aws-sdk-cloudtrail 1.3.0 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: baa9fd28d6ab374b96b72762c303f695709e3173
4
- data.tar.gz: 63b101f54a8a98d0122321f1fd385684501ab1f2
3
+ metadata.gz: 9e85e39980d3f103dc77fc20071fb5ea4353a38e
4
+ data.tar.gz: 4d530700c634c9a34d35250d0d884dee80557c48
5
5
  SHA512:
6
- metadata.gz: 180e744859c3174319d06351ed7a0a789cd88b32409e6cdd8bb8bdc7da2d415780c1e2d962f655110b9add6a5e3d99ee622fd0e945ac614a987cf5780e1ecfa5
7
- data.tar.gz: 7a0de47550b15f5db7a0af6bbb7e83187ba39e964539f2e8a1ed2ea8fda606986c5de377f090ad51e36f344799ed1a08f1b5887e16be3e949d0be968006edc09
6
+ metadata.gz: e6282a87993caa6e5c60183c6cfc9af55637358d01830ca1c613e2b3c6af997d31ce65f897bf40ac905b141cd9bf81912265803a2160dffe47271dd821f4cdd6
7
+ data.tar.gz: 6315a776825a7a3a62c62ad7491230c668be9048947c93fc0762b7441e6038fd6ba05f26bb7704aae711022e10f93fba9ed20e50f5f933bc1896b42188d8febc
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cloudtrail/customizations'
42
42
  # @service
43
43
  module Aws::CloudTrail
44
44
 
45
- GEM_VERSION = '1.3.0'
45
+ GEM_VERSION = '1.4.0'
46
46
 
47
47
  end
@@ -197,7 +197,7 @@ module Aws::CloudTrail
197
197
  # Specifies the ARN of the trail to which one or more tags will be
198
198
  # added. The format of a trail ARN is:
199
199
  #
200
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
200
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
201
201
  #
202
202
  # @option params [Array<Types::Tag>] :tags_list
203
203
  # Contains a list of CloudTrail tags, up to a limit of 50
@@ -311,9 +311,9 @@ module Aws::CloudTrail
311
311
  #
312
312
  # * alias/MyAliasName
313
313
  #
314
- # * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
314
+ # * arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
315
315
  #
316
- # * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
316
+ # * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
317
317
  #
318
318
  # * 12345678-1234-1234-1234-123456789012
319
319
  #
@@ -379,7 +379,7 @@ module Aws::CloudTrail
379
379
  # @option params [required, String] :name
380
380
  # Specifies the name or the CloudTrail ARN of the trail to be deleted.
381
381
  # The format of a trail ARN is:
382
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
382
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
383
383
  #
384
384
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
385
385
  #
@@ -405,7 +405,7 @@ module Aws::CloudTrail
405
405
  # Specifies a list of trail names, trail ARNs, or both, of the trails to
406
406
  # describe. The format of a trail ARN is:
407
407
  #
408
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
408
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
409
409
  #
410
410
  # If an empty list is specified, information for the trail in the
411
411
  # current region is returned.
@@ -471,12 +471,14 @@ module Aws::CloudTrail
471
471
  # your trail. The information returned for your event selectors includes
472
472
  # the following:
473
473
  #
474
- # * The S3 objects that you are logging for data events.
474
+ # * If your event selector includes read-only events, write-only events,
475
+ # or all events. This applies to both management events and data
476
+ # events.
475
477
  #
476
478
  # * If your event selector includes management events.
477
479
  #
478
- # * If your event selector includes read-only events, write-only events,
479
- # or all.
480
+ # * If your event selector includes data events, the Amazon S3 objects
481
+ # or AWS Lambda functions that you are logging for data events.
480
482
  #
481
483
  # For more information, see [Logging Data and Management Events for
482
484
  # Trails ][1] in the *AWS CloudTrail User Guide*.
@@ -497,13 +499,13 @@ module Aws::CloudTrail
497
499
  # * Be between 3 and 128 characters
498
500
  #
499
501
  # * Have no adjacent periods, underscores or dashes. Names like
500
- # `my-_namespace` and `my--namespace` are invalid.
502
+ # `my-_namespace` and `my--namespace` are not valid.
501
503
  #
502
504
  # * Not be in IP address format (for example, 192.168.5.4)
503
505
  #
504
506
  # If you specify a trail ARN, it must be in the format:
505
507
  #
506
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
508
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
507
509
  #
508
510
  # @return [Types::GetEventSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
509
511
  #
@@ -549,7 +551,7 @@ module Aws::CloudTrail
549
551
  # replication of the trail in another region), you must specify its ARN.
550
552
  # The format of a trail ARN is:
551
553
  #
552
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
554
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
553
555
  #
554
556
  # @return [Types::GetTrailStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
555
557
  #
@@ -668,7 +670,7 @@ module Aws::CloudTrail
668
670
  # Specifies a list of trail ARNs whose tags will be listed. The list has
669
671
  # a limit of 20 ARNs. The format of a trail ARN is:
670
672
  #
671
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
673
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
672
674
  #
673
675
  # @option params [String] :next_token
674
676
  # Reserved for future use.
@@ -703,11 +705,11 @@ module Aws::CloudTrail
703
705
  req.send_request(options)
704
706
  end
705
707
 
706
- # Looks up API activity events captured by CloudTrail that create,
707
- # update, or delete resources in your account. Events for a region can
708
- # be looked up for the times in which you had CloudTrail turned on in
709
- # that region during the last seven days. Lookup supports the following
710
- # attributes:
708
+ # Looks up [management events][1] captured by CloudTrail. Events for a
709
+ # region can be looked up in that region during the last 90 days. Lookup
710
+ # supports the following attributes:
711
+ #
712
+ # * AWS access key
711
713
  #
712
714
  # * Event ID
713
715
  #
@@ -715,6 +717,8 @@ module Aws::CloudTrail
715
717
  #
716
718
  # * Event source
717
719
  #
720
+ # * Read only
721
+ #
718
722
  # * Resource name
719
723
  #
720
724
  # * Resource type
@@ -722,7 +726,7 @@ module Aws::CloudTrail
722
726
  # * User name
723
727
  #
724
728
  # All attributes are optional. The default number of results returned is
725
- # 10, with a maximum of 50 possible. The response includes a token that
729
+ # 50, with a maximum of 50 possible. The response includes a token that
726
730
  # you can use to get the next page of results.
727
731
  #
728
732
  # The rate of lookup requests is limited to one per second per account.
@@ -732,6 +736,10 @@ module Aws::CloudTrail
732
736
  # available for lookup if CloudTrail logging was not enabled when the
733
737
  # events occurred.
734
738
  #
739
+ #
740
+ #
741
+ # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events
742
+ #
735
743
  # @option params [Array<Types::LookupAttribute>] :lookup_attributes
736
744
  # Contains a list of lookup attributes. Currently the list can contain
737
745
  # only one item.
@@ -748,7 +756,7 @@ module Aws::CloudTrail
748
756
  #
749
757
  # @option params [Integer] :max_results
750
758
  # The number of events to return. Possible values are 1 through 50. The
751
- # default is 10.
759
+ # default is 50.
752
760
  #
753
761
  # @option params [String] :next_token
754
762
  # The token to use to get the next page of results after a previous API
@@ -767,7 +775,7 @@ module Aws::CloudTrail
767
775
  # resp = client.lookup_events({
768
776
  # lookup_attributes: [
769
777
  # {
770
- # attribute_key: "EventId", # required, accepts EventId, EventName, Username, ResourceType, ResourceName, EventSource
778
+ # attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
771
779
  # attribute_value: "String", # required
772
780
  # },
773
781
  # ],
@@ -782,6 +790,8 @@ module Aws::CloudTrail
782
790
  # resp.events #=> Array
783
791
  # resp.events[0].event_id #=> String
784
792
  # resp.events[0].event_name #=> String
793
+ # resp.events[0].read_only #=> String
794
+ # resp.events[0].access_key_id #=> String
785
795
  # resp.events[0].event_time #=> Time
786
796
  # resp.events[0].event_source #=> String
787
797
  # resp.events[0].username #=> String
@@ -801,12 +811,15 @@ module Aws::CloudTrail
801
811
  end
802
812
 
803
813
  # Configures an event selector for your trail. Use event selectors to
804
- # specify whether you want your trail to log management and/or data
805
- # events. When an event occurs in your account, CloudTrail evaluates the
806
- # event selectors in all trails. For each trail, if the event matches
807
- # any event selector, the trail processes and logs the event. If the
808
- # event doesn't match any event selector, the trail doesn't log the
809
- # event.
814
+ # further specify the management and data event settings for your trail.
815
+ # By default, trails created without specific event selectors will be
816
+ # configured to log all read and write management events, and no data
817
+ # events.
818
+ #
819
+ # When an event occurs in your account, CloudTrail evaluates the event
820
+ # selectors in all trails. For each trail, if the event matches any
821
+ # event selector, the trail processes and logs the event. If the event
822
+ # doesn't match any event selector, the trail doesn't log the event.
810
823
  #
811
824
  # Example
812
825
  #
@@ -831,11 +844,12 @@ module Aws::CloudTrail
831
844
  #
832
845
  # You can configure up to five event selectors for each trail. For more
833
846
  # information, see [Logging Data and Management Events for Trails ][1]
834
- # in the *AWS CloudTrail User Guide*.
847
+ # and [Limits in AWS CloudTrail][2] in the *AWS CloudTrail User Guide*.
835
848
  #
836
849
  #
837
850
  #
838
851
  # [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
852
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
839
853
  #
840
854
  # @option params [required, String] :trail_name
841
855
  # Specifies the name of the trail or trail ARN. If you specify a trail
@@ -855,7 +869,7 @@ module Aws::CloudTrail
855
869
  #
856
870
  # If you specify a trail ARN, it must be in the format:
857
871
  #
858
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
872
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
859
873
  #
860
874
  # @option params [required, Array<Types::EventSelector>] :event_selectors
861
875
  # Specifies the settings for your event selectors. You can configure up
@@ -910,7 +924,7 @@ module Aws::CloudTrail
910
924
  # Specifies the ARN of the trail from which tags should be removed. The
911
925
  # format of a trail ARN is:
912
926
  #
913
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
927
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
914
928
  #
915
929
  # @option params [Array<Types::Tag>] :tags_list
916
930
  # Specifies a list of tags to be removed.
@@ -948,7 +962,7 @@ module Aws::CloudTrail
948
962
  # Specifies the name or the CloudTrail ARN of the trail for which
949
963
  # CloudTrail logs AWS API calls. The format of a trail ARN is:
950
964
  #
951
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
965
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
952
966
  #
953
967
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
954
968
  #
@@ -981,7 +995,7 @@ module Aws::CloudTrail
981
995
  # CloudTrail will stop logging AWS API calls. The format of a trail ARN
982
996
  # is:
983
997
  #
984
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
998
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
985
999
  #
986
1000
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
987
1001
  #
@@ -1026,7 +1040,7 @@ module Aws::CloudTrail
1026
1040
  #
1027
1041
  # If `Name` is a trail ARN, it must be in the format:
1028
1042
  #
1029
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1043
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1030
1044
  #
1031
1045
  # @option params [String] :s3_bucket_name
1032
1046
  # Specifies the name of the Amazon S3 bucket designated for publishing
@@ -1099,9 +1113,9 @@ module Aws::CloudTrail
1099
1113
  #
1100
1114
  # * alias/MyAliasName
1101
1115
  #
1102
- # * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
1116
+ # * arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
1103
1117
  #
1104
- # * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
1118
+ # * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
1105
1119
  #
1106
1120
  # * 12345678-1234-1234-1234-123456789012
1107
1121
  #
@@ -1172,7 +1186,7 @@ module Aws::CloudTrail
1172
1186
  params: params,
1173
1187
  config: config)
1174
1188
  context[:gem_name] = 'aws-sdk-cloudtrail'
1175
- context[:gem_version] = '1.3.0'
1189
+ context[:gem_version] = '1.4.0'
1176
1190
  Seahorse::Client::Request.new(handlers, context)
1177
1191
  end
1178
1192
 
@@ -157,6 +157,8 @@ module Aws::CloudTrail
157
157
 
158
158
  Event.add_member(:event_id, Shapes::ShapeRef.new(shape: String, location_name: "EventId"))
159
159
  Event.add_member(:event_name, Shapes::ShapeRef.new(shape: String, location_name: "EventName"))
160
+ Event.add_member(:read_only, Shapes::ShapeRef.new(shape: String, location_name: "ReadOnly"))
161
+ Event.add_member(:access_key_id, Shapes::ShapeRef.new(shape: String, location_name: "AccessKeyId"))
160
162
  Event.add_member(:event_time, Shapes::ShapeRef.new(shape: Date, location_name: "EventTime"))
161
163
  Event.add_member(:event_source, Shapes::ShapeRef.new(shape: String, location_name: "EventSource"))
162
164
  Event.add_member(:username, Shapes::ShapeRef.new(shape: String, location_name: "Username"))
@@ -347,6 +349,7 @@ module Aws::CloudTrail
347
349
  "protocol" => "json",
348
350
  "serviceAbbreviation" => "CloudTrail",
349
351
  "serviceFullName" => "AWS CloudTrail",
352
+ "serviceId" => "CloudTrail",
350
353
  "signatureVersion" => "v4",
351
354
  "targetPrefix" => "com.amazonaws.cloudtrail.v20131101.CloudTrail_20131101",
352
355
  "uid" => "cloudtrail-2013-11-01",
@@ -27,7 +27,7 @@ module Aws::CloudTrail
27
27
  # Specifies the ARN of the trail to which one or more tags will be
28
28
  # added. The format of a trail ARN is:
29
29
  #
30
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
30
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
31
31
  # @return [String]
32
32
  #
33
33
  # @!attribute [rw] tags_list
@@ -158,9 +158,9 @@ module Aws::CloudTrail
158
158
  #
159
159
  # * alias/MyAliasName
160
160
  #
161
- # * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
161
+ # * arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
162
162
  #
163
- # * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
163
+ # * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
164
164
  #
165
165
  # * 12345678-1234-1234-1234-123456789012
166
166
  # @return [String]
@@ -212,7 +212,7 @@ module Aws::CloudTrail
212
212
  # send notifications when log files are delivered. The format of a
213
213
  # topic ARN is:
214
214
  #
215
- # `arn:aws:sns:us-east-1:123456789012:MyTopic`
215
+ # `arn:aws:sns:us-east-2:123456789012:MyTopic`
216
216
  # @return [String]
217
217
  #
218
218
  # @!attribute [rw] include_global_service_events
@@ -228,7 +228,7 @@ module Aws::CloudTrail
228
228
  # Specifies the ARN of the trail that was created. The format of a
229
229
  # trail ARN is:
230
230
  #
231
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
231
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
232
232
  # @return [String]
233
233
  #
234
234
  # @!attribute [rw] log_file_validation_enabled
@@ -250,7 +250,7 @@ module Aws::CloudTrail
250
250
  # CloudTrail. The value is a fully specified ARN to a KMS key in the
251
251
  # format:
252
252
  #
253
- # `arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012`
253
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
254
254
  # @return [String]
255
255
  #
256
256
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateTrailResponse AWS API Documentation
@@ -271,28 +271,57 @@ module Aws::CloudTrail
271
271
  include Aws::Structure
272
272
  end
273
273
 
274
- # The Amazon S3 objects that you specify in your event selectors for
275
- # your trail to log data events. Data events are object-level API
276
- # operations that access S3 objects, such as `GetObject`,
277
- # `DeleteObject`, and `PutObject`. You can specify up to 250 S3 buckets
278
- # and object prefixes for a trail.
274
+ # The Amazon S3 buckets or AWS Lambda functions that you specify in your
275
+ # event selectors for your trail to log data events. Data events provide
276
+ # insight into the resource operations performed on or within a resource
277
+ # itself. These are also known as data plane operations. You can specify
278
+ # up to 250 data resources for a trail.
279
279
  #
280
- # Example
280
+ # <note markdown="1"> The total number of allowed data resources is 250. This number can be
281
+ # distributed between 1 and 5 event selectors, but the total cannot
282
+ # exceed 250 across all selectors.
281
283
  #
282
- # 1. You create an event selector for a trail and specify an S3 bucket
283
- # and an empty prefix, such as `arn:aws:s3:::bucket-1/`.
284
+ # </note>
284
285
  #
285
- # 2. You upload an image file to `bucket-1`.
286
+ # The following example demonstrates how logging works when you
287
+ # configure logging of all data events for an S3 bucket named
288
+ # `bucket-1`. In this example, the CloudTrail user spcified an empty
289
+ # prefix, and the option to log both `Read` and `Write` data events.
286
290
  #
287
- # 3. The `PutObject` API operation occurs on an object in the S3 bucket
288
- # that you specified in the event selector. The trail processes and
289
- # logs the event.
291
+ # 1. A user uploads an image file to `bucket-1`.
290
292
  #
291
- # 4. You upload another image file to a different S3 bucket named
293
+ # 2. The `PutObject` API operation is an Amazon S3 object-level API. It
294
+ # is recorded as a data event in CloudTrail. Because the CloudTrail
295
+ # user specified an S3 bucket with an empty prefix, events that
296
+ # occur on any object in that bucket are logged. The trail processes
297
+ # and logs the event.
298
+ #
299
+ # 3. A user uploads an object to an Amazon S3 bucket named
292
300
  # `arn:aws:s3:::bucket-2`.
293
301
  #
294
- # 5. The event occurs on an object in an S3 bucket that you didn't
295
- # specify in the event selector. The trail doesn’t log the event.
302
+ # 4. The `PutObject` API operation occurred for an object in an S3
303
+ # bucket that the CloudTrail user didn't specify for the trail. The
304
+ # trail doesn’t log the event.
305
+ #
306
+ # The following example demonstrates how logging works when you
307
+ # configure logging of AWS Lambda data events for a Lambda function
308
+ # named *MyLambdaFunction*, but not for all AWS Lambda functions.
309
+ #
310
+ # 1. A user runs a script that includes a call to the
311
+ # *MyLambdaFunction* function and the *MyOtherLambdaFunction*
312
+ # function.
313
+ #
314
+ # 2. The `Invoke` API operation on *MyLambdaFunction* is an AWS Lambda
315
+ # API. It is recorded as a data event in CloudTrail. Because the
316
+ # CloudTrail user specified logging data events for
317
+ # *MyLambdaFunction*, any invocations of that function are logged.
318
+ # The trail processes and logs the event.
319
+ #
320
+ # 3. The `Invoke` API operation on *MyOtherLambdaFunction* is an AWS
321
+ # Lambda API. Because the CloudTrail user did not specify logging
322
+ # data events for all Lambda functions, the `Invoke` operation for
323
+ # *MyOtherLambdaFunction* does not match the function specified for
324
+ # the trail. The trail doesn’t log the event.
296
325
  #
297
326
  # @note When making an API call, you may pass DataResource
298
327
  # data as a hash:
@@ -304,20 +333,58 @@ module Aws::CloudTrail
304
333
  #
305
334
  # @!attribute [rw] type
306
335
  # The resource type in which you want to log data events. You can
307
- # specify only the following value: `AWS::S3::Object`.
336
+ # specify `AWS::S3::Object` or `AWS::Lambda::Function` resources.
308
337
  # @return [String]
309
338
  #
310
339
  # @!attribute [rw] values
311
- # A list of ARN-like strings for the specified S3 objects.
340
+ # An array of Amazon Resource Name (ARN) strings or partial ARN
341
+ # strings for the specified objects.
342
+ #
343
+ # * To log data events for all objects in all S3 buckets in your AWS
344
+ # account, specify the prefix as `arn:aws:s3:::`.
345
+ #
346
+ # <note markdown="1"> This will also enable logging of data event activity performed by
347
+ # any user or role in your AWS account, even if that activity is
348
+ # performed on a bucket that belongs to another AWS account.
349
+ #
350
+ # </note>
351
+ #
352
+ # * To log data events for all objects in all S3 buckets that include
353
+ # *my-bucket* in their names, specify the prefix as
354
+ # `aws:s3:::my-bucket`. The trail logs data events for all objects
355
+ # in all buckets whose name contains a match for *my-bucket*.
356
+ #
357
+ # * To log data events for all objects in an S3 bucket, specify the
358
+ # bucket and an empty object prefix such as
359
+ # `arn:aws:s3:::bucket-1/`. The trail logs data events for all
360
+ # objects in this S3 bucket.
312
361
  #
313
- # To log data events for all objects in an S3 bucket, specify the
314
- # bucket and an empty object prefix such as `arn:aws:s3:::bucket-1/`.
315
- # The trail logs data events for all objects in this S3 bucket.
362
+ # * To log data events for specific objects, specify the S3 bucket and
363
+ # object prefix such as `arn:aws:s3:::bucket-1/example-images`. The
364
+ # trail logs data events for objects in this S3 bucket that match
365
+ # the prefix.
316
366
  #
317
- # To log data events for specific objects, specify the S3 bucket and
318
- # object prefix such as `arn:aws:s3:::bucket-1/example-images`. The
319
- # trail logs data events for objects in this S3 bucket that match the
320
- # prefix.
367
+ # * To log data events for all functions in your AWS account, specify
368
+ # the prefix as `arn:aws:lambda`.
369
+ #
370
+ # <note markdown="1"> This will also enable logging of `Invoke` activity performed by
371
+ # any user or role in your AWS account, even if that activity is
372
+ # performed on a function that belongs to another AWS account.
373
+ #
374
+ # </note>
375
+ #
376
+ # * To log data eents for a specific Lambda function, specify the
377
+ # function ARN.
378
+ #
379
+ # <note markdown="1"> Lambda function ARNs are exact. Unlike S3, you cannot use
380
+ # matching. For example, if you specify a function ARN
381
+ # *arn:aws:lambda:us-west-2:111111111111:function:helloworld*, data
382
+ # events will only be logged for
383
+ # *arn:aws:lambda:us-west-2:111111111111:function:helloworld*. They
384
+ # will not be logged for
385
+ # *arn:aws:lambda:us-west-2:111111111111:function:helloworld2*.
386
+ #
387
+ # </note>
321
388
  # @return [Array<String>]
322
389
  #
323
390
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DataResource AWS API Documentation
@@ -340,7 +407,7 @@ module Aws::CloudTrail
340
407
  # @!attribute [rw] name
341
408
  # Specifies the name or the CloudTrail ARN of the trail to be deleted.
342
409
  # The format of a trail ARN is:
343
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
410
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
344
411
  # @return [String]
345
412
  #
346
413
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteTrailRequest AWS API Documentation
@@ -371,7 +438,7 @@ module Aws::CloudTrail
371
438
  # Specifies a list of trail names, trail ARNs, or both, of the trails
372
439
  # to describe. The format of a trail ARN is:
373
440
  #
374
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
441
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
375
442
  #
376
443
  # If an empty list is specified, information for the trail in the
377
444
  # current region is returned.
@@ -430,6 +497,17 @@ module Aws::CloudTrail
430
497
  # The name of the event returned.
431
498
  # @return [String]
432
499
  #
500
+ # @!attribute [rw] read_only
501
+ # Information about whether the event is a write event or a read
502
+ # event.
503
+ # @return [String]
504
+ #
505
+ # @!attribute [rw] access_key_id
506
+ # The AWS access key ID that was used to sign the request. If the
507
+ # request was made with temporary security credentials, this is the
508
+ # access key ID of the temporary credentials.
509
+ # @return [String]
510
+ #
433
511
  # @!attribute [rw] event_time
434
512
  # The date and time of the event returned.
435
513
  # @return [Time]
@@ -456,6 +534,8 @@ module Aws::CloudTrail
456
534
  class Event < Struct.new(
457
535
  :event_id,
458
536
  :event_name,
537
+ :read_only,
538
+ :access_key_id,
459
539
  :event_time,
460
540
  :event_source,
461
541
  :username,
@@ -464,12 +544,14 @@ module Aws::CloudTrail
464
544
  include Aws::Structure
465
545
  end
466
546
 
467
- # Use event selectors to specify whether you want your trail to log
468
- # management and/or data events. When an event occurs in your account,
469
- # CloudTrail evaluates the event selector for all trails. For each
470
- # trail, if the event matches any event selector, the trail processes
471
- # and logs the event. If the event doesn't match any event selector,
472
- # the trail doesn't log the event.
547
+ # Use event selectors to further specify the management and data event
548
+ # settings for your trail. By default, trails created without specific
549
+ # event selectors will be configured to log all read and write
550
+ # management events, and no data events. When an event occurs in your
551
+ # account, CloudTrail evaluates the event selector for all trails. For
552
+ # each trail, if the event matches any event selector, the trail
553
+ # processes and logs the event. If the event doesn't match any event
554
+ # selector, the trail doesn't log the event.
473
555
  #
474
556
  # You can configure up to five event selectors for a trail.
475
557
  #
@@ -511,15 +593,20 @@ module Aws::CloudTrail
511
593
  # @return [Boolean]
512
594
  #
513
595
  # @!attribute [rw] data_resources
514
- # CloudTrail supports logging only data events for S3 objects. You can
515
- # specify up to 250 S3 buckets and object prefixes for a trail.
596
+ # CloudTrail supports data event logging for Amazon S3 objects and AWS
597
+ # Lambda functions. You can specify up to 250 resources for an
598
+ # individual event selector, but the total number of data resources
599
+ # cannot exceed 250 across all event selectors in a trail. This limit
600
+ # does not apply if you configure resource logging for all data
601
+ # events.
516
602
  #
517
- # For more information, see [Data Events][1] in the *AWS CloudTrail
518
- # User Guide*.
603
+ # For more information, see [Data Events][1] and [Limits in AWS
604
+ # CloudTrail][2] in the *AWS CloudTrail User Guide*.
519
605
  #
520
606
  #
521
607
  #
522
608
  # [1]: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events
609
+ # [2]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
523
610
  # @return [Array<Types::DataResource>]
524
611
  #
525
612
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventSelector AWS API Documentation
@@ -550,13 +637,13 @@ module Aws::CloudTrail
550
637
  # * Be between 3 and 128 characters
551
638
  #
552
639
  # * Have no adjacent periods, underscores or dashes. Names like
553
- # `my-_namespace` and `my--namespace` are invalid.
640
+ # `my-_namespace` and `my--namespace` are not valid.
554
641
  #
555
642
  # * Not be in IP address format (for example, 192.168.5.4)
556
643
  #
557
644
  # If you specify a trail ARN, it must be in the format:
558
645
  #
559
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
646
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
560
647
  # @return [String]
561
648
  #
562
649
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectorsRequest AWS API Documentation
@@ -597,7 +684,7 @@ module Aws::CloudTrail
597
684
  # replication of the trail in another region), you must specify its
598
685
  # ARN. The format of a trail ARN is:
599
686
  #
600
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
687
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
601
688
  # @return [String]
602
689
  #
603
690
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetTrailStatusRequest AWS API Documentation
@@ -818,7 +905,7 @@ module Aws::CloudTrail
818
905
  # Specifies a list of trail ARNs whose tags will be listed. The list
819
906
  # has a limit of 20 ARNs. The format of a trail ARN is:
820
907
  #
821
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
908
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
822
909
  # @return [Array<String>]
823
910
  #
824
911
  # @!attribute [rw] next_token
@@ -858,7 +945,7 @@ module Aws::CloudTrail
858
945
  # data as a hash:
859
946
  #
860
947
  # {
861
- # attribute_key: "EventId", # required, accepts EventId, EventName, Username, ResourceType, ResourceName, EventSource
948
+ # attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
862
949
  # attribute_value: "String", # required
863
950
  # }
864
951
  #
@@ -886,7 +973,7 @@ module Aws::CloudTrail
886
973
  # {
887
974
  # lookup_attributes: [
888
975
  # {
889
- # attribute_key: "EventId", # required, accepts EventId, EventName, Username, ResourceType, ResourceName, EventSource
976
+ # attribute_key: "EventId", # required, accepts EventId, EventName, ReadOnly, Username, ResourceType, ResourceName, EventSource, AccessKeyId
890
977
  # attribute_value: "String", # required
891
978
  # },
892
979
  # ],
@@ -915,7 +1002,7 @@ module Aws::CloudTrail
915
1002
  #
916
1003
  # @!attribute [rw] max_results
917
1004
  # The number of events to return. Possible values are 1 through 50.
918
- # The default is 10.
1005
+ # The default is 50.
919
1006
  # @return [Integer]
920
1007
  #
921
1008
  # @!attribute [rw] next_token
@@ -1028,7 +1115,7 @@ module Aws::CloudTrail
1028
1115
  #
1029
1116
  # If you specify a trail ARN, it must be in the format:
1030
1117
  #
1031
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1118
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1032
1119
  # @return [String]
1033
1120
  #
1034
1121
  # @!attribute [rw] event_selectors
@@ -1048,7 +1135,7 @@ module Aws::CloudTrail
1048
1135
  # Specifies the ARN of the trail that was updated with event
1049
1136
  # selectors. The format of a trail ARN is:
1050
1137
  #
1051
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1138
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1052
1139
  # @return [String]
1053
1140
  #
1054
1141
  # @!attribute [rw] event_selectors
@@ -1082,7 +1169,7 @@ module Aws::CloudTrail
1082
1169
  # Specifies the ARN of the trail from which tags should be removed.
1083
1170
  # The format of a trail ARN is:
1084
1171
  #
1085
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1172
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1086
1173
  # @return [String]
1087
1174
  #
1088
1175
  # @!attribute [rw] tags_list
@@ -1166,7 +1253,7 @@ module Aws::CloudTrail
1166
1253
  # Specifies the name or the CloudTrail ARN of the trail for which
1167
1254
  # CloudTrail logs AWS API calls. The format of a trail ARN is:
1168
1255
  #
1169
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1256
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1170
1257
  # @return [String]
1171
1258
  #
1172
1259
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartLoggingRequest AWS API Documentation
@@ -1198,7 +1285,7 @@ module Aws::CloudTrail
1198
1285
  # CloudTrail will stop logging AWS API calls. The format of a trail
1199
1286
  # ARN is:
1200
1287
  #
1201
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1288
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1202
1289
  # @return [String]
1203
1290
  #
1204
1291
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopLoggingRequest AWS API Documentation
@@ -1281,7 +1368,7 @@ module Aws::CloudTrail
1281
1368
  # send notifications when log files are delivered. The format of a
1282
1369
  # topic ARN is:
1283
1370
  #
1284
- # `arn:aws:sns:us-east-1:123456789012:MyTopic`
1371
+ # `arn:aws:sns:us-east-2:123456789012:MyTopic`
1285
1372
  # @return [String]
1286
1373
  #
1287
1374
  # @!attribute [rw] include_global_service_events
@@ -1301,7 +1388,7 @@ module Aws::CloudTrail
1301
1388
  # @!attribute [rw] trail_arn
1302
1389
  # Specifies the ARN of the trail. The format of a trail ARN is:
1303
1390
  #
1304
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1391
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1305
1392
  # @return [String]
1306
1393
  #
1307
1394
  # @!attribute [rw] log_file_validation_enabled
@@ -1323,7 +1410,7 @@ module Aws::CloudTrail
1323
1410
  # CloudTrail. The value is a fully specified ARN to a KMS key in the
1324
1411
  # format:
1325
1412
  #
1326
- # `arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012`
1413
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
1327
1414
  # @return [String]
1328
1415
  #
1329
1416
  # @!attribute [rw] has_custom_event_selectors
@@ -1386,7 +1473,7 @@ module Aws::CloudTrail
1386
1473
  #
1387
1474
  # If `Name` is a trail ARN, it must be in the format:
1388
1475
  #
1389
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1476
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1390
1477
  # @return [String]
1391
1478
  #
1392
1479
  # @!attribute [rw] s3_bucket_name
@@ -1468,9 +1555,9 @@ module Aws::CloudTrail
1468
1555
  #
1469
1556
  # * alias/MyAliasName
1470
1557
  #
1471
- # * arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
1558
+ # * arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
1472
1559
  #
1473
- # * arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
1560
+ # * arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
1474
1561
  #
1475
1562
  # * 12345678-1234-1234-1234-123456789012
1476
1563
  # @return [String]
@@ -1522,7 +1609,7 @@ module Aws::CloudTrail
1522
1609
  # send notifications when log files are delivered. The format of a
1523
1610
  # topic ARN is:
1524
1611
  #
1525
- # `arn:aws:sns:us-east-1:123456789012:MyTopic`
1612
+ # `arn:aws:sns:us-east-2:123456789012:MyTopic`
1526
1613
  # @return [String]
1527
1614
  #
1528
1615
  # @!attribute [rw] include_global_service_events
@@ -1538,7 +1625,7 @@ module Aws::CloudTrail
1538
1625
  # Specifies the ARN of the trail that was updated. The format of a
1539
1626
  # trail ARN is:
1540
1627
  #
1541
- # `arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail`
1628
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
1542
1629
  # @return [String]
1543
1630
  #
1544
1631
  # @!attribute [rw] log_file_validation_enabled
@@ -1560,7 +1647,7 @@ module Aws::CloudTrail
1560
1647
  # CloudTrail. The value is a fully specified ARN to a KMS key in the
1561
1648
  # format:
1562
1649
  #
1563
- # `arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012`
1650
+ # `arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012`
1564
1651
  # @return [String]
1565
1652
  #
1566
1653
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrailResponse AWS API Documentation
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-cloudtrail
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-06 00:00:00.000000000 Z
11
+ date: 2018-10-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core