aws-sdk-cloudtrail 1.53.0 → 1.55.0

data/lib/aws-sdk-cloudtrail/types.rb

@@ -17,20 +17,28 @@ module Aws::CloudTrail
     #
     class AccountHasOngoingImportException < Aws::EmptyStructure; end
 
-    # Specifies the tags to add to a trail or event data store.
+    # This exception is thrown when when the specified account is not found
+    # or not part of an organization.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountNotFoundException AWS API Documentation
+    #
+    class AccountNotFoundException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the specified account is not registered
+    # as the CloudTrail delegated administrator.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountNotRegisteredException AWS API Documentation
+    #
+    class AccountNotRegisteredException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the account is already registered as the
+    # CloudTrail delegated administrator.
     #
-    # @note When making an API call, you may pass AddTagsRequest
-    #   data as a hash:
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccountRegisteredException AWS API Documentation
     #
-    #       {
-    #         resource_id: "String", # required
-    #         tags_list: [ # required
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue",
-    #           },
-    #         ],
-    #       }
+    class AccountRegisteredException < Aws::EmptyStructure; end
+
+    # Specifies the tags to add to a trail or event data store.
     #
     # @!attribute [rw] resource_id
     #   Specifies the ARN of the trail or event data store to which one or
@@ -84,24 +92,6 @@ module Aws::CloudTrail
     #
     # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
     #
-    # @note When making an API call, you may pass AdvancedEventSelector
-    #   data as a hash:
-    #
-    #       {
-    #         name: "SelectorName",
-    #         field_selectors: [ # required
-    #           {
-    #             field: "SelectorField", # required
-    #             equals: ["OperatorValue"],
-    #             starts_with: ["OperatorValue"],
-    #             ends_with: ["OperatorValue"],
-    #             not_equals: ["OperatorValue"],
-    #             not_starts_with: ["OperatorValue"],
-    #             not_ends_with: ["OperatorValue"],
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] name
     #   An optional, descriptive name for an advanced event selector, such
     #   as "Log data events for only two S3 buckets".
@@ -122,19 +112,6 @@ module Aws::CloudTrail
 
     # A single selector statement in an advanced event selector.
     #
-    # @note When making an API call, you may pass AdvancedFieldSelector
-    #   data as a hash:
-    #
-    #       {
-    #         field: "SelectorField", # required
-    #         equals: ["OperatorValue"],
-    #         starts_with: ["OperatorValue"],
-    #         ends_with: ["OperatorValue"],
-    #         not_equals: ["OperatorValue"],
-    #         not_starts_with: ["OperatorValue"],
-    #         not_ends_with: ["OperatorValue"],
-    #       }
-    #
     # @!attribute [rw] field
     #   A field in an event record on which to filter events to be logged.
     #   Supported fields include `readOnly`, `eventCategory`, `eventSource`
@@ -325,14 +302,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CancelQueryRequest
-    #   data as a hash:
-    #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #         query_id: "UUID", # required
-    #       }
-    #
     # @!attribute [rw] event_data_store
     #   The ARN (or the ID suffix of the ARN) of an event data store on
     #   which the specified query is running.
@@ -370,6 +339,13 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # This exception is thrown when the management account of an
+    # organization is registered as the CloudTrail delegated administrator.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CannotDelegateManagementAccountException AWS API Documentation
+    #
+    class CannotDelegateManagementAccountException < Aws::EmptyStructure; end
+
     # Contains information about a returned CloudTrail channel.
     #
     # @!attribute [rw] channel_arn
@@ -454,39 +430,6 @@ module Aws::CloudTrail
     #
     class ConflictException < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass CreateEventDataStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "EventDataStoreName", # required
-    #         advanced_event_selectors: [
-    #           {
-    #             name: "SelectorName",
-    #             field_selectors: [ # required
-    #               {
-    #                 field: "SelectorField", # required
-    #                 equals: ["OperatorValue"],
-    #                 starts_with: ["OperatorValue"],
-    #                 ends_with: ["OperatorValue"],
-    #                 not_equals: ["OperatorValue"],
-    #                 not_starts_with: ["OperatorValue"],
-    #                 not_ends_with: ["OperatorValue"],
-    #               },
-    #             ],
-    #           },
-    #         ],
-    #         multi_region_enabled: false,
-    #         organization_enabled: false,
-    #         retention_period: 1,
-    #         termination_protection_enabled: false,
-    #         tags_list: [
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue",
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] name
     #   The name of the event data store.
     #   @return [String]
@@ -528,6 +471,40 @@ module Aws::CloudTrail
     #   A list of tags.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] kms_key_id
+    #   Specifies the KMS key ID to use to encrypt the events delivered by
+    #   CloudTrail. The value can be an alias name prefixed by `alias/`, a
+    #   fully specified ARN to an alias, a fully specified ARN to a key, or
+    #   a globally unique identifier.
+    #
+    #   Disabling or deleting the KMS key, or removing CloudTrail
+    #   permissions on the key, prevents CloudTrail from logging events to
+    #   the event data store, and prevents users from querying the data in
+    #   the event data store that was encrypted with the key. After you
+    #   associate an event data store with a KMS key, the KMS key cannot be
+    #   removed or changed. Before you disable or delete a KMS key that you
+    #   are using with an event data store, delete or back up your event
+    #   data store.
+    #
+    #   CloudTrail also supports KMS multi-Region keys. For more information
+    #   about multi-Region keys, see [Using multi-Region keys][1] in the
+    #   *Key Management Service Developer Guide*.
+    #
+    #   Examples:
+    #
+    #   * `alias/MyAliasName`
+    #
+    #   * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
+    #
+    #   * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
+    #
+    #   * `12345678-1234-1234-1234-123456789012`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateEventDataStoreRequest AWS API Documentation
     #
     class CreateEventDataStoreRequest < Struct.new(
@@ -537,7 +514,8 @@ module Aws::CloudTrail
       :organization_enabled,
       :retention_period,
       :termination_protection_enabled,
-      :tags_list)
+      :tags_list,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -592,6 +570,14 @@ module Aws::CloudTrail
     #   than the time shown in `CreatedTimestamp`.
     #   @return [Time]
     #
+    # @!attribute [rw] kms_key_id
+    #   Specifies the KMS key ID that encrypts the events delivered by
+    #   CloudTrail. The value is a fully specified ARN to a KMS key in the
+    #   following format.
+    #
+    #   `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateEventDataStoreResponse AWS API Documentation
     #
     class CreateEventDataStoreResponse < Struct.new(
@@ -605,36 +591,14 @@ module Aws::CloudTrail
       :termination_protection_enabled,
       :tags_list,
       :created_timestamp,
-      :updated_timestamp)
+      :updated_timestamp,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Specifies the settings for each trail.
     #
-    # @note When making an API call, you may pass CreateTrailRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #         s3_bucket_name: "String", # required
-    #         s3_key_prefix: "String",
-    #         sns_topic_name: "String",
-    #         include_global_service_events: false,
-    #         is_multi_region_trail: false,
-    #         enable_log_file_validation: false,
-    #         cloud_watch_logs_log_group_arn: "String",
-    #         cloud_watch_logs_role_arn: "String",
-    #         kms_key_id: "String",
-    #         is_organization_trail: false,
-    #         tags_list: [
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue",
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] name
     #   Specifies the name of the trail. The name must meet the following
     #   requirements:
@@ -927,14 +891,6 @@ module Aws::CloudTrail
     #     *MyOtherLambdaFunction* does not match the function specified for
     #     the trail. The trail doesn’t log the event.
     #
-    # @note When making an API call, you may pass DataResource
-    #   data as a hash:
-    #
-    #       {
-    #         type: "String",
-    #         values: ["String"],
-    #       }
-    #
     # @!attribute [rw] type
     #   The resource type in which you want to log data events. You can
     #   specify the following *basic* event selector resource types:
@@ -1026,13 +982,13 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteEventDataStoreRequest
-    #   data as a hash:
+    # This exception is thrown when the maximum number of CloudTrail
+    # delegated administrators is reached.
     #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DelegatedAdminAccountLimitExceededException AWS API Documentation
     #
+    class DelegatedAdminAccountLimitExceededException < Aws::EmptyStructure; end
+
     # @!attribute [rw] event_data_store
     #   The ARN (or the ID suffix of the ARN) of the event data store to
     #   delete.
@@ -1052,13 +1008,6 @@ module Aws::CloudTrail
 
     # The request that specifies the name of a trail to delete.
     #
-    # @note When making an API call, you may pass DeleteTrailRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #       }
-    #
     # @!attribute [rw] name
     #   Specifies the name or the CloudTrail ARN of the trail to be deleted.
     #   The following is the format of a trail ARN.
@@ -1080,14 +1029,31 @@ module Aws::CloudTrail
     #
     class DeleteTrailResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DescribeQueryRequest
-    #   data as a hash:
+    # Removes CloudTrail delegated administrator permissions from a
+    # specified member account in an organization that is currently
+    # designated as a delegated administrator.
+    #
+    # @!attribute [rw] delegated_admin_account_id
+    #   A delegated administrator account ID. This is a member account in an
+    #   organization that is currently designated as a delegated
+    #   administrator.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeregisterOrganizationDelegatedAdminRequest AWS API Documentation
+    #
+    class DeregisterOrganizationDelegatedAdminRequest < Struct.new(
+      :delegated_admin_account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Returns the following response if successful. Otherwise, returns an
+    # error.
     #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #         query_id: "UUID", # required
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeregisterOrganizationDelegatedAdminResponse AWS API Documentation
     #
+    class DeregisterOrganizationDelegatedAdminResponse < Aws::EmptyStructure; end
+
     # @!attribute [rw] event_data_store
     #   The ARN (or the ID suffix of the ARN) of an event data store on
     #   which the specified query was run.
@@ -1154,14 +1120,6 @@ module Aws::CloudTrail
 
     # Returns information about the trail.
     #
-    # @note When making an API call, you may pass DescribeTrailsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         trail_name_list: ["String"],
-    #         include_shadow_trails: false,
-    #       }
-    #
     # @!attribute [rw] trail_name_list
     #   Specifies a list of trail names, trail ARNs, or both, of the trails
     #   to describe. The format of a trail ARN is:
@@ -1435,21 +1393,6 @@ module Aws::CloudTrail
     # You cannot apply both event selectors and advanced event selectors to
     # a trail.
     #
-    # @note When making an API call, you may pass EventSelector
-    #   data as a hash:
-    #
-    #       {
-    #         read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
-    #         include_management_events: false,
-    #         data_resources: [
-    #           {
-    #             type: "String",
-    #             values: ["String"],
-    #           },
-    #         ],
-    #         exclude_management_event_sources: ["String"],
-    #       }
-    #
     # @!attribute [rw] read_write_type
     #   Specify if you want your trail to log read-only events, write-only
     #   events, or all. For example, the EC2 `GetConsoleOutput` is a
@@ -1518,13 +1461,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetChannelRequest
-    #   data as a hash:
-    #
-    #       {
-    #         channel: "ChannelArn", # required
-    #       }
-    #
     # @!attribute [rw] channel
     #   The ARN or `UUID` of a channel.
     #   @return [String]
@@ -1576,13 +1512,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetEventDataStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #       }
-    #
     # @!attribute [rw] event_data_store
     #   The ARN (or ID suffix of the ARN) of the event data store about
     #   which you want information.
@@ -1642,6 +1571,14 @@ module Aws::CloudTrail
     #   shown in `CreatedTimestamp`.
     #   @return [Time]
     #
+    # @!attribute [rw] kms_key_id
+    #   Specifies the KMS key ID that encrypts the events delivered by
+    #   CloudTrail. The value is a fully specified ARN to a KMS key in the
+    #   following format.
+    #
+    #   `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStoreResponse AWS API Documentation
     #
     class GetEventDataStoreResponse < Struct.new(
@@ -1654,18 +1591,12 @@ module Aws::CloudTrail
       :retention_period,
       :termination_protection_enabled,
       :created_timestamp,
-      :updated_timestamp)
+      :updated_timestamp,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetEventSelectorsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         trail_name: "String", # required
-    #       }
-    #
     # @!attribute [rw] trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
     #   name, the string must meet the following requirements:
@@ -1717,13 +1648,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetImportRequest
-    #   data as a hash:
-    #
-    #       {
-    #         import_id: "UUID", # required
-    #       }
-    #
     # @!attribute [rw] import_id
     #   The ID for the import.
     #   @return [String]
@@ -1796,13 +1720,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetInsightSelectorsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         trail_name: "String", # required
-    #       }
-    #
     # @!attribute [rw] trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
     #   name, the string must meet the following requirements:
@@ -1852,16 +1769,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetQueryResultsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #         query_id: "UUID", # required
-    #         next_token: "PaginationToken",
-    #         max_query_results: 1,
-    #       }
-    #
     # @!attribute [rw] event_data_store
     #   The ARN (or ID suffix of the ARN) of the event data store against
     #   which the query was run.
@@ -1923,13 +1830,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetTrailRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #       }
-    #
     # @!attribute [rw] name
     #   The name or the Amazon Resource Name (ARN) of the trail for which
     #   you want to retrieve settings information.
@@ -1957,13 +1857,6 @@ module Aws::CloudTrail
 
     # The name of a trail about which you want the current status.
     #
-    # @note When making an API call, you may pass GetTrailStatusRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #       }
-    #
     # @!attribute [rw] name
     #   Specifies the name or the CloudTrail ARN of the trail for which you
     #   are requesting status. To get the status of a shadow trail (a
@@ -2163,17 +2056,6 @@ module Aws::CloudTrail
 
     # The import source.
     #
-    # @note When making an API call, you may pass ImportSource
-    #   data as a hash:
-    #
-    #       {
-    #         s3: { # required
-    #           s3_location_uri: "String", # required
-    #           s3_bucket_region: "String", # required
-    #           s3_bucket_access_role_arn: "String", # required
-    #         },
-    #       }
-    #
     # @!attribute [rw] s3
     #   The source S3 bucket.
     #   @return [Types::S3ImportSource]
@@ -2283,13 +2165,6 @@ module Aws::CloudTrail
     # A JSON string that contains a list of insight types that are logged on
     # a trail.
     #
-    # @note When making an API call, you may pass InsightSelector
-    #   data as a hash:
-    #
-    #       {
-    #         insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight, ApiErrorRateInsight
-    #       }
-    #
     # @!attribute [rw] insight_type
     #   The type of insights to log on a trail. `ApiCallRateInsight` and
     #   `ApiErrorRateInsight` are valid insight types.
@@ -2551,7 +2426,7 @@ module Aws::CloudTrail
     class InvalidTrailNameException < Aws::EmptyStructure; end
 
     # This exception is thrown when there is an issue with the specified KMS
-    # key and the trail can’t be updated.
+    # key and the trail or event data store can't be updated.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsException AWS API Documentation
     #
@@ -2572,14 +2447,6 @@ module Aws::CloudTrail
     #
     class KmsKeyNotFoundException < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass ListChannelsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         next_token: "PaginationToken",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   The maximum number of CloudTrail channels to display on a single
     #   page.
@@ -2621,14 +2488,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListEventDataStoresRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "PaginationToken",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] next_token
     #   A token you can use to get the next page of event data store
     #   results.
@@ -2665,15 +2524,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListImportFailuresRequest
-    #   data as a hash:
-    #
-    #       {
-    #         import_id: "UUID", # required
-    #         max_results: 1,
-    #         next_token: "PaginationToken",
-    #       }
-    #
     # @!attribute [rw] import_id
     #   The ID of the import.
     #   @return [String]
@@ -2713,16 +2563,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListImportsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         max_results: 1,
-    #         destination: "EventDataStoreArn",
-    #         import_status: "INITIALIZING", # accepts INITIALIZING, IN_PROGRESS, FAILED, STOPPED, COMPLETED
-    #         next_token: "PaginationToken",
-    #       }
-    #
     # @!attribute [rw] max_results
     #   The maximum number of imports to display on a single page.
     #   @return [Integer]
@@ -2769,15 +2609,6 @@ module Aws::CloudTrail
 
     # Requests the public keys for a specified time range.
     #
-    # @note When making an API call, you may pass ListPublicKeysRequest
-    #   data as a hash:
-    #
-    #       {
-    #         start_time: Time.now,
-    #         end_time: Time.now,
-    #         next_token: "String",
-    #       }
-    #
     # @!attribute [rw] start_time
     #   Optionally specifies, in UTC, the start of the time range to look up
     #   public keys for CloudTrail digest files. If not specified, the
@@ -2828,18 +2659,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListQueriesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #         next_token: "PaginationToken",
-    #         max_results: 1,
-    #         start_time: Time.now,
-    #         end_time: Time.now,
-    #         query_status: "QUEUED", # accepts QUEUED, RUNNING, FINISHED, FAILED, CANCELLED, TIMED_OUT
-    #       }
-    #
     # @!attribute [rw] event_data_store
     #   The ARN (or the ID suffix of the ARN) of an event data store on
     #   which queries were run.
@@ -2902,14 +2721,6 @@ module Aws::CloudTrail
 
     # Specifies a list of tags to return.
     #
-    # @note When making an API call, you may pass ListTagsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_id_list: ["String"], # required
-    #         next_token: "String",
-    #       }
-    #
     # @!attribute [rw] resource_id_list
     #   Specifies a list of trail and event data store ARNs whose tags will
     #   be listed. The list has a limit of 20 ARNs.
@@ -2948,13 +2759,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListTrailsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "String",
-    #       }
-    #
     # @!attribute [rw] next_token
     #   The token to use to get the next page of results after a previous
     #   API call. This token must be passed in with the same parameters that
@@ -2997,14 +2801,6 @@ module Aws::CloudTrail
 
     # Specifies an attribute and value that filter the events returned.
     #
-    # @note When making an API call, you may pass LookupAttribute
-    #   data as a hash:
-    #
-    #       {
-    #         attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
-    #         attribute_value: "String", # required
-    #       }
-    #
     # @!attribute [rw] attribute_key
     #   Specifies an attribute on which to filter the events returned.
     #   @return [String]
@@ -3024,23 +2820,6 @@ module Aws::CloudTrail
 
     # Contains a request for LookupEvents.
     #
-    # @note When making an API call, you may pass LookupEventsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         lookup_attributes: [
-    #           {
-    #             attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
-    #             attribute_value: "String", # required
-    #           },
-    #         ],
-    #         start_time: Time.now,
-    #         end_time: Time.now,
-    #         event_category: "insight", # accepts insight
-    #         max_results: 1,
-    #         next_token: "NextToken",
-    #       }
-    #
     # @!attribute [rw] lookup_attributes
     #   Contains a list of lookup attributes. Currently the list can contain
     #   only one item.
@@ -3131,6 +2910,20 @@ module Aws::CloudTrail
     #
     class MaximumNumberOfTrailsExceededException < Aws::EmptyStructure; end
 
+    # This exception is thrown when the management account does not have a
+    # service-linked role.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/NoManagementAccountSLRExistsException AWS API Documentation
+    #
+    class NoManagementAccountSLRExistsException < Aws::EmptyStructure; end
+
+    # This exception is thrown when the account making the request is not
+    # the organization's management account.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/NotOrganizationManagementAccountException AWS API Documentation
+    #
+    class NotOrganizationManagementAccountException < Aws::EmptyStructure; end
+
     # This exception is thrown when the Amazon Web Services account making
     # the request to create or update an organization trail or event data
     # store is not the management account for an organization in
@@ -3199,42 +2992,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutEventSelectorsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         trail_name: "String", # required
-    #         event_selectors: [
-    #           {
-    #             read_write_type: "ReadOnly", # accepts ReadOnly, WriteOnly, All
-    #             include_management_events: false,
-    #             data_resources: [
-    #               {
-    #                 type: "String",
-    #                 values: ["String"],
-    #               },
-    #             ],
-    #             exclude_management_event_sources: ["String"],
-    #           },
-    #         ],
-    #         advanced_event_selectors: [
-    #           {
-    #             name: "SelectorName",
-    #             field_selectors: [ # required
-    #               {
-    #                 field: "SelectorField", # required
-    #                 equals: ["OperatorValue"],
-    #                 starts_with: ["OperatorValue"],
-    #                 ends_with: ["OperatorValue"],
-    #                 not_equals: ["OperatorValue"],
-    #                 not_starts_with: ["OperatorValue"],
-    #                 not_ends_with: ["OperatorValue"],
-    #               },
-    #             ],
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
     #   name, the string must meet the following requirements:
@@ -3316,18 +3073,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutInsightSelectorsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         trail_name: "String", # required
-    #         insight_selectors: [ # required
-    #           {
-    #             insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight, ApiErrorRateInsight
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] trail_name
     #   The name of the CloudTrail trail for which you want to change or add
     #   Insights selectors.
@@ -3464,20 +3209,30 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # Specifies the tags to remove from a trail or event data store.
+    # Specifies an organization member account ID as a CloudTrail delegated
+    # administrator.
     #
-    # @note When making an API call, you may pass RemoveTagsRequest
-    #   data as a hash:
+    # @!attribute [rw] member_account_id
+    #   An organization member account ID that you want to designate as a
+    #   delegated administrator.
+    #   @return [String]
     #
-    #       {
-    #         resource_id: "String", # required
-    #         tags_list: [ # required
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue",
-    #           },
-    #         ],
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RegisterOrganizationDelegatedAdminRequest AWS API Documentation
+    #
+    class RegisterOrganizationDelegatedAdminRequest < Struct.new(
+      :member_account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Returns the following response if successful. Otherwise, returns an
+    # error.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RegisterOrganizationDelegatedAdminResponse AWS API Documentation
+    #
+    class RegisterOrganizationDelegatedAdminResponse < Aws::EmptyStructure; end
+
+    # Specifies the tags to remove from a trail or event data store.
     #
     # @!attribute [rw] resource_id
     #   Specifies the ARN of the trail or event data store from which tags
@@ -3574,13 +3329,6 @@ module Aws::CloudTrail
     #
     class ResourceTypeNotSupportedException < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass RestoreEventDataStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #       }
-    #
     # @!attribute [rw] event_data_store
     #   The ARN (or the ID suffix of the ARN) of the event data store that
     #   you want to restore.
@@ -3640,6 +3388,14 @@ module Aws::CloudTrail
     #   than the time shown in `CreatedTimestamp`.
     #   @return [Time]
     #
+    # @!attribute [rw] kms_key_id
+    #   Specifies the KMS key ID that encrypts the events delivered by
+    #   CloudTrail. The value is a fully specified ARN to a KMS key in the
+    #   following format.
+    #
+    #   `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RestoreEventDataStoreResponse AWS API Documentation
     #
     class RestoreEventDataStoreResponse < Struct.new(
@@ -3652,7 +3408,8 @@ module Aws::CloudTrail
       :retention_period,
       :termination_protection_enabled,
       :created_timestamp,
-      :updated_timestamp)
+      :updated_timestamp,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3665,15 +3422,6 @@ module Aws::CloudTrail
 
     # The settings for the source S3 bucket.
     #
-    # @note When making an API call, you may pass S3ImportSource
-    #   data as a hash:
-    #
-    #       {
-    #         s3_location_uri: "String", # required
-    #         s3_bucket_region: "String", # required
-    #         s3_bucket_access_role_arn: "String", # required
-    #       }
-    #
     # @!attribute [rw] s3_location_uri
     #   The URI for the source S3 bucket.
     #   @return [String]
@@ -3716,23 +3464,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass StartImportRequest
-    #   data as a hash:
-    #
-    #       {
-    #         destinations: ["EventDataStoreArn"],
-    #         import_source: {
-    #           s3: { # required
-    #             s3_location_uri: "String", # required
-    #             s3_bucket_region: "String", # required
-    #             s3_bucket_access_role_arn: "String", # required
-    #           },
-    #         },
-    #         start_event_time: Time.now,
-    #         end_event_time: Time.now,
-    #         import_id: "UUID",
-    #       }
-    #
     # @!attribute [rw] destinations
     #   The ARN of the destination event data store. Use this parameter for
     #   a new import.
@@ -3834,13 +3565,6 @@ module Aws::CloudTrail
     # The request to CloudTrail to start logging Amazon Web Services API
     # calls for an account.
     #
-    # @note When making an API call, you may pass StartLoggingRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #       }
-    #
     # @!attribute [rw] name
     #   Specifies the name or the CloudTrail ARN of the trail for which
     #   CloudTrail logs Amazon Web Services API calls. The following is the
@@ -3864,14 +3588,6 @@ module Aws::CloudTrail
     #
     class StartLoggingResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass StartQueryRequest
-    #   data as a hash:
-    #
-    #       {
-    #         query_statement: "QueryStatement", # required
-    #         delivery_s3_uri: "DeliveryS3Uri",
-    #       }
-    #
     # @!attribute [rw] query_statement
     #   The SQL code of your query.
     #   @return [String]
@@ -3902,13 +3618,6 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass StopImportRequest
-    #   data as a hash:
-    #
-    #       {
-    #         import_id: "UUID", # required
-    #       }
-    #
     # @!attribute [rw] import_id
     #   The ID of the import.
     #   @return [String]
@@ -3980,13 +3689,6 @@ module Aws::CloudTrail
     # Passes the request to CloudTrail to stop logging Amazon Web Services
     # API calls for the specified account.
     #
-    # @note When making an API call, you may pass StopLoggingRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #       }
-    #
     # @!attribute [rw] name
     #   Specifies the name or the CloudTrail ARN of the trail for which
     #   CloudTrail will stop logging Amazon Web Services API calls. The
@@ -4013,14 +3715,6 @@ module Aws::CloudTrail
     # A custom key-value pair associated with a resource such as a
     # CloudTrail trail.
     #
-    # @note When making an API call, you may pass Tag
-    #   data as a hash:
-    #
-    #       {
-    #         key: "TagKey", # required
-    #         value: "TagValue",
-    #       }
-    #
     # @!attribute [rw] key
     #   The key in a key-value pair. The key must be must be no longer than
     #   128 Unicode characters. The key must be unique for the resource to
@@ -4217,34 +3911,6 @@ module Aws::CloudTrail
     #
     class UnsupportedOperationException < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass UpdateEventDataStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         event_data_store: "EventDataStoreArn", # required
-    #         name: "EventDataStoreName",
-    #         advanced_event_selectors: [
-    #           {
-    #             name: "SelectorName",
-    #             field_selectors: [ # required
-    #               {
-    #                 field: "SelectorField", # required
-    #                 equals: ["OperatorValue"],
-    #                 starts_with: ["OperatorValue"],
-    #                 ends_with: ["OperatorValue"],
-    #                 not_equals: ["OperatorValue"],
-    #                 not_starts_with: ["OperatorValue"],
-    #                 not_ends_with: ["OperatorValue"],
-    #               },
-    #             ],
-    #           },
-    #         ],
-    #         multi_region_enabled: false,
-    #         organization_enabled: false,
-    #         retention_period: 1,
-    #         termination_protection_enabled: false,
-    #       }
-    #
     # @!attribute [rw] event_data_store
     #   The ARN (or the ID suffix of the ARN) of the event data store that
     #   you want to update.
@@ -4279,6 +3945,40 @@ module Aws::CloudTrail
     #   store cannot be automatically deleted.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key_id
+    #   Specifies the KMS key ID to use to encrypt the events delivered by
+    #   CloudTrail. The value can be an alias name prefixed by `alias/`, a
+    #   fully specified ARN to an alias, a fully specified ARN to a key, or
+    #   a globally unique identifier.
+    #
+    #   Disabling or deleting the KMS key, or removing CloudTrail
+    #   permissions on the key, prevents CloudTrail from logging events to
+    #   the event data store, and prevents users from querying the data in
+    #   the event data store that was encrypted with the key. After you
+    #   associate an event data store with a KMS key, the KMS key cannot be
+    #   removed or changed. Before you disable or delete a KMS key that you
+    #   are using with an event data store, delete or back up your event
+    #   data store.
+    #
+    #   CloudTrail also supports KMS multi-Region keys. For more information
+    #   about multi-Region keys, see [Using multi-Region keys][1] in the
+    #   *Key Management Service Developer Guide*.
+    #
+    #   Examples:
+    #
+    #   * `alias/MyAliasName`
+    #
+    #   * `arn:aws:kms:us-east-2:123456789012:alias/MyAliasName`
+    #
+    #   * `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
+    #
+    #   * `12345678-1234-1234-1234-123456789012`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStoreRequest AWS API Documentation
     #
     class UpdateEventDataStoreRequest < Struct.new(
@@ -4288,7 +3988,8 @@ module Aws::CloudTrail
       :multi_region_enabled,
       :organization_enabled,
       :retention_period,
-      :termination_protection_enabled)
+      :termination_protection_enabled,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4340,6 +4041,14 @@ module Aws::CloudTrail
     #   shown in `CreatedTimestamp`.
     #   @return [Time]
     #
+    # @!attribute [rw] kms_key_id
+    #   Specifies the KMS key ID that encrypts the events delivered by
+    #   CloudTrail. The value is a fully specified ARN to a KMS key in the
+    #   following format.
+    #
+    #   `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStoreResponse AWS API Documentation
     #
     class UpdateEventDataStoreResponse < Struct.new(
@@ -4352,30 +4061,14 @@ module Aws::CloudTrail
       :retention_period,
       :termination_protection_enabled,
       :created_timestamp,
-      :updated_timestamp)
+      :updated_timestamp,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Specifies settings to update for the trail.
     #
-    # @note When making an API call, you may pass UpdateTrailRequest
-    #   data as a hash:
-    #
-    #       {
-    #         name: "String", # required
-    #         s3_bucket_name: "String",
-    #         s3_key_prefix: "String",
-    #         sns_topic_name: "String",
-    #         include_global_service_events: false,
-    #         is_multi_region_trail: false,
-    #         enable_log_file_validation: false,
-    #         cloud_watch_logs_log_group_arn: "String",
-    #         cloud_watch_logs_role_arn: "String",
-    #         kms_key_id: "String",
-    #         is_organization_trail: false,
-    #       }
-    #
     # @!attribute [rw] name
     #   Specifies the name of the trail or trail ARN. If `Name` is a trail
     #   name, the string must meet the following requirements: