aws-sdk-cloudtrail 1.42.0 → 1.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -10,26 +10,48 @@
10
10
  module Aws::CloudTrail
11
11
  module Types
12
12
 
13
- # Specifies the tags to add to a trail.
13
+ # This exception is thrown when you start a new import and a previous
14
+ # import is still in progress.
14
15
  #
15
- # @note When making an API call, you may pass AddTagsRequest
16
- # data as a hash:
16
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountHasOngoingImportException AWS API Documentation
17
17
  #
18
- # {
19
- # resource_id: "String", # required
20
- # tags_list: [
21
- # {
22
- # key: "String", # required
23
- # value: "String",
24
- # },
25
- # ],
26
- # }
18
+ class AccountHasOngoingImportException < Aws::EmptyStructure; end
19
+
20
+ # This exception is thrown when the specified account is not found or
21
+ # not part of an organization.
22
+ #
23
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountNotFoundException AWS API Documentation
24
+ #
25
+ class AccountNotFoundException < Aws::EmptyStructure; end
26
+
27
+ # This exception is thrown when the specified account is not registered
28
+ # as the CloudTrail delegated administrator.
29
+ #
30
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountNotRegisteredException AWS API Documentation
31
+ #
32
+ class AccountNotRegisteredException < Aws::EmptyStructure; end
33
+
34
+ # This exception is thrown when the account is already registered as the
35
+ # CloudTrail delegated administrator.
36
+ #
37
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountRegisteredException AWS API Documentation
38
+ #
39
+ class AccountRegisteredException < Aws::EmptyStructure; end
40
+
41
+ # Specifies the tags to add to a trail, event data store, or channel.
27
42
  #
28
43
  # @!attribute [rw] resource_id
29
- # Specifies the ARN of the trail to which one or more tags will be
30
- # added. The format of a trail ARN is:
44
+ # Specifies the ARN of the trail, event data store, or channel to
45
+ # which one or more tags will be added.
31
46
  #
47
+ # The format of a trail ARN is:
32
48
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
49
+ #
50
+ # The format of an event data store ARN is:
51
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
52
+ #
53
+ # The format of a channel ARN is:
54
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
33
55
  # @return [String]
34
56
  #
35
57
  # @!attribute [rw] tags_list
@@ -55,8 +77,8 @@ module Aws::CloudTrail
55
77
  # Advanced event selectors let you create fine-grained selectors for the
56
78
  # following CloudTrail event record fields. They help you control costs
57
79
  # by logging only those events that are important to you. For more
58
- # information about advanced event selectors, see [Logging data events
59
- # for trails][1] in the *CloudTrail User Guide*.
80
+ # information about advanced event selectors, see [Logging data
81
+ # events][1] in the *CloudTrail User Guide*.
60
82
  #
61
83
  # * `readOnly`
62
84
  #
@@ -77,24 +99,6 @@ module Aws::CloudTrail
77
99
  #
78
100
  # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
79
101
  #
80
- # @note When making an API call, you may pass AdvancedEventSelector
81
- # data as a hash:
82
- #
83
- # {
84
- # name: "SelectorName",
85
- # field_selectors: [ # required
86
- # {
87
- # field: "SelectorField", # required
88
- # equals: ["OperatorValue"],
89
- # starts_with: ["OperatorValue"],
90
- # ends_with: ["OperatorValue"],
91
- # not_equals: ["OperatorValue"],
92
- # not_starts_with: ["OperatorValue"],
93
- # not_ends_with: ["OperatorValue"],
94
- # },
95
- # ],
96
- # }
97
- #
98
102
  # @!attribute [rw] name
99
103
  # An optional, descriptive name for an advanced event selector, such
100
104
  # as "Log data events for only two S3 buckets".
@@ -115,28 +119,25 @@ module Aws::CloudTrail
115
119
 
116
120
  # A single selector statement in an advanced event selector.
117
121
  #
118
- # @note When making an API call, you may pass AdvancedFieldSelector
119
- # data as a hash:
122
+ # @!attribute [rw] field
123
+ # A field in a CloudTrail event record on which to filter events to be
124
+ # logged. For event data stores for Config configuration items, Audit
125
+ # Manager evidence, or non-Amazon Web Services events, the field is
126
+ # used only for selecting events as filtering is not supported.
120
127
  #
121
- # {
122
- # field: "SelectorField", # required
123
- # equals: ["OperatorValue"],
124
- # starts_with: ["OperatorValue"],
125
- # ends_with: ["OperatorValue"],
126
- # not_equals: ["OperatorValue"],
127
- # not_starts_with: ["OperatorValue"],
128
- # not_ends_with: ["OperatorValue"],
129
- # }
128
+ # For CloudTrail event records, supported fields include `readOnly`,
129
+ # `eventCategory`, `eventSource` (for management events), `eventName`,
130
+ # `resources.type`, and `resources.ARN`.
130
131
  #
131
- # @!attribute [rw] field
132
- # A field in an event record on which to filter events to be logged.
133
- # Supported fields include `readOnly`, `eventCategory`, `eventSource`
134
- # (for management events), `eventName`, `resources.type`, and
135
- # `resources.ARN`.
132
+ # For event data stores for Config configuration items, Audit Manager
133
+ # evidence, or non-Amazon Web Services events, the only supported
134
+ # field is `eventCategory`.
136
135
  #
137
136
  # * <b> <code>readOnly</code> </b> - Optional. Can be set to `Equals`
138
- # a value of `true` or `false`. A value of `false` logs both `read`
139
- # and `write` events.
137
+ # a value of `true` or `false`. If you do not add this field,
138
+ # CloudTrail logs both `read` and `write` events. A value of `true`
139
+ # logs only `read` events. A value of `false` logs only `write`
140
+ # events.
140
141
  #
141
142
  # * <b> <code>eventSource</code> </b> - For filtering management
142
143
  # events only. This can be set only to `NotEquals`
@@ -147,30 +148,69 @@ module Aws::CloudTrail
147
148
  # CloudTrail, such as `PutBucket` or `GetSnapshotBlock`. You can
148
149
  # have multiple values for this field, separated by commas.
149
150
  #
150
- # * <b> <code>eventCategory</code> </b> - This is required. It must be
151
- # set to `Equals`, and the value must be `Management` or `Data`.
151
+ # * <b> <code>eventCategory</code> </b> - This is required and must be
152
+ # set to `Equals`.
152
153
  #
153
- # * <b> <code>resources.type</code> </b> - This field is required.
154
- # `resources.type` can only use the `Equals` operator, and the value
155
- # can be one of the following:
154
+ # * For CloudTrail event records, the value must be `Management` or
155
+ # `Data`.
156
156
  #
157
- # * `AWS::S3::Object`
157
+ # * For Config configuration items, the value must be
158
+ # `ConfigurationItem`.
158
159
  #
159
- # * `AWS::Lambda::Function`
160
+ # * For Audit Manager evidence, the value must be `Evidence`.
161
+ #
162
+ # * For non-Amazon Web Services events, the value must be
163
+ # `ActivityAuditLog`.
164
+ #
165
+ # * <b> <code>resources.type</code> </b> - This field is required for
166
+ # CloudTrail data events. `resources.type` can only use the `Equals`
167
+ # operator, and the value can be one of the following:
160
168
  #
161
169
  # * `AWS::DynamoDB::Table`
162
170
  #
163
- # * `AWS::S3Outposts::Object`
171
+ # * `AWS::Lambda::Function`
164
172
  #
165
- # * `AWS::ManagedBlockchain::Node`
173
+ # * `AWS::S3::Object`
166
174
  #
167
- # * `AWS::S3ObjectLambda::AccessPoint`
175
+ # * `AWS::CloudTrail::Channel`
176
+ #
177
+ # * `AWS::CodeWhisperer::Profile`
178
+ #
179
+ # * `AWS::Cognito::IdentityPool`
180
+ #
181
+ # * `AWS::DynamoDB::Stream`
168
182
  #
169
183
  # * `AWS::EC2::Snapshot`
170
184
  #
185
+ # * `AWS::EMRWAL::Workspace`
186
+ #
187
+ # * `AWS::FinSpace::Environment`
188
+ #
189
+ # * `AWS::Glue::Table`
190
+ #
191
+ # * `AWS::GuardDuty::Detector`
192
+ #
193
+ # * `AWS::KendraRanking::ExecutionPlan`
194
+ #
195
+ # * `AWS::ManagedBlockchain::Network`
196
+ #
197
+ # * `AWS::ManagedBlockchain::Node`
198
+ #
199
+ # * `AWS::MedicalImaging::Datastore`
200
+ #
201
+ # * `AWS::SageMaker::ExperimentTrialComponent`
202
+ #
203
+ # * `AWS::SageMaker::FeatureGroup`
204
+ #
171
205
  # * `AWS::S3::AccessPoint`
172
206
  #
173
- # * `AWS::DynamoDB::Stream`
207
+ # * `AWS::S3ObjectLambda::AccessPoint`
208
+ #
209
+ # * `AWS::S3Outposts::Object`
210
+ #
211
+ # * `AWS::SSMMessages::ControlChannel`
212
+ #
213
+ # * `AWS::VerifiedPermissions::PolicyStore`
174
214
  #
175
215
  # You can have only one `resources.type` field per selector. To log
176
216
  # data events on more than one resource type, add another selector.
@@ -192,16 +232,13 @@ module Aws::CloudTrail
192
232
  #
193
233
  # * `arn:<partition>:s3:::<bucket_name>/<object_path>/`
194
234
  #
195
- # When `resources.type` equals `AWS::S3::AccessPoint`, and the
196
- # operator is set to `Equals` or `NotEquals`, the ARN must be in one
197
- # of the following formats. To log events on all objects in an S3
198
- # access point, we recommend that you use only the access point ARN,
199
- # don’t include the object path, and use the `StartsWith` or
200
- # `NotStartsWith` operators.
235
+ # When resources.type equals `AWS::DynamoDB::Table`, and the
236
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
237
+ # following format:
201
238
  #
202
- # * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
239
+ # * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`
203
240
  #
204
- # * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
241
+ # ^
205
242
  #
206
243
  # When resources.type equals `AWS::Lambda::Function`, and the
207
244
  # operator is set to `Equals` or `NotEquals`, the ARN must be in the
@@ -211,19 +248,91 @@ module Aws::CloudTrail
211
248
  #
212
249
  # ^
213
250
  #
214
- # When resources.type equals `AWS::DynamoDB::Table`, and the
251
+ # When resources.type equals `AWS::CloudTrail::Channel`, and the
215
252
  # operator is set to `Equals` or `NotEquals`, the ARN must be in the
216
253
  # following format:
217
254
  #
218
- # * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`
255
+ # * `arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`
219
256
  #
220
257
  # ^
221
258
  #
222
- # When `resources.type` equals `AWS::S3Outposts::Object`, and the
259
+ # When resources.type equals `AWS::CodeWhisperer::Profile`, and the
223
260
  # operator is set to `Equals` or `NotEquals`, the ARN must be in the
224
261
  # following format:
225
262
  #
226
- # * `arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`
263
+ # * `arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`
264
+ #
265
+ # ^
266
+ #
267
+ # When resources.type equals `AWS::Cognito::IdentityPool`, and the
268
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
269
+ # following format:
270
+ #
271
+ # * `arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`
272
+ #
273
+ # ^
274
+ #
275
+ # When `resources.type` equals `AWS::DynamoDB::Stream`, and the
276
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
277
+ # following format:
278
+ #
279
+ # * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`
280
+ #
281
+ # ^
282
+ #
283
+ # When `resources.type` equals `AWS::EC2::Snapshot`, and the
284
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
285
+ # following format:
286
+ #
287
+ # * `arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`
288
+ #
289
+ # ^
290
+ #
291
+ # When `resources.type` equals `AWS::EMRWAL::Workspace`, and the
292
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
293
+ # following format:
294
+ #
295
+ # * `arn:<partition>:emrwal:<region>::workspace/<workspace_name>`
296
+ #
297
+ # ^
298
+ #
299
+ # When `resources.type` equals `AWS::FinSpace::Environment`, and the
300
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
301
+ # following format:
302
+ #
303
+ # * `arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`
304
+ #
305
+ # ^
306
+ #
307
+ # When `resources.type` equals `AWS::Glue::Table`, and the operator
308
+ # is set to `Equals` or `NotEquals`, the ARN must be in the
309
+ # following format:
310
+ #
311
+ # * `arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`
312
+ #
313
+ # ^
314
+ #
315
+ # When `resources.type` equals `AWS::GuardDuty::Detector`, and the
316
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in the
317
+ # following format:
318
+ #
319
+ # * `arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`
320
+ #
321
+ # ^
322
+ #
323
+ # When `resources.type` equals `AWS::KendraRanking::ExecutionPlan`,
324
+ # and the operator is set to `Equals` or `NotEquals`, the ARN must
325
+ # be in the following format:
326
+ #
327
+ # * `arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`
328
+ #
329
+ # ^
330
+ #
331
+ # When `resources.type` equals `AWS::ManagedBlockchain::Network`,
332
+ # and the operator is set to `Equals` or `NotEquals`, the ARN must
333
+ # be in the following format:
334
+ #
335
+ # * `arn:<partition>:managedblockchain:::networks/<network_name>`
227
336
  #
228
337
  # ^
229
338
  #
@@ -235,6 +344,42 @@ module Aws::CloudTrail
235
344
  #
236
345
  # ^
237
346
  #
347
+ # When `resources.type` equals `AWS::MedicalImaging::Datastore`, and
348
+ # the operator is set to `Equals` or `NotEquals`, the ARN must be in
349
+ # the following format:
350
+ #
351
+ # * `arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`
352
+ #
353
+ # ^
354
+ #
355
+ # When `resources.type` equals
356
+ # `AWS::SageMaker::ExperimentTrialComponent`, and the operator is
357
+ # set to `Equals` or `NotEquals`, the ARN must be in the following
358
+ # format:
359
+ #
360
+ # * `arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`
361
+ #
362
+ # ^
363
+ #
364
+ # When `resources.type` equals `AWS::SageMaker::FeatureGroup`, and
365
+ # the operator is set to `Equals` or `NotEquals`, the ARN must be in
366
+ # the following format:
367
+ #
368
+ # * `arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`
369
+ #
370
+ # ^
371
+ #
372
+ # When `resources.type` equals `AWS::S3::AccessPoint`, and the
373
+ # operator is set to `Equals` or `NotEquals`, the ARN must be in one
374
+ # of the following formats. To log events on all objects in an S3
375
+ # access point, we recommend that you use only the access point ARN,
376
+ # don’t include the object path, and use the `StartsWith` or
377
+ # `NotStartsWith` operators.
378
+ #
379
+ # * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
380
+ #
381
+ # * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
382
+ #
238
383
  # When `resources.type` equals `AWS::S3ObjectLambda::AccessPoint`,
239
384
  # and the operator is set to `Equals` or `NotEquals`, the ARN must
240
385
  # be in the following format:
@@ -243,19 +388,28 @@ module Aws::CloudTrail
243
388
  #
244
389
  # ^
245
390
  #
246
- # When `resources.type` equals `AWS::EC2::Snapshot`, and the
391
+ # When `resources.type` equals `AWS::S3Outposts::Object`, and the
247
392
  # operator is set to `Equals` or `NotEquals`, the ARN must be in the
248
393
  # following format:
249
394
  #
250
- # * `arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`
395
+ # * `arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`
251
396
  #
252
397
  # ^
253
398
  #
254
- # When `resources.type` equals `AWS::DynamoDB::Stream`, and the
255
- # operator is set to `Equals` or `NotEquals`, the ARN must be in the
256
- # following format:
399
+ # When `resources.type` equals `AWS::SSMMessages::ControlChannel`,
400
+ # and the operator is set to `Equals` or `NotEquals`, the ARN must
401
+ # be in the following format:
257
402
  #
258
- # * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`
403
+ # * `arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`
404
+ #
405
+ # ^
406
+ #
407
+ # When resources.type equals
408
+ # `AWS::VerifiedPermissions::PolicyStore`, and the operator is set
409
+ # to `Equals` or `NotEquals`, the ARN must be in the following
410
+ # format:
411
+ #
412
+ # * `arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>`
259
413
  #
260
414
  # ^
261
415
  # @return [String]
@@ -306,11 +460,122 @@ module Aws::CloudTrail
306
460
  include Aws::Structure
307
461
  end
308
462
 
463
+ # @!attribute [rw] event_data_store
464
+ # The ARN (or the ID suffix of the ARN) of an event data store on
465
+ # which the specified query is running.
466
+ # @return [String]
467
+ #
468
+ # @!attribute [rw] query_id
469
+ # The ID of the query that you want to cancel. The `QueryId` comes
470
+ # from the response of a `StartQuery` operation.
471
+ # @return [String]
472
+ #
473
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CancelQueryRequest AWS API Documentation
474
+ #
475
+ class CancelQueryRequest < Struct.new(
476
+ :event_data_store,
477
+ :query_id)
478
+ SENSITIVE = []
479
+ include Aws::Structure
480
+ end
481
+
482
+ # @!attribute [rw] query_id
483
+ # The ID of the canceled query.
484
+ # @return [String]
485
+ #
486
+ # @!attribute [rw] query_status
487
+ # Shows the status of a query after a `CancelQuery` request.
488
+ # Typically, the values shown are either `RUNNING` or `CANCELLED`.
489
+ # @return [String]
490
+ #
491
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CancelQueryResponse AWS API Documentation
492
+ #
493
+ class CancelQueryResponse < Struct.new(
494
+ :query_id,
495
+ :query_status)
496
+ SENSITIVE = []
497
+ include Aws::Structure
498
+ end
499
+
500
+ # This exception is thrown when the management account of an
501
+ # organization is registered as the CloudTrail delegated administrator.
502
+ #
503
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CannotDelegateManagementAccountException AWS API Documentation
504
+ #
505
+ class CannotDelegateManagementAccountException < Aws::EmptyStructure; end
506
+
507
+ # Contains information about a returned CloudTrail channel.
508
+ #
509
+ # @!attribute [rw] channel_arn
510
+ # The Amazon Resource Name (ARN) of a channel.
511
+ # @return [String]
512
+ #
513
+ # @!attribute [rw] name
514
+ # The name of the CloudTrail channel. For service-linked channels, the
515
+ # name is `aws-service-channel/service-name/custom-suffix` where
516
+ # `service-name` represents the name of the Amazon Web Services
517
+ # service that created the channel and `custom-suffix` represents the
518
+ # suffix created by the Amazon Web Services service.
519
+ # @return [String]
520
+ #
521
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/Channel AWS API Documentation
522
+ #
523
+ class Channel < Struct.new(
524
+ :channel_arn,
525
+ :name)
526
+ SENSITIVE = []
527
+ include Aws::Structure
528
+ end
529
+
530
+ # This exception is thrown when the specified value of `ChannelARN` is
531
+ # not valid.
532
+ #
533
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ChannelARNInvalidException AWS API Documentation
534
+ #
535
+ class ChannelARNInvalidException < Aws::EmptyStructure; end
536
+
537
+ # This exception is thrown when the provided channel already exists.
538
+ #
539
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ChannelAlreadyExistsException AWS API Documentation
540
+ #
541
+ class ChannelAlreadyExistsException < Aws::EmptyStructure; end
542
+
543
+ # This exception is thrown when the specified event data store cannot
544
+ # yet be deleted because it is in use by a channel.
545
+ #
546
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ChannelExistsForEDSException AWS API Documentation
547
+ #
548
+ class ChannelExistsForEDSException < Aws::EmptyStructure; end
549
+
550
+ # This exception is thrown when the maximum number of channels limit is
551
+ # exceeded.
552
+ #
553
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ChannelMaxLimitExceededException AWS API Documentation
554
+ #
555
+ class ChannelMaxLimitExceededException < Aws::EmptyStructure; end
556
+
557
+ # This exception is thrown when CloudTrail cannot find the specified
558
+ # channel.
559
+ #
560
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ChannelNotFoundException AWS API Documentation
561
+ #
562
+ class ChannelNotFoundException < Aws::EmptyStructure; end
563
+
309
564
  # This exception is thrown when an operation is called with a trail ARN
310
565
  # that is not valid. The following is the format of a trail ARN.
311
566
  #
312
567
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
313
568
  #
569
+ # This exception is also thrown when you call `AddTags` or `RemoveTags`
570
+ # on a trail, event data store, or channel with a resource ARN that is
571
+ # not valid.
572
+ #
573
+ # The following is the format of an event data store ARN:
574
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
575
+ #
576
+ # The following is the format of a channel ARN:
577
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
578
+ #
314
579
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailARNInvalidException AWS API Documentation
315
580
  #
316
581
  class CloudTrailARNInvalidException < Aws::EmptyStructure; end
@@ -338,7 +603,7 @@ module Aws::CloudTrail
338
603
  #
339
604
  class CloudTrailInvalidClientTokenIdException < Aws::EmptyStructure; end
340
605
 
341
- # Cannot set a CloudWatch Logs delivery for this region.
606
+ # Cannot set a CloudWatch Logs delivery for this Region.
342
607
  #
343
608
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudWatchLogsDeliveryUnavailableException AWS API Documentation
344
609
  #
@@ -346,92 +611,344 @@ module Aws::CloudTrail
346
611
 
347
612
  # This exception is thrown when the specified resource is not ready for
348
613
  # an operation. This can occur when you try to run an operation on a
349
- # trail before CloudTrail has time to fully load the trail. If this
350
- # exception occurs, wait a few minutes, and then try the operation
351
- # again.
614
+ # resource before CloudTrail has time to fully load the resource, or
615
+ # because another operation is modifying the resource. If this exception
616
+ # occurs, wait a few minutes, and then try the operation again.
352
617
  #
353
618
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ConflictException AWS API Documentation
354
619
  #
355
620
  class ConflictException < Aws::EmptyStructure; end
356
621
 
357
- # Specifies the settings for each trail.
358
- #
359
- # @note When making an API call, you may pass CreateTrailRequest
360
- # data as a hash:
361
- #
362
- # {
363
- # name: "String", # required
364
- # s3_bucket_name: "String", # required
365
- # s3_key_prefix: "String",
366
- # sns_topic_name: "String",
367
- # include_global_service_events: false,
368
- # is_multi_region_trail: false,
369
- # enable_log_file_validation: false,
370
- # cloud_watch_logs_log_group_arn: "String",
371
- # cloud_watch_logs_role_arn: "String",
372
- # kms_key_id: "String",
373
- # is_organization_trail: false,
374
- # tags_list: [
375
- # {
376
- # key: "String", # required
377
- # value: "String",
378
- # },
379
- # ],
380
- # }
381
- #
382
622
  # @!attribute [rw] name
383
- # Specifies the name of the trail. The name must meet the following
384
- # requirements:
623
+ # The name of the channel.
624
+ # @return [String]
385
625
  #
386
- # * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
387
- # underscores (\_), or dashes (-)
626
+ # @!attribute [rw] source
627
+ # The name of the partner or external event source. You cannot change
628
+ # this name after you create the channel. A maximum of one channel is
629
+ # allowed per source.
388
630
  #
389
- # * Start with a letter or number, and end with a letter or number
631
+ # A source can be either `Custom` for all valid non-Amazon Web
632
+ # Services events, or the name of a partner event source. For
633
+ # information about the source names for available partners, see
634
+ # [Additional information about integration partners][1] in the
635
+ # CloudTrail User Guide.
390
636
  #
391
- # * Be between 3 and 128 characters
392
637
  #
393
- # * Have no adjacent periods, underscores or dashes. Names like
394
- # `my-_namespace` and `my--namespace` are not valid.
395
638
  #
396
- # * Not be in IP address format (for example, 192.168.5.4)
639
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store-integration.html#cloudtrail-lake-partner-information
397
640
  # @return [String]
398
641
  #
399
- # @!attribute [rw] s3_bucket_name
400
- # Specifies the name of the Amazon S3 bucket designated for publishing
401
- # log files. See [Amazon S3 Bucket Naming Requirements][1].
642
+ # @!attribute [rw] destinations
643
+ # One or more event data stores to which events arriving through a
644
+ # channel will be logged.
645
+ # @return [Array<Types::Destination>]
402
646
  #
647
+ # @!attribute [rw] tags
648
+ # A list of tags.
649
+ # @return [Array<Types::Tag>]
403
650
  #
651
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateChannelRequest AWS API Documentation
404
652
  #
405
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
653
+ class CreateChannelRequest < Struct.new(
654
+ :name,
655
+ :source,
656
+ :destinations,
657
+ :tags)
658
+ SENSITIVE = []
659
+ include Aws::Structure
660
+ end
661
+
662
+ # @!attribute [rw] channel_arn
663
+ # The Amazon Resource Name (ARN) of the new channel.
406
664
  # @return [String]
407
665
  #
408
- # @!attribute [rw] s3_key_prefix
409
- # Specifies the Amazon S3 key prefix that comes after the name of the
410
- # bucket you have designated for log file delivery. For more
411
- # information, see [Finding Your CloudTrail Log Files][1]. The maximum
412
- # length is 200 characters.
413
- #
414
- #
415
- #
416
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
666
+ # @!attribute [rw] name
667
+ # The name of the new channel.
417
668
  # @return [String]
418
669
  #
419
- # @!attribute [rw] sns_topic_name
420
- # Specifies the name of the Amazon SNS topic defined for notification
421
- # of log file delivery. The maximum length is 256 characters.
670
+ # @!attribute [rw] source
671
+ # The partner or external event source name.
422
672
  # @return [String]
423
673
  #
424
- # @!attribute [rw] include_global_service_events
425
- # Specifies whether the trail is publishing events from global
426
- # services such as IAM to the log files.
427
- # @return [Boolean]
428
- #
429
- # @!attribute [rw] is_multi_region_trail
430
- # Specifies whether the trail is created in the current region or in
431
- # all regions. The default is false, which creates a trail only in the
432
- # region where you are signed in. As a best practice, consider
433
- # creating trails that log events in all regions.
434
- # @return [Boolean]
674
+ # @!attribute [rw] destinations
675
+ # The event data stores that log the events arriving through the
676
+ # channel.
677
+ # @return [Array<Types::Destination>]
678
+ #
679
+ # @!attribute [rw] tags
680
+ # A list of tags.
681
+ # @return [Array<Types::Tag>]
682
+ #
683
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateChannelResponse AWS API Documentation
684
+ #
685
+ class CreateChannelResponse < Struct.new(
686
+ :channel_arn,
687
+ :name,
688
+ :source,
689
+ :destinations,
690
+ :tags)
691
+ SENSITIVE = []
692
+ include Aws::Structure
693
+ end
694
+
695
+ # @!attribute [rw] name
696
+ # The name of the event data store.
697
+ # @return [String]
698
+ #
699
+ # @!attribute [rw] advanced_event_selectors
700
+ # The advanced event selectors to use to select the events for the
701
+ # data store. You can configure up to five advanced event selectors
702
+ # for each event data store.
703
+ #
704
+ # For more information about how to use advanced event selectors to
705
+ # log CloudTrail events, see [Log events by using advanced event
706
+ # selectors][1] in the CloudTrail User Guide.
707
+ #
708
+ # For more information about how to use advanced event selectors to
709
+ # include Config configuration items in your event data store, see
710
+ # [Create an event data store for Config configuration items][2] in
711
+ # the CloudTrail User Guide.
712
+ #
713
+ # For more information about how to use advanced event selectors to
714
+ # include non-Amazon Web Services events in your event data store, see
715
+ # [Create an integration to log events from outside Amazon Web
716
+ # Services][3] in the CloudTrail User Guide.
717
+ #
718
+ #
719
+ #
720
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced
721
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-eds-config
722
+ # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-lake-cli.html#lake-cli-create-integration
723
+ # @return [Array<Types::AdvancedEventSelector>]
724
+ #
725
+ # @!attribute [rw] multi_region_enabled
726
+ # Specifies whether the event data store includes events from all
727
+ # Regions, or only from the Region in which the event data store is
728
+ # created.
729
+ # @return [Boolean]
730
+ #
731
+ # @!attribute [rw] organization_enabled
732
+ # Specifies whether an event data store collects events logged for an
733
+ # organization in Organizations.
734
+ # @return [Boolean]
735
+ #
736
+ # @!attribute [rw] retention_period
737
+ # The retention period of the event data store, in days. You can set a
738
+ # retention period of up to 2557 days, the equivalent of seven years.
739
+ # CloudTrail Lake determines whether to retain an event by checking if
740
+ # the `eventTime` of the event is within the specified retention
741
+ # period. For example, if you set a retention period of 90 days,
742
+ # CloudTrail will remove events when the `eventTime` is older than 90
743
+ # days.
744
+ #
745
+ # <note markdown="1"> If you plan to copy trail events to this event data store, we
746
+ # recommend that you consider both the age of the events that you want
747
+ # to copy as well as how long you want to keep the copied events in
748
+ # your event data store. For example, if you copy trail events that
749
+ # are 5 years old and specify a retention period of 7 years, the event
750
+ # data store will retain those events for two years.
751
+ #
752
+ # </note>
753
+ # @return [Integer]
754
+ #
755
+ # @!attribute [rw] termination_protection_enabled
756
+ # Specifies whether termination protection is enabled for the event
757
+ # data store. If termination protection is enabled, you cannot delete
758
+ # the event data store until termination protection is disabled.
759
+ # @return [Boolean]
760
+ #
761
+ # @!attribute [rw] tags_list
762
+ # A list of tags.
763
+ # @return [Array<Types::Tag>]
764
+ #
765
+ # @!attribute [rw] kms_key_id
766
+ # Specifies the KMS key ID to use to encrypt the events delivered by
767
+ # CloudTrail. The value can be an alias name prefixed by `alias/`, a
768
+ # fully specified ARN to an alias, a fully specified ARN to a key, or
769
+ # a globally unique identifier.
770
+ #
771
+ # Disabling or deleting the KMS key, or removing CloudTrail
772
+ # permissions on the key, prevents CloudTrail from logging events to
773
+ # the event data store, and prevents users from querying the data in
774
+ # the event data store that was encrypted with the key. After you
775
+ # associate an event data store with a KMS key, the KMS key cannot be
776
+ # removed or changed. Before you disable or delete a KMS key that you
777
+ # are using with an event data store, delete or back up your event
778
+ # data store.
779
+ #
780
+ # CloudTrail also supports KMS multi-Region keys. For more information
781
+ # about multi-Region keys, see [Using multi-Region keys][1] in the
782
+ # *Key Management Service Developer Guide*.
783
+ #
784
+ # Examples:
785
+ #
786
+ # * `alias/MyAliasName`
787
+ #
788
+ # * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
789
+ #
790
+ # * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
791
+ #
792
+ # * `12345678-1234-1234-1234-123456789012`
793
+ #
794
+ #
795
+ #
796
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
797
+ # @return [String]
798
+ #
799
+ # @!attribute [rw] start_ingestion
800
+ # Specifies whether the event data store should start ingesting live
801
+ # events. The default is true.
802
+ # @return [Boolean]
803
+ #
804
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateEventDataStoreRequest AWS API Documentation
805
+ #
806
+ class CreateEventDataStoreRequest < Struct.new(
807
+ :name,
808
+ :advanced_event_selectors,
809
+ :multi_region_enabled,
810
+ :organization_enabled,
811
+ :retention_period,
812
+ :termination_protection_enabled,
813
+ :tags_list,
814
+ :kms_key_id,
815
+ :start_ingestion)
816
+ SENSITIVE = []
817
+ include Aws::Structure
818
+ end
819
+
820
+ # @!attribute [rw] event_data_store_arn
821
+ # The ARN of the event data store.
822
+ # @return [String]
823
+ #
824
+ # @!attribute [rw] name
825
+ # The name of the event data store.
826
+ # @return [String]
827
+ #
828
+ # @!attribute [rw] status
829
+ # The status of event data store creation.
830
+ # @return [String]
831
+ #
832
+ # @!attribute [rw] advanced_event_selectors
833
+ # The advanced event selectors that were used to select the events for
834
+ # the data store.
835
+ # @return [Array<Types::AdvancedEventSelector>]
836
+ #
837
+ # @!attribute [rw] multi_region_enabled
838
+ # Indicates whether the event data store collects events from all
839
+ # Regions, or only from the Region in which it was created.
840
+ # @return [Boolean]
841
+ #
842
+ # @!attribute [rw] organization_enabled
843
+ # Indicates whether an event data store is collecting logged events
844
+ # for an organization in Organizations.
845
+ # @return [Boolean]
846
+ #
847
+ # @!attribute [rw] retention_period
848
+ # The retention period of an event data store, in days.
849
+ # @return [Integer]
850
+ #
851
+ # @!attribute [rw] termination_protection_enabled
852
+ # Indicates whether termination protection is enabled for the event
853
+ # data store.
854
+ # @return [Boolean]
855
+ #
856
+ # @!attribute [rw] tags_list
857
+ # A list of tags.
858
+ # @return [Array<Types::Tag>]
859
+ #
860
+ # @!attribute [rw] created_timestamp
861
+ # The timestamp that shows when the event data store was created.
862
+ # @return [Time]
863
+ #
864
+ # @!attribute [rw] updated_timestamp
865
+ # The timestamp that shows when an event data store was updated, if
866
+ # applicable. `UpdatedTimestamp` is always either the same or newer
867
+ # than the time shown in `CreatedTimestamp`.
868
+ # @return [Time]
869
+ #
870
+ # @!attribute [rw] kms_key_id
871
+ # Specifies the KMS key ID that encrypts the events delivered by
872
+ # CloudTrail. The value is a fully specified ARN to a KMS key in the
873
+ # following format.
874
+ #
875
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
876
+ # @return [String]
877
+ #
878
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateEventDataStoreResponse AWS API Documentation
879
+ #
880
+ class CreateEventDataStoreResponse < Struct.new(
881
+ :event_data_store_arn,
882
+ :name,
883
+ :status,
884
+ :advanced_event_selectors,
885
+ :multi_region_enabled,
886
+ :organization_enabled,
887
+ :retention_period,
888
+ :termination_protection_enabled,
889
+ :tags_list,
890
+ :created_timestamp,
891
+ :updated_timestamp,
892
+ :kms_key_id)
893
+ SENSITIVE = []
894
+ include Aws::Structure
895
+ end
896
+
897
+ # Specifies the settings for each trail.
898
+ #
899
+ # @!attribute [rw] name
900
+ # Specifies the name of the trail. The name must meet the following
901
+ # requirements:
902
+ #
903
+ # * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
904
+ # underscores (\_), or dashes (-)
905
+ #
906
+ # * Start with a letter or number, and end with a letter or number
907
+ #
908
+ # * Be between 3 and 128 characters
909
+ #
910
+ # * Have no adjacent periods, underscores or dashes. Names like
911
+ # `my-_namespace` and `my--namespace` are not valid.
912
+ #
913
+ # * Not be in IP address format (for example, 192.168.5.4)
914
+ # @return [String]
915
+ #
916
+ # @!attribute [rw] s3_bucket_name
917
+ # Specifies the name of the Amazon S3 bucket designated for publishing
918
+ # log files. See [Amazon S3 Bucket Naming Requirements][1].
919
+ #
920
+ #
921
+ #
922
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
923
+ # @return [String]
924
+ #
925
+ # @!attribute [rw] s3_key_prefix
926
+ # Specifies the Amazon S3 key prefix that comes after the name of the
927
+ # bucket you have designated for log file delivery. For more
928
+ # information, see [Finding Your CloudTrail Log Files][1]. The maximum
929
+ # length is 200 characters.
930
+ #
931
+ #
932
+ #
933
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
934
+ # @return [String]
935
+ #
936
+ # @!attribute [rw] sns_topic_name
937
+ # Specifies the name of the Amazon SNS topic defined for notification
938
+ # of log file delivery. The maximum length is 256 characters.
939
+ # @return [String]
940
+ #
941
+ # @!attribute [rw] include_global_service_events
942
+ # Specifies whether the trail is publishing events from global
943
+ # services such as IAM to the log files.
944
+ # @return [Boolean]
945
+ #
946
+ # @!attribute [rw] is_multi_region_trail
947
+ # Specifies whether the trail is created in the current Region or in
948
+ # all Regions. The default is false, which creates a trail only in the
949
+ # Region where you are signed in. As a best practice, consider
950
+ # creating trails that log events in all Regions.
951
+ # @return [Boolean]
435
952
  #
436
953
  # @!attribute [rw] enable_log_file_validation
437
954
  # Specifies whether log file integrity validation is enabled. The
@@ -453,18 +970,21 @@ module Aws::CloudTrail
453
970
  # @!attribute [rw] cloud_watch_logs_log_group_arn
454
971
  # Specifies a log group name using an Amazon Resource Name (ARN), a
455
972
  # unique identifier that represents the log group to which CloudTrail
456
- # logs will be delivered. Not required unless you specify
457
- # `CloudWatchLogsRoleArn`.
973
+ # logs will be delivered. You must use a log group that exists in your
974
+ # account.
975
+ #
976
+ # Not required unless you specify `CloudWatchLogsRoleArn`.
458
977
  # @return [String]
459
978
  #
460
979
  # @!attribute [rw] cloud_watch_logs_role_arn
461
980
  # Specifies the role for the CloudWatch Logs endpoint to assume to
462
- # write to a user's log group.
981
+ # write to a user's log group. You must use a role that exists in
982
+ # your account.
463
983
  # @return [String]
464
984
  #
465
985
  # @!attribute [rw] kms_key_id
466
986
  # Specifies the KMS key ID to use to encrypt the logs delivered by
467
- # CloudTrail. The value can be an alias name prefixed by "alias/", a
987
+ # CloudTrail. The value can be an alias name prefixed by `alias/`, a
468
988
  # fully specified ARN to an alias, a fully specified ARN to a key, or
469
989
  # a globally unique identifier.
470
990
  #
@@ -474,13 +994,13 @@ module Aws::CloudTrail
474
994
  #
475
995
  # Examples:
476
996
  #
477
- # * alias/MyAliasName
997
+ # * `alias/MyAliasName`
478
998
  #
479
- # * arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
999
+ # * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
480
1000
  #
481
- # * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
1001
+ # * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
482
1002
  #
483
- # * 12345678-1234-1234-1234-123456789012
1003
+ # * `12345678-1234-1234-1234-123456789012`
484
1004
  #
485
1005
  #
486
1006
  #
@@ -492,7 +1012,8 @@ module Aws::CloudTrail
492
1012
  # organization in Organizations, or only for the current Amazon Web
493
1013
  # Services account. The default is false, and cannot be true unless
494
1014
  # the call is made on behalf of an Amazon Web Services account that is
495
- # the management account for an organization in Organizations.
1015
+ # the management account or delegated administrator account for an
1016
+ # organization in Organizations.
496
1017
  # @return [Boolean]
497
1018
  #
498
1019
  # @!attribute [rw] tags_list
@@ -541,7 +1062,7 @@ module Aws::CloudTrail
541
1062
  # @return [String]
542
1063
  #
543
1064
  # @!attribute [rw] sns_topic_name
544
- # This field is no longer in use. Use SnsTopicARN.
1065
+ # This field is no longer in use. Use `SnsTopicARN`.
545
1066
  # @return [String]
546
1067
  #
547
1068
  # @!attribute [rw] sns_topic_arn
@@ -558,7 +1079,7 @@ module Aws::CloudTrail
558
1079
  # @return [Boolean]
559
1080
  #
560
1081
  # @!attribute [rw] is_multi_region_trail
561
- # Specifies whether the trail exists in one region or in all regions.
1082
+ # Specifies whether the trail exists in one Region or in all Regions.
562
1083
  # @return [Boolean]
563
1084
  #
564
1085
  # @!attribute [rw] trail_arn
@@ -583,7 +1104,7 @@ module Aws::CloudTrail
583
1104
  # @return [String]
584
1105
  #
585
1106
  # @!attribute [rw] kms_key_id
586
- # Specifies the KMS key ID that encrypts the logs delivered by
1107
+ # Specifies the KMS key ID that encrypts the events delivered by
587
1108
  # CloudTrail. The value is a fully specified ARN to a KMS key in the
588
1109
  # following format.
589
1110
  #
@@ -623,7 +1144,7 @@ module Aws::CloudTrail
623
1144
  #
624
1145
  # <note markdown="1"> The total number of allowed data resources is 250. This number can be
625
1146
  # distributed between 1 and 5 event selectors, but the total cannot
626
- # exceed 250 across all selectors.
1147
+ # exceed 250 across all selectors for the trail.
627
1148
  #
628
1149
  # If you are using advanced event selectors, the maximum total number of
629
1150
  # values for all conditions, across all advanced event selectors for the
@@ -671,41 +1192,65 @@ module Aws::CloudTrail
671
1192
  # *MyOtherLambdaFunction* does not match the function specified for
672
1193
  # the trail. The trail doesn’t log the event.
673
1194
  #
674
- # @note When making an API call, you may pass DataResource
675
- # data as a hash:
676
- #
677
- # {
678
- # type: "String",
679
- # values: ["String"],
680
- # }
681
- #
682
1195
  # @!attribute [rw] type
683
1196
  # The resource type in which you want to log data events. You can
684
1197
  # specify the following *basic* event selector resource types:
685
1198
  #
686
- # * `AWS::S3::Object`
1199
+ # * `AWS::DynamoDB::Table`
687
1200
  #
688
1201
  # * `AWS::Lambda::Function`
689
1202
  #
690
- # * `AWS::DynamoDB::Table`
1203
+ # * `AWS::S3::Object`
691
1204
  #
692
- # The following resource types are also availble through *advanced*
1205
+ # The following resource types are also available through *advanced*
693
1206
  # event selectors. Basic event selector resource types are valid in
694
1207
  # advanced event selectors, but advanced event selector resource types
695
1208
  # are not valid in basic event selectors. For more information, see
696
- # AdvancedFieldSelector$Field.
1209
+ # [AdvancedFieldSelector][1].
697
1210
  #
698
- # * `AWS::S3Outposts::Object`
1211
+ # * `AWS::CloudTrail::Channel`
699
1212
  #
700
- # * `AWS::ManagedBlockchain::Node`
1213
+ # * `AWS::CodeWhisperer::Profile`
701
1214
  #
702
- # * `AWS::S3ObjectLambda::AccessPoint`
1215
+ # * `AWS::Cognito::IdentityPool`
1216
+ #
1217
+ # * `AWS::DynamoDB::Stream`
703
1218
  #
704
1219
  # * `AWS::EC2::Snapshot`
705
1220
  #
1221
+ # * `AWS::EMRWAL::Workspace`
1222
+ #
1223
+ # * `AWS::FinSpace::Environment`
1224
+ #
1225
+ # * `AWS::Glue::Table`
1226
+ #
1227
+ # * `AWS::GuardDuty::Detector`
1228
+ #
1229
+ # * `AWS::KendraRanking::ExecutionPlan`
1230
+ #
1231
+ # * `AWS::ManagedBlockchain::Network`
1232
+ #
1233
+ # * `AWS::ManagedBlockchain::Node`
1234
+ #
1235
+ # * `AWS::MedicalImaging::Datastore`
1236
+ #
1237
+ # * `AWS::SageMaker::ExperimentTrialComponent`
1238
+ #
1239
+ # * `AWS::SageMaker::FeatureGroup`
1240
+ #
706
1241
  # * `AWS::S3::AccessPoint`
707
1242
  #
708
- # * `AWS::DynamoDB::Stream`
1243
+ # * `AWS::S3ObjectLambda::AccessPoint`
1244
+ #
1245
+ # * `AWS::S3Outposts::Object`
1246
+ #
1247
+ # * `AWS::SSMMessages::ControlChannel`
1248
+ #
1249
+ # * `AWS::VerifiedPermissions::PolicyStore`
1250
+ #
1251
+ #
1252
+ #
1253
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html
709
1254
  # @return [String]
710
1255
  #
711
1256
  # @!attribute [rw] values
@@ -713,8 +1258,7 @@ module Aws::CloudTrail
713
1258
  # strings for the specified objects.
714
1259
  #
715
1260
  # * To log data events for all objects in all S3 buckets in your
716
- # Amazon Web Services account, specify the prefix as
717
- # `arn:aws:s3:::`.
1261
+ # Amazon Web Services account, specify the prefix as `arn:aws:s3`.
718
1262
  #
719
1263
  # <note markdown="1"> This also enables logging of data event activity performed by any
720
1264
  # user or role in your Amazon Web Services account, even if that
@@ -769,14 +1313,66 @@ module Aws::CloudTrail
769
1313
  include Aws::Structure
770
1314
  end
771
1315
 
772
- # The request that specifies the name of a trail to delete.
1316
+ # This exception is thrown when the maximum number of CloudTrail
1317
+ # delegated administrators is reached.
1318
+ #
1319
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DelegatedAdminAccountLimitExceededException AWS API Documentation
1320
+ #
1321
+ class DelegatedAdminAccountLimitExceededException < Aws::EmptyStructure; end
1322
+
1323
+ # @!attribute [rw] channel
1324
+ # The ARN or the `UUID` value of the channel that you want to delete.
1325
+ # @return [String]
1326
+ #
1327
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteChannelRequest AWS API Documentation
1328
+ #
1329
+ class DeleteChannelRequest < Struct.new(
1330
+ :channel)
1331
+ SENSITIVE = []
1332
+ include Aws::Structure
1333
+ end
1334
+
1335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteChannelResponse AWS API Documentation
1336
+ #
1337
+ class DeleteChannelResponse < Aws::EmptyStructure; end
1338
+
1339
+ # @!attribute [rw] event_data_store
1340
+ # The ARN (or the ID suffix of the ARN) of the event data store to
1341
+ # delete.
1342
+ # @return [String]
1343
+ #
1344
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteEventDataStoreRequest AWS API Documentation
1345
+ #
1346
+ class DeleteEventDataStoreRequest < Struct.new(
1347
+ :event_data_store)
1348
+ SENSITIVE = []
1349
+ include Aws::Structure
1350
+ end
1351
+
1352
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteEventDataStoreResponse AWS API Documentation
1353
+ #
1354
+ class DeleteEventDataStoreResponse < Aws::EmptyStructure; end
1355
+
1356
+ # @!attribute [rw] resource_arn
1357
+ # The Amazon Resource Name (ARN) of the CloudTrail channel you're
1358
+ # deleting the resource-based policy from. The following is the format
1359
+ # of a resource ARN:
1360
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
1361
+ # @return [String]
773
1362
  #
774
- # @note When making an API call, you may pass DeleteTrailRequest
775
- # data as a hash:
1363
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteResourcePolicyRequest AWS API Documentation
1364
+ #
1365
+ class DeleteResourcePolicyRequest < Struct.new(
1366
+ :resource_arn)
1367
+ SENSITIVE = []
1368
+ include Aws::Structure
1369
+ end
1370
+
1371
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteResourcePolicyResponse AWS API Documentation
776
1372
  #
777
- # {
778
- # name: "String", # required
779
- # }
1373
+ class DeleteResourcePolicyResponse < Aws::EmptyStructure; end
1374
+
1375
+ # The request that specifies the name of a trail to delete.
780
1376
  #
781
1377
  # @!attribute [rw] name
782
1378
  # Specifies the name or the CloudTrail ARN of the trail to be deleted.
@@ -799,47 +1395,133 @@ module Aws::CloudTrail
799
1395
  #
800
1396
  class DeleteTrailResponse < Aws::EmptyStructure; end
801
1397
 
802
- # Returns information about the trail.
1398
+ # Removes CloudTrail delegated administrator permissions from a
1399
+ # specified member account in an organization that is currently
1400
+ # designated as a delegated administrator.
1401
+ #
1402
+ # @!attribute [rw] delegated_admin_account_id
1403
+ # A delegated administrator account ID. This is a member account in an
1404
+ # organization that is currently designated as a delegated
1405
+ # administrator.
1406
+ # @return [String]
803
1407
  #
804
- # @note When making an API call, you may pass DescribeTrailsRequest
805
- # data as a hash:
1408
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeregisterOrganizationDelegatedAdminRequest AWS API Documentation
806
1409
  #
807
- # {
808
- # trail_name_list: ["String"],
809
- # include_shadow_trails: false,
810
- # }
1410
+ class DeregisterOrganizationDelegatedAdminRequest < Struct.new(
1411
+ :delegated_admin_account_id)
1412
+ SENSITIVE = []
1413
+ include Aws::Structure
1414
+ end
1415
+
1416
+ # Returns the following response if successful. Otherwise, returns an
1417
+ # error.
811
1418
  #
812
- # @!attribute [rw] trail_name_list
813
- # Specifies a list of trail names, trail ARNs, or both, of the trails
814
- # to describe. The format of a trail ARN is:
1419
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeregisterOrganizationDelegatedAdminResponse AWS API Documentation
815
1420
  #
816
- # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1421
+ class DeregisterOrganizationDelegatedAdminResponse < Aws::EmptyStructure; end
1422
+
1423
+ # @!attribute [rw] event_data_store
1424
+ # The ARN (or the ID suffix of the ARN) of an event data store on
1425
+ # which the specified query was run.
1426
+ # @return [String]
817
1427
  #
818
- # If an empty list is specified, information for the trail in the
819
- # current region is returned.
1428
+ # @!attribute [rw] query_id
1429
+ # The query ID.
1430
+ # @return [String]
820
1431
  #
821
- # * If an empty list is specified and `IncludeShadowTrails` is false,
822
- # then information for all trails in the current region is returned.
1432
+ # @!attribute [rw] query_alias
1433
+ # The alias that identifies a query template.
1434
+ # @return [String]
823
1435
  #
824
- # * If an empty list is specified and IncludeShadowTrails is null or
825
- # true, then information for all trails in the current region and
826
- # any associated shadow trails in other regions is returned.
1436
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeQueryRequest AWS API Documentation
827
1437
  #
828
- # <note markdown="1"> If one or more trail names are specified, information is returned
829
- # only if the names match the names of trails belonging only to the
830
- # current region. To return information about a trail in another
831
- # region, you must specify its trail ARN.
1438
+ class DescribeQueryRequest < Struct.new(
1439
+ :event_data_store,
1440
+ :query_id,
1441
+ :query_alias)
1442
+ SENSITIVE = []
1443
+ include Aws::Structure
1444
+ end
1445
+
1446
+ # @!attribute [rw] query_id
1447
+ # The ID of the query.
1448
+ # @return [String]
832
1449
  #
833
- # </note>
834
- # @return [Array<String>]
1450
+ # @!attribute [rw] query_string
1451
+ # The SQL code of a query.
1452
+ # @return [String]
835
1453
  #
836
- # @!attribute [rw] include_shadow_trails
837
- # Specifies whether to include shadow trails in the response. A shadow
838
- # trail is the replication in a region of a trail that was created in
839
- # a different region, or in the case of an organization trail, the
840
- # replication of an organization trail in member accounts. If you do
1454
+ # @!attribute [rw] query_status
1455
+ # The status of a query. Values for `QueryStatus` include `QUEUED`,
1456
+ # `RUNNING`, `FINISHED`, `FAILED`, `TIMED_OUT`, or `CANCELLED`
1457
+ # @return [String]
1458
+ #
1459
+ # @!attribute [rw] query_statistics
1460
+ # Metadata about a query, including the number of events that were
1461
+ # matched, the total number of events scanned, the query run time in
1462
+ # milliseconds, and the query's creation time.
1463
+ # @return [Types::QueryStatisticsForDescribeQuery]
1464
+ #
1465
+ # @!attribute [rw] error_message
1466
+ # The error message returned if a query failed.
1467
+ # @return [String]
1468
+ #
1469
+ # @!attribute [rw] delivery_s3_uri
1470
+ # The URI for the S3 bucket where CloudTrail delivered query results,
1471
+ # if applicable.
1472
+ # @return [String]
1473
+ #
1474
+ # @!attribute [rw] delivery_status
1475
+ # The delivery status.
1476
+ # @return [String]
1477
+ #
1478
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeQueryResponse AWS API Documentation
1479
+ #
1480
+ class DescribeQueryResponse < Struct.new(
1481
+ :query_id,
1482
+ :query_string,
1483
+ :query_status,
1484
+ :query_statistics,
1485
+ :error_message,
1486
+ :delivery_s3_uri,
1487
+ :delivery_status)
1488
+ SENSITIVE = []
1489
+ include Aws::Structure
1490
+ end
1491
+
1492
+ # Returns information about the trail.
1493
+ #
1494
+ # @!attribute [rw] trail_name_list
1495
+ # Specifies a list of trail names, trail ARNs, or both, of the trails
1496
+ # to describe. The format of a trail ARN is:
1497
+ #
1498
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1499
+ #
1500
+ # If an empty list is specified, information for the trail in the
1501
+ # current Region is returned.
1502
+ #
1503
+ # * If an empty list is specified and `IncludeShadowTrails` is false,
1504
+ # then information for all trails in the current Region is returned.
1505
+ #
1506
+ # * If an empty list is specified and IncludeShadowTrails is null or
1507
+ # true, then information for all trails in the current Region and
1508
+ # any associated shadow trails in other Regions is returned.
1509
+ #
1510
+ # <note markdown="1"> If one or more trail names are specified, information is returned
1511
+ # only if the names match the names of trails belonging only to the
1512
+ # current Region and current account. To return information about a
1513
+ # trail in another Region, you must specify its trail ARN.
1514
+ #
1515
+ # </note>
1516
+ # @return [Array<String>]
1517
+ #
1518
+ # @!attribute [rw] include_shadow_trails
1519
+ # Specifies whether to include shadow trails in the response. A shadow
1520
+ # trail is the replication in a Region of a trail that was created in
1521
+ # a different Region, or in the case of an organization trail, the
1522
+ # replication of an organization trail in member accounts. If you do
841
1523
  # not include shadow trails, organization trails in a member account
842
- # and region replication trails will not be returned. The default is
1524
+ # and Region replication trails will not be returned. The default is
843
1525
  # true.
844
1526
  # @return [Boolean]
845
1527
  #
@@ -872,6 +1554,31 @@ module Aws::CloudTrail
872
1554
  include Aws::Structure
873
1555
  end
874
1556
 
1557
+ # Contains information about the destination receiving events.
1558
+ #
1559
+ # @!attribute [rw] type
1560
+ # The type of destination for events arriving from a channel. For
1561
+ # channels used for a CloudTrail Lake integration, the value is
1562
+ # `EventDataStore`. For service-linked channels, the value is
1563
+ # `AWS_SERVICE`.
1564
+ # @return [String]
1565
+ #
1566
+ # @!attribute [rw] location
1567
+ # For channels used for a CloudTrail Lake integration, the location is
1568
+ # the ARN of an event data store that receives events from a channel.
1569
+ # For service-linked channels, the location is the name of the Amazon
1570
+ # Web Services service.
1571
+ # @return [String]
1572
+ #
1573
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/Destination AWS API Documentation
1574
+ #
1575
+ class Destination < Struct.new(
1576
+ :type,
1577
+ :location)
1578
+ SENSITIVE = []
1579
+ include Aws::Structure
1580
+ end
1581
+
875
1582
  # Contains information about an event that was returned by a lookup
876
1583
  # request. The result includes a representation of a CloudTrail event.
877
1584
  #
@@ -931,6 +1638,118 @@ module Aws::CloudTrail
931
1638
  include Aws::Structure
932
1639
  end
933
1640
 
1641
+ # A storage lake of event data against which you can run complex
1642
+ # SQL-based queries. An event data store can include events that you
1643
+ # have logged on your account from the last 90 to 2557 days (about three
1644
+ # months to up to seven years). To select events for an event data
1645
+ # store, use [advanced event selectors][1].
1646
+ #
1647
+ #
1648
+ #
1649
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced
1650
+ #
1651
+ # @!attribute [rw] event_data_store_arn
1652
+ # The ARN of the event data store.
1653
+ # @return [String]
1654
+ #
1655
+ # @!attribute [rw] name
1656
+ # The name of the event data store.
1657
+ # @return [String]
1658
+ #
1659
+ # @!attribute [rw] termination_protection_enabled
1660
+ # Indicates whether the event data store is protected from
1661
+ # termination.
1662
+ # @return [Boolean]
1663
+ #
1664
+ # @!attribute [rw] status
1665
+ # The status of an event data store.
1666
+ # @return [String]
1667
+ #
1668
+ # @!attribute [rw] advanced_event_selectors
1669
+ # The advanced event selectors that were used to select events for the
1670
+ # data store.
1671
+ # @return [Array<Types::AdvancedEventSelector>]
1672
+ #
1673
+ # @!attribute [rw] multi_region_enabled
1674
+ # Indicates whether the event data store includes events from all
1675
+ # Regions, or only from the Region in which it was created.
1676
+ # @return [Boolean]
1677
+ #
1678
+ # @!attribute [rw] organization_enabled
1679
+ # Indicates that an event data store is collecting logged events for
1680
+ # an organization.
1681
+ # @return [Boolean]
1682
+ #
1683
+ # @!attribute [rw] retention_period
1684
+ # The retention period, in days.
1685
+ # @return [Integer]
1686
+ #
1687
+ # @!attribute [rw] created_timestamp
1688
+ # The timestamp of the event data store's creation.
1689
+ # @return [Time]
1690
+ #
1691
+ # @!attribute [rw] updated_timestamp
1692
+ # The timestamp showing when an event data store was updated, if
1693
+ # applicable. `UpdatedTimestamp` is always either the same or newer
1694
+ # than the time shown in `CreatedTimestamp`.
1695
+ # @return [Time]
1696
+ #
1697
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStore AWS API Documentation
1698
+ #
1699
+ class EventDataStore < Struct.new(
1700
+ :event_data_store_arn,
1701
+ :name,
1702
+ :termination_protection_enabled,
1703
+ :status,
1704
+ :advanced_event_selectors,
1705
+ :multi_region_enabled,
1706
+ :organization_enabled,
1707
+ :retention_period,
1708
+ :created_timestamp,
1709
+ :updated_timestamp)
1710
+ SENSITIVE = []
1711
+ include Aws::Structure
1712
+ end
1713
+
1714
+ # The specified event data store ARN is not valid or does not map to an
1715
+ # event data store in your account.
1716
+ #
1717
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreARNInvalidException AWS API Documentation
1718
+ #
1719
+ class EventDataStoreARNInvalidException < Aws::EmptyStructure; end
1720
+
1721
+ # An event data store with that name already exists.
1722
+ #
1723
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreAlreadyExistsException AWS API Documentation
1724
+ #
1725
+ class EventDataStoreAlreadyExistsException < Aws::EmptyStructure; end
1726
+
1727
+ # This exception is thrown when you try to update or delete an event
1728
+ # data store that currently has an import in progress.
1729
+ #
1730
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreHasOngoingImportException AWS API Documentation
1731
+ #
1732
+ class EventDataStoreHasOngoingImportException < Aws::EmptyStructure; end
1733
+
1734
+ # Your account has used the maximum number of event data stores.
1735
+ #
1736
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreMaxLimitExceededException AWS API Documentation
1737
+ #
1738
+ class EventDataStoreMaxLimitExceededException < Aws::EmptyStructure; end
1739
+
1740
+ # The specified event data store was not found.
1741
+ #
1742
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreNotFoundException AWS API Documentation
1743
+ #
1744
+ class EventDataStoreNotFoundException < Aws::EmptyStructure; end
1745
+
1746
+ # The event data store cannot be deleted because termination protection
1747
+ # is enabled for it.
1748
+ #
1749
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreTerminationProtectedException AWS API Documentation
1750
+ #
1751
+ class EventDataStoreTerminationProtectedException < Aws::EmptyStructure; end
1752
+
934
1753
  # Use event selectors to further specify the management and data event
935
1754
  # settings for your trail. By default, trails created without specific
936
1755
  # event selectors will be configured to log all read and write
@@ -945,21 +1764,6 @@ module Aws::CloudTrail
945
1764
  # You cannot apply both event selectors and advanced event selectors to
946
1765
  # a trail.
947
1766
  #
948
- # @note When making an API call, you may pass EventSelector
949
- # data as a hash:
950
- #
951
- # {
952
- # read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
953
- # include_management_events: false,
954
- # data_resources: [
955
- # {
956
- # type: "String",
957
- # values: ["String"],
958
- # },
959
- # ],
960
- # exclude_management_event_sources: ["String"],
961
- # }
962
- #
963
1767
  # @!attribute [rw] read_write_type
964
1768
  # Specify if you want your trail to log read-only events, write-only
965
1769
  # events, or all. For example, the EC2 `GetConsoleOutput` is a
@@ -980,12 +1784,12 @@ module Aws::CloudTrail
980
1784
  #
981
1785
  # The first copy of management events is free. You are charged for
982
1786
  # additional copies of management events that you are logging on any
983
- # subsequent trail in the same region. For more information about
1787
+ # subsequent trail in the same Region. For more information about
984
1788
  # CloudTrail pricing, see [CloudTrail Pricing][2].
985
1789
  #
986
1790
  #
987
1791
  #
988
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events
1792
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
989
1793
  # [2]: http://aws.amazon.com/cloudtrail/pricing/
990
1794
  # @return [Boolean]
991
1795
  #
@@ -1002,7 +1806,7 @@ module Aws::CloudTrail
1002
1806
  #
1003
1807
  #
1004
1808
  #
1005
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events
1809
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
1006
1810
  # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
1007
1811
  # @return [Array<Types::DataResource>]
1008
1812
  #
@@ -1013,7 +1817,8 @@ module Aws::CloudTrail
1013
1817
  # Management Service or Amazon RDS Data API events by containing
1014
1818
  # `kms.amazonaws.com` or `rdsdata.amazonaws.com`. By default,
1015
1819
  # `ExcludeManagementEventSources` is empty, and KMS and Amazon RDS
1016
- # Data API events are logged to your trail.
1820
+ # Data API events are logged to your trail. You can exclude management
1821
+ # event sources only in Regions that support the event source.
1017
1822
  # @return [Array<String>]
1018
1823
  #
1019
1824
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventSelector AWS API Documentation
@@ -1027,13 +1832,150 @@ module Aws::CloudTrail
1027
1832
  include Aws::Structure
1028
1833
  end
1029
1834
 
1030
- # @note When making an API call, you may pass GetEventSelectorsRequest
1031
- # data as a hash:
1835
+ # @!attribute [rw] channel
1836
+ # The ARN or `UUID` of a channel.
1837
+ # @return [String]
1838
+ #
1839
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetChannelRequest AWS API Documentation
1840
+ #
1841
+ class GetChannelRequest < Struct.new(
1842
+ :channel)
1843
+ SENSITIVE = []
1844
+ include Aws::Structure
1845
+ end
1846
+
1847
+ # @!attribute [rw] channel_arn
1848
+ # The ARN of an channel returned by a `GetChannel` request.
1849
+ # @return [String]
1850
+ #
1851
+ # @!attribute [rw] name
1852
+ # The name of the CloudTrail channel. For service-linked channels, the
1853
+ # name is `aws-service-channel/service-name/custom-suffix` where
1854
+ # `service-name` represents the name of the Amazon Web Services
1855
+ # service that created the channel and `custom-suffix` represents the
1856
+ # suffix generated by the Amazon Web Services service.
1857
+ # @return [String]
1858
+ #
1859
+ # @!attribute [rw] source
1860
+ # The source for the CloudTrail channel.
1861
+ # @return [String]
1862
+ #
1863
+ # @!attribute [rw] source_config
1864
+ # Provides information about the advanced event selectors configured
1865
+ # for the channel, and whether the channel applies to all Regions or a
1866
+ # single Region.
1867
+ # @return [Types::SourceConfig]
1868
+ #
1869
+ # @!attribute [rw] destinations
1870
+ # The destinations for the channel. For channels created for
1871
+ # integrations, the destinations are the event data stores that log
1872
+ # events arriving through the channel. For service-linked channels,
1873
+ # the destination is the Amazon Web Services service that created the
1874
+ # service-linked channel to receive events.
1875
+ # @return [Array<Types::Destination>]
1876
+ #
1877
+ # @!attribute [rw] ingestion_status
1878
+ # A table showing information about the most recent successful and
1879
+ # failed attempts to ingest events.
1880
+ # @return [Types::IngestionStatus]
1881
+ #
1882
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetChannelResponse AWS API Documentation
1883
+ #
1884
+ class GetChannelResponse < Struct.new(
1885
+ :channel_arn,
1886
+ :name,
1887
+ :source,
1888
+ :source_config,
1889
+ :destinations,
1890
+ :ingestion_status)
1891
+ SENSITIVE = []
1892
+ include Aws::Structure
1893
+ end
1894
+
1895
+ # @!attribute [rw] event_data_store
1896
+ # The ARN (or ID suffix of the ARN) of the event data store about
1897
+ # which you want information.
1898
+ # @return [String]
1899
+ #
1900
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStoreRequest AWS API Documentation
1901
+ #
1902
+ class GetEventDataStoreRequest < Struct.new(
1903
+ :event_data_store)
1904
+ SENSITIVE = []
1905
+ include Aws::Structure
1906
+ end
1907
+
1908
+ # @!attribute [rw] event_data_store_arn
1909
+ # The event data store Amazon Resource Number (ARN).
1910
+ # @return [String]
1032
1911
  #
1033
- # {
1034
- # trail_name: "String", # required
1035
- # }
1912
+ # @!attribute [rw] name
1913
+ # The name of the event data store.
1914
+ # @return [String]
1915
+ #
1916
+ # @!attribute [rw] status
1917
+ # The status of an event data store.
1918
+ # @return [String]
1919
+ #
1920
+ # @!attribute [rw] advanced_event_selectors
1921
+ # The advanced event selectors used to select events for the data
1922
+ # store.
1923
+ # @return [Array<Types::AdvancedEventSelector>]
1924
+ #
1925
+ # @!attribute [rw] multi_region_enabled
1926
+ # Indicates whether the event data store includes events from all
1927
+ # Regions, or only from the Region in which it was created.
1928
+ # @return [Boolean]
1929
+ #
1930
+ # @!attribute [rw] organization_enabled
1931
+ # Indicates whether an event data store is collecting logged events
1932
+ # for an organization in Organizations.
1933
+ # @return [Boolean]
1934
+ #
1935
+ # @!attribute [rw] retention_period
1936
+ # The retention period of the event data store, in days.
1937
+ # @return [Integer]
1938
+ #
1939
+ # @!attribute [rw] termination_protection_enabled
1940
+ # Indicates that termination protection is enabled.
1941
+ # @return [Boolean]
1942
+ #
1943
+ # @!attribute [rw] created_timestamp
1944
+ # The timestamp of the event data store's creation.
1945
+ # @return [Time]
1946
+ #
1947
+ # @!attribute [rw] updated_timestamp
1948
+ # Shows the time that an event data store was updated, if applicable.
1949
+ # `UpdatedTimestamp` is always either the same or newer than the time
1950
+ # shown in `CreatedTimestamp`.
1951
+ # @return [Time]
1952
+ #
1953
+ # @!attribute [rw] kms_key_id
1954
+ # Specifies the KMS key ID that encrypts the events delivered by
1955
+ # CloudTrail. The value is a fully specified ARN to a KMS key in the
1956
+ # following format.
1957
+ #
1958
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
1959
+ # @return [String]
1036
1960
  #
1961
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStoreResponse AWS API Documentation
1962
+ #
1963
+ class GetEventDataStoreResponse < Struct.new(
1964
+ :event_data_store_arn,
1965
+ :name,
1966
+ :status,
1967
+ :advanced_event_selectors,
1968
+ :multi_region_enabled,
1969
+ :organization_enabled,
1970
+ :retention_period,
1971
+ :termination_protection_enabled,
1972
+ :created_timestamp,
1973
+ :updated_timestamp,
1974
+ :kms_key_id)
1975
+ SENSITIVE = []
1976
+ include Aws::Structure
1977
+ end
1978
+
1037
1979
  # @!attribute [rw] trail_name
1038
1980
  # Specifies the name of the trail or trail ARN. If you specify a trail
1039
1981
  # name, the string must meet the following requirements:
@@ -1085,13 +2027,78 @@ module Aws::CloudTrail
1085
2027
  include Aws::Structure
1086
2028
  end
1087
2029
 
1088
- # @note When making an API call, you may pass GetInsightSelectorsRequest
1089
- # data as a hash:
2030
+ # @!attribute [rw] import_id
2031
+ # The ID for the import.
2032
+ # @return [String]
2033
+ #
2034
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetImportRequest AWS API Documentation
2035
+ #
2036
+ class GetImportRequest < Struct.new(
2037
+ :import_id)
2038
+ SENSITIVE = []
2039
+ include Aws::Structure
2040
+ end
2041
+
2042
+ # @!attribute [rw] import_id
2043
+ # The ID of the import.
2044
+ # @return [String]
2045
+ #
2046
+ # @!attribute [rw] destinations
2047
+ # The ARN of the destination event data store.
2048
+ # @return [Array<String>]
2049
+ #
2050
+ # @!attribute [rw] import_source
2051
+ # The source S3 bucket.
2052
+ # @return [Types::ImportSource]
2053
+ #
2054
+ # @!attribute [rw] start_event_time
2055
+ # Used with `EndEventTime` to bound a `StartImport` request, and limit
2056
+ # imported trail events to only those events logged within a specified
2057
+ # time period.
2058
+ # @return [Time]
2059
+ #
2060
+ # @!attribute [rw] end_event_time
2061
+ # Used with `StartEventTime` to bound a `StartImport` request, and
2062
+ # limit imported trail events to only those events logged within a
2063
+ # specified time period.
2064
+ # @return [Time]
2065
+ #
2066
+ # @!attribute [rw] import_status
2067
+ # The status of the import.
2068
+ # @return [String]
2069
+ #
2070
+ # @!attribute [rw] created_timestamp
2071
+ # The timestamp of the import's creation.
2072
+ # @return [Time]
1090
2073
  #
1091
- # {
1092
- # trail_name: "String", # required
1093
- # }
2074
+ # @!attribute [rw] updated_timestamp
2075
+ # The timestamp of when the import was updated.
2076
+ # @return [Time]
1094
2077
  #
2078
+ # @!attribute [rw] import_statistics
2079
+ # Provides statistics for the import. CloudTrail does not update
2080
+ # import statistics in real-time. Returned values for parameters such
2081
+ # as `EventsCompleted` may be lower than the actual value, because
2082
+ # CloudTrail updates statistics incrementally over the course of the
2083
+ # import.
2084
+ # @return [Types::ImportStatistics]
2085
+ #
2086
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetImportResponse AWS API Documentation
2087
+ #
2088
+ class GetImportResponse < Struct.new(
2089
+ :import_id,
2090
+ :destinations,
2091
+ :import_source,
2092
+ :start_event_time,
2093
+ :end_event_time,
2094
+ :import_status,
2095
+ :created_timestamp,
2096
+ :updated_timestamp,
2097
+ :import_statistics)
2098
+ SENSITIVE = []
2099
+ include Aws::Structure
2100
+ end
2101
+
1095
2102
  # @!attribute [rw] trail_name
1096
2103
  # Specifies the name of the trail or trail ARN. If you specify a trail
1097
2104
  # name, the string must meet the following requirements:
@@ -1128,8 +2135,8 @@ module Aws::CloudTrail
1128
2135
  #
1129
2136
  # @!attribute [rw] insight_selectors
1130
2137
  # A JSON string that contains the insight types you want to log on a
1131
- # trail. In this release, only `ApiCallRateInsight` is supported as an
1132
- # insight type.
2138
+ # trail. In this release, `ApiErrorRateInsight` and
2139
+ # `ApiCallRateInsight` are supported as insight types.
1133
2140
  # @return [Array<Types::InsightSelector>]
1134
2141
  #
1135
2142
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsResponse AWS API Documentation
@@ -1141,13 +2148,100 @@ module Aws::CloudTrail
1141
2148
  include Aws::Structure
1142
2149
  end
1143
2150
 
1144
- # @note When making an API call, you may pass GetTrailRequest
1145
- # data as a hash:
2151
+ # @!attribute [rw] event_data_store
2152
+ # The ARN (or ID suffix of the ARN) of the event data store against
2153
+ # which the query was run.
2154
+ # @return [String]
2155
+ #
2156
+ # @!attribute [rw] query_id
2157
+ # The ID of the query for which you want to get results.
2158
+ # @return [String]
2159
+ #
2160
+ # @!attribute [rw] next_token
2161
+ # A token you can use to get the next page of query results.
2162
+ # @return [String]
2163
+ #
2164
+ # @!attribute [rw] max_query_results
2165
+ # The maximum number of query results to display on a single page.
2166
+ # @return [Integer]
2167
+ #
2168
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetQueryResultsRequest AWS API Documentation
2169
+ #
2170
+ class GetQueryResultsRequest < Struct.new(
2171
+ :event_data_store,
2172
+ :query_id,
2173
+ :next_token,
2174
+ :max_query_results)
2175
+ SENSITIVE = []
2176
+ include Aws::Structure
2177
+ end
2178
+
2179
+ # @!attribute [rw] query_status
2180
+ # The status of the query. Values include `QUEUED`, `RUNNING`,
2181
+ # `FINISHED`, `FAILED`, `TIMED_OUT`, or `CANCELLED`.
2182
+ # @return [String]
2183
+ #
2184
+ # @!attribute [rw] query_statistics
2185
+ # Shows the count of query results.
2186
+ # @return [Types::QueryStatistics]
2187
+ #
2188
+ # @!attribute [rw] query_result_rows
2189
+ # Contains the individual event results of the query.
2190
+ # @return [Array<Array<Hash<String,String>>>]
2191
+ #
2192
+ # @!attribute [rw] next_token
2193
+ # A token you can use to get the next page of query results.
2194
+ # @return [String]
2195
+ #
2196
+ # @!attribute [rw] error_message
2197
+ # The error message returned if a query failed.
2198
+ # @return [String]
2199
+ #
2200
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetQueryResultsResponse AWS API Documentation
2201
+ #
2202
+ class GetQueryResultsResponse < Struct.new(
2203
+ :query_status,
2204
+ :query_statistics,
2205
+ :query_result_rows,
2206
+ :next_token,
2207
+ :error_message)
2208
+ SENSITIVE = []
2209
+ include Aws::Structure
2210
+ end
2211
+
2212
+ # @!attribute [rw] resource_arn
2213
+ # The Amazon Resource Name (ARN) of the CloudTrail channel attached to
2214
+ # the resource-based policy. The following is the format of a resource
2215
+ # ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
2216
+ # @return [String]
2217
+ #
2218
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetResourcePolicyRequest AWS API Documentation
2219
+ #
2220
+ class GetResourcePolicyRequest < Struct.new(
2221
+ :resource_arn)
2222
+ SENSITIVE = []
2223
+ include Aws::Structure
2224
+ end
2225
+
2226
+ # @!attribute [rw] resource_arn
2227
+ # The Amazon Resource Name (ARN) of the CloudTrail channel attached to
2228
+ # resource-based policy.
2229
+ # @return [String]
1146
2230
  #
1147
- # {
1148
- # name: "String", # required
1149
- # }
2231
+ # @!attribute [rw] resource_policy
2232
+ # A JSON-formatted string that contains the resource-based policy
2233
+ # attached to the CloudTrail channel.
2234
+ # @return [String]
2235
+ #
2236
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetResourcePolicyResponse AWS API Documentation
1150
2237
  #
2238
+ class GetResourcePolicyResponse < Struct.new(
2239
+ :resource_arn,
2240
+ :resource_policy)
2241
+ SENSITIVE = []
2242
+ include Aws::Structure
2243
+ end
2244
+
1151
2245
  # @!attribute [rw] name
1152
2246
  # The name or the Amazon Resource Name (ARN) of the trail for which
1153
2247
  # you want to retrieve settings information.
@@ -1175,17 +2269,10 @@ module Aws::CloudTrail
1175
2269
 
1176
2270
  # The name of a trail about which you want the current status.
1177
2271
  #
1178
- # @note When making an API call, you may pass GetTrailStatusRequest
1179
- # data as a hash:
1180
- #
1181
- # {
1182
- # name: "String", # required
1183
- # }
1184
- #
1185
2272
  # @!attribute [rw] name
1186
2273
  # Specifies the name or the CloudTrail ARN of the trail for which you
1187
2274
  # are requesting status. To get the status of a shadow trail (a
1188
- # replication of the trail in another region), you must specify its
2275
+ # replication of the trail in another Region), you must specify its
1189
2276
  # ARN. The following is the format of a trail ARN.
1190
2277
  #
1191
2278
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
@@ -1339,55 +2426,227 @@ module Aws::CloudTrail
1339
2426
  include Aws::Structure
1340
2427
  end
1341
2428
 
1342
- # If you run `GetInsightSelectors` on a trail that does not have
1343
- # Insights events enabled, the operation throws the exception
1344
- # `InsightNotEnabledException`.
1345
- #
1346
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightNotEnabledException AWS API Documentation
2429
+ # Provides information about an import failure.
1347
2430
  #
1348
- class InsightNotEnabledException < Aws::EmptyStructure; end
1349
-
1350
- # A JSON string that contains a list of insight types that are logged on
1351
- # a trail.
2431
+ # @!attribute [rw] location
2432
+ # The location of the failure in the S3 bucket.
2433
+ # @return [String]
1352
2434
  #
1353
- # @note When making an API call, you may pass InsightSelector
1354
- # data as a hash:
2435
+ # @!attribute [rw] status
2436
+ # The status of the import.
2437
+ # @return [String]
1355
2438
  #
1356
- # {
1357
- # insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight, ApiErrorRateInsight
1358
- # }
2439
+ # @!attribute [rw] error_type
2440
+ # The type of import error.
2441
+ # @return [String]
1359
2442
  #
1360
- # @!attribute [rw] insight_type
1361
- # The type of Insights events to log on a trail. The valid Insights
1362
- # type in this release is `ApiCallRateInsight`.
2443
+ # @!attribute [rw] error_message
2444
+ # Provides the reason the import failed.
1363
2445
  # @return [String]
1364
2446
  #
1365
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
2447
+ # @!attribute [rw] last_updated_time
2448
+ # When the import was last updated.
2449
+ # @return [Time]
1366
2450
  #
1367
- class InsightSelector < Struct.new(
1368
- :insight_type)
2451
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ImportFailureListItem AWS API Documentation
2452
+ #
2453
+ class ImportFailureListItem < Struct.new(
2454
+ :location,
2455
+ :status,
2456
+ :error_type,
2457
+ :error_message,
2458
+ :last_updated_time)
1369
2459
  SENSITIVE = []
1370
2460
  include Aws::Structure
1371
2461
  end
1372
2462
 
1373
- # This exception is thrown when the IAM user or role that is used to
1374
- # create the organization trail is lacking one or more required
1375
- # permissions for creating an organization trail in a required service.
1376
- # For more information, see [Prepare For Creating a Trail For Your
1377
- # Organization][1].
2463
+ # The specified import was not found.
1378
2464
  #
2465
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ImportNotFoundException AWS API Documentation
1379
2466
  #
2467
+ class ImportNotFoundException < Aws::EmptyStructure; end
2468
+
2469
+ # The import source.
1380
2470
  #
1381
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
2471
+ # @!attribute [rw] s3
2472
+ # The source S3 bucket.
2473
+ # @return [Types::S3ImportSource]
1382
2474
  #
1383
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientDependencyServiceAccessPermissionException AWS API Documentation
2475
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ImportSource AWS API Documentation
1384
2476
  #
1385
- class InsufficientDependencyServiceAccessPermissionException < Aws::EmptyStructure; end
2477
+ class ImportSource < Struct.new(
2478
+ :s3)
2479
+ SENSITIVE = []
2480
+ include Aws::Structure
2481
+ end
1386
2482
 
1387
- # This exception is thrown when the policy on the S3 bucket or KMS key
1388
- # is not sufficient.
2483
+ # Provides statistics for the specified `ImportID`. CloudTrail does not
2484
+ # update import statistics in real-time. Returned values for parameters
2485
+ # such as `EventsCompleted` may be lower than the actual value, because
2486
+ # CloudTrail updates statistics incrementally over the course of the
2487
+ # import.
2488
+ #
2489
+ # @!attribute [rw] prefixes_found
2490
+ # The number of S3 prefixes found for the import.
2491
+ # @return [Integer]
1389
2492
  #
1390
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientEncryptionPolicyException AWS API Documentation
2493
+ # @!attribute [rw] prefixes_completed
2494
+ # The number of S3 prefixes that completed import.
2495
+ # @return [Integer]
2496
+ #
2497
+ # @!attribute [rw] files_completed
2498
+ # The number of log files that completed import.
2499
+ # @return [Integer]
2500
+ #
2501
+ # @!attribute [rw] events_completed
2502
+ # The number of trail events imported into the event data store.
2503
+ # @return [Integer]
2504
+ #
2505
+ # @!attribute [rw] failed_entries
2506
+ # The number of failed entries.
2507
+ # @return [Integer]
2508
+ #
2509
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ImportStatistics AWS API Documentation
2510
+ #
2511
+ class ImportStatistics < Struct.new(
2512
+ :prefixes_found,
2513
+ :prefixes_completed,
2514
+ :files_completed,
2515
+ :events_completed,
2516
+ :failed_entries)
2517
+ SENSITIVE = []
2518
+ include Aws::Structure
2519
+ end
2520
+
2521
+ # Contains information about an import that was returned by a lookup
2522
+ # request.
2523
+ #
2524
+ # @!attribute [rw] import_id
2525
+ # The ID of the import.
2526
+ # @return [String]
2527
+ #
2528
+ # @!attribute [rw] import_status
2529
+ # The status of the import.
2530
+ # @return [String]
2531
+ #
2532
+ # @!attribute [rw] destinations
2533
+ # The ARN of the destination event data store.
2534
+ # @return [Array<String>]
2535
+ #
2536
+ # @!attribute [rw] created_timestamp
2537
+ # The timestamp of the import's creation.
2538
+ # @return [Time]
2539
+ #
2540
+ # @!attribute [rw] updated_timestamp
2541
+ # The timestamp of the import's last update.
2542
+ # @return [Time]
2543
+ #
2544
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ImportsListItem AWS API Documentation
2545
+ #
2546
+ class ImportsListItem < Struct.new(
2547
+ :import_id,
2548
+ :import_status,
2549
+ :destinations,
2550
+ :created_timestamp,
2551
+ :updated_timestamp)
2552
+ SENSITIVE = []
2553
+ include Aws::Structure
2554
+ end
2555
+
2556
+ # The event data store is inactive.
2557
+ #
2558
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InactiveEventDataStoreException AWS API Documentation
2559
+ #
2560
+ class InactiveEventDataStoreException < Aws::EmptyStructure; end
2561
+
2562
+ # The specified query cannot be canceled because it is in the
2563
+ # `FINISHED`, `FAILED`, `TIMED_OUT`, or `CANCELLED` state.
2564
+ #
2565
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InactiveQueryException AWS API Documentation
2566
+ #
2567
+ class InactiveQueryException < Aws::EmptyStructure; end
2568
+
2569
+ # A table showing information about the most recent successful and
2570
+ # failed attempts to ingest events.
2571
+ #
2572
+ # @!attribute [rw] latest_ingestion_success_time
2573
+ # The time stamp of the most recent successful ingestion of events for
2574
+ # the channel.
2575
+ # @return [Time]
2576
+ #
2577
+ # @!attribute [rw] latest_ingestion_success_event_id
2578
+ # The event ID of the most recent successful ingestion of events.
2579
+ # @return [String]
2580
+ #
2581
+ # @!attribute [rw] latest_ingestion_error_code
2582
+ # The error code for the most recent failure to ingest events.
2583
+ # @return [String]
2584
+ #
2585
+ # @!attribute [rw] latest_ingestion_attempt_time
2586
+ # The time stamp of the most recent attempt to ingest events on the
2587
+ # channel.
2588
+ # @return [Time]
2589
+ #
2590
+ # @!attribute [rw] latest_ingestion_attempt_event_id
2591
+ # The event ID of the most recent attempt to ingest events.
2592
+ # @return [String]
2593
+ #
2594
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/IngestionStatus AWS API Documentation
2595
+ #
2596
+ class IngestionStatus < Struct.new(
2597
+ :latest_ingestion_success_time,
2598
+ :latest_ingestion_success_event_id,
2599
+ :latest_ingestion_error_code,
2600
+ :latest_ingestion_attempt_time,
2601
+ :latest_ingestion_attempt_event_id)
2602
+ SENSITIVE = []
2603
+ include Aws::Structure
2604
+ end
2605
+
2606
+ # If you run `GetInsightSelectors` on a trail that does not have
2607
+ # Insights events enabled, the operation throws the exception
2608
+ # `InsightNotEnabledException`.
2609
+ #
2610
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightNotEnabledException AWS API Documentation
2611
+ #
2612
+ class InsightNotEnabledException < Aws::EmptyStructure; end
2613
+
2614
+ # A JSON string that contains a list of Insights types that are logged
2615
+ # on a trail.
2616
+ #
2617
+ # @!attribute [rw] insight_type
2618
+ # The type of Insights events to log on a trail. `ApiCallRateInsight`
2619
+ # and `ApiErrorRateInsight` are valid Insight types.
2620
+ #
2621
+ # The `ApiCallRateInsight` Insights type analyzes write-only
2622
+ # management API calls that are aggregated per minute against a
2623
+ # baseline API call volume.
2624
+ #
2625
+ # The `ApiErrorRateInsight` Insights type analyzes management API
2626
+ # calls that result in error codes. The error is shown if the API call
2627
+ # is unsuccessful.
2628
+ # @return [String]
2629
+ #
2630
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
2631
+ #
2632
+ class InsightSelector < Struct.new(
2633
+ :insight_type)
2634
+ SENSITIVE = []
2635
+ include Aws::Structure
2636
+ end
2637
+
2638
+ # This exception is thrown when the IAM identity that is used to create
2639
+ # the organization resource lacks one or more required permissions for
2640
+ # creating an organization resource in a required service.
2641
+ #
2642
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientDependencyServiceAccessPermissionException AWS API Documentation
2643
+ #
2644
+ class InsufficientDependencyServiceAccessPermissionException < Aws::EmptyStructure; end
2645
+
2646
+ # This exception is thrown when the policy on the S3 bucket or KMS key
2647
+ # does not have sufficient permissions for the operation.
2648
+ #
2649
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientEncryptionPolicyException AWS API Documentation
1391
2650
  #
1392
2651
  class InsufficientEncryptionPolicyException < Aws::EmptyStructure; end
1393
2652
 
@@ -1418,6 +2677,19 @@ module Aws::CloudTrail
1418
2677
  #
1419
2678
  class InvalidCloudWatchLogsRoleArnException < Aws::EmptyStructure; end
1420
2679
 
2680
+ # A date range for the query was specified that is not valid. Be sure
2681
+ # that the start time is chronologically before the end time. For more
2682
+ # information about writing a query, see [Create or edit a query][1] in
2683
+ # the *CloudTrail User Guide*.
2684
+ #
2685
+ #
2686
+ #
2687
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-create-edit-query.html
2688
+ #
2689
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidDateRangeException AWS API Documentation
2690
+ #
2691
+ class InvalidDateRangeException < Aws::EmptyStructure; end
2692
+
1421
2693
  # Occurs if an event category that is not valid is specified as a value
1422
2694
  # of `EventCategory`.
1423
2695
  #
@@ -1425,6 +2697,19 @@ module Aws::CloudTrail
1425
2697
  #
1426
2698
  class InvalidEventCategoryException < Aws::EmptyStructure; end
1427
2699
 
2700
+ # This exception is thrown when event categories of specified event data
2701
+ # stores are not valid.
2702
+ #
2703
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidEventDataStoreCategoryException AWS API Documentation
2704
+ #
2705
+ class InvalidEventDataStoreCategoryException < Aws::EmptyStructure; end
2706
+
2707
+ # The event data store is not in a status that supports the operation.
2708
+ #
2709
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidEventDataStoreStatusException AWS API Documentation
2710
+ #
2711
+ class InvalidEventDataStoreStatusException < Aws::EmptyStructure; end
2712
+
1428
2713
  # This exception is thrown when the `PutEventSelectors` operation is
1429
2714
  # called with a number of event selectors, advanced event selectors, or
1430
2715
  # data resources that is not valid. The combination of event selectors
@@ -1456,12 +2741,19 @@ module Aws::CloudTrail
1456
2741
  class InvalidEventSelectorsException < Aws::EmptyStructure; end
1457
2742
 
1458
2743
  # This exception is thrown when an operation is called on a trail from a
1459
- # region other than the region in which the trail was created.
2744
+ # Region other than the Region in which the trail was created.
1460
2745
  #
1461
2746
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidHomeRegionException AWS API Documentation
1462
2747
  #
1463
2748
  class InvalidHomeRegionException < Aws::EmptyStructure; end
1464
2749
 
2750
+ # This exception is thrown when the provided source S3 bucket is not
2751
+ # valid for import.
2752
+ #
2753
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidImportSourceException AWS API Documentation
2754
+ #
2755
+ class InvalidImportSourceException < Aws::EmptyStructure; end
2756
+
1465
2757
  # The formatting or syntax of the `InsightSelectors` JSON statement in
1466
2758
  # your `PutInsightSelectors` or `GetInsightSelectors` request is not
1467
2759
  # valid, or the specified insight type in the `InsightSelectors`
@@ -1504,6 +2796,30 @@ module Aws::CloudTrail
1504
2796
  #
1505
2797
  class InvalidParameterCombinationException < Aws::EmptyStructure; end
1506
2798
 
2799
+ # The request includes a parameter that is not valid.
2800
+ #
2801
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidParameterException AWS API Documentation
2802
+ #
2803
+ class InvalidParameterException < Aws::EmptyStructure; end
2804
+
2805
+ # The query that was submitted has validation errors, or uses incorrect
2806
+ # syntax or unsupported keywords. For more information about writing a
2807
+ # query, see [Create or edit a query][1] in the *CloudTrail User Guide*.
2808
+ #
2809
+ #
2810
+ #
2811
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-create-edit-query.html
2812
+ #
2813
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidQueryStatementException AWS API Documentation
2814
+ #
2815
+ class InvalidQueryStatementException < Aws::EmptyStructure; end
2816
+
2817
+ # The query status is not valid for the operation.
2818
+ #
2819
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidQueryStatusException AWS API Documentation
2820
+ #
2821
+ class InvalidQueryStatusException < Aws::EmptyStructure; end
2822
+
1507
2823
  # This exception is thrown when the provided S3 bucket name is not
1508
2824
  # valid.
1509
2825
  #
@@ -1524,6 +2840,13 @@ module Aws::CloudTrail
1524
2840
  #
1525
2841
  class InvalidSnsTopicNameException < Aws::EmptyStructure; end
1526
2842
 
2843
+ # This exception is thrown when the specified value of `Source` is not
2844
+ # valid.
2845
+ #
2846
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidSourceException AWS API Documentation
2847
+ #
2848
+ class InvalidSourceException < Aws::EmptyStructure; end
2849
+
1527
2850
  # This exception is thrown when the specified tag key or values are not
1528
2851
  # valid. It can also occur if there are duplicate tags or too many tags
1529
2852
  # on the resource.
@@ -1566,7 +2889,7 @@ module Aws::CloudTrail
1566
2889
  class InvalidTrailNameException < Aws::EmptyStructure; end
1567
2890
 
1568
2891
  # This exception is thrown when there is an issue with the specified KMS
1569
- # key and the trail cant be updated.
2892
+ # key and the trail or event data store can't be updated.
1570
2893
  #
1571
2894
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsException AWS API Documentation
1572
2895
  #
@@ -1579,24 +2902,175 @@ module Aws::CloudTrail
1579
2902
  class KmsKeyDisabledException < Aws::EmptyStructure; end
1580
2903
 
1581
2904
  # This exception is thrown when the KMS key does not exist, when the S3
1582
- # bucket and the KMS key are not in the same region, or when the KMS key
2905
+ # bucket and the KMS key are not in the same Region, or when the KMS key
1583
2906
  # associated with the Amazon SNS topic either does not exist or is not
1584
- # in the same region.
2907
+ # in the same Region.
1585
2908
  #
1586
2909
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyNotFoundException AWS API Documentation
1587
2910
  #
1588
2911
  class KmsKeyNotFoundException < Aws::EmptyStructure; end
1589
2912
 
1590
- # Requests the public keys for a specified time range.
2913
+ # @!attribute [rw] max_results
2914
+ # The maximum number of CloudTrail channels to display on a single
2915
+ # page.
2916
+ # @return [Integer]
2917
+ #
2918
+ # @!attribute [rw] next_token
2919
+ # The token to use to get the next page of results after a previous
2920
+ # API call. This token must be passed in with the same parameters that
2921
+ # were specified in the original call. For example, if the original
2922
+ # call specified an AttributeKey of 'Username' with a value of
2923
+ # 'root', the call with NextToken should include those same
2924
+ # parameters.
2925
+ # @return [String]
2926
+ #
2927
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListChannelsRequest AWS API Documentation
2928
+ #
2929
+ class ListChannelsRequest < Struct.new(
2930
+ :max_results,
2931
+ :next_token)
2932
+ SENSITIVE = []
2933
+ include Aws::Structure
2934
+ end
2935
+
2936
+ # @!attribute [rw] channels
2937
+ # The list of channels in the account.
2938
+ # @return [Array<Types::Channel>]
1591
2939
  #
1592
- # @note When making an API call, you may pass ListPublicKeysRequest
1593
- # data as a hash:
2940
+ # @!attribute [rw] next_token
2941
+ # The token to use to get the next page of results after a previous
2942
+ # API call.
2943
+ # @return [String]
2944
+ #
2945
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListChannelsResponse AWS API Documentation
2946
+ #
2947
+ class ListChannelsResponse < Struct.new(
2948
+ :channels,
2949
+ :next_token)
2950
+ SENSITIVE = []
2951
+ include Aws::Structure
2952
+ end
2953
+
2954
+ # @!attribute [rw] next_token
2955
+ # A token you can use to get the next page of event data store
2956
+ # results.
2957
+ # @return [String]
2958
+ #
2959
+ # @!attribute [rw] max_results
2960
+ # The maximum number of event data stores to display on a single page.
2961
+ # @return [Integer]
2962
+ #
2963
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListEventDataStoresRequest AWS API Documentation
2964
+ #
2965
+ class ListEventDataStoresRequest < Struct.new(
2966
+ :next_token,
2967
+ :max_results)
2968
+ SENSITIVE = []
2969
+ include Aws::Structure
2970
+ end
2971
+
2972
+ # @!attribute [rw] event_data_stores
2973
+ # Contains information about event data stores in the account, in the
2974
+ # current Region.
2975
+ # @return [Array<Types::EventDataStore>]
2976
+ #
2977
+ # @!attribute [rw] next_token
2978
+ # A token you can use to get the next page of results.
2979
+ # @return [String]
2980
+ #
2981
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListEventDataStoresResponse AWS API Documentation
2982
+ #
2983
+ class ListEventDataStoresResponse < Struct.new(
2984
+ :event_data_stores,
2985
+ :next_token)
2986
+ SENSITIVE = []
2987
+ include Aws::Structure
2988
+ end
2989
+
2990
+ # @!attribute [rw] import_id
2991
+ # The ID of the import.
2992
+ # @return [String]
2993
+ #
2994
+ # @!attribute [rw] max_results
2995
+ # The maximum number of failures to display on a single page.
2996
+ # @return [Integer]
2997
+ #
2998
+ # @!attribute [rw] next_token
2999
+ # A token you can use to get the next page of import failures.
3000
+ # @return [String]
3001
+ #
3002
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListImportFailuresRequest AWS API Documentation
3003
+ #
3004
+ class ListImportFailuresRequest < Struct.new(
3005
+ :import_id,
3006
+ :max_results,
3007
+ :next_token)
3008
+ SENSITIVE = []
3009
+ include Aws::Structure
3010
+ end
3011
+
3012
+ # @!attribute [rw] failures
3013
+ # Contains information about the import failures.
3014
+ # @return [Array<Types::ImportFailureListItem>]
3015
+ #
3016
+ # @!attribute [rw] next_token
3017
+ # A token you can use to get the next page of results.
3018
+ # @return [String]
3019
+ #
3020
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListImportFailuresResponse AWS API Documentation
3021
+ #
3022
+ class ListImportFailuresResponse < Struct.new(
3023
+ :failures,
3024
+ :next_token)
3025
+ SENSITIVE = []
3026
+ include Aws::Structure
3027
+ end
3028
+
3029
+ # @!attribute [rw] max_results
3030
+ # The maximum number of imports to display on a single page.
3031
+ # @return [Integer]
3032
+ #
3033
+ # @!attribute [rw] destination
3034
+ # The ARN of the destination event data store.
3035
+ # @return [String]
3036
+ #
3037
+ # @!attribute [rw] import_status
3038
+ # The status of the import.
3039
+ # @return [String]
3040
+ #
3041
+ # @!attribute [rw] next_token
3042
+ # A token you can use to get the next page of import results.
3043
+ # @return [String]
3044
+ #
3045
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListImportsRequest AWS API Documentation
3046
+ #
3047
+ class ListImportsRequest < Struct.new(
3048
+ :max_results,
3049
+ :destination,
3050
+ :import_status,
3051
+ :next_token)
3052
+ SENSITIVE = []
3053
+ include Aws::Structure
3054
+ end
3055
+
3056
+ # @!attribute [rw] imports
3057
+ # The list of returned imports.
3058
+ # @return [Array<Types::ImportsListItem>]
3059
+ #
3060
+ # @!attribute [rw] next_token
3061
+ # A token you can use to get the next page of import results.
3062
+ # @return [String]
1594
3063
  #
1595
- # {
1596
- # start_time: Time.now,
1597
- # end_time: Time.now,
1598
- # next_token: "String",
1599
- # }
3064
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListImportsResponse AWS API Documentation
3065
+ #
3066
+ class ListImportsResponse < Struct.new(
3067
+ :imports,
3068
+ :next_token)
3069
+ SENSITIVE = []
3070
+ include Aws::Structure
3071
+ end
3072
+
3073
+ # Requests the public keys for a specified time range.
1600
3074
  #
1601
3075
  # @!attribute [rw] start_time
1602
3076
  # Optionally specifies, in UTC, the start of the time range to look up
@@ -1648,21 +3122,80 @@ module Aws::CloudTrail
1648
3122
  include Aws::Structure
1649
3123
  end
1650
3124
 
1651
- # Specifies a list of trail tags to return.
3125
+ # @!attribute [rw] event_data_store
3126
+ # The ARN (or the ID suffix of the ARN) of an event data store on
3127
+ # which queries were run.
3128
+ # @return [String]
3129
+ #
3130
+ # @!attribute [rw] next_token
3131
+ # A token you can use to get the next page of results.
3132
+ # @return [String]
3133
+ #
3134
+ # @!attribute [rw] max_results
3135
+ # The maximum number of queries to show on a page.
3136
+ # @return [Integer]
3137
+ #
3138
+ # @!attribute [rw] start_time
3139
+ # Use with `EndTime` to bound a `ListQueries` request, and limit its
3140
+ # results to only those queries run within a specified time period.
3141
+ # @return [Time]
3142
+ #
3143
+ # @!attribute [rw] end_time
3144
+ # Use with `StartTime` to bound a `ListQueries` request, and limit its
3145
+ # results to only those queries run within a specified time period.
3146
+ # @return [Time]
3147
+ #
3148
+ # @!attribute [rw] query_status
3149
+ # The status of queries that you want to return in results. Valid
3150
+ # values for `QueryStatus` include `QUEUED`, `RUNNING`, `FINISHED`,
3151
+ # `FAILED`, `TIMED_OUT`, or `CANCELLED`.
3152
+ # @return [String]
3153
+ #
3154
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListQueriesRequest AWS API Documentation
3155
+ #
3156
+ class ListQueriesRequest < Struct.new(
3157
+ :event_data_store,
3158
+ :next_token,
3159
+ :max_results,
3160
+ :start_time,
3161
+ :end_time,
3162
+ :query_status)
3163
+ SENSITIVE = []
3164
+ include Aws::Structure
3165
+ end
3166
+
3167
+ # @!attribute [rw] queries
3168
+ # Lists matching query results, and shows query ID, status, and
3169
+ # creation time of each query.
3170
+ # @return [Array<Types::Query>]
3171
+ #
3172
+ # @!attribute [rw] next_token
3173
+ # A token you can use to get the next page of results.
3174
+ # @return [String]
1652
3175
  #
1653
- # @note When making an API call, you may pass ListTagsRequest
1654
- # data as a hash:
3176
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListQueriesResponse AWS API Documentation
1655
3177
  #
1656
- # {
1657
- # resource_id_list: ["String"], # required
1658
- # next_token: "String",
1659
- # }
3178
+ class ListQueriesResponse < Struct.new(
3179
+ :queries,
3180
+ :next_token)
3181
+ SENSITIVE = []
3182
+ include Aws::Structure
3183
+ end
3184
+
3185
+ # Specifies a list of tags to return.
1660
3186
  #
1661
3187
  # @!attribute [rw] resource_id_list
1662
- # Specifies a list of trail ARNs whose tags will be listed. The list
1663
- # has a limit of 20 ARNs. The following is the format of a trail ARN.
3188
+ # Specifies a list of trail, event data store, or channel ARNs whose
3189
+ # tags will be listed. The list has a limit of 20 ARNs.
1664
3190
  #
3191
+ # Example trail ARN format:
1665
3192
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
3193
+ #
3194
+ # Example event data store ARN format:
3195
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
3196
+ #
3197
+ # Example channel ARN format:
3198
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
1666
3199
  # @return [Array<String>]
1667
3200
  #
1668
3201
  # @!attribute [rw] next_token
@@ -1698,19 +3231,12 @@ module Aws::CloudTrail
1698
3231
  include Aws::Structure
1699
3232
  end
1700
3233
 
1701
- # @note When making an API call, you may pass ListTrailsRequest
1702
- # data as a hash:
1703
- #
1704
- # {
1705
- # next_token: "String",
1706
- # }
1707
- #
1708
3234
  # @!attribute [rw] next_token
1709
3235
  # The token to use to get the next page of results after a previous
1710
3236
  # API call. This token must be passed in with the same parameters that
1711
- # were specified in the the original call. For example, if the
1712
- # original call specified an AttributeKey of 'Username' with a value
1713
- # of 'root', the call with NextToken should include those same
3237
+ # were specified in the original call. For example, if the original
3238
+ # call specified an AttributeKey of 'Username' with a value of
3239
+ # 'root', the call with NextToken should include those same
1714
3240
  # parameters.
1715
3241
  # @return [String]
1716
3242
  #
@@ -1723,7 +3249,7 @@ module Aws::CloudTrail
1723
3249
  end
1724
3250
 
1725
3251
  # @!attribute [rw] trails
1726
- # Returns the name, ARN, and home region of trails in the current
3252
+ # Returns the name, ARN, and home Region of trails in the current
1727
3253
  # account.
1728
3254
  # @return [Array<Types::TrailInfo>]
1729
3255
  #
@@ -1747,14 +3273,6 @@ module Aws::CloudTrail
1747
3273
 
1748
3274
  # Specifies an attribute and value that filter the events returned.
1749
3275
  #
1750
- # @note When making an API call, you may pass LookupAttribute
1751
- # data as a hash:
1752
- #
1753
- # {
1754
- # attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
1755
- # attribute_value: "String", # required
1756
- # }
1757
- #
1758
3276
  # @!attribute [rw] attribute_key
1759
3277
  # Specifies an attribute on which to filter the events returned.
1760
3278
  # @return [String]
@@ -1774,23 +3292,6 @@ module Aws::CloudTrail
1774
3292
 
1775
3293
  # Contains a request for LookupEvents.
1776
3294
  #
1777
- # @note When making an API call, you may pass LookupEventsRequest
1778
- # data as a hash:
1779
- #
1780
- # {
1781
- # lookup_attributes: [
1782
- # {
1783
- # attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
1784
- # attribute_value: "String", # required
1785
- # },
1786
- # ],
1787
- # start_time: Time.now,
1788
- # end_time: Time.now,
1789
- # event_category: "insight", # accepts insight
1790
- # max_results: 1,
1791
- # next_token: "NextToken",
1792
- # }
1793
- #
1794
3295
  # @!attribute [rw] lookup_attributes
1795
3296
  # Contains a list of lookup attributes. Currently the list can contain
1796
3297
  # only one item.
@@ -1823,9 +3324,9 @@ module Aws::CloudTrail
1823
3324
  # @!attribute [rw] next_token
1824
3325
  # The token to use to get the next page of results after a previous
1825
3326
  # API call. This token must be passed in with the same parameters that
1826
- # were specified in the the original call. For example, if the
1827
- # original call specified an AttributeKey of 'Username' with a value
1828
- # of 'root', the call with NextToken should include those same
3327
+ # were specified in the original call. For example, if the original
3328
+ # call specified an AttributeKey of 'Username' with a value of
3329
+ # 'root', the call with NextToken should include those same
1829
3330
  # parameters.
1830
3331
  # @return [String]
1831
3332
  #
@@ -1868,21 +3369,44 @@ module Aws::CloudTrail
1868
3369
  include Aws::Structure
1869
3370
  end
1870
3371
 
3372
+ # You are already running the maximum number of concurrent queries. The
3373
+ # maximum number of concurrent queries is 10. Wait a minute for some
3374
+ # queries to finish, and then run the query again.
3375
+ #
3376
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/MaxConcurrentQueriesException AWS API Documentation
3377
+ #
3378
+ class MaxConcurrentQueriesException < Aws::EmptyStructure; end
3379
+
1871
3380
  # This exception is thrown when the maximum number of trails is reached.
1872
3381
  #
1873
3382
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/MaximumNumberOfTrailsExceededException AWS API Documentation
1874
3383
  #
1875
3384
  class MaximumNumberOfTrailsExceededException < Aws::EmptyStructure; end
1876
3385
 
1877
- # This exception is thrown when the Amazon Web Services account making
1878
- # the request to create or update an organization trail is not the
1879
- # management account for an organization in Organizations. For more
1880
- # information, see [Prepare For Creating a Trail For Your
1881
- # Organization][1].
3386
+ # This exception is thrown when the management account does not have a
3387
+ # service-linked role.
1882
3388
  #
3389
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/NoManagementAccountSLRExistsException AWS API Documentation
1883
3390
  #
3391
+ class NoManagementAccountSLRExistsException < Aws::EmptyStructure; end
3392
+
3393
+ # This exception is thrown when the account making the request is not
3394
+ # the organization's management account.
1884
3395
  #
1885
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
3396
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/NotOrganizationManagementAccountException AWS API Documentation
3397
+ #
3398
+ class NotOrganizationManagementAccountException < Aws::EmptyStructure; end
3399
+
3400
+ # This exception is thrown when the Amazon Web Services account making
3401
+ # the request to create or update an organization trail or event data
3402
+ # store is not the management account for an organization in
3403
+ # Organizations. For more information, see [Prepare For Creating a Trail
3404
+ # For Your Organization][1] or [Create an event data store][2].
3405
+ #
3406
+ #
3407
+ #
3408
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
3409
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html
1886
3410
  #
1887
3411
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/NotOrganizationMasterAccountException AWS API Documentation
1888
3412
  #
@@ -1897,12 +3421,7 @@ module Aws::CloudTrail
1897
3421
 
1898
3422
  # This exception is thrown when Organizations is not configured to
1899
3423
  # support all features. All features must be enabled in Organizations to
1900
- # support creating an organization trail. For more information, see
1901
- # [Prepare For Creating a Trail For Your Organization][1].
1902
- #
1903
- #
1904
- #
1905
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
3424
+ # support creating an organization trail or event data store.
1906
3425
  #
1907
3426
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/OrganizationNotInAllFeaturesModeException AWS API Documentation
1908
3427
  #
@@ -1946,42 +3465,6 @@ module Aws::CloudTrail
1946
3465
  include Aws::Structure
1947
3466
  end
1948
3467
 
1949
- # @note When making an API call, you may pass PutEventSelectorsRequest
1950
- # data as a hash:
1951
- #
1952
- # {
1953
- # trail_name: "String", # required
1954
- # event_selectors: [
1955
- # {
1956
- # read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
1957
- # include_management_events: false,
1958
- # data_resources: [
1959
- # {
1960
- # type: "String",
1961
- # values: ["String"],
1962
- # },
1963
- # ],
1964
- # exclude_management_event_sources: ["String"],
1965
- # },
1966
- # ],
1967
- # advanced_event_selectors: [
1968
- # {
1969
- # name: "SelectorName",
1970
- # field_selectors: [ # required
1971
- # {
1972
- # field: "SelectorField", # required
1973
- # equals: ["OperatorValue"],
1974
- # starts_with: ["OperatorValue"],
1975
- # ends_with: ["OperatorValue"],
1976
- # not_equals: ["OperatorValue"],
1977
- # not_starts_with: ["OperatorValue"],
1978
- # not_ends_with: ["OperatorValue"],
1979
- # },
1980
- # ],
1981
- # },
1982
- # ],
1983
- # }
1984
- #
1985
3468
  # @!attribute [rw] trail_name
1986
3469
  # Specifies the name of the trail or trail ARN. If you specify a trail
1987
3470
  # name, the string must meet the following requirements:
@@ -2020,8 +3503,8 @@ module Aws::CloudTrail
2020
3503
  # `EventSelectors`, but not both. If you apply
2021
3504
  # `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
2022
3505
  # are overwritten. For more information about advanced event
2023
- # selectors, see [Logging data events for trails][1] in the
2024
- # *CloudTrail User Guide*.
3506
+ # selectors, see [Logging data events][1] in the *CloudTrail User
3507
+ # Guide*.
2025
3508
  #
2026
3509
  #
2027
3510
  #
@@ -2063,89 +3546,621 @@ module Aws::CloudTrail
2063
3546
  include Aws::Structure
2064
3547
  end
2065
3548
 
2066
- # @note When making an API call, you may pass PutInsightSelectorsRequest
2067
- # data as a hash:
3549
+ # @!attribute [rw] trail_name
3550
+ # The name of the CloudTrail trail for which you want to change or add
3551
+ # Insights selectors.
3552
+ # @return [String]
3553
+ #
3554
+ # @!attribute [rw] insight_selectors
3555
+ # A JSON string that contains the insight types you want to log on a
3556
+ # trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
3557
+ # Insight types.
3558
+ #
3559
+ # The `ApiCallRateInsight` Insights type analyzes write-only
3560
+ # management API calls that are aggregated per minute against a
3561
+ # baseline API call volume.
3562
+ #
3563
+ # The `ApiErrorRateInsight` Insights type analyzes management API
3564
+ # calls that result in error codes. The error is shown if the API call
3565
+ # is unsuccessful.
3566
+ # @return [Array<Types::InsightSelector>]
3567
+ #
3568
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
3569
+ #
3570
+ class PutInsightSelectorsRequest < Struct.new(
3571
+ :trail_name,
3572
+ :insight_selectors)
3573
+ SENSITIVE = []
3574
+ include Aws::Structure
3575
+ end
3576
+
3577
+ # @!attribute [rw] trail_arn
3578
+ # The Amazon Resource Name (ARN) of a trail for which you want to
3579
+ # change or add Insights selectors.
3580
+ # @return [String]
3581
+ #
3582
+ # @!attribute [rw] insight_selectors
3583
+ # A JSON string that contains the Insights event types that you want
3584
+ # to log on a trail. The valid Insights types in this release are
3585
+ # `ApiErrorRateInsight` and `ApiCallRateInsight`.
3586
+ # @return [Array<Types::InsightSelector>]
3587
+ #
3588
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
3589
+ #
3590
+ class PutInsightSelectorsResponse < Struct.new(
3591
+ :trail_arn,
3592
+ :insight_selectors)
3593
+ SENSITIVE = []
3594
+ include Aws::Structure
3595
+ end
3596
+
3597
+ # @!attribute [rw] resource_arn
3598
+ # The Amazon Resource Name (ARN) of the CloudTrail channel attached to
3599
+ # the resource-based policy. The following is the format of a resource
3600
+ # ARN: `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
3601
+ # @return [String]
3602
+ #
3603
+ # @!attribute [rw] resource_policy
3604
+ # A JSON-formatted string for an Amazon Web Services resource-based
3605
+ # policy.
3606
+ #
3607
+ # The following are requirements for the resource policy:
3608
+ #
3609
+ # * Contains only one action: cloudtrail-data:PutAuditEvents
3610
+ #
3611
+ # * Contains at least one statement. The policy can have a maximum of
3612
+ # 20 statements.
3613
+ #
3614
+ # * Each statement contains at least one principal. A statement can
3615
+ # have a maximum of 50 principals.
3616
+ # @return [String]
3617
+ #
3618
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutResourcePolicyRequest AWS API Documentation
3619
+ #
3620
+ class PutResourcePolicyRequest < Struct.new(
3621
+ :resource_arn,
3622
+ :resource_policy)
3623
+ SENSITIVE = []
3624
+ include Aws::Structure
3625
+ end
3626
+
3627
+ # @!attribute [rw] resource_arn
3628
+ # The Amazon Resource Name (ARN) of the CloudTrail channel attached to
3629
+ # the resource-based policy.
3630
+ # @return [String]
3631
+ #
3632
+ # @!attribute [rw] resource_policy
3633
+ # The JSON-formatted string of the Amazon Web Services resource-based
3634
+ # policy attached to the CloudTrail channel.
3635
+ # @return [String]
3636
+ #
3637
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutResourcePolicyResponse AWS API Documentation
3638
+ #
3639
+ class PutResourcePolicyResponse < Struct.new(
3640
+ :resource_arn,
3641
+ :resource_policy)
3642
+ SENSITIVE = []
3643
+ include Aws::Structure
3644
+ end
3645
+
3646
+ # A SQL string of criteria about events that you want to collect in an
3647
+ # event data store.
3648
+ #
3649
+ # @!attribute [rw] query_id
3650
+ # The ID of a query.
3651
+ # @return [String]
3652
+ #
3653
+ # @!attribute [rw] query_status
3654
+ # The status of the query. This can be `QUEUED`, `RUNNING`,
3655
+ # `FINISHED`, `FAILED`, `TIMED_OUT`, or `CANCELLED`.
3656
+ # @return [String]
3657
+ #
3658
+ # @!attribute [rw] creation_time
3659
+ # The creation time of a query.
3660
+ # @return [Time]
3661
+ #
3662
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/Query AWS API Documentation
3663
+ #
3664
+ class Query < Struct.new(
3665
+ :query_id,
3666
+ :query_status,
3667
+ :creation_time)
3668
+ SENSITIVE = []
3669
+ include Aws::Structure
3670
+ end
3671
+
3672
+ # The query ID does not exist or does not map to a query.
3673
+ #
3674
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/QueryIdNotFoundException AWS API Documentation
3675
+ #
3676
+ class QueryIdNotFoundException < Aws::EmptyStructure; end
3677
+
3678
+ # Metadata about a query, such as the number of results.
3679
+ #
3680
+ # @!attribute [rw] results_count
3681
+ # The number of results returned.
3682
+ # @return [Integer]
3683
+ #
3684
+ # @!attribute [rw] total_results_count
3685
+ # The total number of results returned by a query.
3686
+ # @return [Integer]
3687
+ #
3688
+ # @!attribute [rw] bytes_scanned
3689
+ # The total bytes that the query scanned in the event data store. This
3690
+ # value matches the number of bytes for which your account is billed
3691
+ # for the query, unless the query is still running.
3692
+ # @return [Integer]
3693
+ #
3694
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/QueryStatistics AWS API Documentation
3695
+ #
3696
+ class QueryStatistics < Struct.new(
3697
+ :results_count,
3698
+ :total_results_count,
3699
+ :bytes_scanned)
3700
+ SENSITIVE = []
3701
+ include Aws::Structure
3702
+ end
3703
+
3704
+ # Gets metadata about a query, including the number of events that were
3705
+ # matched, the total number of events scanned, the query run time in
3706
+ # milliseconds, and the query's creation time.
3707
+ #
3708
+ # @!attribute [rw] events_matched
3709
+ # The number of events that matched a query.
3710
+ # @return [Integer]
3711
+ #
3712
+ # @!attribute [rw] events_scanned
3713
+ # The number of events that the query scanned in the event data store.
3714
+ # @return [Integer]
3715
+ #
3716
+ # @!attribute [rw] bytes_scanned
3717
+ # The total bytes that the query scanned in the event data store. This
3718
+ # value matches the number of bytes for which your account is billed
3719
+ # for the query, unless the query is still running.
3720
+ # @return [Integer]
3721
+ #
3722
+ # @!attribute [rw] execution_time_in_millis
3723
+ # The query's run time, in milliseconds.
3724
+ # @return [Integer]
3725
+ #
3726
+ # @!attribute [rw] creation_time
3727
+ # The creation time of the query.
3728
+ # @return [Time]
3729
+ #
3730
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/QueryStatisticsForDescribeQuery AWS API Documentation
3731
+ #
3732
+ class QueryStatisticsForDescribeQuery < Struct.new(
3733
+ :events_matched,
3734
+ :events_scanned,
3735
+ :bytes_scanned,
3736
+ :execution_time_in_millis,
3737
+ :creation_time)
3738
+ SENSITIVE = []
3739
+ include Aws::Structure
3740
+ end
3741
+
3742
+ # Specifies an organization member account ID as a CloudTrail delegated
3743
+ # administrator.
3744
+ #
3745
+ # @!attribute [rw] member_account_id
3746
+ # An organization member account ID that you want to designate as a
3747
+ # delegated administrator.
3748
+ # @return [String]
3749
+ #
3750
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RegisterOrganizationDelegatedAdminRequest AWS API Documentation
3751
+ #
3752
+ class RegisterOrganizationDelegatedAdminRequest < Struct.new(
3753
+ :member_account_id)
3754
+ SENSITIVE = []
3755
+ include Aws::Structure
3756
+ end
3757
+
3758
+ # Returns the following response if successful. Otherwise, returns an
3759
+ # error.
3760
+ #
3761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RegisterOrganizationDelegatedAdminResponse AWS API Documentation
3762
+ #
3763
+ class RegisterOrganizationDelegatedAdminResponse < Aws::EmptyStructure; end
3764
+
3765
+ # Specifies the tags to remove from a trail, event data store, or
3766
+ # channel.
3767
+ #
3768
+ # @!attribute [rw] resource_id
3769
+ # Specifies the ARN of the trail, event data store, or channel from
3770
+ # which tags should be removed.
3771
+ #
3772
+ # Example trail ARN format:
3773
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
3774
+ #
3775
+ # Example event data store ARN format:
3776
+ # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
3777
+ #
3778
+ # Example channel ARN format:
3779
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890`
3780
+ # @return [String]
3781
+ #
3782
+ # @!attribute [rw] tags_list
3783
+ # Specifies a list of tags to be removed.
3784
+ # @return [Array<Types::Tag>]
3785
+ #
3786
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RemoveTagsRequest AWS API Documentation
3787
+ #
3788
+ class RemoveTagsRequest < Struct.new(
3789
+ :resource_id,
3790
+ :tags_list)
3791
+ SENSITIVE = []
3792
+ include Aws::Structure
3793
+ end
3794
+
3795
+ # Returns the objects or data listed below if successful. Otherwise,
3796
+ # returns an error.
3797
+ #
3798
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RemoveTagsResponse AWS API Documentation
3799
+ #
3800
+ class RemoveTagsResponse < Aws::EmptyStructure; end
3801
+
3802
+ # Specifies the type and name of a resource referenced by an event.
3803
+ #
3804
+ # @!attribute [rw] resource_type
3805
+ # The type of a resource referenced by the event returned. When the
3806
+ # resource type cannot be determined, null is returned. Some examples
3807
+ # of resource types are: **Instance** for EC2, **Trail** for
3808
+ # CloudTrail, **DBInstance** for Amazon RDS, and **AccessKey** for
3809
+ # IAM. To learn more about how to look up and filter events by the
3810
+ # resource types supported for a service, see [Filtering CloudTrail
3811
+ # Events][1].
3812
+ #
3813
+ #
3814
+ #
3815
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events
3816
+ # @return [String]
3817
+ #
3818
+ # @!attribute [rw] resource_name
3819
+ # The name of the resource referenced by the event returned. These are
3820
+ # user-created names whose values will depend on the environment. For
3821
+ # example, the resource name might be "auto-scaling-test-group" for
3822
+ # an Auto Scaling Group or "i-1234567" for an EC2 Instance.
3823
+ # @return [String]
3824
+ #
3825
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/Resource AWS API Documentation
3826
+ #
3827
+ class Resource < Struct.new(
3828
+ :resource_type,
3829
+ :resource_name)
3830
+ SENSITIVE = []
3831
+ include Aws::Structure
3832
+ end
3833
+
3834
+ # This exception is thrown when the provided resource does not exist, or
3835
+ # the ARN format of the resource is not valid. The following is the
3836
+ # valid format for a resource ARN:
3837
+ # `arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel`.
3838
+ #
3839
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceARNNotValidException AWS API Documentation
3840
+ #
3841
+ class ResourceARNNotValidException < Aws::EmptyStructure; end
3842
+
3843
+ # This exception is thrown when the specified resource is not found.
3844
+ #
3845
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceNotFoundException AWS API Documentation
3846
+ #
3847
+ class ResourceNotFoundException < Aws::EmptyStructure; end
3848
+
3849
+ # This exception is thrown when the specified resource policy is not
3850
+ # found.
3851
+ #
3852
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourcePolicyNotFoundException AWS API Documentation
3853
+ #
3854
+ class ResourcePolicyNotFoundException < Aws::EmptyStructure; end
3855
+
3856
+ # This exception is thrown when the resouce-based policy has syntax
3857
+ # errors, or contains a principal that is not valid.
3858
+ #
3859
+ # The following are requirements for the resource policy:
3860
+ #
3861
+ # * Contains only one action: cloudtrail-data:PutAuditEvents
3862
+ #
3863
+ # * Contains at least one statement. The policy can have a maximum of 20
3864
+ # statements.
3865
+ #
3866
+ # * Each statement contains at least one principal. A statement can have
3867
+ # a maximum of 50 principals.
3868
+ #
3869
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourcePolicyNotValidException AWS API Documentation
3870
+ #
3871
+ class ResourcePolicyNotValidException < Aws::EmptyStructure; end
3872
+
3873
+ # A resource tag.
3874
+ #
3875
+ # @!attribute [rw] resource_id
3876
+ # Specifies the ARN of the resource.
3877
+ # @return [String]
3878
+ #
3879
+ # @!attribute [rw] tags_list
3880
+ # A list of tags.
3881
+ # @return [Array<Types::Tag>]
3882
+ #
3883
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceTag AWS API Documentation
3884
+ #
3885
+ class ResourceTag < Struct.new(
3886
+ :resource_id,
3887
+ :tags_list)
3888
+ SENSITIVE = []
3889
+ include Aws::Structure
3890
+ end
3891
+
3892
+ # This exception is thrown when the specified resource type is not
3893
+ # supported by CloudTrail.
3894
+ #
3895
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceTypeNotSupportedException AWS API Documentation
3896
+ #
3897
+ class ResourceTypeNotSupportedException < Aws::EmptyStructure; end
3898
+
3899
+ # @!attribute [rw] event_data_store
3900
+ # The ARN (or the ID suffix of the ARN) of the event data store that
3901
+ # you want to restore.
3902
+ # @return [String]
3903
+ #
3904
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RestoreEventDataStoreRequest AWS API Documentation
3905
+ #
3906
+ class RestoreEventDataStoreRequest < Struct.new(
3907
+ :event_data_store)
3908
+ SENSITIVE = []
3909
+ include Aws::Structure
3910
+ end
3911
+
3912
+ # @!attribute [rw] event_data_store_arn
3913
+ # The event data store ARN.
3914
+ # @return [String]
3915
+ #
3916
+ # @!attribute [rw] name
3917
+ # The name of the event data store.
3918
+ # @return [String]
3919
+ #
3920
+ # @!attribute [rw] status
3921
+ # The status of the event data store.
3922
+ # @return [String]
3923
+ #
3924
+ # @!attribute [rw] advanced_event_selectors
3925
+ # The advanced event selectors that were used to select events.
3926
+ # @return [Array<Types::AdvancedEventSelector>]
3927
+ #
3928
+ # @!attribute [rw] multi_region_enabled
3929
+ # Indicates whether the event data store is collecting events from all
3930
+ # Regions, or only from the Region in which the event data store was
3931
+ # created.
3932
+ # @return [Boolean]
3933
+ #
3934
+ # @!attribute [rw] organization_enabled
3935
+ # Indicates whether an event data store is collecting logged events
3936
+ # for an organization in Organizations.
3937
+ # @return [Boolean]
3938
+ #
3939
+ # @!attribute [rw] retention_period
3940
+ # The retention period, in days.
3941
+ # @return [Integer]
3942
+ #
3943
+ # @!attribute [rw] termination_protection_enabled
3944
+ # Indicates that termination protection is enabled and the event data
3945
+ # store cannot be automatically deleted.
3946
+ # @return [Boolean]
3947
+ #
3948
+ # @!attribute [rw] created_timestamp
3949
+ # The timestamp of an event data store's creation.
3950
+ # @return [Time]
3951
+ #
3952
+ # @!attribute [rw] updated_timestamp
3953
+ # The timestamp that shows when an event data store was updated, if
3954
+ # applicable. `UpdatedTimestamp` is always either the same or newer
3955
+ # than the time shown in `CreatedTimestamp`.
3956
+ # @return [Time]
3957
+ #
3958
+ # @!attribute [rw] kms_key_id
3959
+ # Specifies the KMS key ID that encrypts the events delivered by
3960
+ # CloudTrail. The value is a fully specified ARN to a KMS key in the
3961
+ # following format.
3962
+ #
3963
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
3964
+ # @return [String]
3965
+ #
3966
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RestoreEventDataStoreResponse AWS API Documentation
3967
+ #
3968
+ class RestoreEventDataStoreResponse < Struct.new(
3969
+ :event_data_store_arn,
3970
+ :name,
3971
+ :status,
3972
+ :advanced_event_selectors,
3973
+ :multi_region_enabled,
3974
+ :organization_enabled,
3975
+ :retention_period,
3976
+ :termination_protection_enabled,
3977
+ :created_timestamp,
3978
+ :updated_timestamp,
3979
+ :kms_key_id)
3980
+ SENSITIVE = []
3981
+ include Aws::Structure
3982
+ end
3983
+
3984
+ # This exception is thrown when the specified S3 bucket does not exist.
3985
+ #
3986
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/S3BucketDoesNotExistException AWS API Documentation
3987
+ #
3988
+ class S3BucketDoesNotExistException < Aws::EmptyStructure; end
3989
+
3990
+ # The settings for the source S3 bucket.
3991
+ #
3992
+ # @!attribute [rw] s3_location_uri
3993
+ # The URI for the source S3 bucket.
3994
+ # @return [String]
3995
+ #
3996
+ # @!attribute [rw] s3_bucket_region
3997
+ # The Region associated with the source S3 bucket.
3998
+ # @return [String]
3999
+ #
4000
+ # @!attribute [rw] s3_bucket_access_role_arn
4001
+ # The IAM ARN role used to access the source S3 bucket.
4002
+ # @return [String]
4003
+ #
4004
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/S3ImportSource AWS API Documentation
4005
+ #
4006
+ class S3ImportSource < Struct.new(
4007
+ :s3_location_uri,
4008
+ :s3_bucket_region,
4009
+ :s3_bucket_access_role_arn)
4010
+ SENSITIVE = []
4011
+ include Aws::Structure
4012
+ end
4013
+
4014
+ # Contains configuration information about the channel.
4015
+ #
4016
+ # @!attribute [rw] apply_to_all_regions
4017
+ # Specifies whether the channel applies to a single Region or to all
4018
+ # Regions.
4019
+ # @return [Boolean]
4020
+ #
4021
+ # @!attribute [rw] advanced_event_selectors
4022
+ # The advanced event selectors that are configured for the channel.
4023
+ # @return [Array<Types::AdvancedEventSelector>]
4024
+ #
4025
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/SourceConfig AWS API Documentation
4026
+ #
4027
+ class SourceConfig < Struct.new(
4028
+ :apply_to_all_regions,
4029
+ :advanced_event_selectors)
4030
+ SENSITIVE = []
4031
+ include Aws::Structure
4032
+ end
4033
+
4034
+ # @!attribute [rw] event_data_store
4035
+ # The ARN (or ID suffix of the ARN) of the event data store for which
4036
+ # you want to start ingestion.
4037
+ # @return [String]
4038
+ #
4039
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartEventDataStoreIngestionRequest AWS API Documentation
4040
+ #
4041
+ class StartEventDataStoreIngestionRequest < Struct.new(
4042
+ :event_data_store)
4043
+ SENSITIVE = []
4044
+ include Aws::Structure
4045
+ end
4046
+
4047
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartEventDataStoreIngestionResponse AWS API Documentation
4048
+ #
4049
+ class StartEventDataStoreIngestionResponse < Aws::EmptyStructure; end
4050
+
4051
+ # @!attribute [rw] destinations
4052
+ # The ARN of the destination event data store. Use this parameter for
4053
+ # a new import.
4054
+ # @return [Array<String>]
4055
+ #
4056
+ # @!attribute [rw] import_source
4057
+ # The source S3 bucket for the import. Use this parameter for a new
4058
+ # import.
4059
+ # @return [Types::ImportSource]
4060
+ #
4061
+ # @!attribute [rw] start_event_time
4062
+ # Use with `EndEventTime` to bound a `StartImport` request, and limit
4063
+ # imported trail events to only those events logged within a specified
4064
+ # time period. When you specify a time range, CloudTrail checks the
4065
+ # prefix and log file names to verify the names contain a date between
4066
+ # the specified `StartEventTime` and `EndEventTime` before attempting
4067
+ # to import events.
4068
+ # @return [Time]
2068
4069
  #
2069
- # {
2070
- # trail_name: "String", # required
2071
- # insight_selectors: [ # required
2072
- # {
2073
- # insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight, ApiErrorRateInsight
2074
- # },
2075
- # ],
2076
- # }
4070
+ # @!attribute [rw] end_event_time
4071
+ # Use with `StartEventTime` to bound a `StartImport` request, and
4072
+ # limit imported trail events to only those events logged within a
4073
+ # specified time period. When you specify a time range, CloudTrail
4074
+ # checks the prefix and log file names to verify the names contain a
4075
+ # date between the specified `StartEventTime` and `EndEventTime`
4076
+ # before attempting to import events.
4077
+ # @return [Time]
2077
4078
  #
2078
- # @!attribute [rw] trail_name
2079
- # The name of the CloudTrail trail for which you want to change or add
2080
- # Insights selectors.
4079
+ # @!attribute [rw] import_id
4080
+ # The ID of the import. Use this parameter when you are retrying an
4081
+ # import.
2081
4082
  # @return [String]
2082
4083
  #
2083
- # @!attribute [rw] insight_selectors
2084
- # A JSON string that contains the Insights types that you want to log
2085
- # on a trail. The valid Insights type in this release is
2086
- # `ApiCallRateInsight`.
2087
- # @return [Array<Types::InsightSelector>]
2088
- #
2089
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
4084
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartImportRequest AWS API Documentation
2090
4085
  #
2091
- class PutInsightSelectorsRequest < Struct.new(
2092
- :trail_name,
2093
- :insight_selectors)
4086
+ class StartImportRequest < Struct.new(
4087
+ :destinations,
4088
+ :import_source,
4089
+ :start_event_time,
4090
+ :end_event_time,
4091
+ :import_id)
2094
4092
  SENSITIVE = []
2095
4093
  include Aws::Structure
2096
4094
  end
2097
4095
 
2098
- # @!attribute [rw] trail_arn
2099
- # The Amazon Resource Name (ARN) of a trail for which you want to
2100
- # change or add Insights selectors.
4096
+ # @!attribute [rw] import_id
4097
+ # The ID of the import.
2101
4098
  # @return [String]
2102
4099
  #
2103
- # @!attribute [rw] insight_selectors
2104
- # A JSON string that contains the Insights event types that you want
2105
- # to log on a trail. The valid Insights type in this release is
2106
- # `ApiCallRateInsight`.
2107
- # @return [Array<Types::InsightSelector>]
4100
+ # @!attribute [rw] destinations
4101
+ # The ARN of the destination event data store.
4102
+ # @return [Array<String>]
2108
4103
  #
2109
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
4104
+ # @!attribute [rw] import_source
4105
+ # The source S3 bucket for the import.
4106
+ # @return [Types::ImportSource]
2110
4107
  #
2111
- class PutInsightSelectorsResponse < Struct.new(
2112
- :trail_arn,
2113
- :insight_selectors)
4108
+ # @!attribute [rw] start_event_time
4109
+ # Used with `EndEventTime` to bound a `StartImport` request, and limit
4110
+ # imported trail events to only those events logged within a specified
4111
+ # time period.
4112
+ # @return [Time]
4113
+ #
4114
+ # @!attribute [rw] end_event_time
4115
+ # Used with `StartEventTime` to bound a `StartImport` request, and
4116
+ # limit imported trail events to only those events logged within a
4117
+ # specified time period.
4118
+ # @return [Time]
4119
+ #
4120
+ # @!attribute [rw] import_status
4121
+ # Shows the status of the import after a `StartImport` request. An
4122
+ # import finishes with a status of `COMPLETED` if there were no
4123
+ # failures, or `FAILED` if there were failures.
4124
+ # @return [String]
4125
+ #
4126
+ # @!attribute [rw] created_timestamp
4127
+ # The timestamp for the import's creation.
4128
+ # @return [Time]
4129
+ #
4130
+ # @!attribute [rw] updated_timestamp
4131
+ # The timestamp of the import's last update, if applicable.
4132
+ # @return [Time]
4133
+ #
4134
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartImportResponse AWS API Documentation
4135
+ #
4136
+ class StartImportResponse < Struct.new(
4137
+ :import_id,
4138
+ :destinations,
4139
+ :import_source,
4140
+ :start_event_time,
4141
+ :end_event_time,
4142
+ :import_status,
4143
+ :created_timestamp,
4144
+ :updated_timestamp)
2114
4145
  SENSITIVE = []
2115
4146
  include Aws::Structure
2116
4147
  end
2117
4148
 
2118
- # Specifies the tags to remove from a trail.
2119
- #
2120
- # @note When making an API call, you may pass RemoveTagsRequest
2121
- # data as a hash:
2122
- #
2123
- # {
2124
- # resource_id: "String", # required
2125
- # tags_list: [
2126
- # {
2127
- # key: "String", # required
2128
- # value: "String",
2129
- # },
2130
- # ],
2131
- # }
4149
+ # The request to CloudTrail to start logging Amazon Web Services API
4150
+ # calls for an account.
2132
4151
  #
2133
- # @!attribute [rw] resource_id
2134
- # Specifies the ARN of the trail from which tags should be removed.
2135
- # The format of a trail ARN is:
4152
+ # @!attribute [rw] name
4153
+ # Specifies the name or the CloudTrail ARN of the trail for which
4154
+ # CloudTrail logs Amazon Web Services API calls. The following is the
4155
+ # format of a trail ARN.
2136
4156
  #
2137
4157
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
2138
4158
  # @return [String]
2139
4159
  #
2140
- # @!attribute [rw] tags_list
2141
- # Specifies a list of tags to be removed.
2142
- # @return [Array<Types::Tag>]
2143
- #
2144
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RemoveTagsRequest AWS API Documentation
4160
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartLoggingRequest AWS API Documentation
2145
4161
  #
2146
- class RemoveTagsRequest < Struct.new(
2147
- :resource_id,
2148
- :tags_list)
4162
+ class StartLoggingRequest < Struct.new(
4163
+ :name)
2149
4164
  SENSITIVE = []
2150
4165
  include Aws::Structure
2151
4166
  end
@@ -2153,123 +4168,138 @@ module Aws::CloudTrail
2153
4168
  # Returns the objects or data listed below if successful. Otherwise,
2154
4169
  # returns an error.
2155
4170
  #
2156
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RemoveTagsResponse AWS API Documentation
4171
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartLoggingResponse AWS API Documentation
2157
4172
  #
2158
- class RemoveTagsResponse < Aws::EmptyStructure; end
4173
+ class StartLoggingResponse < Aws::EmptyStructure; end
2159
4174
 
2160
- # Specifies the type and name of a resource referenced by an event.
2161
- #
2162
- # @!attribute [rw] resource_type
2163
- # The type of a resource referenced by the event returned. When the
2164
- # resource type cannot be determined, null is returned. Some examples
2165
- # of resource types are: **Instance** for EC2, **Trail** for
2166
- # CloudTrail, **DBInstance** for Amazon RDS, and **AccessKey** for
2167
- # IAM. To learn more about how to look up and filter events by the
2168
- # resource types supported for a service, see [Filtering CloudTrail
2169
- # Events][1].
2170
- #
2171
- #
4175
+ # @!attribute [rw] query_statement
4176
+ # The SQL code of your query.
4177
+ # @return [String]
2172
4178
  #
2173
- # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events
4179
+ # @!attribute [rw] delivery_s3_uri
4180
+ # The URI for the S3 bucket where CloudTrail delivers the query
4181
+ # results.
2174
4182
  # @return [String]
2175
4183
  #
2176
- # @!attribute [rw] resource_name
2177
- # The name of the resource referenced by the event returned. These are
2178
- # user-created names whose values will depend on the environment. For
2179
- # example, the resource name might be "auto-scaling-test-group" for
2180
- # an Auto Scaling Group or "i-1234567" for an EC2 Instance.
4184
+ # @!attribute [rw] query_alias
4185
+ # The alias that identifies a query template.
2181
4186
  # @return [String]
2182
4187
  #
2183
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/Resource AWS API Documentation
4188
+ # @!attribute [rw] query_parameters
4189
+ # The query parameters for the specified `QueryAlias`.
4190
+ # @return [Array<String>]
2184
4191
  #
2185
- class Resource < Struct.new(
2186
- :resource_type,
2187
- :resource_name)
4192
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartQueryRequest AWS API Documentation
4193
+ #
4194
+ class StartQueryRequest < Struct.new(
4195
+ :query_statement,
4196
+ :delivery_s3_uri,
4197
+ :query_alias,
4198
+ :query_parameters)
2188
4199
  SENSITIVE = []
2189
4200
  include Aws::Structure
2190
4201
  end
2191
4202
 
2192
- # This exception is thrown when the specified resource is not found.
4203
+ # @!attribute [rw] query_id
4204
+ # The ID of the started query.
4205
+ # @return [String]
2193
4206
  #
2194
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceNotFoundException AWS API Documentation
4207
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartQueryResponse AWS API Documentation
2195
4208
  #
2196
- class ResourceNotFoundException < Aws::EmptyStructure; end
4209
+ class StartQueryResponse < Struct.new(
4210
+ :query_id)
4211
+ SENSITIVE = []
4212
+ include Aws::Structure
4213
+ end
2197
4214
 
2198
- # A resource tag.
2199
- #
2200
- # @!attribute [rw] resource_id
2201
- # Specifies the ARN of the resource.
4215
+ # @!attribute [rw] event_data_store
4216
+ # The ARN (or ID suffix of the ARN) of the event data store for which
4217
+ # you want to stop ingestion.
2202
4218
  # @return [String]
2203
4219
  #
2204
- # @!attribute [rw] tags_list
2205
- # A list of tags.
2206
- # @return [Array<Types::Tag>]
2207
- #
2208
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceTag AWS API Documentation
4220
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopEventDataStoreIngestionRequest AWS API Documentation
2209
4221
  #
2210
- class ResourceTag < Struct.new(
2211
- :resource_id,
2212
- :tags_list)
4222
+ class StopEventDataStoreIngestionRequest < Struct.new(
4223
+ :event_data_store)
2213
4224
  SENSITIVE = []
2214
4225
  include Aws::Structure
2215
4226
  end
2216
4227
 
2217
- # This exception is thrown when the specified resource type is not
2218
- # supported by CloudTrail.
2219
- #
2220
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ResourceTypeNotSupportedException AWS API Documentation
4228
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopEventDataStoreIngestionResponse AWS API Documentation
2221
4229
  #
2222
- class ResourceTypeNotSupportedException < Aws::EmptyStructure; end
4230
+ class StopEventDataStoreIngestionResponse < Aws::EmptyStructure; end
2223
4231
 
2224
- # This exception is thrown when the specified S3 bucket does not exist.
4232
+ # @!attribute [rw] import_id
4233
+ # The ID of the import.
4234
+ # @return [String]
2225
4235
  #
2226
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/S3BucketDoesNotExistException AWS API Documentation
4236
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopImportRequest AWS API Documentation
2227
4237
  #
2228
- class S3BucketDoesNotExistException < Aws::EmptyStructure; end
4238
+ class StopImportRequest < Struct.new(
4239
+ :import_id)
4240
+ SENSITIVE = []
4241
+ include Aws::Structure
4242
+ end
2229
4243
 
2230
- # The request to CloudTrail to start logging Amazon Web Services API
2231
- # calls for an account.
2232
- #
2233
- # @note When making an API call, you may pass StartLoggingRequest
2234
- # data as a hash:
4244
+ # @!attribute [rw] import_id
4245
+ # The ID for the import.
4246
+ # @return [String]
2235
4247
  #
2236
- # {
2237
- # name: "String", # required
2238
- # }
4248
+ # @!attribute [rw] import_source
4249
+ # The source S3 bucket for the import.
4250
+ # @return [Types::ImportSource]
2239
4251
  #
2240
- # @!attribute [rw] name
2241
- # Specifies the name or the CloudTrail ARN of the trail for which
2242
- # CloudTrail logs Amazon Web Services API calls. The following is the
2243
- # format of a trail ARN.
4252
+ # @!attribute [rw] destinations
4253
+ # The ARN of the destination event data store.
4254
+ # @return [Array<String>]
2244
4255
  #
2245
- # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
4256
+ # @!attribute [rw] import_status
4257
+ # The status of the import.
2246
4258
  # @return [String]
2247
4259
  #
2248
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartLoggingRequest AWS API Documentation
4260
+ # @!attribute [rw] created_timestamp
4261
+ # The timestamp of the import's creation.
4262
+ # @return [Time]
2249
4263
  #
2250
- class StartLoggingRequest < Struct.new(
2251
- :name)
4264
+ # @!attribute [rw] updated_timestamp
4265
+ # The timestamp of the import's last update.
4266
+ # @return [Time]
4267
+ #
4268
+ # @!attribute [rw] start_event_time
4269
+ # Used with `EndEventTime` to bound a `StartImport` request, and limit
4270
+ # imported trail events to only those events logged within a specified
4271
+ # time period.
4272
+ # @return [Time]
4273
+ #
4274
+ # @!attribute [rw] end_event_time
4275
+ # Used with `StartEventTime` to bound a `StartImport` request, and
4276
+ # limit imported trail events to only those events logged within a
4277
+ # specified time period.
4278
+ # @return [Time]
4279
+ #
4280
+ # @!attribute [rw] import_statistics
4281
+ # Returns information on the stopped import.
4282
+ # @return [Types::ImportStatistics]
4283
+ #
4284
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopImportResponse AWS API Documentation
4285
+ #
4286
+ class StopImportResponse < Struct.new(
4287
+ :import_id,
4288
+ :import_source,
4289
+ :destinations,
4290
+ :import_status,
4291
+ :created_timestamp,
4292
+ :updated_timestamp,
4293
+ :start_event_time,
4294
+ :end_event_time,
4295
+ :import_statistics)
2252
4296
  SENSITIVE = []
2253
4297
  include Aws::Structure
2254
4298
  end
2255
4299
 
2256
- # Returns the objects or data listed below if successful. Otherwise,
2257
- # returns an error.
2258
- #
2259
- # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartLoggingResponse AWS API Documentation
2260
- #
2261
- class StartLoggingResponse < Aws::EmptyStructure; end
2262
-
2263
4300
  # Passes the request to CloudTrail to stop logging Amazon Web Services
2264
4301
  # API calls for the specified account.
2265
4302
  #
2266
- # @note When making an API call, you may pass StopLoggingRequest
2267
- # data as a hash:
2268
- #
2269
- # {
2270
- # name: "String", # required
2271
- # }
2272
- #
2273
4303
  # @!attribute [rw] name
2274
4304
  # Specifies the name or the CloudTrail ARN of the trail for which
2275
4305
  # CloudTrail will stop logging Amazon Web Services API calls. The
@@ -2294,15 +4324,7 @@ module Aws::CloudTrail
2294
4324
  class StopLoggingResponse < Aws::EmptyStructure; end
2295
4325
 
2296
4326
  # A custom key-value pair associated with a resource such as a
2297
- # CloudTrail trail.
2298
- #
2299
- # @note When making an API call, you may pass Tag
2300
- # data as a hash:
2301
- #
2302
- # {
2303
- # key: "String", # required
2304
- # value: "String",
2305
- # }
4327
+ # CloudTrail trail, event data store, or channel.
2306
4328
  #
2307
4329
  # @!attribute [rw] key
2308
4330
  # The key in a key-value pair. The key must be must be no longer than
@@ -2324,13 +4346,19 @@ module Aws::CloudTrail
2324
4346
  include Aws::Structure
2325
4347
  end
2326
4348
 
2327
- # The number of tags per trail has exceeded the permitted amount.
2328
- # Currently, the limit is 50.
4349
+ # The number of tags per trail, event data store, or channel has
4350
+ # exceeded the permitted amount. Currently, the limit is 50.
2329
4351
  #
2330
4352
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TagsLimitExceededException AWS API Documentation
2331
4353
  #
2332
4354
  class TagsLimitExceededException < Aws::EmptyStructure; end
2333
4355
 
4356
+ # This exception is thrown when the request rate exceeds the limit.
4357
+ #
4358
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ThrottlingException AWS API Documentation
4359
+ #
4360
+ class ThrottlingException < Aws::EmptyStructure; end
4361
+
2334
4362
  # The settings for a trail.
2335
4363
  #
2336
4364
  # @!attribute [rw] name
@@ -2359,7 +4387,7 @@ module Aws::CloudTrail
2359
4387
  # @return [String]
2360
4388
  #
2361
4389
  # @!attribute [rw] sns_topic_name
2362
- # This field is no longer in use. Use SnsTopicARN.
4390
+ # This field is no longer in use. Use `SnsTopicARN`.
2363
4391
  # @return [String]
2364
4392
  #
2365
4393
  # @!attribute [rw] sns_topic_arn
@@ -2376,12 +4404,12 @@ module Aws::CloudTrail
2376
4404
  # @return [Boolean]
2377
4405
  #
2378
4406
  # @!attribute [rw] is_multi_region_trail
2379
- # Specifies whether the trail exists only in one region or exists in
2380
- # all regions.
4407
+ # Specifies whether the trail exists only in one Region or exists in
4408
+ # all Regions.
2381
4409
  # @return [Boolean]
2382
4410
  #
2383
4411
  # @!attribute [rw] home_region
2384
- # The region in which the trail was created.
4412
+ # The Region in which the trail was created.
2385
4413
  # @return [String]
2386
4414
  #
2387
4415
  # @!attribute [rw] trail_arn
@@ -2456,7 +4484,7 @@ module Aws::CloudTrail
2456
4484
  class TrailAlreadyExistsException < Aws::EmptyStructure; end
2457
4485
 
2458
4486
  # Information about a CloudTrail trail, including the trail's name,
2459
- # home region, and Amazon Resource Name (ARN).
4487
+ # home Region, and Amazon Resource Name (ARN).
2460
4488
  #
2461
4489
  # @!attribute [rw] trail_arn
2462
4490
  # The ARN of a trail.
@@ -2500,24 +4528,227 @@ module Aws::CloudTrail
2500
4528
  #
2501
4529
  class UnsupportedOperationException < Aws::EmptyStructure; end
2502
4530
 
2503
- # Specifies settings to update for the trail.
4531
+ # @!attribute [rw] channel
4532
+ # The ARN or ID (the ARN suffix) of the channel that you want to
4533
+ # update.
4534
+ # @return [String]
4535
+ #
4536
+ # @!attribute [rw] destinations
4537
+ # The ARNs of event data stores that you want to log events arriving
4538
+ # through the channel.
4539
+ # @return [Array<Types::Destination>]
4540
+ #
4541
+ # @!attribute [rw] name
4542
+ # Changes the name of the channel.
4543
+ # @return [String]
4544
+ #
4545
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateChannelRequest AWS API Documentation
4546
+ #
4547
+ class UpdateChannelRequest < Struct.new(
4548
+ :channel,
4549
+ :destinations,
4550
+ :name)
4551
+ SENSITIVE = []
4552
+ include Aws::Structure
4553
+ end
4554
+
4555
+ # @!attribute [rw] channel_arn
4556
+ # The ARN of the channel that was updated.
4557
+ # @return [String]
4558
+ #
4559
+ # @!attribute [rw] name
4560
+ # The name of the channel that was updated.
4561
+ # @return [String]
4562
+ #
4563
+ # @!attribute [rw] source
4564
+ # The event source of the channel that was updated.
4565
+ # @return [String]
4566
+ #
4567
+ # @!attribute [rw] destinations
4568
+ # The event data stores that log events arriving through the channel.
4569
+ # @return [Array<Types::Destination>]
4570
+ #
4571
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateChannelResponse AWS API Documentation
4572
+ #
4573
+ class UpdateChannelResponse < Struct.new(
4574
+ :channel_arn,
4575
+ :name,
4576
+ :source,
4577
+ :destinations)
4578
+ SENSITIVE = []
4579
+ include Aws::Structure
4580
+ end
4581
+
4582
+ # @!attribute [rw] event_data_store
4583
+ # The ARN (or the ID suffix of the ARN) of the event data store that
4584
+ # you want to update.
4585
+ # @return [String]
4586
+ #
4587
+ # @!attribute [rw] name
4588
+ # The event data store name.
4589
+ # @return [String]
4590
+ #
4591
+ # @!attribute [rw] advanced_event_selectors
4592
+ # The advanced event selectors used to select events for the event
4593
+ # data store. You can configure up to five advanced event selectors
4594
+ # for each event data store.
4595
+ # @return [Array<Types::AdvancedEventSelector>]
4596
+ #
4597
+ # @!attribute [rw] multi_region_enabled
4598
+ # Specifies whether an event data store collects events from all
4599
+ # Regions, or only from the Region in which it was created.
4600
+ # @return [Boolean]
4601
+ #
4602
+ # @!attribute [rw] organization_enabled
4603
+ # Specifies whether an event data store collects events logged for an
4604
+ # organization in Organizations.
4605
+ # @return [Boolean]
4606
+ #
4607
+ # @!attribute [rw] retention_period
4608
+ # The retention period of the event data store, in days. You can set a
4609
+ # retention period of up to 2557 days, the equivalent of seven years.
4610
+ # CloudTrail Lake determines whether to retain an event by checking if
4611
+ # the `eventTime` of the event is within the specified retention
4612
+ # period. For example, if you set a retention period of 90 days,
4613
+ # CloudTrail will remove events when the `eventTime` is older than 90
4614
+ # days.
4615
+ #
4616
+ # <note markdown="1"> If you decrease the retention period of an event data store,
4617
+ # CloudTrail will remove any events with an `eventTime` older than the
4618
+ # new retention period. For example, if the previous retention period
4619
+ # was 365 days and you decrease it to 100 days, CloudTrail will remove
4620
+ # events with an `eventTime` older than 100 days.
4621
+ #
4622
+ # </note>
4623
+ # @return [Integer]
4624
+ #
4625
+ # @!attribute [rw] termination_protection_enabled
4626
+ # Indicates that termination protection is enabled and the event data
4627
+ # store cannot be automatically deleted.
4628
+ # @return [Boolean]
4629
+ #
4630
+ # @!attribute [rw] kms_key_id
4631
+ # Specifies the KMS key ID to use to encrypt the events delivered by
4632
+ # CloudTrail. The value can be an alias name prefixed by `alias/`, a
4633
+ # fully specified ARN to an alias, a fully specified ARN to a key, or
4634
+ # a globally unique identifier.
4635
+ #
4636
+ # Disabling or deleting the KMS key, or removing CloudTrail
4637
+ # permissions on the key, prevents CloudTrail from logging events to
4638
+ # the event data store, and prevents users from querying the data in
4639
+ # the event data store that was encrypted with the key. After you
4640
+ # associate an event data store with a KMS key, the KMS key cannot be
4641
+ # removed or changed. Before you disable or delete a KMS key that you
4642
+ # are using with an event data store, delete or back up your event
4643
+ # data store.
4644
+ #
4645
+ # CloudTrail also supports KMS multi-Region keys. For more information
4646
+ # about multi-Region keys, see [Using multi-Region keys][1] in the
4647
+ # *Key Management Service Developer Guide*.
4648
+ #
4649
+ # Examples:
4650
+ #
4651
+ # * `alias/MyAliasName`
4652
+ #
4653
+ # * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
4654
+ #
4655
+ # * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
4656
+ #
4657
+ # * `12345678-1234-1234-1234-123456789012`
4658
+ #
4659
+ #
4660
+ #
4661
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
4662
+ # @return [String]
4663
+ #
4664
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStoreRequest AWS API Documentation
4665
+ #
4666
+ class UpdateEventDataStoreRequest < Struct.new(
4667
+ :event_data_store,
4668
+ :name,
4669
+ :advanced_event_selectors,
4670
+ :multi_region_enabled,
4671
+ :organization_enabled,
4672
+ :retention_period,
4673
+ :termination_protection_enabled,
4674
+ :kms_key_id)
4675
+ SENSITIVE = []
4676
+ include Aws::Structure
4677
+ end
4678
+
4679
+ # @!attribute [rw] event_data_store_arn
4680
+ # The ARN of the event data store.
4681
+ # @return [String]
4682
+ #
4683
+ # @!attribute [rw] name
4684
+ # The name of the event data store.
4685
+ # @return [String]
4686
+ #
4687
+ # @!attribute [rw] status
4688
+ # The status of an event data store.
4689
+ # @return [String]
2504
4690
  #
2505
- # @note When making an API call, you may pass UpdateTrailRequest
2506
- # data as a hash:
2507
- #
2508
- # {
2509
- # name: "String", # required
2510
- # s3_bucket_name: "String",
2511
- # s3_key_prefix: "String",
2512
- # sns_topic_name: "String",
2513
- # include_global_service_events: false,
2514
- # is_multi_region_trail: false,
2515
- # enable_log_file_validation: false,
2516
- # cloud_watch_logs_log_group_arn: "String",
2517
- # cloud_watch_logs_role_arn: "String",
2518
- # kms_key_id: "String",
2519
- # is_organization_trail: false,
2520
- # }
4691
+ # @!attribute [rw] advanced_event_selectors
4692
+ # The advanced event selectors that are applied to the event data
4693
+ # store.
4694
+ # @return [Array<Types::AdvancedEventSelector>]
4695
+ #
4696
+ # @!attribute [rw] multi_region_enabled
4697
+ # Indicates whether the event data store includes events from all
4698
+ # Regions, or only from the Region in which it was created.
4699
+ # @return [Boolean]
4700
+ #
4701
+ # @!attribute [rw] organization_enabled
4702
+ # Indicates whether an event data store is collecting logged events
4703
+ # for an organization in Organizations.
4704
+ # @return [Boolean]
4705
+ #
4706
+ # @!attribute [rw] retention_period
4707
+ # The retention period, in days.
4708
+ # @return [Integer]
4709
+ #
4710
+ # @!attribute [rw] termination_protection_enabled
4711
+ # Indicates whether termination protection is enabled for the event
4712
+ # data store.
4713
+ # @return [Boolean]
4714
+ #
4715
+ # @!attribute [rw] created_timestamp
4716
+ # The timestamp that shows when an event data store was first created.
4717
+ # @return [Time]
4718
+ #
4719
+ # @!attribute [rw] updated_timestamp
4720
+ # The timestamp that shows when the event data store was last updated.
4721
+ # `UpdatedTimestamp` is always either the same or newer than the time
4722
+ # shown in `CreatedTimestamp`.
4723
+ # @return [Time]
4724
+ #
4725
+ # @!attribute [rw] kms_key_id
4726
+ # Specifies the KMS key ID that encrypts the events delivered by
4727
+ # CloudTrail. The value is a fully specified ARN to a KMS key in the
4728
+ # following format.
4729
+ #
4730
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
4731
+ # @return [String]
4732
+ #
4733
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStoreResponse AWS API Documentation
4734
+ #
4735
+ class UpdateEventDataStoreResponse < Struct.new(
4736
+ :event_data_store_arn,
4737
+ :name,
4738
+ :status,
4739
+ :advanced_event_selectors,
4740
+ :multi_region_enabled,
4741
+ :organization_enabled,
4742
+ :retention_period,
4743
+ :termination_protection_enabled,
4744
+ :created_timestamp,
4745
+ :updated_timestamp,
4746
+ :kms_key_id)
4747
+ SENSITIVE = []
4748
+ include Aws::Structure
4749
+ end
4750
+
4751
+ # Specifies settings to update for the trail.
2521
4752
  #
2522
4753
  # @!attribute [rw] name
2523
4754
  # Specifies the name of the trail or trail ARN. If `Name` is a trail
@@ -2571,14 +4802,14 @@ module Aws::CloudTrail
2571
4802
  # @return [Boolean]
2572
4803
  #
2573
4804
  # @!attribute [rw] is_multi_region_trail
2574
- # Specifies whether the trail applies only to the current region or to
2575
- # all regions. The default is false. If the trail exists only in the
2576
- # current region and this value is set to true, shadow trails
2577
- # (replications of the trail) will be created in the other regions. If
2578
- # the trail exists in all regions and this value is set to false, the
2579
- # trail will remain in the region where it was created, and its shadow
2580
- # trails in other regions will be deleted. As a best practice,
2581
- # consider using trails that log events in all regions.
4805
+ # Specifies whether the trail applies only to the current Region or to
4806
+ # all Regions. The default is false. If the trail exists only in the
4807
+ # current Region and this value is set to true, shadow trails
4808
+ # (replications of the trail) will be created in the other Regions. If
4809
+ # the trail exists in all Regions and this value is set to false, the
4810
+ # trail will remain in the Region where it was created, and its shadow
4811
+ # trails in other Regions will be deleted. As a best practice,
4812
+ # consider using trails that log events in all Regions.
2582
4813
  # @return [Boolean]
2583
4814
  #
2584
4815
  # @!attribute [rw] enable_log_file_validation
@@ -2601,13 +4832,16 @@ module Aws::CloudTrail
2601
4832
  # @!attribute [rw] cloud_watch_logs_log_group_arn
2602
4833
  # Specifies a log group name using an Amazon Resource Name (ARN), a
2603
4834
  # unique identifier that represents the log group to which CloudTrail
2604
- # logs are delivered. Not required unless you specify
2605
- # `CloudWatchLogsRoleArn`.
4835
+ # logs are delivered. You must use a log group that exists in your
4836
+ # account.
4837
+ #
4838
+ # Not required unless you specify `CloudWatchLogsRoleArn`.
2606
4839
  # @return [String]
2607
4840
  #
2608
4841
  # @!attribute [rw] cloud_watch_logs_role_arn
2609
4842
  # Specifies the role for the CloudWatch Logs endpoint to assume to
2610
- # write to a user's log group.
4843
+ # write to a user's log group. You must use a role that exists in
4844
+ # your account.
2611
4845
  # @return [String]
2612
4846
  #
2613
4847
  # @!attribute [rw] kms_key_id
@@ -2640,13 +4874,13 @@ module Aws::CloudTrail
2640
4874
  # organization in Organizations, or only for the current Amazon Web
2641
4875
  # Services account. The default is false, and cannot be true unless
2642
4876
  # the call is made on behalf of an Amazon Web Services account that is
2643
- # the management account for an organization in Organizations. If the
2644
- # trail is not an organization trail and this is set to `true`, the
2645
- # trail will be created in all Amazon Web Services accounts that
2646
- # belong to the organization. If the trail is an organization trail
2647
- # and this is set to `false`, the trail will remain in the current
2648
- # Amazon Web Services account but be deleted from all member accounts
2649
- # in the organization.
4877
+ # the management account or delegated administrator account for an
4878
+ # organization in Organizations. If the trail is not an organization
4879
+ # trail and this is set to `true`, the trail will be created in all
4880
+ # Amazon Web Services accounts that belong to the organization. If the
4881
+ # trail is an organization trail and this is set to `false`, the trail
4882
+ # will remain in the current Amazon Web Services account but be
4883
+ # deleted from all member accounts in the organization.
2650
4884
  # @return [Boolean]
2651
4885
  #
2652
4886
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrailRequest AWS API Documentation
@@ -2690,7 +4924,7 @@ module Aws::CloudTrail
2690
4924
  # @return [String]
2691
4925
  #
2692
4926
  # @!attribute [rw] sns_topic_name
2693
- # This field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
4927
+ # This field is no longer in use. Use `SnsTopicARN`.
2694
4928
  # @return [String]
2695
4929
  #
2696
4930
  # @!attribute [rw] sns_topic_arn
@@ -2707,7 +4941,7 @@ module Aws::CloudTrail
2707
4941
  # @return [Boolean]
2708
4942
  #
2709
4943
  # @!attribute [rw] is_multi_region_trail
2710
- # Specifies whether the trail exists in one region or in all regions.
4944
+ # Specifies whether the trail exists in one Region or in all Regions.
2711
4945
  # @return [Boolean]
2712
4946
  #
2713
4947
  # @!attribute [rw] trail_arn