aws-sdk-cloudtrail 1.43.0 → 1.44.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -372,7 +372,7 @@ module Aws::CloudTrail
372
372
  #
373
373
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
374
374
  #
375
- # @option params [Array<Types::Tag>] :tags_list
375
+ # @option params [required, Array<Types::Tag>] :tags_list
376
376
  # Contains a list of tags, up to a limit of 50
377
377
  #
378
378
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -381,10 +381,10 @@ module Aws::CloudTrail
381
381
  #
382
382
  # resp = client.add_tags({
383
383
  # resource_id: "String", # required
384
- # tags_list: [
384
+ # tags_list: [ # required
385
385
  # {
386
- # key: "String", # required
387
- # value: "String",
386
+ # key: "TagKey", # required
387
+ # value: "TagValue",
388
388
  # },
389
389
  # ],
390
390
  # })
@@ -398,6 +398,168 @@ module Aws::CloudTrail
398
398
  req.send_request(options)
399
399
  end
400
400
 
401
+ # Cancels a query if the query is not in a terminated state, such as
402
+ # `CANCELLED`, `FAILED` or `FINISHED`. You must specify an ARN value for
403
+ # `EventDataStore`. The ID of the query that you want to cancel is also
404
+ # required. When you run `CancelQuery`, the query status might show as
405
+ # `CANCELLED` even if the operation is not yet finished.
406
+ #
407
+ # @option params [required, String] :event_data_store
408
+ # The ARN (or the ID suffix of the ARN) of an event data store on which
409
+ # the specified query is running.
410
+ #
411
+ # @option params [required, String] :query_id
412
+ # The ID of the query that you want to cancel. The `QueryId` comes from
413
+ # the response of a `StartQuery` operation.
414
+ #
415
+ # @return [Types::CancelQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
416
+ #
417
+ # * {Types::CancelQueryResponse#query_id #query_id} => String
418
+ # * {Types::CancelQueryResponse#query_status #query_status} => String
419
+ #
420
+ # @example Request syntax with placeholder values
421
+ #
422
+ # resp = client.cancel_query({
423
+ # event_data_store: "EventDataStoreArn", # required
424
+ # query_id: "UUID", # required
425
+ # })
426
+ #
427
+ # @example Response structure
428
+ #
429
+ # resp.query_id #=> String
430
+ # resp.query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED"
431
+ #
432
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CancelQuery AWS API Documentation
433
+ #
434
+ # @overload cancel_query(params = {})
435
+ # @param [Hash] params ({})
436
+ def cancel_query(params = {}, options = {})
437
+ req = build_request(:cancel_query, params)
438
+ req.send_request(options)
439
+ end
440
+
441
+ # Creates a new event data store.
442
+ #
443
+ # @option params [required, String] :name
444
+ # The name of the event data store.
445
+ #
446
+ # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
447
+ # The advanced event selectors to use to select the events for the data
448
+ # store. For more information about how to use advanced event selectors,
449
+ # see [Log events by using advanced event selectors][1] in the
450
+ # CloudTrail User Guide.
451
+ #
452
+ #
453
+ #
454
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced
455
+ #
456
+ # @option params [Boolean] :multi_region_enabled
457
+ # Specifies whether the event data store includes events from all
458
+ # regions, or only from the region in which the event data store is
459
+ # created.
460
+ #
461
+ # @option params [Boolean] :organization_enabled
462
+ # Specifies whether an event data store collects events logged for an
463
+ # organization in Organizations.
464
+ #
465
+ # @option params [Integer] :retention_period
466
+ # The retention period of the event data store, in days. You can set a
467
+ # retention period of up to 2555 days, the equivalent of seven years.
468
+ #
469
+ # @option params [Boolean] :termination_protection_enabled
470
+ # Specifies whether termination protection is enabled for the event data
471
+ # store. If termination protection is enabled, you cannot delete the
472
+ # event data store until termination protection is disabled.
473
+ #
474
+ # @option params [Array<Types::Tag>] :tags_list
475
+ # A list of tags.
476
+ #
477
+ # @return [Types::CreateEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
478
+ #
479
+ # * {Types::CreateEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
480
+ # * {Types::CreateEventDataStoreResponse#name #name} => String
481
+ # * {Types::CreateEventDataStoreResponse#status #status} => String
482
+ # * {Types::CreateEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
483
+ # * {Types::CreateEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
484
+ # * {Types::CreateEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
485
+ # * {Types::CreateEventDataStoreResponse#retention_period #retention_period} => Integer
486
+ # * {Types::CreateEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
487
+ # * {Types::CreateEventDataStoreResponse#tags_list #tags_list} => Array&lt;Types::Tag&gt;
488
+ # * {Types::CreateEventDataStoreResponse#created_timestamp #created_timestamp} => Time
489
+ # * {Types::CreateEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
490
+ #
491
+ # @example Request syntax with placeholder values
492
+ #
493
+ # resp = client.create_event_data_store({
494
+ # name: "EventDataStoreName", # required
495
+ # advanced_event_selectors: [
496
+ # {
497
+ # name: "SelectorName",
498
+ # field_selectors: [ # required
499
+ # {
500
+ # field: "SelectorField", # required
501
+ # equals: ["OperatorValue"],
502
+ # starts_with: ["OperatorValue"],
503
+ # ends_with: ["OperatorValue"],
504
+ # not_equals: ["OperatorValue"],
505
+ # not_starts_with: ["OperatorValue"],
506
+ # not_ends_with: ["OperatorValue"],
507
+ # },
508
+ # ],
509
+ # },
510
+ # ],
511
+ # multi_region_enabled: false,
512
+ # organization_enabled: false,
513
+ # retention_period: 1,
514
+ # termination_protection_enabled: false,
515
+ # tags_list: [
516
+ # {
517
+ # key: "TagKey", # required
518
+ # value: "TagValue",
519
+ # },
520
+ # ],
521
+ # })
522
+ #
523
+ # @example Response structure
524
+ #
525
+ # resp.event_data_store_arn #=> String
526
+ # resp.name #=> String
527
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION"
528
+ # resp.advanced_event_selectors #=> Array
529
+ # resp.advanced_event_selectors[0].name #=> String
530
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
531
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
532
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
533
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
534
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
535
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
536
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
537
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
538
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
539
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
540
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
541
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
542
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
543
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
544
+ # resp.multi_region_enabled #=> Boolean
545
+ # resp.organization_enabled #=> Boolean
546
+ # resp.retention_period #=> Integer
547
+ # resp.termination_protection_enabled #=> Boolean
548
+ # resp.tags_list #=> Array
549
+ # resp.tags_list[0].key #=> String
550
+ # resp.tags_list[0].value #=> String
551
+ # resp.created_timestamp #=> Time
552
+ # resp.updated_timestamp #=> Time
553
+ #
554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateEventDataStore AWS API Documentation
555
+ #
556
+ # @overload create_event_data_store(params = {})
557
+ # @param [Hash] params ({})
558
+ def create_event_data_store(params = {}, options = {})
559
+ req = build_request(:create_event_data_store, params)
560
+ req.send_request(options)
561
+ end
562
+
401
563
  # Creates a trail that specifies the settings for delivery of log data
402
564
  # to an Amazon S3 bucket.
403
565
  #
@@ -541,8 +703,8 @@ module Aws::CloudTrail
541
703
  # is_organization_trail: false,
542
704
  # tags_list: [
543
705
  # {
544
- # key: "String", # required
545
- # value: "String",
706
+ # key: "TagKey", # required
707
+ # value: "TagValue",
546
708
  # },
547
709
  # ],
548
710
  # })
@@ -572,6 +734,39 @@ module Aws::CloudTrail
572
734
  req.send_request(options)
573
735
  end
574
736
 
737
+ # Disables the event data store specified by `EventDataStore`, which
738
+ # accepts an event data store ARN. After you run `DeleteEventDataStore`,
739
+ # the event data store is automatically deleted after a wait period of
740
+ # seven days. `TerminationProtectionEnabled` must be set to `False` on
741
+ # the event data store; this operation cannot work if
742
+ # `TerminationProtectionEnabled` is `True`.
743
+ #
744
+ # After you run `DeleteEventDataStore` on an event data store, you
745
+ # cannot run `ListQueries`, `DescribeQuery`, or `GetQueryResults` on
746
+ # queries that are using an event data store in a `PENDING_DELETION`
747
+ # state.
748
+ #
749
+ # @option params [required, String] :event_data_store
750
+ # The ARN (or the ID suffix of the ARN) of the event data store to
751
+ # delete.
752
+ #
753
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
754
+ #
755
+ # @example Request syntax with placeholder values
756
+ #
757
+ # resp = client.delete_event_data_store({
758
+ # event_data_store: "EventDataStoreArn", # required
759
+ # })
760
+ #
761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteEventDataStore AWS API Documentation
762
+ #
763
+ # @overload delete_event_data_store(params = {})
764
+ # @param [Hash] params ({})
765
+ def delete_event_data_store(params = {}, options = {})
766
+ req = build_request(:delete_event_data_store, params)
767
+ req.send_request(options)
768
+ end
769
+
575
770
  # Deletes a trail. This operation must be called from the region in
576
771
  # which the trail was created. `DeleteTrail` cannot be called on the
577
772
  # shadow trails (replicated trails in other regions) of a trail that is
@@ -599,6 +794,53 @@ module Aws::CloudTrail
599
794
  req.send_request(options)
600
795
  end
601
796
 
797
+ # Returns metadata about a query, including query run time in
798
+ # milliseconds, number of events scanned and matched, and query status.
799
+ # You must specify an ARN for `EventDataStore`, and a value for
800
+ # `QueryID`.
801
+ #
802
+ # @option params [required, String] :event_data_store
803
+ # The ARN (or the ID suffix of the ARN) of an event data store on which
804
+ # the specified query was run.
805
+ #
806
+ # @option params [required, String] :query_id
807
+ # The query ID.
808
+ #
809
+ # @return [Types::DescribeQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
810
+ #
811
+ # * {Types::DescribeQueryResponse#query_id #query_id} => String
812
+ # * {Types::DescribeQueryResponse#query_string #query_string} => String
813
+ # * {Types::DescribeQueryResponse#query_status #query_status} => String
814
+ # * {Types::DescribeQueryResponse#query_statistics #query_statistics} => Types::QueryStatisticsForDescribeQuery
815
+ # * {Types::DescribeQueryResponse#error_message #error_message} => String
816
+ #
817
+ # @example Request syntax with placeholder values
818
+ #
819
+ # resp = client.describe_query({
820
+ # event_data_store: "EventDataStoreArn", # required
821
+ # query_id: "UUID", # required
822
+ # })
823
+ #
824
+ # @example Response structure
825
+ #
826
+ # resp.query_id #=> String
827
+ # resp.query_string #=> String
828
+ # resp.query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED"
829
+ # resp.query_statistics.events_matched #=> Integer
830
+ # resp.query_statistics.events_scanned #=> Integer
831
+ # resp.query_statistics.execution_time_in_millis #=> Integer
832
+ # resp.query_statistics.creation_time #=> Time
833
+ # resp.error_message #=> String
834
+ #
835
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeQuery AWS API Documentation
836
+ #
837
+ # @overload describe_query(params = {})
838
+ # @param [Hash] params ({})
839
+ def describe_query(params = {}, options = {})
840
+ req = build_request(:describe_query, params)
841
+ req.send_request(options)
842
+ end
843
+
602
844
  # Retrieves settings for one or more trails associated with the current
603
845
  # region for your account.
604
846
  #
@@ -673,6 +915,69 @@ module Aws::CloudTrail
673
915
  req.send_request(options)
674
916
  end
675
917
 
918
+ # Returns information about an event data store specified as either an
919
+ # ARN or the ID portion of the ARN.
920
+ #
921
+ # @option params [required, String] :event_data_store
922
+ # The ARN (or ID suffix of the ARN) of the event data store about which
923
+ # you want information.
924
+ #
925
+ # @return [Types::GetEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
926
+ #
927
+ # * {Types::GetEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
928
+ # * {Types::GetEventDataStoreResponse#name #name} => String
929
+ # * {Types::GetEventDataStoreResponse#status #status} => String
930
+ # * {Types::GetEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
931
+ # * {Types::GetEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
932
+ # * {Types::GetEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
933
+ # * {Types::GetEventDataStoreResponse#retention_period #retention_period} => Integer
934
+ # * {Types::GetEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
935
+ # * {Types::GetEventDataStoreResponse#created_timestamp #created_timestamp} => Time
936
+ # * {Types::GetEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
937
+ #
938
+ # @example Request syntax with placeholder values
939
+ #
940
+ # resp = client.get_event_data_store({
941
+ # event_data_store: "EventDataStoreArn", # required
942
+ # })
943
+ #
944
+ # @example Response structure
945
+ #
946
+ # resp.event_data_store_arn #=> String
947
+ # resp.name #=> String
948
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION"
949
+ # resp.advanced_event_selectors #=> Array
950
+ # resp.advanced_event_selectors[0].name #=> String
951
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
952
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
953
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
954
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
955
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
956
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
957
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
958
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
959
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
960
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
961
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
962
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
963
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
964
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
965
+ # resp.multi_region_enabled #=> Boolean
966
+ # resp.organization_enabled #=> Boolean
967
+ # resp.retention_period #=> Integer
968
+ # resp.termination_protection_enabled #=> Boolean
969
+ # resp.created_timestamp #=> Time
970
+ # resp.updated_timestamp #=> Time
971
+ #
972
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStore AWS API Documentation
973
+ #
974
+ # @overload get_event_data_store(params = {})
975
+ # @param [Hash] params ({})
976
+ def get_event_data_store(params = {}, options = {})
977
+ req = build_request(:get_event_data_store, params)
978
+ req.send_request(options)
979
+ end
980
+
676
981
  # Describes the settings for the event selectors that you configured for
677
982
  # your trail. The information returned for your event selectors includes
678
983
  # the following:
@@ -823,6 +1128,63 @@ module Aws::CloudTrail
823
1128
  req.send_request(options)
824
1129
  end
825
1130
 
1131
+ # Gets event data results of a query. You must specify the `QueryID`
1132
+ # value returned by the `StartQuery` operation, and an ARN for
1133
+ # `EventDataStore`.
1134
+ #
1135
+ # @option params [required, String] :event_data_store
1136
+ # The ARN (or ID suffix of the ARN) of the event data store against
1137
+ # which the query was run.
1138
+ #
1139
+ # @option params [required, String] :query_id
1140
+ # The ID of the query for which you want to get results.
1141
+ #
1142
+ # @option params [String] :next_token
1143
+ # A token you can use to get the next page of query results.
1144
+ #
1145
+ # @option params [Integer] :max_query_results
1146
+ # The maximum number of query results to display on a single page.
1147
+ #
1148
+ # @return [Types::GetQueryResultsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1149
+ #
1150
+ # * {Types::GetQueryResultsResponse#query_status #query_status} => String
1151
+ # * {Types::GetQueryResultsResponse#query_statistics #query_statistics} => Types::QueryStatistics
1152
+ # * {Types::GetQueryResultsResponse#query_result_rows #query_result_rows} => Array&lt;Array&lt;Hash&lt;String,String&gt;&gt;&gt;
1153
+ # * {Types::GetQueryResultsResponse#next_token #next_token} => String
1154
+ # * {Types::GetQueryResultsResponse#error_message #error_message} => String
1155
+ #
1156
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1157
+ #
1158
+ # @example Request syntax with placeholder values
1159
+ #
1160
+ # resp = client.get_query_results({
1161
+ # event_data_store: "EventDataStoreArn", # required
1162
+ # query_id: "UUID", # required
1163
+ # next_token: "PaginationToken",
1164
+ # max_query_results: 1,
1165
+ # })
1166
+ #
1167
+ # @example Response structure
1168
+ #
1169
+ # resp.query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED"
1170
+ # resp.query_statistics.results_count #=> Integer
1171
+ # resp.query_statistics.total_results_count #=> Integer
1172
+ # resp.query_result_rows #=> Array
1173
+ # resp.query_result_rows[0] #=> Array
1174
+ # resp.query_result_rows[0][0] #=> Hash
1175
+ # resp.query_result_rows[0][0]["QueryResultKey"] #=> String
1176
+ # resp.next_token #=> String
1177
+ # resp.error_message #=> String
1178
+ #
1179
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetQueryResults AWS API Documentation
1180
+ #
1181
+ # @overload get_query_results(params = {})
1182
+ # @param [Hash] params ({})
1183
+ def get_query_results(params = {}, options = {})
1184
+ req = build_request(:get_query_results, params)
1185
+ req.send_request(options)
1186
+ end
1187
+
826
1188
  # Returns settings information for a specified trail.
827
1189
  #
828
1190
  # @option params [required, String] :name
@@ -937,6 +1299,68 @@ module Aws::CloudTrail
937
1299
  req.send_request(options)
938
1300
  end
939
1301
 
1302
+ # Returns information about all event data stores in the account, in the
1303
+ # current region.
1304
+ #
1305
+ # @option params [String] :next_token
1306
+ # A token you can use to get the next page of event data store results.
1307
+ #
1308
+ # @option params [Integer] :max_results
1309
+ # The maximum number of event data stores to display on a single page.
1310
+ #
1311
+ # @return [Types::ListEventDataStoresResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1312
+ #
1313
+ # * {Types::ListEventDataStoresResponse#event_data_stores #event_data_stores} => Array&lt;Types::EventDataStore&gt;
1314
+ # * {Types::ListEventDataStoresResponse#next_token #next_token} => String
1315
+ #
1316
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1317
+ #
1318
+ # @example Request syntax with placeholder values
1319
+ #
1320
+ # resp = client.list_event_data_stores({
1321
+ # next_token: "PaginationToken",
1322
+ # max_results: 1,
1323
+ # })
1324
+ #
1325
+ # @example Response structure
1326
+ #
1327
+ # resp.event_data_stores #=> Array
1328
+ # resp.event_data_stores[0].event_data_store_arn #=> String
1329
+ # resp.event_data_stores[0].name #=> String
1330
+ # resp.event_data_stores[0].termination_protection_enabled #=> Boolean
1331
+ # resp.event_data_stores[0].status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION"
1332
+ # resp.event_data_stores[0].advanced_event_selectors #=> Array
1333
+ # resp.event_data_stores[0].advanced_event_selectors[0].name #=> String
1334
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors #=> Array
1335
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].field #=> String
1336
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].equals #=> Array
1337
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
1338
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
1339
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
1340
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
1341
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
1342
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
1343
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
1344
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
1345
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
1346
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
1347
+ # resp.event_data_stores[0].advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
1348
+ # resp.event_data_stores[0].multi_region_enabled #=> Boolean
1349
+ # resp.event_data_stores[0].organization_enabled #=> Boolean
1350
+ # resp.event_data_stores[0].retention_period #=> Integer
1351
+ # resp.event_data_stores[0].created_timestamp #=> Time
1352
+ # resp.event_data_stores[0].updated_timestamp #=> Time
1353
+ # resp.next_token #=> String
1354
+ #
1355
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListEventDataStores AWS API Documentation
1356
+ #
1357
+ # @overload list_event_data_stores(params = {})
1358
+ # @param [Hash] params ({})
1359
+ def list_event_data_stores(params = {}, options = {})
1360
+ req = build_request(:list_event_data_stores, params)
1361
+ req.send_request(options)
1362
+ end
1363
+
940
1364
  # Returns all public keys whose private keys were used to sign the
941
1365
  # digest files within the specified time range. The public key is needed
942
1366
  # to validate digest files that were signed with its corresponding
@@ -995,6 +1419,71 @@ module Aws::CloudTrail
995
1419
  req.send_request(options)
996
1420
  end
997
1421
 
1422
+ # Returns a list of queries and query statuses for the past seven days.
1423
+ # You must specify an ARN value for `EventDataStore`. Optionally, to
1424
+ # shorten the list of results, you can specify a time range, formatted
1425
+ # as timestamps, by adding `StartTime` and `EndTime` parameters, and a
1426
+ # `QueryStatus` value. Valid values for `QueryStatus` include `QUEUED`,
1427
+ # `RUNNING`, `FINISHED`, `FAILED`, or `CANCELLED`.
1428
+ #
1429
+ # @option params [required, String] :event_data_store
1430
+ # The ARN (or the ID suffix of the ARN) of an event data store on which
1431
+ # queries were run.
1432
+ #
1433
+ # @option params [String] :next_token
1434
+ # A token you can use to get the next page of results.
1435
+ #
1436
+ # @option params [Integer] :max_results
1437
+ # The maximum number of queries to show on a page.
1438
+ #
1439
+ # @option params [Time,DateTime,Date,Integer,String] :start_time
1440
+ # Use with `EndTime` to bound a `ListQueries` request, and limit its
1441
+ # results to only those queries run within a specified time period.
1442
+ #
1443
+ # @option params [Time,DateTime,Date,Integer,String] :end_time
1444
+ # Use with `StartTime` to bound a `ListQueries` request, and limit its
1445
+ # results to only those queries run within a specified time period.
1446
+ #
1447
+ # @option params [String] :query_status
1448
+ # The status of queries that you want to return in results. Valid values
1449
+ # for `QueryStatus` include `QUEUED`, `RUNNING`, `FINISHED`, `FAILED`,
1450
+ # or `CANCELLED`.
1451
+ #
1452
+ # @return [Types::ListQueriesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1453
+ #
1454
+ # * {Types::ListQueriesResponse#queries #queries} => Array&lt;Types::Query&gt;
1455
+ # * {Types::ListQueriesResponse#next_token #next_token} => String
1456
+ #
1457
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1458
+ #
1459
+ # @example Request syntax with placeholder values
1460
+ #
1461
+ # resp = client.list_queries({
1462
+ # event_data_store: "EventDataStoreArn", # required
1463
+ # next_token: "PaginationToken",
1464
+ # max_results: 1,
1465
+ # start_time: Time.now,
1466
+ # end_time: Time.now,
1467
+ # query_status: "QUEUED", # accepts QUEUED, RUNNING, FINISHED, FAILED, CANCELLED
1468
+ # })
1469
+ #
1470
+ # @example Response structure
1471
+ #
1472
+ # resp.queries #=> Array
1473
+ # resp.queries[0].query_id #=> String
1474
+ # resp.queries[0].query_status #=> String, one of "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED"
1475
+ # resp.queries[0].creation_time #=> Time
1476
+ # resp.next_token #=> String
1477
+ #
1478
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListQueries AWS API Documentation
1479
+ #
1480
+ # @overload list_queries(params = {})
1481
+ # @param [Hash] params ({})
1482
+ def list_queries(params = {}, options = {})
1483
+ req = build_request(:list_queries, params)
1484
+ req.send_request(options)
1485
+ end
1486
+
998
1487
  # Lists the tags for the trail in the current region.
999
1488
  #
1000
1489
  # @option params [required, Array<String>] :resource_id_list
@@ -1371,17 +1860,17 @@ module Aws::CloudTrail
1371
1860
  # Lets you enable Insights event logging by specifying the Insights
1372
1861
  # selectors that you want to enable on an existing trail. You also use
1373
1862
  # `PutInsightSelectors` to turn off Insights event logging, by passing
1374
- # an empty list of insight types. The valid Insights event type in this
1375
- # release is `ApiCallRateInsight`.
1863
+ # an empty list of insight types. The valid Insights event types in this
1864
+ # release are `ApiErrorRateInsight` and `ApiCallRateInsight`.
1376
1865
  #
1377
1866
  # @option params [required, String] :trail_name
1378
1867
  # The name of the CloudTrail trail for which you want to change or add
1379
1868
  # Insights selectors.
1380
1869
  #
1381
1870
  # @option params [required, Array<Types::InsightSelector>] :insight_selectors
1382
- # A JSON string that contains the Insights types that you want to log on
1383
- # a trail. The valid Insights type in this release is
1384
- # `ApiCallRateInsight`.
1871
+ # A JSON string that contains the insight types you want to log on a
1872
+ # trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
1873
+ # insight types.
1385
1874
  #
1386
1875
  # @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1387
1876
  #
@@ -1422,7 +1911,7 @@ module Aws::CloudTrail
1422
1911
  #
1423
1912
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1424
1913
  #
1425
- # @option params [Array<Types::Tag>] :tags_list
1914
+ # @option params [required, Array<Types::Tag>] :tags_list
1426
1915
  # Specifies a list of tags to be removed.
1427
1916
  #
1428
1917
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -1431,10 +1920,10 @@ module Aws::CloudTrail
1431
1920
  #
1432
1921
  # resp = client.remove_tags({
1433
1922
  # resource_id: "String", # required
1434
- # tags_list: [
1923
+ # tags_list: [ # required
1435
1924
  # {
1436
- # key: "String", # required
1437
- # value: "String",
1925
+ # key: "TagKey", # required
1926
+ # value: "TagValue",
1438
1927
  # },
1439
1928
  # ],
1440
1929
  # })
@@ -1448,6 +1937,72 @@ module Aws::CloudTrail
1448
1937
  req.send_request(options)
1449
1938
  end
1450
1939
 
1940
+ # Restores a deleted event data store specified by `EventDataStore`,
1941
+ # which accepts an event data store ARN. You can only restore a deleted
1942
+ # event data store within the seven-day wait period after deletion.
1943
+ # Restoring an event data store can take several minutes, depending on
1944
+ # the size of the event data store.
1945
+ #
1946
+ # @option params [required, String] :event_data_store
1947
+ # The ARN (or the ID suffix of the ARN) of the event data store that you
1948
+ # want to restore.
1949
+ #
1950
+ # @return [Types::RestoreEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1951
+ #
1952
+ # * {Types::RestoreEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
1953
+ # * {Types::RestoreEventDataStoreResponse#name #name} => String
1954
+ # * {Types::RestoreEventDataStoreResponse#status #status} => String
1955
+ # * {Types::RestoreEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
1956
+ # * {Types::RestoreEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
1957
+ # * {Types::RestoreEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
1958
+ # * {Types::RestoreEventDataStoreResponse#retention_period #retention_period} => Integer
1959
+ # * {Types::RestoreEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
1960
+ # * {Types::RestoreEventDataStoreResponse#created_timestamp #created_timestamp} => Time
1961
+ # * {Types::RestoreEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
1962
+ #
1963
+ # @example Request syntax with placeholder values
1964
+ #
1965
+ # resp = client.restore_event_data_store({
1966
+ # event_data_store: "EventDataStoreArn", # required
1967
+ # })
1968
+ #
1969
+ # @example Response structure
1970
+ #
1971
+ # resp.event_data_store_arn #=> String
1972
+ # resp.name #=> String
1973
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION"
1974
+ # resp.advanced_event_selectors #=> Array
1975
+ # resp.advanced_event_selectors[0].name #=> String
1976
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
1977
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
1978
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
1979
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
1980
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
1981
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
1982
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
1983
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
1984
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
1985
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
1986
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
1987
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
1988
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
1989
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
1990
+ # resp.multi_region_enabled #=> Boolean
1991
+ # resp.organization_enabled #=> Boolean
1992
+ # resp.retention_period #=> Integer
1993
+ # resp.termination_protection_enabled #=> Boolean
1994
+ # resp.created_timestamp #=> Time
1995
+ # resp.updated_timestamp #=> Time
1996
+ #
1997
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RestoreEventDataStore AWS API Documentation
1998
+ #
1999
+ # @overload restore_event_data_store(params = {})
2000
+ # @param [Hash] params ({})
2001
+ def restore_event_data_store(params = {}, options = {})
2002
+ req = build_request(:restore_event_data_store, params)
2003
+ req.send_request(options)
2004
+ end
2005
+
1451
2006
  # Starts the recording of Amazon Web Services API calls and log file
1452
2007
  # delivery for a trail. For a trail that is enabled in all regions, this
1453
2008
  # operation must be called from the region in which the trail was
@@ -1479,6 +2034,35 @@ module Aws::CloudTrail
1479
2034
  req.send_request(options)
1480
2035
  end
1481
2036
 
2037
+ # Starts a CloudTrail Lake query. The required `QueryStatement`
2038
+ # parameter provides your SQL query, enclosed in single quotation marks.
2039
+ #
2040
+ # @option params [required, String] :query_statement
2041
+ # The SQL code of your query.
2042
+ #
2043
+ # @return [Types::StartQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2044
+ #
2045
+ # * {Types::StartQueryResponse#query_id #query_id} => String
2046
+ #
2047
+ # @example Request syntax with placeholder values
2048
+ #
2049
+ # resp = client.start_query({
2050
+ # query_statement: "QueryStatement", # required
2051
+ # })
2052
+ #
2053
+ # @example Response structure
2054
+ #
2055
+ # resp.query_id #=> String
2056
+ #
2057
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartQuery AWS API Documentation
2058
+ #
2059
+ # @overload start_query(params = {})
2060
+ # @param [Hash] params ({})
2061
+ def start_query(params = {}, options = {})
2062
+ req = build_request(:start_query, params)
2063
+ req.send_request(options)
2064
+ end
2065
+
1482
2066
  # Suspends the recording of Amazon Web Services API calls and log file
1483
2067
  # delivery for the specified trail. Under most circumstances, there is
1484
2068
  # no need to use this action. You can update a trail without stopping it
@@ -1513,6 +2097,119 @@ module Aws::CloudTrail
1513
2097
  req.send_request(options)
1514
2098
  end
1515
2099
 
2100
+ # Updates an event data store. The required `EventDataStore` value is an
2101
+ # ARN or the ID portion of the ARN. Other parameters are optional, but
2102
+ # at least one optional parameter must be specified, or CloudTrail
2103
+ # throws an error. `RetentionPeriod` is in days, and valid values are
2104
+ # integers between 90 and 2555. By default, `TerminationProtection` is
2105
+ # enabled. `AdvancedEventSelectors` includes or excludes management and
2106
+ # data events in your event data store; for more information about
2107
+ # `AdvancedEventSelectors`, see
2108
+ # PutEventSelectorsRequest$AdvancedEventSelectors.
2109
+ #
2110
+ # @option params [required, String] :event_data_store
2111
+ # The ARN (or the ID suffix of the ARN) of the event data store that you
2112
+ # want to update.
2113
+ #
2114
+ # @option params [String] :name
2115
+ # The event data store name.
2116
+ #
2117
+ # @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
2118
+ # The advanced event selectors used to select events for the event data
2119
+ # store.
2120
+ #
2121
+ # @option params [Boolean] :multi_region_enabled
2122
+ # Specifies whether an event data store collects events from all
2123
+ # regions, or only from the region in which it was created.
2124
+ #
2125
+ # @option params [Boolean] :organization_enabled
2126
+ # Specifies whether an event data store collects events logged for an
2127
+ # organization in Organizations.
2128
+ #
2129
+ # @option params [Integer] :retention_period
2130
+ # The retention period, in days.
2131
+ #
2132
+ # @option params [Boolean] :termination_protection_enabled
2133
+ # Indicates that termination protection is enabled and the event data
2134
+ # store cannot be automatically deleted.
2135
+ #
2136
+ # @return [Types::UpdateEventDataStoreResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2137
+ #
2138
+ # * {Types::UpdateEventDataStoreResponse#event_data_store_arn #event_data_store_arn} => String
2139
+ # * {Types::UpdateEventDataStoreResponse#name #name} => String
2140
+ # * {Types::UpdateEventDataStoreResponse#status #status} => String
2141
+ # * {Types::UpdateEventDataStoreResponse#advanced_event_selectors #advanced_event_selectors} => Array&lt;Types::AdvancedEventSelector&gt;
2142
+ # * {Types::UpdateEventDataStoreResponse#multi_region_enabled #multi_region_enabled} => Boolean
2143
+ # * {Types::UpdateEventDataStoreResponse#organization_enabled #organization_enabled} => Boolean
2144
+ # * {Types::UpdateEventDataStoreResponse#retention_period #retention_period} => Integer
2145
+ # * {Types::UpdateEventDataStoreResponse#termination_protection_enabled #termination_protection_enabled} => Boolean
2146
+ # * {Types::UpdateEventDataStoreResponse#created_timestamp #created_timestamp} => Time
2147
+ # * {Types::UpdateEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
2148
+ #
2149
+ # @example Request syntax with placeholder values
2150
+ #
2151
+ # resp = client.update_event_data_store({
2152
+ # event_data_store: "EventDataStoreArn", # required
2153
+ # name: "EventDataStoreName",
2154
+ # advanced_event_selectors: [
2155
+ # {
2156
+ # name: "SelectorName",
2157
+ # field_selectors: [ # required
2158
+ # {
2159
+ # field: "SelectorField", # required
2160
+ # equals: ["OperatorValue"],
2161
+ # starts_with: ["OperatorValue"],
2162
+ # ends_with: ["OperatorValue"],
2163
+ # not_equals: ["OperatorValue"],
2164
+ # not_starts_with: ["OperatorValue"],
2165
+ # not_ends_with: ["OperatorValue"],
2166
+ # },
2167
+ # ],
2168
+ # },
2169
+ # ],
2170
+ # multi_region_enabled: false,
2171
+ # organization_enabled: false,
2172
+ # retention_period: 1,
2173
+ # termination_protection_enabled: false,
2174
+ # })
2175
+ #
2176
+ # @example Response structure
2177
+ #
2178
+ # resp.event_data_store_arn #=> String
2179
+ # resp.name #=> String
2180
+ # resp.status #=> String, one of "CREATED", "ENABLED", "PENDING_DELETION"
2181
+ # resp.advanced_event_selectors #=> Array
2182
+ # resp.advanced_event_selectors[0].name #=> String
2183
+ # resp.advanced_event_selectors[0].field_selectors #=> Array
2184
+ # resp.advanced_event_selectors[0].field_selectors[0].field #=> String
2185
+ # resp.advanced_event_selectors[0].field_selectors[0].equals #=> Array
2186
+ # resp.advanced_event_selectors[0].field_selectors[0].equals[0] #=> String
2187
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with #=> Array
2188
+ # resp.advanced_event_selectors[0].field_selectors[0].starts_with[0] #=> String
2189
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with #=> Array
2190
+ # resp.advanced_event_selectors[0].field_selectors[0].ends_with[0] #=> String
2191
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals #=> Array
2192
+ # resp.advanced_event_selectors[0].field_selectors[0].not_equals[0] #=> String
2193
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with #=> Array
2194
+ # resp.advanced_event_selectors[0].field_selectors[0].not_starts_with[0] #=> String
2195
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with #=> Array
2196
+ # resp.advanced_event_selectors[0].field_selectors[0].not_ends_with[0] #=> String
2197
+ # resp.multi_region_enabled #=> Boolean
2198
+ # resp.organization_enabled #=> Boolean
2199
+ # resp.retention_period #=> Integer
2200
+ # resp.termination_protection_enabled #=> Boolean
2201
+ # resp.created_timestamp #=> Time
2202
+ # resp.updated_timestamp #=> Time
2203
+ #
2204
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStore AWS API Documentation
2205
+ #
2206
+ # @overload update_event_data_store(params = {})
2207
+ # @param [Hash] params ({})
2208
+ def update_event_data_store(params = {}, options = {})
2209
+ req = build_request(:update_event_data_store, params)
2210
+ req.send_request(options)
2211
+ end
2212
+
1516
2213
  # Updates trail settings that control what events you are logging, and
1517
2214
  # how to handle log files. Changes to a trail do not require stopping
1518
2215
  # the CloudTrail service. Use this action to designate an existing
@@ -1709,7 +2406,7 @@ module Aws::CloudTrail
1709
2406
  params: params,
1710
2407
  config: config)
1711
2408
  context[:gem_name] = 'aws-sdk-cloudtrail'
1712
- context[:gem_version] = '1.43.0'
2409
+ context[:gem_version] = '1.44.0'
1713
2410
  Seahorse::Client::Request.new(handlers, context)
1714
2411
  end
1715
2412