aws-sdk-cloudtrail 1.57.0 → 1.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudtrail/client.rb +38 -18
- data/lib/aws-sdk-cloudtrail/client_api.rb +8 -0
- data/lib/aws-sdk-cloudtrail/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-cloudtrail/endpoint_provider.rb +31 -28
- data/lib/aws-sdk-cloudtrail/types.rb +118 -67
- data/lib/aws-sdk-cloudtrail.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91008a974e6b25be4a7e3d19899a3f68aa46e4d81e34615d935d34593c587a60
|
|
4
|
+
data.tar.gz: 1f89fb0da80a4f41caa95933ce9e803445857e0724762f7ccda50d3a06656b25
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e43c850ed7cb2f27e74f63211f5ab72ed5a8f2dc9dc33cd2151b6ee49e48196ea760f81b77c9a35b5a792474ad82394f29714d570a223ca11a4ca6b30cc33127
|
|
7
|
+
data.tar.gz: a6b091b701364f02209ca14bcea90783a56f09b2a87beadbfd2d36d4c87fa8930ad1d420c762f0e08bec9aa7d50a297e928e6ec8c9ef4af2a3fc6504fcdb59b9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,16 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.59.0 (2023-05-18)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Add ConflictException to PutEventSelectors, add (Channel/EDS)ARNInvalidException to Tag APIs. These exceptions provide customers with more specific error messages instead of internal errors.
|
|
8
|
+
|
|
9
|
+
1.58.0 (2023-02-15)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Feature - This release adds an InsufficientEncryptionPolicyException type to the StartImport endpoint
|
|
13
|
+
|
|
4
14
|
1.57.0 (2023-01-31)
|
|
5
15
|
------------------
|
|
6
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.59.0
|
|
@@ -1292,11 +1292,11 @@ module Aws::CloudTrail
|
|
|
1292
1292
|
# you are logging data events.
|
|
1293
1293
|
#
|
|
1294
1294
|
# For more information about logging management and data events, see the
|
|
1295
|
-
# following topics in the *CloudTrail User Guide
|
|
1295
|
+
# following topics in the *CloudTrail User Guide*:
|
|
1296
1296
|
#
|
|
1297
|
-
# * [Logging management events
|
|
1297
|
+
# * [Logging management events][1]
|
|
1298
1298
|
#
|
|
1299
|
-
# * [Logging data events
|
|
1299
|
+
# * [Logging data events][2]
|
|
1300
1300
|
#
|
|
1301
1301
|
#
|
|
1302
1302
|
#
|
|
@@ -2215,9 +2215,14 @@ module Aws::CloudTrail
|
|
|
2215
2215
|
|
|
2216
2216
|
# Configures an event selector or advanced event selectors for your
|
|
2217
2217
|
# trail. Use event selectors or advanced event selectors to specify
|
|
2218
|
-
# management and data event settings for your trail.
|
|
2219
|
-
#
|
|
2220
|
-
#
|
|
2218
|
+
# management and data event settings for your trail. If you want your
|
|
2219
|
+
# trail to log Insights events, be sure the event selector enables
|
|
2220
|
+
# logging of the Insights event types you want configured for your
|
|
2221
|
+
# trail. For more information about logging Insights events, see
|
|
2222
|
+
# [Logging Insights events for trails][1] in the *CloudTrail User
|
|
2223
|
+
# Guide*. By default, trails created without specific event selectors
|
|
2224
|
+
# are configured to log all read and write management events, and no
|
|
2225
|
+
# data events.
|
|
2221
2226
|
#
|
|
2222
2227
|
# When an event occurs in your account, CloudTrail evaluates the event
|
|
2223
2228
|
# selectors or advanced event selectors in all trails. For each trail,
|
|
@@ -2247,23 +2252,24 @@ module Aws::CloudTrail
|
|
|
2247
2252
|
# `InvalidHomeRegionException` exception is thrown.
|
|
2248
2253
|
#
|
|
2249
2254
|
# You can configure up to five event selectors for each trail. For more
|
|
2250
|
-
# information, see [Logging management events
|
|
2251
|
-
#
|
|
2252
|
-
#
|
|
2255
|
+
# information, see [Logging management events][2], [Logging data
|
|
2256
|
+
# events][3], and [Quotas in CloudTrail][4] in the *CloudTrail User
|
|
2257
|
+
# Guide*.
|
|
2253
2258
|
#
|
|
2254
2259
|
# You can add advanced event selectors, and conditions for your advanced
|
|
2255
2260
|
# event selectors, up to a maximum of 500 values for all conditions and
|
|
2256
2261
|
# selectors on a trail. You can use either `AdvancedEventSelectors` or
|
|
2257
2262
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
|
2258
2263
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
|
2259
|
-
# information about advanced event selectors, see [Logging data
|
|
2260
|
-
#
|
|
2264
|
+
# information about advanced event selectors, see [Logging data
|
|
2265
|
+
# events][3] in the *CloudTrail User Guide*.
|
|
2261
2266
|
#
|
|
2262
2267
|
#
|
|
2263
2268
|
#
|
|
2264
|
-
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-
|
|
2265
|
-
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-
|
|
2266
|
-
# [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/
|
|
2269
|
+
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
|
|
2270
|
+
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
|
|
2271
|
+
# [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
|
2272
|
+
# [4]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
|
|
2267
2273
|
#
|
|
2268
2274
|
# @option params [required, String] :trail_name
|
|
2269
2275
|
# Specifies the name of the trail or trail ARN. If you specify a trail
|
|
@@ -2299,8 +2305,8 @@ module Aws::CloudTrail
|
|
|
2299
2305
|
# selectors on a trail. You can use either `AdvancedEventSelectors` or
|
|
2300
2306
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
|
2301
2307
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
|
2302
|
-
# information about advanced event selectors, see [Logging data
|
|
2303
|
-
#
|
|
2308
|
+
# information about advanced event selectors, see [Logging data
|
|
2309
|
+
# events][1] in the *CloudTrail User Guide*.
|
|
2304
2310
|
#
|
|
2305
2311
|
#
|
|
2306
2312
|
#
|
|
@@ -2391,6 +2397,12 @@ module Aws::CloudTrail
|
|
|
2391
2397
|
# an empty list of insight types. The valid Insights event types in this
|
|
2392
2398
|
# release are `ApiErrorRateInsight` and `ApiCallRateInsight`.
|
|
2393
2399
|
#
|
|
2400
|
+
# To log CloudTrail Insights events on API call volume, the trail must
|
|
2401
|
+
# log `write` management events. To log CloudTrail Insights events on
|
|
2402
|
+
# API error rate, the trail must log `read` or `write` management
|
|
2403
|
+
# events. You can call `GetEventSelectors` on a trail to check whether
|
|
2404
|
+
# the trail logs management events.
|
|
2405
|
+
#
|
|
2394
2406
|
# @option params [required, String] :trail_name
|
|
2395
2407
|
# The name of the CloudTrail trail for which you want to change or add
|
|
2396
2408
|
# Insights selectors.
|
|
@@ -2398,7 +2410,15 @@ module Aws::CloudTrail
|
|
|
2398
2410
|
# @option params [required, Array<Types::InsightSelector>] :insight_selectors
|
|
2399
2411
|
# A JSON string that contains the insight types you want to log on a
|
|
2400
2412
|
# trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
|
|
2401
|
-
#
|
|
2413
|
+
# Insight types.
|
|
2414
|
+
#
|
|
2415
|
+
# The `ApiCallRateInsight` Insights type analyzes write-only management
|
|
2416
|
+
# API calls that are aggregated per minute against a baseline API call
|
|
2417
|
+
# volume.
|
|
2418
|
+
#
|
|
2419
|
+
# The `ApiErrorRateInsight` Insights type analyzes management API calls
|
|
2420
|
+
# that result in error codes. The error is shown if the API call is
|
|
2421
|
+
# unsuccessful.
|
|
2402
2422
|
#
|
|
2403
2423
|
# @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
2404
2424
|
#
|
|
@@ -3281,7 +3301,7 @@ module Aws::CloudTrail
|
|
|
3281
3301
|
params: params,
|
|
3282
3302
|
config: config)
|
|
3283
3303
|
context[:gem_name] = 'aws-sdk-cloudtrail'
|
|
3284
|
-
context[:gem_version] = '1.
|
|
3304
|
+
context[:gem_version] = '1.59.0'
|
|
3285
3305
|
Seahorse::Client::Request.new(handlers, context)
|
|
3286
3306
|
end
|
|
3287
3307
|
|
|
@@ -1160,6 +1160,8 @@ module Aws::CloudTrail
|
|
|
1160
1160
|
o.output = Shapes::ShapeRef.new(shape: AddTagsResponse)
|
|
1161
1161
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
1162
1162
|
o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
|
|
1163
|
+
o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
|
|
1164
|
+
o.errors << Shapes::ShapeRef.new(shape: ChannelARNInvalidException)
|
|
1163
1165
|
o.errors << Shapes::ShapeRef.new(shape: ResourceTypeNotSupportedException)
|
|
1164
1166
|
o.errors << Shapes::ShapeRef.new(shape: TagsLimitExceededException)
|
|
1165
1167
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
|
|
@@ -1641,6 +1643,8 @@ module Aws::CloudTrail
|
|
|
1641
1643
|
o.output = Shapes::ShapeRef.new(shape: ListTagsResponse)
|
|
1642
1644
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
1643
1645
|
o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
|
|
1646
|
+
o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
|
|
1647
|
+
o.errors << Shapes::ShapeRef.new(shape: ChannelARNInvalidException)
|
|
1644
1648
|
o.errors << Shapes::ShapeRef.new(shape: ResourceTypeNotSupportedException)
|
|
1645
1649
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
|
|
1646
1650
|
o.errors << Shapes::ShapeRef.new(shape: InactiveEventDataStoreException)
|
|
@@ -1703,6 +1707,7 @@ module Aws::CloudTrail
|
|
|
1703
1707
|
o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
|
|
1704
1708
|
o.errors << Shapes::ShapeRef.new(shape: InvalidHomeRegionException)
|
|
1705
1709
|
o.errors << Shapes::ShapeRef.new(shape: InvalidEventSelectorsException)
|
|
1710
|
+
o.errors << Shapes::ShapeRef.new(shape: ConflictException)
|
|
1706
1711
|
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
|
1707
1712
|
o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
|
|
1708
1713
|
o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
|
|
@@ -1774,6 +1779,8 @@ module Aws::CloudTrail
|
|
|
1774
1779
|
o.output = Shapes::ShapeRef.new(shape: RemoveTagsResponse)
|
|
1775
1780
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
|
1776
1781
|
o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
|
|
1782
|
+
o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
|
|
1783
|
+
o.errors << Shapes::ShapeRef.new(shape: ChannelARNInvalidException)
|
|
1777
1784
|
o.errors << Shapes::ShapeRef.new(shape: ResourceTypeNotSupportedException)
|
|
1778
1785
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
|
|
1779
1786
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTagParameterException)
|
|
@@ -1822,6 +1829,7 @@ module Aws::CloudTrail
|
|
|
1822
1829
|
o.errors << Shapes::ShapeRef.new(shape: InvalidImportSourceException)
|
|
1823
1830
|
o.errors << Shapes::ShapeRef.new(shape: ImportNotFoundException)
|
|
1824
1831
|
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
|
1832
|
+
o.errors << Shapes::ShapeRef.new(shape: InsufficientEncryptionPolicyException)
|
|
1825
1833
|
o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
|
|
1826
1834
|
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
|
1827
1835
|
o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
|
|
@@ -50,9 +50,6 @@ module Aws::CloudTrail
|
|
|
50
50
|
|
|
51
51
|
def initialize(options = {})
|
|
52
52
|
self[:region] = options[:region]
|
|
53
|
-
if self[:region].nil?
|
|
54
|
-
raise ArgumentError, "Missing required EndpointParameter: :region"
|
|
55
|
-
end
|
|
56
53
|
self[:use_dual_stack] = options[:use_dual_stack]
|
|
57
54
|
self[:use_dual_stack] = false if self[:use_dual_stack].nil?
|
|
58
55
|
if self[:use_dual_stack].nil?
|
|
@@ -14,42 +14,45 @@ module Aws::CloudTrail
|
|
|
14
14
|
use_dual_stack = parameters.use_dual_stack
|
|
15
15
|
use_fips = parameters.use_fips
|
|
16
16
|
endpoint = parameters.endpoint
|
|
17
|
-
if
|
|
18
|
-
if Aws::Endpoints::Matchers.
|
|
19
|
-
|
|
20
|
-
raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
|
|
21
|
-
end
|
|
22
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
23
|
-
raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
|
|
24
|
-
end
|
|
25
|
-
return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
|
|
17
|
+
if Aws::Endpoints::Matchers.set?(endpoint)
|
|
18
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
|
19
|
+
raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
|
|
26
20
|
end
|
|
27
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
|
28
|
-
|
|
29
|
-
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
|
30
|
-
end
|
|
31
|
-
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
|
21
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
22
|
+
raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
|
|
32
23
|
end
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
24
|
+
return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
|
|
25
|
+
end
|
|
26
|
+
if Aws::Endpoints::Matchers.set?(region)
|
|
27
|
+
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
|
28
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
29
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
|
30
|
+
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
|
37
31
|
end
|
|
38
|
-
|
|
39
|
-
|
|
32
|
+
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
|
33
|
+
end
|
|
34
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
|
36
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-east-1")
|
|
37
|
+
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.us-gov-east-1.amazonaws.com", headers: {}, properties: {})
|
|
38
|
+
end
|
|
39
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-west-1")
|
|
40
|
+
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.us-gov-west-1.amazonaws.com", headers: {}, properties: {})
|
|
41
|
+
end
|
|
42
|
+
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
40
43
|
end
|
|
41
|
-
|
|
44
|
+
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
|
42
45
|
end
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
46
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
47
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
|
48
|
+
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
|
49
|
+
end
|
|
50
|
+
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
|
48
51
|
end
|
|
49
|
-
|
|
52
|
+
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
50
53
|
end
|
|
51
|
-
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
52
54
|
end
|
|
55
|
+
raise ArgumentError, "Invalid Configuration: Missing Region"
|
|
53
56
|
raise ArgumentError, 'No endpoint could be resolved'
|
|
54
57
|
|
|
55
58
|
end
|
|
@@ -77,8 +77,8 @@ module Aws::CloudTrail
|
|
|
77
77
|
# Advanced event selectors let you create fine-grained selectors for the
|
|
78
78
|
# following CloudTrail event record fields. They help you control costs
|
|
79
79
|
# by logging only those events that are important to you. For more
|
|
80
|
-
# information about advanced event selectors, see [Logging data
|
|
81
|
-
#
|
|
80
|
+
# information about advanced event selectors, see [Logging data
|
|
81
|
+
# events][1] in the *CloudTrail User Guide*.
|
|
82
82
|
#
|
|
83
83
|
# * `readOnly`
|
|
84
84
|
#
|
|
@@ -166,34 +166,40 @@ module Aws::CloudTrail
|
|
|
166
166
|
# CloudTrail data events. `resources.type` can only use the `Equals`
|
|
167
167
|
# operator, and the value can be one of the following:
|
|
168
168
|
#
|
|
169
|
-
# * `AWS::
|
|
170
|
-
#
|
|
171
|
-
# * `AWS::S3::Object`
|
|
169
|
+
# * `AWS::DynamoDB::Table`
|
|
172
170
|
#
|
|
173
171
|
# * `AWS::Lambda::Function`
|
|
174
172
|
#
|
|
175
|
-
# * `AWS::
|
|
173
|
+
# * `AWS::S3::Object`
|
|
176
174
|
#
|
|
177
|
-
# * `AWS::
|
|
175
|
+
# * `AWS::CloudTrail::Channel`
|
|
178
176
|
#
|
|
179
|
-
# * `AWS::
|
|
177
|
+
# * `AWS::Cognito::IdentityPool`
|
|
180
178
|
#
|
|
181
|
-
# * `AWS::
|
|
179
|
+
# * `AWS::DynamoDB::Stream`
|
|
182
180
|
#
|
|
183
181
|
# * `AWS::EC2::Snapshot`
|
|
184
182
|
#
|
|
185
|
-
# * `AWS::
|
|
186
|
-
#
|
|
187
|
-
# * `AWS::DynamoDB::Stream`
|
|
183
|
+
# * `AWS::FinSpace::Environment`
|
|
188
184
|
#
|
|
189
185
|
# * `AWS::Glue::Table`
|
|
190
186
|
#
|
|
191
|
-
# * `AWS::
|
|
187
|
+
# * `AWS::GuardDuty::Detector`
|
|
188
|
+
#
|
|
189
|
+
# * `AWS::KendraRanking::ExecutionPlan`
|
|
190
|
+
#
|
|
191
|
+
# * `AWS::ManagedBlockchain::Node`
|
|
192
192
|
#
|
|
193
193
|
# * `AWS::SageMaker::ExperimentTrialComponent`
|
|
194
194
|
#
|
|
195
195
|
# * `AWS::SageMaker::FeatureGroup`
|
|
196
196
|
#
|
|
197
|
+
# * `AWS::S3::AccessPoint`
|
|
198
|
+
#
|
|
199
|
+
# * `AWS::S3ObjectLambda::AccessPoint`
|
|
200
|
+
#
|
|
201
|
+
# * `AWS::S3Outposts::Object`
|
|
202
|
+
#
|
|
197
203
|
# You can have only one `resources.type` field per selector. To log
|
|
198
204
|
# data events on more than one resource type, add another selector.
|
|
199
205
|
#
|
|
@@ -214,30 +220,19 @@ module Aws::CloudTrail
|
|
|
214
220
|
#
|
|
215
221
|
# * `arn:<partition>:s3:::<bucket_name>/<object_path>/`
|
|
216
222
|
#
|
|
217
|
-
# When
|
|
218
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
|
219
|
-
# of the following formats. To log events on all objects in an S3
|
|
220
|
-
# access point, we recommend that you use only the access point ARN,
|
|
221
|
-
# don’t include the object path, and use the `StartsWith` or
|
|
222
|
-
# `NotStartsWith` operators.
|
|
223
|
-
#
|
|
224
|
-
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
|
|
225
|
-
#
|
|
226
|
-
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
|
|
227
|
-
#
|
|
228
|
-
# When resources.type equals `AWS::Lambda::Function`, and the
|
|
223
|
+
# When resources.type equals `AWS::DynamoDB::Table`, and the
|
|
229
224
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
230
225
|
# following format:
|
|
231
226
|
#
|
|
232
|
-
# * `arn:<partition>:
|
|
227
|
+
# * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`
|
|
233
228
|
#
|
|
234
229
|
# ^
|
|
235
230
|
#
|
|
236
|
-
# When resources.type equals `AWS::
|
|
231
|
+
# When resources.type equals `AWS::Lambda::Function`, and the
|
|
237
232
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
238
233
|
# following format:
|
|
239
234
|
#
|
|
240
|
-
# * `arn:<partition>:
|
|
235
|
+
# * `arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`
|
|
241
236
|
#
|
|
242
237
|
# ^
|
|
243
238
|
#
|
|
@@ -249,27 +244,19 @@ module Aws::CloudTrail
|
|
|
249
244
|
#
|
|
250
245
|
# ^
|
|
251
246
|
#
|
|
252
|
-
# When
|
|
247
|
+
# When resources.type equals `AWS::Cognito::IdentityPool`, and the
|
|
253
248
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
254
249
|
# following format:
|
|
255
250
|
#
|
|
256
|
-
# * `arn:<partition>:
|
|
257
|
-
#
|
|
258
|
-
# ^
|
|
259
|
-
#
|
|
260
|
-
# When `resources.type` equals `AWS::ManagedBlockchain::Node`, and
|
|
261
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
|
262
|
-
# the following format:
|
|
263
|
-
#
|
|
264
|
-
# * `arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`
|
|
251
|
+
# * `arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`
|
|
265
252
|
#
|
|
266
253
|
# ^
|
|
267
254
|
#
|
|
268
|
-
# When `resources.type` equals `AWS::
|
|
269
|
-
#
|
|
270
|
-
#
|
|
255
|
+
# When `resources.type` equals `AWS::DynamoDB::Stream`, and the
|
|
256
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
257
|
+
# following format:
|
|
271
258
|
#
|
|
272
|
-
# * `arn:<partition>:
|
|
259
|
+
# * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`
|
|
273
260
|
#
|
|
274
261
|
# ^
|
|
275
262
|
#
|
|
@@ -281,11 +268,11 @@ module Aws::CloudTrail
|
|
|
281
268
|
#
|
|
282
269
|
# ^
|
|
283
270
|
#
|
|
284
|
-
# When `resources.type` equals `AWS::
|
|
271
|
+
# When `resources.type` equals `AWS::FinSpace::Environment`, and the
|
|
285
272
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
286
273
|
# following format:
|
|
287
274
|
#
|
|
288
|
-
# * `arn:<partition>:
|
|
275
|
+
# * `arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`
|
|
289
276
|
#
|
|
290
277
|
# ^
|
|
291
278
|
#
|
|
@@ -297,11 +284,27 @@ module Aws::CloudTrail
|
|
|
297
284
|
#
|
|
298
285
|
# ^
|
|
299
286
|
#
|
|
300
|
-
# When `resources.type` equals `AWS::
|
|
287
|
+
# When `resources.type` equals `AWS::GuardDuty::Detector`, and the
|
|
301
288
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
302
289
|
# following format:
|
|
303
290
|
#
|
|
304
|
-
# * `arn:<partition>:
|
|
291
|
+
# * `arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`
|
|
292
|
+
#
|
|
293
|
+
# ^
|
|
294
|
+
#
|
|
295
|
+
# When `resources.type` equals `AWS::KendraRanking::ExecutionPlan`,
|
|
296
|
+
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
|
297
|
+
# be in the following format:
|
|
298
|
+
#
|
|
299
|
+
# * `arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`
|
|
300
|
+
#
|
|
301
|
+
# ^
|
|
302
|
+
#
|
|
303
|
+
# When `resources.type` equals `AWS::ManagedBlockchain::Node`, and
|
|
304
|
+
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
|
305
|
+
# the following format:
|
|
306
|
+
#
|
|
307
|
+
# * `arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`
|
|
305
308
|
#
|
|
306
309
|
# ^
|
|
307
310
|
#
|
|
@@ -321,6 +324,33 @@ module Aws::CloudTrail
|
|
|
321
324
|
# * `arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`
|
|
322
325
|
#
|
|
323
326
|
# ^
|
|
327
|
+
#
|
|
328
|
+
# When `resources.type` equals `AWS::S3::AccessPoint`, and the
|
|
329
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
|
330
|
+
# of the following formats. To log events on all objects in an S3
|
|
331
|
+
# access point, we recommend that you use only the access point ARN,
|
|
332
|
+
# don’t include the object path, and use the `StartsWith` or
|
|
333
|
+
# `NotStartsWith` operators.
|
|
334
|
+
#
|
|
335
|
+
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
|
|
336
|
+
#
|
|
337
|
+
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
|
|
338
|
+
#
|
|
339
|
+
# When `resources.type` equals `AWS::S3ObjectLambda::AccessPoint`,
|
|
340
|
+
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
|
341
|
+
# be in the following format:
|
|
342
|
+
#
|
|
343
|
+
# * `arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`
|
|
344
|
+
#
|
|
345
|
+
# ^
|
|
346
|
+
#
|
|
347
|
+
# When `resources.type` equals `AWS::S3Outposts::Object`, and the
|
|
348
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
|
349
|
+
# following format:
|
|
350
|
+
#
|
|
351
|
+
# * `arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`
|
|
352
|
+
#
|
|
353
|
+
# ^
|
|
324
354
|
# @return [String]
|
|
325
355
|
#
|
|
326
356
|
# @!attribute [rw] equals
|
|
@@ -1085,11 +1115,11 @@ module Aws::CloudTrail
|
|
|
1085
1115
|
# The resource type in which you want to log data events. You can
|
|
1086
1116
|
# specify the following *basic* event selector resource types:
|
|
1087
1117
|
#
|
|
1088
|
-
# * `AWS::
|
|
1118
|
+
# * `AWS::DynamoDB::Table`
|
|
1089
1119
|
#
|
|
1090
1120
|
# * `AWS::Lambda::Function`
|
|
1091
1121
|
#
|
|
1092
|
-
# * `AWS::
|
|
1122
|
+
# * `AWS::S3::Object`
|
|
1093
1123
|
#
|
|
1094
1124
|
# The following resource types are also available through *advanced*
|
|
1095
1125
|
# event selectors. Basic event selector resource types are valid in
|
|
@@ -1099,25 +1129,31 @@ module Aws::CloudTrail
|
|
|
1099
1129
|
#
|
|
1100
1130
|
# * `AWS::CloudTrail::Channel`
|
|
1101
1131
|
#
|
|
1102
|
-
# * `AWS::
|
|
1103
|
-
#
|
|
1104
|
-
# * `AWS::ManagedBlockchain::Node`
|
|
1132
|
+
# * `AWS::Cognito::IdentityPool`
|
|
1105
1133
|
#
|
|
1106
|
-
# * `AWS::
|
|
1134
|
+
# * `AWS::DynamoDB::Stream`
|
|
1107
1135
|
#
|
|
1108
1136
|
# * `AWS::EC2::Snapshot`
|
|
1109
1137
|
#
|
|
1110
|
-
# * `AWS::
|
|
1111
|
-
#
|
|
1112
|
-
# * `AWS::DynamoDB::Stream`
|
|
1138
|
+
# * `AWS::FinSpace::Environment`
|
|
1113
1139
|
#
|
|
1114
1140
|
# * `AWS::Glue::Table`
|
|
1115
1141
|
#
|
|
1116
|
-
# * `AWS::
|
|
1142
|
+
# * `AWS::GuardDuty::Detector`
|
|
1143
|
+
#
|
|
1144
|
+
# * `AWS::KendraRanking::ExecutionPlan`
|
|
1145
|
+
#
|
|
1146
|
+
# * `AWS::ManagedBlockchain::Node`
|
|
1117
1147
|
#
|
|
1118
1148
|
# * `AWS::SageMaker::ExperimentTrialComponent`
|
|
1119
1149
|
#
|
|
1120
1150
|
# * `AWS::SageMaker::FeatureGroup`
|
|
1151
|
+
#
|
|
1152
|
+
# * `AWS::S3::AccessPoint`
|
|
1153
|
+
#
|
|
1154
|
+
# * `AWS::S3ObjectLambda::AccessPoint`
|
|
1155
|
+
#
|
|
1156
|
+
# * `AWS::S3Outposts::Object`
|
|
1121
1157
|
# @return [String]
|
|
1122
1158
|
#
|
|
1123
1159
|
# @!attribute [rw] values
|
|
@@ -2475,12 +2511,20 @@ module Aws::CloudTrail
|
|
|
2475
2511
|
#
|
|
2476
2512
|
class InsightNotEnabledException < Aws::EmptyStructure; end
|
|
2477
2513
|
|
|
2478
|
-
# A JSON string that contains a list of
|
|
2479
|
-
# a trail.
|
|
2514
|
+
# A JSON string that contains a list of Insights types that are logged
|
|
2515
|
+
# on a trail.
|
|
2480
2516
|
#
|
|
2481
2517
|
# @!attribute [rw] insight_type
|
|
2482
|
-
# The type of
|
|
2483
|
-
# `ApiErrorRateInsight` are valid
|
|
2518
|
+
# The type of Insights events to log on a trail. `ApiCallRateInsight`
|
|
2519
|
+
# and `ApiErrorRateInsight` are valid Insight types.
|
|
2520
|
+
#
|
|
2521
|
+
# The `ApiCallRateInsight` Insights type analyzes write-only
|
|
2522
|
+
# management API calls that are aggregated per minute against a
|
|
2523
|
+
# baseline API call volume.
|
|
2524
|
+
#
|
|
2525
|
+
# The `ApiErrorRateInsight` Insights type analyzes management API
|
|
2526
|
+
# calls that result in error codes. The error is shown if the API call
|
|
2527
|
+
# is unsuccessful.
|
|
2484
2528
|
# @return [String]
|
|
2485
2529
|
#
|
|
2486
2530
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
|
|
@@ -2491,10 +2535,9 @@ module Aws::CloudTrail
|
|
|
2491
2535
|
include Aws::Structure
|
|
2492
2536
|
end
|
|
2493
2537
|
|
|
2494
|
-
# This exception is thrown when the IAM
|
|
2495
|
-
#
|
|
2496
|
-
#
|
|
2497
|
-
# service.
|
|
2538
|
+
# This exception is thrown when the IAM identity that is used to create
|
|
2539
|
+
# the organization resource lacks one or more required permissions for
|
|
2540
|
+
# creating an organization resource in a required service.
|
|
2498
2541
|
#
|
|
2499
2542
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientDependencyServiceAccessPermissionException AWS API Documentation
|
|
2500
2543
|
#
|
|
@@ -3350,8 +3393,8 @@ module Aws::CloudTrail
|
|
|
3350
3393
|
# `EventSelectors`, but not both. If you apply
|
|
3351
3394
|
# `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
|
|
3352
3395
|
# are overwritten. For more information about advanced event
|
|
3353
|
-
# selectors, see [Logging data events
|
|
3354
|
-
#
|
|
3396
|
+
# selectors, see [Logging data events][1] in the *CloudTrail User
|
|
3397
|
+
# Guide*.
|
|
3355
3398
|
#
|
|
3356
3399
|
#
|
|
3357
3400
|
#
|
|
@@ -3401,7 +3444,15 @@ module Aws::CloudTrail
|
|
|
3401
3444
|
# @!attribute [rw] insight_selectors
|
|
3402
3445
|
# A JSON string that contains the insight types you want to log on a
|
|
3403
3446
|
# trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
|
|
3404
|
-
#
|
|
3447
|
+
# Insight types.
|
|
3448
|
+
#
|
|
3449
|
+
# The `ApiCallRateInsight` Insights type analyzes write-only
|
|
3450
|
+
# management API calls that are aggregated per minute against a
|
|
3451
|
+
# baseline API call volume.
|
|
3452
|
+
#
|
|
3453
|
+
# The `ApiErrorRateInsight` Insights type analyzes management API
|
|
3454
|
+
# calls that result in error codes. The error is shown if the API call
|
|
3455
|
+
# is unsuccessful.
|
|
3405
3456
|
# @return [Array<Types::InsightSelector>]
|
|
3406
3457
|
#
|
|
3407
3458
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
|
data/lib/aws-sdk-cloudtrail.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-cloudtrail
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.59.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-05-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|