aws-sdk-cloudtrail 1.69.0 → 1.70.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudtrail/client.rb +139 -38
- data/lib/aws-sdk-cloudtrail/client_api.rb +14 -2
- data/lib/aws-sdk-cloudtrail/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-cloudtrail/types.rb +226 -36
- data/lib/aws-sdk-cloudtrail.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c4a3833b686aa7351ba9a3ee53728b877fdc1b9e3601df0629e628bbcbc19dc
|
4
|
+
data.tar.gz: 3b5962fc934cd48772c6a8c79f995d876665dd640a0a24dcf38b7de07f75ab03
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e2d1328bbeb257cdac10c82ff6e548eaa4791c32723c91d9a482fe06ebf248187f18f232234148e8e103f93167a1f3f459e920ddb17e96873bef824a5c6ac9a
|
7
|
+
data.tar.gz: 2fd3bd68bee11f68b97f29812ec5afcb172fa4505fb94574aed2453869c4d58d6062b02c5b00d7376cd827e84f42d10d5fc324ee067a753d561ba86e65015e30
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.70.0 (2023-11-09)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - The Insights in Lake feature lets customers enable CloudTrail Insights on a source CloudTrail Lake event data store and create a destination event data store to collect Insights events based on unusual management event activity in the source event data store.
|
8
|
+
|
4
9
|
1.69.0 (2023-09-27)
|
5
10
|
------------------
|
6
11
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.70.0
|
@@ -828,6 +828,11 @@ module Aws::CloudTrail
|
|
828
828
|
#
|
829
829
|
# Not required unless you specify `CloudWatchLogsRoleArn`.
|
830
830
|
#
|
831
|
+
# <note markdown="1"> Only the management account can configure a CloudWatch Logs log group
|
832
|
+
# for an organization trail.
|
833
|
+
#
|
834
|
+
# </note>
|
835
|
+
#
|
831
836
|
# @option params [String] :cloud_watch_logs_role_arn
|
832
837
|
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
833
838
|
# to a user's log group. You must use a role that exists in your
|
@@ -1471,20 +1476,26 @@ module Aws::CloudTrail
|
|
1471
1476
|
end
|
1472
1477
|
|
1473
1478
|
# Describes the settings for the Insights event selectors that you
|
1474
|
-
# configured for your trail. `GetInsightSelectors`
|
1475
|
-
# Insights event logging is enabled on the trail
|
1476
|
-
#
|
1477
|
-
#
|
1478
|
-
# exception
|
1479
|
+
# configured for your trail or event data store. `GetInsightSelectors`
|
1480
|
+
# shows if CloudTrail Insights event logging is enabled on the trail or
|
1481
|
+
# event data store, and if it is, which Insights types are enabled. If
|
1482
|
+
# you run `GetInsightSelectors` on a trail or event data store that does
|
1483
|
+
# not have Insights events enabled, the operation throws the exception
|
1484
|
+
# `InsightNotEnabledException`
|
1479
1485
|
#
|
1480
|
-
#
|
1481
|
-
#
|
1486
|
+
# Specify either the `EventDataStore` parameter to get Insights event
|
1487
|
+
# selectors for an event data store, or the `TrailName` parameter to the
|
1488
|
+
# get Insights event selectors for a trail. You cannot specify these
|
1489
|
+
# parameters together.
|
1490
|
+
#
|
1491
|
+
# For more information, see [Logging CloudTrail Insights events][1] in
|
1492
|
+
# the *CloudTrail User Guide*.
|
1482
1493
|
#
|
1483
1494
|
#
|
1484
1495
|
#
|
1485
1496
|
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
|
1486
1497
|
#
|
1487
|
-
# @option params [
|
1498
|
+
# @option params [String] :trail_name
|
1488
1499
|
# Specifies the name of the trail or trail ARN. If you specify a trail
|
1489
1500
|
# name, the string must meet the following requirements:
|
1490
1501
|
#
|
@@ -1504,15 +1515,26 @@ module Aws::CloudTrail
|
|
1504
1515
|
#
|
1505
1516
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1506
1517
|
#
|
1518
|
+
# You cannot use this parameter with the `EventDataStore` parameter.
|
1519
|
+
#
|
1520
|
+
# @option params [String] :event_data_store
|
1521
|
+
# Specifies the ARN (or ID suffix of the ARN) of the event data store
|
1522
|
+
# for which you want to get Insights selectors.
|
1523
|
+
#
|
1524
|
+
# You cannot use this parameter with the `TrailName` parameter.
|
1525
|
+
#
|
1507
1526
|
# @return [Types::GetInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1508
1527
|
#
|
1509
1528
|
# * {Types::GetInsightSelectorsResponse#trail_arn #trail_arn} => String
|
1510
1529
|
# * {Types::GetInsightSelectorsResponse#insight_selectors #insight_selectors} => Array<Types::InsightSelector>
|
1530
|
+
# * {Types::GetInsightSelectorsResponse#event_data_store_arn #event_data_store_arn} => String
|
1531
|
+
# * {Types::GetInsightSelectorsResponse#insights_destination #insights_destination} => String
|
1511
1532
|
#
|
1512
1533
|
# @example Request syntax with placeholder values
|
1513
1534
|
#
|
1514
1535
|
# resp = client.get_insight_selectors({
|
1515
|
-
# trail_name: "String",
|
1536
|
+
# trail_name: "String",
|
1537
|
+
# event_data_store: "EventDataStoreArn",
|
1516
1538
|
# })
|
1517
1539
|
#
|
1518
1540
|
# @example Response structure
|
@@ -1520,6 +1542,8 @@ module Aws::CloudTrail
|
|
1520
1542
|
# resp.trail_arn #=> String
|
1521
1543
|
# resp.insight_selectors #=> Array
|
1522
1544
|
# resp.insight_selectors[0].insight_type #=> String, one of "ApiCallRateInsight", "ApiErrorRateInsight"
|
1545
|
+
# resp.event_data_store_arn #=> String
|
1546
|
+
# resp.insights_destination #=> String
|
1523
1547
|
#
|
1524
1548
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectors AWS API Documentation
|
1525
1549
|
#
|
@@ -2149,8 +2173,16 @@ module Aws::CloudTrail
|
|
2149
2173
|
|
2150
2174
|
# Looks up [management events][1] or [CloudTrail Insights events][2]
|
2151
2175
|
# that are captured by CloudTrail. You can look up events that occurred
|
2152
|
-
# in a Region within the last 90 days.
|
2153
|
-
#
|
2176
|
+
# in a Region within the last 90 days.
|
2177
|
+
#
|
2178
|
+
# <note markdown="1"> `LookupEvents` returns recent Insights events for trails that enable
|
2179
|
+
# Insights. To view Insights events for an event data store, you can run
|
2180
|
+
# queries on your Insights event data store, and you can also view the
|
2181
|
+
# Lake dashboard for Insights.
|
2182
|
+
#
|
2183
|
+
# </note>
|
2184
|
+
#
|
2185
|
+
# Lookup supports the following attributes for management events:
|
2154
2186
|
#
|
2155
2187
|
# * Amazon Web Services access key
|
2156
2188
|
#
|
@@ -2446,25 +2478,51 @@ module Aws::CloudTrail
|
|
2446
2478
|
end
|
2447
2479
|
|
2448
2480
|
# Lets you enable Insights event logging by specifying the Insights
|
2449
|
-
# selectors that you want to enable on an existing trail
|
2450
|
-
# `PutInsightSelectors` to turn off Insights event
|
2451
|
-
# an empty list of
|
2452
|
-
#
|
2481
|
+
# selectors that you want to enable on an existing trail or event data
|
2482
|
+
# store. You also use `PutInsightSelectors` to turn off Insights event
|
2483
|
+
# logging, by passing an empty list of Insights types. The valid
|
2484
|
+
# Insights event types are `ApiErrorRateInsight` and
|
2485
|
+
# `ApiCallRateInsight`.
|
2486
|
+
#
|
2487
|
+
# To enable Insights on an event data store, you must specify the ARNs
|
2488
|
+
# (or ID suffix of the ARNs) for the source event data store
|
2489
|
+
# (`EventDataStore`) and the destination event data store
|
2490
|
+
# (`InsightsDestination`). The source event data store logs management
|
2491
|
+
# events and enables Insights. The destination event data store logs
|
2492
|
+
# Insights events based upon the management event activity of the source
|
2493
|
+
# event data store. The source and destination event data stores must
|
2494
|
+
# belong to the same Amazon Web Services account.
|
2495
|
+
#
|
2496
|
+
# To log Insights events for a trail, you must specify the name
|
2497
|
+
# (`TrailName`) of the CloudTrail trail for which you want to change or
|
2498
|
+
# add Insights selectors.
|
2499
|
+
#
|
2500
|
+
# To log CloudTrail Insights events on API call volume, the trail or
|
2501
|
+
# event data store must log `write` management events. To log CloudTrail
|
2502
|
+
# Insights events on API error rate, the trail or event data store must
|
2503
|
+
# log `read` or `write` management events. You can call
|
2504
|
+
# `GetEventSelectors` on a trail to check whether the trail logs
|
2505
|
+
# management events. You can call `GetEventDataStore` on an event data
|
2506
|
+
# store to check whether the event data store logs management events.
|
2507
|
+
#
|
2508
|
+
# For more information, see [Logging CloudTrail Insights events][1] in
|
2509
|
+
# the *CloudTrail User Guide*.
|
2453
2510
|
#
|
2454
|
-
# To log CloudTrail Insights events on API call volume, the trail must
|
2455
|
-
# log `write` management events. To log CloudTrail Insights events on
|
2456
|
-
# API error rate, the trail must log `read` or `write` management
|
2457
|
-
# events. You can call `GetEventSelectors` on a trail to check whether
|
2458
|
-
# the trail logs management events.
|
2459
2511
|
#
|
2460
|
-
#
|
2512
|
+
#
|
2513
|
+
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
|
2514
|
+
#
|
2515
|
+
# @option params [String] :trail_name
|
2461
2516
|
# The name of the CloudTrail trail for which you want to change or add
|
2462
2517
|
# Insights selectors.
|
2463
2518
|
#
|
2519
|
+
# You cannot use this parameter with the `EventDataStore` and
|
2520
|
+
# `InsightsDestination` parameters.
|
2521
|
+
#
|
2464
2522
|
# @option params [required, Array<Types::InsightSelector>] :insight_selectors
|
2465
|
-
# A JSON string that contains the
|
2466
|
-
# trail. `ApiCallRateInsight` and
|
2467
|
-
# Insight types.
|
2523
|
+
# A JSON string that contains the Insights types you want to log on a
|
2524
|
+
# trail or event data store. `ApiCallRateInsight` and
|
2525
|
+
# `ApiErrorRateInsight` are valid Insight types.
|
2468
2526
|
#
|
2469
2527
|
# The `ApiCallRateInsight` Insights type analyzes write-only management
|
2470
2528
|
# API calls that are aggregated per minute against a baseline API call
|
@@ -2474,20 +2532,40 @@ module Aws::CloudTrail
|
|
2474
2532
|
# that result in error codes. The error is shown if the API call is
|
2475
2533
|
# unsuccessful.
|
2476
2534
|
#
|
2535
|
+
# @option params [String] :event_data_store
|
2536
|
+
# The ARN (or ID suffix of the ARN) of the source event data store for
|
2537
|
+
# which you want to change or add Insights selectors. To enable Insights
|
2538
|
+
# on an event data store, you must provide both the `EventDataStore` and
|
2539
|
+
# `InsightsDestination` parameters.
|
2540
|
+
#
|
2541
|
+
# You cannot use this parameter with the `TrailName` parameter.
|
2542
|
+
#
|
2543
|
+
# @option params [String] :insights_destination
|
2544
|
+
# The ARN (or ID suffix of the ARN) of the destination event data store
|
2545
|
+
# that logs Insights events. To enable Insights on an event data store,
|
2546
|
+
# you must provide both the `EventDataStore` and `InsightsDestination`
|
2547
|
+
# parameters.
|
2548
|
+
#
|
2549
|
+
# You cannot use this parameter with the `TrailName` parameter.
|
2550
|
+
#
|
2477
2551
|
# @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2478
2552
|
#
|
2479
2553
|
# * {Types::PutInsightSelectorsResponse#trail_arn #trail_arn} => String
|
2480
2554
|
# * {Types::PutInsightSelectorsResponse#insight_selectors #insight_selectors} => Array<Types::InsightSelector>
|
2555
|
+
# * {Types::PutInsightSelectorsResponse#event_data_store_arn #event_data_store_arn} => String
|
2556
|
+
# * {Types::PutInsightSelectorsResponse#insights_destination #insights_destination} => String
|
2481
2557
|
#
|
2482
2558
|
# @example Request syntax with placeholder values
|
2483
2559
|
#
|
2484
2560
|
# resp = client.put_insight_selectors({
|
2485
|
-
# trail_name: "String",
|
2561
|
+
# trail_name: "String",
|
2486
2562
|
# insight_selectors: [ # required
|
2487
2563
|
# {
|
2488
2564
|
# insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight, ApiErrorRateInsight
|
2489
2565
|
# },
|
2490
2566
|
# ],
|
2567
|
+
# event_data_store: "EventDataStoreArn",
|
2568
|
+
# insights_destination: "EventDataStoreArn",
|
2491
2569
|
# })
|
2492
2570
|
#
|
2493
2571
|
# @example Response structure
|
@@ -2495,6 +2573,8 @@ module Aws::CloudTrail
|
|
2495
2573
|
# resp.trail_arn #=> String
|
2496
2574
|
# resp.insight_selectors #=> Array
|
2497
2575
|
# resp.insight_selectors[0].insight_type #=> String, one of "ApiCallRateInsight", "ApiErrorRateInsight"
|
2576
|
+
# resp.event_data_store_arn #=> String
|
2577
|
+
# resp.insights_destination #=> String
|
2498
2578
|
#
|
2499
2579
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectors AWS API Documentation
|
2500
2580
|
#
|
@@ -2560,8 +2640,12 @@ module Aws::CloudTrail
|
|
2560
2640
|
req.send_request(options)
|
2561
2641
|
end
|
2562
2642
|
|
2563
|
-
# Registers an organization’s member account as the CloudTrail
|
2564
|
-
# administrator.
|
2643
|
+
# Registers an organization’s member account as the CloudTrail
|
2644
|
+
# [delegated administrator][1].
|
2645
|
+
#
|
2646
|
+
#
|
2647
|
+
#
|
2648
|
+
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-delegated-administrator.html
|
2565
2649
|
#
|
2566
2650
|
# @option params [required, String] :member_account_id
|
2567
2651
|
# An organization member account ID that you want to designate as a
|
@@ -3073,9 +3157,9 @@ module Aws::CloudTrail
|
|
3073
3157
|
# enabled.
|
3074
3158
|
#
|
3075
3159
|
# For event data stores for CloudTrail events, `AdvancedEventSelectors`
|
3076
|
-
# includes or excludes management
|
3077
|
-
# store. For more information about `AdvancedEventSelectors`,
|
3078
|
-
# [AdvancedEventSelectors][1].
|
3160
|
+
# includes or excludes management, data, or Insights events in your
|
3161
|
+
# event data store. For more information about `AdvancedEventSelectors`,
|
3162
|
+
# see [AdvancedEventSelectors][1].
|
3079
3163
|
#
|
3080
3164
|
# For event data stores for Config configuration items, Audit Manager
|
3081
3165
|
# evidence, or non-Amazon Web Services events, `AdvancedEventSelectors`
|
@@ -3105,6 +3189,13 @@ module Aws::CloudTrail
|
|
3105
3189
|
# Specifies whether an event data store collects events logged for an
|
3106
3190
|
# organization in Organizations.
|
3107
3191
|
#
|
3192
|
+
# <note markdown="1"> Only the management account for the organization can convert an
|
3193
|
+
# organization event data store to a non-organization event data store,
|
3194
|
+
# or convert a non-organization event data store to an organization
|
3195
|
+
# event data store.
|
3196
|
+
#
|
3197
|
+
# </note>
|
3198
|
+
#
|
3108
3199
|
# @option params [Integer] :retention_period
|
3109
3200
|
# The retention period of the event data store, in days. You can set a
|
3110
3201
|
# retention period of up to 2557 days, the equivalent of seven years.
|
@@ -3325,6 +3416,11 @@ module Aws::CloudTrail
|
|
3325
3416
|
#
|
3326
3417
|
# Not required unless you specify `CloudWatchLogsRoleArn`.
|
3327
3418
|
#
|
3419
|
+
# <note markdown="1"> Only the management account can configure a CloudWatch Logs log group
|
3420
|
+
# for an organization trail.
|
3421
|
+
#
|
3422
|
+
# </note>
|
3423
|
+
#
|
3328
3424
|
# @option params [String] :cloud_watch_logs_role_arn
|
3329
3425
|
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
3330
3426
|
# to a user's log group. You must use a role that exists in your
|
@@ -3359,13 +3455,18 @@ module Aws::CloudTrail
|
|
3359
3455
|
# organization in Organizations, or only for the current Amazon Web
|
3360
3456
|
# Services account. The default is false, and cannot be true unless the
|
3361
3457
|
# call is made on behalf of an Amazon Web Services account that is the
|
3362
|
-
# management account
|
3363
|
-
#
|
3364
|
-
#
|
3365
|
-
#
|
3366
|
-
#
|
3367
|
-
#
|
3368
|
-
#
|
3458
|
+
# management account for an organization in Organizations. If the trail
|
3459
|
+
# is not an organization trail and this is set to `true`, the trail will
|
3460
|
+
# be created in all Amazon Web Services accounts that belong to the
|
3461
|
+
# organization. If the trail is an organization trail and this is set to
|
3462
|
+
# `false`, the trail will remain in the current Amazon Web Services
|
3463
|
+
# account but be deleted from all member accounts in the organization.
|
3464
|
+
#
|
3465
|
+
# <note markdown="1"> Only the management account for the organization can convert an
|
3466
|
+
# organization trail to a non-organization trail, or convert a
|
3467
|
+
# non-organization trail to an organization trail.
|
3468
|
+
#
|
3469
|
+
# </note>
|
3369
3470
|
#
|
3370
3471
|
# @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3371
3472
|
#
|
@@ -3437,7 +3538,7 @@ module Aws::CloudTrail
|
|
3437
3538
|
params: params,
|
3438
3539
|
config: config)
|
3439
3540
|
context[:gem_name] = 'aws-sdk-cloudtrail'
|
3440
|
-
context[:gem_version] = '1.
|
3541
|
+
context[:gem_version] = '1.70.0'
|
3441
3542
|
Seahorse::Client::Request.new(handlers, context)
|
3442
3543
|
end
|
3443
3544
|
|
@@ -586,11 +586,14 @@ module Aws::CloudTrail
|
|
586
586
|
GetImportResponse.add_member(:import_statistics, Shapes::ShapeRef.new(shape: ImportStatistics, location_name: "ImportStatistics"))
|
587
587
|
GetImportResponse.struct_class = Types::GetImportResponse
|
588
588
|
|
589
|
-
GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String,
|
589
|
+
GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, location_name: "TrailName"))
|
590
|
+
GetInsightSelectorsRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStore"))
|
590
591
|
GetInsightSelectorsRequest.struct_class = Types::GetInsightSelectorsRequest
|
591
592
|
|
592
593
|
GetInsightSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
|
593
594
|
GetInsightSelectorsResponse.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, location_name: "InsightSelectors"))
|
595
|
+
GetInsightSelectorsResponse.add_member(:event_data_store_arn, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStoreArn"))
|
596
|
+
GetInsightSelectorsResponse.add_member(:insights_destination, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "InsightsDestination"))
|
594
597
|
GetInsightSelectorsResponse.struct_class = Types::GetInsightSelectorsResponse
|
595
598
|
|
596
599
|
GetQueryResultsRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, deprecated: true, location_name: "EventDataStore", metadata: {"deprecatedMessage"=>"EventDataStore is no longer required by GetQueryResultsRequest"}))
|
@@ -882,12 +885,16 @@ module Aws::CloudTrail
|
|
882
885
|
PutEventSelectorsResponse.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
|
883
886
|
PutEventSelectorsResponse.struct_class = Types::PutEventSelectorsResponse
|
884
887
|
|
885
|
-
PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String,
|
888
|
+
PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, location_name: "TrailName"))
|
886
889
|
PutInsightSelectorsRequest.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, required: true, location_name: "InsightSelectors"))
|
890
|
+
PutInsightSelectorsRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStore"))
|
891
|
+
PutInsightSelectorsRequest.add_member(:insights_destination, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "InsightsDestination"))
|
887
892
|
PutInsightSelectorsRequest.struct_class = Types::PutInsightSelectorsRequest
|
888
893
|
|
889
894
|
PutInsightSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
|
890
895
|
PutInsightSelectorsResponse.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, location_name: "InsightSelectors"))
|
896
|
+
PutInsightSelectorsResponse.add_member(:event_data_store_arn, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStoreArn"))
|
897
|
+
PutInsightSelectorsResponse.add_member(:insights_destination, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "InsightsDestination"))
|
891
898
|
PutInsightSelectorsResponse.struct_class = Types::PutInsightSelectorsResponse
|
892
899
|
|
893
900
|
PutResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
|
@@ -1476,6 +1483,8 @@ module Aws::CloudTrail
|
|
1476
1483
|
o.http_request_uri = "/"
|
1477
1484
|
o.input = Shapes::ShapeRef.new(shape: GetInsightSelectorsRequest)
|
1478
1485
|
o.output = Shapes::ShapeRef.new(shape: GetInsightSelectorsResponse)
|
1486
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
1487
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterCombinationException)
|
1479
1488
|
o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
|
1480
1489
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
|
1481
1490
|
o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
|
@@ -1751,6 +1760,8 @@ module Aws::CloudTrail
|
|
1751
1760
|
o.http_request_uri = "/"
|
1752
1761
|
o.input = Shapes::ShapeRef.new(shape: PutInsightSelectorsRequest)
|
1753
1762
|
o.output = Shapes::ShapeRef.new(shape: PutInsightSelectorsResponse)
|
1763
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
1764
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterCombinationException)
|
1754
1765
|
o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
|
1755
1766
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
|
1756
1767
|
o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
|
@@ -2003,6 +2014,7 @@ module Aws::CloudTrail
|
|
2003
2014
|
o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
|
2004
2015
|
o.errors << Shapes::ShapeRef.new(shape: EventDataStoreNotFoundException)
|
2005
2016
|
o.errors << Shapes::ShapeRef.new(shape: InvalidEventSelectorsException)
|
2017
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidInsightSelectorsException)
|
2006
2018
|
o.errors << Shapes::ShapeRef.new(shape: EventDataStoreHasOngoingImportException)
|
2007
2019
|
o.errors << Shapes::ShapeRef.new(shape: InactiveEventDataStoreException)
|
2008
2020
|
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
@@ -32,7 +32,7 @@ module Aws::CloudTrail
|
|
32
32
|
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
33
33
|
end
|
34
34
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
|
36
36
|
if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-east-1")
|
37
37
|
return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.us-gov-east-1.amazonaws.com", headers: {}, properties: {})
|
38
38
|
end
|
@@ -140,8 +140,8 @@ module Aws::CloudTrail
|
|
140
140
|
# events.
|
141
141
|
#
|
142
142
|
# * <b> <code>eventSource</code> </b> - For filtering management
|
143
|
-
# events only. This can be set
|
144
|
-
# `
|
143
|
+
# events only. This can be set to `NotEquals` `kms.amazonaws.com` or
|
144
|
+
# `NotEquals` `rdsdata.amazonaws.com`.
|
145
145
|
#
|
146
146
|
# * <b> <code>eventName</code> </b> - Can use any operator. You can
|
147
147
|
# use it to filter in or filter out any data event logged to
|
@@ -154,6 +154,9 @@ module Aws::CloudTrail
|
|
154
154
|
# * For CloudTrail event records, the value must be `Management` or
|
155
155
|
# `Data`.
|
156
156
|
#
|
157
|
+
# * For CloudTrail Insights event records, the value must be
|
158
|
+
# `Insight`.
|
159
|
+
#
|
157
160
|
# * For Config configuration items, the value must be
|
158
161
|
# `ConfigurationItem`.
|
159
162
|
#
|
@@ -174,6 +177,8 @@ module Aws::CloudTrail
|
|
174
177
|
#
|
175
178
|
# * `AWS::CloudTrail::Channel`
|
176
179
|
#
|
180
|
+
# * `AWS::CodeWhisperer::Customization`
|
181
|
+
#
|
177
182
|
# * `AWS::CodeWhisperer::Profile`
|
178
183
|
#
|
179
184
|
# * `AWS::Cognito::IdentityPool`
|
@@ -192,16 +197,26 @@ module Aws::CloudTrail
|
|
192
197
|
#
|
193
198
|
# * `AWS::KendraRanking::ExecutionPlan`
|
194
199
|
#
|
200
|
+
# * `AWS::KinesisVideo::Stream`
|
201
|
+
#
|
195
202
|
# * `AWS::ManagedBlockchain::Network`
|
196
203
|
#
|
197
204
|
# * `AWS::ManagedBlockchain::Node`
|
198
205
|
#
|
199
206
|
# * `AWS::MedicalImaging::Datastore`
|
200
207
|
#
|
208
|
+
# * `AWS::PCAConnectorAD::Connector`
|
209
|
+
#
|
210
|
+
# * `AWS::SageMaker::Endpoint`
|
211
|
+
#
|
201
212
|
# * `AWS::SageMaker::ExperimentTrialComponent`
|
202
213
|
#
|
203
214
|
# * `AWS::SageMaker::FeatureGroup`
|
204
215
|
#
|
216
|
+
# * `AWS::SNS::PlatformEndpoint`
|
217
|
+
#
|
218
|
+
# * `AWS::SNS::Topic`
|
219
|
+
#
|
205
220
|
# * `AWS::S3::AccessPoint`
|
206
221
|
#
|
207
222
|
# * `AWS::S3ObjectLambda::AccessPoint`
|
@@ -210,6 +225,10 @@ module Aws::CloudTrail
|
|
210
225
|
#
|
211
226
|
# * `AWS::SSMMessages::ControlChannel`
|
212
227
|
#
|
228
|
+
# * `AWS::Timestream::Database`
|
229
|
+
#
|
230
|
+
# * `AWS::Timestream::Table`
|
231
|
+
#
|
213
232
|
# * `AWS::VerifiedPermissions::PolicyStore`
|
214
233
|
#
|
215
234
|
# You can have only one `resources.type` field per selector. To log
|
@@ -256,6 +275,14 @@ module Aws::CloudTrail
|
|
256
275
|
#
|
257
276
|
# ^
|
258
277
|
#
|
278
|
+
# When resources.type equals `AWS::CodeWhisperer::Customization`,
|
279
|
+
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
280
|
+
# be in the following format:
|
281
|
+
#
|
282
|
+
# * `arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`
|
283
|
+
#
|
284
|
+
# ^
|
285
|
+
#
|
259
286
|
# When resources.type equals `AWS::CodeWhisperer::Profile`, and the
|
260
287
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
261
288
|
# following format:
|
@@ -328,6 +355,14 @@ module Aws::CloudTrail
|
|
328
355
|
#
|
329
356
|
# ^
|
330
357
|
#
|
358
|
+
# When `resources.type` equals `AWS::KinesisVideo::Stream`, and the
|
359
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
360
|
+
# following format:
|
361
|
+
#
|
362
|
+
# * `arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name/<creation_time>`
|
363
|
+
#
|
364
|
+
# ^
|
365
|
+
#
|
331
366
|
# When `resources.type` equals `AWS::ManagedBlockchain::Network`,
|
332
367
|
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
333
368
|
# be in the following format:
|
@@ -352,6 +387,22 @@ module Aws::CloudTrail
|
|
352
387
|
#
|
353
388
|
# ^
|
354
389
|
#
|
390
|
+
# When `resources.type` equals `AWS::PCAConnectorAD::Connector`, and
|
391
|
+
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
392
|
+
# the following format:
|
393
|
+
#
|
394
|
+
# * `arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`
|
395
|
+
#
|
396
|
+
# ^
|
397
|
+
#
|
398
|
+
# When `resources.type` equals `AWS::SageMaker::Endpoint`, and the
|
399
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
400
|
+
# following format:
|
401
|
+
#
|
402
|
+
# * `arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`
|
403
|
+
#
|
404
|
+
# ^
|
405
|
+
#
|
355
406
|
# When `resources.type` equals
|
356
407
|
# `AWS::SageMaker::ExperimentTrialComponent`, and the operator is
|
357
408
|
# set to `Equals` or `NotEquals`, the ARN must be in the following
|
@@ -369,6 +420,22 @@ module Aws::CloudTrail
|
|
369
420
|
#
|
370
421
|
# ^
|
371
422
|
#
|
423
|
+
# When `resources.type` equals `AWS::SNS::PlatformEndpoint`, and the
|
424
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
425
|
+
# following format:
|
426
|
+
#
|
427
|
+
# * `arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`
|
428
|
+
#
|
429
|
+
# ^
|
430
|
+
#
|
431
|
+
# When `resources.type` equals `AWS::SNS::Topic`, and the operator
|
432
|
+
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
433
|
+
# following format:
|
434
|
+
#
|
435
|
+
# * `arn:<partition>:sns:<region>:<account_ID>:<topic_name>`
|
436
|
+
#
|
437
|
+
# ^
|
438
|
+
#
|
372
439
|
# When `resources.type` equals `AWS::S3::AccessPoint`, and the
|
373
440
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
374
441
|
# of the following formats. To log events on all objects in an S3
|
@@ -404,6 +471,22 @@ module Aws::CloudTrail
|
|
404
471
|
#
|
405
472
|
# ^
|
406
473
|
#
|
474
|
+
# When `resources.type` equals `AWS::Timestream::Database`, and the
|
475
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
476
|
+
# following format:
|
477
|
+
#
|
478
|
+
# * `arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`
|
479
|
+
#
|
480
|
+
# ^
|
481
|
+
#
|
482
|
+
# When `resources.type` equals `AWS::Timestream::Table`, and the
|
483
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
484
|
+
# following format:
|
485
|
+
#
|
486
|
+
# * `arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`
|
487
|
+
#
|
488
|
+
# ^
|
489
|
+
#
|
407
490
|
# When resources.type equals
|
408
491
|
# `AWS::VerifiedPermissions::PolicyStore`, and the operator is set
|
409
492
|
# to `Equals` or `NotEquals`, the ARN must be in the following
|
@@ -561,15 +644,12 @@ module Aws::CloudTrail
|
|
561
644
|
#
|
562
645
|
class ChannelNotFoundException < Aws::EmptyStructure; end
|
563
646
|
|
564
|
-
# This exception is thrown when an operation is called with
|
565
|
-
#
|
647
|
+
# This exception is thrown when an operation is called with an ARN that
|
648
|
+
# is not valid.
|
566
649
|
#
|
650
|
+
# The following is the format of a trail ARN:
|
567
651
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
568
652
|
#
|
569
|
-
# This exception is also thrown when you call `AddTags` or `RemoveTags`
|
570
|
-
# on a trail, event data store, or channel with a resource ARN that is
|
571
|
-
# not valid.
|
572
|
-
#
|
573
653
|
# The following is the format of an event data store ARN:
|
574
654
|
# `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
|
575
655
|
#
|
@@ -974,6 +1054,11 @@ module Aws::CloudTrail
|
|
974
1054
|
# account.
|
975
1055
|
#
|
976
1056
|
# Not required unless you specify `CloudWatchLogsRoleArn`.
|
1057
|
+
#
|
1058
|
+
# <note markdown="1"> Only the management account can configure a CloudWatch Logs log
|
1059
|
+
# group for an organization trail.
|
1060
|
+
#
|
1061
|
+
# </note>
|
977
1062
|
# @return [String]
|
978
1063
|
#
|
979
1064
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -1210,6 +1295,8 @@ module Aws::CloudTrail
|
|
1210
1295
|
#
|
1211
1296
|
# * `AWS::CloudTrail::Channel`
|
1212
1297
|
#
|
1298
|
+
# * `AWS::CodeWhisperer::Customization`
|
1299
|
+
#
|
1213
1300
|
# * `AWS::CodeWhisperer::Profile`
|
1214
1301
|
#
|
1215
1302
|
# * `AWS::Cognito::IdentityPool`
|
@@ -1228,16 +1315,26 @@ module Aws::CloudTrail
|
|
1228
1315
|
#
|
1229
1316
|
# * `AWS::KendraRanking::ExecutionPlan`
|
1230
1317
|
#
|
1318
|
+
# * `AWS::KinesisVideo::Stream`
|
1319
|
+
#
|
1231
1320
|
# * `AWS::ManagedBlockchain::Network`
|
1232
1321
|
#
|
1233
1322
|
# * `AWS::ManagedBlockchain::Node`
|
1234
1323
|
#
|
1235
1324
|
# * `AWS::MedicalImaging::Datastore`
|
1236
1325
|
#
|
1326
|
+
# * `AWS::PCAConnectorAD::Connector`
|
1327
|
+
#
|
1328
|
+
# * `AWS::SageMaker::Endpoint`
|
1329
|
+
#
|
1237
1330
|
# * `AWS::SageMaker::ExperimentTrialComponent`
|
1238
1331
|
#
|
1239
1332
|
# * `AWS::SageMaker::FeatureGroup`
|
1240
1333
|
#
|
1334
|
+
# * `AWS::SNS::PlatformEndpoint`
|
1335
|
+
#
|
1336
|
+
# * `AWS::SNS::Topic`
|
1337
|
+
#
|
1241
1338
|
# * `AWS::S3::AccessPoint`
|
1242
1339
|
#
|
1243
1340
|
# * `AWS::S3ObjectLambda::AccessPoint`
|
@@ -1246,6 +1343,10 @@ module Aws::CloudTrail
|
|
1246
1343
|
#
|
1247
1344
|
# * `AWS::SSMMessages::ControlChannel`
|
1248
1345
|
#
|
1346
|
+
# * `AWS::Timestream::Database`
|
1347
|
+
#
|
1348
|
+
# * `AWS::Timestream::Table`
|
1349
|
+
#
|
1249
1350
|
# * `AWS::VerifiedPermissions::PolicyStore`
|
1250
1351
|
#
|
1251
1352
|
#
|
@@ -2118,12 +2219,22 @@ module Aws::CloudTrail
|
|
2118
2219
|
# If you specify a trail ARN, it must be in the format:
|
2119
2220
|
#
|
2120
2221
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2222
|
+
#
|
2223
|
+
# You cannot use this parameter with the `EventDataStore` parameter.
|
2224
|
+
# @return [String]
|
2225
|
+
#
|
2226
|
+
# @!attribute [rw] event_data_store
|
2227
|
+
# Specifies the ARN (or ID suffix of the ARN) of the event data store
|
2228
|
+
# for which you want to get Insights selectors.
|
2229
|
+
#
|
2230
|
+
# You cannot use this parameter with the `TrailName` parameter.
|
2121
2231
|
# @return [String]
|
2122
2232
|
#
|
2123
2233
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsRequest AWS API Documentation
|
2124
2234
|
#
|
2125
2235
|
class GetInsightSelectorsRequest < Struct.new(
|
2126
|
-
:trail_name
|
2236
|
+
:trail_name,
|
2237
|
+
:event_data_store)
|
2127
2238
|
SENSITIVE = []
|
2128
2239
|
include Aws::Structure
|
2129
2240
|
end
|
@@ -2134,16 +2245,27 @@ module Aws::CloudTrail
|
|
2134
2245
|
# @return [String]
|
2135
2246
|
#
|
2136
2247
|
# @!attribute [rw] insight_selectors
|
2137
|
-
# A JSON string that contains the
|
2138
|
-
# trail
|
2139
|
-
# `ApiCallRateInsight` are supported as
|
2248
|
+
# A JSON string that contains the Insight types you want to log on a
|
2249
|
+
# trail or event data store. `ApiErrorRateInsight` and
|
2250
|
+
# `ApiCallRateInsight` are supported as Insights types.
|
2140
2251
|
# @return [Array<Types::InsightSelector>]
|
2141
2252
|
#
|
2253
|
+
# @!attribute [rw] event_data_store_arn
|
2254
|
+
# The ARN of the source event data store that enabled Insights events.
|
2255
|
+
# @return [String]
|
2256
|
+
#
|
2257
|
+
# @!attribute [rw] insights_destination
|
2258
|
+
# The ARN of the destination event data store that logs Insights
|
2259
|
+
# events.
|
2260
|
+
# @return [String]
|
2261
|
+
#
|
2142
2262
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsResponse AWS API Documentation
|
2143
2263
|
#
|
2144
2264
|
class GetInsightSelectorsResponse < Struct.new(
|
2145
2265
|
:trail_arn,
|
2146
|
-
:insight_selectors
|
2266
|
+
:insight_selectors,
|
2267
|
+
:event_data_store_arn,
|
2268
|
+
:insights_destination)
|
2147
2269
|
SENSITIVE = []
|
2148
2270
|
include Aws::Structure
|
2149
2271
|
end
|
@@ -2603,20 +2725,21 @@ module Aws::CloudTrail
|
|
2603
2725
|
include Aws::Structure
|
2604
2726
|
end
|
2605
2727
|
|
2606
|
-
# If you run `GetInsightSelectors` on a trail
|
2607
|
-
# Insights events enabled, the operation throws the
|
2608
|
-
# `InsightNotEnabledException`.
|
2728
|
+
# If you run `GetInsightSelectors` on a trail or event data store that
|
2729
|
+
# does not have Insights events enabled, the operation throws the
|
2730
|
+
# exception `InsightNotEnabledException`.
|
2609
2731
|
#
|
2610
2732
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightNotEnabledException AWS API Documentation
|
2611
2733
|
#
|
2612
2734
|
class InsightNotEnabledException < Aws::EmptyStructure; end
|
2613
2735
|
|
2614
2736
|
# A JSON string that contains a list of Insights types that are logged
|
2615
|
-
# on a trail.
|
2737
|
+
# on a trail or event data store.
|
2616
2738
|
#
|
2617
2739
|
# @!attribute [rw] insight_type
|
2618
|
-
# The type of Insights events to log on a trail.
|
2619
|
-
# and `ApiErrorRateInsight` are valid Insight
|
2740
|
+
# The type of Insights events to log on a trail or event data store.
|
2741
|
+
# `ApiCallRateInsight` and `ApiErrorRateInsight` are valid Insight
|
2742
|
+
# types.
|
2620
2743
|
#
|
2621
2744
|
# The `ApiCallRateInsight` Insights type analyzes write-only
|
2622
2745
|
# management API calls that are aggregated per minute against a
|
@@ -2754,10 +2877,24 @@ module Aws::CloudTrail
|
|
2754
2877
|
#
|
2755
2878
|
class InvalidImportSourceException < Aws::EmptyStructure; end
|
2756
2879
|
|
2757
|
-
#
|
2758
|
-
#
|
2759
|
-
# valid, or the specified
|
2760
|
-
# statement is not
|
2880
|
+
# For `PutInsightSelectors`, this exception is thrown when the
|
2881
|
+
# formatting or syntax of the `InsightSelectors` JSON statement is not
|
2882
|
+
# valid, or the specified `InsightType` in the `InsightSelectors`
|
2883
|
+
# statement is not valid. Valid values for `InsightType` are
|
2884
|
+
# `ApiCallRateInsight` and `ApiErrorRateInsight`. To enable Insights on
|
2885
|
+
# an event data store, the destination event data store specified by the
|
2886
|
+
# `InsightsDestination` parameter must log Insights events and the
|
2887
|
+
# source event data store specified by the `EventDataStore` parameter
|
2888
|
+
# must log management events.
|
2889
|
+
#
|
2890
|
+
# For `UpdateEventDataStore`, this exception is thrown if Insights are
|
2891
|
+
# enabled on the event data store and the updated advanced event
|
2892
|
+
# selectors are not compatible with the configured `InsightSelectors`.
|
2893
|
+
# If the `InsightSelectors` includes an `InsightType` of
|
2894
|
+
# `ApiCallRateInsight`, the source event data store must log `write`
|
2895
|
+
# management events. If the `InsightSelectors` includes an `InsightType`
|
2896
|
+
# of `ApiErrorRateInsight`, the source event data store must log
|
2897
|
+
# management events.
|
2761
2898
|
#
|
2762
2899
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidInsightSelectorsException AWS API Documentation
|
2763
2900
|
#
|
@@ -3549,12 +3686,15 @@ module Aws::CloudTrail
|
|
3549
3686
|
# @!attribute [rw] trail_name
|
3550
3687
|
# The name of the CloudTrail trail for which you want to change or add
|
3551
3688
|
# Insights selectors.
|
3689
|
+
#
|
3690
|
+
# You cannot use this parameter with the `EventDataStore` and
|
3691
|
+
# `InsightsDestination` parameters.
|
3552
3692
|
# @return [String]
|
3553
3693
|
#
|
3554
3694
|
# @!attribute [rw] insight_selectors
|
3555
|
-
# A JSON string that contains the
|
3556
|
-
# trail. `ApiCallRateInsight` and
|
3557
|
-
# Insight types.
|
3695
|
+
# A JSON string that contains the Insights types you want to log on a
|
3696
|
+
# trail or event data store. `ApiCallRateInsight` and
|
3697
|
+
# `ApiErrorRateInsight` are valid Insight types.
|
3558
3698
|
#
|
3559
3699
|
# The `ApiCallRateInsight` Insights type analyzes write-only
|
3560
3700
|
# management API calls that are aggregated per minute against a
|
@@ -3565,11 +3705,31 @@ module Aws::CloudTrail
|
|
3565
3705
|
# is unsuccessful.
|
3566
3706
|
# @return [Array<Types::InsightSelector>]
|
3567
3707
|
#
|
3708
|
+
# @!attribute [rw] event_data_store
|
3709
|
+
# The ARN (or ID suffix of the ARN) of the source event data store for
|
3710
|
+
# which you want to change or add Insights selectors. To enable
|
3711
|
+
# Insights on an event data store, you must provide both the
|
3712
|
+
# `EventDataStore` and `InsightsDestination` parameters.
|
3713
|
+
#
|
3714
|
+
# You cannot use this parameter with the `TrailName` parameter.
|
3715
|
+
# @return [String]
|
3716
|
+
#
|
3717
|
+
# @!attribute [rw] insights_destination
|
3718
|
+
# The ARN (or ID suffix of the ARN) of the destination event data
|
3719
|
+
# store that logs Insights events. To enable Insights on an event data
|
3720
|
+
# store, you must provide both the `EventDataStore` and
|
3721
|
+
# `InsightsDestination` parameters.
|
3722
|
+
#
|
3723
|
+
# You cannot use this parameter with the `TrailName` parameter.
|
3724
|
+
# @return [String]
|
3725
|
+
#
|
3568
3726
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
|
3569
3727
|
#
|
3570
3728
|
class PutInsightSelectorsRequest < Struct.new(
|
3571
3729
|
:trail_name,
|
3572
|
-
:insight_selectors
|
3730
|
+
:insight_selectors,
|
3731
|
+
:event_data_store,
|
3732
|
+
:insights_destination)
|
3573
3733
|
SENSITIVE = []
|
3574
3734
|
include Aws::Structure
|
3575
3735
|
end
|
@@ -3581,15 +3741,27 @@ module Aws::CloudTrail
|
|
3581
3741
|
#
|
3582
3742
|
# @!attribute [rw] insight_selectors
|
3583
3743
|
# A JSON string that contains the Insights event types that you want
|
3584
|
-
# to log on a trail. The valid Insights types
|
3744
|
+
# to log on a trail or event data store. The valid Insights types are
|
3585
3745
|
# `ApiErrorRateInsight` and `ApiCallRateInsight`.
|
3586
3746
|
# @return [Array<Types::InsightSelector>]
|
3587
3747
|
#
|
3748
|
+
# @!attribute [rw] event_data_store_arn
|
3749
|
+
# The Amazon Resource Name (ARN) of the source event data store for
|
3750
|
+
# which you want to change or add Insights selectors.
|
3751
|
+
# @return [String]
|
3752
|
+
#
|
3753
|
+
# @!attribute [rw] insights_destination
|
3754
|
+
# The ARN of the destination event data store that logs Insights
|
3755
|
+
# events.
|
3756
|
+
# @return [String]
|
3757
|
+
#
|
3588
3758
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
|
3589
3759
|
#
|
3590
3760
|
class PutInsightSelectorsResponse < Struct.new(
|
3591
3761
|
:trail_arn,
|
3592
|
-
:insight_selectors
|
3762
|
+
:insight_selectors,
|
3763
|
+
:event_data_store_arn,
|
3764
|
+
:insights_destination)
|
3593
3765
|
SENSITIVE = []
|
3594
3766
|
include Aws::Structure
|
3595
3767
|
end
|
@@ -4602,6 +4774,13 @@ module Aws::CloudTrail
|
|
4602
4774
|
# @!attribute [rw] organization_enabled
|
4603
4775
|
# Specifies whether an event data store collects events logged for an
|
4604
4776
|
# organization in Organizations.
|
4777
|
+
#
|
4778
|
+
# <note markdown="1"> Only the management account for the organization can convert an
|
4779
|
+
# organization event data store to a non-organization event data
|
4780
|
+
# store, or convert a non-organization event data store to an
|
4781
|
+
# organization event data store.
|
4782
|
+
#
|
4783
|
+
# </note>
|
4605
4784
|
# @return [Boolean]
|
4606
4785
|
#
|
4607
4786
|
# @!attribute [rw] retention_period
|
@@ -4836,6 +5015,11 @@ module Aws::CloudTrail
|
|
4836
5015
|
# account.
|
4837
5016
|
#
|
4838
5017
|
# Not required unless you specify `CloudWatchLogsRoleArn`.
|
5018
|
+
#
|
5019
|
+
# <note markdown="1"> Only the management account can configure a CloudWatch Logs log
|
5020
|
+
# group for an organization trail.
|
5021
|
+
#
|
5022
|
+
# </note>
|
4839
5023
|
# @return [String]
|
4840
5024
|
#
|
4841
5025
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -4874,13 +5058,19 @@ module Aws::CloudTrail
|
|
4874
5058
|
# organization in Organizations, or only for the current Amazon Web
|
4875
5059
|
# Services account. The default is false, and cannot be true unless
|
4876
5060
|
# the call is made on behalf of an Amazon Web Services account that is
|
4877
|
-
# the management account
|
4878
|
-
#
|
4879
|
-
# trail
|
4880
|
-
#
|
4881
|
-
#
|
4882
|
-
#
|
4883
|
-
#
|
5061
|
+
# the management account for an organization in Organizations. If the
|
5062
|
+
# trail is not an organization trail and this is set to `true`, the
|
5063
|
+
# trail will be created in all Amazon Web Services accounts that
|
5064
|
+
# belong to the organization. If the trail is an organization trail
|
5065
|
+
# and this is set to `false`, the trail will remain in the current
|
5066
|
+
# Amazon Web Services account but be deleted from all member accounts
|
5067
|
+
# in the organization.
|
5068
|
+
#
|
5069
|
+
# <note markdown="1"> Only the management account for the organization can convert an
|
5070
|
+
# organization trail to a non-organization trail, or convert a
|
5071
|
+
# non-organization trail to an organization trail.
|
5072
|
+
#
|
5073
|
+
# </note>
|
4884
5074
|
# @return [Boolean]
|
4885
5075
|
#
|
4886
5076
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrailRequest AWS API Documentation
|
data/lib/aws-sdk-cloudtrail.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-cloudtrail
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.70.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-09
|
11
|
+
date: 2023-11-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|