aws-sdk-cloudtrail 1.90.0 → 1.92.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudtrail/client.rb +80 -42
- data/lib/aws-sdk-cloudtrail/types.rb +206 -565
- data/lib/aws-sdk-cloudtrail.rb +3 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7274c5f7fb833a4db6a9c64caf184e2bed45a9f5c883c1685c81b7e222a4a75b
|
4
|
+
data.tar.gz: f1dc30a16abbb7eaf4ea8252f127c889e940d4676b75d917219308d5f01e72cc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ba12fe4b6290b74ab29e1f15b0c3884e753e5ccde56ebf7f933cd76648b8213d128a1a41e68d72e2b481b8280e22849322381790a92835459039a12840492309
|
7
|
+
data.tar.gz: ad2f1b0307963c4099f3e7702bc749621c665870539f91f6d785c6352e0ac1e1cd031b736630e2a00b8e793e2a36a39886abe9623caaca4cfe5ca51c9fa12f9d
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.92.0 (2024-09-25)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Doc-only update for CloudTrail network activity events release (in preview)
|
8
|
+
|
9
|
+
1.91.0 (2024-09-24)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
4
14
|
1.90.0 (2024-09-23)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.92.0
|
@@ -36,8 +36,6 @@ require 'aws-sdk-core/plugins/telemetry.rb'
|
|
36
36
|
require 'aws-sdk-core/plugins/sign.rb'
|
37
37
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
38
38
|
|
39
|
-
Aws::Plugins::GlobalConfiguration.add_identifier(:cloudtrail)
|
40
|
-
|
41
39
|
module Aws::CloudTrail
|
42
40
|
# An API client for CloudTrail. To construct a client, you need to configure a `:region` and `:credentials`.
|
43
41
|
#
|
@@ -1537,25 +1535,32 @@ module Aws::CloudTrail
|
|
1537
1535
|
# the following:
|
1538
1536
|
#
|
1539
1537
|
# * If your event selector includes read-only events, write-only events,
|
1540
|
-
# or all events. This applies to
|
1541
|
-
# events.
|
1538
|
+
# or all events. This applies to management events, data events, and
|
1539
|
+
# network activity events.
|
1542
1540
|
#
|
1543
1541
|
# * If your event selector includes management events.
|
1544
1542
|
#
|
1543
|
+
# * If your event selector includes network activity events, the event
|
1544
|
+
# sources for which you are logging network activity events.
|
1545
|
+
#
|
1545
1546
|
# * If your event selector includes data events, the resources on which
|
1546
1547
|
# you are logging data events.
|
1547
1548
|
#
|
1548
|
-
# For more information about logging management
|
1549
|
-
# following topics in the *CloudTrail User
|
1549
|
+
# For more information about logging management, data, and network
|
1550
|
+
# activity events, see the following topics in the *CloudTrail User
|
1551
|
+
# Guide*:
|
1550
1552
|
#
|
1551
1553
|
# * [Logging management events][1]
|
1552
1554
|
#
|
1553
1555
|
# * [Logging data events][2]
|
1554
1556
|
#
|
1557
|
+
# * [Logging network activity events][3]
|
1558
|
+
#
|
1555
1559
|
#
|
1556
1560
|
#
|
1557
1561
|
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
|
1558
1562
|
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
1563
|
+
# [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
|
1559
1564
|
#
|
1560
1565
|
# @option params [required, String] :trail_name
|
1561
1566
|
# Specifies the name of the trail or trail ARN. If you specify a trail
|
@@ -2630,16 +2635,33 @@ module Aws::CloudTrail
|
|
2630
2635
|
req.send_request(options)
|
2631
2636
|
end
|
2632
2637
|
|
2633
|
-
# Configures
|
2634
|
-
#
|
2635
|
-
#
|
2636
|
-
#
|
2637
|
-
#
|
2638
|
-
#
|
2639
|
-
#
|
2640
|
-
#
|
2641
|
-
#
|
2642
|
-
# events
|
2638
|
+
# Configures event selectors (also referred to as *basic event
|
2639
|
+
# selectors*) or advanced event selectors for your trail. You can use
|
2640
|
+
# either `AdvancedEventSelectors` or `EventSelectors`, but not both. If
|
2641
|
+
# you apply `AdvancedEventSelectors` to a trail, any existing
|
2642
|
+
# `EventSelectors` are overwritten.
|
2643
|
+
#
|
2644
|
+
# You can use `AdvancedEventSelectors` to log management events, data
|
2645
|
+
# events for all resource types, and network activity events.
|
2646
|
+
#
|
2647
|
+
# You can use `EventSelectors` to log management events and data events
|
2648
|
+
# for the following resource types:
|
2649
|
+
#
|
2650
|
+
# * `AWS::DynamoDB::Table`
|
2651
|
+
#
|
2652
|
+
# * `AWS::Lambda::Function`
|
2653
|
+
#
|
2654
|
+
# * `AWS::S3::Object`
|
2655
|
+
#
|
2656
|
+
# You can't use `EventSelectors` to log network activity events.
|
2657
|
+
#
|
2658
|
+
# If you want your trail to log Insights events, be sure the event
|
2659
|
+
# selector or advanced event selector enables logging of the Insights
|
2660
|
+
# event types you want configured for your trail. For more information
|
2661
|
+
# about logging Insights events, see [Logging Insights events][1] in the
|
2662
|
+
# *CloudTrail User Guide*. By default, trails created without specific
|
2663
|
+
# event selectors are configured to log all read and write management
|
2664
|
+
# events, and no data events or network activity events.
|
2643
2665
|
#
|
2644
2666
|
# When an event occurs in your account, CloudTrail evaluates the event
|
2645
2667
|
# selectors or advanced event selectors in all trails. For each trail,
|
@@ -2650,7 +2672,7 @@ module Aws::CloudTrail
|
|
2650
2672
|
# Example
|
2651
2673
|
#
|
2652
2674
|
# 1. You create an event selector for a trail and specify that you want
|
2653
|
-
# write-only events.
|
2675
|
+
# to log write-only events.
|
2654
2676
|
#
|
2655
2677
|
# 2. The EC2 `GetConsoleOutput` and `RunInstances` API operations occur
|
2656
2678
|
# in your account.
|
@@ -2668,25 +2690,22 @@ module Aws::CloudTrail
|
|
2668
2690
|
# which the trail was created; otherwise, an
|
2669
2691
|
# `InvalidHomeRegionException` exception is thrown.
|
2670
2692
|
#
|
2671
|
-
# You can configure up to five event selectors for each trail.
|
2672
|
-
# information, see [Logging management events][2], [Logging data
|
2673
|
-
# events][3], and [Quotas in CloudTrail][4] in the *CloudTrail User
|
2674
|
-
# Guide*.
|
2693
|
+
# You can configure up to five event selectors for each trail.
|
2675
2694
|
#
|
2676
2695
|
# You can add advanced event selectors, and conditions for your advanced
|
2677
2696
|
# event selectors, up to a maximum of 500 values for all conditions and
|
2678
|
-
# selectors on a trail.
|
2679
|
-
#
|
2680
|
-
#
|
2681
|
-
#
|
2682
|
-
# events][3] in the *CloudTrail User Guide*.
|
2697
|
+
# selectors on a trail. For more information, see [Logging management
|
2698
|
+
# events][2], [Logging data events][3], [Logging network activity
|
2699
|
+
# events][4], and [Quotas in CloudTrail][5] in the *CloudTrail User
|
2700
|
+
# Guide*.
|
2683
2701
|
#
|
2684
2702
|
#
|
2685
2703
|
#
|
2686
2704
|
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
|
2687
2705
|
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
|
2688
2706
|
# [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
2689
|
-
# [4]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/
|
2707
|
+
# [4]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
|
2708
|
+
# [5]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
|
2690
2709
|
#
|
2691
2710
|
# @option params [required, String] :trail_name
|
2692
2711
|
# Specifies the name of the trail or trail ARN. If you specify a trail
|
@@ -2709,25 +2728,42 @@ module Aws::CloudTrail
|
|
2709
2728
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2710
2729
|
#
|
2711
2730
|
# @option params [Array<Types::EventSelector>] :event_selectors
|
2712
|
-
# Specifies the settings for your event selectors. You can
|
2713
|
-
# to
|
2714
|
-
#
|
2715
|
-
#
|
2716
|
-
#
|
2731
|
+
# Specifies the settings for your event selectors. You can use event
|
2732
|
+
# selectors to log management events and data events for the following
|
2733
|
+
# resource types:
|
2734
|
+
#
|
2735
|
+
# * `AWS::DynamoDB::Table`
|
2736
|
+
#
|
2737
|
+
# * `AWS::Lambda::Function`
|
2738
|
+
#
|
2739
|
+
# * `AWS::S3::Object`
|
2740
|
+
#
|
2741
|
+
# You can't use event selectors to log network activity events.
|
2742
|
+
#
|
2743
|
+
# You can configure up to five event selectors for a trail. You can use
|
2744
|
+
# either `EventSelectors` or `AdvancedEventSelectors` in a
|
2745
|
+
# `PutEventSelectors` request, but not both. If you apply
|
2746
|
+
# `EventSelectors` to a trail, any existing `AdvancedEventSelectors` are
|
2747
|
+
# overwritten.
|
2717
2748
|
#
|
2718
2749
|
# @option params [Array<Types::AdvancedEventSelector>] :advanced_event_selectors
|
2719
|
-
# Specifies the settings for advanced event selectors. You can
|
2720
|
-
# advanced event selectors,
|
2721
|
-
#
|
2750
|
+
# Specifies the settings for advanced event selectors. You can use
|
2751
|
+
# advanced event selectors to log management events, data events for all
|
2752
|
+
# resource types, and network activity events.
|
2753
|
+
#
|
2754
|
+
# You can add advanced event selectors, and conditions for your advanced
|
2755
|
+
# event selectors, up to a maximum of 500 values for all conditions and
|
2722
2756
|
# selectors on a trail. You can use either `AdvancedEventSelectors` or
|
2723
2757
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
2724
2758
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
2725
2759
|
# information about advanced event selectors, see [Logging data
|
2726
|
-
# events][1] in the *CloudTrail
|
2760
|
+
# events][1] and [Logging network activity events][2] in the *CloudTrail
|
2761
|
+
# User Guide*.
|
2727
2762
|
#
|
2728
2763
|
#
|
2729
2764
|
#
|
2730
2765
|
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
2766
|
+
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
|
2731
2767
|
#
|
2732
2768
|
# @return [Types::PutEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2733
2769
|
#
|
@@ -3113,7 +3149,8 @@ module Aws::CloudTrail
|
|
3113
3149
|
# Starts the ingestion of live events on an event data store specified
|
3114
3150
|
# as either an ARN or the ID portion of the ARN. To start ingestion, the
|
3115
3151
|
# event data store `Status` must be `STOPPED_INGESTION` and the
|
3116
|
-
# `eventCategory` must be `Management`, `Data`, or
|
3152
|
+
# `eventCategory` must be `Management`, `Data`, `NetworkActivity`, or
|
3153
|
+
# `ConfigurationItem`.
|
3117
3154
|
#
|
3118
3155
|
# @option params [required, String] :event_data_store
|
3119
3156
|
# The ARN (or ID suffix of the ARN) of the event data store for which
|
@@ -3325,7 +3362,8 @@ module Aws::CloudTrail
|
|
3325
3362
|
# Stops the ingestion of live events on an event data store specified as
|
3326
3363
|
# either an ARN or the ID portion of the ARN. To stop ingestion, the
|
3327
3364
|
# event data store `Status` must be `ENABLED` and the `eventCategory`
|
3328
|
-
# must be `Management`, `Data`, or
|
3365
|
+
# must be `Management`, `Data`, `NetworkActivity`, or
|
3366
|
+
# `ConfigurationItem`.
|
3329
3367
|
#
|
3330
3368
|
# @option params [required, String] :event_data_store
|
3331
3369
|
# The ARN (or ID suffix of the ARN) of the event data store for which
|
@@ -3493,9 +3531,9 @@ module Aws::CloudTrail
|
|
3493
3531
|
# `TerminationProtection` is enabled.
|
3494
3532
|
#
|
3495
3533
|
# For event data stores for CloudTrail events, `AdvancedEventSelectors`
|
3496
|
-
# includes or excludes management or
|
3497
|
-
# store. For more information about
|
3498
|
-
# [AdvancedEventSelectors][1].
|
3534
|
+
# includes or excludes management, data, or network activity events in
|
3535
|
+
# your event data store. For more information about
|
3536
|
+
# `AdvancedEventSelectors`, see [AdvancedEventSelectors][1].
|
3499
3537
|
#
|
3500
3538
|
# For event data stores for CloudTrail Insights events, Config
|
3501
3539
|
# configuration items, Audit Manager evidence, or non-Amazon Web
|
@@ -3920,7 +3958,7 @@ module Aws::CloudTrail
|
|
3920
3958
|
tracer: tracer
|
3921
3959
|
)
|
3922
3960
|
context[:gem_name] = 'aws-sdk-cloudtrail'
|
3923
|
-
context[:gem_version] = '1.
|
3961
|
+
context[:gem_version] = '1.92.0'
|
3924
3962
|
Seahorse::Client::Request.new(handlers, context)
|
3925
3963
|
end
|
3926
3964
|
|
@@ -81,11 +81,12 @@ module Aws::CloudTrail
|
|
81
81
|
class AddTagsResponse < Aws::EmptyStructure; end
|
82
82
|
|
83
83
|
# Advanced event selectors let you create fine-grained selectors for
|
84
|
-
# CloudTrail management and
|
85
|
-
# logging only those events that are important to
|
86
|
-
# information about advanced event selectors,
|
87
|
-
#
|
88
|
-
#
|
84
|
+
# CloudTrail management, data, and network activity events. They help
|
85
|
+
# you control costs by logging only those events that are important to
|
86
|
+
# you. For more information about configuring advanced event selectors,
|
87
|
+
# see the [Logging data events][1], [Logging network activity
|
88
|
+
# events][2], and [Logging management events][3] topics in the
|
89
|
+
# *CloudTrail User Guide*.
|
89
90
|
#
|
90
91
|
# You cannot apply both event selectors and advanced event selectors to
|
91
92
|
# a trail.
|
@@ -110,6 +111,25 @@ module Aws::CloudTrail
|
|
110
111
|
#
|
111
112
|
# * `resources.ARN`
|
112
113
|
#
|
114
|
+
# **Supported CloudTrail event record fields for network activity
|
115
|
+
# events**
|
116
|
+
#
|
117
|
+
# <note markdown="1"> Network activity events is in preview release for CloudTrail and is
|
118
|
+
# subject to change.
|
119
|
+
#
|
120
|
+
# </note>
|
121
|
+
#
|
122
|
+
# * `eventCategory` (required)
|
123
|
+
#
|
124
|
+
# * `eventSource` (required)
|
125
|
+
#
|
126
|
+
# * `eventName`
|
127
|
+
#
|
128
|
+
# * `errorCode` - The only valid value for `errorCode` is
|
129
|
+
# `VpceAccessDenied`.
|
130
|
+
#
|
131
|
+
# * `vpcEndpointId`
|
132
|
+
#
|
113
133
|
# <note markdown="1"> For event data stores for CloudTrail Insights events, Config
|
114
134
|
# configuration items, Audit Manager evidence, or events outside of
|
115
135
|
# Amazon Web Services, the only supported field is `eventCategory`.
|
@@ -118,8 +138,9 @@ module Aws::CloudTrail
|
|
118
138
|
#
|
119
139
|
#
|
120
140
|
#
|
121
|
-
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-
|
122
|
-
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-
|
141
|
+
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
142
|
+
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
|
143
|
+
# [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html
|
123
144
|
#
|
124
145
|
# @!attribute [rw] name
|
125
146
|
# An optional, descriptive name for an advanced event selector, such
|
@@ -149,38 +170,68 @@ module Aws::CloudTrail
|
|
149
170
|
# filtering is not supported.
|
150
171
|
#
|
151
172
|
# For CloudTrail management events, supported fields include
|
152
|
-
# `
|
173
|
+
# `eventCategory` (required), `eventSource`, and `readOnly`.
|
174
|
+
#
|
175
|
+
# For CloudTrail data events, supported fields include `eventCategory`
|
176
|
+
# (required), `resources.type` (required), `eventName`, `readOnly`,
|
177
|
+
# and `resources.ARN`.
|
153
178
|
#
|
154
|
-
# For CloudTrail
|
155
|
-
# `eventCategory
|
179
|
+
# For CloudTrail network activity events, supported fields include
|
180
|
+
# `eventCategory` (required), `eventSource` (required), `eventName`,
|
181
|
+
# `errorCode`, and `vpcEndpointId`.
|
156
182
|
#
|
157
183
|
# For event data stores for CloudTrail Insights events, Config
|
158
184
|
# configuration items, Audit Manager evidence, or events outside of
|
159
185
|
# Amazon Web Services, the only supported field is `eventCategory`.
|
160
186
|
#
|
161
|
-
# * <b> <code>readOnly</code> </b> -
|
162
|
-
#
|
163
|
-
#
|
164
|
-
#
|
165
|
-
# events.
|
187
|
+
# * <b> <code>readOnly</code> </b> - This is an optional field that is
|
188
|
+
# only used for management events and data events. This field can be
|
189
|
+
# set to `Equals` with a value of `true` or `false`. If you do not
|
190
|
+
# add this field, CloudTrail logs both `read` and `write` events. A
|
191
|
+
# value of `true` logs only `read` events. A value of `false` logs
|
192
|
+
# only `write` events.
|
193
|
+
#
|
194
|
+
# * <b> <code>eventSource</code> </b> - This field is only used for
|
195
|
+
# management events and network activity events.
|
196
|
+
#
|
197
|
+
# For management events, this is an optional field that can be set
|
198
|
+
# to `NotEquals` `kms.amazonaws.com` to exclude KMS management
|
199
|
+
# events, or `NotEquals` `rdsdata.amazonaws.com` to exclude RDS
|
200
|
+
# management events.
|
201
|
+
#
|
202
|
+
# For network activity events, this is a required field that only
|
203
|
+
# uses the `Equals` operator. Set this field to the event source for
|
204
|
+
# which you want to log network activity events. If you want to log
|
205
|
+
# network activity events for multiple event sources, you must
|
206
|
+
# create a separate field selector for each event source.
|
207
|
+
#
|
208
|
+
# The following are valid values for network activity events:
|
166
209
|
#
|
167
|
-
#
|
168
|
-
# events only. This can be set to `NotEquals` `kms.amazonaws.com` or
|
169
|
-
# `NotEquals` `rdsdata.amazonaws.com`.
|
210
|
+
# * `cloudtrail.amazonaws.com`
|
170
211
|
#
|
171
|
-
#
|
172
|
-
# use it to filter in or filter out any data event logged to
|
173
|
-
# CloudTrail, such as `PutBucket` or `GetSnapshotBlock`. You can
|
174
|
-
# have multiple values for this field, separated by commas.
|
212
|
+
# * `ec2.amazonaws.com`
|
175
213
|
#
|
176
|
-
#
|
177
|
-
#
|
214
|
+
# * `kms.amazonaws.com`
|
215
|
+
#
|
216
|
+
# * `secretsmanager.amazonaws.com`
|
217
|
+
#
|
218
|
+
# * <b> <code>eventName</code> </b> - This is an optional field that
|
219
|
+
# is only used for data events and network activity events. You can
|
220
|
+
# use any operator with `eventName`. You can use it to filter in or
|
221
|
+
# filter out specific events. You can have multiple values for this
|
222
|
+
# field, separated by commas.
|
223
|
+
#
|
224
|
+
# * <b> <code>eventCategory</code> </b> - This field is required and
|
225
|
+
# must be set to `Equals`.
|
178
226
|
#
|
179
227
|
# * For CloudTrail management events, the value must be
|
180
228
|
# `Management`.
|
181
229
|
#
|
182
230
|
# * For CloudTrail data events, the value must be `Data`.
|
183
231
|
#
|
232
|
+
# * For CloudTrail network activity events, the value must be
|
233
|
+
# `NetworkActivity`.
|
234
|
+
#
|
184
235
|
# The following are used only for event data stores:
|
185
236
|
#
|
186
237
|
# * For CloudTrail Insights events, the value must be `Insight`.
|
@@ -193,15 +244,17 @@ module Aws::CloudTrail
|
|
193
244
|
# * For non-Amazon Web Services events, the value must be
|
194
245
|
# `ActivityAuditLog`.
|
195
246
|
#
|
247
|
+
# * <b> <code>errorCode</code> </b> - This field is only used to filter
|
248
|
+
# CloudTrail network activity events and is optional. This is the
|
249
|
+
# error code to filter on. Currently, the only valid `errorCode` is
|
250
|
+
# `VpceAccessDenied`. `errorCode` can only use the `Equals`
|
251
|
+
# operator.
|
252
|
+
#
|
196
253
|
# * <b> <code>resources.type</code> </b> - This field is required for
|
197
254
|
# CloudTrail data events. `resources.type` can only use the `Equals`
|
198
|
-
# operator
|
199
|
-
#
|
200
|
-
# * `AWS::DynamoDB::Table`
|
201
|
-
#
|
202
|
-
# * `AWS::Lambda::Function`
|
255
|
+
# operator.
|
203
256
|
#
|
204
|
-
#
|
257
|
+
# The value can be one of the following:
|
205
258
|
#
|
206
259
|
# * `AWS::AppConfig::Configuration`
|
207
260
|
#
|
@@ -209,6 +262,10 @@ module Aws::CloudTrail
|
|
209
262
|
#
|
210
263
|
# * `AWS::Bedrock::AgentAlias`
|
211
264
|
#
|
265
|
+
# * `AWS::Bedrock::FlowAlias`
|
266
|
+
#
|
267
|
+
# * `AWS::Bedrock::Guardrail`
|
268
|
+
#
|
212
269
|
# * `AWS::Bedrock::KnowledgeBase`
|
213
270
|
#
|
214
271
|
# * `AWS::Cassandra::Table`
|
@@ -217,6 +274,8 @@ module Aws::CloudTrail
|
|
217
274
|
#
|
218
275
|
# * `AWS::CloudTrail::Channel`
|
219
276
|
#
|
277
|
+
# * `AWS::CloudWatch::Metric`
|
278
|
+
#
|
220
279
|
# * `AWS::CodeWhisperer::Customization`
|
221
280
|
#
|
222
281
|
# * `AWS::CodeWhisperer::Profile`
|
@@ -225,6 +284,8 @@ module Aws::CloudTrail
|
|
225
284
|
#
|
226
285
|
# * `AWS::DynamoDB::Stream`
|
227
286
|
#
|
287
|
+
# * `AWS::DynamoDB::Table`
|
288
|
+
#
|
228
289
|
# * `AWS::EC2::Snapshot`
|
229
290
|
#
|
230
291
|
# * `AWS::EMRWAL::Workspace`
|
@@ -253,8 +314,16 @@ module Aws::CloudTrail
|
|
253
314
|
#
|
254
315
|
# * `AWS::KendraRanking::ExecutionPlan`
|
255
316
|
#
|
317
|
+
# * `AWS::Kinesis::Stream`
|
318
|
+
#
|
319
|
+
# * `AWS::Kinesis::StreamConsumer`
|
320
|
+
#
|
256
321
|
# * `AWS::KinesisVideo::Stream`
|
257
322
|
#
|
323
|
+
# * `AWS::Lambda::Function`
|
324
|
+
#
|
325
|
+
# * `AWS::MachineLearning::MlModel`
|
326
|
+
#
|
258
327
|
# * `AWS::ManagedBlockchain::Network`
|
259
328
|
#
|
260
329
|
# * `AWS::ManagedBlockchain::Node`
|
@@ -263,8 +332,18 @@ module Aws::CloudTrail
|
|
263
332
|
#
|
264
333
|
# * `AWS::NeptuneGraph::Graph`
|
265
334
|
#
|
335
|
+
# * `AWS::One::UKey`
|
336
|
+
#
|
337
|
+
# * `AWS::One::User`
|
338
|
+
#
|
339
|
+
# * `AWS::PaymentCryptography::Alias`
|
340
|
+
#
|
341
|
+
# * `AWS::PaymentCryptography::Key`
|
342
|
+
#
|
266
343
|
# * `AWS::PCAConnectorAD::Connector`
|
267
344
|
#
|
345
|
+
# * `AWS::PCAConnectorSCEP::Connector`
|
346
|
+
#
|
268
347
|
# * `AWS::QApps:QApp`
|
269
348
|
#
|
270
349
|
# * `AWS::QBusiness::Application`
|
@@ -277,8 +356,14 @@ module Aws::CloudTrail
|
|
277
356
|
#
|
278
357
|
# * `AWS::RDS::DBCluster`
|
279
358
|
#
|
359
|
+
# * `AWS::RUM::AppMonitor`
|
360
|
+
#
|
280
361
|
# * `AWS::S3::AccessPoint`
|
281
362
|
#
|
363
|
+
# * `AWS::S3::Object`
|
364
|
+
#
|
365
|
+
# * `AWS::S3Express::Object`
|
366
|
+
#
|
282
367
|
# * `AWS::S3ObjectLambda::AccessPoint`
|
283
368
|
#
|
284
369
|
# * `AWS::S3Outposts::Object`
|
@@ -305,6 +390,8 @@ module Aws::CloudTrail
|
|
305
390
|
#
|
306
391
|
# * `AWS::SSMMessages::ControlChannel`
|
307
392
|
#
|
393
|
+
# * `AWS::StepFunctions::StateMachine`
|
394
|
+
#
|
308
395
|
# * `AWS::SWF::Domain`
|
309
396
|
#
|
310
397
|
# * `AWS::ThinClient::Device`
|
@@ -320,509 +407,34 @@ module Aws::CloudTrail
|
|
320
407
|
# * `AWS::XRay::Trace`
|
321
408
|
#
|
322
409
|
# You can have only one `resources.type` field per selector. To log
|
323
|
-
#
|
410
|
+
# events on more than one resource type, add another selector.
|
324
411
|
#
|
325
|
-
# * <b> <code>resources.ARN</code> </b> -
|
326
|
-
#
|
327
|
-
#
|
328
|
-
#
|
412
|
+
# * <b> <code>resources.ARN</code> </b> - The `resources.ARN` is an
|
413
|
+
# optional field for data events. You can use any operator with
|
414
|
+
# `resources.ARN`, but if you use `Equals` or `NotEquals`, the value
|
415
|
+
# must exactly match the ARN of a valid resource of the type you've
|
416
|
+
# specified in the template as the value of resources.type. To log
|
417
|
+
# all data events for all objects in a specific S3 bucket, use the
|
418
|
+
# `StartsWith` operator, and include only the bucket ARN as the
|
419
|
+
# matching value.
|
420
|
+
#
|
421
|
+
# For information about filtering data events on the `resources.ARN`
|
422
|
+
# field, see [Filtering data events by resources.ARN][1] in the
|
423
|
+
# *CloudTrail User Guide*.
|
329
424
|
#
|
330
425
|
# <note markdown="1"> You can't use the `resources.ARN` field to filter resource types
|
331
426
|
# that do not have ARNs.
|
332
427
|
#
|
333
428
|
# </note>
|
334
429
|
#
|
335
|
-
#
|
336
|
-
#
|
337
|
-
#
|
338
|
-
#
|
339
|
-
# in a specific S3 bucket, use the `StartsWith` operator, and
|
340
|
-
# include only the bucket ARN as the matching value.
|
341
|
-
#
|
342
|
-
# The trailing slash is intentional; do not exclude it. Replace the
|
343
|
-
# text between less than and greater than symbols (<>) with
|
344
|
-
# resource-specific information.
|
345
|
-
#
|
346
|
-
# * `arn:<partition>:s3:::<bucket_name>/`
|
347
|
-
#
|
348
|
-
# * `arn:<partition>:s3:::<bucket_name>/<object_path>/`
|
349
|
-
#
|
350
|
-
# When resources.type equals `AWS::DynamoDB::Table`, and the
|
351
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
352
|
-
# following format:
|
353
|
-
#
|
354
|
-
# * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`
|
355
|
-
#
|
356
|
-
# ^
|
357
|
-
#
|
358
|
-
# When resources.type equals `AWS::Lambda::Function`, and the
|
359
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
360
|
-
# following format:
|
361
|
-
#
|
362
|
-
# * `arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`
|
363
|
-
#
|
364
|
-
# ^
|
365
|
-
#
|
366
|
-
# When resources.type equals `AWS::AppConfig::Configuration`, and
|
367
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
368
|
-
# the following format:
|
369
|
-
#
|
370
|
-
# * `arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID>`
|
371
|
-
#
|
372
|
-
# ^
|
373
|
-
#
|
374
|
-
# When resources.type equals `AWS::B2BI::Transformer`, and the
|
375
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
376
|
-
# following format:
|
377
|
-
#
|
378
|
-
# * `arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>`
|
379
|
-
#
|
380
|
-
# ^
|
381
|
-
#
|
382
|
-
# When resources.type equals `AWS::Bedrock::AgentAlias`, and the
|
383
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
384
|
-
# following format:
|
385
|
-
#
|
386
|
-
# * `arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>`
|
387
|
-
#
|
388
|
-
# ^
|
389
|
-
#
|
390
|
-
# When resources.type equals `AWS::Bedrock::KnowledgeBase`, and the
|
391
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
392
|
-
# following format:
|
393
|
-
#
|
394
|
-
# * `arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>`
|
395
|
-
#
|
396
|
-
# ^
|
397
|
-
#
|
398
|
-
# When resources.type equals `AWS::Cassandra::Table`, and the
|
399
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
400
|
-
# following format:
|
401
|
-
#
|
402
|
-
# * `arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>`
|
403
|
-
#
|
404
|
-
# ^
|
405
|
-
#
|
406
|
-
# When resources.type equals `AWS::CloudFront::KeyValueStore`, and
|
407
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
408
|
-
# the following format:
|
409
|
-
#
|
410
|
-
# * `arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>`
|
411
|
-
#
|
412
|
-
# ^
|
413
|
-
#
|
414
|
-
# When resources.type equals `AWS::CloudTrail::Channel`, and the
|
415
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
416
|
-
# following format:
|
417
|
-
#
|
418
|
-
# * `arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`
|
419
|
-
#
|
420
|
-
# ^
|
421
|
-
#
|
422
|
-
# When resources.type equals `AWS::CodeWhisperer::Customization`,
|
423
|
-
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
424
|
-
# be in the following format:
|
425
|
-
#
|
426
|
-
# * `arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`
|
427
|
-
#
|
428
|
-
# ^
|
429
|
-
#
|
430
|
-
# When resources.type equals `AWS::CodeWhisperer::Profile`, and the
|
431
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
432
|
-
# following format:
|
433
|
-
#
|
434
|
-
# * `arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`
|
435
|
-
#
|
436
|
-
# ^
|
437
|
-
#
|
438
|
-
# When resources.type equals `AWS::Cognito::IdentityPool`, and the
|
439
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
440
|
-
# following format:
|
441
|
-
#
|
442
|
-
# * `arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`
|
443
|
-
#
|
444
|
-
# ^
|
445
|
-
#
|
446
|
-
# When `resources.type` equals `AWS::DynamoDB::Stream`, and the
|
447
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
448
|
-
# following format:
|
449
|
-
#
|
450
|
-
# * `arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`
|
451
|
-
#
|
452
|
-
# ^
|
453
|
-
#
|
454
|
-
# When `resources.type` equals `AWS::EC2::Snapshot`, and the
|
455
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
456
|
-
# following format:
|
457
|
-
#
|
458
|
-
# * `arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`
|
459
|
-
#
|
460
|
-
# ^
|
461
|
-
#
|
462
|
-
# When `resources.type` equals `AWS::EMRWAL::Workspace`, and the
|
463
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
464
|
-
# following format:
|
465
|
-
#
|
466
|
-
# * `arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>`
|
467
|
-
#
|
468
|
-
# ^
|
469
|
-
#
|
470
|
-
# When `resources.type` equals `AWS::FinSpace::Environment`, and the
|
471
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
472
|
-
# following format:
|
473
|
-
#
|
474
|
-
# * `arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`
|
475
|
-
#
|
476
|
-
# ^
|
477
|
-
#
|
478
|
-
# When `resources.type` equals `AWS::Glue::Table`, and the operator
|
479
|
-
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
480
|
-
# following format:
|
481
|
-
#
|
482
|
-
# * `arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`
|
483
|
-
#
|
484
|
-
# ^
|
485
|
-
#
|
486
|
-
# When `resources.type` equals
|
487
|
-
# `AWS::GreengrassV2::ComponentVersion`, and the operator is set to
|
488
|
-
# `Equals` or `NotEquals`, the ARN must be in the following format:
|
489
|
-
#
|
490
|
-
# * `arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name>`
|
491
|
-
#
|
492
|
-
# ^
|
493
|
-
#
|
494
|
-
# When `resources.type` equals `AWS::GreengrassV2::Deployment`, and
|
495
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
496
|
-
# the following format:
|
497
|
-
#
|
498
|
-
# * `arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID`
|
499
|
-
#
|
500
|
-
# ^
|
501
|
-
#
|
502
|
-
# When `resources.type` equals `AWS::GuardDuty::Detector`, and the
|
503
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
504
|
-
# following format:
|
505
|
-
#
|
506
|
-
# * `arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`
|
507
|
-
#
|
508
|
-
# ^
|
509
|
-
#
|
510
|
-
# When `resources.type` equals `AWS::IoT::Certificate`, and the
|
511
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
512
|
-
# following format:
|
513
|
-
#
|
514
|
-
# * `arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID>`
|
515
|
-
#
|
516
|
-
# ^
|
517
|
-
#
|
518
|
-
# When `resources.type` equals `AWS::IoT::Thing`, and the operator
|
519
|
-
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
520
|
-
# following format:
|
521
|
-
#
|
522
|
-
# * `arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID>`
|
523
|
-
#
|
524
|
-
# ^
|
525
|
-
#
|
526
|
-
# When `resources.type` equals `AWS::IoTSiteWise::Asset`, and the
|
527
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
528
|
-
# following format:
|
529
|
-
#
|
530
|
-
# * `arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID>`
|
531
|
-
#
|
532
|
-
# ^
|
533
|
-
#
|
534
|
-
# When `resources.type` equals `AWS::IoTSiteWise::TimeSeries`, and
|
535
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
536
|
-
# the following format:
|
537
|
-
#
|
538
|
-
# * `arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID>`
|
539
|
-
#
|
540
|
-
# ^
|
541
|
-
#
|
542
|
-
# When `resources.type` equals `AWS::IoTTwinMaker::Entity`, and the
|
543
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
544
|
-
# following format:
|
545
|
-
#
|
546
|
-
# * `arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>`
|
430
|
+
# * <b> <code>vpcEndpointId</code> </b> - This field is only used to
|
431
|
+
# filter CloudTrail network activity events and is optional. This
|
432
|
+
# field identifies the VPC endpoint that the request passed through.
|
433
|
+
# You can use any operator with `vpcEndpointId`.
|
547
434
|
#
|
548
|
-
# ^
|
549
435
|
#
|
550
|
-
# When `resources.type` equals `AWS::IoTTwinMaker::Workspace`, and
|
551
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
552
|
-
# the following format:
|
553
436
|
#
|
554
|
-
#
|
555
|
-
#
|
556
|
-
# ^
|
557
|
-
#
|
558
|
-
# When `resources.type` equals `AWS::KendraRanking::ExecutionPlan`,
|
559
|
-
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
560
|
-
# be in the following format:
|
561
|
-
#
|
562
|
-
# * `arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`
|
563
|
-
#
|
564
|
-
# ^
|
565
|
-
#
|
566
|
-
# When `resources.type` equals `AWS::KinesisVideo::Stream`, and the
|
567
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
568
|
-
# following format:
|
569
|
-
#
|
570
|
-
# * `arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>`
|
571
|
-
#
|
572
|
-
# ^
|
573
|
-
#
|
574
|
-
# When `resources.type` equals `AWS::ManagedBlockchain::Network`,
|
575
|
-
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
576
|
-
# be in the following format:
|
577
|
-
#
|
578
|
-
# * `arn:<partition>:managedblockchain:::networks/<network_name>`
|
579
|
-
#
|
580
|
-
# ^
|
581
|
-
#
|
582
|
-
# When `resources.type` equals `AWS::ManagedBlockchain::Node`, and
|
583
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
584
|
-
# the following format:
|
585
|
-
#
|
586
|
-
# * `arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`
|
587
|
-
#
|
588
|
-
# ^
|
589
|
-
#
|
590
|
-
# When `resources.type` equals `AWS::MedicalImaging::Datastore`, and
|
591
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
592
|
-
# the following format:
|
593
|
-
#
|
594
|
-
# * `arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`
|
595
|
-
#
|
596
|
-
# ^
|
597
|
-
#
|
598
|
-
# When `resources.type` equals `AWS::NeptuneGraph::Graph`, and the
|
599
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
600
|
-
# following format:
|
601
|
-
#
|
602
|
-
# * `arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>`
|
603
|
-
#
|
604
|
-
# ^
|
605
|
-
#
|
606
|
-
# When `resources.type` equals `AWS::PCAConnectorAD::Connector`, and
|
607
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
608
|
-
# the following format:
|
609
|
-
#
|
610
|
-
# * `arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`
|
611
|
-
#
|
612
|
-
# ^
|
613
|
-
#
|
614
|
-
# When `resources.type` equals `AWS::QApps:QApp`, and the operator
|
615
|
-
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
616
|
-
# following format:
|
617
|
-
#
|
618
|
-
# * `arn:<partition>:qapps:<region>:<account_ID>:application/<application_UUID>/qapp/<qapp_UUID>`
|
619
|
-
#
|
620
|
-
# ^
|
621
|
-
#
|
622
|
-
# When `resources.type` equals `AWS::QBusiness::Application`, and
|
623
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
624
|
-
# the following format:
|
625
|
-
#
|
626
|
-
# * `arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>`
|
627
|
-
#
|
628
|
-
# ^
|
629
|
-
#
|
630
|
-
# When `resources.type` equals `AWS::QBusiness::DataSource`, and the
|
631
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
632
|
-
# following format:
|
633
|
-
#
|
634
|
-
# * `arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>`
|
635
|
-
#
|
636
|
-
# ^
|
637
|
-
#
|
638
|
-
# When `resources.type` equals `AWS::QBusiness::Index`, and the
|
639
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
640
|
-
# following format:
|
641
|
-
#
|
642
|
-
# * `arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>`
|
643
|
-
#
|
644
|
-
# ^
|
645
|
-
#
|
646
|
-
# When `resources.type` equals `AWS::QBusiness::WebExperience`, and
|
647
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
648
|
-
# the following format:
|
649
|
-
#
|
650
|
-
# * `arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>`
|
651
|
-
#
|
652
|
-
# ^
|
653
|
-
#
|
654
|
-
# When `resources.type` equals `AWS::RDS::DBCluster`, and the
|
655
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
656
|
-
# following format:
|
657
|
-
#
|
658
|
-
# * `arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>`
|
659
|
-
#
|
660
|
-
# ^
|
661
|
-
#
|
662
|
-
# When `resources.type` equals `AWS::S3::AccessPoint`, and the
|
663
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
664
|
-
# of the following formats. To log events on all objects in an S3
|
665
|
-
# access point, we recommend that you use only the access point ARN,
|
666
|
-
# don’t include the object path, and use the `StartsWith` or
|
667
|
-
# `NotStartsWith` operators.
|
668
|
-
#
|
669
|
-
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
|
670
|
-
#
|
671
|
-
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
|
672
|
-
#
|
673
|
-
# When `resources.type` equals `AWS::S3ObjectLambda::AccessPoint`,
|
674
|
-
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
675
|
-
# be in the following format:
|
676
|
-
#
|
677
|
-
# * `arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`
|
678
|
-
#
|
679
|
-
# ^
|
680
|
-
#
|
681
|
-
# When `resources.type` equals `AWS::S3Outposts::Object`, and the
|
682
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
683
|
-
# following format:
|
684
|
-
#
|
685
|
-
# * `arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`
|
686
|
-
#
|
687
|
-
# ^
|
688
|
-
#
|
689
|
-
# When `resources.type` equals `AWS::SageMaker::Endpoint`, and the
|
690
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
691
|
-
# following format:
|
692
|
-
#
|
693
|
-
# * `arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`
|
694
|
-
#
|
695
|
-
# ^
|
696
|
-
#
|
697
|
-
# When `resources.type` equals
|
698
|
-
# `AWS::SageMaker::ExperimentTrialComponent`, and the operator is
|
699
|
-
# set to `Equals` or `NotEquals`, the ARN must be in the following
|
700
|
-
# format:
|
701
|
-
#
|
702
|
-
# * `arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`
|
703
|
-
#
|
704
|
-
# ^
|
705
|
-
#
|
706
|
-
# When `resources.type` equals `AWS::SageMaker::FeatureGroup`, and
|
707
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
708
|
-
# the following format:
|
709
|
-
#
|
710
|
-
# * `arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`
|
711
|
-
#
|
712
|
-
# ^
|
713
|
-
#
|
714
|
-
# When `resources.type` equals `AWS::SCN::Instance`, and the
|
715
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
716
|
-
# following format:
|
717
|
-
#
|
718
|
-
# * `arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>`
|
719
|
-
#
|
720
|
-
# ^
|
721
|
-
#
|
722
|
-
# When `resources.type` equals `AWS::ServiceDiscovery::Namespace`,
|
723
|
-
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
724
|
-
# be in the following format:
|
725
|
-
#
|
726
|
-
# * `arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>`
|
727
|
-
#
|
728
|
-
# ^
|
729
|
-
#
|
730
|
-
# When `resources.type` equals `AWS::ServiceDiscovery::Service`, and
|
731
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
732
|
-
# the following format:
|
733
|
-
#
|
734
|
-
# * `arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>`
|
735
|
-
#
|
736
|
-
# ^
|
737
|
-
#
|
738
|
-
# When `resources.type` equals `AWS::SNS::PlatformEndpoint`, and the
|
739
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
740
|
-
# following format:
|
741
|
-
#
|
742
|
-
# * `arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`
|
743
|
-
#
|
744
|
-
# ^
|
745
|
-
#
|
746
|
-
# When `resources.type` equals `AWS::SNS::Topic`, and the operator
|
747
|
-
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
748
|
-
# following format:
|
749
|
-
#
|
750
|
-
# * `arn:<partition>:sns:<region>:<account_ID>:<topic_name>`
|
751
|
-
#
|
752
|
-
# ^
|
753
|
-
#
|
754
|
-
# When `resources.type` equals `AWS::SQS::Queue`, and the operator
|
755
|
-
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
756
|
-
# following format:
|
757
|
-
#
|
758
|
-
# * `arn:<partition>:sqs:<region>:<account_ID>:<queue_name>`
|
759
|
-
#
|
760
|
-
# ^
|
761
|
-
#
|
762
|
-
# When `resources.type` equals `AWS::SSM::ManagedNode`, and the
|
763
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
764
|
-
# of the following formats:
|
765
|
-
#
|
766
|
-
# * `arn:<partition>:ssm:<region>:<account_ID>:managed-instance/<instance_ID>`
|
767
|
-
#
|
768
|
-
# * `arn:<partition>:ec2:<region>:<account_ID>:instance/<instance_ID>`
|
769
|
-
#
|
770
|
-
# When `resources.type` equals `AWS::SSMMessages::ControlChannel`,
|
771
|
-
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
772
|
-
# be in the following format:
|
773
|
-
#
|
774
|
-
# * `arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`
|
775
|
-
#
|
776
|
-
# ^
|
777
|
-
#
|
778
|
-
# When `resources.type` equals `AWS::SWF::Domain`, and the operator
|
779
|
-
# is set to `Equals` or `NotEquals`, the ARN must be in the
|
780
|
-
# following format:
|
781
|
-
#
|
782
|
-
# * `arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name>`
|
783
|
-
#
|
784
|
-
# ^
|
785
|
-
#
|
786
|
-
# When `resources.type` equals `AWS::ThinClient::Device`, and the
|
787
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
788
|
-
# following format:
|
789
|
-
#
|
790
|
-
# * `arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>`
|
791
|
-
#
|
792
|
-
# ^
|
793
|
-
#
|
794
|
-
# When `resources.type` equals `AWS::ThinClient::Environment`, and
|
795
|
-
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
796
|
-
# the following format:
|
797
|
-
#
|
798
|
-
# * `arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>`
|
799
|
-
#
|
800
|
-
# ^
|
801
|
-
#
|
802
|
-
# When `resources.type` equals `AWS::Timestream::Database`, and the
|
803
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
804
|
-
# following format:
|
805
|
-
#
|
806
|
-
# * `arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`
|
807
|
-
#
|
808
|
-
# ^
|
809
|
-
#
|
810
|
-
# When `resources.type` equals `AWS::Timestream::Table`, and the
|
811
|
-
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
812
|
-
# following format:
|
813
|
-
#
|
814
|
-
# * `arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`
|
815
|
-
#
|
816
|
-
# ^
|
817
|
-
#
|
818
|
-
# When resources.type equals
|
819
|
-
# `AWS::VerifiedPermissions::PolicyStore`, and the operator is set
|
820
|
-
# to `Equals` or `NotEquals`, the ARN must be in the following
|
821
|
-
# format:
|
822
|
-
#
|
823
|
-
# * `arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>`
|
824
|
-
#
|
825
|
-
# ^
|
437
|
+
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn
|
826
438
|
# @return [String]
|
827
439
|
#
|
828
440
|
# @!attribute [rw] equals
|
@@ -1591,16 +1203,8 @@ module Aws::CloudTrail
|
|
1591
1203
|
include Aws::Structure
|
1592
1204
|
end
|
1593
1205
|
|
1594
|
-
#
|
1595
|
-
#
|
1596
|
-
# plane operations. You can specify up to 250 data resources for a
|
1597
|
-
# trail.
|
1598
|
-
#
|
1599
|
-
# Configure the `DataResource` to specify the resource type and resource
|
1600
|
-
# ARNs for which you want to log data events.
|
1601
|
-
#
|
1602
|
-
# You can specify the following resource types in your event selectors
|
1603
|
-
# for your trail:
|
1206
|
+
# You can configure the `DataResource` in an `EventSelector` to log data
|
1207
|
+
# events for the following three resource types:
|
1604
1208
|
#
|
1605
1209
|
# * `AWS::DynamoDB::Table`
|
1606
1210
|
#
|
@@ -1608,22 +1212,28 @@ module Aws::CloudTrail
|
|
1608
1212
|
#
|
1609
1213
|
# * `AWS::S3::Object`
|
1610
1214
|
#
|
1215
|
+
# To log data events for all other resource types including objects
|
1216
|
+
# stored in [directory buckets][1], you must use
|
1217
|
+
# [AdvancedEventSelectors][2]. You must also use
|
1218
|
+
# `AdvancedEventSelectors` if you want to filter on the `eventName`
|
1219
|
+
# field.
|
1220
|
+
#
|
1221
|
+
# Configure the `DataResource` to specify the resource type and resource
|
1222
|
+
# ARNs for which you want to log data events.
|
1223
|
+
#
|
1611
1224
|
# <note markdown="1"> The total number of allowed data resources is 250. This number can be
|
1612
1225
|
# distributed between 1 and 5 event selectors, but the total cannot
|
1613
1226
|
# exceed 250 across all selectors for the trail.
|
1614
1227
|
#
|
1615
|
-
# If you are using advanced event selectors, the maximum total number of
|
1616
|
-
# values for all conditions, across all advanced event selectors for the
|
1617
|
-
# trail, is 500.
|
1618
|
-
#
|
1619
1228
|
# </note>
|
1620
1229
|
#
|
1621
1230
|
# The following example demonstrates how logging works when you
|
1622
|
-
# configure logging of all data events for
|
1623
|
-
# `
|
1624
|
-
# prefix, and the option to log both `Read` and
|
1231
|
+
# configure logging of all data events for a general purpose bucket
|
1232
|
+
# named `amzn-s3-demo-bucket1`. In this example, the CloudTrail user
|
1233
|
+
# specified an empty prefix, and the option to log both `Read` and
|
1234
|
+
# `Write` data events.
|
1625
1235
|
#
|
1626
|
-
# 1. A user uploads an image file to `
|
1236
|
+
# 1. A user uploads an image file to `amzn-s3-demo-bucket1`.
|
1627
1237
|
#
|
1628
1238
|
# 2. The `PutObject` API operation is an Amazon S3 object-level API. It
|
1629
1239
|
# is recorded as a data event in CloudTrail. Because the CloudTrail
|
@@ -1632,7 +1242,7 @@ module Aws::CloudTrail
|
|
1632
1242
|
# and logs the event.
|
1633
1243
|
#
|
1634
1244
|
# 3. A user uploads an object to an Amazon S3 bucket named
|
1635
|
-
# `arn:aws:s3:::
|
1245
|
+
# `arn:aws:s3:::amzn-s3-demo-bucket1`.
|
1636
1246
|
#
|
1637
1247
|
# 4. The `PutObject` API operation occurred for an object in an S3
|
1638
1248
|
# bucket that the CloudTrail user didn't specify for the trail. The
|
@@ -1658,6 +1268,11 @@ module Aws::CloudTrail
|
|
1658
1268
|
# *MyOtherLambdaFunction* does not match the function specified for
|
1659
1269
|
# the trail. The trail doesn’t log the event.
|
1660
1270
|
#
|
1271
|
+
#
|
1272
|
+
#
|
1273
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html
|
1274
|
+
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html
|
1275
|
+
#
|
1661
1276
|
# @!attribute [rw] type
|
1662
1277
|
# The resource type in which you want to log data events. You can
|
1663
1278
|
# specify the following *basic* event selector resource types:
|
@@ -1693,13 +1308,13 @@ module Aws::CloudTrail
|
|
1693
1308
|
#
|
1694
1309
|
# * To log data events for all objects in an S3 bucket, specify the
|
1695
1310
|
# bucket and an empty object prefix such as
|
1696
|
-
# `arn:aws:s3:::
|
1697
|
-
# objects in this S3 bucket.
|
1311
|
+
# `arn:aws:s3:::amzn-s3-demo-bucket1/`. The trail logs data events
|
1312
|
+
# for all objects in this S3 bucket.
|
1698
1313
|
#
|
1699
1314
|
# * To log data events for specific objects, specify the S3 bucket and
|
1700
|
-
# object prefix such as
|
1701
|
-
# trail logs
|
1702
|
-
# the prefix.
|
1315
|
+
# object prefix such as
|
1316
|
+
# `arn:aws:s3:::amzn-s3-demo-bucket1/example-images`. The trail logs
|
1317
|
+
# data events for objects in this S3 bucket that match the prefix.
|
1703
1318
|
#
|
1704
1319
|
# * To log data events for all Lambda functions in your Amazon Web
|
1705
1320
|
# Services account, specify the prefix as `arn:aws:lambda`.
|
@@ -2306,20 +1921,31 @@ module Aws::CloudTrail
|
|
2306
1921
|
# @return [Boolean]
|
2307
1922
|
#
|
2308
1923
|
# @!attribute [rw] data_resources
|
2309
|
-
# CloudTrail supports data event logging for Amazon S3 objects
|
2310
|
-
# functions, and Amazon DynamoDB tables
|
2311
|
-
# You can specify up to 250 resources for
|
2312
|
-
# selector, but the total number of data resources
|
2313
|
-
# across all event selectors in a trail. This limit
|
2314
|
-
# you configure resource logging for all data
|
1924
|
+
# CloudTrail supports data event logging for Amazon S3 objects in
|
1925
|
+
# standard S3 buckets, Lambda functions, and Amazon DynamoDB tables
|
1926
|
+
# with basic event selectors. You can specify up to 250 resources for
|
1927
|
+
# an individual event selector, but the total number of data resources
|
1928
|
+
# cannot exceed 250 across all event selectors in a trail. This limit
|
1929
|
+
# does not apply if you configure resource logging for all data
|
1930
|
+
# events.
|
2315
1931
|
#
|
2316
1932
|
# For more information, see [Data Events][1] and [Limits in
|
2317
1933
|
# CloudTrail][2] in the *CloudTrail User Guide*.
|
2318
1934
|
#
|
1935
|
+
# <note markdown="1"> To log data events for all other resource types including objects
|
1936
|
+
# stored in [directory buckets][3], you must use
|
1937
|
+
# [AdvancedEventSelectors][4]. You must also use
|
1938
|
+
# `AdvancedEventSelectors` if you want to filter on the `eventName`
|
1939
|
+
# field.
|
1940
|
+
#
|
1941
|
+
# </note>
|
1942
|
+
#
|
2319
1943
|
#
|
2320
1944
|
#
|
2321
1945
|
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
2322
1946
|
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
|
1947
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html
|
1948
|
+
# [4]: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html
|
2323
1949
|
# @return [Array<Types::DataResource>]
|
2324
1950
|
#
|
2325
1951
|
# @!attribute [rw] exclude_management_event_sources
|
@@ -4234,28 +3860,43 @@ module Aws::CloudTrail
|
|
4234
3860
|
# @return [String]
|
4235
3861
|
#
|
4236
3862
|
# @!attribute [rw] event_selectors
|
4237
|
-
# Specifies the settings for your event selectors. You can
|
4238
|
-
#
|
4239
|
-
#
|
3863
|
+
# Specifies the settings for your event selectors. You can use event
|
3864
|
+
# selectors to log management events and data events for the following
|
3865
|
+
# resource types:
|
3866
|
+
#
|
3867
|
+
# * `AWS::DynamoDB::Table`
|
3868
|
+
#
|
3869
|
+
# * `AWS::Lambda::Function`
|
3870
|
+
#
|
3871
|
+
# * `AWS::S3::Object`
|
3872
|
+
#
|
3873
|
+
# You can't use event selectors to log network activity events.
|
3874
|
+
#
|
3875
|
+
# You can configure up to five event selectors for a trail. You can
|
3876
|
+
# use either `EventSelectors` or `AdvancedEventSelectors` in a
|
4240
3877
|
# `PutEventSelectors` request, but not both. If you apply
|
4241
3878
|
# `EventSelectors` to a trail, any existing `AdvancedEventSelectors`
|
4242
3879
|
# are overwritten.
|
4243
3880
|
# @return [Array<Types::EventSelector>]
|
4244
3881
|
#
|
4245
3882
|
# @!attribute [rw] advanced_event_selectors
|
4246
|
-
# Specifies the settings for advanced event selectors. You can
|
4247
|
-
# advanced event selectors
|
4248
|
-
#
|
4249
|
-
#
|
4250
|
-
#
|
4251
|
-
#
|
4252
|
-
#
|
4253
|
-
#
|
4254
|
-
#
|
3883
|
+
# Specifies the settings for advanced event selectors. You can use
|
3884
|
+
# advanced event selectors to log management events, data events for
|
3885
|
+
# all resource types, and network activity events.
|
3886
|
+
#
|
3887
|
+
# You can add advanced event selectors, and conditions for your
|
3888
|
+
# advanced event selectors, up to a maximum of 500 values for all
|
3889
|
+
# conditions and selectors on a trail. You can use either
|
3890
|
+
# `AdvancedEventSelectors` or `EventSelectors`, but not both. If you
|
3891
|
+
# apply `AdvancedEventSelectors` to a trail, any existing
|
3892
|
+
# `EventSelectors` are overwritten. For more information about
|
3893
|
+
# advanced event selectors, see [Logging data events][1] and [Logging
|
3894
|
+
# network activity events][2] in the *CloudTrail User Guide*.
|
4255
3895
|
#
|
4256
3896
|
#
|
4257
3897
|
#
|
4258
3898
|
# [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
3899
|
+
# [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html
|
4259
3900
|
# @return [Array<Types::AdvancedEventSelector>]
|
4260
3901
|
#
|
4261
3902
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectorsRequest AWS API Documentation
|
data/lib/aws-sdk-cloudtrail.rb
CHANGED
@@ -11,6 +11,8 @@
|
|
11
11
|
require 'aws-sdk-core'
|
12
12
|
require 'aws-sigv4'
|
13
13
|
|
14
|
+
Aws::Plugins::GlobalConfiguration.add_identifier(:cloudtrail)
|
15
|
+
|
14
16
|
# This module provides support for AWS CloudTrail. This module is available in the
|
15
17
|
# `aws-sdk-cloudtrail` gem.
|
16
18
|
#
|
@@ -52,7 +54,7 @@ module Aws::CloudTrail
|
|
52
54
|
autoload :EndpointProvider, 'aws-sdk-cloudtrail/endpoint_provider'
|
53
55
|
autoload :Endpoints, 'aws-sdk-cloudtrail/endpoints'
|
54
56
|
|
55
|
-
GEM_VERSION = '1.
|
57
|
+
GEM_VERSION = '1.92.0'
|
56
58
|
|
57
59
|
end
|
58
60
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-cloudtrail
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.92.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-09-
|
11
|
+
date: 2024-09-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|