aws-sdk-cloudtrail 1.42.0 → 1.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -27,7 +27,11 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
- require 'aws-sdk-core/plugins/signature_v4.rb'
30
+ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
31
+ require 'aws-sdk-core/plugins/request_compression.rb'
32
+ require 'aws-sdk-core/plugins/defaults_mode.rb'
33
+ require 'aws-sdk-core/plugins/recursion_detection.rb'
34
+ require 'aws-sdk-core/plugins/sign.rb'
31
35
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
32
36
 
33
37
  Aws::Plugins::GlobalConfiguration.add_identifier(:cloudtrail)
@@ -73,8 +77,13 @@ module Aws::CloudTrail
73
77
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
74
78
  add_plugin(Aws::Plugins::TransferEncoding)
75
79
  add_plugin(Aws::Plugins::HttpChecksum)
76
- add_plugin(Aws::Plugins::SignatureV4)
80
+ add_plugin(Aws::Plugins::ChecksumAlgorithm)
81
+ add_plugin(Aws::Plugins::RequestCompression)
82
+ add_plugin(Aws::Plugins::DefaultsMode)
83
+ add_plugin(Aws::Plugins::RecursionDetection)
84
+ add_plugin(Aws::Plugins::Sign)
77
85
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
86
+ add_plugin(Aws::CloudTrail::Plugins::Endpoints)
78
87
 
79
88
  # @overload initialize(options)
80
89
  # @param [Hash] options
@@ -175,10 +184,18 @@ module Aws::CloudTrail
175
184
  # Used only in `standard` and adaptive retry modes. Specifies whether to apply
176
185
  # a clock skew correction and retry requests with skewed client clocks.
177
186
  #
187
+ # @option options [String] :defaults_mode ("legacy")
188
+ # See {Aws::DefaultsModeConfiguration} for a list of the
189
+ # accepted modes and the configuration defaults that are included.
190
+ #
178
191
  # @option options [Boolean] :disable_host_prefix_injection (false)
179
192
  # Set to true to disable SDK automatically adding host prefix
180
193
  # to default service endpoint when available.
181
194
  #
195
+ # @option options [Boolean] :disable_request_compression (false)
196
+ # When set to 'true' the request body will not be compressed
197
+ # for supported operations.
198
+ #
182
199
  # @option options [String] :endpoint
183
200
  # The client endpoint is normally constructed from the `:region`
184
201
  # option. You should only configure an `:endpoint` when connecting
@@ -199,6 +216,10 @@ module Aws::CloudTrail
199
216
  # @option options [Boolean] :endpoint_discovery (false)
200
217
  # When set to `true`, endpoint discovery will be enabled for operations when available.
201
218
  #
219
+ # @option options [Boolean] :ignore_configured_endpoint_urls
220
+ # Setting to true disables use of endpoint URLs provided via environment
221
+ # variables and the shared configuration file.
222
+ #
202
223
  # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
203
224
  # The log formatter.
204
225
  #
@@ -219,6 +240,11 @@ module Aws::CloudTrail
219
240
  # Used when loading credentials from the shared credentials file
220
241
  # at HOME/.aws/credentials. When not specified, 'default' is used.
221
242
  #
243
+ # @option options [Integer] :request_min_compression_size_bytes (10240)
244
+ # The minimum size in bytes that triggers compression for request
245
+ # bodies. The value must be non-negative integer value between 0
246
+ # and 10485780 bytes inclusive.
247
+ #
222
248
  # @option options [Proc] :retry_backoff
223
249
  # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
224
250
  # This option is only used in the `legacy` retry mode.
@@ -264,6 +290,11 @@ module Aws::CloudTrail
264
290
  # in the future.
265
291
  #
266
292
  #
293
+ # @option options [String] :sdk_ua_app_id
294
+ # A unique and opaque application ID that is appended to the
295
+ # User-Agent header as app/<sdk_ua_app_id>. It should have a
296
+ # maximum length of 50.
297
+ #
267
298
  # @option options [String] :secret_access_key
268
299
  #
269
300
  # @option options [String] :session_token
@@ -287,6 +318,19 @@ module Aws::CloudTrail
287
318
  # ** Please note ** When response stubbing is enabled, no HTTP
288
319
  # requests are made, and retries are disabled.
289
320
  #
321
+ # @option options [Aws::TokenProvider] :token_provider
322
+ # A Bearer Token Provider. This can be an instance of any one of the
323
+ # following classes:
324
+ #
325
+ # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
326
+ # tokens.
327
+ #
328
+ # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
329
+ # access token generated from `aws login`.
330
+ #
331
+ # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
332
+ # will be used to search for tokens configured for your profile in shared configuration files.
333
+ #
290
334
  # @option options [Boolean] :use_dualstack_endpoint
291
335
  # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
292
336
  # will be used if available.
@@ -300,6 +344,9 @@ module Aws::CloudTrail
300
344
  # When `true`, request parameters are validated before
301
345
  # sending the request.
302
346
  #
347
+ # @option options [Aws::CloudTrail::EndpointProvider] :endpoint_provider
348
+ # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::CloudTrail::EndpointParameters`
349
+ #
303
350
  # @option options [URI::HTTP,String] :http_proxy A proxy to send
304
351
  # requests through. Formatted like 'http://proxy.com:123'.
305
352
  #
@@ -307,7 +354,7 @@ module Aws::CloudTrail
307
354
  # seconds to wait when opening a HTTP session before raising a
308
355
  # `Timeout::Error`.
309
356
  #
310
- # @option options [Integer] :http_read_timeout (60) The default
357
+ # @option options [Float] :http_read_timeout (60) The default
311
358
  # number of seconds to wait for response data. This value can
312
359
  # safely be set per-request on the session.
313
360
  #
@@ -323,6 +370,9 @@ module Aws::CloudTrail
323
370
  # disables this behaviour. This value can safely be set per
324
371
  # request on the session.
325
372
  #
373
+ # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
374
+ # in seconds.
375
+ #
326
376
  # @option options [Boolean] :http_wire_trace (false) When `true`,
327
377
  # HTTP debug output will be sent to the `:logger`.
328
378
  #
@@ -348,22 +398,30 @@ module Aws::CloudTrail
348
398
 
349
399
  # @!group API Operations
350
400
 
351
- # Adds one or more tags to a trail, up to a limit of 50. Overwrites an
352
- # existing tag's value when a new value is specified for an existing
353
- # tag key. Tag key names must be unique for a trail; you cannot have two
354
- # keys with the same name but different values. If you specify a key
355
- # without a value, the tag will be created with the specified key and a
356
- # value of null. You can tag a trail that applies to all Amazon Web
357
- # Services Regions only from the Region in which the trail was created
358
- # (also known as its home region).
401
+ # Adds one or more tags to a trail, event data store, or channel, up to
402
+ # a limit of 50. Overwrites an existing tag's value when a new value is
403
+ # specified for an existing tag key. Tag key names must be unique; you
404
+ # cannot have two keys with the same name but different values. If you
405
+ # specify a key without a value, the tag will be created with the
406
+ # specified key and a value of null. You can tag a trail or event data
407
+ # store that applies to all Amazon Web Services Regions only from the
408
+ # Region in which the trail or event data store was created (also known
409
+ # as its home Region).
359
410
  #
360
411
  # @option params [required, String] :resource_id
361
- # Specifies the ARN of the trail to which one or more tags will be
362
- # added. The format of a trail ARN is:
412
+ # Specifies the ARN of the trail, event data store, or channel to which
413
+ # one or more tags will be added.
363
414
  #
415
+ # The format of a trail ARN is:
364
416
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
365
417
  #
366
- # @option params [Array<Types::Tag>] :tags_list
418
+ # The format of an event data store ARN is:
419
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
420
+ #
421
+ # The format of a channel ARN is:
422
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
423
+ #
424
+ # @option params [required, Array<Types::Tag>] :tags_list
367
425
  # Contains a list of tags, up to a limit of 50
368
426
  #
369
427
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -372,10 +430,10 @@ module Aws::CloudTrail
372
430
  #
373
431
  # resp = client.add_tags({
374
432
  # resource_id: "String", # required
375
- # tags_list: [
433
+ # tags_list: [ # required
376
434
  # {
377
- # key: "String", # required
378
- # value: "String",
435
+ # key: "TagKey", # required
436
+ # value: "TagValue",
379
437
  # },
380
438
  # ],
381
439
  # })
@@ -389,6 +447,312 @@ module Aws::CloudTrail
389
447
  req.send_request(options)
390
448
  end
391
449
 
450
+ # Cancels a query if the query is not in a terminated state, such as
451
+ # `CANCELLED`, `FAILED`, `TIMED_OUT`, or `FINISHED`. You must specify an
452
+ # ARN value for `EventDataStore`. The ID of the query that you want to
453
+ # cancel is also required. When you run `CancelQuery`, the query status
454
+ # might show as `CANCELLED` even if the operation is not yet finished.
455
+ #
456
+ # @option params [String] :event_data_store
457
+ # The ARN (or the ID suffix of the ARN) of an event data store on which
458
+ # the specified query is running.
459
+ #
460
+ # @option params [required, String] :query_id
461
+ # The ID of the query that you want to cancel. The `QueryId` comes from
462
+ # the response of a `StartQuery` operation.
463
+ #
464
+ # @return [Types::CancelQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
465
+ #
466
+ # * {Types::CancelQueryResponse#query_id #query_id} => String
467
+ # * {Types::CancelQueryResponse#query_status #query_status} => String
468
+ #
469
+ # @example Request syntax with placeholder values
470
+ #
471
+ # resp = client.cancel_query({
472
+ # event_data_store: "EventDataStoreArn",
473
+ # query_id: "UUID", # required
474
+ # })
475
+ #
476
+ # @example Response structure
477
+ #
478
+ # resp.query_id #=> String
479
+ # resp.query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED", "TIMED_OUT"
480
+ #
481
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CancelQuery AWS API Documentation
482
+ #
483
+ # @overload cancel_query(params = {})
484
+ # @param [Hash] params ({})
485
+ def cancel_query(params = {}, options = {})
486
+ req = build_request(:cancel_query, params)
487
+ req.send_request(options)
488
+ end
489
+
490
+ # Creates a channel for CloudTrail to ingest events from a partner or
491
+ # external source. After you create a channel, a CloudTrail Lake event
492
+ # data store can log events from the partner or source that you specify.
493
+ #
494
+ # @option params [required, String] :name
495
+ # The name of the channel.
496
+ #
497
+ # @option params [required, String] :source
498
+ # The name of the partner or external event source. You cannot change
499
+ # this name after you create the channel. A maximum of one channel is
500
+ # allowed per source.
501
+ #
502
+ # A source can be either `Custom` for all valid non-Amazon Web Services
503
+ # events, or the name of a partner event source. For information about
504
+ # the source names for available partners, see [Additional information
505
+ # about integration partners][1] in the CloudTrail User Guide.
506
+ #
507
+ #
508
+ #
509
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store-integration.html#cloudtrail-lake-partner-information
510
+ #
511
+ # @option params [required, Array<Types::Destination>] :destinations
512
+ # One or more event data stores to which events arriving through a
513
+ # channel will be logged.
514
+ #
515
+ # @option params [Array<Types::Tag>] :tags
516
+ # A list of tags.
517
+ #
518
+ # @return [Types::CreateChannelResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
519
+ #
520
+ # * {Types::CreateChannelResponse#channel_arn #channel_arn} => String
521
+ # * {Types::CreateChannelResponse#name #name} => String
522
+ # * {Types::CreateChannelResponse#source #source} => String
523
+ # * {Types::CreateChannelResponse#destinations #destinations} => Array&lt;Types::Destination&gt;
524
+ # * {Types::CreateChannelResponse#tags #tags} => Array&lt;Types::Tag&gt;
525
+ #
526
+ # @example Request syntax with placeholder values
527
+ #
528
+ # resp = client.create_channel({
529
+ # name: "ChannelName", # required
530
+ # source: "Source", # required
531
+ # destinations: [ # required
532
+ # {
533
+ # type: "EVENT_DATA_STORE", # required, accepts EVENT_DATA_STORE, AWS_SERVICE
534
+ # location: "Location", # required
535
+ # },
536
+ # ],
537
+ # tags: [
538
+ # {
539
+ # key: "TagKey", # required
540
+ # value: "TagValue",
541
+ # },
542
+ # ],
543
+ # })
544
+ #
545
+ # @example Response structure
546
+ #
547
+ # resp.channel_arn #=> String
548
+ # resp.name #=> String
549
+ # resp.source #=> String
550
+ # resp.destinations #=> Array
551
+ # resp.destinations[0].type #=> String, one of "EVENT_DATA_STORE", "AWS_SERVICE"
552
+ # resp.destinations[0].location #=> String
553
+ # resp.tags #=> Array
554
+ # resp.tags[0].key #=> String
555
+ # resp.tags[0].value #=> String
556
+ #
557
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateChannel AWS API Documentation
558
+ #
559
+ # @overload create_channel(params = {})
560
+ # @param [Hash] params ({})
561
+ def create_channel(params = {}, options = {})
562
+ req = build_request(:create_channel, params)
563
+ req.send_request(options)
564
+ end
565
+
566
+ # Creates a new event data store.
567
+ #
568
+ # @option params [required, String] :name
569
+ # The name of the event data store.
570
+ #
571
+ # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
572
+ # The advanced event selectors to use to select the events for the data
573
+ # store. You can configure up to five advanced event selectors for each
574
+ # event data store.
575
+ #
576
+ # For more information about how to use advanced event selectors to log
577
+ # CloudTrail events, see [Log events by using advanced event
578
+ # selectors][1] in the CloudTrail User Guide.
579
+ #
580
+ # For more information about how to use advanced event selectors to
581
+ # include Config configuration items in your event data store, see
582
+ # [Create an event data store for Config configuration items][2] in the
583
+ # CloudTrail User Guide.
584
+ #
585
+ # For more information about how to use advanced event selectors to
586
+ # include non-Amazon Web Services events in your event data store, see
587
+ # [Create an integration to log events from outside Amazon Web
588
+ # Services][3] in the CloudTrail User Guide.
589
+ #
590
+ #
591
+ #
592
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced
593
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-eds-config
594
+ # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-integration
595
+ #
596
+ # @option params [Boolean] :multi_region_enabled
597
+ # Specifies whether the event data store includes events from all
598
+ # Regions, or only from the Region in which the event data store is
599
+ # created.
600
+ #
601
+ # @option params [Boolean] :organization_enabled
602
+ # Specifies whether an event data store collects events logged for an
603
+ # organization in Organizations.
604
+ #
605
+ # @option params [Integer] :retention_period
606
+ # The retention period of the event data store, in days. You can set a
607
+ # retention period of up to 2557 days, the equivalent of seven years.
608
+ # CloudTrail Lake determines whether to retain an event by checking if
609
+ # the `eventTime` of the event is within the specified retention period.
610
+ # For example, if you set a retention period of 90 days, CloudTrail will
611
+ # remove events when the `eventTime` is older than 90 days.
612
+ #
613
+ # <note markdown="1"> If you plan to copy trail events to this event data store, we
614
+ # recommend that you consider both the age of the events that you want
615
+ # to copy as well as how long you want to keep the copied events in your
616
+ # event data store. For example, if you copy trail events that are 5
617
+ # years old and specify a retention period of 7 years, the event data
618
+ # store will retain those events for two years.
619
+ #
620
+ # </note>
621
+ #
622
+ # @option params [Boolean] :termination_protection_enabled
623
+ # Specifies whether termination protection is enabled for the event data
624
+ # store. If termination protection is enabled, you cannot delete the
625
+ # event data store until termination protection is disabled.
626
+ #
627
+ # @option params [Array<Types::Tag>] :tags_list
628
+ # A list of tags.
629
+ #
630
+ # @option params [String] :kms_key_id
631
+ # Specifies the KMS key ID to use to encrypt the events delivered by
632
+ # CloudTrail. The value can be an alias name prefixed by `alias/`, a
633
+ # fully specified ARN to an alias, a fully specified ARN to a key, or a
634
+ # globally unique identifier.
635
+ #
636
+ # Disabling or deleting the KMS key, or removing CloudTrail permissions
637
+ # on the key, prevents CloudTrail from logging events to the event data
638
+ # store, and prevents users from querying the data in the event data
639
+ # store that was encrypted with the key. After you associate an event
640
+ # data store with a KMS key, the KMS key cannot be removed or changed.
641
+ # Before you disable or delete a KMS key that you are using with an
642
+ # event data store, delete or back up your event data store.
643
+ #
644
+ # CloudTrail also supports KMS multi-Region keys. For more information
645
+ # about multi-Region keys, see [Using multi-Region keys][1] in the *Key
646
+ # Management Service Developer Guide*.
647
+ #
648
+ # Examples:
649
+ #
650
+ # * `alias/MyAliasName`
651
+ #
652
+ # * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
653
+ #
654
+ # * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
655
+ #
656
+ # * `12345678-1234-1234-1234-123456789012`
657
+ #
658
+ #
659
+ #
660
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
661
+ #
662
+ # @option params [Boolean] :start_ingestion
663
+ # Specifies whether the event data store should start ingesting live
664
+ # events. The default is true.
665
+ #
666
+ # @return [Types::CreateEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
667
+ #
668
+ # * {Types::CreateEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
669
+ # * {Types::CreateEventDataStoreResponse#name #name} => String
670
+ # * {Types::CreateEventDataStoreResponse#status #status} => String
671
+ # * {Types::CreateEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
672
+ # * {Types::CreateEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
673
+ # * {Types::CreateEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
674
+ # * {Types::CreateEventDataStoreResponse#retention_period #retention_period} => Integer
675
+ # * {Types::CreateEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
676
+ # * {Types::CreateEventDataStoreResponse#tags_list #tags_list} => Array&lt;Types::Tag&gt;
677
+ # * {Types::CreateEventDataStoreResponse#created_timestamp #created_timestamp} => Time
678
+ # * {Types::CreateEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
679
+ # * {Types::CreateEventDataStoreResponse#kms_key_id #kms_key_id} => String
680
+ #
681
+ # @example Request syntax with placeholder values
682
+ #
683
+ # resp = client.create_event_data_store({
684
+ # name: "EventDataStoreName", # required
685
+ # advanced_event_selectors: [
686
+ # {
687
+ # name: "SelectorName",
688
+ # field_selectors: [ # required
689
+ # {
690
+ # field: "SelectorField", # required
691
+ # equals: ["OperatorValue"],
692
+ # starts_with: ["OperatorValue"],
693
+ # ends_with: ["OperatorValue"],
694
+ # not_equals: ["OperatorValue"],
695
+ # not_starts_with: ["OperatorValue"],
696
+ # not_ends_with: ["OperatorValue"],
697
+ # },
698
+ # ],
699
+ # },
700
+ # ],
701
+ # multi_region_enabled: false,
702
+ # organization_enabled: false,
703
+ # retention_period: 1,
704
+ # termination_protection_enabled: false,
705
+ # tags_list: [
706
+ # {
707
+ # key: "TagKey", # required
708
+ # value: "TagValue",
709
+ # },
710
+ # ],
711
+ # kms_key_id: "EventDataStoreKmsKeyId",
712
+ # start_ingestion: false,
713
+ # })
714
+ #
715
+ # @example Response structure
716
+ #
717
+ # resp.event_data_store_arn #=> String
718
+ # resp.name #=> String
719
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION", "STARTING_INGESTION", "STOPPING_INGESTION", "STOPPED_INGESTION"
720
+ # resp.advanced_event_selectors #=> Array
721
+ # resp.advanced_event_selectors[0].name #=> String
722
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
723
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
724
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
725
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
726
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
727
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
728
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
729
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
730
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
731
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
732
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
733
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
734
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
735
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
736
+ # resp.multi_region_enabled #=> Boolean
737
+ # resp.organization_enabled #=> Boolean
738
+ # resp.retention_period #=> Integer
739
+ # resp.termination_protection_enabled #=> Boolean
740
+ # resp.tags_list #=> Array
741
+ # resp.tags_list[0].key #=> String
742
+ # resp.tags_list[0].value #=> String
743
+ # resp.created_timestamp #=> Time
744
+ # resp.updated_timestamp #=> Time
745
+ # resp.kms_key_id #=> String
746
+ #
747
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateEventDataStore AWS API Documentation
748
+ #
749
+ # @overload create_event_data_store(params = {})
750
+ # @param [Hash] params ({})
751
+ def create_event_data_store(params = {}, options = {})
752
+ req = build_request(:create_event_data_store, params)
753
+ req.send_request(options)
754
+ end
755
+
392
756
  # Creates a trail that specifies the settings for delivery of log data
393
757
  # to an Amazon S3 bucket.
394
758
  #
@@ -435,10 +799,10 @@ module Aws::CloudTrail
435
799
  # such as IAM to the log files.
436
800
  #
437
801
  # @option params [Boolean] :is_multi_region_trail
438
- # Specifies whether the trail is created in the current region or in all
439
- # regions. The default is false, which creates a trail only in the
440
- # region where you are signed in. As a best practice, consider creating
441
- # trails that log events in all regions.
802
+ # Specifies whether the trail is created in the current Region or in all
803
+ # Regions. The default is false, which creates a trail only in the
804
+ # Region where you are signed in. As a best practice, consider creating
805
+ # trails that log events in all Regions.
442
806
  #
443
807
  # @option params [Boolean] :enable_log_file_validation
444
808
  # Specifies whether log file integrity validation is enabled. The
@@ -459,16 +823,19 @@ module Aws::CloudTrail
459
823
  # @option params [String] :cloud_watch_logs_log_group_arn
460
824
  # Specifies a log group name using an Amazon Resource Name (ARN), a
461
825
  # unique identifier that represents the log group to which CloudTrail
462
- # logs will be delivered. Not required unless you specify
463
- # `CloudWatchLogsRoleArn`.
826
+ # logs will be delivered. You must use a log group that exists in your
827
+ # account.
828
+ #
829
+ # Not required unless you specify `CloudWatchLogsRoleArn`.
464
830
  #
465
831
  # @option params [String] :cloud_watch_logs_role_arn
466
832
  # Specifies the role for the CloudWatch Logs endpoint to assume to write
467
- # to a user's log group.
833
+ # to a user's log group. You must use a role that exists in your
834
+ # account.
468
835
  #
469
836
  # @option params [String] :kms_key_id
470
837
  # Specifies the KMS key ID to use to encrypt the logs delivered by
471
- # CloudTrail. The value can be an alias name prefixed by "alias/", a
838
+ # CloudTrail. The value can be an alias name prefixed by `alias/`, a
472
839
  # fully specified ARN to an alias, a fully specified ARN to a key, or a
473
840
  # globally unique identifier.
474
841
  #
@@ -478,13 +845,13 @@ module Aws::CloudTrail
478
845
  #
479
846
  # Examples:
480
847
  #
481
- # * alias/MyAliasName
848
+ # * `alias/MyAliasName`
482
849
  #
483
- # * arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
850
+ # * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
484
851
  #
485
- # * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
852
+ # * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
486
853
  #
487
- # * 12345678-1234-1234-1234-123456789012
854
+ # * `12345678-1234-1234-1234-123456789012`
488
855
  #
489
856
  #
490
857
  #
@@ -495,7 +862,8 @@ module Aws::CloudTrail
495
862
  # organization in Organizations, or only for the current Amazon Web
496
863
  # Services account. The default is false, and cannot be true unless the
497
864
  # call is made on behalf of an Amazon Web Services account that is the
498
- # management account for an organization in Organizations.
865
+ # management account or delegated administrator account for an
866
+ # organization in Organizations.
499
867
  #
500
868
  # @option params [Array<Types::Tag>] :tags_list
501
869
  # A list of tags.
@@ -532,8 +900,8 @@ module Aws::CloudTrail
532
900
  # is_organization_trail: false,
533
901
  # tags_list: [
534
902
  # {
535
- # key: "String", # required
536
- # value: "String",
903
+ # key: "TagKey", # required
904
+ # value: "TagValue",
537
905
  # },
538
906
  # ],
539
907
  # })
@@ -563,10 +931,92 @@ module Aws::CloudTrail
563
931
  req.send_request(options)
564
932
  end
565
933
 
566
- # Deletes a trail. This operation must be called from the region in
934
+ # Deletes a channel.
935
+ #
936
+ # @option params [required, String] :channel
937
+ # The ARN or the `UUID` value of the channel that you want to delete.
938
+ #
939
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
940
+ #
941
+ # @example Request syntax with placeholder values
942
+ #
943
+ # resp = client.delete_channel({
944
+ # channel: "ChannelArn", # required
945
+ # })
946
+ #
947
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteChannel AWS API Documentation
948
+ #
949
+ # @overload delete_channel(params = {})
950
+ # @param [Hash] params ({})
951
+ def delete_channel(params = {}, options = {})
952
+ req = build_request(:delete_channel, params)
953
+ req.send_request(options)
954
+ end
955
+
956
+ # Disables the event data store specified by `EventDataStore`, which
957
+ # accepts an event data store ARN. After you run `DeleteEventDataStore`,
958
+ # the event data store enters a `PENDING_DELETION` state, and is
959
+ # automatically deleted after a wait period of seven days.
960
+ # `TerminationProtectionEnabled` must be set to `False` on the event
961
+ # data store; this operation cannot work if
962
+ # `TerminationProtectionEnabled` is `True`.
963
+ #
964
+ # After you run `DeleteEventDataStore` on an event data store, you
965
+ # cannot run `ListQueries`, `DescribeQuery`, or `GetQueryResults` on
966
+ # queries that are using an event data store in a `PENDING_DELETION`
967
+ # state. An event data store in the `PENDING_DELETION` state does not
968
+ # incur costs.
969
+ #
970
+ # @option params [required, String] :event_data_store
971
+ # The ARN (or the ID suffix of the ARN) of the event data store to
972
+ # delete.
973
+ #
974
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
975
+ #
976
+ # @example Request syntax with placeholder values
977
+ #
978
+ # resp = client.delete_event_data_store({
979
+ # event_data_store: "EventDataStoreArn", # required
980
+ # })
981
+ #
982
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteEventDataStore AWS API Documentation
983
+ #
984
+ # @overload delete_event_data_store(params = {})
985
+ # @param [Hash] params ({})
986
+ def delete_event_data_store(params = {}, options = {})
987
+ req = build_request(:delete_event_data_store, params)
988
+ req.send_request(options)
989
+ end
990
+
991
+ # Deletes the resource-based policy attached to the CloudTrail channel.
992
+ #
993
+ # @option params [required, String] :resource_arn
994
+ # The Amazon Resource Name (ARN) of the CloudTrail channel you're
995
+ # deleting the resource-based policy from. The following is the format
996
+ # of a resource ARN:
997
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
998
+ #
999
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1000
+ #
1001
+ # @example Request syntax with placeholder values
1002
+ #
1003
+ # resp = client.delete_resource_policy({
1004
+ # resource_arn: "ResourceArn", # required
1005
+ # })
1006
+ #
1007
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteResourcePolicy AWS API Documentation
1008
+ #
1009
+ # @overload delete_resource_policy(params = {})
1010
+ # @param [Hash] params ({})
1011
+ def delete_resource_policy(params = {}, options = {})
1012
+ req = build_request(:delete_resource_policy, params)
1013
+ req.send_request(options)
1014
+ end
1015
+
1016
+ # Deletes a trail. This operation must be called from the Region in
567
1017
  # which the trail was created. `DeleteTrail` cannot be called on the
568
- # shadow trails (replicated trails in other regions) of a trail that is
569
- # enabled in all regions.
1018
+ # shadow trails (replicated trails in other Regions) of a trail that is
1019
+ # enabled in all Regions.
570
1020
  #
571
1021
  # @option params [required, String] :name
572
1022
  # Specifies the name or the CloudTrail ARN of the trail to be deleted.
@@ -590,8 +1040,93 @@ module Aws::CloudTrail
590
1040
  req.send_request(options)
591
1041
  end
592
1042
 
1043
+ # Removes CloudTrail delegated administrator permissions from a member
1044
+ # account in an organization.
1045
+ #
1046
+ # @option params [required, String] :delegated_admin_account_id
1047
+ # A delegated administrator account ID. This is a member account in an
1048
+ # organization that is currently designated as a delegated
1049
+ # administrator.
1050
+ #
1051
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1052
+ #
1053
+ # @example Request syntax with placeholder values
1054
+ #
1055
+ # resp = client.deregister_organization_delegated_admin({
1056
+ # delegated_admin_account_id: "AccountId", # required
1057
+ # })
1058
+ #
1059
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeregisterOrganizationDelegatedAdmin AWS API Documentation
1060
+ #
1061
+ # @overload deregister_organization_delegated_admin(params = {})
1062
+ # @param [Hash] params ({})
1063
+ def deregister_organization_delegated_admin(params = {}, options = {})
1064
+ req = build_request(:deregister_organization_delegated_admin, params)
1065
+ req.send_request(options)
1066
+ end
1067
+
1068
+ # Returns metadata about a query, including query run time in
1069
+ # milliseconds, number of events scanned and matched, and query status.
1070
+ # If the query results were delivered to an S3 bucket, the response also
1071
+ # provides the S3 URI and the delivery status.
1072
+ #
1073
+ # You must specify either a `QueryID` or a `QueryAlias`. Specifying the
1074
+ # `QueryAlias` parameter returns information about the last query run
1075
+ # for the alias.
1076
+ #
1077
+ # @option params [String] :event_data_store
1078
+ # The ARN (or the ID suffix of the ARN) of an event data store on which
1079
+ # the specified query was run.
1080
+ #
1081
+ # @option params [String] :query_id
1082
+ # The query ID.
1083
+ #
1084
+ # @option params [String] :query_alias
1085
+ # The alias that identifies a query template.
1086
+ #
1087
+ # @return [Types::DescribeQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1088
+ #
1089
+ # * {Types::DescribeQueryResponse#query_id #query_id} => String
1090
+ # * {Types::DescribeQueryResponse#query_string #query_string} => String
1091
+ # * {Types::DescribeQueryResponse#query_status #query_status} => String
1092
+ # * {Types::DescribeQueryResponse#query_statistics #query_statistics} => Types::QueryStatisticsForDescribeQuery
1093
+ # * {Types::DescribeQueryResponse#error_message #error_message} => String
1094
+ # * {Types::DescribeQueryResponse#delivery_s3_uri #delivery_s3_uri} => String
1095
+ # * {Types::DescribeQueryResponse#delivery_status #delivery_status} => String
1096
+ #
1097
+ # @example Request syntax with placeholder values
1098
+ #
1099
+ # resp = client.describe_query({
1100
+ # event_data_store: "EventDataStoreArn",
1101
+ # query_id: "UUID",
1102
+ # query_alias: "QueryAlias",
1103
+ # })
1104
+ #
1105
+ # @example Response structure
1106
+ #
1107
+ # resp.query_id #=> String
1108
+ # resp.query_string #=> String
1109
+ # resp.query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED", "TIMED_OUT"
1110
+ # resp.query_statistics.events_matched #=> Integer
1111
+ # resp.query_statistics.events_scanned #=> Integer
1112
+ # resp.query_statistics.bytes_scanned #=> Integer
1113
+ # resp.query_statistics.execution_time_in_millis #=> Integer
1114
+ # resp.query_statistics.creation_time #=> Time
1115
+ # resp.error_message #=> String
1116
+ # resp.delivery_s3_uri #=> String
1117
+ # resp.delivery_status #=> String, one of "SUCCESS", "FAILED", "FAILED_SIGNING_FILE", "PENDING", "RESOURCE_NOT_FOUND", "ACCESS_DENIED", "ACCESS_DENIED_SIGNING_FILE", "CANCELLED", "UNKNOWN"
1118
+ #
1119
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeQuery AWS API Documentation
1120
+ #
1121
+ # @overload describe_query(params = {})
1122
+ # @param [Hash] params ({})
1123
+ def describe_query(params = {}, options = {})
1124
+ req = build_request(:describe_query, params)
1125
+ req.send_request(options)
1126
+ end
1127
+
593
1128
  # Retrieves settings for one or more trails associated with the current
594
- # region for your account.
1129
+ # Region for your account.
595
1130
  #
596
1131
  # @option params [Array<String>] :trail_name_list
597
1132
  # Specifies a list of trail names, trail ARNs, or both, of the trails to
@@ -600,29 +1135,29 @@ module Aws::CloudTrail
600
1135
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
601
1136
  #
602
1137
  # If an empty list is specified, information for the trail in the
603
- # current region is returned.
1138
+ # current Region is returned.
604
1139
  #
605
1140
  # * If an empty list is specified and `IncludeShadowTrails` is false,
606
- # then information for all trails in the current region is returned.
1141
+ # then information for all trails in the current Region is returned.
607
1142
  #
608
1143
  # * If an empty list is specified and IncludeShadowTrails is null or
609
- # true, then information for all trails in the current region and any
610
- # associated shadow trails in other regions is returned.
1144
+ # true, then information for all trails in the current Region and any
1145
+ # associated shadow trails in other Regions is returned.
611
1146
  #
612
1147
  # <note markdown="1"> If one or more trail names are specified, information is returned only
613
1148
  # if the names match the names of trails belonging only to the current
614
- # region. To return information about a trail in another region, you
615
- # must specify its trail ARN.
1149
+ # Region and current account. To return information about a trail in
1150
+ # another Region, you must specify its trail ARN.
616
1151
  #
617
1152
  # </note>
618
1153
  #
619
1154
  # @option params [Boolean] :include_shadow_trails
620
1155
  # Specifies whether to include shadow trails in the response. A shadow
621
- # trail is the replication in a region of a trail that was created in a
622
- # different region, or in the case of an organization trail, the
1156
+ # trail is the replication in a Region of a trail that was created in a
1157
+ # different Region, or in the case of an organization trail, the
623
1158
  # replication of an organization trail in member accounts. If you do not
624
1159
  # include shadow trails, organization trails in a member account and
625
- # region replication trails will not be returned. The default is true.
1160
+ # Region replication trails will not be returned. The default is true.
626
1161
  #
627
1162
  # @return [Types::DescribeTrailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
628
1163
  #
@@ -664,43 +1199,173 @@ module Aws::CloudTrail
664
1199
  req.send_request(options)
665
1200
  end
666
1201
 
667
- # Describes the settings for the event selectors that you configured for
668
- # your trail. The information returned for your event selectors includes
669
- # the following:
1202
+ # Returns information about a specific channel.
670
1203
  #
671
- # * If your event selector includes read-only events, write-only events,
672
- # or all events. This applies to both management events and data
673
- # events.
674
- #
675
- # * If your event selector includes management events.
676
- #
677
- # * If your event selector includes data events, the resources on which
678
- # you are logging data events.
679
- #
680
- # For more information, see [Logging Data and Management Events for
681
- # Trails ][1] in the *CloudTrail User Guide*.
1204
+ # @option params [required, String] :channel
1205
+ # The ARN or `UUID` of a channel.
682
1206
  #
1207
+ # @return [Types::GetChannelResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
683
1208
  #
1209
+ # * {Types::GetChannelResponse#channel_arn #channel_arn} => String
1210
+ # * {Types::GetChannelResponse#name #name} => String
1211
+ # * {Types::GetChannelResponse#source #source} => String
1212
+ # * {Types::GetChannelResponse#source_config #source_config} => Types::SourceConfig
1213
+ # * {Types::GetChannelResponse#destinations #destinations} => Array&lt;Types::Destination&gt;
1214
+ # * {Types::GetChannelResponse#ingestion_status #ingestion_status} => Types::IngestionStatus
684
1215
  #
685
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
1216
+ # @example Request syntax with placeholder values
686
1217
  #
687
- # @option params [required, String] :trail_name
688
- # Specifies the name of the trail or trail ARN. If you specify a trail
689
- # name, the string must meet the following requirements:
1218
+ # resp = client.get_channel({
1219
+ # channel: "ChannelArn", # required
1220
+ # })
690
1221
  #
691
- # * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
692
- # underscores (\_), or dashes (-)
1222
+ # @example Response structure
693
1223
  #
694
- # * Start with a letter or number, and end with a letter or number
1224
+ # resp.channel_arn #=> String
1225
+ # resp.name #=> String
1226
+ # resp.source #=> String
1227
+ # resp.source_config.apply_to_all_regions #=> Boolean
1228
+ # resp.source_config.advanced_event_selectors #=> Array
1229
+ # resp.source_config.advanced_event_selectors[0].name #=> String
1230
+ # resp.source_config.advanced_event_selectors[0].field_selectors #=> Array
1231
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].field #=> String
1232
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].equals #=> Array
1233
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
1234
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
1235
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
1236
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
1237
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
1238
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
1239
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
1240
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
1241
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
1242
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
1243
+ # resp.source_config.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
1244
+ # resp.destinations #=> Array
1245
+ # resp.destinations[0].type #=> String, one of "EVENT_DATA_STORE", "AWS_SERVICE"
1246
+ # resp.destinations[0].location #=> String
1247
+ # resp.ingestion_status.latest_ingestion_success_time #=> Time
1248
+ # resp.ingestion_status.latest_ingestion_success_event_id #=> String
1249
+ # resp.ingestion_status.latest_ingestion_error_code #=> String
1250
+ # resp.ingestion_status.latest_ingestion_attempt_time #=> Time
1251
+ # resp.ingestion_status.latest_ingestion_attempt_event_id #=> String
1252
+ #
1253
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetChannel AWS API Documentation
1254
+ #
1255
+ # @overload get_channel(params = {})
1256
+ # @param [Hash] params ({})
1257
+ def get_channel(params = {}, options = {})
1258
+ req = build_request(:get_channel, params)
1259
+ req.send_request(options)
1260
+ end
1261
+
1262
+ # Returns information about an event data store specified as either an
1263
+ # ARN or the ID portion of the ARN.
1264
+ #
1265
+ # @option params [required, String] :event_data_store
1266
+ # The ARN (or ID suffix of the ARN) of the event data store about which
1267
+ # you want information.
1268
+ #
1269
+ # @return [Types::GetEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1270
+ #
1271
+ # * {Types::GetEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
1272
+ # * {Types::GetEventDataStoreResponse#name #name} => String
1273
+ # * {Types::GetEventDataStoreResponse#status #status} => String
1274
+ # * {Types::GetEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
1275
+ # * {Types::GetEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
1276
+ # * {Types::GetEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
1277
+ # * {Types::GetEventDataStoreResponse#retention_period #retention_period} => Integer
1278
+ # * {Types::GetEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
1279
+ # * {Types::GetEventDataStoreResponse#created_timestamp #created_timestamp} => Time
1280
+ # * {Types::GetEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
1281
+ # * {Types::GetEventDataStoreResponse#kms_key_id #kms_key_id} => String
695
1282
  #
696
- # * Be between 3 and 128 characters
1283
+ # @example Request syntax with placeholder values
697
1284
  #
698
- # * Have no adjacent periods, underscores or dashes. Names like
699
- # `my-_namespace` and `my--namespace` are not valid.
1285
+ # resp = client.get_event_data_store({
1286
+ # event_data_store: "EventDataStoreArn", # required
1287
+ # })
700
1288
  #
701
- # * Not be in IP address format (for example, 192.168.5.4)
1289
+ # @example Response structure
702
1290
  #
703
- # If you specify a trail ARN, it must be in the format:
1291
+ # resp.event_data_store_arn #=> String
1292
+ # resp.name #=> String
1293
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION", "STARTING_INGESTION", "STOPPING_INGESTION", "STOPPED_INGESTION"
1294
+ # resp.advanced_event_selectors #=> Array
1295
+ # resp.advanced_event_selectors[0].name #=> String
1296
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
1297
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
1298
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
1299
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
1300
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
1301
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
1302
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
1303
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
1304
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
1305
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
1306
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
1307
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
1308
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
1309
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
1310
+ # resp.multi_region_enabled #=> Boolean
1311
+ # resp.organization_enabled #=> Boolean
1312
+ # resp.retention_period #=> Integer
1313
+ # resp.termination_protection_enabled #=> Boolean
1314
+ # resp.created_timestamp #=> Time
1315
+ # resp.updated_timestamp #=> Time
1316
+ # resp.kms_key_id #=> String
1317
+ #
1318
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStore AWS API Documentation
1319
+ #
1320
+ # @overload get_event_data_store(params = {})
1321
+ # @param [Hash] params ({})
1322
+ def get_event_data_store(params = {}, options = {})
1323
+ req = build_request(:get_event_data_store, params)
1324
+ req.send_request(options)
1325
+ end
1326
+
1327
+ # Describes the settings for the event selectors that you configured for
1328
+ # your trail. The information returned for your event selectors includes
1329
+ # the following:
1330
+ #
1331
+ # * If your event selector includes read-only events, write-only events,
1332
+ # or all events. This applies to both management events and data
1333
+ # events.
1334
+ #
1335
+ # * If your event selector includes management events.
1336
+ #
1337
+ # * If your event selector includes data events, the resources on which
1338
+ # you are logging data events.
1339
+ #
1340
+ # For more information about logging management and data events, see the
1341
+ # following topics in the *CloudTrail User Guide*:
1342
+ #
1343
+ # * [Logging management events][1]
1344
+ #
1345
+ # * [Logging data events][2]
1346
+ #
1347
+ #
1348
+ #
1349
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
1350
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
1351
+ #
1352
+ # @option params [required, String] :trail_name
1353
+ # Specifies the name of the trail or trail ARN. If you specify a trail
1354
+ # name, the string must meet the following requirements:
1355
+ #
1356
+ # * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
1357
+ # underscores (\_), or dashes (-)
1358
+ #
1359
+ # * Start with a letter or number, and end with a letter or number
1360
+ #
1361
+ # * Be between 3 and 128 characters
1362
+ #
1363
+ # * Have no adjacent periods, underscores or dashes. Names like
1364
+ # `my-_namespace` and `my--namespace` are not valid.
1365
+ #
1366
+ # * Not be in IP address format (for example, 192.168.5.4)
1367
+ #
1368
+ # If you specify a trail ARN, it must be in the format:
704
1369
  #
705
1370
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
706
1371
  #
@@ -754,6 +1419,57 @@ module Aws::CloudTrail
754
1419
  req.send_request(options)
755
1420
  end
756
1421
 
1422
+ # Returns information about a specific import.
1423
+ #
1424
+ # @option params [required, String] :import_id
1425
+ # The ID for the import.
1426
+ #
1427
+ # @return [Types::GetImportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1428
+ #
1429
+ # * {Types::GetImportResponse#import_id #import_id} => String
1430
+ # * {Types::GetImportResponse#destinations #destinations} => Array&lt;String&gt;
1431
+ # * {Types::GetImportResponse#import_source #import_source} => Types::ImportSource
1432
+ # * {Types::GetImportResponse#start_event_time #start_event_time} => Time
1433
+ # * {Types::GetImportResponse#end_event_time #end_event_time} => Time
1434
+ # * {Types::GetImportResponse#import_status #import_status} => String
1435
+ # * {Types::GetImportResponse#created_timestamp #created_timestamp} => Time
1436
+ # * {Types::GetImportResponse#updated_timestamp #updated_timestamp} => Time
1437
+ # * {Types::GetImportResponse#import_statistics #import_statistics} => Types::ImportStatistics
1438
+ #
1439
+ # @example Request syntax with placeholder values
1440
+ #
1441
+ # resp = client.get_import({
1442
+ # import_id: "UUID", # required
1443
+ # })
1444
+ #
1445
+ # @example Response structure
1446
+ #
1447
+ # resp.import_id #=> String
1448
+ # resp.destinations #=> Array
1449
+ # resp.destinations[0] #=> String
1450
+ # resp.import_source.s3.s3_location_uri #=> String
1451
+ # resp.import_source.s3.s3_bucket_region #=> String
1452
+ # resp.import_source.s3.s3_bucket_access_role_arn #=> String
1453
+ # resp.start_event_time #=> Time
1454
+ # resp.end_event_time #=> Time
1455
+ # resp.import_status #=> String, one of "INITIALIZING", "IN_PROGRESS", "FAILED", "STOPPED", "COMPLETED"
1456
+ # resp.created_timestamp #=> Time
1457
+ # resp.updated_timestamp #=> Time
1458
+ # resp.import_statistics.prefixes_found #=> Integer
1459
+ # resp.import_statistics.prefixes_completed #=> Integer
1460
+ # resp.import_statistics.files_completed #=> Integer
1461
+ # resp.import_statistics.events_completed #=> Integer
1462
+ # resp.import_statistics.failed_entries #=> Integer
1463
+ #
1464
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetImport AWS API Documentation
1465
+ #
1466
+ # @overload get_import(params = {})
1467
+ # @param [Hash] params ({})
1468
+ def get_import(params = {}, options = {})
1469
+ req = build_request(:get_import, params)
1470
+ req.send_request(options)
1471
+ end
1472
+
757
1473
  # Describes the settings for the Insights event selectors that you
758
1474
  # configured for your trail. `GetInsightSelectors` shows if CloudTrail
759
1475
  # Insights event logging is enabled on the trail, and if it is, which
@@ -814,6 +1530,96 @@ module Aws::CloudTrail
814
1530
  req.send_request(options)
815
1531
  end
816
1532
 
1533
+ # Gets event data results of a query. You must specify the `QueryID`
1534
+ # value returned by the `StartQuery` operation.
1535
+ #
1536
+ # @option params [String] :event_data_store
1537
+ # The ARN (or ID suffix of the ARN) of the event data store against
1538
+ # which the query was run.
1539
+ #
1540
+ # @option params [required, String] :query_id
1541
+ # The ID of the query for which you want to get results.
1542
+ #
1543
+ # @option params [String] :next_token
1544
+ # A token you can use to get the next page of query results.
1545
+ #
1546
+ # @option params [Integer] :max_query_results
1547
+ # The maximum number of query results to display on a single page.
1548
+ #
1549
+ # @return [Types::GetQueryResultsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1550
+ #
1551
+ # * {Types::GetQueryResultsResponse#query_status #query_status} => String
1552
+ # * {Types::GetQueryResultsResponse#query_statistics #query_statistics} => Types::QueryStatistics
1553
+ # * {Types::GetQueryResultsResponse#query_result_rows #query_result_rows} => Array&lt;Array&lt;Hash&lt;String,String&gt;&gt;&gt;
1554
+ # * {Types::GetQueryResultsResponse#next_token #next_token} => String
1555
+ # * {Types::GetQueryResultsResponse#error_message #error_message} => String
1556
+ #
1557
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1558
+ #
1559
+ # @example Request syntax with placeholder values
1560
+ #
1561
+ # resp = client.get_query_results({
1562
+ # event_data_store: "EventDataStoreArn",
1563
+ # query_id: "UUID", # required
1564
+ # next_token: "PaginationToken",
1565
+ # max_query_results: 1,
1566
+ # })
1567
+ #
1568
+ # @example Response structure
1569
+ #
1570
+ # resp.query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED", "TIMED_OUT"
1571
+ # resp.query_statistics.results_count #=> Integer
1572
+ # resp.query_statistics.total_results_count #=> Integer
1573
+ # resp.query_statistics.bytes_scanned #=> Integer
1574
+ # resp.query_result_rows #=> Array
1575
+ # resp.query_result_rows[0] #=> Array
1576
+ # resp.query_result_rows[0][0] #=> Hash
1577
+ # resp.query_result_rows[0][0]["QueryResultKey"] #=> String
1578
+ # resp.next_token #=> String
1579
+ # resp.error_message #=> String
1580
+ #
1581
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetQueryResults AWS API Documentation
1582
+ #
1583
+ # @overload get_query_results(params = {})
1584
+ # @param [Hash] params ({})
1585
+ def get_query_results(params = {}, options = {})
1586
+ req = build_request(:get_query_results, params)
1587
+ req.send_request(options)
1588
+ end
1589
+
1590
+ # Retrieves the JSON text of the resource-based policy document attached
1591
+ # to the CloudTrail channel.
1592
+ #
1593
+ # @option params [required, String] :resource_arn
1594
+ # The Amazon Resource Name (ARN) of the CloudTrail channel attached to
1595
+ # the resource-based policy. The following is the format of a resource
1596
+ # ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
1597
+ #
1598
+ # @return [Types::GetResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1599
+ #
1600
+ # * {Types::GetResourcePolicyResponse#resource_arn #resource_arn} => String
1601
+ # * {Types::GetResourcePolicyResponse#resource_policy #resource_policy} => String
1602
+ #
1603
+ # @example Request syntax with placeholder values
1604
+ #
1605
+ # resp = client.get_resource_policy({
1606
+ # resource_arn: "ResourceArn", # required
1607
+ # })
1608
+ #
1609
+ # @example Response structure
1610
+ #
1611
+ # resp.resource_arn #=> String
1612
+ # resp.resource_policy #=> String
1613
+ #
1614
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetResourcePolicy AWS API Documentation
1615
+ #
1616
+ # @overload get_resource_policy(params = {})
1617
+ # @param [Hash] params ({})
1618
+ def get_resource_policy(params = {}, options = {})
1619
+ req = build_request(:get_resource_policy, params)
1620
+ req.send_request(options)
1621
+ end
1622
+
817
1623
  # Returns settings information for a specified trail.
818
1624
  #
819
1625
  # @option params [required, String] :name
@@ -861,14 +1667,14 @@ module Aws::CloudTrail
861
1667
  # Returns a JSON-formatted list of information about the specified
862
1668
  # trail. Fields include information on delivery errors, Amazon SNS and
863
1669
  # Amazon S3 errors, and start and stop logging times for each trail.
864
- # This operation returns trail status from a single region. To return
865
- # trail status from all regions, you must call the operation on each
866
- # region.
1670
+ # This operation returns trail status from a single Region. To return
1671
+ # trail status from all Regions, you must call the operation on each
1672
+ # Region.
867
1673
  #
868
1674
  # @option params [required, String] :name
869
1675
  # Specifies the name or the CloudTrail ARN of the trail for which you
870
1676
  # are requesting status. To get the status of a shadow trail (a
871
- # replication of the trail in another region), you must specify its ARN.
1677
+ # replication of the trail in another Region), you must specify its ARN.
872
1678
  # The following is the format of a trail ARN.
873
1679
  #
874
1680
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
@@ -928,15 +1734,215 @@ module Aws::CloudTrail
928
1734
  req.send_request(options)
929
1735
  end
930
1736
 
1737
+ # Lists the channels in the current account, and their source names.
1738
+ #
1739
+ # @option params [Integer] :max_results
1740
+ # The maximum number of CloudTrail channels to display on a single page.
1741
+ #
1742
+ # @option params [String] :next_token
1743
+ # The token to use to get the next page of results after a previous API
1744
+ # call. This token must be passed in with the same parameters that were
1745
+ # specified in the original call. For example, if the original call
1746
+ # specified an AttributeKey of 'Username' with a value of 'root',
1747
+ # the call with NextToken should include those same parameters.
1748
+ #
1749
+ # @return [Types::ListChannelsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1750
+ #
1751
+ # * {Types::ListChannelsResponse#channels #channels} => Array&lt;Types::Channel&gt;
1752
+ # * {Types::ListChannelsResponse#next_token #next_token} => String
1753
+ #
1754
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1755
+ #
1756
+ # @example Request syntax with placeholder values
1757
+ #
1758
+ # resp = client.list_channels({
1759
+ # max_results: 1,
1760
+ # next_token: "PaginationToken",
1761
+ # })
1762
+ #
1763
+ # @example Response structure
1764
+ #
1765
+ # resp.channels #=> Array
1766
+ # resp.channels[0].channel_arn #=> String
1767
+ # resp.channels[0].name #=> String
1768
+ # resp.next_token #=> String
1769
+ #
1770
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListChannels AWS API Documentation
1771
+ #
1772
+ # @overload list_channels(params = {})
1773
+ # @param [Hash] params ({})
1774
+ def list_channels(params = {}, options = {})
1775
+ req = build_request(:list_channels, params)
1776
+ req.send_request(options)
1777
+ end
1778
+
1779
+ # Returns information about all event data stores in the account, in the
1780
+ # current Region.
1781
+ #
1782
+ # @option params [String] :next_token
1783
+ # A token you can use to get the next page of event data store results.
1784
+ #
1785
+ # @option params [Integer] :max_results
1786
+ # The maximum number of event data stores to display on a single page.
1787
+ #
1788
+ # @return [Types::ListEventDataStoresResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1789
+ #
1790
+ # * {Types::ListEventDataStoresResponse#event_data_stores #event_data_stores} => Array&lt;Types::EventDataStore&gt;
1791
+ # * {Types::ListEventDataStoresResponse#next_token #next_token} => String
1792
+ #
1793
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1794
+ #
1795
+ # @example Request syntax with placeholder values
1796
+ #
1797
+ # resp = client.list_event_data_stores({
1798
+ # next_token: "PaginationToken",
1799
+ # max_results: 1,
1800
+ # })
1801
+ #
1802
+ # @example Response structure
1803
+ #
1804
+ # resp.event_data_stores #=> Array
1805
+ # resp.event_data_stores[0].event_data_store_arn #=> String
1806
+ # resp.event_data_stores[0].name #=> String
1807
+ # resp.event_data_stores[0].termination_protection_enabled #=> Boolean
1808
+ # resp.event_data_stores[0].status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION", "STARTING_INGESTION", "STOPPING_INGESTION", "STOPPED_INGESTION"
1809
+ # resp.event_data_stores[0].advanced_event_selectors #=> Array
1810
+ # resp.event_data_stores[0].advanced_event_selectors[0].name #=> String
1811
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors #=> Array
1812
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].field #=> String
1813
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].equals #=> Array
1814
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
1815
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
1816
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
1817
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
1818
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
1819
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
1820
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
1821
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
1822
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
1823
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
1824
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
1825
+ # resp.event_data_stores[0].multi_region_enabled #=> Boolean
1826
+ # resp.event_data_stores[0].organization_enabled #=> Boolean
1827
+ # resp.event_data_stores[0].retention_period #=> Integer
1828
+ # resp.event_data_stores[0].created_timestamp #=> Time
1829
+ # resp.event_data_stores[0].updated_timestamp #=> Time
1830
+ # resp.next_token #=> String
1831
+ #
1832
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListEventDataStores AWS API Documentation
1833
+ #
1834
+ # @overload list_event_data_stores(params = {})
1835
+ # @param [Hash] params ({})
1836
+ def list_event_data_stores(params = {}, options = {})
1837
+ req = build_request(:list_event_data_stores, params)
1838
+ req.send_request(options)
1839
+ end
1840
+
1841
+ # Returns a list of failures for the specified import.
1842
+ #
1843
+ # @option params [required, String] :import_id
1844
+ # The ID of the import.
1845
+ #
1846
+ # @option params [Integer] :max_results
1847
+ # The maximum number of failures to display on a single page.
1848
+ #
1849
+ # @option params [String] :next_token
1850
+ # A token you can use to get the next page of import failures.
1851
+ #
1852
+ # @return [Types::ListImportFailuresResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1853
+ #
1854
+ # * {Types::ListImportFailuresResponse#failures #failures} => Array&lt;Types::ImportFailureListItem&gt;
1855
+ # * {Types::ListImportFailuresResponse#next_token #next_token} => String
1856
+ #
1857
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1858
+ #
1859
+ # @example Request syntax with placeholder values
1860
+ #
1861
+ # resp = client.list_import_failures({
1862
+ # import_id: "UUID", # required
1863
+ # max_results: 1,
1864
+ # next_token: "PaginationToken",
1865
+ # })
1866
+ #
1867
+ # @example Response structure
1868
+ #
1869
+ # resp.failures #=> Array
1870
+ # resp.failures[0].location #=> String
1871
+ # resp.failures[0].status #=> String, one of "FAILED", "RETRY", "SUCCEEDED"
1872
+ # resp.failures[0].error_type #=> String
1873
+ # resp.failures[0].error_message #=> String
1874
+ # resp.failures[0].last_updated_time #=> Time
1875
+ # resp.next_token #=> String
1876
+ #
1877
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListImportFailures AWS API Documentation
1878
+ #
1879
+ # @overload list_import_failures(params = {})
1880
+ # @param [Hash] params ({})
1881
+ def list_import_failures(params = {}, options = {})
1882
+ req = build_request(:list_import_failures, params)
1883
+ req.send_request(options)
1884
+ end
1885
+
1886
+ # Returns information on all imports, or a select set of imports by
1887
+ # `ImportStatus` or `Destination`.
1888
+ #
1889
+ # @option params [Integer] :max_results
1890
+ # The maximum number of imports to display on a single page.
1891
+ #
1892
+ # @option params [String] :destination
1893
+ # The ARN of the destination event data store.
1894
+ #
1895
+ # @option params [String] :import_status
1896
+ # The status of the import.
1897
+ #
1898
+ # @option params [String] :next_token
1899
+ # A token you can use to get the next page of import results.
1900
+ #
1901
+ # @return [Types::ListImportsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1902
+ #
1903
+ # * {Types::ListImportsResponse#imports #imports} => Array&lt;Types::ImportsListItem&gt;
1904
+ # * {Types::ListImportsResponse#next_token #next_token} => String
1905
+ #
1906
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1907
+ #
1908
+ # @example Request syntax with placeholder values
1909
+ #
1910
+ # resp = client.list_imports({
1911
+ # max_results: 1,
1912
+ # destination: "EventDataStoreArn",
1913
+ # import_status: "INITIALIZING", # accepts INITIALIZING, IN_PROGRESS, FAILED, STOPPED, COMPLETED
1914
+ # next_token: "PaginationToken",
1915
+ # })
1916
+ #
1917
+ # @example Response structure
1918
+ #
1919
+ # resp.imports #=> Array
1920
+ # resp.imports[0].import_id #=> String
1921
+ # resp.imports[0].import_status #=> String, one of "INITIALIZING", "IN_PROGRESS", "FAILED", "STOPPED", "COMPLETED"
1922
+ # resp.imports[0].destinations #=> Array
1923
+ # resp.imports[0].destinations[0] #=> String
1924
+ # resp.imports[0].created_timestamp #=> Time
1925
+ # resp.imports[0].updated_timestamp #=> Time
1926
+ # resp.next_token #=> String
1927
+ #
1928
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListImports AWS API Documentation
1929
+ #
1930
+ # @overload list_imports(params = {})
1931
+ # @param [Hash] params ({})
1932
+ def list_imports(params = {}, options = {})
1933
+ req = build_request(:list_imports, params)
1934
+ req.send_request(options)
1935
+ end
1936
+
931
1937
  # Returns all public keys whose private keys were used to sign the
932
1938
  # digest files within the specified time range. The public key is needed
933
1939
  # to validate digest files that were signed with its corresponding
934
1940
  # private key.
935
1941
  #
936
- # <note markdown="1"> CloudTrail uses different private and public key pairs per region.
937
- # Each digest file is signed with a private key unique to its region.
938
- # When you validate a digest file from a specific region, you must look
939
- # in the same region for its corresponding public key.
1942
+ # <note markdown="1"> CloudTrail uses different private and public key pairs per Region.
1943
+ # Each digest file is signed with a private key unique to its Region.
1944
+ # When you validate a digest file from a specific Region, you must look
1945
+ # in the same Region for its corresponding public key.
940
1946
  #
941
1947
  # </note>
942
1948
  #
@@ -986,14 +1992,87 @@ module Aws::CloudTrail
986
1992
  req.send_request(options)
987
1993
  end
988
1994
 
989
- # Lists the tags for the trail in the current region.
1995
+ # Returns a list of queries and query statuses for the past seven days.
1996
+ # You must specify an ARN value for `EventDataStore`. Optionally, to
1997
+ # shorten the list of results, you can specify a time range, formatted
1998
+ # as timestamps, by adding `StartTime` and `EndTime` parameters, and a
1999
+ # `QueryStatus` value. Valid values for `QueryStatus` include `QUEUED`,
2000
+ # `RUNNING`, `FINISHED`, `FAILED`, `TIMED_OUT`, or `CANCELLED`.
2001
+ #
2002
+ # @option params [required, String] :event_data_store
2003
+ # The ARN (or the ID suffix of the ARN) of an event data store on which
2004
+ # queries were run.
2005
+ #
2006
+ # @option params [String] :next_token
2007
+ # A token you can use to get the next page of results.
2008
+ #
2009
+ # @option params [Integer] :max_results
2010
+ # The maximum number of queries to show on a page.
2011
+ #
2012
+ # @option params [Time,DateTime,Date,Integer,String] :start_time
2013
+ # Use with `EndTime` to bound a `ListQueries` request, and limit its
2014
+ # results to only those queries run within a specified time period.
2015
+ #
2016
+ # @option params [Time,DateTime,Date,Integer,String] :end_time
2017
+ # Use with `StartTime` to bound a `ListQueries` request, and limit its
2018
+ # results to only those queries run within a specified time period.
2019
+ #
2020
+ # @option params [String] :query_status
2021
+ # The status of queries that you want to return in results. Valid values
2022
+ # for `QueryStatus` include `QUEUED`, `RUNNING`, `FINISHED`, `FAILED`,
2023
+ # `TIMED_OUT`, or `CANCELLED`.
2024
+ #
2025
+ # @return [Types::ListQueriesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2026
+ #
2027
+ # * {Types::ListQueriesResponse#queries #queries} => Array&lt;Types::Query&gt;
2028
+ # * {Types::ListQueriesResponse#next_token #next_token} => String
2029
+ #
2030
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2031
+ #
2032
+ # @example Request syntax with placeholder values
2033
+ #
2034
+ # resp = client.list_queries({
2035
+ # event_data_store: "EventDataStoreArn", # required
2036
+ # next_token: "PaginationToken",
2037
+ # max_results: 1,
2038
+ # start_time: Time.now,
2039
+ # end_time: Time.now,
2040
+ # query_status: "QUEUED", # accepts QUEUED, RUNNING, FINISHED, FAILED, CANCELLED, TIMED_OUT
2041
+ # })
2042
+ #
2043
+ # @example Response structure
2044
+ #
2045
+ # resp.queries #=> Array
2046
+ # resp.queries[0].query_id #=> String
2047
+ # resp.queries[0].query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED", "TIMED_OUT"
2048
+ # resp.queries[0].creation_time #=> Time
2049
+ # resp.next_token #=> String
2050
+ #
2051
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListQueries AWS API Documentation
2052
+ #
2053
+ # @overload list_queries(params = {})
2054
+ # @param [Hash] params ({})
2055
+ def list_queries(params = {}, options = {})
2056
+ req = build_request(:list_queries, params)
2057
+ req.send_request(options)
2058
+ end
2059
+
2060
+ # Lists the tags for the specified trails, event data stores, or
2061
+ # channels in the current Region.
990
2062
  #
991
2063
  # @option params [required, Array<String>] :resource_id_list
992
- # Specifies a list of trail ARNs whose tags will be listed. The list has
993
- # a limit of 20 ARNs. The following is the format of a trail ARN.
2064
+ # Specifies a list of trail, event data store, or channel ARNs whose
2065
+ # tags will be listed. The list has a limit of 20 ARNs.
994
2066
  #
2067
+ # Example trail ARN format:
995
2068
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
996
2069
  #
2070
+ # Example event data store ARN format:
2071
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
2072
+ #
2073
+ # Example channel ARN format:
2074
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
2075
+ #
997
2076
  # @option params [String] :next_token
998
2077
  # Reserved for future use.
999
2078
  #
@@ -1034,7 +2113,7 @@ module Aws::CloudTrail
1034
2113
  # @option params [String] :next_token
1035
2114
  # The token to use to get the next page of results after a previous API
1036
2115
  # call. This token must be passed in with the same parameters that were
1037
- # specified in the the original call. For example, if the original call
2116
+ # specified in the original call. For example, if the original call
1038
2117
  # specified an AttributeKey of 'Username' with a value of 'root',
1039
2118
  # the call with NextToken should include those same parameters.
1040
2119
  #
@@ -1070,7 +2149,7 @@ module Aws::CloudTrail
1070
2149
 
1071
2150
  # Looks up [management events][1] or [CloudTrail Insights events][2]
1072
2151
  # that are captured by CloudTrail. You can look up events that occurred
1073
- # in a region within the last 90 days. Lookup supports the following
2152
+ # in a Region within the last 90 days. Lookup supports the following
1074
2153
  # attributes for management events:
1075
2154
  #
1076
2155
  # * Amazon Web Services access key
@@ -1102,7 +2181,7 @@ module Aws::CloudTrail
1102
2181
  # you can use to get the next page of results.
1103
2182
  #
1104
2183
  # The rate of lookup requests is limited to two per second, per account,
1105
- # per region. If this limit is exceeded, a throttling error occurs.
2184
+ # per Region. If this limit is exceeded, a throttling error occurs.
1106
2185
  #
1107
2186
  #
1108
2187
  #
@@ -1136,7 +2215,7 @@ module Aws::CloudTrail
1136
2215
  # @option params [String] :next_token
1137
2216
  # The token to use to get the next page of results after a previous API
1138
2217
  # call. This token must be passed in with the same parameters that were
1139
- # specified in the the original call. For example, if the original call
2218
+ # specified in the original call. For example, if the original call
1140
2219
  # specified an AttributeKey of 'Username' with a value of 'root',
1141
2220
  # the call with NextToken should include those same parameters.
1142
2221
  #
@@ -1153,7 +2232,7 @@ module Aws::CloudTrail
1153
2232
  # lookup_attributes: [
1154
2233
  # {
1155
2234
  # attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
1156
- # attribute_value: "String", # required
2235
+ # attribute_value: "LookupAttributeValue", # required
1157
2236
  # },
1158
2237
  # ],
1159
2238
  # start_time: Time.now,
@@ -1190,9 +2269,14 @@ module Aws::CloudTrail
1190
2269
 
1191
2270
  # Configures an event selector or advanced event selectors for your
1192
2271
  # trail. Use event selectors or advanced event selectors to specify
1193
- # management and data event settings for your trail. By default, trails
1194
- # created without specific event selectors are configured to log all
1195
- # read and write management events, and no data events.
2272
+ # management and data event settings for your trail. If you want your
2273
+ # trail to log Insights events, be sure the event selector enables
2274
+ # logging of the Insights event types you want configured for your
2275
+ # trail. For more information about logging Insights events, see
2276
+ # [Logging Insights events for trails][1] in the *CloudTrail User
2277
+ # Guide*. By default, trails created without specific event selectors
2278
+ # are configured to log all read and write management events, and no
2279
+ # data events.
1196
2280
  #
1197
2281
  # When an event occurs in your account, CloudTrail evaluates the event
1198
2282
  # selectors or advanced event selectors in all trails. For each trail,
@@ -1217,27 +2301,29 @@ module Aws::CloudTrail
1217
2301
  # 5. The `GetConsoleOutput` is a read-only event that doesn't match
1218
2302
  # your event selector. The trail doesn't log the event.
1219
2303
  #
1220
- # The `PutEventSelectors` operation must be called from the region in
2304
+ # The `PutEventSelectors` operation must be called from the Region in
1221
2305
  # which the trail was created; otherwise, an
1222
2306
  # `InvalidHomeRegionException` exception is thrown.
1223
2307
  #
1224
2308
  # You can configure up to five event selectors for each trail. For more
1225
- # information, see [Logging data and management events for trails ][1]
1226
- # and [Quotas in CloudTrail][2] in the *CloudTrail User Guide*.
2309
+ # information, see [Logging management events][2], [Logging data
2310
+ # events][3], and [Quotas in CloudTrail][4] in the *CloudTrail User
2311
+ # Guide*.
1227
2312
  #
1228
2313
  # You can add advanced event selectors, and conditions for your advanced
1229
2314
  # event selectors, up to a maximum of 500 values for all conditions and
1230
2315
  # selectors on a trail. You can use either `AdvancedEventSelectors` or
1231
2316
  # `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
1232
2317
  # to a trail, any existing `EventSelectors` are overwritten. For more
1233
- # information about advanced event selectors, see [Logging data events
1234
- # for trails][3] in the *CloudTrail User Guide*.
2318
+ # information about advanced event selectors, see [Logging data
2319
+ # events][3] in the *CloudTrail User Guide*.
1235
2320
  #
1236
2321
  #
1237
2322
  #
1238
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
1239
- # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
2323
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
2324
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
1240
2325
  # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
2326
+ # [4]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
1241
2327
  #
1242
2328
  # @option params [required, String] :trail_name
1243
2329
  # Specifies the name of the trail or trail ARN. If you specify a trail
@@ -1273,8 +2359,8 @@ module Aws::CloudTrail
1273
2359
  # selectors on a trail. You can use either `AdvancedEventSelectors` or
1274
2360
  # `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
1275
2361
  # to a trail, any existing `EventSelectors` are overwritten. For more
1276
- # information about advanced event selectors, see [Logging data events
1277
- # for trails][1] in the *CloudTrail User Guide*.
2362
+ # information about advanced event selectors, see [Logging data
2363
+ # events][1] in the *CloudTrail User Guide*.
1278
2364
  #
1279
2365
  #
1280
2366
  #
@@ -1362,17 +2448,31 @@ module Aws::CloudTrail
1362
2448
  # Lets you enable Insights event logging by specifying the Insights
1363
2449
  # selectors that you want to enable on an existing trail. You also use
1364
2450
  # `PutInsightSelectors` to turn off Insights event logging, by passing
1365
- # an empty list of insight types. The valid Insights event type in this
1366
- # release is `ApiCallRateInsight`.
2451
+ # an empty list of insight types. The valid Insights event types in this
2452
+ # release are `ApiErrorRateInsight` and `ApiCallRateInsight`.
2453
+ #
2454
+ # To log CloudTrail Insights events on API call volume, the trail must
2455
+ # log `write` management events. To log CloudTrail Insights events on
2456
+ # API error rate, the trail must log `read` or `write` management
2457
+ # events. You can call `GetEventSelectors` on a trail to check whether
2458
+ # the trail logs management events.
1367
2459
  #
1368
2460
  # @option params [required, String] :trail_name
1369
2461
  # The name of the CloudTrail trail for which you want to change or add
1370
2462
  # Insights selectors.
1371
2463
  #
1372
2464
  # @option params [required, Array<Types::InsightSelector>] :insight_selectors
1373
- # A JSON string that contains the Insights types that you want to log on
1374
- # a trail. The valid Insights type in this release is
1375
- # `ApiCallRateInsight`.
2465
+ # A JSON string that contains the insight types you want to log on a
2466
+ # trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
2467
+ # Insight types.
2468
+ #
2469
+ # The `ApiCallRateInsight` Insights type analyzes write-only management
2470
+ # API calls that are aggregated per minute against a baseline API call
2471
+ # volume.
2472
+ #
2473
+ # The `ApiErrorRateInsight` Insights type analyzes management API calls
2474
+ # that result in error codes. The error is shown if the API call is
2475
+ # unsuccessful.
1376
2476
  #
1377
2477
  # @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1378
2478
  #
@@ -1405,15 +2505,101 @@ module Aws::CloudTrail
1405
2505
  req.send_request(options)
1406
2506
  end
1407
2507
 
1408
- # Removes the specified tags from a trail.
2508
+ # Attaches a resource-based permission policy to a CloudTrail channel
2509
+ # that is used for an integration with an event source outside of Amazon
2510
+ # Web Services. For more information about resource-based policies, see
2511
+ # [CloudTrail resource-based policy examples][1] in the *CloudTrail User
2512
+ # Guide*.
2513
+ #
2514
+ #
2515
+ #
2516
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/security_iam_resource-based-policy-examples.html
2517
+ #
2518
+ # @option params [required, String] :resource_arn
2519
+ # The Amazon Resource Name (ARN) of the CloudTrail channel attached to
2520
+ # the resource-based policy. The following is the format of a resource
2521
+ # ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
2522
+ #
2523
+ # @option params [required, String] :resource_policy
2524
+ # A JSON-formatted string for an Amazon Web Services resource-based
2525
+ # policy.
2526
+ #
2527
+ # The following are requirements for the resource policy:
2528
+ #
2529
+ # * Contains only one action: cloudtrail-data:PutAuditEvents
2530
+ #
2531
+ # * Contains at least one statement. The policy can have a maximum of 20
2532
+ # statements.
2533
+ #
2534
+ # * Each statement contains at least one principal. A statement can have
2535
+ # a maximum of 50 principals.
2536
+ #
2537
+ # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2538
+ #
2539
+ # * {Types::PutResourcePolicyResponse#resource_arn #resource_arn} => String
2540
+ # * {Types::PutResourcePolicyResponse#resource_policy #resource_policy} => String
2541
+ #
2542
+ # @example Request syntax with placeholder values
2543
+ #
2544
+ # resp = client.put_resource_policy({
2545
+ # resource_arn: "ResourceArn", # required
2546
+ # resource_policy: "ResourcePolicy", # required
2547
+ # })
2548
+ #
2549
+ # @example Response structure
2550
+ #
2551
+ # resp.resource_arn #=> String
2552
+ # resp.resource_policy #=> String
2553
+ #
2554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutResourcePolicy AWS API Documentation
2555
+ #
2556
+ # @overload put_resource_policy(params = {})
2557
+ # @param [Hash] params ({})
2558
+ def put_resource_policy(params = {}, options = {})
2559
+ req = build_request(:put_resource_policy, params)
2560
+ req.send_request(options)
2561
+ end
2562
+
2563
+ # Registers an organization’s member account as the CloudTrail delegated
2564
+ # administrator.
2565
+ #
2566
+ # @option params [required, String] :member_account_id
2567
+ # An organization member account ID that you want to designate as a
2568
+ # delegated administrator.
2569
+ #
2570
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2571
+ #
2572
+ # @example Request syntax with placeholder values
2573
+ #
2574
+ # resp = client.register_organization_delegated_admin({
2575
+ # member_account_id: "AccountId", # required
2576
+ # })
2577
+ #
2578
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RegisterOrganizationDelegatedAdmin AWS API Documentation
2579
+ #
2580
+ # @overload register_organization_delegated_admin(params = {})
2581
+ # @param [Hash] params ({})
2582
+ def register_organization_delegated_admin(params = {}, options = {})
2583
+ req = build_request(:register_organization_delegated_admin, params)
2584
+ req.send_request(options)
2585
+ end
2586
+
2587
+ # Removes the specified tags from a trail, event data store, or channel.
1409
2588
  #
1410
2589
  # @option params [required, String] :resource_id
1411
- # Specifies the ARN of the trail from which tags should be removed. The
1412
- # format of a trail ARN is:
2590
+ # Specifies the ARN of the trail, event data store, or channel from
2591
+ # which tags should be removed.
1413
2592
  #
2593
+ # Example trail ARN format:
1414
2594
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1415
2595
  #
1416
- # @option params [Array<Types::Tag>] :tags_list
2596
+ # Example event data store ARN format:
2597
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
2598
+ #
2599
+ # Example channel ARN format:
2600
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
2601
+ #
2602
+ # @option params [required, Array<Types::Tag>] :tags_list
1417
2603
  # Specifies a list of tags to be removed.
1418
2604
  #
1419
2605
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1422,10 +2608,10 @@ module Aws::CloudTrail
1422
2608
  #
1423
2609
  # resp = client.remove_tags({
1424
2610
  # resource_id: "String", # required
1425
- # tags_list: [
2611
+ # tags_list: [ # required
1426
2612
  # {
1427
- # key: "String", # required
1428
- # value: "String",
2613
+ # key: "TagKey", # required
2614
+ # value: "TagValue",
1429
2615
  # },
1430
2616
  # ],
1431
2617
  # })
@@ -1439,12 +2625,212 @@ module Aws::CloudTrail
1439
2625
  req.send_request(options)
1440
2626
  end
1441
2627
 
2628
+ # Restores a deleted event data store specified by `EventDataStore`,
2629
+ # which accepts an event data store ARN. You can only restore a deleted
2630
+ # event data store within the seven-day wait period after deletion.
2631
+ # Restoring an event data store can take several minutes, depending on
2632
+ # the size of the event data store.
2633
+ #
2634
+ # @option params [required, String] :event_data_store
2635
+ # The ARN (or the ID suffix of the ARN) of the event data store that you
2636
+ # want to restore.
2637
+ #
2638
+ # @return [Types::RestoreEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2639
+ #
2640
+ # * {Types::RestoreEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
2641
+ # * {Types::RestoreEventDataStoreResponse#name #name} => String
2642
+ # * {Types::RestoreEventDataStoreResponse#status #status} => String
2643
+ # * {Types::RestoreEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
2644
+ # * {Types::RestoreEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
2645
+ # * {Types::RestoreEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
2646
+ # * {Types::RestoreEventDataStoreResponse#retention_period #retention_period} => Integer
2647
+ # * {Types::RestoreEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
2648
+ # * {Types::RestoreEventDataStoreResponse#created_timestamp #created_timestamp} => Time
2649
+ # * {Types::RestoreEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
2650
+ # * {Types::RestoreEventDataStoreResponse#kms_key_id #kms_key_id} => String
2651
+ #
2652
+ # @example Request syntax with placeholder values
2653
+ #
2654
+ # resp = client.restore_event_data_store({
2655
+ # event_data_store: "EventDataStoreArn", # required
2656
+ # })
2657
+ #
2658
+ # @example Response structure
2659
+ #
2660
+ # resp.event_data_store_arn #=> String
2661
+ # resp.name #=> String
2662
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION", "STARTING_INGESTION", "STOPPING_INGESTION", "STOPPED_INGESTION"
2663
+ # resp.advanced_event_selectors #=> Array
2664
+ # resp.advanced_event_selectors[0].name #=> String
2665
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
2666
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
2667
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
2668
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
2669
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
2670
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
2671
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
2672
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
2673
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
2674
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
2675
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
2676
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
2677
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
2678
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
2679
+ # resp.multi_region_enabled #=> Boolean
2680
+ # resp.organization_enabled #=> Boolean
2681
+ # resp.retention_period #=> Integer
2682
+ # resp.termination_protection_enabled #=> Boolean
2683
+ # resp.created_timestamp #=> Time
2684
+ # resp.updated_timestamp #=> Time
2685
+ # resp.kms_key_id #=> String
2686
+ #
2687
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RestoreEventDataStore AWS API Documentation
2688
+ #
2689
+ # @overload restore_event_data_store(params = {})
2690
+ # @param [Hash] params ({})
2691
+ def restore_event_data_store(params = {}, options = {})
2692
+ req = build_request(:restore_event_data_store, params)
2693
+ req.send_request(options)
2694
+ end
2695
+
2696
+ # Starts the ingestion of live events on an event data store specified
2697
+ # as either an ARN or the ID portion of the ARN. To start ingestion, the
2698
+ # event data store `Status` must be `STOPPED_INGESTION` and the
2699
+ # `eventCategory` must be `Management`, `Data`, or `ConfigurationItem`.
2700
+ #
2701
+ # @option params [required, String] :event_data_store
2702
+ # The ARN (or ID suffix of the ARN) of the event data store for which
2703
+ # you want to start ingestion.
2704
+ #
2705
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2706
+ #
2707
+ # @example Request syntax with placeholder values
2708
+ #
2709
+ # resp = client.start_event_data_store_ingestion({
2710
+ # event_data_store: "EventDataStoreArn", # required
2711
+ # })
2712
+ #
2713
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartEventDataStoreIngestion AWS API Documentation
2714
+ #
2715
+ # @overload start_event_data_store_ingestion(params = {})
2716
+ # @param [Hash] params ({})
2717
+ def start_event_data_store_ingestion(params = {}, options = {})
2718
+ req = build_request(:start_event_data_store_ingestion, params)
2719
+ req.send_request(options)
2720
+ end
2721
+
2722
+ # Starts an import of logged trail events from a source S3 bucket to a
2723
+ # destination event data store. By default, CloudTrail only imports
2724
+ # events contained in the S3 bucket's `CloudTrail` prefix and the
2725
+ # prefixes inside the `CloudTrail` prefix, and does not check prefixes
2726
+ # for other Amazon Web Services services. If you want to import
2727
+ # CloudTrail events contained in another prefix, you must include the
2728
+ # prefix in the `S3LocationUri`. For more considerations about importing
2729
+ # trail events, see [Considerations][1].
2730
+ #
2731
+ # When you start a new import, the `Destinations` and `ImportSource`
2732
+ # parameters are required. Before starting a new import, disable any
2733
+ # access control lists (ACLs) attached to the source S3 bucket. For more
2734
+ # information about disabling ACLs, see [Controlling ownership of
2735
+ # objects and disabling ACLs for your bucket][2].
2736
+ #
2737
+ # When you retry an import, the `ImportID` parameter is required.
2738
+ #
2739
+ # <note markdown="1"> If the destination event data store is for an organization, you must
2740
+ # use the management account to import trail events. You cannot use the
2741
+ # delegated administrator account for the organization.
2742
+ #
2743
+ # </note>
2744
+ #
2745
+ #
2746
+ #
2747
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-copy-trail-to-lake.html#cloudtrail-trail-copy-considerations
2748
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
2749
+ #
2750
+ # @option params [Array<String>] :destinations
2751
+ # The ARN of the destination event data store. Use this parameter for a
2752
+ # new import.
2753
+ #
2754
+ # @option params [Types::ImportSource] :import_source
2755
+ # The source S3 bucket for the import. Use this parameter for a new
2756
+ # import.
2757
+ #
2758
+ # @option params [Time,DateTime,Date,Integer,String] :start_event_time
2759
+ # Use with `EndEventTime` to bound a `StartImport` request, and limit
2760
+ # imported trail events to only those events logged within a specified
2761
+ # time period. When you specify a time range, CloudTrail checks the
2762
+ # prefix and log file names to verify the names contain a date between
2763
+ # the specified `StartEventTime` and `EndEventTime` before attempting to
2764
+ # import events.
2765
+ #
2766
+ # @option params [Time,DateTime,Date,Integer,String] :end_event_time
2767
+ # Use with `StartEventTime` to bound a `StartImport` request, and limit
2768
+ # imported trail events to only those events logged within a specified
2769
+ # time period. When you specify a time range, CloudTrail checks the
2770
+ # prefix and log file names to verify the names contain a date between
2771
+ # the specified `StartEventTime` and `EndEventTime` before attempting to
2772
+ # import events.
2773
+ #
2774
+ # @option params [String] :import_id
2775
+ # The ID of the import. Use this parameter when you are retrying an
2776
+ # import.
2777
+ #
2778
+ # @return [Types::StartImportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2779
+ #
2780
+ # * {Types::StartImportResponse#import_id #import_id} => String
2781
+ # * {Types::StartImportResponse#destinations #destinations} => Array&lt;String&gt;
2782
+ # * {Types::StartImportResponse#import_source #import_source} => Types::ImportSource
2783
+ # * {Types::StartImportResponse#start_event_time #start_event_time} => Time
2784
+ # * {Types::StartImportResponse#end_event_time #end_event_time} => Time
2785
+ # * {Types::StartImportResponse#import_status #import_status} => String
2786
+ # * {Types::StartImportResponse#created_timestamp #created_timestamp} => Time
2787
+ # * {Types::StartImportResponse#updated_timestamp #updated_timestamp} => Time
2788
+ #
2789
+ # @example Request syntax with placeholder values
2790
+ #
2791
+ # resp = client.start_import({
2792
+ # destinations: ["EventDataStoreArn"],
2793
+ # import_source: {
2794
+ # s3: { # required
2795
+ # s3_location_uri: "String", # required
2796
+ # s3_bucket_region: "String", # required
2797
+ # s3_bucket_access_role_arn: "String", # required
2798
+ # },
2799
+ # },
2800
+ # start_event_time: Time.now,
2801
+ # end_event_time: Time.now,
2802
+ # import_id: "UUID",
2803
+ # })
2804
+ #
2805
+ # @example Response structure
2806
+ #
2807
+ # resp.import_id #=> String
2808
+ # resp.destinations #=> Array
2809
+ # resp.destinations[0] #=> String
2810
+ # resp.import_source.s3.s3_location_uri #=> String
2811
+ # resp.import_source.s3.s3_bucket_region #=> String
2812
+ # resp.import_source.s3.s3_bucket_access_role_arn #=> String
2813
+ # resp.start_event_time #=> Time
2814
+ # resp.end_event_time #=> Time
2815
+ # resp.import_status #=> String, one of "INITIALIZING", "IN_PROGRESS", "FAILED", "STOPPED", "COMPLETED"
2816
+ # resp.created_timestamp #=> Time
2817
+ # resp.updated_timestamp #=> Time
2818
+ #
2819
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartImport AWS API Documentation
2820
+ #
2821
+ # @overload start_import(params = {})
2822
+ # @param [Hash] params ({})
2823
+ def start_import(params = {}, options = {})
2824
+ req = build_request(:start_import, params)
2825
+ req.send_request(options)
2826
+ end
2827
+
1442
2828
  # Starts the recording of Amazon Web Services API calls and log file
1443
- # delivery for a trail. For a trail that is enabled in all regions, this
1444
- # operation must be called from the region in which the trail was
2829
+ # delivery for a trail. For a trail that is enabled in all Regions, this
2830
+ # operation must be called from the Region in which the trail was
1445
2831
  # created. This operation cannot be called on the shadow trails
1446
- # (replicated trails in other regions) of a trail that is enabled in all
1447
- # regions.
2832
+ # (replicated trails in other Regions) of a trail that is enabled in all
2833
+ # Regions.
1448
2834
  #
1449
2835
  # @option params [required, String] :name
1450
2836
  # Specifies the name or the CloudTrail ARN of the trail for which
@@ -1470,15 +2856,140 @@ module Aws::CloudTrail
1470
2856
  req.send_request(options)
1471
2857
  end
1472
2858
 
2859
+ # Starts a CloudTrail Lake query. Use the `QueryStatement` parameter to
2860
+ # provide your SQL query, enclosed in single quotation marks. Use the
2861
+ # optional `DeliveryS3Uri` parameter to deliver the query results to an
2862
+ # S3 bucket.
2863
+ #
2864
+ # `StartQuery` requires you specify either the `QueryStatement`
2865
+ # parameter, or a `QueryAlias` and any `QueryParameters`. In the current
2866
+ # release, the `QueryAlias` and `QueryParameters` parameters are used
2867
+ # only for the queries that populate the CloudTrail Lake dashboards.
2868
+ #
2869
+ # @option params [String] :query_statement
2870
+ # The SQL code of your query.
2871
+ #
2872
+ # @option params [String] :delivery_s3_uri
2873
+ # The URI for the S3 bucket where CloudTrail delivers the query results.
2874
+ #
2875
+ # @option params [String] :query_alias
2876
+ # The alias that identifies a query template.
2877
+ #
2878
+ # @option params [Array<String>] :query_parameters
2879
+ # The query parameters for the specified `QueryAlias`.
2880
+ #
2881
+ # @return [Types::StartQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2882
+ #
2883
+ # * {Types::StartQueryResponse#query_id #query_id} => String
2884
+ #
2885
+ # @example Request syntax with placeholder values
2886
+ #
2887
+ # resp = client.start_query({
2888
+ # query_statement: "QueryStatement",
2889
+ # delivery_s3_uri: "DeliveryS3Uri",
2890
+ # query_alias: "QueryAlias",
2891
+ # query_parameters: ["QueryParameter"],
2892
+ # })
2893
+ #
2894
+ # @example Response structure
2895
+ #
2896
+ # resp.query_id #=> String
2897
+ #
2898
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartQuery AWS API Documentation
2899
+ #
2900
+ # @overload start_query(params = {})
2901
+ # @param [Hash] params ({})
2902
+ def start_query(params = {}, options = {})
2903
+ req = build_request(:start_query, params)
2904
+ req.send_request(options)
2905
+ end
2906
+
2907
+ # Stops the ingestion of live events on an event data store specified as
2908
+ # either an ARN or the ID portion of the ARN. To stop ingestion, the
2909
+ # event data store `Status` must be `ENABLED` and the `eventCategory`
2910
+ # must be `Management`, `Data`, or `ConfigurationItem`.
2911
+ #
2912
+ # @option params [required, String] :event_data_store
2913
+ # The ARN (or ID suffix of the ARN) of the event data store for which
2914
+ # you want to stop ingestion.
2915
+ #
2916
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2917
+ #
2918
+ # @example Request syntax with placeholder values
2919
+ #
2920
+ # resp = client.stop_event_data_store_ingestion({
2921
+ # event_data_store: "EventDataStoreArn", # required
2922
+ # })
2923
+ #
2924
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopEventDataStoreIngestion AWS API Documentation
2925
+ #
2926
+ # @overload stop_event_data_store_ingestion(params = {})
2927
+ # @param [Hash] params ({})
2928
+ def stop_event_data_store_ingestion(params = {}, options = {})
2929
+ req = build_request(:stop_event_data_store_ingestion, params)
2930
+ req.send_request(options)
2931
+ end
2932
+
2933
+ # Stops a specified import.
2934
+ #
2935
+ # @option params [required, String] :import_id
2936
+ # The ID of the import.
2937
+ #
2938
+ # @return [Types::StopImportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2939
+ #
2940
+ # * {Types::StopImportResponse#import_id #import_id} => String
2941
+ # * {Types::StopImportResponse#import_source #import_source} => Types::ImportSource
2942
+ # * {Types::StopImportResponse#destinations #destinations} => Array&lt;String&gt;
2943
+ # * {Types::StopImportResponse#import_status #import_status} => String
2944
+ # * {Types::StopImportResponse#created_timestamp #created_timestamp} => Time
2945
+ # * {Types::StopImportResponse#updated_timestamp #updated_timestamp} => Time
2946
+ # * {Types::StopImportResponse#start_event_time #start_event_time} => Time
2947
+ # * {Types::StopImportResponse#end_event_time #end_event_time} => Time
2948
+ # * {Types::StopImportResponse#import_statistics #import_statistics} => Types::ImportStatistics
2949
+ #
2950
+ # @example Request syntax with placeholder values
2951
+ #
2952
+ # resp = client.stop_import({
2953
+ # import_id: "UUID", # required
2954
+ # })
2955
+ #
2956
+ # @example Response structure
2957
+ #
2958
+ # resp.import_id #=> String
2959
+ # resp.import_source.s3.s3_location_uri #=> String
2960
+ # resp.import_source.s3.s3_bucket_region #=> String
2961
+ # resp.import_source.s3.s3_bucket_access_role_arn #=> String
2962
+ # resp.destinations #=> Array
2963
+ # resp.destinations[0] #=> String
2964
+ # resp.import_status #=> String, one of "INITIALIZING", "IN_PROGRESS", "FAILED", "STOPPED", "COMPLETED"
2965
+ # resp.created_timestamp #=> Time
2966
+ # resp.updated_timestamp #=> Time
2967
+ # resp.start_event_time #=> Time
2968
+ # resp.end_event_time #=> Time
2969
+ # resp.import_statistics.prefixes_found #=> Integer
2970
+ # resp.import_statistics.prefixes_completed #=> Integer
2971
+ # resp.import_statistics.files_completed #=> Integer
2972
+ # resp.import_statistics.events_completed #=> Integer
2973
+ # resp.import_statistics.failed_entries #=> Integer
2974
+ #
2975
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopImport AWS API Documentation
2976
+ #
2977
+ # @overload stop_import(params = {})
2978
+ # @param [Hash] params ({})
2979
+ def stop_import(params = {}, options = {})
2980
+ req = build_request(:stop_import, params)
2981
+ req.send_request(options)
2982
+ end
2983
+
1473
2984
  # Suspends the recording of Amazon Web Services API calls and log file
1474
2985
  # delivery for the specified trail. Under most circumstances, there is
1475
2986
  # no need to use this action. You can update a trail without stopping it
1476
2987
  # first. This action is the only way to stop recording. For a trail
1477
- # enabled in all regions, this operation must be called from the region
2988
+ # enabled in all Regions, this operation must be called from the Region
1478
2989
  # in which the trail was created, or an `InvalidHomeRegionException`
1479
2990
  # will occur. This operation cannot be called on the shadow trails
1480
- # (replicated trails in other regions) of a trail enabled in all
1481
- # regions.
2991
+ # (replicated trails in other Regions) of a trail enabled in all
2992
+ # Regions.
1482
2993
  #
1483
2994
  # @option params [required, String] :name
1484
2995
  # Specifies the name or the CloudTrail ARN of the trail for which
@@ -1504,12 +3015,234 @@ module Aws::CloudTrail
1504
3015
  req.send_request(options)
1505
3016
  end
1506
3017
 
3018
+ # Updates a channel specified by a required channel ARN or UUID.
3019
+ #
3020
+ # @option params [required, String] :channel
3021
+ # The ARN or ID (the ARN suffix) of the channel that you want to update.
3022
+ #
3023
+ # @option params [Array<Types::Destination>] :destinations
3024
+ # The ARNs of event data stores that you want to log events arriving
3025
+ # through the channel.
3026
+ #
3027
+ # @option params [String] :name
3028
+ # Changes the name of the channel.
3029
+ #
3030
+ # @return [Types::UpdateChannelResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3031
+ #
3032
+ # * {Types::UpdateChannelResponse#channel_arn #channel_arn} => String
3033
+ # * {Types::UpdateChannelResponse#name #name} => String
3034
+ # * {Types::UpdateChannelResponse#source #source} => String
3035
+ # * {Types::UpdateChannelResponse#destinations #destinations} => Array&lt;Types::Destination&gt;
3036
+ #
3037
+ # @example Request syntax with placeholder values
3038
+ #
3039
+ # resp = client.update_channel({
3040
+ # channel: "ChannelArn", # required
3041
+ # destinations: [
3042
+ # {
3043
+ # type: "EVENT_DATA_STORE", # required, accepts EVENT_DATA_STORE, AWS_SERVICE
3044
+ # location: "Location", # required
3045
+ # },
3046
+ # ],
3047
+ # name: "ChannelName",
3048
+ # })
3049
+ #
3050
+ # @example Response structure
3051
+ #
3052
+ # resp.channel_arn #=> String
3053
+ # resp.name #=> String
3054
+ # resp.source #=> String
3055
+ # resp.destinations #=> Array
3056
+ # resp.destinations[0].type #=> String, one of "EVENT_DATA_STORE", "AWS_SERVICE"
3057
+ # resp.destinations[0].location #=> String
3058
+ #
3059
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateChannel AWS API Documentation
3060
+ #
3061
+ # @overload update_channel(params = {})
3062
+ # @param [Hash] params ({})
3063
+ def update_channel(params = {}, options = {})
3064
+ req = build_request(:update_channel, params)
3065
+ req.send_request(options)
3066
+ end
3067
+
3068
+ # Updates an event data store. The required `EventDataStore` value is an
3069
+ # ARN or the ID portion of the ARN. Other parameters are optional, but
3070
+ # at least one optional parameter must be specified, or CloudTrail
3071
+ # throws an error. `RetentionPeriod` is in days, and valid values are
3072
+ # integers between 90 and 2557. By default, `TerminationProtection` is
3073
+ # enabled.
3074
+ #
3075
+ # For event data stores for CloudTrail events, `AdvancedEventSelectors`
3076
+ # includes or excludes management and data events in your event data
3077
+ # store. For more information about `AdvancedEventSelectors`, see
3078
+ # [AdvancedEventSelectors][1].
3079
+ #
3080
+ # For event data stores for Config configuration items, Audit Manager
3081
+ # evidence, or non-Amazon Web Services events, `AdvancedEventSelectors`
3082
+ # includes events of that type in your event data store.
3083
+ #
3084
+ #
3085
+ #
3086
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html
3087
+ #
3088
+ # @option params [required, String] :event_data_store
3089
+ # The ARN (or the ID suffix of the ARN) of the event data store that you
3090
+ # want to update.
3091
+ #
3092
+ # @option params [String] :name
3093
+ # The event data store name.
3094
+ #
3095
+ # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
3096
+ # The advanced event selectors used to select events for the event data
3097
+ # store. You can configure up to five advanced event selectors for each
3098
+ # event data store.
3099
+ #
3100
+ # @option params [Boolean] :multi_region_enabled
3101
+ # Specifies whether an event data store collects events from all
3102
+ # Regions, or only from the Region in which it was created.
3103
+ #
3104
+ # @option params [Boolean] :organization_enabled
3105
+ # Specifies whether an event data store collects events logged for an
3106
+ # organization in Organizations.
3107
+ #
3108
+ # @option params [Integer] :retention_period
3109
+ # The retention period of the event data store, in days. You can set a
3110
+ # retention period of up to 2557 days, the equivalent of seven years.
3111
+ # CloudTrail Lake determines whether to retain an event by checking if
3112
+ # the `eventTime` of the event is within the specified retention period.
3113
+ # For example, if you set a retention period of 90 days, CloudTrail will
3114
+ # remove events when the `eventTime` is older than 90 days.
3115
+ #
3116
+ # <note markdown="1"> If you decrease the retention period of an event data store,
3117
+ # CloudTrail will remove any events with an `eventTime` older than the
3118
+ # new retention period. For example, if the previous retention period
3119
+ # was 365 days and you decrease it to 100 days, CloudTrail will remove
3120
+ # events with an `eventTime` older than 100 days.
3121
+ #
3122
+ # </note>
3123
+ #
3124
+ # @option params [Boolean] :termination_protection_enabled
3125
+ # Indicates that termination protection is enabled and the event data
3126
+ # store cannot be automatically deleted.
3127
+ #
3128
+ # @option params [String] :kms_key_id
3129
+ # Specifies the KMS key ID to use to encrypt the events delivered by
3130
+ # CloudTrail. The value can be an alias name prefixed by `alias/`, a
3131
+ # fully specified ARN to an alias, a fully specified ARN to a key, or a
3132
+ # globally unique identifier.
3133
+ #
3134
+ # Disabling or deleting the KMS key, or removing CloudTrail permissions
3135
+ # on the key, prevents CloudTrail from logging events to the event data
3136
+ # store, and prevents users from querying the data in the event data
3137
+ # store that was encrypted with the key. After you associate an event
3138
+ # data store with a KMS key, the KMS key cannot be removed or changed.
3139
+ # Before you disable or delete a KMS key that you are using with an
3140
+ # event data store, delete or back up your event data store.
3141
+ #
3142
+ # CloudTrail also supports KMS multi-Region keys. For more information
3143
+ # about multi-Region keys, see [Using multi-Region keys][1] in the *Key
3144
+ # Management Service Developer Guide*.
3145
+ #
3146
+ # Examples:
3147
+ #
3148
+ # * `alias/MyAliasName`
3149
+ #
3150
+ # * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
3151
+ #
3152
+ # * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
3153
+ #
3154
+ # * `12345678-1234-1234-1234-123456789012`
3155
+ #
3156
+ #
3157
+ #
3158
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
3159
+ #
3160
+ # @return [Types::UpdateEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3161
+ #
3162
+ # * {Types::UpdateEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
3163
+ # * {Types::UpdateEventDataStoreResponse#name #name} => String
3164
+ # * {Types::UpdateEventDataStoreResponse#status #status} => String
3165
+ # * {Types::UpdateEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
3166
+ # * {Types::UpdateEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
3167
+ # * {Types::UpdateEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
3168
+ # * {Types::UpdateEventDataStoreResponse#retention_period #retention_period} => Integer
3169
+ # * {Types::UpdateEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
3170
+ # * {Types::UpdateEventDataStoreResponse#created_timestamp #created_timestamp} => Time
3171
+ # * {Types::UpdateEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
3172
+ # * {Types::UpdateEventDataStoreResponse#kms_key_id #kms_key_id} => String
3173
+ #
3174
+ # @example Request syntax with placeholder values
3175
+ #
3176
+ # resp = client.update_event_data_store({
3177
+ # event_data_store: "EventDataStoreArn", # required
3178
+ # name: "EventDataStoreName",
3179
+ # advanced_event_selectors: [
3180
+ # {
3181
+ # name: "SelectorName",
3182
+ # field_selectors: [ # required
3183
+ # {
3184
+ # field: "SelectorField", # required
3185
+ # equals: ["OperatorValue"],
3186
+ # starts_with: ["OperatorValue"],
3187
+ # ends_with: ["OperatorValue"],
3188
+ # not_equals: ["OperatorValue"],
3189
+ # not_starts_with: ["OperatorValue"],
3190
+ # not_ends_with: ["OperatorValue"],
3191
+ # },
3192
+ # ],
3193
+ # },
3194
+ # ],
3195
+ # multi_region_enabled: false,
3196
+ # organization_enabled: false,
3197
+ # retention_period: 1,
3198
+ # termination_protection_enabled: false,
3199
+ # kms_key_id: "EventDataStoreKmsKeyId",
3200
+ # })
3201
+ #
3202
+ # @example Response structure
3203
+ #
3204
+ # resp.event_data_store_arn #=> String
3205
+ # resp.name #=> String
3206
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION", "STARTING_INGESTION", "STOPPING_INGESTION", "STOPPED_INGESTION"
3207
+ # resp.advanced_event_selectors #=> Array
3208
+ # resp.advanced_event_selectors[0].name #=> String
3209
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
3210
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
3211
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
3212
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
3213
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
3214
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
3215
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
3216
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
3217
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
3218
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
3219
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
3220
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
3221
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
3222
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
3223
+ # resp.multi_region_enabled #=> Boolean
3224
+ # resp.organization_enabled #=> Boolean
3225
+ # resp.retention_period #=> Integer
3226
+ # resp.termination_protection_enabled #=> Boolean
3227
+ # resp.created_timestamp #=> Time
3228
+ # resp.updated_timestamp #=> Time
3229
+ # resp.kms_key_id #=> String
3230
+ #
3231
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStore AWS API Documentation
3232
+ #
3233
+ # @overload update_event_data_store(params = {})
3234
+ # @param [Hash] params ({})
3235
+ def update_event_data_store(params = {}, options = {})
3236
+ req = build_request(:update_event_data_store, params)
3237
+ req.send_request(options)
3238
+ end
3239
+
1507
3240
  # Updates trail settings that control what events you are logging, and
1508
3241
  # how to handle log files. Changes to a trail do not require stopping
1509
3242
  # the CloudTrail service. Use this action to designate an existing
1510
3243
  # bucket for log delivery. If the existing bucket has previously been a
1511
3244
  # target for CloudTrail log files, an IAM policy exists for the bucket.
1512
- # `UpdateTrail` must be called from the region in which the trail was
3245
+ # `UpdateTrail` must be called from the Region in which the trail was
1513
3246
  # created; otherwise, an `InvalidHomeRegionException` is thrown.
1514
3247
  #
1515
3248
  # @option params [required, String] :name
@@ -1559,14 +3292,14 @@ module Aws::CloudTrail
1559
3292
  # such as IAM to the log files.
1560
3293
  #
1561
3294
  # @option params [Boolean] :is_multi_region_trail
1562
- # Specifies whether the trail applies only to the current region or to
1563
- # all regions. The default is false. If the trail exists only in the
1564
- # current region and this value is set to true, shadow trails
1565
- # (replications of the trail) will be created in the other regions. If
1566
- # the trail exists in all regions and this value is set to false, the
1567
- # trail will remain in the region where it was created, and its shadow
1568
- # trails in other regions will be deleted. As a best practice, consider
1569
- # using trails that log events in all regions.
3295
+ # Specifies whether the trail applies only to the current Region or to
3296
+ # all Regions. The default is false. If the trail exists only in the
3297
+ # current Region and this value is set to true, shadow trails
3298
+ # (replications of the trail) will be created in the other Regions. If
3299
+ # the trail exists in all Regions and this value is set to false, the
3300
+ # trail will remain in the Region where it was created, and its shadow
3301
+ # trails in other Regions will be deleted. As a best practice, consider
3302
+ # using trails that log events in all Regions.
1570
3303
  #
1571
3304
  # @option params [Boolean] :enable_log_file_validation
1572
3305
  # Specifies whether log file validation is enabled. The default is
@@ -1587,12 +3320,15 @@ module Aws::CloudTrail
1587
3320
  # @option params [String] :cloud_watch_logs_log_group_arn
1588
3321
  # Specifies a log group name using an Amazon Resource Name (ARN), a
1589
3322
  # unique identifier that represents the log group to which CloudTrail
1590
- # logs are delivered. Not required unless you specify
1591
- # `CloudWatchLogsRoleArn`.
3323
+ # logs are delivered. You must use a log group that exists in your
3324
+ # account.
3325
+ #
3326
+ # Not required unless you specify `CloudWatchLogsRoleArn`.
1592
3327
  #
1593
3328
  # @option params [String] :cloud_watch_logs_role_arn
1594
3329
  # Specifies the role for the CloudWatch Logs endpoint to assume to write
1595
- # to a user's log group.
3330
+ # to a user's log group. You must use a role that exists in your
3331
+ # account.
1596
3332
  #
1597
3333
  # @option params [String] :kms_key_id
1598
3334
  # Specifies the KMS key ID to use to encrypt the logs delivered by
@@ -1623,12 +3359,13 @@ module Aws::CloudTrail
1623
3359
  # organization in Organizations, or only for the current Amazon Web
1624
3360
  # Services account. The default is false, and cannot be true unless the
1625
3361
  # call is made on behalf of an Amazon Web Services account that is the
1626
- # management account for an organization in Organizations. If the trail
1627
- # is not an organization trail and this is set to `true`, the trail will
1628
- # be created in all Amazon Web Services accounts that belong to the
1629
- # organization. If the trail is an organization trail and this is set to
1630
- # `false`, the trail will remain in the current Amazon Web Services
1631
- # account but be deleted from all member accounts in the organization.
3362
+ # management account or delegated administrator account for an
3363
+ # organization in Organizations. If the trail is not an organization
3364
+ # trail and this is set to `true`, the trail will be created in all
3365
+ # Amazon Web Services accounts that belong to the organization. If the
3366
+ # trail is an organization trail and this is set to `false`, the trail
3367
+ # will remain in the current Amazon Web Services account but be deleted
3368
+ # from all member accounts in the organization.
1632
3369
  #
1633
3370
  # @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1634
3371
  #
@@ -1700,7 +3437,7 @@ module Aws::CloudTrail
1700
3437
  params: params,
1701
3438
  config: config)
1702
3439
  context[:gem_name] = 'aws-sdk-cloudtrail'
1703
- context[:gem_version] = '1.42.0'
3440
+ context[:gem_version] = '1.69.0'
1704
3441
  Seahorse::Client::Request.new(handlers, context)
1705
3442
  end
1706
3443