aws-sdk-cloudtrail 1.19.0 → 1.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6895c447d0feae813da5dc055dac76e59f266a08
-  data.tar.gz: 31ecefd18da65a7489e73aab3ad2af32af118846
+  metadata.gz: de31b9aa4bace9640b8c9bd2eb1288ff71a8ef7b
+  data.tar.gz: ea916a1c20a9aa50a85ddfef2d6283099a833638
 SHA512:
-  metadata.gz: b6a4f7937fe8895ca01284ca5807be215fa81147ea77e22c702e32b5303d1eb437d17f8156fd6aadd88e7d8af1a5c204f2c486f2c83d11bd922e7c03f2c63662
-  data.tar.gz: 66ec1893d9a4b30683f9fa03eed0db42d4615df816208d53baf9bad8ce8d69448bbab4e4407686c7d297650a75f99a42e42a83168c669ae5a0c2e55444c228ce
+  metadata.gz: d2e4ea1f9d83f0806796e815167400eab8869c1fd78b6b2a95f6547d0e53fd02d1f6b862b2e6c8474deccdb0ef512f28268a758eee711127fce2a3141a620bd9
+  data.tar.gz: 746030ff7babd82ddf864b67af2be1be8a14b2bdb438a9c3a04801c97bd27ec85dfbf03b622d288b1d1093d9da59afe49608f3d6c10b087dabfbcc6fa959e87a

data/lib/aws-sdk-cloudtrail.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cloudtrail/customizations'
 # @service
 module Aws::CloudTrail
 
-  GEM_VERSION = '1.19.0'
+  GEM_VERSION = '1.20.0'
 
 end

data/lib/aws-sdk-cloudtrail/client.rb

@@ -560,6 +560,7 @@ module Aws::CloudTrail
     #   resp.trail_list[0].cloud_watch_logs_role_arn #=> String
     #   resp.trail_list[0].kms_key_id #=> String
     #   resp.trail_list[0].has_custom_event_selectors #=> Boolean
+    #   resp.trail_list[0].has_insight_selectors #=> Boolean
     #   resp.trail_list[0].is_organization_trail #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeTrails AWS API Documentation
@@ -632,6 +633,8 @@ module Aws::CloudTrail
     #   resp.event_selectors[0].data_resources[0].type #=> String
     #   resp.event_selectors[0].data_resources[0].values #=> Array
     #   resp.event_selectors[0].data_resources[0].values[0] #=> String
+    #   resp.event_selectors[0].exclude_management_event_sources #=> Array
+    #   resp.event_selectors[0].exclude_management_event_sources[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectors AWS API Documentation
     #
@@ -642,6 +645,66 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
+    # Describes the settings for the Insights event selectors that you
+    # configured for your trail. `GetInsightSelectors` shows if CloudTrail
+    # Insights event logging is enabled on the trail, and if it is, which
+    # insight types are enabled. If you run `GetInsightSelectors` on a trail
+    # that does not have Insights events enabled, the operation throws the
+    # exception `InsightNotEnabledException`
+    #
+    # For more information, see [Logging CloudTrail Insights Events for
+    # Trails ][1] in the *AWS CloudTrail User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
+    #
+    # @option params [required, String] :trail_name
+    #   Specifies the name of the trail or trail ARN. If you specify a trail
+    #   name, the string must meet the following requirements:
+    #
+    #   * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
+    #     underscores (\_), or dashes (-)
+    #
+    #   * Start with a letter or number, and end with a letter or number
+    #
+    #   * Be between 3 and 128 characters
+    #
+    #   * Have no adjacent periods, underscores or dashes. Names like
+    #     `my-_namespace` and `my--namespace` are not valid.
+    #
+    #   * Not be in IP address format (for example, 192.168.5.4)
+    #
+    #   If you specify a trail ARN, it must be in the format:
+    #
+    #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
+    #
+    # @return [Types::GetInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetInsightSelectorsResponse#trail_arn #trail_arn} => String
+    #   * {Types::GetInsightSelectorsResponse#insight_selectors #insight_selectors} => Array<Types::InsightSelector>
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_insight_selectors({
+    #     trail_name: "String", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.trail_arn #=> String
+    #   resp.insight_selectors #=> Array
+    #   resp.insight_selectors[0].insight_type #=> String, one of "ApiCallRateInsight"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectors AWS API Documentation
+    #
+    # @overload get_insight_selectors(params = {})
+    # @param [Hash] params ({})
+    def get_insight_selectors(params = {}, options = {})
+      req = build_request(:get_insight_selectors, params)
+      req.send_request(options)
+    end
+
     # Returns settings information for a specified trail.
     #
     # @option params [required, String] :name
@@ -674,6 +737,7 @@ module Aws::CloudTrail
     #   resp.trail.cloud_watch_logs_role_arn #=> String
     #   resp.trail.kms_key_id #=> String
     #   resp.trail.has_custom_event_selectors #=> Boolean
+    #   resp.trail.has_insight_selectors #=> Boolean
     #   resp.trail.is_organization_trail #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetTrail AWS API Documentation
@@ -855,6 +919,11 @@ module Aws::CloudTrail
     # Lists trails that are in the current account.
     #
     # @option params [String] :next_token
+    #   The token to use to get the next page of results after a previous API
+    #   call. This token must be passed in with the same parameters that were
+    #   specified in the the original call. For example, if the original call
+    #   specified an AttributeKey of 'Username' with a value of 'root',
+    #   the call with NextToken should include those same parameters.
     #
     # @return [Types::ListTrailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -884,9 +953,10 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
-    # Looks up [management events][1] captured by CloudTrail. You can look
-    # up events that occurred in a region within the last 90 days. Lookup
-    # supports the following attributes:
+    # Looks up [management events][1] or [CloudTrail Insights events][2]
+    # that are captured by CloudTrail. You can look up events that occurred
+    # in a region within the last 90 days. Lookup supports the following
+    # attributes for management events:
     #
     # * AWS access key
     #
@@ -904,20 +974,25 @@ module Aws::CloudTrail
     #
     # * User name
     #
+    # Lookup supports the following attributes for Insights events:
+    #
+    # * Event ID
+    #
+    # * Event name
+    #
+    # * Event source
+    #
     # All attributes are optional. The default number of results returned is
     # 50, with a maximum of 50 possible. The response includes a token that
     # you can use to get the next page of results.
     #
-    # The rate of lookup requests is limited to one per second per account.
+    # The rate of lookup requests is limited to two per second per account.
     # If this limit is exceeded, a throttling error occurs.
     #
-    #  Events that occurred during the selected time range will not be
-    # available for lookup if CloudTrail logging was not enabled when the
-    # events occurred.
-    #
     #
     #
     # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events
+    # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events
     #
     # @option params [Array<Types::LookupAttribute>] :lookup_attributes
     #   Contains a list of lookup attributes. Currently the list can contain
@@ -933,6 +1008,12 @@ module Aws::CloudTrail
     #   are returned. If the specified end time is before the specified start
     #   time, an error is returned.
     #
+    # @option params [String] :event_category
+    #   Specifies the event category. If you do not specify an event category,
+    #   events of the category are not returned in the response. For example,
+    #   if you do not specify `insight` as the value of `EventCategory`, no
+    #   Insights events are returned.
+    #
     # @option params [Integer] :max_results
     #   The number of events to return. Possible values are 1 through 50. The
     #   default is 50.
@@ -960,6 +1041,7 @@ module Aws::CloudTrail
     #     ],
     #     start_time: Time.now,
     #     end_time: Time.now,
+    #     event_category: "insight", # accepts insight
     #     max_results: 1,
     #     next_token: "NextToken",
     #   })
@@ -1073,6 +1155,7 @@ module Aws::CloudTrail
     #             values: ["String"],
     #           },
     #         ],
+    #         exclude_management_event_sources: ["String"],
     #       },
     #     ],
     #   })
@@ -1087,6 +1170,8 @@ module Aws::CloudTrail
     #   resp.event_selectors[0].data_resources[0].type #=> String
     #   resp.event_selectors[0].data_resources[0].values #=> Array
     #   resp.event_selectors[0].data_resources[0].values[0] #=> String
+    #   resp.event_selectors[0].exclude_management_event_sources #=> Array
+    #   resp.event_selectors[0].exclude_management_event_sources[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectors AWS API Documentation
     #
@@ -1097,6 +1182,52 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
+    # Lets you enable Insights event logging by specifying the Insights
+    # selectors that you want to enable on an existing trail. You also use
+    # `PutInsightSelectors` to turn off Insights event logging, by passing
+    # an empty list of insight types. In this release, only
+    # `ApiCallRateInsight` is supported as an Insights selector.
+    #
+    # @option params [required, String] :trail_name
+    #   The name of the CloudTrail trail for which you want to change or add
+    #   Insights selectors.
+    #
+    # @option params [required, Array<Types::InsightSelector>] :insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #
+    # @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutInsightSelectorsResponse#trail_arn #trail_arn} => String
+    #   * {Types::PutInsightSelectorsResponse#insight_selectors #insight_selectors} => Array&lt;Types::InsightSelector&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_insight_selectors({
+    #     trail_name: "String", # required
+    #     insight_selectors: [ # required
+    #       {
+    #         insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.trail_arn #=> String
+    #   resp.insight_selectors #=> Array
+    #   resp.insight_selectors[0].insight_type #=> String, one of "ApiCallRateInsight"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectors AWS API Documentation
+    #
+    # @overload put_insight_selectors(params = {})
+    # @param [Hash] params ({})
+    def put_insight_selectors(params = {}, options = {})
+      req = build_request(:put_insight_selectors, params)
+      req.send_request(options)
+    end
+
     # Removes the specified tags from a trail.
     #
     # @option params [required, String] :resource_id
@@ -1381,7 +1512,7 @@ module Aws::CloudTrail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudtrail'
-      context[:gem_version] = '1.19.0'
+      context[:gem_version] = '1.20.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudtrail/client_api.rb

@@ -29,23 +29,33 @@ module Aws::CloudTrail
     DescribeTrailsRequest = Shapes::StructureShape.new(name: 'DescribeTrailsRequest')
     DescribeTrailsResponse = Shapes::StructureShape.new(name: 'DescribeTrailsResponse')
     Event = Shapes::StructureShape.new(name: 'Event')
+    EventCategory = Shapes::StringShape.new(name: 'EventCategory')
     EventSelector = Shapes::StructureShape.new(name: 'EventSelector')
     EventSelectors = Shapes::ListShape.new(name: 'EventSelectors')
     EventsList = Shapes::ListShape.new(name: 'EventsList')
+    ExcludeManagementEventSources = Shapes::ListShape.new(name: 'ExcludeManagementEventSources')
     GetEventSelectorsRequest = Shapes::StructureShape.new(name: 'GetEventSelectorsRequest')
     GetEventSelectorsResponse = Shapes::StructureShape.new(name: 'GetEventSelectorsResponse')
+    GetInsightSelectorsRequest = Shapes::StructureShape.new(name: 'GetInsightSelectorsRequest')
+    GetInsightSelectorsResponse = Shapes::StructureShape.new(name: 'GetInsightSelectorsResponse')
     GetTrailRequest = Shapes::StructureShape.new(name: 'GetTrailRequest')
     GetTrailResponse = Shapes::StructureShape.new(name: 'GetTrailResponse')
     GetTrailStatusRequest = Shapes::StructureShape.new(name: 'GetTrailStatusRequest')
     GetTrailStatusResponse = Shapes::StructureShape.new(name: 'GetTrailStatusResponse')
+    InsightNotEnabledException = Shapes::StructureShape.new(name: 'InsightNotEnabledException')
+    InsightSelector = Shapes::StructureShape.new(name: 'InsightSelector')
+    InsightSelectors = Shapes::ListShape.new(name: 'InsightSelectors')
+    InsightType = Shapes::StringShape.new(name: 'InsightType')
     InsufficientDependencyServiceAccessPermissionException = Shapes::StructureShape.new(name: 'InsufficientDependencyServiceAccessPermissionException')
     InsufficientEncryptionPolicyException = Shapes::StructureShape.new(name: 'InsufficientEncryptionPolicyException')
     InsufficientS3BucketPolicyException = Shapes::StructureShape.new(name: 'InsufficientS3BucketPolicyException')
     InsufficientSnsTopicPolicyException = Shapes::StructureShape.new(name: 'InsufficientSnsTopicPolicyException')
     InvalidCloudWatchLogsLogGroupArnException = Shapes::StructureShape.new(name: 'InvalidCloudWatchLogsLogGroupArnException')
     InvalidCloudWatchLogsRoleArnException = Shapes::StructureShape.new(name: 'InvalidCloudWatchLogsRoleArnException')
+    InvalidEventCategoryException = Shapes::StructureShape.new(name: 'InvalidEventCategoryException')
     InvalidEventSelectorsException = Shapes::StructureShape.new(name: 'InvalidEventSelectorsException')
     InvalidHomeRegionException = Shapes::StructureShape.new(name: 'InvalidHomeRegionException')
+    InvalidInsightSelectorsException = Shapes::StructureShape.new(name: 'InvalidInsightSelectorsException')
     InvalidKmsKeyIdException = Shapes::StructureShape.new(name: 'InvalidKmsKeyIdException')
     InvalidLookupAttributesException = Shapes::StructureShape.new(name: 'InvalidLookupAttributesException')
     InvalidMaxResultsException = Shapes::StructureShape.new(name: 'InvalidMaxResultsException')
@@ -83,6 +93,8 @@ module Aws::CloudTrail
     PublicKeyList = Shapes::ListShape.new(name: 'PublicKeyList')
     PutEventSelectorsRequest = Shapes::StructureShape.new(name: 'PutEventSelectorsRequest')
     PutEventSelectorsResponse = Shapes::StructureShape.new(name: 'PutEventSelectorsResponse')
+    PutInsightSelectorsRequest = Shapes::StructureShape.new(name: 'PutInsightSelectorsRequest')
+    PutInsightSelectorsResponse = Shapes::StructureShape.new(name: 'PutInsightSelectorsResponse')
     ReadWriteType = Shapes::StringShape.new(name: 'ReadWriteType')
     RemoveTagsRequest = Shapes::StructureShape.new(name: 'RemoveTagsRequest')
     RemoveTagsResponse = Shapes::StructureShape.new(name: 'RemoveTagsResponse')
@@ -183,12 +195,15 @@ module Aws::CloudTrail
     EventSelector.add_member(:read_write_type, Shapes::ShapeRef.new(shape: ReadWriteType, location_name: "ReadWriteType"))
     EventSelector.add_member(:include_management_events, Shapes::ShapeRef.new(shape: Boolean, location_name: "IncludeManagementEvents"))
     EventSelector.add_member(:data_resources, Shapes::ShapeRef.new(shape: DataResources, location_name: "DataResources"))
+    EventSelector.add_member(:exclude_management_event_sources, Shapes::ShapeRef.new(shape: ExcludeManagementEventSources, location_name: "ExcludeManagementEventSources"))
     EventSelector.struct_class = Types::EventSelector
 
     EventSelectors.member = Shapes::ShapeRef.new(shape: EventSelector)
 
     EventsList.member = Shapes::ShapeRef.new(shape: Event)
 
+    ExcludeManagementEventSources.member = Shapes::ShapeRef.new(shape: String)
+
     GetEventSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
     GetEventSelectorsRequest.struct_class = Types::GetEventSelectorsRequest
 
@@ -196,6 +211,13 @@ module Aws::CloudTrail
     GetEventSelectorsResponse.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
     GetEventSelectorsResponse.struct_class = Types::GetEventSelectorsResponse
 
+    GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
+    GetInsightSelectorsRequest.struct_class = Types::GetInsightSelectorsRequest
+
+    GetInsightSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
+    GetInsightSelectorsResponse.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, location_name: "InsightSelectors"))
+    GetInsightSelectorsResponse.struct_class = Types::GetInsightSelectorsResponse
+
     GetTrailRequest.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Name"))
     GetTrailRequest.struct_class = Types::GetTrailRequest
 
@@ -224,6 +246,11 @@ module Aws::CloudTrail
     GetTrailStatusResponse.add_member(:time_logging_stopped, Shapes::ShapeRef.new(shape: String, location_name: "TimeLoggingStopped"))
     GetTrailStatusResponse.struct_class = Types::GetTrailStatusResponse
 
+    InsightSelector.add_member(:insight_type, Shapes::ShapeRef.new(shape: InsightType, location_name: "InsightType"))
+    InsightSelector.struct_class = Types::InsightSelector
+
+    InsightSelectors.member = Shapes::ShapeRef.new(shape: InsightSelector)
+
     ListPublicKeysRequest.add_member(:start_time, Shapes::ShapeRef.new(shape: Date, location_name: "StartTime"))
     ListPublicKeysRequest.add_member(:end_time, Shapes::ShapeRef.new(shape: Date, location_name: "EndTime"))
     ListPublicKeysRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "NextToken"))
@@ -257,6 +284,7 @@ module Aws::CloudTrail
     LookupEventsRequest.add_member(:lookup_attributes, Shapes::ShapeRef.new(shape: LookupAttributesList, location_name: "LookupAttributes"))
     LookupEventsRequest.add_member(:start_time, Shapes::ShapeRef.new(shape: Date, location_name: "StartTime"))
     LookupEventsRequest.add_member(:end_time, Shapes::ShapeRef.new(shape: Date, location_name: "EndTime"))
+    LookupEventsRequest.add_member(:event_category, Shapes::ShapeRef.new(shape: EventCategory, location_name: "EventCategory"))
     LookupEventsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
     LookupEventsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     LookupEventsRequest.struct_class = Types::LookupEventsRequest
@@ -281,6 +309,14 @@ module Aws::CloudTrail
     PutEventSelectorsResponse.add_member(:event_selectors, Shapes::ShapeRef.new(shape: EventSelectors, location_name: "EventSelectors"))
     PutEventSelectorsResponse.struct_class = Types::PutEventSelectorsResponse
 
+    PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
+    PutInsightSelectorsRequest.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, required: true, location_name: "InsightSelectors"))
+    PutInsightSelectorsRequest.struct_class = Types::PutInsightSelectorsRequest
+
+    PutInsightSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
+    PutInsightSelectorsResponse.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, location_name: "InsightSelectors"))
+    PutInsightSelectorsResponse.struct_class = Types::PutInsightSelectorsResponse
+
     RemoveTagsRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "ResourceId"))
     RemoveTagsRequest.add_member(:tags_list, Shapes::ShapeRef.new(shape: TagsList, location_name: "TagsList"))
     RemoveTagsRequest.struct_class = Types::RemoveTagsRequest
@@ -331,6 +367,7 @@ module Aws::CloudTrail
     Trail.add_member(:cloud_watch_logs_role_arn, Shapes::ShapeRef.new(shape: String, location_name: "CloudWatchLogsRoleArn"))
     Trail.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: String, location_name: "KmsKeyId"))
     Trail.add_member(:has_custom_event_selectors, Shapes::ShapeRef.new(shape: Boolean, location_name: "HasCustomEventSelectors"))
+    Trail.add_member(:has_insight_selectors, Shapes::ShapeRef.new(shape: Boolean, location_name: "HasInsightSelectors"))
     Trail.add_member(:is_organization_trail, Shapes::ShapeRef.new(shape: Boolean, location_name: "IsOrganizationTrail"))
     Trail.struct_class = Types::Trail
 
@@ -467,6 +504,7 @@ module Aws::CloudTrail
         o.output = Shapes::ShapeRef.new(shape: DescribeTrailsResponse)
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
         o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
       end)
 
       api.add_operation(:get_event_selectors, Seahorse::Model::Operation.new.tap do |o|
@@ -481,6 +519,19 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
       end)
 
+      api.add_operation(:get_insight_selectors, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetInsightSelectors"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetInsightSelectorsRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetInsightSelectorsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
+        o.errors << Shapes::ShapeRef.new(shape: InsightNotEnabledException)
+      end)
+
       api.add_operation(:get_trail, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetTrail"
         o.http_method = "POST"
@@ -501,6 +552,8 @@ module Aws::CloudTrail
         o.output = Shapes::ShapeRef.new(shape: GetTrailStatusResponse)
         o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
       end)
 
       api.add_operation(:list_public_keys, Seahorse::Model::Operation.new.tap do |o|
@@ -565,6 +618,9 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: InvalidTimeRangeException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidMaxResultsException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidEventCategoryException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
         o[:pager] = Aws::Pager.new(
           limit_key: "max_results",
           tokens: {
@@ -589,6 +645,23 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: InsufficientDependencyServiceAccessPermissionException)
       end)
 
+      api.add_operation(:put_insight_selectors, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutInsightSelectors"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutInsightSelectorsRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutInsightSelectorsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidHomeRegionException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInsightSelectorsException)
+        o.errors << Shapes::ShapeRef.new(shape: InsufficientS3BucketPolicyException)
+        o.errors << Shapes::ShapeRef.new(shape: InsufficientEncryptionPolicyException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
+        o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
+      end)
+
       api.add_operation(:remove_tags, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RemoveTags"
         o.http_method = "POST"
@@ -652,6 +725,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: InvalidKmsKeyIdException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
         o.errors << Shapes::ShapeRef.new(shape: TrailNotProvidedException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidEventSelectorsException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterCombinationException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidHomeRegionException)
         o.errors << Shapes::ShapeRef.new(shape: KmsKeyNotFoundException)

data/lib/aws-sdk-cloudtrail/types.rb

@@ -301,9 +301,9 @@ module Aws::CloudTrail
 
     # The Amazon S3 buckets or AWS Lambda functions that you specify in your
     # event selectors for your trail to log data events. Data events provide
-    # insight into the resource operations performed on or within a resource
-    # itself. These are also known as data plane operations. You can specify
-    # up to 250 data resources for a trail.
+    # information about the resource operations performed on or within a
+    # resource itself. These are also known as data plane operations. You
+    # can specify up to 250 data resources for a trail.
     #
     # <note markdown="1"> The total number of allowed data resources is 250. This number can be
     # distributed between 1 and 5 event selectors, but the total cannot
@@ -503,7 +503,12 @@ module Aws::CloudTrail
     # returns an error.
     #
     # @!attribute [rw] trail_list
-    #   The list of trail objects.
+    #   The list of trail objects. Trail objects with string values are only
+    #   returned if values for the objects exist in a trail's
+    #   configuration. For example, `SNSTopicName` and `SNSTopicARN` are
+    #   only returned in results if a trail is configured to send SNS
+    #   notifications. Similarly, `KMSKeyId` only appears in results if a
+    #   trail's log files are encrypted with AWS KMS-managed keys.
     #   @return [Array<Types::Trail>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeTrailsResponse AWS API Documentation
@@ -594,6 +599,7 @@ module Aws::CloudTrail
     #             values: ["String"],
     #           },
     #         ],
+    #         exclude_management_event_sources: ["String"],
     #       }
     #
     # @!attribute [rw] read_write_type
@@ -636,12 +642,22 @@ module Aws::CloudTrail
     #   [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
     #   @return [Array<Types::DataResource>]
     #
+    # @!attribute [rw] exclude_management_event_sources
+    #   An optional list of service event sources from which you do not want
+    #   management events to be logged on your trail. In this release, the
+    #   list can be empty (disables the filter), or it can filter out AWS
+    #   Key Management Service events by containing `"kms.amazonaws.com"`.
+    #   By default, `ExcludeManagementEventSources` is empty, and AWS KMS
+    #   events are included in events that are logged to your trail.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventSelector AWS API Documentation
     #
     class EventSelector < Struct.new(
       :read_write_type,
       :include_management_events,
-      :data_resources)
+      :data_resources,
+      :exclude_management_event_sources)
       include Aws::Structure
     end
 
@@ -696,6 +712,60 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetInsightSelectorsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         trail_name: "String", # required
+    #       }
+    #
+    # @!attribute [rw] trail_name
+    #   Specifies the name of the trail or trail ARN. If you specify a trail
+    #   name, the string must meet the following requirements:
+    #
+    #   * Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
+    #     underscores (\_), or dashes (-)
+    #
+    #   * Start with a letter or number, and end with a letter or number
+    #
+    #   * Be between 3 and 128 characters
+    #
+    #   * Have no adjacent periods, underscores or dashes. Names like
+    #     `my-_namespace` and `my--namespace` are not valid.
+    #
+    #   * Not be in IP address format (for example, 192.168.5.4)
+    #
+    #   If you specify a trail ARN, it must be in the format:
+    #
+    #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsRequest AWS API Documentation
+    #
+    class GetInsightSelectorsRequest < Struct.new(
+      :trail_name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] trail_arn
+    #   The Amazon Resource Name (ARN) of a trail for which you want to get
+    #   Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #   @return [Array<Types::InsightSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsResponse AWS API Documentation
+    #
+    class GetInsightSelectorsResponse < Struct.new(
+      :trail_arn,
+      :insight_selectors)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetTrailRequest
     #   data as a hash:
     #
@@ -889,6 +959,28 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # A JSON string that contains a list of insight types that are logged on
+    # a trail.
+    #
+    # @note When making an API call, you may pass InsightSelector
+    #   data as a hash:
+    #
+    #       {
+    #         insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight
+    #       }
+    #
+    # @!attribute [rw] insight_type
+    #   The type of insights to log on a trail. In this release, only
+    #   `ApiCallRateInsight` is supported as an insight type.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
+    #
+    class InsightSelector < Struct.new(
+      :insight_type)
+      include Aws::Structure
+    end
+
     # Requests the public keys for a specified time range.
     #
     # @note When making an API call, you may pass ListPublicKeysRequest
@@ -1004,6 +1096,12 @@ module Aws::CloudTrail
     #       }
     #
     # @!attribute [rw] next_token
+    #   The token to use to get the next page of results after a previous
+    #   API call. This token must be passed in with the same parameters that
+    #   were specified in the the original call. For example, if the
+    #   original call specified an AttributeKey of 'Username' with a value
+    #   of 'root', the call with NextToken should include those same
+    #   parameters.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListTrailsRequest AWS API Documentation
@@ -1019,6 +1117,12 @@ module Aws::CloudTrail
     #   @return [Array<Types::TrailInfo>]
     #
     # @!attribute [rw] next_token
+    #   The token to use to get the next page of results after a previous
+    #   API call. If the token does not appear, there are no more results to
+    #   return. The token must be passed in with the same parameters as the
+    #   previous call. For example, if the original call specified an
+    #   AttributeKey of 'Username' with a value of 'root', the call with
+    #   NextToken should include those same parameters.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListTrailsResponse AWS API Documentation
@@ -1069,6 +1173,7 @@ module Aws::CloudTrail
     #         ],
     #         start_time: Time.now,
     #         end_time: Time.now,
+    #         event_category: "insight", # accepts insight
     #         max_results: 1,
     #         next_token: "NextToken",
     #       }
@@ -1090,6 +1195,13 @@ module Aws::CloudTrail
     #   start time, an error is returned.
     #   @return [Time]
     #
+    # @!attribute [rw] event_category
+    #   Specifies the event category. If you do not specify an event
+    #   category, events of the category are not returned in the response.
+    #   For example, if you do not specify `insight` as the value of
+    #   `EventCategory`, no Insights events are returned.
+    #   @return [String]
+    #
     # @!attribute [rw] max_results
     #   The number of events to return. Possible values are 1 through 50.
     #   The default is 50.
@@ -1110,6 +1222,7 @@ module Aws::CloudTrail
       :lookup_attributes,
       :start_time,
       :end_time,
+      :event_category,
       :max_results,
       :next_token)
       include Aws::Structure
@@ -1183,6 +1296,7 @@ module Aws::CloudTrail
     #                 values: ["String"],
     #               },
     #             ],
+    #             exclude_management_event_sources: ["String"],
     #           },
     #         ],
     #       }
@@ -1240,6 +1354,56 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutInsightSelectorsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         trail_name: "String", # required
+    #         insight_selectors: [ # required
+    #           {
+    #             insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] trail_name
+    #   The name of the CloudTrail trail for which you want to change or add
+    #   Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #   @return [Array<Types::InsightSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
+    #
+    class PutInsightSelectorsRequest < Struct.new(
+      :trail_name,
+      :insight_selectors)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] trail_arn
+    #   The Amazon Resource Name (ARN) of a trail for which you want to
+    #   change or add Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insight_selectors
+    #   A JSON string that contains the insight types you want to log on a
+    #   trail. In this release, only `ApiCallRateInsight` is supported as an
+    #   insight type.
+    #   @return [Array<Types::InsightSelector>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
+    #
+    class PutInsightSelectorsResponse < Struct.new(
+      :trail_arn,
+      :insight_selectors)
+      include Aws::Structure
+    end
+
     # Specifies the tags to remove from a trail.
     #
     # @note When making an API call, you may pass RemoveTagsRequest
@@ -1507,6 +1671,11 @@ module Aws::CloudTrail
     #   Specifies if the trail has custom event selectors.
     #   @return [Boolean]
     #
+    # @!attribute [rw] has_insight_selectors
+    #   Specifies whether a trail has insight types specified in an
+    #   `InsightSelector` list.
+    #   @return [Boolean]
+    #
     # @!attribute [rw] is_organization_trail
     #   Specifies whether the trail is an organization trail.
     #   @return [Boolean]
@@ -1528,6 +1697,7 @@ module Aws::CloudTrail
       :cloud_watch_logs_role_arn,
       :kms_key_id,
       :has_custom_event_selectors,
+      :has_insight_selectors,
       :is_organization_trail)
       include Aws::Structure
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudtrail
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.20.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-01 00:00:00.000000000 Z
+date: 2019-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core