aws-sdk-cloudtrail 1.37.0 → 1.38.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudtrail/client.rb +88 -69
- data/lib/aws-sdk-cloudtrail/types.rb +226 -177
- data/lib/aws-sdk-cloudtrail.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a7bee867497989e2495c469e8c8b443d5028c4f5335fbc49f7955a93c475106
|
4
|
+
data.tar.gz: 77964918e38d9a5956cf335babf402f8bfc8bb70a9e41bcdd4f9bf4fd8c1aec4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c84587d519bd3622971bb590b7b04b302387b64193c911ccf52753926dc38de0515f7383afe9ac4aa331ac0cb78f388cc6a8e36da93856eb105178cf6b32e0db
|
7
|
+
data.tar.gz: ba8a7e97a35a774d88e6e8417ca3bfe1bd00447497da8512b8a6be9b8e8db9b49992c3a42409a9c0697f4a2784e09d8757a57e7889283d7e07a339428c36ecbc
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.38.0
|
@@ -342,9 +342,9 @@ module Aws::CloudTrail
|
|
342
342
|
# tag key. Tag key names must be unique for a trail; you cannot have two
|
343
343
|
# keys with the same name but different values. If you specify a key
|
344
344
|
# without a value, the tag will be created with the specified key and a
|
345
|
-
# value of null. You can tag a trail that applies to all
|
346
|
-
# only from the Region in which the trail was created
|
347
|
-
# home region).
|
345
|
+
# value of null. You can tag a trail that applies to all Amazon Web
|
346
|
+
# Services Regions only from the Region in which the trail was created
|
347
|
+
# (also known as its home region).
|
348
348
|
#
|
349
349
|
# @option params [required, String] :resource_id
|
350
350
|
# Specifies the ARN of the trail to which one or more tags will be
|
@@ -353,7 +353,7 @@ module Aws::CloudTrail
|
|
353
353
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
354
354
|
#
|
355
355
|
# @option params [Array<Types::Tag>] :tags_list
|
356
|
-
# Contains a list of
|
356
|
+
# Contains a list of tags, up to a limit of 50
|
357
357
|
#
|
358
358
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
359
359
|
#
|
@@ -393,7 +393,7 @@ module Aws::CloudTrail
|
|
393
393
|
# * Be between 3 and 128 characters
|
394
394
|
#
|
395
395
|
# * Have no adjacent periods, underscores or dashes. Names like
|
396
|
-
# `my-_namespace` and `my--namespace` are
|
396
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
397
397
|
#
|
398
398
|
# * Not be in IP address format (for example, 192.168.5.4)
|
399
399
|
#
|
@@ -434,7 +434,7 @@ module Aws::CloudTrail
|
|
434
434
|
# default is false.
|
435
435
|
#
|
436
436
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
437
|
-
# files is broken after one hour. CloudTrail
|
437
|
+
# files is broken after one hour. CloudTrail does not create digest
|
438
438
|
# files for log files that were delivered during a period in which log
|
439
439
|
# file integrity validation was disabled. For example, if you enable log
|
440
440
|
# file integrity validation at noon on January 1, disable it at noon on
|
@@ -449,7 +449,7 @@ module Aws::CloudTrail
|
|
449
449
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
450
450
|
# unique identifier that represents the log group to which CloudTrail
|
451
451
|
# logs will be delivered. Not required unless you specify
|
452
|
-
# CloudWatchLogsRoleArn
|
452
|
+
# `CloudWatchLogsRoleArn`.
|
453
453
|
#
|
454
454
|
# @option params [String] :cloud_watch_logs_role_arn
|
455
455
|
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
@@ -461,6 +461,10 @@ module Aws::CloudTrail
|
|
461
461
|
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
462
462
|
# globally unique identifier.
|
463
463
|
#
|
464
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
465
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the *Key
|
466
|
+
# Management Service Developer Guide*.
|
467
|
+
#
|
464
468
|
# Examples:
|
465
469
|
#
|
466
470
|
# * alias/MyAliasName
|
@@ -471,12 +475,16 @@ module Aws::CloudTrail
|
|
471
475
|
#
|
472
476
|
# * 12345678-1234-1234-1234-123456789012
|
473
477
|
#
|
478
|
+
#
|
479
|
+
#
|
480
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
481
|
+
#
|
474
482
|
# @option params [Boolean] :is_organization_trail
|
475
483
|
# Specifies whether the trail is created for all accounts in an
|
476
|
-
# organization in
|
477
|
-
# account. The default is false, and cannot be true unless the
|
478
|
-
# made on behalf of an
|
479
|
-
# organization in
|
484
|
+
# organization in Organizations, or only for the current Amazon Web
|
485
|
+
# Services account. The default is false, and cannot be true unless the
|
486
|
+
# call is made on behalf of an Amazon Web Services account that is the
|
487
|
+
# management account for an organization in Organizations.
|
480
488
|
#
|
481
489
|
# @option params [Array<Types::Tag>] :tags_list
|
482
490
|
# A list of tags.
|
@@ -551,7 +559,7 @@ module Aws::CloudTrail
|
|
551
559
|
#
|
552
560
|
# @option params [required, String] :name
|
553
561
|
# Specifies the name or the CloudTrail ARN of the trail to be deleted.
|
554
|
-
# The format of a trail ARN
|
562
|
+
# The following is the format of a trail ARN.
|
555
563
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
556
564
|
#
|
557
565
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
@@ -659,7 +667,7 @@ module Aws::CloudTrail
|
|
659
667
|
# you are logging data events.
|
660
668
|
#
|
661
669
|
# For more information, see [Logging Data and Management Events for
|
662
|
-
# Trails ][1] in the *
|
670
|
+
# Trails ][1] in the *CloudTrail User Guide*.
|
663
671
|
#
|
664
672
|
#
|
665
673
|
#
|
@@ -743,7 +751,7 @@ module Aws::CloudTrail
|
|
743
751
|
# exception `InsightNotEnabledException`
|
744
752
|
#
|
745
753
|
# For more information, see [Logging CloudTrail Insights Events for
|
746
|
-
# Trails ][1] in the *
|
754
|
+
# Trails ][1] in the *CloudTrail User Guide*.
|
747
755
|
#
|
748
756
|
#
|
749
757
|
#
|
@@ -850,7 +858,7 @@ module Aws::CloudTrail
|
|
850
858
|
# Specifies the name or the CloudTrail ARN of the trail for which you
|
851
859
|
# are requesting status. To get the status of a shadow trail (a
|
852
860
|
# replication of the trail in another region), you must specify its ARN.
|
853
|
-
# The format of a trail ARN
|
861
|
+
# The following is the format of a trail ARN.
|
854
862
|
#
|
855
863
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
856
864
|
#
|
@@ -914,10 +922,10 @@ module Aws::CloudTrail
|
|
914
922
|
# to validate digest files that were signed with its corresponding
|
915
923
|
# private key.
|
916
924
|
#
|
917
|
-
# <note markdown="1"> CloudTrail uses different private
|
918
|
-
# digest file is signed with a private key unique to its region.
|
919
|
-
#
|
920
|
-
#
|
925
|
+
# <note markdown="1"> CloudTrail uses different private and public key pairs per region.
|
926
|
+
# Each digest file is signed with a private key unique to its region.
|
927
|
+
# When you validate a digest file from a specific region, you must look
|
928
|
+
# in the same region for its corresponding public key.
|
921
929
|
#
|
922
930
|
# </note>
|
923
931
|
#
|
@@ -971,7 +979,7 @@ module Aws::CloudTrail
|
|
971
979
|
#
|
972
980
|
# @option params [required, Array<String>] :resource_id_list
|
973
981
|
# Specifies a list of trail ARNs whose tags will be listed. The list has
|
974
|
-
# a limit of 20 ARNs. The format of a trail ARN
|
982
|
+
# a limit of 20 ARNs. The following is the format of a trail ARN.
|
975
983
|
#
|
976
984
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
977
985
|
#
|
@@ -1054,7 +1062,7 @@ module Aws::CloudTrail
|
|
1054
1062
|
# in a region within the last 90 days. Lookup supports the following
|
1055
1063
|
# attributes for management events:
|
1056
1064
|
#
|
1057
|
-
# *
|
1065
|
+
# * Amazon Web Services access key
|
1058
1066
|
#
|
1059
1067
|
# * Event ID
|
1060
1068
|
#
|
@@ -1204,7 +1212,7 @@ module Aws::CloudTrail
|
|
1204
1212
|
#
|
1205
1213
|
# You can configure up to five event selectors for each trail. For more
|
1206
1214
|
# information, see [Logging data and management events for trails ][1]
|
1207
|
-
# and [Quotas in
|
1215
|
+
# and [Quotas in CloudTrail][2] in the *CloudTrail User Guide*.
|
1208
1216
|
#
|
1209
1217
|
# You can add advanced event selectors, and conditions for your advanced
|
1210
1218
|
# event selectors, up to a maximum of 500 values for all conditions and
|
@@ -1212,7 +1220,7 @@ module Aws::CloudTrail
|
|
1212
1220
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
1213
1221
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
1214
1222
|
# information about advanced event selectors, see [Logging data events
|
1215
|
-
# for trails][3] in the *
|
1223
|
+
# for trails][3] in the *CloudTrail User Guide*.
|
1216
1224
|
#
|
1217
1225
|
#
|
1218
1226
|
#
|
@@ -1232,11 +1240,11 @@ module Aws::CloudTrail
|
|
1232
1240
|
# * Be between 3 and 128 characters
|
1233
1241
|
#
|
1234
1242
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1235
|
-
# `my-_namespace` and `my--namespace` are
|
1243
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1236
1244
|
#
|
1237
1245
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1238
1246
|
#
|
1239
|
-
# If you specify a trail ARN, it must be in the format
|
1247
|
+
# If you specify a trail ARN, it must be in the following format.
|
1240
1248
|
#
|
1241
1249
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1242
1250
|
#
|
@@ -1255,7 +1263,7 @@ module Aws::CloudTrail
|
|
1255
1263
|
# `EventSelectors`, but not both. If you apply `AdvancedEventSelectors`
|
1256
1264
|
# to a trail, any existing `EventSelectors` are overwritten. For more
|
1257
1265
|
# information about advanced event selectors, see [Logging data events
|
1258
|
-
# for trails][1] in the *
|
1266
|
+
# for trails][1] in the *CloudTrail User Guide*.
|
1259
1267
|
#
|
1260
1268
|
#
|
1261
1269
|
#
|
@@ -1343,17 +1351,17 @@ module Aws::CloudTrail
|
|
1343
1351
|
# Lets you enable Insights event logging by specifying the Insights
|
1344
1352
|
# selectors that you want to enable on an existing trail. You also use
|
1345
1353
|
# `PutInsightSelectors` to turn off Insights event logging, by passing
|
1346
|
-
# an empty list of insight types.
|
1347
|
-
#
|
1354
|
+
# an empty list of insight types. The valid Insights event type in this
|
1355
|
+
# release is `ApiCallRateInsight`.
|
1348
1356
|
#
|
1349
1357
|
# @option params [required, String] :trail_name
|
1350
1358
|
# The name of the CloudTrail trail for which you want to change or add
|
1351
1359
|
# Insights selectors.
|
1352
1360
|
#
|
1353
1361
|
# @option params [required, Array<Types::InsightSelector>] :insight_selectors
|
1354
|
-
# A JSON string that contains the
|
1355
|
-
# trail.
|
1356
|
-
#
|
1362
|
+
# A JSON string that contains the Insights types that you want to log on
|
1363
|
+
# a trail. The valid Insights type in this release is
|
1364
|
+
# `ApiCallRateInsight`.
|
1357
1365
|
#
|
1358
1366
|
# @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1359
1367
|
#
|
@@ -1420,15 +1428,17 @@ module Aws::CloudTrail
|
|
1420
1428
|
req.send_request(options)
|
1421
1429
|
end
|
1422
1430
|
|
1423
|
-
# Starts the recording of
|
1424
|
-
# trail. For a trail that is enabled in all regions, this
|
1425
|
-
# be called from the region in which the trail was
|
1426
|
-
# operation cannot be called on the shadow trails
|
1427
|
-
# other regions) of a trail that is enabled in all
|
1431
|
+
# Starts the recording of Amazon Web Services API calls and log file
|
1432
|
+
# delivery for a trail. For a trail that is enabled in all regions, this
|
1433
|
+
# operation must be called from the region in which the trail was
|
1434
|
+
# created. This operation cannot be called on the shadow trails
|
1435
|
+
# (replicated trails in other regions) of a trail that is enabled in all
|
1436
|
+
# regions.
|
1428
1437
|
#
|
1429
1438
|
# @option params [required, String] :name
|
1430
1439
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
1431
|
-
# CloudTrail logs
|
1440
|
+
# CloudTrail logs Amazon Web Services API calls. The following is the
|
1441
|
+
# format of a trail ARN.
|
1432
1442
|
#
|
1433
1443
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1434
1444
|
#
|
@@ -1449,19 +1459,20 @@ module Aws::CloudTrail
|
|
1449
1459
|
req.send_request(options)
|
1450
1460
|
end
|
1451
1461
|
|
1452
|
-
# Suspends the recording of
|
1453
|
-
# specified trail. Under most circumstances, there is
|
1454
|
-
# this action. You can update a trail without stopping it
|
1455
|
-
# action is the only way to stop recording. For a trail
|
1456
|
-
# regions, this operation must be called from the region
|
1457
|
-
# trail was created, or an `InvalidHomeRegionException`
|
1458
|
-
# operation cannot be called on the shadow trails
|
1459
|
-
# other regions) of a trail enabled in all
|
1462
|
+
# Suspends the recording of Amazon Web Services API calls and log file
|
1463
|
+
# delivery for the specified trail. Under most circumstances, there is
|
1464
|
+
# no need to use this action. You can update a trail without stopping it
|
1465
|
+
# first. This action is the only way to stop recording. For a trail
|
1466
|
+
# enabled in all regions, this operation must be called from the region
|
1467
|
+
# in which the trail was created, or an `InvalidHomeRegionException`
|
1468
|
+
# will occur. This operation cannot be called on the shadow trails
|
1469
|
+
# (replicated trails in other regions) of a trail enabled in all
|
1470
|
+
# regions.
|
1460
1471
|
#
|
1461
1472
|
# @option params [required, String] :name
|
1462
1473
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
1463
|
-
# CloudTrail will stop logging
|
1464
|
-
# is
|
1474
|
+
# CloudTrail will stop logging Amazon Web Services API calls. The
|
1475
|
+
# following is the format of a trail ARN.
|
1465
1476
|
#
|
1466
1477
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1467
1478
|
#
|
@@ -1482,13 +1493,13 @@ module Aws::CloudTrail
|
|
1482
1493
|
req.send_request(options)
|
1483
1494
|
end
|
1484
1495
|
|
1485
|
-
# Updates
|
1486
|
-
#
|
1487
|
-
#
|
1488
|
-
# bucket
|
1489
|
-
#
|
1490
|
-
# region in which the trail was
|
1491
|
-
# `InvalidHomeRegionException` is thrown.
|
1496
|
+
# Updates trail settings that control what events you are logging, and
|
1497
|
+
# how to handle log files. Changes to a trail do not require stopping
|
1498
|
+
# the CloudTrail service. Use this action to designate an existing
|
1499
|
+
# bucket for log delivery. If the existing bucket has previously been a
|
1500
|
+
# target for CloudTrail log files, an IAM policy exists for the bucket.
|
1501
|
+
# `UpdateTrail` must be called from the region in which the trail was
|
1502
|
+
# created; otherwise, an `InvalidHomeRegionException` is thrown.
|
1492
1503
|
#
|
1493
1504
|
# @option params [required, String] :name
|
1494
1505
|
# Specifies the name of the trail or trail ARN. If `Name` is a trail
|
@@ -1502,11 +1513,11 @@ module Aws::CloudTrail
|
|
1502
1513
|
# * Be between 3 and 128 characters
|
1503
1514
|
#
|
1504
1515
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1505
|
-
# `my-_namespace` and `my--namespace` are
|
1516
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1506
1517
|
#
|
1507
1518
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1508
1519
|
#
|
1509
|
-
# If `Name` is a trail ARN, it must be in the format
|
1520
|
+
# If `Name` is a trail ARN, it must be in the following format.
|
1510
1521
|
#
|
1511
1522
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1512
1523
|
#
|
@@ -1551,7 +1562,7 @@ module Aws::CloudTrail
|
|
1551
1562
|
# false.
|
1552
1563
|
#
|
1553
1564
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
1554
|
-
# files is broken after one hour. CloudTrail
|
1565
|
+
# files is broken after one hour. CloudTrail does not create digest
|
1555
1566
|
# files for log files that were delivered during a period in which log
|
1556
1567
|
# file integrity validation was disabled. For example, if you enable log
|
1557
1568
|
# file integrity validation at noon on January 1, disable it at noon on
|
@@ -1565,8 +1576,8 @@ module Aws::CloudTrail
|
|
1565
1576
|
# @option params [String] :cloud_watch_logs_log_group_arn
|
1566
1577
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
1567
1578
|
# unique identifier that represents the log group to which CloudTrail
|
1568
|
-
# logs
|
1569
|
-
# CloudWatchLogsRoleArn
|
1579
|
+
# logs are delivered. Not required unless you specify
|
1580
|
+
# `CloudWatchLogsRoleArn`.
|
1570
1581
|
#
|
1571
1582
|
# @option params [String] :cloud_watch_logs_role_arn
|
1572
1583
|
# Specifies the role for the CloudWatch Logs endpoint to assume to write
|
@@ -1578,6 +1589,10 @@ module Aws::CloudTrail
|
|
1578
1589
|
# fully specified ARN to an alias, a fully specified ARN to a key, or a
|
1579
1590
|
# globally unique identifier.
|
1580
1591
|
#
|
1592
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
1593
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the *Key
|
1594
|
+
# Management Service Developer Guide*.
|
1595
|
+
#
|
1581
1596
|
# Examples:
|
1582
1597
|
#
|
1583
1598
|
# * alias/MyAliasName
|
@@ -1588,17 +1603,21 @@ module Aws::CloudTrail
|
|
1588
1603
|
#
|
1589
1604
|
# * 12345678-1234-1234-1234-123456789012
|
1590
1605
|
#
|
1606
|
+
#
|
1607
|
+
#
|
1608
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
1609
|
+
#
|
1591
1610
|
# @option params [Boolean] :is_organization_trail
|
1592
1611
|
# Specifies whether the trail is applied to all accounts in an
|
1593
|
-
# organization in
|
1594
|
-
# account. The default is false, and cannot be true unless the
|
1595
|
-
# made on behalf of an
|
1596
|
-
# organization in
|
1597
|
-
# trail and this is set to true
|
1598
|
-
#
|
1599
|
-
# organization
|
1600
|
-
# the
|
1601
|
-
# organization.
|
1612
|
+
# organization in Organizations, or only for the current Amazon Web
|
1613
|
+
# Services account. The default is false, and cannot be true unless the
|
1614
|
+
# call is made on behalf of an Amazon Web Services account that is the
|
1615
|
+
# management account for an organization in Organizations. If the trail
|
1616
|
+
# is not an organization trail and this is set to `true`, the trail will
|
1617
|
+
# be created in all Amazon Web Services accounts that belong to the
|
1618
|
+
# organization. If the trail is an organization trail and this is set to
|
1619
|
+
# `false`, the trail will remain in the current Amazon Web Services
|
1620
|
+
# account but be deleted from all member accounts in the organization.
|
1602
1621
|
#
|
1603
1622
|
# @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1604
1623
|
#
|
@@ -1670,7 +1689,7 @@ module Aws::CloudTrail
|
|
1670
1689
|
params: params,
|
1671
1690
|
config: config)
|
1672
1691
|
context[:gem_name] = 'aws-sdk-cloudtrail'
|
1673
|
-
context[:gem_version] = '1.
|
1692
|
+
context[:gem_version] = '1.38.0'
|
1674
1693
|
Seahorse::Client::Request.new(handlers, context)
|
1675
1694
|
end
|
1676
1695
|
|
@@ -33,7 +33,7 @@ module Aws::CloudTrail
|
|
33
33
|
# @return [String]
|
34
34
|
#
|
35
35
|
# @!attribute [rw] tags_list
|
36
|
-
# Contains a list of
|
36
|
+
# Contains a list of tags, up to a limit of 50
|
37
37
|
# @return [Array<Types::Tag>]
|
38
38
|
#
|
39
39
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AddTagsRequest AWS API Documentation
|
@@ -45,18 +45,18 @@ module Aws::CloudTrail
|
|
45
45
|
include Aws::Structure
|
46
46
|
end
|
47
47
|
|
48
|
-
# Returns the objects or data
|
49
|
-
#
|
48
|
+
# Returns the objects or data if successful. Otherwise, returns an
|
49
|
+
# error.
|
50
50
|
#
|
51
51
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AddTagsResponse AWS API Documentation
|
52
52
|
#
|
53
53
|
class AddTagsResponse < Aws::EmptyStructure; end
|
54
54
|
|
55
55
|
# Advanced event selectors let you create fine-grained selectors for the
|
56
|
-
# following
|
57
|
-
#
|
56
|
+
# following CloudTrail event record fields. They help you control costs
|
57
|
+
# by logging only those events that are important to you. For more
|
58
58
|
# information about advanced event selectors, see [Logging data events
|
59
|
-
# for trails][1] in the *
|
59
|
+
# for trails][1] in the *CloudTrail User Guide*.
|
60
60
|
#
|
61
61
|
# * `readOnly`
|
62
62
|
#
|
@@ -144,8 +144,8 @@ module Aws::CloudTrail
|
|
144
144
|
#
|
145
145
|
# * <b> <code>eventName</code> </b> - Can use any operator. You can
|
146
146
|
# use it to filter in or filter out any data event logged to
|
147
|
-
# CloudTrail, such as `PutBucket`. You can
|
148
|
-
# this field, separated by commas.
|
147
|
+
# CloudTrail, such as `PutBucket` or `GetSnapshotBlock`. You can
|
148
|
+
# have multiple values for this field, separated by commas.
|
149
149
|
#
|
150
150
|
# * <b> <code>eventCategory</code> </b> - This is required. It must be
|
151
151
|
# set to `Equals`, and the value must be `Management` or `Data`.
|
@@ -153,11 +153,12 @@ module Aws::CloudTrail
|
|
153
153
|
# * <b> <code>resources.type</code> </b> - This field is required.
|
154
154
|
# `resources.type` can only use the `Equals` operator, and the value
|
155
155
|
# can be one of the following: `AWS::S3::Object`,
|
156
|
-
# `AWS::
|
157
|
-
# `AWS::
|
158
|
-
# `AWS::
|
159
|
-
# `
|
160
|
-
#
|
156
|
+
# `AWS::S3::AccessPoint`, `AWS::Lambda::Function`,
|
157
|
+
# `AWS::DynamoDB::Table`, `AWS::S3Outposts::Object`,
|
158
|
+
# `AWS::ManagedBlockchain::Node`,
|
159
|
+
# `AWS::S3ObjectLambda::AccessPoint`, or `AWS::EC2::Snapshot`. You
|
160
|
+
# can have only one `resources.type` field per selector. To log data
|
161
|
+
# events on more than one resource type, add another selector.
|
161
162
|
#
|
162
163
|
# * <b> <code>resources.ARN</code> </b> - You can use any operator
|
163
164
|
# with resources.ARN, but if you use `Equals` or `NotEquals`, the
|
@@ -168,17 +169,30 @@ module Aws::CloudTrail
|
|
168
169
|
# for all objects in a specific S3 bucket, use the `StartsWith`
|
169
170
|
# operator, and include only the bucket ARN as the matching value.
|
170
171
|
#
|
171
|
-
# The trailing slash is intentional; do not exclude it.
|
172
|
+
# The trailing slash is intentional; do not exclude it. Replace the
|
173
|
+
# text between less than and greater than symbols (<>) with
|
174
|
+
# resource-specific information.
|
175
|
+
#
|
176
|
+
# * `arn:<partition>:s3:::<bucket_name>/`
|
172
177
|
#
|
173
|
-
# * `arn
|
178
|
+
# * `arn:<partition>:s3:::<bucket_name>/<object_path>/`
|
174
179
|
#
|
175
|
-
#
|
180
|
+
# When `resources.type` equals `AWS::S3::AccessPoint`, and the
|
181
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in one
|
182
|
+
# of the following formats. To log events on all objects in an S3
|
183
|
+
# access point, we recommend that you use only the access point ARN,
|
184
|
+
# don’t include the object path, and use the `StartsWith` or
|
185
|
+
# `NotStartsWith` operators.
|
186
|
+
#
|
187
|
+
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`
|
188
|
+
#
|
189
|
+
# * `arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`
|
176
190
|
#
|
177
191
|
# When resources.type equals `AWS::Lambda::Function`, and the
|
178
192
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
179
193
|
# following format:
|
180
194
|
#
|
181
|
-
# * `arn
|
195
|
+
# * `arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`
|
182
196
|
#
|
183
197
|
# ^
|
184
198
|
#
|
@@ -186,7 +200,7 @@ module Aws::CloudTrail
|
|
186
200
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
187
201
|
# following format:
|
188
202
|
#
|
189
|
-
# * `arn
|
203
|
+
# * `arn:<partition>:dynamodb:<region>:<account_ID>:table:<table_name>`
|
190
204
|
#
|
191
205
|
# ^
|
192
206
|
#
|
@@ -194,7 +208,7 @@ module Aws::CloudTrail
|
|
194
208
|
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
195
209
|
# following format:
|
196
210
|
#
|
197
|
-
# * `arn
|
211
|
+
# * `arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`
|
198
212
|
#
|
199
213
|
# ^
|
200
214
|
#
|
@@ -202,7 +216,7 @@ module Aws::CloudTrail
|
|
202
216
|
# the operator is set to `Equals` or `NotEquals`, the ARN must be in
|
203
217
|
# the following format:
|
204
218
|
#
|
205
|
-
# * `arn
|
219
|
+
# * `arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`
|
206
220
|
#
|
207
221
|
# ^
|
208
222
|
#
|
@@ -210,7 +224,15 @@ module Aws::CloudTrail
|
|
210
224
|
# and the operator is set to `Equals` or `NotEquals`, the ARN must
|
211
225
|
# be in the following format:
|
212
226
|
#
|
213
|
-
# * `arn
|
227
|
+
# * `arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`
|
228
|
+
#
|
229
|
+
# ^
|
230
|
+
#
|
231
|
+
# When `resources.type` equals `AWS::EC2::Snapshot`, and the
|
232
|
+
# operator is set to `Equals` or `NotEquals`, the ARN must be in the
|
233
|
+
# following format:
|
234
|
+
#
|
235
|
+
# * `arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`
|
214
236
|
#
|
215
237
|
# ^
|
216
238
|
# @return [String]
|
@@ -261,8 +283,8 @@ module Aws::CloudTrail
|
|
261
283
|
include Aws::Structure
|
262
284
|
end
|
263
285
|
|
264
|
-
# This exception is thrown when an operation is called with
|
265
|
-
#
|
286
|
+
# This exception is thrown when an operation is called with a trail ARN
|
287
|
+
# that is not valid. The following is the format of a trail ARN.
|
266
288
|
#
|
267
289
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
268
290
|
#
|
@@ -271,9 +293,9 @@ module Aws::CloudTrail
|
|
271
293
|
class CloudTrailARNInvalidException < Aws::EmptyStructure; end
|
272
294
|
|
273
295
|
# This exception is thrown when trusted access has not been enabled
|
274
|
-
# between
|
275
|
-
#
|
276
|
-
# For Creating a Trail For Your Organization][2].
|
296
|
+
# between CloudTrail and Organizations. For more information, see
|
297
|
+
# [Enabling Trusted Access with Other Amazon Web Services Services][1]
|
298
|
+
# and [Prepare For Creating a Trail For Your Organization][2].
|
277
299
|
#
|
278
300
|
#
|
279
301
|
#
|
@@ -287,7 +309,7 @@ module Aws::CloudTrail
|
|
287
309
|
# This exception is thrown when a call results in the
|
288
310
|
# `InvalidClientTokenId` error code. This can occur when you are
|
289
311
|
# creating or updating a trail to send notifications to an Amazon SNS
|
290
|
-
# topic that is in a suspended
|
312
|
+
# topic that is in a suspended Amazon Web Services account.
|
291
313
|
#
|
292
314
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CloudTrailInvalidClientTokenIdException AWS API Documentation
|
293
315
|
#
|
@@ -346,7 +368,7 @@ module Aws::CloudTrail
|
|
346
368
|
# * Be between 3 and 128 characters
|
347
369
|
#
|
348
370
|
# * Have no adjacent periods, underscores or dashes. Names like
|
349
|
-
# `my-_namespace` and `my--namespace` are
|
371
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
350
372
|
#
|
351
373
|
# * Not be in IP address format (for example, 192.168.5.4)
|
352
374
|
# @return [String]
|
@@ -393,7 +415,7 @@ module Aws::CloudTrail
|
|
393
415
|
# default is false.
|
394
416
|
#
|
395
417
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
396
|
-
# files is broken after one hour. CloudTrail
|
418
|
+
# files is broken after one hour. CloudTrail does not create digest
|
397
419
|
# files for log files that were delivered during a period in which log
|
398
420
|
# file integrity validation was disabled. For example, if you enable
|
399
421
|
# log file integrity validation at noon on January 1, disable it at
|
@@ -409,7 +431,7 @@ module Aws::CloudTrail
|
|
409
431
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
410
432
|
# unique identifier that represents the log group to which CloudTrail
|
411
433
|
# logs will be delivered. Not required unless you specify
|
412
|
-
# CloudWatchLogsRoleArn
|
434
|
+
# `CloudWatchLogsRoleArn`.
|
413
435
|
# @return [String]
|
414
436
|
#
|
415
437
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -423,6 +445,10 @@ module Aws::CloudTrail
|
|
423
445
|
# fully specified ARN to an alias, a fully specified ARN to a key, or
|
424
446
|
# a globally unique identifier.
|
425
447
|
#
|
448
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
449
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the
|
450
|
+
# *Key Management Service Developer Guide*.
|
451
|
+
#
|
426
452
|
# Examples:
|
427
453
|
#
|
428
454
|
# * alias/MyAliasName
|
@@ -432,14 +458,18 @@ module Aws::CloudTrail
|
|
432
458
|
# * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
|
433
459
|
#
|
434
460
|
# * 12345678-1234-1234-1234-123456789012
|
461
|
+
#
|
462
|
+
#
|
463
|
+
#
|
464
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
435
465
|
# @return [String]
|
436
466
|
#
|
437
467
|
# @!attribute [rw] is_organization_trail
|
438
468
|
# Specifies whether the trail is created for all accounts in an
|
439
|
-
# organization in
|
440
|
-
# account. The default is false, and cannot be true unless
|
441
|
-
# made on behalf of an
|
442
|
-
# organization in
|
469
|
+
# organization in Organizations, or only for the current Amazon Web
|
470
|
+
# Services account. The default is false, and cannot be true unless
|
471
|
+
# the call is made on behalf of an Amazon Web Services account that is
|
472
|
+
# the management account for an organization in Organizations.
|
443
473
|
# @return [Boolean]
|
444
474
|
#
|
445
475
|
# @!attribute [rw] tags_list
|
@@ -532,7 +562,7 @@ module Aws::CloudTrail
|
|
532
562
|
# @!attribute [rw] kms_key_id
|
533
563
|
# Specifies the KMS key ID that encrypts the logs delivered by
|
534
564
|
# CloudTrail. The value is a fully specified ARN to a KMS key in the
|
535
|
-
# format
|
565
|
+
# following format.
|
536
566
|
#
|
537
567
|
# `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
|
538
568
|
# @return [String]
|
@@ -561,7 +591,7 @@ module Aws::CloudTrail
|
|
561
591
|
include Aws::Structure
|
562
592
|
end
|
563
593
|
|
564
|
-
# The Amazon S3 buckets,
|
594
|
+
# The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables
|
565
595
|
# that you specify in your event selectors for your trail to log data
|
566
596
|
# events. Data events provide information about the resource operations
|
567
597
|
# performed on or within a resource itself. These are also known as data
|
@@ -599,22 +629,22 @@ module Aws::CloudTrail
|
|
599
629
|
# trail doesn’t log the event.
|
600
630
|
#
|
601
631
|
# The following example demonstrates how logging works when you
|
602
|
-
# configure logging of
|
603
|
-
#
|
632
|
+
# configure logging of Lambda data events for a Lambda function named
|
633
|
+
# *MyLambdaFunction*, but not for all Lambda functions.
|
604
634
|
#
|
605
635
|
# 1. A user runs a script that includes a call to the
|
606
636
|
# *MyLambdaFunction* function and the *MyOtherLambdaFunction*
|
607
637
|
# function.
|
608
638
|
#
|
609
|
-
# 2. The `Invoke` API operation on *MyLambdaFunction* is an
|
610
|
-
#
|
639
|
+
# 2. The `Invoke` API operation on *MyLambdaFunction* is an Lambda API.
|
640
|
+
# It is recorded as a data event in CloudTrail. Because the
|
611
641
|
# CloudTrail user specified logging data events for
|
612
642
|
# *MyLambdaFunction*, any invocations of that function are logged.
|
613
643
|
# The trail processes and logs the event.
|
614
644
|
#
|
615
|
-
# 3. The `Invoke` API operation on *MyOtherLambdaFunction* is an
|
616
|
-
#
|
617
|
-
#
|
645
|
+
# 3. The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda
|
646
|
+
# API. Because the CloudTrail user did not specify logging data
|
647
|
+
# events for all Lambda functions, the `Invoke` operation for
|
618
648
|
# *MyOtherLambdaFunction* does not match the function specified for
|
619
649
|
# the trail. The trail doesn’t log the event.
|
620
650
|
#
|
@@ -631,22 +661,24 @@ module Aws::CloudTrail
|
|
631
661
|
# specify `AWS::S3::Object`, `AWS::Lambda::Function`, or
|
632
662
|
# `AWS::DynamoDB::Table` resources.
|
633
663
|
#
|
634
|
-
# The `AWS::S3Outposts::Object`, `AWS::ManagedBlockchain::Node`,
|
635
|
-
# `AWS::S3ObjectLambda::AccessPoint
|
636
|
-
# basic event selectors. To log data
|
637
|
-
# use advanced event selectors.
|
664
|
+
# The `AWS::S3Outposts::Object`, `AWS::ManagedBlockchain::Node`,
|
665
|
+
# `AWS::S3ObjectLambda::AccessPoint`, and `AWS::EC2::Snapshot`
|
666
|
+
# resource types are not valid in basic event selectors. To log data
|
667
|
+
# events on these resource types, use advanced event selectors.
|
638
668
|
# @return [String]
|
639
669
|
#
|
640
670
|
# @!attribute [rw] values
|
641
671
|
# An array of Amazon Resource Name (ARN) strings or partial ARN
|
642
672
|
# strings for the specified objects.
|
643
673
|
#
|
644
|
-
# * To log data events for all objects in all S3 buckets in your
|
645
|
-
# account, specify the prefix as
|
674
|
+
# * To log data events for all objects in all S3 buckets in your
|
675
|
+
# Amazon Web Services account, specify the prefix as
|
676
|
+
# `arn:aws:s3:::`.
|
646
677
|
#
|
647
|
-
# <note markdown="1"> This
|
648
|
-
#
|
649
|
-
# performed on a bucket that belongs to another
|
678
|
+
# <note markdown="1"> This also enables logging of data event activity performed by any
|
679
|
+
# user or role in your Amazon Web Services account, even if that
|
680
|
+
# activity is performed on a bucket that belongs to another Amazon
|
681
|
+
# Web Services account.
|
650
682
|
#
|
651
683
|
# </note>
|
652
684
|
#
|
@@ -660,12 +692,13 @@ module Aws::CloudTrail
|
|
660
692
|
# trail logs data events for objects in this S3 bucket that match
|
661
693
|
# the prefix.
|
662
694
|
#
|
663
|
-
# * To log data events for all Lambda functions in your
|
664
|
-
# specify the prefix as `arn:aws:lambda`.
|
695
|
+
# * To log data events for all Lambda functions in your Amazon Web
|
696
|
+
# Services account, specify the prefix as `arn:aws:lambda`.
|
665
697
|
#
|
666
|
-
# <note markdown="1"> This
|
667
|
-
#
|
668
|
-
# performed on a function that belongs to another
|
698
|
+
# <note markdown="1"> This also enables logging of `Invoke` activity performed by any
|
699
|
+
# user or role in your Amazon Web Services account, even if that
|
700
|
+
# activity is performed on a function that belongs to another Amazon
|
701
|
+
# Web Services account.
|
669
702
|
#
|
670
703
|
# </note>
|
671
704
|
#
|
@@ -682,8 +715,8 @@ module Aws::CloudTrail
|
|
682
715
|
#
|
683
716
|
# </note>
|
684
717
|
#
|
685
|
-
# * To log data events for all DynamoDB tables in your
|
686
|
-
# specify the prefix as `arn:aws:dynamodb`.
|
718
|
+
# * To log data events for all DynamoDB tables in your Amazon Web
|
719
|
+
# Services account, specify the prefix as `arn:aws:dynamodb`.
|
687
720
|
# @return [Array<String>]
|
688
721
|
#
|
689
722
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DataResource AWS API Documentation
|
@@ -706,7 +739,7 @@ module Aws::CloudTrail
|
|
706
739
|
#
|
707
740
|
# @!attribute [rw] name
|
708
741
|
# Specifies the name or the CloudTrail ARN of the trail to be deleted.
|
709
|
-
# The format of a trail ARN
|
742
|
+
# The following is the format of a trail ARN.
|
710
743
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
711
744
|
# @return [String]
|
712
745
|
#
|
@@ -787,7 +820,7 @@ module Aws::CloudTrail
|
|
787
820
|
# configuration. For example, `SNSTopicName` and `SNSTopicARN` are
|
788
821
|
# only returned in results if a trail is configured to send SNS
|
789
822
|
# notifications. Similarly, `KMSKeyId` only appears in results if a
|
790
|
-
# trail's log files are encrypted with
|
823
|
+
# trail's log files are encrypted with KMS customer managed keys.
|
791
824
|
# @return [Array<Types::Trail>]
|
792
825
|
#
|
793
826
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeTrailsResponse AWS API Documentation
|
@@ -815,9 +848,9 @@ module Aws::CloudTrail
|
|
815
848
|
# @return [String]
|
816
849
|
#
|
817
850
|
# @!attribute [rw] access_key_id
|
818
|
-
# The
|
819
|
-
# request was made with temporary security
|
820
|
-
# access key ID of the temporary credentials.
|
851
|
+
# The Amazon Web Services access key ID that was used to sign the
|
852
|
+
# request. If the request was made with temporary security
|
853
|
+
# credentials, this is the access key ID of the temporary credentials.
|
821
854
|
# @return [String]
|
822
855
|
#
|
823
856
|
# @!attribute [rw] event_time
|
@@ -825,7 +858,7 @@ module Aws::CloudTrail
|
|
825
858
|
# @return [Time]
|
826
859
|
#
|
827
860
|
# @!attribute [rw] event_source
|
828
|
-
# The
|
861
|
+
# The Amazon Web Services service to which the request was made.
|
829
862
|
# @return [String]
|
830
863
|
#
|
831
864
|
# @!attribute [rw] username
|
@@ -899,15 +932,15 @@ module Aws::CloudTrail
|
|
899
932
|
# Specify if you want your event selector to include management events
|
900
933
|
# for your trail.
|
901
934
|
#
|
902
|
-
# For more information, see [Management Events][1] in the *
|
903
|
-
#
|
935
|
+
# For more information, see [Management Events][1] in the *CloudTrail
|
936
|
+
# User Guide*.
|
904
937
|
#
|
905
938
|
# By default, the value is `true`.
|
906
939
|
#
|
907
940
|
# The first copy of management events is free. You are charged for
|
908
941
|
# additional copies of management events that you are logging on any
|
909
942
|
# subsequent trail in the same region. For more information about
|
910
|
-
# CloudTrail pricing, see [
|
943
|
+
# CloudTrail pricing, see [CloudTrail Pricing][2].
|
911
944
|
#
|
912
945
|
#
|
913
946
|
#
|
@@ -916,15 +949,15 @@ module Aws::CloudTrail
|
|
916
949
|
# @return [Boolean]
|
917
950
|
#
|
918
951
|
# @!attribute [rw] data_resources
|
919
|
-
# CloudTrail supports data event logging for Amazon S3 objects
|
920
|
-
#
|
921
|
-
# 250 resources for an individual event
|
922
|
-
# of data resources cannot exceed 250
|
923
|
-
# trail. This limit does not apply if
|
924
|
-
# for all data events.
|
952
|
+
# CloudTrail supports data event logging for Amazon S3 objects, Lambda
|
953
|
+
# functions, and Amazon DynamoDB tables with basic event selectors.
|
954
|
+
# You can specify up to 250 resources for an individual event
|
955
|
+
# selector, but the total number of data resources cannot exceed 250
|
956
|
+
# across all event selectors in a trail. This limit does not apply if
|
957
|
+
# you configure resource logging for all data events.
|
925
958
|
#
|
926
|
-
# For more information, see [Data Events][1] and [Limits in
|
927
|
-
# CloudTrail][2] in the *
|
959
|
+
# For more information, see [Data Events][1] and [Limits in
|
960
|
+
# CloudTrail][2] in the *CloudTrail User Guide*.
|
928
961
|
#
|
929
962
|
#
|
930
963
|
#
|
@@ -935,10 +968,11 @@ module Aws::CloudTrail
|
|
935
968
|
# @!attribute [rw] exclude_management_event_sources
|
936
969
|
# An optional list of service event sources from which you do not want
|
937
970
|
# management events to be logged on your trail. In this release, the
|
938
|
-
# list can be empty (disables the filter), or it can filter out
|
939
|
-
#
|
940
|
-
#
|
941
|
-
#
|
971
|
+
# list can be empty (disables the filter), or it can filter out Key
|
972
|
+
# Management Service or Amazon RDS Data API events by containing
|
973
|
+
# `kms.amazonaws.com` or `rdsdata.amazonaws.com`. By default,
|
974
|
+
# `ExcludeManagementEventSources` is empty, and KMS and Amazon RDS
|
975
|
+
# Data API events are logged to your trail.
|
942
976
|
# @return [Array<String>]
|
943
977
|
#
|
944
978
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventSelector AWS API Documentation
|
@@ -1111,7 +1145,7 @@ module Aws::CloudTrail
|
|
1111
1145
|
# Specifies the name or the CloudTrail ARN of the trail for which you
|
1112
1146
|
# are requesting status. To get the status of a shadow trail (a
|
1113
1147
|
# replication of the trail in another region), you must specify its
|
1114
|
-
# ARN. The format of a trail ARN
|
1148
|
+
# ARN. The following is the format of a trail ARN.
|
1115
1149
|
#
|
1116
1150
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1117
1151
|
# @return [String]
|
@@ -1128,20 +1162,21 @@ module Aws::CloudTrail
|
|
1128
1162
|
# returns an error.
|
1129
1163
|
#
|
1130
1164
|
# @!attribute [rw] is_logging
|
1131
|
-
# Whether the CloudTrail is currently logging
|
1165
|
+
# Whether the CloudTrail trail is currently logging Amazon Web
|
1166
|
+
# Services API calls.
|
1132
1167
|
# @return [Boolean]
|
1133
1168
|
#
|
1134
1169
|
# @!attribute [rw] latest_delivery_error
|
1135
1170
|
# Displays any Amazon S3 error that CloudTrail encountered when
|
1136
1171
|
# attempting to deliver log files to the designated bucket. For more
|
1137
|
-
# information see
|
1172
|
+
# information, see [Error Responses][1] in the Amazon S3 API
|
1138
1173
|
# Reference.
|
1139
1174
|
#
|
1140
1175
|
# <note markdown="1"> This error occurs only when there is a problem with the destination
|
1141
|
-
# S3 bucket and
|
1142
|
-
# create a new bucket and call `UpdateTrail` to
|
1143
|
-
# bucket
|
1144
|
-
# write to the bucket.
|
1176
|
+
# S3 bucket, and does not occur for requests that time out. To resolve
|
1177
|
+
# the issue, create a new bucket, and then call `UpdateTrail` to
|
1178
|
+
# specify the new bucket; or fix the existing objects so that
|
1179
|
+
# CloudTrail can again write to the bucket.
|
1145
1180
|
#
|
1146
1181
|
# </note>
|
1147
1182
|
#
|
@@ -1173,12 +1208,12 @@ module Aws::CloudTrail
|
|
1173
1208
|
#
|
1174
1209
|
# @!attribute [rw] start_logging_time
|
1175
1210
|
# Specifies the most recent date and time when CloudTrail started
|
1176
|
-
# recording API calls for an
|
1211
|
+
# recording API calls for an Amazon Web Services account.
|
1177
1212
|
# @return [Time]
|
1178
1213
|
#
|
1179
1214
|
# @!attribute [rw] stop_logging_time
|
1180
1215
|
# Specifies the most recent date and time when CloudTrail stopped
|
1181
|
-
# recording API calls for an
|
1216
|
+
# recording API calls for an Amazon Web Services account.
|
1182
1217
|
# @return [Time]
|
1183
1218
|
#
|
1184
1219
|
# @!attribute [rw] latest_cloud_watch_logs_delivery_error
|
@@ -1199,14 +1234,14 @@ module Aws::CloudTrail
|
|
1199
1234
|
# @!attribute [rw] latest_digest_delivery_error
|
1200
1235
|
# Displays any Amazon S3 error that CloudTrail encountered when
|
1201
1236
|
# attempting to deliver a digest file to the designated bucket. For
|
1202
|
-
# more information see
|
1203
|
-
#
|
1237
|
+
# more information, see [Error Responses][1] in the Amazon S3 API
|
1238
|
+
# Reference.
|
1204
1239
|
#
|
1205
1240
|
# <note markdown="1"> This error occurs only when there is a problem with the destination
|
1206
|
-
# S3 bucket and
|
1207
|
-
# create a new bucket and call `UpdateTrail` to
|
1208
|
-
# bucket
|
1209
|
-
# write to the bucket.
|
1241
|
+
# S3 bucket, and does not occur for requests that time out. To resolve
|
1242
|
+
# the issue, create a new bucket, and then call `UpdateTrail` to
|
1243
|
+
# specify the new bucket; or fix the existing objects so that
|
1244
|
+
# CloudTrail can again write to the bucket.
|
1210
1245
|
#
|
1211
1246
|
# </note>
|
1212
1247
|
#
|
@@ -1282,8 +1317,8 @@ module Aws::CloudTrail
|
|
1282
1317
|
# }
|
1283
1318
|
#
|
1284
1319
|
# @!attribute [rw] insight_type
|
1285
|
-
# The type of
|
1286
|
-
#
|
1320
|
+
# The type of Insights events to log on a trail. The valid Insights
|
1321
|
+
# type in this release is `ApiCallRateInsight`.
|
1287
1322
|
# @return [String]
|
1288
1323
|
#
|
1289
1324
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightSelector AWS API Documentation
|
@@ -1322,15 +1357,15 @@ module Aws::CloudTrail
|
|
1322
1357
|
#
|
1323
1358
|
class InsufficientS3BucketPolicyException < Aws::EmptyStructure; end
|
1324
1359
|
|
1325
|
-
# This exception is thrown when the policy on the SNS topic is
|
1326
|
-
# sufficient.
|
1360
|
+
# This exception is thrown when the policy on the Amazon SNS topic is
|
1361
|
+
# not sufficient.
|
1327
1362
|
#
|
1328
1363
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsufficientSnsTopicPolicyException AWS API Documentation
|
1329
1364
|
#
|
1330
1365
|
class InsufficientSnsTopicPolicyException < Aws::EmptyStructure; end
|
1331
1366
|
|
1332
|
-
# This exception is thrown when the provided CloudWatch log group
|
1333
|
-
# valid.
|
1367
|
+
# This exception is thrown when the provided CloudWatch Logs log group
|
1368
|
+
# is not valid.
|
1334
1369
|
#
|
1335
1370
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidCloudWatchLogsLogGroupArnException AWS API Documentation
|
1336
1371
|
#
|
@@ -1373,7 +1408,7 @@ module Aws::CloudTrail
|
|
1373
1408
|
# selectors for a trail.
|
1374
1409
|
#
|
1375
1410
|
# * Specify a valid value for a parameter. For example, specifying the
|
1376
|
-
# `ReadWriteType` parameter with a value of `read-only` is
|
1411
|
+
# `ReadWriteType` parameter with a value of `read-only` is not valid.
|
1377
1412
|
#
|
1378
1413
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidEventSelectorsException AWS API Documentation
|
1379
1414
|
#
|
@@ -1395,27 +1430,27 @@ module Aws::CloudTrail
|
|
1395
1430
|
#
|
1396
1431
|
class InvalidInsightSelectorsException < Aws::EmptyStructure; end
|
1397
1432
|
|
1398
|
-
# This exception is thrown when the KMS key ARN is
|
1433
|
+
# This exception is thrown when the KMS key ARN is not valid.
|
1399
1434
|
#
|
1400
1435
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidKmsKeyIdException AWS API Documentation
|
1401
1436
|
#
|
1402
1437
|
class InvalidKmsKeyIdException < Aws::EmptyStructure; end
|
1403
1438
|
|
1404
|
-
# Occurs when
|
1439
|
+
# Occurs when a lookup attribute is specified that is not valid.
|
1405
1440
|
#
|
1406
1441
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidLookupAttributesException AWS API Documentation
|
1407
1442
|
#
|
1408
1443
|
class InvalidLookupAttributesException < Aws::EmptyStructure; end
|
1409
1444
|
|
1410
|
-
# This exception is thrown if the limit specified is
|
1445
|
+
# This exception is thrown if the limit specified is not valid.
|
1411
1446
|
#
|
1412
1447
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidMaxResultsException AWS API Documentation
|
1413
1448
|
#
|
1414
1449
|
class InvalidMaxResultsException < Aws::EmptyStructure; end
|
1415
1450
|
|
1416
|
-
#
|
1417
|
-
# different parameters. This exception is thrown if the
|
1418
|
-
#
|
1451
|
+
# A token that is not valid, or a token that was previously used in a
|
1452
|
+
# request with different parameters. This exception is thrown if the
|
1453
|
+
# token is not valid.
|
1419
1454
|
#
|
1420
1455
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidNextTokenException AWS API Documentation
|
1421
1456
|
#
|
@@ -1456,8 +1491,8 @@ module Aws::CloudTrail
|
|
1456
1491
|
#
|
1457
1492
|
class InvalidTagParameterException < Aws::EmptyStructure; end
|
1458
1493
|
|
1459
|
-
# Occurs if the timestamp values are
|
1460
|
-
# occurs after the end time or the time range is outside the range of
|
1494
|
+
# Occurs if the timestamp values are not valid. Either the start time
|
1495
|
+
# occurs after the end time, or the time range is outside the range of
|
1461
1496
|
# possible values.
|
1462
1497
|
#
|
1463
1498
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidTimeRangeException AWS API Documentation
|
@@ -1481,7 +1516,7 @@ module Aws::CloudTrail
|
|
1481
1516
|
# * Be between 3 and 128 characters
|
1482
1517
|
#
|
1483
1518
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1484
|
-
# `my-_namespace` and `my--namespace` are
|
1519
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1485
1520
|
#
|
1486
1521
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1487
1522
|
#
|
@@ -1502,10 +1537,10 @@ module Aws::CloudTrail
|
|
1502
1537
|
#
|
1503
1538
|
class KmsKeyDisabledException < Aws::EmptyStructure; end
|
1504
1539
|
|
1505
|
-
# This exception is thrown when the
|
1506
|
-
#
|
1507
|
-
#
|
1508
|
-
#
|
1540
|
+
# This exception is thrown when the KMS key does not exist, when the S3
|
1541
|
+
# bucket and the KMS key are not in the same region, or when the KMS key
|
1542
|
+
# associated with the Amazon SNS topic either does not exist or is not
|
1543
|
+
# in the same region.
|
1509
1544
|
#
|
1510
1545
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/KmsKeyNotFoundException AWS API Documentation
|
1511
1546
|
#
|
@@ -1584,7 +1619,7 @@ module Aws::CloudTrail
|
|
1584
1619
|
#
|
1585
1620
|
# @!attribute [rw] resource_id_list
|
1586
1621
|
# Specifies a list of trail ARNs whose tags will be listed. The list
|
1587
|
-
# has a limit of 20 ARNs. The format of a trail ARN
|
1622
|
+
# has a limit of 20 ARNs. The following is the format of a trail ARN.
|
1588
1623
|
#
|
1589
1624
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1590
1625
|
# @return [Array<String>]
|
@@ -1798,10 +1833,11 @@ module Aws::CloudTrail
|
|
1798
1833
|
#
|
1799
1834
|
class MaximumNumberOfTrailsExceededException < Aws::EmptyStructure; end
|
1800
1835
|
|
1801
|
-
# This exception is thrown when the
|
1802
|
-
# create or update an organization trail is not the
|
1803
|
-
# an organization in
|
1804
|
-
# [Prepare For Creating a Trail For Your
|
1836
|
+
# This exception is thrown when the Amazon Web Services account making
|
1837
|
+
# the request to create or update an organization trail is not the
|
1838
|
+
# management account for an organization in Organizations. For more
|
1839
|
+
# information, see [Prepare For Creating a Trail For Your
|
1840
|
+
# Organization][1].
|
1805
1841
|
#
|
1806
1842
|
#
|
1807
1843
|
#
|
@@ -1818,9 +1854,9 @@ module Aws::CloudTrail
|
|
1818
1854
|
#
|
1819
1855
|
class OperationNotPermittedException < Aws::EmptyStructure; end
|
1820
1856
|
|
1821
|
-
# This exception is thrown when
|
1822
|
-
# support all features. All features must be enabled in
|
1823
|
-
#
|
1857
|
+
# This exception is thrown when Organizations is not configured to
|
1858
|
+
# support all features. All features must be enabled in Organizations to
|
1859
|
+
# support creating an organization trail. For more information, see
|
1824
1860
|
# [Prepare For Creating a Trail For Your Organization][1].
|
1825
1861
|
#
|
1826
1862
|
#
|
@@ -1831,9 +1867,10 @@ module Aws::CloudTrail
|
|
1831
1867
|
#
|
1832
1868
|
class OrganizationNotInAllFeaturesModeException < Aws::EmptyStructure; end
|
1833
1869
|
|
1834
|
-
# This exception is thrown when the request is made from an
|
1835
|
-
# that is not a member of an organization. To make this
|
1836
|
-
# using the credentials of an account that belongs to
|
1870
|
+
# This exception is thrown when the request is made from an Amazon Web
|
1871
|
+
# Services account that is not a member of an organization. To make this
|
1872
|
+
# request, sign in using the credentials of an account that belongs to
|
1873
|
+
# an organization.
|
1837
1874
|
#
|
1838
1875
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/OrganizationsNotInUseException AWS API Documentation
|
1839
1876
|
#
|
@@ -1916,11 +1953,11 @@ module Aws::CloudTrail
|
|
1916
1953
|
# * Be between 3 and 128 characters
|
1917
1954
|
#
|
1918
1955
|
# * Have no adjacent periods, underscores or dashes. Names like
|
1919
|
-
# `my-_namespace` and `my--namespace` are
|
1956
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
1920
1957
|
#
|
1921
1958
|
# * Not be in IP address format (for example, 192.168.5.4)
|
1922
1959
|
#
|
1923
|
-
# If you specify a trail ARN, it must be in the format
|
1960
|
+
# If you specify a trail ARN, it must be in the following format.
|
1924
1961
|
#
|
1925
1962
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1926
1963
|
# @return [String]
|
@@ -1942,8 +1979,8 @@ module Aws::CloudTrail
|
|
1942
1979
|
# `EventSelectors`, but not both. If you apply
|
1943
1980
|
# `AdvancedEventSelectors` to a trail, any existing `EventSelectors`
|
1944
1981
|
# are overwritten. For more information about advanced event
|
1945
|
-
# selectors, see [Logging data events for trails][1] in the
|
1946
|
-
# CloudTrail User Guide*.
|
1982
|
+
# selectors, see [Logging data events for trails][1] in the
|
1983
|
+
# *CloudTrail User Guide*.
|
1947
1984
|
#
|
1948
1985
|
#
|
1949
1986
|
#
|
@@ -1962,7 +1999,7 @@ module Aws::CloudTrail
|
|
1962
1999
|
|
1963
2000
|
# @!attribute [rw] trail_arn
|
1964
2001
|
# Specifies the ARN of the trail that was updated with event
|
1965
|
-
# selectors. The format of a trail ARN
|
2002
|
+
# selectors. The following is the format of a trail ARN.
|
1966
2003
|
#
|
1967
2004
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
1968
2005
|
# @return [String]
|
@@ -2003,9 +2040,9 @@ module Aws::CloudTrail
|
|
2003
2040
|
# @return [String]
|
2004
2041
|
#
|
2005
2042
|
# @!attribute [rw] insight_selectors
|
2006
|
-
# A JSON string that contains the
|
2007
|
-
# trail.
|
2008
|
-
#
|
2043
|
+
# A JSON string that contains the Insights types that you want to log
|
2044
|
+
# on a trail. The valid Insights type in this release is
|
2045
|
+
# `ApiCallRateInsight`.
|
2009
2046
|
# @return [Array<Types::InsightSelector>]
|
2010
2047
|
#
|
2011
2048
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
|
@@ -2023,9 +2060,9 @@ module Aws::CloudTrail
|
|
2023
2060
|
# @return [String]
|
2024
2061
|
#
|
2025
2062
|
# @!attribute [rw] insight_selectors
|
2026
|
-
# A JSON string that contains the
|
2027
|
-
# trail.
|
2028
|
-
#
|
2063
|
+
# A JSON string that contains the Insights event types that you want
|
2064
|
+
# to log on a trail. The valid Insights type in this release is
|
2065
|
+
# `ApiCallRateInsight`.
|
2029
2066
|
# @return [Array<Types::InsightSelector>]
|
2030
2067
|
#
|
2031
2068
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
|
@@ -2085,9 +2122,10 @@ module Aws::CloudTrail
|
|
2085
2122
|
# The type of a resource referenced by the event returned. When the
|
2086
2123
|
# resource type cannot be determined, null is returned. Some examples
|
2087
2124
|
# of resource types are: **Instance** for EC2, **Trail** for
|
2088
|
-
# CloudTrail, **DBInstance** for RDS, and **AccessKey** for
|
2089
|
-
# learn more about how to look up and filter events by the
|
2090
|
-
# types supported for a service, see [Filtering CloudTrail
|
2125
|
+
# CloudTrail, **DBInstance** for Amazon RDS, and **AccessKey** for
|
2126
|
+
# IAM. To learn more about how to look up and filter events by the
|
2127
|
+
# resource types supported for a service, see [Filtering CloudTrail
|
2128
|
+
# Events][1].
|
2091
2129
|
#
|
2092
2130
|
#
|
2093
2131
|
#
|
@@ -2148,8 +2186,8 @@ module Aws::CloudTrail
|
|
2148
2186
|
#
|
2149
2187
|
class S3BucketDoesNotExistException < Aws::EmptyStructure; end
|
2150
2188
|
|
2151
|
-
# The request to CloudTrail to start logging
|
2152
|
-
# account.
|
2189
|
+
# The request to CloudTrail to start logging Amazon Web Services API
|
2190
|
+
# calls for an account.
|
2153
2191
|
#
|
2154
2192
|
# @note When making an API call, you may pass StartLoggingRequest
|
2155
2193
|
# data as a hash:
|
@@ -2160,7 +2198,8 @@ module Aws::CloudTrail
|
|
2160
2198
|
#
|
2161
2199
|
# @!attribute [rw] name
|
2162
2200
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
2163
|
-
# CloudTrail logs
|
2201
|
+
# CloudTrail logs Amazon Web Services API calls. The following is the
|
2202
|
+
# format of a trail ARN.
|
2164
2203
|
#
|
2165
2204
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2166
2205
|
# @return [String]
|
@@ -2180,8 +2219,8 @@ module Aws::CloudTrail
|
|
2180
2219
|
#
|
2181
2220
|
class StartLoggingResponse < Aws::EmptyStructure; end
|
2182
2221
|
|
2183
|
-
# Passes the request to CloudTrail to stop logging
|
2184
|
-
# specified account.
|
2222
|
+
# Passes the request to CloudTrail to stop logging Amazon Web Services
|
2223
|
+
# API calls for the specified account.
|
2185
2224
|
#
|
2186
2225
|
# @note When making an API call, you may pass StopLoggingRequest
|
2187
2226
|
# data as a hash:
|
@@ -2192,8 +2231,8 @@ module Aws::CloudTrail
|
|
2192
2231
|
#
|
2193
2232
|
# @!attribute [rw] name
|
2194
2233
|
# Specifies the name or the CloudTrail ARN of the trail for which
|
2195
|
-
# CloudTrail will stop logging
|
2196
|
-
#
|
2234
|
+
# CloudTrail will stop logging Amazon Web Services API calls. The
|
2235
|
+
# following is the format of a trail ARN.
|
2197
2236
|
#
|
2198
2237
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2199
2238
|
# @return [String]
|
@@ -2270,7 +2309,7 @@ module Aws::CloudTrail
|
|
2270
2309
|
# @!attribute [rw] s3_key_prefix
|
2271
2310
|
# Specifies the Amazon S3 key prefix that comes after the name of the
|
2272
2311
|
# bucket you have designated for log file delivery. For more
|
2273
|
-
# information, see [Finding Your CloudTrail Log Files][1].The maximum
|
2312
|
+
# information, see [Finding Your CloudTrail Log Files][1]. The maximum
|
2274
2313
|
# length is 200 characters.
|
2275
2314
|
#
|
2276
2315
|
#
|
@@ -2284,15 +2323,15 @@ module Aws::CloudTrail
|
|
2284
2323
|
#
|
2285
2324
|
# @!attribute [rw] sns_topic_arn
|
2286
2325
|
# Specifies the ARN of the Amazon SNS topic that CloudTrail uses to
|
2287
|
-
# send notifications when log files are delivered. The
|
2288
|
-
# topic ARN
|
2326
|
+
# send notifications when log files are delivered. The following is
|
2327
|
+
# the format of a topic ARN.
|
2289
2328
|
#
|
2290
2329
|
# `arn:aws:sns:us-east-2:123456789012:MyTopic`
|
2291
2330
|
# @return [String]
|
2292
2331
|
#
|
2293
2332
|
# @!attribute [rw] include_global_service_events
|
2294
|
-
# Set to **True** to include
|
2295
|
-
# such as IAM. Otherwise, **False**.
|
2333
|
+
# Set to **True** to include Amazon Web Services API calls from Amazon
|
2334
|
+
# Web Services global services such as IAM. Otherwise, **False**.
|
2296
2335
|
# @return [Boolean]
|
2297
2336
|
#
|
2298
2337
|
# @!attribute [rw] is_multi_region_trail
|
@@ -2305,7 +2344,8 @@ module Aws::CloudTrail
|
|
2305
2344
|
# @return [String]
|
2306
2345
|
#
|
2307
2346
|
# @!attribute [rw] trail_arn
|
2308
|
-
# Specifies the ARN of the trail. The format of a
|
2347
|
+
# Specifies the ARN of the trail. The following is the format of a
|
2348
|
+
# trail ARN.
|
2309
2349
|
#
|
2310
2350
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2311
2351
|
# @return [String]
|
@@ -2327,7 +2367,7 @@ module Aws::CloudTrail
|
|
2327
2367
|
# @!attribute [rw] kms_key_id
|
2328
2368
|
# Specifies the KMS key ID that encrypts the logs delivered by
|
2329
2369
|
# CloudTrail. The value is a fully specified ARN to a KMS key in the
|
2330
|
-
# format
|
2370
|
+
# following format.
|
2331
2371
|
#
|
2332
2372
|
# `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
|
2333
2373
|
# @return [String]
|
@@ -2386,7 +2426,7 @@ module Aws::CloudTrail
|
|
2386
2426
|
# @return [String]
|
2387
2427
|
#
|
2388
2428
|
# @!attribute [rw] home_region
|
2389
|
-
# The
|
2429
|
+
# The Amazon Web Services Region in which a trail was created.
|
2390
2430
|
# @return [String]
|
2391
2431
|
#
|
2392
2432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/TrailInfo AWS API Documentation
|
@@ -2450,11 +2490,11 @@ module Aws::CloudTrail
|
|
2450
2490
|
# * Be between 3 and 128 characters
|
2451
2491
|
#
|
2452
2492
|
# * Have no adjacent periods, underscores or dashes. Names like
|
2453
|
-
# `my-_namespace` and `my--namespace` are
|
2493
|
+
# `my-_namespace` and `my--namespace` are not valid.
|
2454
2494
|
#
|
2455
2495
|
# * Not be in IP address format (for example, 192.168.5.4)
|
2456
2496
|
#
|
2457
|
-
# If `Name` is a trail ARN, it must be in the format
|
2497
|
+
# If `Name` is a trail ARN, it must be in the following format.
|
2458
2498
|
#
|
2459
2499
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2460
2500
|
# @return [String]
|
@@ -2505,7 +2545,7 @@ module Aws::CloudTrail
|
|
2505
2545
|
# false.
|
2506
2546
|
#
|
2507
2547
|
# <note markdown="1"> When you disable log file integrity validation, the chain of digest
|
2508
|
-
# files is broken after one hour. CloudTrail
|
2548
|
+
# files is broken after one hour. CloudTrail does not create digest
|
2509
2549
|
# files for log files that were delivered during a period in which log
|
2510
2550
|
# file integrity validation was disabled. For example, if you enable
|
2511
2551
|
# log file integrity validation at noon on January 1, disable it at
|
@@ -2520,8 +2560,8 @@ module Aws::CloudTrail
|
|
2520
2560
|
# @!attribute [rw] cloud_watch_logs_log_group_arn
|
2521
2561
|
# Specifies a log group name using an Amazon Resource Name (ARN), a
|
2522
2562
|
# unique identifier that represents the log group to which CloudTrail
|
2523
|
-
# logs
|
2524
|
-
# CloudWatchLogsRoleArn
|
2563
|
+
# logs are delivered. Not required unless you specify
|
2564
|
+
# `CloudWatchLogsRoleArn`.
|
2525
2565
|
# @return [String]
|
2526
2566
|
#
|
2527
2567
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -2535,6 +2575,10 @@ module Aws::CloudTrail
|
|
2535
2575
|
# fully specified ARN to an alias, a fully specified ARN to a key, or
|
2536
2576
|
# a globally unique identifier.
|
2537
2577
|
#
|
2578
|
+
# CloudTrail also supports KMS multi-Region keys. For more information
|
2579
|
+
# about multi-Region keys, see [Using multi-Region keys][1] in the
|
2580
|
+
# *Key Management Service Developer Guide*.
|
2581
|
+
#
|
2538
2582
|
# Examples:
|
2539
2583
|
#
|
2540
2584
|
# * alias/MyAliasName
|
@@ -2544,19 +2588,24 @@ module Aws::CloudTrail
|
|
2544
2588
|
# * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
|
2545
2589
|
#
|
2546
2590
|
# * 12345678-1234-1234-1234-123456789012
|
2591
|
+
#
|
2592
|
+
#
|
2593
|
+
#
|
2594
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
|
2547
2595
|
# @return [String]
|
2548
2596
|
#
|
2549
2597
|
# @!attribute [rw] is_organization_trail
|
2550
2598
|
# Specifies whether the trail is applied to all accounts in an
|
2551
|
-
# organization in
|
2552
|
-
# account. The default is false, and cannot be true unless
|
2553
|
-
# made on behalf of an
|
2554
|
-
# organization in
|
2555
|
-
# organization trail and this is set to true
|
2556
|
-
# created in all
|
2557
|
-
#
|
2558
|
-
#
|
2559
|
-
#
|
2599
|
+
# organization in Organizations, or only for the current Amazon Web
|
2600
|
+
# Services account. The default is false, and cannot be true unless
|
2601
|
+
# the call is made on behalf of an Amazon Web Services account that is
|
2602
|
+
# the management account for an organization in Organizations. If the
|
2603
|
+
# trail is not an organization trail and this is set to `true`, the
|
2604
|
+
# trail will be created in all Amazon Web Services accounts that
|
2605
|
+
# belong to the organization. If the trail is an organization trail
|
2606
|
+
# and this is set to `false`, the trail will remain in the current
|
2607
|
+
# Amazon Web Services account but be deleted from all member accounts
|
2608
|
+
# in the organization.
|
2560
2609
|
# @return [Boolean]
|
2561
2610
|
#
|
2562
2611
|
# @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrailRequest AWS API Documentation
|
@@ -2592,7 +2641,7 @@ module Aws::CloudTrail
|
|
2592
2641
|
# @!attribute [rw] s3_key_prefix
|
2593
2642
|
# Specifies the Amazon S3 key prefix that comes after the name of the
|
2594
2643
|
# bucket you have designated for log file delivery. For more
|
2595
|
-
# information, see [Finding Your
|
2644
|
+
# information, see [Finding Your IAM Log Files][1].
|
2596
2645
|
#
|
2597
2646
|
#
|
2598
2647
|
#
|
@@ -2600,13 +2649,13 @@ module Aws::CloudTrail
|
|
2600
2649
|
# @return [String]
|
2601
2650
|
#
|
2602
2651
|
# @!attribute [rw] sns_topic_name
|
2603
|
-
# This field is no longer in use. Use SnsTopicARN.
|
2652
|
+
# This field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
|
2604
2653
|
# @return [String]
|
2605
2654
|
#
|
2606
2655
|
# @!attribute [rw] sns_topic_arn
|
2607
2656
|
# Specifies the ARN of the Amazon SNS topic that CloudTrail uses to
|
2608
|
-
# send notifications when log files are delivered. The
|
2609
|
-
# topic ARN
|
2657
|
+
# send notifications when log files are delivered. The following is
|
2658
|
+
# the format of a topic ARN.
|
2610
2659
|
#
|
2611
2660
|
# `arn:aws:sns:us-east-2:123456789012:MyTopic`
|
2612
2661
|
# @return [String]
|
@@ -2621,8 +2670,8 @@ module Aws::CloudTrail
|
|
2621
2670
|
# @return [Boolean]
|
2622
2671
|
#
|
2623
2672
|
# @!attribute [rw] trail_arn
|
2624
|
-
# Specifies the ARN of the trail that was updated. The
|
2625
|
-
# trail ARN
|
2673
|
+
# Specifies the ARN of the trail that was updated. The following is
|
2674
|
+
# the format of a trail ARN.
|
2626
2675
|
#
|
2627
2676
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
|
2628
2677
|
# @return [String]
|
@@ -2633,7 +2682,7 @@ module Aws::CloudTrail
|
|
2633
2682
|
#
|
2634
2683
|
# @!attribute [rw] cloud_watch_logs_log_group_arn
|
2635
2684
|
# Specifies the Amazon Resource Name (ARN) of the log group to which
|
2636
|
-
# CloudTrail logs
|
2685
|
+
# CloudTrail logs are delivered.
|
2637
2686
|
# @return [String]
|
2638
2687
|
#
|
2639
2688
|
# @!attribute [rw] cloud_watch_logs_role_arn
|
@@ -2644,7 +2693,7 @@ module Aws::CloudTrail
|
|
2644
2693
|
# @!attribute [rw] kms_key_id
|
2645
2694
|
# Specifies the KMS key ID that encrypts the logs delivered by
|
2646
2695
|
# CloudTrail. The value is a fully specified ARN to a KMS key in the
|
2647
|
-
# format
|
2696
|
+
# following format.
|
2648
2697
|
#
|
2649
2698
|
# `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
|
2650
2699
|
# @return [String]
|