aws-sdk-cloudtrail 1.69.0 → 1.70.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b24cb672b25c72e3db7577e21748e2fda21e947e97d28e877288f3fb3920fa3
-  data.tar.gz: 589f160ef8f987c1e04b30bc8ecebe6b748003908c6eddba386e55922d004fbd
+  metadata.gz: 0c4a3833b686aa7351ba9a3ee53728b877fdc1b9e3601df0629e628bbcbc19dc
+  data.tar.gz: 3b5962fc934cd48772c6a8c79f995d876665dd640a0a24dcf38b7de07f75ab03
 SHA512:
-  metadata.gz: 2eb1970c37645e3e7afbabbf4b4d4cd09ccecad94853f8c6b1f08dcb36f41bfe4982d15a3f155ad9e3a0119d3214a3ee809bc2bc68de7c6f0cd2907fef06c1f1
-  data.tar.gz: 5a24aa6853d60a7d6db173a6e902dda48216e049369ca2f12c2bd2e418f430232514a3561ce279c3ac857fd95f8a59c3c3d88501e55ee92aa53b44314c0aecad
+  metadata.gz: 8e2d1328bbeb257cdac10c82ff6e548eaa4791c32723c91d9a482fe06ebf248187f18f232234148e8e103f93167a1f3f459e920ddb17e96873bef824a5c6ac9a
+  data.tar.gz: 2fd3bd68bee11f68b97f29812ec5afcb172fa4505fb94574aed2453869c4d58d6062b02c5b00d7376cd827e84f42d10d5fc324ee067a753d561ba86e65015e30

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.70.0 (2023-11-09)
+------------------
+
+* Feature - The Insights in Lake feature lets customers enable CloudTrail Insights on a source CloudTrail Lake event data store and create a destination event data store to collect Insights events based on unusual management event activity in the source event data store.
+
 1.69.0 (2023-09-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.69.0
+1.70.0

data/lib/aws-sdk-cloudtrail/client.rb

@@ -828,6 +828,11 @@ module Aws::CloudTrail
     #
     #   Not required unless you specify `CloudWatchLogsRoleArn`.
     #
+    #   <note markdown="1"> Only the management account can configure a CloudWatch Logs log group
+    #   for an organization trail.
+    #
+    #    </note>
+    #
     # @option params [String] :cloud_watch_logs_role_arn
     #   Specifies the role for the CloudWatch Logs endpoint to assume to write
     #   to a user's log group. You must use a role that exists in your
@@ -1471,20 +1476,26 @@ module Aws::CloudTrail
     end
 
     # Describes the settings for the Insights event selectors that you
-    # configured for your trail. `GetInsightSelectors` shows if CloudTrail
-    # Insights event logging is enabled on the trail, and if it is, which
-    # insight types are enabled. If you run `GetInsightSelectors` on a trail
-    # that does not have Insights events enabled, the operation throws the
-    # exception `InsightNotEnabledException`
+    # configured for your trail or event data store. `GetInsightSelectors`
+    # shows if CloudTrail Insights event logging is enabled on the trail or
+    # event data store, and if it is, which Insights types are enabled. If
+    # you run `GetInsightSelectors` on a trail or event data store that does
+    # not have Insights events enabled, the operation throws the exception
+    # `InsightNotEnabledException`
     #
-    # For more information, see [Logging CloudTrail Insights Events for
-    # Trails ][1] in the *CloudTrail User Guide*.
+    # Specify either the `EventDataStore` parameter to get Insights event
+    # selectors for an event data store, or the `TrailName` parameter to the
+    # get Insights event selectors for a trail. You cannot specify these
+    # parameters together.
+    #
+    # For more information, see [Logging CloudTrail Insights events][1] in
+    # the *CloudTrail User Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
     #
-    # @option params [required, String] :trail_name
+    # @option params [String] :trail_name
     #   Specifies the name of the trail or trail ARN. If you specify a trail
     #   name, the string must meet the following requirements:
     #
@@ -1504,15 +1515,26 @@ module Aws::CloudTrail
     #
     #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
     #
+    #   You cannot use this parameter with the `EventDataStore` parameter.
+    #
+    # @option params [String] :event_data_store
+    #   Specifies the ARN (or ID suffix of the ARN) of the event data store
+    #   for which you want to get Insights selectors.
+    #
+    #   You cannot use this parameter with the `TrailName` parameter.
+    #
     # @return [Types::GetInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetInsightSelectorsResponse#trail_arn #trail_arn} => String
     #   * {Types::GetInsightSelectorsResponse#insight_selectors #insight_selectors} => Array&lt;Types::InsightSelector&gt;
+    #   * {Types::GetInsightSelectorsResponse#event_data_store_arn #event_data_store_arn} => String
+    #   * {Types::GetInsightSelectorsResponse#insights_destination #insights_destination} => String
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_insight_selectors({
-    #     trail_name: "String", # required
+    #     trail_name: "String",
+    #     event_data_store: "EventDataStoreArn",
     #   })
     #
     # @example Response structure
@@ -1520,6 +1542,8 @@ module Aws::CloudTrail
     #   resp.trail_arn #=> String
     #   resp.insight_selectors #=> Array
     #   resp.insight_selectors[0].insight_type #=> String, one of "ApiCallRateInsight", "ApiErrorRateInsight"
+    #   resp.event_data_store_arn #=> String
+    #   resp.insights_destination #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectors AWS API Documentation
     #
@@ -2149,8 +2173,16 @@ module Aws::CloudTrail
 
     # Looks up [management events][1] or [CloudTrail Insights events][2]
     # that are captured by CloudTrail. You can look up events that occurred
-    # in a Region within the last 90 days. Lookup supports the following
-    # attributes for management events:
+    # in a Region within the last 90 days.
+    #
+    # <note markdown="1"> `LookupEvents` returns recent Insights events for trails that enable
+    # Insights. To view Insights events for an event data store, you can run
+    # queries on your Insights event data store, and you can also view the
+    # Lake dashboard for Insights.
+    #
+    #  </note>
+    #
+    # Lookup supports the following attributes for management events:
     #
     # * Amazon Web Services access key
     #
@@ -2446,25 +2478,51 @@ module Aws::CloudTrail
     end
 
     # Lets you enable Insights event logging by specifying the Insights
-    # selectors that you want to enable on an existing trail. You also use
-    # `PutInsightSelectors` to turn off Insights event logging, by passing
-    # an empty list of insight types. The valid Insights event types in this
-    # release are `ApiErrorRateInsight` and `ApiCallRateInsight`.
+    # selectors that you want to enable on an existing trail or event data
+    # store. You also use `PutInsightSelectors` to turn off Insights event
+    # logging, by passing an empty list of Insights types. The valid
+    # Insights event types are `ApiErrorRateInsight` and
+    # `ApiCallRateInsight`.
+    #
+    # To enable Insights on an event data store, you must specify the ARNs
+    # (or ID suffix of the ARNs) for the source event data store
+    # (`EventDataStore`) and the destination event data store
+    # (`InsightsDestination`). The source event data store logs management
+    # events and enables Insights. The destination event data store logs
+    # Insights events based upon the management event activity of the source
+    # event data store. The source and destination event data stores must
+    # belong to the same Amazon Web Services account.
+    #
+    # To log Insights events for a trail, you must specify the name
+    # (`TrailName`) of the CloudTrail trail for which you want to change or
+    # add Insights selectors.
+    #
+    # To log CloudTrail Insights events on API call volume, the trail or
+    # event data store must log `write` management events. To log CloudTrail
+    # Insights events on API error rate, the trail or event data store must
+    # log `read` or `write` management events. You can call
+    # `GetEventSelectors` on a trail to check whether the trail logs
+    # management events. You can call `GetEventDataStore` on an event data
+    # store to check whether the event data store logs management events.
+    #
+    # For more information, see [Logging CloudTrail Insights events][1] in
+    # the *CloudTrail User Guide*.
     #
-    # To log CloudTrail Insights events on API call volume, the trail must
-    # log `write` management events. To log CloudTrail Insights events on
-    # API error rate, the trail must log `read` or `write` management
-    # events. You can call `GetEventSelectors` on a trail to check whether
-    # the trail logs management events.
     #
-    # @option params [required, String] :trail_name
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
+    #
+    # @option params [String] :trail_name
     #   The name of the CloudTrail trail for which you want to change or add
     #   Insights selectors.
     #
+    #   You cannot use this parameter with the `EventDataStore` and
+    #   `InsightsDestination` parameters.
+    #
     # @option params [required, Array<Types::InsightSelector>] :insight_selectors
-    #   A JSON string that contains the insight types you want to log on a
-    #   trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
-    #   Insight types.
+    #   A JSON string that contains the Insights types you want to log on a
+    #   trail or event data store. `ApiCallRateInsight` and
+    #   `ApiErrorRateInsight` are valid Insight types.
     #
     #   The `ApiCallRateInsight` Insights type analyzes write-only management
     #   API calls that are aggregated per minute against a baseline API call
@@ -2474,20 +2532,40 @@ module Aws::CloudTrail
     #   that result in error codes. The error is shown if the API call is
     #   unsuccessful.
     #
+    # @option params [String] :event_data_store
+    #   The ARN (or ID suffix of the ARN) of the source event data store for
+    #   which you want to change or add Insights selectors. To enable Insights
+    #   on an event data store, you must provide both the `EventDataStore` and
+    #   `InsightsDestination` parameters.
+    #
+    #   You cannot use this parameter with the `TrailName` parameter.
+    #
+    # @option params [String] :insights_destination
+    #   The ARN (or ID suffix of the ARN) of the destination event data store
+    #   that logs Insights events. To enable Insights on an event data store,
+    #   you must provide both the `EventDataStore` and `InsightsDestination`
+    #   parameters.
+    #
+    #   You cannot use this parameter with the `TrailName` parameter.
+    #
     # @return [Types::PutInsightSelectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutInsightSelectorsResponse#trail_arn #trail_arn} => String
     #   * {Types::PutInsightSelectorsResponse#insight_selectors #insight_selectors} => Array&lt;Types::InsightSelector&gt;
+    #   * {Types::PutInsightSelectorsResponse#event_data_store_arn #event_data_store_arn} => String
+    #   * {Types::PutInsightSelectorsResponse#insights_destination #insights_destination} => String
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.put_insight_selectors({
-    #     trail_name: "String", # required
+    #     trail_name: "String",
     #     insight_selectors: [ # required
     #       {
     #         insight_type: "ApiCallRateInsight", # accepts ApiCallRateInsight, ApiErrorRateInsight
     #       },
     #     ],
+    #     event_data_store: "EventDataStoreArn",
+    #     insights_destination: "EventDataStoreArn",
     #   })
     #
     # @example Response structure
@@ -2495,6 +2573,8 @@ module Aws::CloudTrail
     #   resp.trail_arn #=> String
     #   resp.insight_selectors #=> Array
     #   resp.insight_selectors[0].insight_type #=> String, one of "ApiCallRateInsight", "ApiErrorRateInsight"
+    #   resp.event_data_store_arn #=> String
+    #   resp.insights_destination #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectors AWS API Documentation
     #
@@ -2560,8 +2640,12 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
-    # Registers an organization’s member account as the CloudTrail delegated
-    # administrator.
+    # Registers an organization’s member account as the CloudTrail
+    # [delegated administrator][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-delegated-administrator.html
     #
     # @option params [required, String] :member_account_id
     #   An organization member account ID that you want to designate as a
@@ -3073,9 +3157,9 @@ module Aws::CloudTrail
     # enabled.
     #
     # For event data stores for CloudTrail events, `AdvancedEventSelectors`
-    # includes or excludes management and data events in your event data
-    # store. For more information about `AdvancedEventSelectors`, see
-    # [AdvancedEventSelectors][1].
+    # includes or excludes management, data, or Insights events in your
+    # event data store. For more information about `AdvancedEventSelectors`,
+    # see [AdvancedEventSelectors][1].
     #
     # For event data stores for Config configuration items, Audit Manager
     # evidence, or non-Amazon Web Services events, `AdvancedEventSelectors`
@@ -3105,6 +3189,13 @@ module Aws::CloudTrail
     #   Specifies whether an event data store collects events logged for an
     #   organization in Organizations.
     #
+    #   <note markdown="1"> Only the management account for the organization can convert an
+    #   organization event data store to a non-organization event data store,
+    #   or convert a non-organization event data store to an organization
+    #   event data store.
+    #
+    #    </note>
+    #
     # @option params [Integer] :retention_period
     #   The retention period of the event data store, in days. You can set a
     #   retention period of up to 2557 days, the equivalent of seven years.
@@ -3325,6 +3416,11 @@ module Aws::CloudTrail
     #
     #   Not required unless you specify `CloudWatchLogsRoleArn`.
     #
+    #   <note markdown="1"> Only the management account can configure a CloudWatch Logs log group
+    #   for an organization trail.
+    #
+    #    </note>
+    #
     # @option params [String] :cloud_watch_logs_role_arn
     #   Specifies the role for the CloudWatch Logs endpoint to assume to write
     #   to a user's log group. You must use a role that exists in your
@@ -3359,13 +3455,18 @@ module Aws::CloudTrail
     #   organization in Organizations, or only for the current Amazon Web
     #   Services account. The default is false, and cannot be true unless the
     #   call is made on behalf of an Amazon Web Services account that is the
-    #   management account or delegated administrator account for an
-    #   organization in Organizations. If the trail is not an organization
-    #   trail and this is set to `true`, the trail will be created in all
-    #   Amazon Web Services accounts that belong to the organization. If the
-    #   trail is an organization trail and this is set to `false`, the trail
-    #   will remain in the current Amazon Web Services account but be deleted
-    #   from all member accounts in the organization.
+    #   management account for an organization in Organizations. If the trail
+    #   is not an organization trail and this is set to `true`, the trail will
+    #   be created in all Amazon Web Services accounts that belong to the
+    #   organization. If the trail is an organization trail and this is set to
+    #   `false`, the trail will remain in the current Amazon Web Services
+    #   account but be deleted from all member accounts in the organization.
+    #
+    #   <note markdown="1"> Only the management account for the organization can convert an
+    #   organization trail to a non-organization trail, or convert a
+    #   non-organization trail to an organization trail.
+    #
+    #    </note>
     #
     # @return [Types::UpdateTrailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3437,7 +3538,7 @@ module Aws::CloudTrail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudtrail'
-      context[:gem_version] = '1.69.0'
+      context[:gem_version] = '1.70.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudtrail/client_api.rb

@@ -586,11 +586,14 @@ module Aws::CloudTrail
     GetImportResponse.add_member(:import_statistics, Shapes::ShapeRef.new(shape: ImportStatistics, location_name: "ImportStatistics"))
     GetImportResponse.struct_class = Types::GetImportResponse
 
-    GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
+    GetInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, location_name: "TrailName"))
+    GetInsightSelectorsRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStore"))
     GetInsightSelectorsRequest.struct_class = Types::GetInsightSelectorsRequest
 
     GetInsightSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
     GetInsightSelectorsResponse.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, location_name: "InsightSelectors"))
+    GetInsightSelectorsResponse.add_member(:event_data_store_arn, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStoreArn"))
+    GetInsightSelectorsResponse.add_member(:insights_destination, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "InsightsDestination"))
     GetInsightSelectorsResponse.struct_class = Types::GetInsightSelectorsResponse
 
     GetQueryResultsRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, deprecated: true, location_name: "EventDataStore", metadata: {"deprecatedMessage"=>"EventDataStore is no longer required by GetQueryResultsRequest"}))
@@ -882,12 +885,16 @@ module Aws::CloudTrail
     PutEventSelectorsResponse.add_member(:advanced_event_selectors, Shapes::ShapeRef.new(shape: AdvancedEventSelectors, location_name: "AdvancedEventSelectors"))
     PutEventSelectorsResponse.struct_class = Types::PutEventSelectorsResponse
 
-    PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
+    PutInsightSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, location_name: "TrailName"))
     PutInsightSelectorsRequest.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, required: true, location_name: "InsightSelectors"))
+    PutInsightSelectorsRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStore"))
+    PutInsightSelectorsRequest.add_member(:insights_destination, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "InsightsDestination"))
     PutInsightSelectorsRequest.struct_class = Types::PutInsightSelectorsRequest
 
     PutInsightSelectorsResponse.add_member(:trail_arn, Shapes::ShapeRef.new(shape: String, location_name: "TrailARN"))
     PutInsightSelectorsResponse.add_member(:insight_selectors, Shapes::ShapeRef.new(shape: InsightSelectors, location_name: "InsightSelectors"))
+    PutInsightSelectorsResponse.add_member(:event_data_store_arn, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStoreArn"))
+    PutInsightSelectorsResponse.add_member(:insights_destination, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "InsightsDestination"))
     PutInsightSelectorsResponse.struct_class = Types::PutInsightSelectorsResponse
 
     PutResourcePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
@@ -1476,6 +1483,8 @@ module Aws::CloudTrail
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: GetInsightSelectorsRequest)
         o.output = Shapes::ShapeRef.new(shape: GetInsightSelectorsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterCombinationException)
         o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
         o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
@@ -1751,6 +1760,8 @@ module Aws::CloudTrail
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: PutInsightSelectorsRequest)
         o.output = Shapes::ShapeRef.new(shape: PutInsightSelectorsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterCombinationException)
         o.errors << Shapes::ShapeRef.new(shape: TrailNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTrailNameException)
         o.errors << Shapes::ShapeRef.new(shape: CloudTrailARNInvalidException)
@@ -2003,6 +2014,7 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
         o.errors << Shapes::ShapeRef.new(shape: EventDataStoreNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidEventSelectorsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInsightSelectorsException)
         o.errors << Shapes::ShapeRef.new(shape: EventDataStoreHasOngoingImportException)
         o.errors << Shapes::ShapeRef.new(shape: InactiveEventDataStoreException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)

data/lib/aws-sdk-cloudtrail/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::CloudTrail
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-east-1")
                 return Aws::Endpoints::Endpoint.new(url: "https://cloudtrail.us-gov-east-1.amazonaws.com", headers: {}, properties: {})
               end

data/lib/aws-sdk-cloudtrail/types.rb

@@ -140,8 +140,8 @@ module Aws::CloudTrail
     #     events.
     #
     #   * <b> <code>eventSource</code> </b> - For filtering management
-    #     events only. This can be set only to `NotEquals`
-    #     `kms.amazonaws.com`.
+    #     events only. This can be set to `NotEquals` `kms.amazonaws.com` or
+    #     `NotEquals` `rdsdata.amazonaws.com`.
     #
     #   * <b> <code>eventName</code> </b> - Can use any operator. You can
     #     use it to filter in or filter out any data event logged to
@@ -154,6 +154,9 @@ module Aws::CloudTrail
     #     * For CloudTrail event records, the value must be `Management` or
     #       `Data`.
     #
+    #     * For CloudTrail Insights event records, the value must be
+    #       `Insight`.
+    #
     #     * For Config configuration items, the value must be
     #       `ConfigurationItem`.
     #
@@ -174,6 +177,8 @@ module Aws::CloudTrail
     #
     #     * `AWS::CloudTrail::Channel`
     #
+    #     * `AWS::CodeWhisperer::Customization`
+    #
     #     * `AWS::CodeWhisperer::Profile`
     #
     #     * `AWS::Cognito::IdentityPool`
@@ -192,16 +197,26 @@ module Aws::CloudTrail
     #
     #     * `AWS::KendraRanking::ExecutionPlan`
     #
+    #     * `AWS::KinesisVideo::Stream`
+    #
     #     * `AWS::ManagedBlockchain::Network`
     #
     #     * `AWS::ManagedBlockchain::Node`
     #
     #     * `AWS::MedicalImaging::Datastore`
     #
+    #     * `AWS::PCAConnectorAD::Connector`
+    #
+    #     * `AWS::SageMaker::Endpoint`
+    #
     #     * `AWS::SageMaker::ExperimentTrialComponent`
     #
     #     * `AWS::SageMaker::FeatureGroup`
     #
+    #     * `AWS::SNS::PlatformEndpoint`
+    #
+    #     * `AWS::SNS::Topic`
+    #
     #     * `AWS::S3::AccessPoint`
     #
     #     * `AWS::S3ObjectLambda::AccessPoint`
@@ -210,6 +225,10 @@ module Aws::CloudTrail
     #
     #     * `AWS::SSMMessages::ControlChannel`
     #
+    #     * `AWS::Timestream::Database`
+    #
+    #     * `AWS::Timestream::Table`
+    #
     #     * `AWS::VerifiedPermissions::PolicyStore`
     #
     #     You can have only one `resources.type` field per selector. To log
@@ -256,6 +275,14 @@ module Aws::CloudTrail
     #
     #     ^
     #
+    #     When resources.type equals `AWS::CodeWhisperer::Customization`,
+    #     and the operator is set to `Equals` or `NotEquals`, the ARN must
+    #     be in the following format:
+    #
+    #     * `arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`
+    #
+    #     ^
+    #
     #     When resources.type equals `AWS::CodeWhisperer::Profile`, and the
     #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
     #     following format:
@@ -328,6 +355,14 @@ module Aws::CloudTrail
     #
     #     ^
     #
+    #     When `resources.type` equals `AWS::KinesisVideo::Stream`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name/<creation_time>`
+    #
+    #     ^
+    #
     #     When `resources.type` equals `AWS::ManagedBlockchain::Network`,
     #     and the operator is set to `Equals` or `NotEquals`, the ARN must
     #     be in the following format:
@@ -352,6 +387,22 @@ module Aws::CloudTrail
     #
     #     ^
     #
+    #     When `resources.type` equals `AWS::PCAConnectorAD::Connector`, and
+    #     the operator is set to `Equals` or `NotEquals`, the ARN must be in
+    #     the following format:
+    #
+    #     * `arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`
+    #
+    #     ^
+    #
+    #     When `resources.type` equals `AWS::SageMaker::Endpoint`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`
+    #
+    #     ^
+    #
     #     When `resources.type` equals
     #     `AWS::SageMaker::ExperimentTrialComponent`, and the operator is
     #     set to `Equals` or `NotEquals`, the ARN must be in the following
@@ -369,6 +420,22 @@ module Aws::CloudTrail
     #
     #     ^
     #
+    #     When `resources.type` equals `AWS::SNS::PlatformEndpoint`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`
+    #
+    #     ^
+    #
+    #     When `resources.type` equals `AWS::SNS::Topic`, and the operator
+    #     is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:<partition>:sns:<region>:<account_ID>:<topic_name>`
+    #
+    #     ^
+    #
     #     When `resources.type` equals `AWS::S3::AccessPoint`, and the
     #     operator is set to `Equals` or `NotEquals`, the ARN must be in one
     #     of the following formats. To log events on all objects in an S3
@@ -404,6 +471,22 @@ module Aws::CloudTrail
     #
     #     ^
     #
+    #     When `resources.type` equals `AWS::Timestream::Database`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`
+    #
+    #     ^
+    #
+    #     When `resources.type` equals `AWS::Timestream::Table`, and the
+    #     operator is set to `Equals` or `NotEquals`, the ARN must be in the
+    #     following format:
+    #
+    #     * `arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`
+    #
+    #     ^
+    #
     #     When resources.type equals
     #     `AWS::VerifiedPermissions::PolicyStore`, and the operator is set
     #     to `Equals` or `NotEquals`, the ARN must be in the following
@@ -561,15 +644,12 @@ module Aws::CloudTrail
     #
     class ChannelNotFoundException < Aws::EmptyStructure; end
 
-    # This exception is thrown when an operation is called with a trail ARN
-    # that is not valid. The following is the format of a trail ARN.
+    # This exception is thrown when an operation is called with an ARN that
+    # is not valid.
     #
+    # The following is the format of a trail ARN:
     # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
     #
-    # This exception is also thrown when you call `AddTags` or `RemoveTags`
-    # on a trail, event data store, or channel with a resource ARN that is
-    # not valid.
-    #
     # The following is the format of an event data store ARN:
     # `arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE`
     #
@@ -974,6 +1054,11 @@ module Aws::CloudTrail
     #   account.
     #
     #   Not required unless you specify `CloudWatchLogsRoleArn`.
+    #
+    #   <note markdown="1"> Only the management account can configure a CloudWatch Logs log
+    #   group for an organization trail.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] cloud_watch_logs_role_arn
@@ -1210,6 +1295,8 @@ module Aws::CloudTrail
     #
     #   * `AWS::CloudTrail::Channel`
     #
+    #   * `AWS::CodeWhisperer::Customization`
+    #
     #   * `AWS::CodeWhisperer::Profile`
     #
     #   * `AWS::Cognito::IdentityPool`
@@ -1228,16 +1315,26 @@ module Aws::CloudTrail
     #
     #   * `AWS::KendraRanking::ExecutionPlan`
     #
+    #   * `AWS::KinesisVideo::Stream`
+    #
     #   * `AWS::ManagedBlockchain::Network`
     #
     #   * `AWS::ManagedBlockchain::Node`
     #
     #   * `AWS::MedicalImaging::Datastore`
     #
+    #   * `AWS::PCAConnectorAD::Connector`
+    #
+    #   * `AWS::SageMaker::Endpoint`
+    #
     #   * `AWS::SageMaker::ExperimentTrialComponent`
     #
     #   * `AWS::SageMaker::FeatureGroup`
     #
+    #   * `AWS::SNS::PlatformEndpoint`
+    #
+    #   * `AWS::SNS::Topic`
+    #
     #   * `AWS::S3::AccessPoint`
     #
     #   * `AWS::S3ObjectLambda::AccessPoint`
@@ -1246,6 +1343,10 @@ module Aws::CloudTrail
     #
     #   * `AWS::SSMMessages::ControlChannel`
     #
+    #   * `AWS::Timestream::Database`
+    #
+    #   * `AWS::Timestream::Table`
+    #
     #   * `AWS::VerifiedPermissions::PolicyStore`
     #
     #
@@ -2118,12 +2219,22 @@ module Aws::CloudTrail
     #   If you specify a trail ARN, it must be in the format:
     #
     #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`
+    #
+    #   You cannot use this parameter with the `EventDataStore` parameter.
+    #   @return [String]
+    #
+    # @!attribute [rw] event_data_store
+    #   Specifies the ARN (or ID suffix of the ARN) of the event data store
+    #   for which you want to get Insights selectors.
+    #
+    #   You cannot use this parameter with the `TrailName` parameter.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsRequest AWS API Documentation
     #
     class GetInsightSelectorsRequest < Struct.new(
-      :trail_name)
+      :trail_name,
+      :event_data_store)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2134,16 +2245,27 @@ module Aws::CloudTrail
     #   @return [String]
     #
     # @!attribute [rw] insight_selectors
-    #   A JSON string that contains the insight types you want to log on a
-    #   trail. In this release, `ApiErrorRateInsight` and
-    #   `ApiCallRateInsight` are supported as insight types.
+    #   A JSON string that contains the Insight types you want to log on a
+    #   trail or event data store. `ApiErrorRateInsight` and
+    #   `ApiCallRateInsight` are supported as Insights types.
     #   @return [Array<Types::InsightSelector>]
     #
+    # @!attribute [rw] event_data_store_arn
+    #   The ARN of the source event data store that enabled Insights events.
+    #   @return [String]
+    #
+    # @!attribute [rw] insights_destination
+    #   The ARN of the destination event data store that logs Insights
+    #   events.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetInsightSelectorsResponse AWS API Documentation
     #
     class GetInsightSelectorsResponse < Struct.new(
       :trail_arn,
-      :insight_selectors)
+      :insight_selectors,
+      :event_data_store_arn,
+      :insights_destination)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2603,20 +2725,21 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
-    # If you run `GetInsightSelectors` on a trail that does not have
-    # Insights events enabled, the operation throws the exception
-    # `InsightNotEnabledException`.
+    # If you run `GetInsightSelectors` on a trail or event data store that
+    # does not have Insights events enabled, the operation throws the
+    # exception `InsightNotEnabledException`.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InsightNotEnabledException AWS API Documentation
     #
     class InsightNotEnabledException < Aws::EmptyStructure; end
 
     # A JSON string that contains a list of Insights types that are logged
-    # on a trail.
+    # on a trail or event data store.
     #
     # @!attribute [rw] insight_type
-    #   The type of Insights events to log on a trail. `ApiCallRateInsight`
-    #   and `ApiErrorRateInsight` are valid Insight types.
+    #   The type of Insights events to log on a trail or event data store.
+    #   `ApiCallRateInsight` and `ApiErrorRateInsight` are valid Insight
+    #   types.
     #
     #   The `ApiCallRateInsight` Insights type analyzes write-only
     #   management API calls that are aggregated per minute against a
@@ -2754,10 +2877,24 @@ module Aws::CloudTrail
     #
     class InvalidImportSourceException < Aws::EmptyStructure; end
 
-    # The formatting or syntax of the `InsightSelectors` JSON statement in
-    # your `PutInsightSelectors` or `GetInsightSelectors` request is not
-    # valid, or the specified insight type in the `InsightSelectors`
-    # statement is not a valid insight type.
+    # For `PutInsightSelectors`, this exception is thrown when the
+    # formatting or syntax of the `InsightSelectors` JSON statement is not
+    # valid, or the specified `InsightType` in the `InsightSelectors`
+    # statement is not valid. Valid values for `InsightType` are
+    # `ApiCallRateInsight` and `ApiErrorRateInsight`. To enable Insights on
+    # an event data store, the destination event data store specified by the
+    # `InsightsDestination` parameter must log Insights events and the
+    # source event data store specified by the `EventDataStore` parameter
+    # must log management events.
+    #
+    # For `UpdateEventDataStore`, this exception is thrown if Insights are
+    # enabled on the event data store and the updated advanced event
+    # selectors are not compatible with the configured `InsightSelectors`.
+    # If the `InsightSelectors` includes an `InsightType` of
+    # `ApiCallRateInsight`, the source event data store must log `write`
+    # management events. If the `InsightSelectors` includes an `InsightType`
+    # of `ApiErrorRateInsight`, the source event data store must log
+    # management events.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/InvalidInsightSelectorsException AWS API Documentation
     #
@@ -3549,12 +3686,15 @@ module Aws::CloudTrail
     # @!attribute [rw] trail_name
     #   The name of the CloudTrail trail for which you want to change or add
     #   Insights selectors.
+    #
+    #   You cannot use this parameter with the `EventDataStore` and
+    #   `InsightsDestination` parameters.
     #   @return [String]
     #
     # @!attribute [rw] insight_selectors
-    #   A JSON string that contains the insight types you want to log on a
-    #   trail. `ApiCallRateInsight` and `ApiErrorRateInsight` are valid
-    #   Insight types.
+    #   A JSON string that contains the Insights types you want to log on a
+    #   trail or event data store. `ApiCallRateInsight` and
+    #   `ApiErrorRateInsight` are valid Insight types.
     #
     #   The `ApiCallRateInsight` Insights type analyzes write-only
     #   management API calls that are aggregated per minute against a
@@ -3565,11 +3705,31 @@ module Aws::CloudTrail
     #   is unsuccessful.
     #   @return [Array<Types::InsightSelector>]
     #
+    # @!attribute [rw] event_data_store
+    #   The ARN (or ID suffix of the ARN) of the source event data store for
+    #   which you want to change or add Insights selectors. To enable
+    #   Insights on an event data store, you must provide both the
+    #   `EventDataStore` and `InsightsDestination` parameters.
+    #
+    #   You cannot use this parameter with the `TrailName` parameter.
+    #   @return [String]
+    #
+    # @!attribute [rw] insights_destination
+    #   The ARN (or ID suffix of the ARN) of the destination event data
+    #   store that logs Insights events. To enable Insights on an event data
+    #   store, you must provide both the `EventDataStore` and
+    #   `InsightsDestination` parameters.
+    #
+    #   You cannot use this parameter with the `TrailName` parameter.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsRequest AWS API Documentation
     #
     class PutInsightSelectorsRequest < Struct.new(
       :trail_name,
-      :insight_selectors)
+      :insight_selectors,
+      :event_data_store,
+      :insights_destination)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3581,15 +3741,27 @@ module Aws::CloudTrail
     #
     # @!attribute [rw] insight_selectors
     #   A JSON string that contains the Insights event types that you want
-    #   to log on a trail. The valid Insights types in this release are
+    #   to log on a trail or event data store. The valid Insights types are
     #   `ApiErrorRateInsight` and `ApiCallRateInsight`.
     #   @return [Array<Types::InsightSelector>]
     #
+    # @!attribute [rw] event_data_store_arn
+    #   The Amazon Resource Name (ARN) of the source event data store for
+    #   which you want to change or add Insights selectors.
+    #   @return [String]
+    #
+    # @!attribute [rw] insights_destination
+    #   The ARN of the destination event data store that logs Insights
+    #   events.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutInsightSelectorsResponse AWS API Documentation
     #
     class PutInsightSelectorsResponse < Struct.new(
       :trail_arn,
-      :insight_selectors)
+      :insight_selectors,
+      :event_data_store_arn,
+      :insights_destination)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4602,6 +4774,13 @@ module Aws::CloudTrail
     # @!attribute [rw] organization_enabled
     #   Specifies whether an event data store collects events logged for an
     #   organization in Organizations.
+    #
+    #   <note markdown="1"> Only the management account for the organization can convert an
+    #   organization event data store to a non-organization event data
+    #   store, or convert a non-organization event data store to an
+    #   organization event data store.
+    #
+    #    </note>
     #   @return [Boolean]
     #
     # @!attribute [rw] retention_period
@@ -4836,6 +5015,11 @@ module Aws::CloudTrail
     #   account.
     #
     #   Not required unless you specify `CloudWatchLogsRoleArn`.
+    #
+    #   <note markdown="1"> Only the management account can configure a CloudWatch Logs log
+    #   group for an organization trail.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] cloud_watch_logs_role_arn
@@ -4874,13 +5058,19 @@ module Aws::CloudTrail
     #   organization in Organizations, or only for the current Amazon Web
     #   Services account. The default is false, and cannot be true unless
     #   the call is made on behalf of an Amazon Web Services account that is
-    #   the management account or delegated administrator account for an
-    #   organization in Organizations. If the trail is not an organization
-    #   trail and this is set to `true`, the trail will be created in all
-    #   Amazon Web Services accounts that belong to the organization. If the
-    #   trail is an organization trail and this is set to `false`, the trail
-    #   will remain in the current Amazon Web Services account but be
-    #   deleted from all member accounts in the organization.
+    #   the management account for an organization in Organizations. If the
+    #   trail is not an organization trail and this is set to `true`, the
+    #   trail will be created in all Amazon Web Services accounts that
+    #   belong to the organization. If the trail is an organization trail
+    #   and this is set to `false`, the trail will remain in the current
+    #   Amazon Web Services account but be deleted from all member accounts
+    #   in the organization.
+    #
+    #   <note markdown="1"> Only the management account for the organization can convert an
+    #   organization trail to a non-organization trail, or convert a
+    #   non-organization trail to an organization trail.
+    #
+    #    </note>
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrailRequest AWS API Documentation

data/lib/aws-sdk-cloudtrail.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-cloudtrail/customizations'
 # @!group service
 module Aws::CloudTrail
 
-  GEM_VERSION = '1.69.0'
+  GEM_VERSION = '1.70.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudtrail
 version: !ruby/object:Gem::Version
-  version: 1.69.0
+  version: 1.70.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-27 00:00:00.000000000 Z
+date: 2023-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core