
1784
1855
|
class OperationNotPermittedException < Aws::EmptyStructure; end
|
1785
1856
|
|
1786
|
-
# This exception is thrown when
|
1787
|
-
# support all features. All features must be enabled in
|
1788
|
-
#
|
1857
|
+
# This exception is thrown when Organizations is not configured to
|
1858
|
+
# support all features. All features must be enabled in Organizations to
|
1859
|
+
# support creating an organization trail. For more information, see
|
1789
1860
|
# [Prepare For Creating a Trail For Your Organization][1].
|
1790
1861
|
#
|
1791
1862
|
#
|
@@ -1796,9 +1867,10 @@ module Aws::CloudTrail
|
|
1796
1867
|
#
|
1797
1868
|
class OrganizationNotInAllFeaturesModeException < Aws::EmptyStructure; end
|
1798
1869
|
|
1799
|
-
# This exception is thrown when the request is made from an
|
1800
|
-
# that is not a member of an organization. To make this
|
1801
|
-
# using the credentials of an account that belongs to
|
1870
|
+
# This exception is thrown when the request is made from an Amazon Web
|
1871
|
+
# Services account that is not a member of an organization. To make this
|
1872
|
+
# request, sign in using the credentials of an account that belongs to
|
1873
|
+
# an organization.
|
1802
1874
|
#
|
1803
1875
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/OrganizationsNotInUseException AWS API Documentation
|
1804
1876
|
#
|
@@ -1881,11 +1953,11 @@ module Aws::CloudTrail
|
|
1881
1953
|
# * Be between 3 and 128 characters
|
1882
1954
|
#
|
1883
1955
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1884
|
-
# `my-_namespace` and `my--namespace` are
|
1956
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1885
1957
|
#
|
1886
1958
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1887
1959
|
#
|
1888
|
-
# If you specify a trail ARN, it must be in the format
|
1960
|
+
# If you specify a trail ARN, it must be in the following format.
|
1889
1961
|
#
|
1890
1962
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1891
1963
|
# @return [String]
|
@@ -1907,8 +1979,8 @@ module Aws::CloudTrail
|
|
1907
1979
|
# `EventSelectors`, but not both. If you apply
|
1908
1980
|
# `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
|
1909
1981
|
# are overwritten. For more information about advanced event
|
1910
|
-
# selectors, see [Logging data events for trails][1] in the
|
1911
|
-
# CloudTrail User Guide*.
|
1982
|
+
# selectors, see [Logging data events for trails][1] in the
|
1983
|
+
# *CloudTrail User Guide*.
|
1912
1984
|
#
|
1913
1985
|
#
|
1914
1986
|
#
|
@@ -1927,7 +1999,7 @@ module Aws::CloudTrail
|
|
1927
1999
|
|
1928
2000
|
# @!attribute [rw] trail_arn
|
1929
2001
|
# Specifies the ARN of the trail that was updated with event
|
1930
|
-
# selectors. The format of a trail ARN
|
2002
|
+
# selectors. The following is the format of a trail ARN.
|
1931
2003
|
#
|
1932
2004
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1933
2005
|
# @return [String]
|
@@ -1968,9 +2040,9 @@ module Aws::CloudTrail
|
|
1968
2040
|
# @return [String]
|
1969
2041
|
#
|
1970
2042
|
# @!attribute [rw] insight_selectors
|
1971
|
-
# A JSON string that contains the
|
1972
|
-
# trail.
|
1973
|
-
#
|
2043
|
+
# A JSON string that contains the Insights types that you want to log
|
2044
|
+
# on a trail. The valid Insights type in this release is
|
2045
|
+
# `ApiCallRateInsight`.
|
1974
2046
|
# @return [Array<Types::InsightSelector>]
|
1975
2047
|
#
|
1976
2048
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
|
@@ -1988,9 +2060,9 @@ module Aws::CloudTrail
|
|
1988
2060
|
# @return [String]
|
1989
2061
|
#
|
1990
2062
|
# @!attribute [rw] insight_selectors
|
1991
|
-
# A JSON string that contains the
|
1992
|
-
# trail.
|
1993
|
-
#
|
2063
|
+
# A JSON string that contains the Insights event types that you want
|
2064
|
+
# to log on a trail. The valid Insights type in this release is
|
2065
|
+
# `ApiCallRateInsight`.
|
1994
2066
|
# @return [Array<Types::InsightSelector>]
|
1995
2067
|
#
|
1996
2068
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
|
@@ -2050,9 +2122,10 @@ module Aws::CloudTrail
|
|
2050
2122
|
# The type of a resource referenced by the event returned. When the
|
2051
2123
|
# resource type cannot be determined, null is returned. Some examples
|
2052
2124
|
# of resource types are: **Instance** for EC2, **Trail** for
|
2053
|
-
# CloudTrail, **DBInstance** for RDS, and **AccessKey** for
|
2054
|
-
# learn more about how to look up and filter events by the
|
2055
|
-
# types supported for a service, see [Filtering CloudTrail
|
2125
|
+
# CloudTrail, **DBInstance** for Amazon RDS, and **AccessKey** for
|
2126
|
+
# IAM. To learn more about how to look up and filter events by the
|
2127
|
+
# resource types supported for a service, see [Filtering CloudTrail
|
2128
|
+
# Events][1].
|
2056
2129
|
#
|
2057
2130
|
#
|
2058
2131
|
#
|
@@ -2113,8 +2186,8 @@ module Aws::CloudTrail
|
|
2113
2186
|
#
|
2114
2187
|
class S3BucketDoesNotExistException < Aws::EmptyStructure; end
|
2115
2188
|
|
2116
|
-
# The request to CloudTrail to start logging
|
2117
|
-
# account.
|
2189
|
+
# The request to CloudTrail to start logging Amazon Web Services API
|
2190
|
+
# calls for an account.
|
2118
2191
|
#
|
2119
2192
|
# @note When making an API call, you may pass StartLoggingRequest
|
2120
2193
|
# data as a hash:
|
@@ -2125,7 +2198,8 @@ module Aws::CloudTrail
|
|
2125
2198
|
#
|
2126
2199
|
# @!attribute [rw] name
|
2127
2200
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
2128
|
-
# CloudTrail logs
|
2201
|
+
# CloudTrail logs Amazon Web Services API calls. The following is the
|
2202
|
+
# format of a trail ARN.
|
2129
2203
|
#
|
2130
2204
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2131
2205
|
# @return [String]
|
@@ -2145,8 +2219,8 @@ module Aws::CloudTrail
|
|
2145
2219
|
#
|
2146
2220
|
class StartLoggingResponse < Aws::EmptyStructure; end
|
2147
2221
|
|
2148
|
-
# Passes the request to CloudTrail to stop logging
|
2149
|
-
# specified account.
|
2222
|
+
# Passes the request to CloudTrail to stop logging Amazon Web Services
|
2223
|
+
# API calls for the specified account.
|
2150
2224
|
#
|
2151
2225
|
# @note When making an API call, you may pass StopLoggingRequest
|
2152
2226
|
# data as a hash:
|
@@ -2157,8 +2231,8 @@ module Aws::CloudTrail
|
|
2157
2231
|
#
|
2158
2232
|
# @!attribute [rw] name
|
2159
2233
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
2160
|
-
# CloudTrail will stop logging
|
2161
|
-
#
|
2234
|
+
# CloudTrail will stop logging Amazon Web Services API calls. The
|
2235
|
+
# following is the format of a trail ARN.
|
2162
2236
|
#
|
2163
2237
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2164
2238
|
# @return [String]
|
@@ -2235,7 +2309,7 @@ module Aws::CloudTrail
|
|
2235
2309
|
# @!attribute [rw] s3_key_prefix
|
2236
2310
|
# Specifies the Amazon S3 key prefix that comes after the name of the
|
2237
2311
|
# bucket you have designated for log file delivery. For more
|
2238
|
-
# information, see [Finding Your CloudTrail Log Files][1].The maximum
|
2312
|
+
# information, see [Finding Your CloudTrail Log Files][1]. The maximum
|
2239
2313
|
# length is 200 characters.
|
2240
2314
|
#
|
2241
2315
|
#
|
@@ -2249,15 +2323,15 @@ module Aws::CloudTrail
|
|
2249
2323
|
#
|
2250
2324
|
# @!attribute [rw] sns_topic_arn
|
2251
2325
|
# Specifies the ARN of the Amazon SNS topic that CloudTrail uses to
|
2252
|
-
# send notifications when log files are delivered. The
|
2253
|
-
# topic ARN
|
2326
|
+
# send notifications when log files are delivered. The following is
|
2327
|
+
# the format of a topic ARN.
|
2254
2328
|
#
|
2255
2329
|
# `arn:aws:sns:us-east-2:123456789012:MyTopic`
|
2256
2330
|
# @return [String]
|
2257
2331
|
#
|
2258
2332
|
# @!attribute [rw] include_global_service_events
|
2259
|
-
# Set to **True** to include
|
2260
|
-
# such as IAM. Otherwise, **False**.
|
2333
|
+
# Set to **True** to include Amazon Web Services API calls from Amazon
|
2334
|
+
# Web Services global services such as IAM. Otherwise, **False**.
|
2261
2335
|
# @return [Boolean]
|
2262
2336
|
#
|
2263
2337
|
# @!attribute [rw] is_multi_region_trail
|
@@ -2270,7 +2344,8 @@ module Aws::CloudTrail
|
|
2270
2344
|
# @return [String]
|
2271
2345
|
#
|
2272
2346
|
# @!attribute [rw] trail_arn
|
2273
|
-
# Specifies the ARN of the trail. The format of a
|
2347
|
+
# Specifies the ARN of the trail. The following is the format of a
|
2348
|
+
# trail ARN.
|
2274
2349
|
#
|
2275
2350
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2276
2351
|
# @return [String]
|
@@ -2292,7 +2367,7 @@ module Aws::CloudTrail
|
|
2292
2367
|
# @!attribute [rw] kms_key_id
|
2293
2368
|
# Specifies the KMS key ID that encrypts the logs delivered by
|
2294
2369
|
# CloudTrail. The value is a fully specified ARN to a KMS key in the
|
2295
|
-
# format
|
2370
|
+
# following format.
|
2296
2371
|
#
|
2297
2372
|
# `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
|
2298
2373
|
# @return [String]
|
@@ -2351,7 +2426,7 @@ module Aws::CloudTrail
|
|
2351
2426
|
# @return [String]
|
2352
2427
|
#
|
2353
2428
|
# @!attribute [rw] home_region
|
2354
|
-
# The
|
2429
|
+
# The Amazon Web Services Region in which a trail was created.
|
2355
2430
|
# @return [String]
|
2356
2431
|
#
|
2357
2432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TrailInfo AWS API Documentation
|
@@ -2415,11 +2490,11 @@ module Aws::CloudTrail
|
|
2415
2490
|
# * Be between 3 and 128 characters
|
2416
2491
|
#
|
2417
2492
|
# * Have no adjacent periods, underscores or dashes. Names like
|
2418
|
-
# `my-_namespace` and `my--namespace` are
|
2493
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
2419
2494
|
#
|
2420
2495
|
# * Not be in IP address format (for example, 192.168.5.4)
|
2421
2496
|
#
|
2422
|
-
# If `Name` is a trail ARN, it must be in the format
|
2497
|
+
# If `Name` is a trail ARN, it must be in the following format.
|
2423
2498
|
#
|
2424
2499
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2425
2500
|
# @return [String]
|
@@ -2470,7 +2545,7 @@ module Aws::CloudTrail
|
|
2470
2545
|
# false.
|
2471
2546
|
#
|
2472
2547
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
2473
|
-
# files is broken after one hour. CloudTrail
|
2548
|
+
# files is broken after one hour. CloudTrail does not create digest
|
2474
2549
|
# files for log files that were delivered during a period in which log
|
2475
2550
|
# file integrity validation was disabled. For example, if you enable
|
2476
2551
|
# log file integrity validation at noon on January 1, disable it at
|
@@ -2485,8 +2560,8 @@ module Aws::CloudTrail
|
|
2485
2560
|
# @!attribute [rw] cloud_watch_logs_log_group_arn
|
2486
2561
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
2487
2562
|
# unique identifier that represents the log group to which CloudTrail
|
2488
|
-
# logs
|
2489
|
-
# CloudWatchLogsRoleArn
|
2563
|
+
# logs are delivered. Not required unless you specify
|
2564
|
+
# `CloudWatchLogsRoleArn`.
|
2490
2565
|
# @return [String]
|
2491
2566
|
#
|
2492
2567
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -2500,6 +2575,10 @@ module Aws::CloudTrail
|
|
2500
2575
|
# fully specified ARN to an alias, a fully specified ARN to a key, or
|
2501
2576
|
# a globally unique identifier.
|
2502
2577
|
#
|
2578
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
2579
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the
|
2580
|
+
# *Key Management Service Developer Guide*.
|
2581
|
+
#
|
2503
2582
|
# Examples:
|
2504
2583
|
#
|
2505
2584
|
# * alias/MyAliasName
|
@@ -2509,19 +2588,24 @@ module Aws::CloudTrail
|
|
2509
2588
|
# * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
|
2510
2589
|
#
|
2511
2590
|
# * 12345678-1234-1234-1234-123456789012
|
2591
|
+
#
|
2592
|
+
#
|
2593
|
+
#
|
2594
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
2512
2595
|
# @return [String]
|
2513
2596
|
#
|
2514
2597
|
# @!attribute [rw] is_organization_trail
|
2515
2598
|
# Specifies whether the trail is applied to all accounts in an
|
2516
|
-
# organization in
|
2517
|
-
# account. The default is false, and cannot be true unless
|
2518
|
-
# made on behalf of an
|
2519
|
-
# organization in
|
2520
|
-
# organization trail and this is set to true
|
2521
|
-
# created in all
|
2522
|
-
#
|
2523
|
-
#
|
2524
|
-
#
|
2599
|
+
# organization in Organizations, or only for the current Amazon Web
|
2600
|
+
# Services account. The default is false, and cannot be true unless
|
2601
|
+
# the call is made on behalf of an Amazon Web Services account that is
|
2602
|
+
# the management account for an organization in Organizations. If the
|
2603
|
+
# trail is not an organization trail and this is set to `true`, the
|
2604
|
+
# trail will be created in all Amazon Web Services accounts that
|
2605
|
+
# belong to the organization. If the trail is an organization trail
|
2606
|
+
# and this is set to `false`, the trail will remain in the current
|
2607
|
+
# Amazon Web Services account but be deleted from all member accounts
|
2608
|
+
# in the organization.
|
2525
2609
|
# @return [Boolean]
|
2526
2610
|
#
|
2527
2611
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrailRequest AWS API Documentation
|
@@ -2557,7 +2641,7 @@ module Aws::CloudTrail
|
|
2557
2641
|
# @!attribute [rw] s3_key_prefix
|
2558
2642
|
# Specifies the Amazon S3 key prefix that comes after the name of the
|
2559
2643
|
# bucket you have designated for log file delivery. For more
|
2560
|
-
# information, see [Finding Your
|
2644
|
+
# information, see [Finding Your IAM Log Files][1].
|
2561
2645
|
#
|
2562
2646
|
#
|
2563
2647
|
#
|
@@ -2565,13 +2649,13 @@ module Aws::CloudTrail
|
|
2565
2649
|
# @return [String]
|
2566
2650
|
#
|
2567
2651
|
# @!attribute [rw] sns_topic_name
|
2568
|
-
# This field is no longer in use. Use SnsTopicARN.
|
2652
|
+
# This field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
|
2569
2653
|
# @return [String]
|
2570
2654
|
#
|
2571
2655
|
# @!attribute [rw] sns_topic_arn
|
2572
2656
|
# Specifies the ARN of the Amazon SNS topic that CloudTrail uses to
|
2573
|
-
# send notifications when log files are delivered. The
|
2574
|
-
# topic ARN
|
2657
|
+
# send notifications when log files are delivered. The following is
|
2658
|
+
# the format of a topic ARN.
|
2575
2659
|
#
|
2576
2660
|
# `arn:aws:sns:us-east-2:123456789012:MyTopic`
|
2577
2661
|
# @return [String]
|
@@ -2586,8 +2670,8 @@ module Aws::CloudTrail
|
|
2586
2670
|
# @return [Boolean]
|
2587
2671
|
#
|
2588
2672
|
# @!attribute [rw] trail_arn
|
2589
|
-
# Specifies the ARN of the trail that was updated. The
|
2590
|
-
# trail ARN
|
2673
|
+
# Specifies the ARN of the trail that was updated. The following is
|
2674
|
+
# the format of a trail ARN.
|
2591
2675
|
#
|
2592
2676
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2593
2677
|
# @return [String]
|
@@ -2598,7 +2682,7 @@ module Aws::CloudTrail
|
|
2598
2682
|
#
|
2599
2683
|
# @!attribute [rw] cloud_watch_logs_log_group_arn
|
2600
2684
|
# Specifies the Amazon Resource Name (ARN) of the log group to which
|
2601
|
-
# CloudTrail logs
|
2685
|
+
# CloudTrail logs are delivered.
|
2602
2686
|
# @return [String]
|
2603
2687
|
#
|
2604
2688
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -2609,7 +2693,7 @@ module Aws::CloudTrail
|
|
2609
2693
|
# @!attribute [rw] kms_key_id
|
2610
2694
|
# Specifies the KMS key ID that encrypts the logs delivered by
|
2611
2695
|
# CloudTrail. The value is a fully specified ARN to a KMS key in the
|
2612
|
-
# format
|
2696
|
+
# following format.
|
2613
2697
|
#
|
2614
2698
|
# `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
|
2615
2699
|
# @return [String]
|