@aws-sdk/client-cloudtrail 3.658.0 → 3.658.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist-types/commands/GetEventSelectorsCommand.d.ts +11 -2
  2. package/dist-types/commands/PutEventSelectorsCommand.d.ts +35 -15
  3. package/dist-types/commands/StartEventDataStoreIngestionCommand.d.ts +1 -1
  4. package/dist-types/commands/StopEventDataStoreIngestionCommand.d.ts +1 -1
  5. package/dist-types/commands/UpdateEventDataStoreCommand.d.ts +1 -1
  6. package/dist-types/models/models_0.d.ts +220 -658
  7. package/package.json +12 -12
package/dist-types/models/models_0.d.ts CHANGED
@@ -460,10 +460,11 @@ export interface AdvancedFieldSelector {
460
460
  * <p> A field in a CloudTrail event record on which to filter events to be logged. For
461
461
  * event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for
462
462
  * selecting events as filtering is not supported.</p>
463
- * <p>For CloudTrail management events, supported fields include <code>readOnly</code>,
464
- * <code>eventCategory</code>, and <code>eventSource</code>.</p>
465
- * <p>For CloudTrail data events, supported fields include <code>readOnly</code>,
466
- * <code>eventCategory</code>, <code>eventName</code>, <code>resources.type</code>, and <code>resources.ARN</code>.</p>
463
+ * <p>For CloudTrail management events, supported fields include <code>eventCategory</code> (required), <code>eventSource</code>, and <code>readOnly</code>.</p>
464
+ * <p>For CloudTrail data events, supported fields include <code>eventCategory</code> (required), <code>resources.type</code> (required), <code>eventName</code>, <code>readOnly</code>,
465
+ * and <code>resources.ARN</code>.</p>
466
+ * <p>For CloudTrail network activity events, supported fields include <code>eventCategory</code> (required), <code>eventSource</code> (required), <code>eventName</code>,
467
+ * <code>errorCode</code>, and <code>vpcEndpointId</code>.</p>
467
468
  * <p> For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is
468
469
  * <code>eventCategory</code>. </p>
469
470
  * <ul>
@@ -471,8 +472,8 @@ export interface AdvancedFieldSelector {
471
472
  * <p>
472
473
  * <b>
473
474
  * <code>readOnly</code>
474
- * </b> - Optional. Can be set to
475
- * <code>Equals</code> a value of <code>true</code> or <code>false</code>. If you do
475
+ * </b> - This is an optional field that is only used for management events and data events. This field can be set to
476
+ * <code>Equals</code> with a value of <code>true</code> or <code>false</code>. If you do
476
477
  * not add this field, CloudTrail logs both <code>read</code> and
477
478
  * <code>write</code> events. A value of <code>true</code> logs only
478
479
  * <code>read</code> events. A value of <code>false</code> logs only
@@ -482,25 +483,52 @@ export interface AdvancedFieldSelector {
482
483
  * <p>
483
484
  * <b>
484
485
  * <code>eventSource</code>
485
- * </b> - For filtering
486
- * management events only. This can be set to <code>NotEquals</code>
487
- * <code>kms.amazonaws.com</code> or <code>NotEquals</code>
488
- * <code>rdsdata.amazonaws.com</code>.</p>
486
+ * </b> - This field is only used for management events and network activity events.</p>
487
+ * <p>For management events, this is an optional field that can be set to <code>NotEquals</code>
488
+ * <code>kms.amazonaws.com</code> to exclude KMS management events, or <code>NotEquals</code>
489
+ * <code>rdsdata.amazonaws.com</code> to exclude RDS management events.</p>
490
+ * <p>For network activity events, this is a required field that only uses the
491
+ * <code>Equals</code> operator. Set this field to the event source for which you want to
492
+ * log network activity events. If you want to log network activity events for multiple
493
+ * event sources, you must create a separate field selector for each event
494
+ * source.</p>
495
+ * <p>The following are valid values for network activity events:</p>
496
+ * <ul>
497
+ * <li>
498
+ * <p>
499
+ * <code>cloudtrail.amazonaws.com</code>
500
+ * </p>
501
+ * </li>
502
+ * <li>
503
+ * <p>
504
+ * <code>ec2.amazonaws.com</code>
505
+ * </p>
506
+ * </li>
507
+ * <li>
508
+ * <p>
509
+ * <code>kms.amazonaws.com</code>
510
+ * </p>
511
+ * </li>
512
+ * <li>
513
+ * <p>
514
+ * <code>secretsmanager.amazonaws.com</code>
515
+ * </p>
516
+ * </li>
517
+ * </ul>
489
518
  * </li>
490
519
  * <li>
491
520
  * <p>
492
521
  * <b>
493
522
  * <code>eventName</code>
494
- * </b> - Can use any operator.
495
- * You can use it to filter in or filter out any data event logged to CloudTrail,
496
- * such as <code>PutBucket</code> or <code>GetSnapshotBlock</code>. You can have
523
+ * </b> - This is an optional field that is only used for data events and network activity events. You can use any operator with
524
+ * <code>eventName</code>. You can use it to filter in or filter out specific events. You can have
497
525
  * multiple values for this field, separated by commas.</p>
498
526
  * </li>
499
527
  * <li>
500
528
  * <p>
501
529
  * <b>
502
530
  * <code>eventCategory</code>
503
- * </b> - This is required and
531
+ * </b> - This field is required and
504
532
  * must be set to <code>Equals</code>.
505
533
  * </p>
506
534
  * <ul>
@@ -516,6 +544,12 @@ export interface AdvancedFieldSelector {
516
544
  * must be <code>Data</code>.
517
545
  * </p>
518
546
  * </li>
547
+ * <li>
548
+ * <p>
549
+ * For CloudTrail network activity events, the value
550
+ * must be <code>NetworkActivity</code>.
551
+ * </p>
552
+ * </li>
519
553
  * </ul>
520
554
  * <p>The following are used only for event data stores:</p>
521
555
  * <ul>
@@ -546,40 +580,43 @@ export interface AdvancedFieldSelector {
546
580
  * <li>
547
581
  * <p>
548
582
  * <b>
583
+ * <code>errorCode</code>
584
+ * </b> - This field is only used to filter CloudTrail network activity events
585
+ * and is optional. This is the error code to filter on. Currently, the only valid <code>errorCode</code> is <code>VpceAccessDenied</code>.
586
+ * <code>errorCode</code> can only use the <code>Equals</code> operator.</p>
587
+ * </li>
588
+ * <li>
589
+ * <p>
590
+ * <b>
549
591
  * <code>resources.type</code>
550
592
  * </b> - This field is
551
- * required for CloudTrail data events. <code>resources.type</code> can only
552
- * use the <code>Equals</code> operator, and the value can be one of the
553
- * following:</p>
593
+ * required for CloudTrail data events. <code>resources.type</code> can only
594
+ * use the <code>Equals</code> operator.</p>
595
+ * <p>The value can be one of the following:</p>
554
596
  * <ul>
555
597
  * <li>
556
598
  * <p>
557
- * <code>AWS::DynamoDB::Table</code>
558
- * </p>
559
- * </li>
560
- * <li>
561
- * <p>
562
- * <code>AWS::Lambda::Function</code>
599
+ * <code>AWS::AppConfig::Configuration</code>
563
600
  * </p>
564
601
  * </li>
565
602
  * <li>
566
603
  * <p>
567
- * <code>AWS::S3::Object</code>
604
+ * <code>AWS::B2BI::Transformer</code>
568
605
  * </p>
569
606
  * </li>
570
607
  * <li>
571
608
  * <p>
572
- * <code>AWS::AppConfig::Configuration</code>
609
+ * <code>AWS::Bedrock::AgentAlias</code>
573
610
  * </p>
574
611
  * </li>
575
612
  * <li>
576
613
  * <p>
577
- * <code>AWS::B2BI::Transformer</code>
614
+ * <code>AWS::Bedrock::FlowAlias</code>
578
615
  * </p>
579
616
  * </li>
580
617
  * <li>
581
618
  * <p>
582
- * <code>AWS::Bedrock::AgentAlias</code>
619
+ * <code>AWS::Bedrock::Guardrail</code>
583
620
  * </p>
584
621
  * </li>
585
622
  * <li>
@@ -604,6 +641,11 @@ export interface AdvancedFieldSelector {
604
641
  * </li>
605
642
  * <li>
606
643
  * <p>
644
+ * <code>AWS::CloudWatch::Metric</code>
645
+ * </p>
646
+ * </li>
647
+ * <li>
648
+ * <p>
607
649
  * <code>AWS::CodeWhisperer::Customization</code>
608
650
  * </p>
609
651
  * </li>
@@ -624,6 +666,11 @@ export interface AdvancedFieldSelector {
624
666
  * </li>
625
667
  * <li>
626
668
  * <p>
669
+ * <code>AWS::DynamoDB::Table</code>
670
+ * </p>
671
+ * </li>
672
+ * <li>
673
+ * <p>
627
674
  * <code>AWS::EC2::Snapshot</code>
628
675
  * </p>
629
676
  * </li>
@@ -694,800 +741,260 @@ export interface AdvancedFieldSelector {
694
741
  * </li>
695
742
  * <li>
696
743
  * <p>
697
- * <code>AWS::KinesisVideo::Stream</code>
698
- * </p>
699
- * </li>
700
- * <li>
701
- * <p>
702
- * <code>AWS::ManagedBlockchain::Network</code>
703
- * </p>
704
- * </li>
705
- * <li>
706
- * <p>
707
- * <code>AWS::ManagedBlockchain::Node</code>
708
- * </p>
709
- * </li>
710
- * <li>
711
- * <p>
712
- * <code>AWS::MedicalImaging::Datastore</code>
713
- * </p>
714
- * </li>
715
- * <li>
716
- * <p>
717
- * <code>AWS::NeptuneGraph::Graph</code>
718
- * </p>
719
- * </li>
720
- * <li>
721
- * <p>
722
- * <code>AWS::PCAConnectorAD::Connector</code>
723
- * </p>
724
- * </li>
725
- * <li>
726
- * <p>
727
- * <code>AWS::QApps:QApp</code>
728
- * </p>
729
- * </li>
730
- * <li>
731
- * <p>
732
- * <code>AWS::QBusiness::Application</code>
733
- * </p>
734
- * </li>
735
- * <li>
736
- * <p>
737
- * <code>AWS::QBusiness::DataSource</code>
738
- * </p>
739
- * </li>
740
- * <li>
741
- * <p>
742
- * <code>AWS::QBusiness::Index</code>
743
- * </p>
744
- * </li>
745
- * <li>
746
- * <p>
747
- * <code>AWS::QBusiness::WebExperience</code>
748
- * </p>
749
- * </li>
750
- * <li>
751
- * <p>
752
- * <code>AWS::RDS::DBCluster</code>
753
- * </p>
754
- * </li>
755
- * <li>
756
- * <p>
757
- * <code>AWS::S3::AccessPoint</code>
758
- * </p>
759
- * </li>
760
- * <li>
761
- * <p>
762
- * <code>AWS::S3ObjectLambda::AccessPoint</code>
763
- * </p>
764
- * </li>
765
- * <li>
766
- * <p>
767
- * <code>AWS::S3Outposts::Object</code>
768
- * </p>
769
- * </li>
770
- * <li>
771
- * <p>
772
- * <code>AWS::SageMaker::Endpoint</code>
773
- * </p>
774
- * </li>
775
- * <li>
776
- * <p>
777
- * <code>AWS::SageMaker::ExperimentTrialComponent</code>
778
- * </p>
779
- * </li>
780
- * <li>
781
- * <p>
782
- * <code>AWS::SageMaker::FeatureGroup</code>
783
- * </p>
784
- * </li>
785
- * <li>
786
- * <p>
787
- * <code>AWS::ServiceDiscovery::Namespace </code>
788
- * </p>
789
- * </li>
790
- * <li>
791
- * <p>
792
- * <code>AWS::ServiceDiscovery::Service</code>
793
- * </p>
794
- * </li>
795
- * <li>
796
- * <p>
797
- * <code>AWS::SCN::Instance</code>
798
- * </p>
799
- * </li>
800
- * <li>
801
- * <p>
802
- * <code>AWS::SNS::PlatformEndpoint</code>
803
- * </p>
804
- * </li>
805
- * <li>
806
- * <p>
807
- * <code>AWS::SNS::Topic</code>
808
- * </p>
809
- * </li>
810
- * <li>
811
- * <p>
812
- * <code>AWS::SQS::Queue</code>
813
- * </p>
814
- * </li>
815
- * <li>
816
- * <p>
817
- * <code>AWS::SSM::ManagedNode</code>
818
- * </p>
819
- * </li>
820
- * <li>
821
- * <p>
822
- * <code>AWS::SSMMessages::ControlChannel</code>
823
- * </p>
824
- * </li>
825
- * <li>
826
- * <p>
827
- * <code>AWS::SWF::Domain</code>
828
- * </p>
829
- * </li>
830
- * <li>
831
- * <p>
832
- * <code>AWS::ThinClient::Device</code>
833
- * </p>
834
- * </li>
835
- * <li>
836
- * <p>
837
- * <code>AWS::ThinClient::Environment</code>
838
- * </p>
839
- * </li>
840
- * <li>
841
- * <p>
842
- * <code>AWS::Timestream::Database</code>
843
- * </p>
844
- * </li>
845
- * <li>
846
- * <p>
847
- * <code>AWS::Timestream::Table</code>
848
- * </p>
849
- * </li>
850
- * <li>
851
- * <p>
852
- * <code>AWS::VerifiedPermissions::PolicyStore</code>
853
- * </p>
854
- * </li>
855
- * <li>
856
- * <p>
857
- * <code>AWS::XRay::Trace</code>
858
- * </p>
859
- * </li>
860
- * </ul>
861
- * <p> You can have only one <code>resources.type</code> field per selector. To log data
862
- * events on more than one resource type, add another selector.</p>
863
- * </li>
864
- * <li>
865
- * <p>
866
- * <b>
867
- * <code>resources.ARN</code>
868
- * </b> - You can use any
869
- * operator with <code>resources.ARN</code>, but if you use <code>Equals</code> or
870
- * <code>NotEquals</code>, the value must exactly match the ARN of a valid resource
871
- * of the type you've specified in the template as the value of resources.type.</p>
872
- * <note>
873
- * <p>You can't use the <code>resources.ARN</code> field to filter resource types that do not have ARNs.</p>
874
- * </note>
875
- * <p>The <code>resources.ARN</code> field can be set one of the following.</p>
876
- * <p>If resources.type equals <code>AWS::S3::Object</code>, the ARN must be in
877
- * one of the following formats. To log all data events for all objects in a specific S3
878
- * bucket, use the <code>StartsWith</code> operator, and include only the bucket ARN as
879
- * the matching value.</p>
880
- * <p>The trailing slash is intentional; do not exclude it. Replace the text between
881
- * less than and greater than symbols (<>) with resource-specific information. </p>
882
- * <ul>
883
- * <li>
884
- * <p>
885
- * <code>arn:<partition>:s3:::<bucket_name>/</code>
886
- * </p>
887
- * </li>
888
- * <li>
889
- * <p>
890
- * <code>arn:<partition>:s3:::<bucket_name>/<object_path>/</code>
891
- * </p>
892
- * </li>
893
- * </ul>
894
- * <p>When resources.type equals <code>AWS::DynamoDB::Table</code>, and the operator is
895
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
896
- * following format:</p>
897
- * <ul>
898
- * <li>
899
- * <p>
900
- * <code>arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name></code>
901
- * </p>
902
- * </li>
903
- * </ul>
904
- * <p>When resources.type equals <code>AWS::Lambda::Function</code>, and the operator is
905
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
906
- * following format:</p>
907
- * <ul>
908
- * <li>
909
- * <p>
910
- * <code>arn:<partition>:lambda:<region>:<account_ID>:function:<function_name></code>
911
- * </p>
912
- * </li>
913
- * </ul>
914
- * <p>When resources.type equals <code>AWS::AppConfig::Configuration</code>, and the operator is
915
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
916
- * following format:</p>
917
- * <ul>
918
- * <li>
919
- * <p>
920
- * <code>arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID></code>
921
- * </p>
922
- * </li>
923
- * </ul>
924
- * <p>When resources.type equals <code>AWS::B2BI::Transformer</code>, and the operator is
925
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
926
- * following format:</p>
927
- * <ul>
928
- * <li>
929
- * <p>
930
- * <code>arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID></code>
931
- * </p>
932
- * </li>
933
- * </ul>
934
- * <p>When resources.type equals <code>AWS::Bedrock::AgentAlias</code>, and the operator is
935
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
936
- * following format:</p>
937
- * <ul>
938
- * <li>
939
- * <p>
940
- * <code>arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID></code>
941
- * </p>
942
- * </li>
943
- * </ul>
944
- * <p>When resources.type equals <code>AWS::Bedrock::KnowledgeBase</code>, and the operator is
945
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
946
- * following format:</p>
947
- * <ul>
948
- * <li>
949
- * <p>
950
- * <code>arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID></code>
951
- * </p>
952
- * </li>
953
- * </ul>
954
- * <p>When resources.type equals <code>AWS::Cassandra::Table</code>, and the operator is
955
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
956
- * following format:</p>
957
- * <ul>
958
- * <li>
959
- * <p>
960
- * <code>arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name></code>
961
- * </p>
962
- * </li>
963
- * </ul>
964
- * <p>When resources.type equals <code>AWS::CloudFront::KeyValueStore</code>, and the operator is
965
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
966
- * following format:</p>
967
- * <ul>
968
- * <li>
969
- * <p>
970
- * <code>arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name></code>
971
- * </p>
972
- * </li>
973
- * </ul>
974
- * <p>When resources.type equals <code>AWS::CloudTrail::Channel</code>, and the operator is
975
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
976
- * following format:</p>
977
- * <ul>
978
- * <li>
979
- * <p>
980
- * <code>arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID></code>
981
- * </p>
982
- * </li>
983
- * </ul>
984
- * <p>When resources.type equals <code>AWS::CodeWhisperer::Customization</code>, and the operator is
985
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
986
- * following format:</p>
987
- * <ul>
988
- * <li>
989
- * <p>
990
- * <code>arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID></code>
991
- * </p>
992
- * </li>
993
- * </ul>
994
- * <p>When resources.type equals <code>AWS::CodeWhisperer::Profile</code>, and the operator is
995
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
996
- * following format:</p>
997
- * <ul>
998
- * <li>
999
- * <p>
1000
- * <code>arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID></code>
1001
- * </p>
1002
- * </li>
1003
- * </ul>
1004
- * <p>When resources.type equals <code>AWS::Cognito::IdentityPool</code>, and the operator is
1005
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
1006
- * following format:</p>
1007
- * <ul>
1008
- * <li>
1009
- * <p>
1010
- * <code>arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID></code>
1011
- * </p>
1012
- * </li>
1013
- * </ul>
1014
- * <p>When <code>resources.type</code> equals <code>AWS::DynamoDB::Stream</code>, and
1015
- * the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be
1016
- * in the following format:</p>
1017
- * <ul>
1018
- * <li>
1019
- * <p>
1020
- * <code>arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time></code>
1021
- * </p>
1022
- * </li>
1023
- * </ul>
1024
- * <p>When <code>resources.type</code> equals <code>AWS::EC2::Snapshot</code>, and the
1025
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1026
- * the following format:</p>
1027
- * <ul>
1028
- * <li>
1029
- * <p>
1030
- * <code>arn:<partition>:ec2:<region>::snapshot/<snapshot_ID></code>
744
+ * <code>AWS::Kinesis::Stream</code>
1031
745
  * </p>
1032
746
  * </li>
1033
- * </ul>
1034
- * <p>When <code>resources.type</code> equals <code>AWS::EMRWAL::Workspace</code>, and the
1035
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1036
- * the following format:</p>
1037
- * <ul>
1038
747
  * <li>
1039
748
  * <p>
1040
- * <code>arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name></code>
749
+ * <code>AWS::Kinesis::StreamConsumer</code>
1041
750
  * </p>
1042
751
  * </li>
1043
- * </ul>
1044
- * <p>When <code>resources.type</code> equals <code>AWS::FinSpace::Environment</code>,
1045
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1046
- * must be in the following format:</p>
1047
- * <ul>
1048
752
  * <li>
1049
753
  * <p>
1050
- * <code>arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID></code>
754
+ * <code>AWS::KinesisVideo::Stream</code>
1051
755
  * </p>
1052
756
  * </li>
1053
- * </ul>
1054
- * <p>When <code>resources.type</code> equals <code>AWS::Glue::Table</code>, and the
1055
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1056
- * the following format:</p>
1057
- * <ul>
1058
757
  * <li>
1059
758
  * <p>
1060
- * <code>arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name></code>
759
+ * <code>AWS::Lambda::Function</code>
1061
760
  * </p>
1062
761
  * </li>
1063
- * </ul>
1064
- * <p>When <code>resources.type</code> equals <code>AWS::GreengrassV2::ComponentVersion</code>, and the
1065
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1066
- * the following format:</p>
1067
- * <ul>
1068
762
  * <li>
1069
763
  * <p>
1070
- * <code>arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name></code>
764
+ * <code>AWS::MachineLearning::MlModel</code>
1071
765
  * </p>
1072
766
  * </li>
1073
- * </ul>
1074
- * <p>When <code>resources.type</code> equals <code>AWS::GreengrassV2::Deployment</code>, and the
1075
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1076
- * the following format:</p>
1077
- * <ul>
1078
767
  * <li>
1079
768
  * <p>
1080
- * <code>arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID</code>
769
+ * <code>AWS::ManagedBlockchain::Network</code>
1081
770
  * </p>
1082
771
  * </li>
1083
- * </ul>
1084
- * <p>When <code>resources.type</code> equals <code>AWS::GuardDuty::Detector</code>, and the
1085
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1086
- * the following format:</p>
1087
- * <ul>
1088
772
  * <li>
1089
773
  * <p>
1090
- * <code>arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID></code>
774
+ * <code>AWS::ManagedBlockchain::Node</code>
1091
775
  * </p>
1092
776
  * </li>
1093
- * </ul>
1094
- * <p>When <code>resources.type</code> equals <code>AWS::IoT::Certificate</code>,
1095
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1096
- * must be in the following format:</p>
1097
- * <ul>
1098
777
  * <li>
1099
778
  * <p>
1100
- * <code>arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID></code>
779
+ * <code>AWS::MedicalImaging::Datastore</code>
1101
780
  * </p>
1102
781
  * </li>
1103
- * </ul>
1104
- * <p>When <code>resources.type</code> equals <code>AWS::IoT::Thing</code>,
1105
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1106
- * must be in the following format:</p>
1107
- * <ul>
1108
782
  * <li>
1109
783
  * <p>
1110
- * <code>arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID></code>
784
+ * <code>AWS::NeptuneGraph::Graph</code>
1111
785
  * </p>
1112
786
  * </li>
1113
- * </ul>
1114
- * <p>When <code>resources.type</code> equals <code>AWS::IoTSiteWise::Asset</code>,
1115
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1116
- * must be in the following format:</p>
1117
- * <ul>
1118
787
  * <li>
1119
788
  * <p>
1120
- * <code>arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID></code>
789
+ * <code>AWS::One::UKey</code>
1121
790
  * </p>
1122
791
  * </li>
1123
- * </ul>
1124
- * <p>When <code>resources.type</code> equals <code>AWS::IoTSiteWise::TimeSeries</code>,
1125
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1126
- * must be in the following format:</p>
1127
- * <ul>
1128
792
  * <li>
1129
793
  * <p>
1130
- * <code>arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID></code>
794
+ * <code>AWS::One::User</code>
1131
795
  * </p>
1132
796
  * </li>
1133
- * </ul>
1134
- * <p>When <code>resources.type</code> equals <code>AWS::IoTTwinMaker::Entity</code>,
1135
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1136
- * must be in the following format:</p>
1137
- * <ul>
1138
797
  * <li>
1139
798
  * <p>
1140
- * <code>arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID></code>
799
+ * <code>AWS::PaymentCryptography::Alias</code>
1141
800
  * </p>
1142
801
  * </li>
1143
- * </ul>
1144
- * <p>When <code>resources.type</code> equals <code>AWS::IoTTwinMaker::Workspace</code>,
1145
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1146
- * must be in the following format:</p>
1147
- * <ul>
1148
802
  * <li>
1149
803
  * <p>
1150
- * <code>arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID></code>
804
+ * <code>AWS::PaymentCryptography::Key</code>
1151
805
  * </p>
1152
806
  * </li>
1153
- * </ul>
1154
- * <p>When <code>resources.type</code> equals <code>AWS::KendraRanking::ExecutionPlan</code>, and the
1155
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1156
- * the following format:</p>
1157
- * <ul>
1158
807
  * <li>
1159
808
  * <p>
1160
- * <code>arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID></code>
1161
- * </p>
1162
- * </li>
1163
- * </ul>
1164
- * <p>When <code>resources.type</code> equals <code>AWS::KinesisVideo::Stream</code>, and the
1165
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1166
- * the following format:</p>
1167
- * <ul>
1168
- * <li>
1169
- * <p>
1170
- * <code>arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time></code>
809
+ * <code>AWS::PCAConnectorAD::Connector</code>
1171
810
  * </p>
1172
811
  * </li>
1173
- * </ul>
1174
- * <p>When <code>resources.type</code> equals <code>AWS::ManagedBlockchain::Network</code>,
1175
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1176
- * must be in the following format:</p>
1177
- * <ul>
1178
812
  * <li>
1179
813
  * <p>
1180
- * <code>arn:<partition>:managedblockchain:::networks/<network_name></code>
814
+ * <code>AWS::PCAConnectorSCEP::Connector</code>
1181
815
  * </p>
1182
816
  * </li>
1183
- * </ul>
1184
- * <p>When <code>resources.type</code> equals <code>AWS::ManagedBlockchain::Node</code>,
1185
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1186
- * must be in the following format:</p>
1187
- * <ul>
1188
817
  * <li>
1189
818
  * <p>
1190
- * <code>arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID></code>
819
+ * <code>AWS::QApps:QApp</code>
1191
820
  * </p>
1192
821
  * </li>
1193
- * </ul>
1194
- * <p>When <code>resources.type</code> equals <code>AWS::MedicalImaging::Datastore</code>,
1195
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1196
- * must be in the following format:</p>
1197
- * <ul>
1198
822
  * <li>
1199
823
  * <p>
1200
- * <code>arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID></code>
824
+ * <code>AWS::QBusiness::Application</code>
1201
825
  * </p>
1202
826
  * </li>
1203
- * </ul>
1204
- * <p>When <code>resources.type</code> equals <code>AWS::NeptuneGraph::Graph</code>,
1205
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1206
- * must be in the following format:</p>
1207
- * <ul>
1208
827
  * <li>
1209
828
  * <p>
1210
- * <code>arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID></code>
829
+ * <code>AWS::QBusiness::DataSource</code>
1211
830
  * </p>
1212
831
  * </li>
1213
- * </ul>
1214
- * <p>When <code>resources.type</code> equals <code>AWS::PCAConnectorAD::Connector</code>,
1215
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1216
- * must be in the following format:</p>
1217
- * <ul>
1218
832
  * <li>
1219
833
  * <p>
1220
- * <code>arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID></code>
834
+ * <code>AWS::QBusiness::Index</code>
1221
835
  * </p>
1222
836
  * </li>
1223
- * </ul>
1224
- * <p>When <code>resources.type</code> equals <code>AWS::QApps:QApp</code>,
1225
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1226
- * must be in the following format:</p>
1227
- * <ul>
1228
837
  * <li>
1229
838
  * <p>
1230
- * <code>arn:<partition>:qapps:<region>:<account_ID>:application/<application_UUID>/qapp/<qapp_UUID></code>
839
+ * <code>AWS::QBusiness::WebExperience</code>
1231
840
  * </p>
1232
841
  * </li>
1233
- * </ul>
1234
- * <p>When <code>resources.type</code> equals <code>AWS::QBusiness::Application</code>,
1235
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1236
- * must be in the following format:</p>
1237
- * <ul>
1238
842
  * <li>
1239
843
  * <p>
1240
- * <code>arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID></code>
844
+ * <code>AWS::RDS::DBCluster</code>
1241
845
  * </p>
1242
846
  * </li>
1243
- * </ul>
1244
- * <p>When <code>resources.type</code> equals <code>AWS::QBusiness::DataSource</code>,
1245
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1246
- * must be in the following format:</p>
1247
- * <ul>
1248
847
  * <li>
1249
848
  * <p>
1250
- * <code>arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID></code>
849
+ * <code>AWS::RUM::AppMonitor</code>
1251
850
  * </p>
1252
851
  * </li>
1253
- * </ul>
1254
- * <p>When <code>resources.type</code> equals <code>AWS::QBusiness::Index</code>,
1255
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1256
- * must be in the following format:</p>
1257
- * <ul>
1258
852
  * <li>
1259
853
  * <p>
1260
- * <code>arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID></code>
1261
- * </p>
1262
- * </li>
1263
- * </ul>
1264
- * <p>When <code>resources.type</code> equals <code>AWS::QBusiness::WebExperience</code>,
1265
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1266
- * must be in the following format:</p>
1267
- * <ul>
1268
- * <li>
1269
- * <p>
1270
- * <code>arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID></code>
854
+ * <code>AWS::S3::AccessPoint</code>
1271
855
  * </p>
1272
856
  * </li>
1273
- * </ul>
1274
- * <p>When <code>resources.type</code> equals <code>AWS::RDS::DBCluster</code>,
1275
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1276
- * must be in the following format:</p>
1277
- * <ul>
1278
857
  * <li>
1279
858
  * <p>
1280
- * <code>arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name></code>
859
+ * <code>AWS::S3::Object</code>
1281
860
  * </p>
1282
861
  * </li>
1283
- * </ul>
1284
- * <p>When <code>resources.type</code> equals <code>AWS::S3::AccessPoint</code>, and the
1285
- * operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in
1286
- * one of the following formats. To log events on all objects in an S3 access point, we
1287
- * recommend that you use only the access point ARN, don’t include the object path, and
1288
- * use the <code>StartsWith</code> or <code>NotStartsWith</code> operators.</p>
1289
- * <ul>
1290
862
  * <li>
1291
863
  * <p>
1292
- * <code>arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name></code>
864
+ * <code>AWS::S3Express::Object</code>
1293
865
  * </p>
1294
866
  * </li>
1295
867
  * <li>
1296
868
  * <p>
1297
- * <code>arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path></code>
869
+ * <code>AWS::S3ObjectLambda::AccessPoint</code>
1298
870
  * </p>
1299
871
  * </li>
1300
- * </ul>
1301
- * <p>When <code>resources.type</code> equals
1302
- * <code>AWS::S3ObjectLambda::AccessPoint</code>, and the operator is set to
1303
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following
1304
- * format:</p>
1305
- * <ul>
1306
872
  * <li>
1307
873
  * <p>
1308
- * <code>arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name></code>
874
+ * <code>AWS::S3Outposts::Object</code>
1309
875
  * </p>
1310
876
  * </li>
1311
- * </ul>
1312
- * <p>When <code>resources.type</code> equals <code>AWS::S3Outposts::Object</code>, and
1313
- * the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be
1314
- * in the following format:</p>
1315
- * <ul>
1316
877
  * <li>
1317
878
  * <p>
1318
- * <code>arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path></code>
879
+ * <code>AWS::SageMaker::Endpoint</code>
1319
880
  * </p>
1320
881
  * </li>
1321
- * </ul>
1322
- * <p>When <code>resources.type</code> equals <code>AWS::SageMaker::Endpoint</code>, and the operator is set to
1323
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p>
1324
- * <ul>
1325
882
  * <li>
1326
883
  * <p>
1327
- * <code>arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name></code>
884
+ * <code>AWS::SageMaker::ExperimentTrialComponent</code>
1328
885
  * </p>
1329
886
  * </li>
1330
- * </ul>
1331
- * <p>When <code>resources.type</code> equals <code>AWS::SageMaker::ExperimentTrialComponent</code>, and the operator is set to
1332
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p>
1333
- * <ul>
1334
887
  * <li>
1335
888
  * <p>
1336
- * <code>arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name></code>
889
+ * <code>AWS::SageMaker::FeatureGroup</code>
1337
890
  * </p>
1338
891
  * </li>
1339
- * </ul>
1340
- * <p>When <code>resources.type</code> equals <code>AWS::SageMaker::FeatureGroup</code>, and the operator is set to
1341
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p>
1342
- * <ul>
1343
892
  * <li>
1344
893
  * <p>
1345
- * <code>arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name></code>
894
+ * <code>AWS::ServiceDiscovery::Namespace </code>
1346
895
  * </p>
1347
896
  * </li>
1348
- * </ul>
1349
- * <p>When <code>resources.type</code> equals <code>AWS::SCN::Instance</code>, and the operator is set to
1350
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p>
1351
- * <ul>
1352
897
  * <li>
1353
898
  * <p>
1354
- * <code>arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID></code>
899
+ * <code>AWS::ServiceDiscovery::Service</code>
1355
900
  * </p>
1356
901
  * </li>
1357
- * </ul>
1358
- * <p>When <code>resources.type</code> equals <code>AWS::ServiceDiscovery::Namespace</code>, and the operator is set to
1359
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p>
1360
- * <ul>
1361
902
  * <li>
1362
903
  * <p>
1363
- * <code>arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID></code>
904
+ * <code>AWS::SCN::Instance</code>
1364
905
  * </p>
1365
906
  * </li>
1366
- * </ul>
1367
- * <p>When <code>resources.type</code> equals <code>AWS::ServiceDiscovery::Service</code>, and the operator is set to
1368
- * <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p>
1369
- * <ul>
1370
907
  * <li>
1371
908
  * <p>
1372
- * <code>arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID></code>
909
+ * <code>AWS::SNS::PlatformEndpoint</code>
1373
910
  * </p>
1374
911
  * </li>
1375
- * </ul>
1376
- * <p>When <code>resources.type</code> equals <code>AWS::SNS::PlatformEndpoint</code>,
1377
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1378
- * must be in the following format:</p>
1379
- * <ul>
1380
912
  * <li>
1381
913
  * <p>
1382
- * <code>arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID></code>
914
+ * <code>AWS::SNS::Topic</code>
1383
915
  * </p>
1384
916
  * </li>
1385
- * </ul>
1386
- * <p>When <code>resources.type</code> equals <code>AWS::SNS::Topic</code>,
1387
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1388
- * must be in the following format:</p>
1389
- * <ul>
1390
917
  * <li>
1391
918
  * <p>
1392
- * <code>arn:<partition>:sns:<region>:<account_ID>:<topic_name></code>
919
+ * <code>AWS::SQS::Queue</code>
1393
920
  * </p>
1394
921
  * </li>
1395
- * </ul>
1396
- * <p>When <code>resources.type</code> equals <code>AWS::SQS::Queue</code>,
1397
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1398
- * must be in the following format:</p>
1399
- * <ul>
1400
922
  * <li>
1401
923
  * <p>
1402
- * <code>arn:<partition>:sqs:<region>:<account_ID>:<queue_name></code>
924
+ * <code>AWS::SSM::ManagedNode</code>
1403
925
  * </p>
1404
926
  * </li>
1405
- * </ul>
1406
- * <p>When <code>resources.type</code> equals <code>AWS::SSM::ManagedNode</code>, and
1407
- * the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be
1408
- * in one of the following formats:</p>
1409
- * <ul>
1410
927
  * <li>
1411
928
  * <p>
1412
- * <code>arn:<partition>:ssm:<region>:<account_ID>:managed-instance/<instance_ID></code>
929
+ * <code>AWS::SSMMessages::ControlChannel</code>
1413
930
  * </p>
1414
931
  * </li>
1415
932
  * <li>
1416
933
  * <p>
1417
- * <code>arn:<partition>:ec2:<region>:<account_ID>:instance/<instance_ID></code>
934
+ * <code>AWS::StepFunctions::StateMachine</code>
1418
935
  * </p>
1419
936
  * </li>
1420
- * </ul>
1421
- * <p>When <code>resources.type</code> equals <code>AWS::SSMMessages::ControlChannel</code>, and
1422
- * the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be
1423
- * in the following format:</p>
1424
- * <ul>
1425
937
  * <li>
1426
938
  * <p>
1427
- * <code>arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID></code>
939
+ * <code>AWS::SWF::Domain</code>
1428
940
  * </p>
1429
941
  * </li>
1430
- * </ul>
1431
- * <p>When <code>resources.type</code> equals <code>AWS::SWF::Domain</code>,
1432
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1433
- * must be in the following format:</p>
1434
- * <ul>
1435
942
  * <li>
1436
943
  * <p>
1437
- * <code>arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name></code>
944
+ * <code>AWS::ThinClient::Device</code>
1438
945
  * </p>
1439
946
  * </li>
1440
- * </ul>
1441
- * <p>When <code>resources.type</code> equals <code>AWS::ThinClient::Device</code>, and
1442
- * the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be
1443
- * in the following format:</p>
1444
- * <ul>
1445
947
  * <li>
1446
948
  * <p>
1447
- * <code>arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID></code>
949
+ * <code>AWS::ThinClient::Environment</code>
1448
950
  * </p>
1449
951
  * </li>
1450
- * </ul>
1451
- * <p>When <code>resources.type</code> equals <code>AWS::ThinClient::Environment</code>, and
1452
- * the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be
1453
- * in the following format:</p>
1454
- * <ul>
1455
952
  * <li>
1456
953
  * <p>
1457
- * <code>arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID></code>
954
+ * <code>AWS::Timestream::Database</code>
1458
955
  * </p>
1459
956
  * </li>
1460
- * </ul>
1461
- * <p>When <code>resources.type</code> equals <code>AWS::Timestream::Database</code>,
1462
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1463
- * must be in the following format:</p>
1464
- * <ul>
1465
957
  * <li>
1466
958
  * <p>
1467
- * <code>arn:<partition>:timestream:<region>:<account_ID>:database/<database_name></code>
959
+ * <code>AWS::Timestream::Table</code>
1468
960
  * </p>
1469
961
  * </li>
1470
- * </ul>
1471
- * <p>When <code>resources.type</code> equals <code>AWS::Timestream::Table</code>,
1472
- * and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN
1473
- * must be in the following format:</p>
1474
- * <ul>
1475
962
  * <li>
1476
963
  * <p>
1477
- * <code>arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name></code>
964
+ * <code>AWS::VerifiedPermissions::PolicyStore</code>
1478
965
  * </p>
1479
966
  * </li>
1480
- * </ul>
1481
- * <p>When resources.type equals <code>AWS::VerifiedPermissions::PolicyStore</code>, and the operator is
1482
- * set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the
1483
- * following format:</p>
1484
- * <ul>
1485
967
  * <li>
1486
968
  * <p>
1487
- * <code>arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID></code>
969
+ * <code>AWS::XRay::Trace</code>
1488
970
  * </p>
1489
971
  * </li>
1490
972
  * </ul>
973
+ * <p> You can have only one <code>resources.type</code> field per selector. To log events on more than one resource type, add another selector.</p>
974
+ * </li>
975
+ * <li>
976
+ * <p>
977
+ * <b>
978
+ * <code>resources.ARN</code>
979
+ * </b> - The <code>resources.ARN</code> is an optional field for
980
+ * data events. You can use any
981
+ * operator with <code>resources.ARN</code>, but if you use <code>Equals</code> or
982
+ * <code>NotEquals</code>, the value must exactly match the ARN of a valid resource
983
+ * of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket,
984
+ * use the <code>StartsWith</code> operator, and include only the bucket ARN as the matching value.</p>
985
+ * <p>For information about filtering data events on the <code>resources.ARN</code> field, see
986
+ * <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn">Filtering data
987
+ * events by resources.ARN</a> in the <i>CloudTrail User Guide</i>.</p>
988
+ * <note>
989
+ * <p>You can't use the <code>resources.ARN</code> field to filter resource types that do not have ARNs.</p>
990
+ * </note>
991
+ * </li>
992
+ * <li>
993
+ * <p>
994
+ * <b>
995
+ * <code>vpcEndpointId</code>
996
+ * </b> - This field is only used to filter CloudTrail network activity events
997
+ * and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with <code>vpcEndpointId</code>.</p>
1491
998
  * </li>
1492
999
  * </ul>
1493
1000
  * @public
@@ -1533,10 +1040,9 @@ export interface AdvancedFieldSelector {
1533
1040
  NotEndsWith?: string[];
1534
1041
  }
1535
1042
  /**
1536
- * <p>Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those
1537
- * events that are important to you. For more information about advanced event selectors, see
1538
- * <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html">Logging management events</a> and
1539
- * <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html">Logging data events</a> in the <i>CloudTrail User Guide</i>.</p>
1043
+ * <p>Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those
1044
+ * events that are important to you. For more information about configuring advanced event selectors, see
1045
+ * the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html">Logging data events</a>, <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html">Logging network activity events</a>, and <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html">Logging management events</a> topics in the <i>CloudTrail User Guide</i>.</p>
1540
1046
  * <p>You cannot apply both event selectors and advanced event selectors to a trail.</p>
1541
1047
  * <p>
1542
1048
  * <b>Supported CloudTrail event record fields for management events</b>
@@ -1585,6 +1091,36 @@ export interface AdvancedFieldSelector {
1585
1091
  * </p>
1586
1092
  * </li>
1587
1093
  * </ul>
1094
+ * <p>
1095
+ * <b>Supported CloudTrail event record fields for network activity events</b>
1096
+ * </p>
1097
+ * <note>
1098
+ * <p>Network activity events is in preview release for CloudTrail and is subject to change.</p>
1099
+ * </note>
1100
+ * <ul>
1101
+ * <li>
1102
+ * <p>
1103
+ * <code>eventCategory</code> (required)</p>
1104
+ * </li>
1105
+ * <li>
1106
+ * <p>
1107
+ * <code>eventSource</code> (required)</p>
1108
+ * </li>
1109
+ * <li>
1110
+ * <p>
1111
+ * <code>eventName</code>
1112
+ * </p>
1113
+ * </li>
1114
+ * <li>
1115
+ * <p>
1116
+ * <code>errorCode</code> - The only valid value for <code>errorCode</code> is <code>VpceAccessDenied</code>.</p>
1117
+ * </li>
1118
+ * <li>
1119
+ * <p>
1120
+ * <code>vpcEndpointId</code>
1121
+ * </p>
1122
+ * </li>
1123
+ * </ul>
1588
1124
  * <note>
1589
1125
  * <p>For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is
1590
1126
  * <code>eventCategory</code>. </p>
@@ -3794,11 +3330,7 @@ export interface GetEventSelectorsRequest {
3794
3330
  TrailName: string | undefined;
3795
3331
  }
3796
3332
  /**
3797
- * <p>Data events provide information about the resource operations performed on or within a resource
3798
- * itself. These are also known as data plane operations. You can specify up to 250 data
3799
- * resources for a trail.</p>
3800
- * <p>Configure the <code>DataResource</code> to specify the resource type and resource ARNs for which you want to log data events.</p>
3801
- * <p>You can specify the following resource types in your event selectors for your trail:</p>
3333
+ * <p>You can configure the <code>DataResource</code> in an <code>EventSelector</code> to log data events for the following three resource types:</p>
3802
3334
  * <ul>
3803
3335
  * <li>
3804
3336
  * <p>
@@ -3816,19 +3348,21 @@ export interface GetEventSelectorsRequest {
3816
3348
  * </p>
3817
3349
  * </li>
3818
3350
  * </ul>
3351
+ * <p>To log data events for all other resource types including objects stored in
3352
+ * <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html">directory buckets</a>, you must use <a href="https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html">AdvancedEventSelectors</a>. You must also
3353
+ * use <code>AdvancedEventSelectors</code> if you want to filter on the <code>eventName</code> field.</p>
3354
+ * <p>Configure the <code>DataResource</code> to specify the resource type and resource ARNs for which you want to log data events.</p>
3819
3355
  * <note>
3820
3356
  * <p>The total number of allowed data resources is 250. This number can be distributed
3821
3357
  * between 1 and 5 event selectors, but the total cannot exceed 250 across all
3822
3358
  * selectors for the trail.</p>
3823
- * <p>If you are using advanced event selectors, the maximum total number of values for
3824
- * all conditions, across all advanced event selectors for the trail, is 500.</p>
3825
3359
  * </note>
3826
3360
  * <p>The following example demonstrates how logging works when you configure logging of all
3827
- * data events for an S3 bucket named <code>bucket-1</code>. In this example, the CloudTrail user specified an empty prefix, and the option to log both <code>Read</code>
3361
+ * data events for a general purpose bucket named <code>amzn-s3-demo-bucket1</code>. In this example, the CloudTrail user specified an empty prefix, and the option to log both <code>Read</code>
3828
3362
  * and <code>Write</code> data events.</p>
3829
3363
  * <ol>
3830
3364
  * <li>
3831
- * <p>A user uploads an image file to <code>bucket-1</code>.</p>
3365
+ * <p>A user uploads an image file to <code>amzn-s3-demo-bucket1</code>.</p>
3832
3366
  * </li>
3833
3367
  * <li>
3834
3368
  * <p>The <code>PutObject</code> API operation is an Amazon S3 object-level API.
@@ -3838,7 +3372,7 @@ export interface GetEventSelectorsRequest {
3838
3372
  * </li>
3839
3373
  * <li>
3840
3374
  * <p>A user uploads an object to an Amazon S3 bucket named
3841
- * <code>arn:aws:s3:::bucket-2</code>.</p>
3375
+ * <code>arn:aws:s3:::amzn-s3-demo-bucket1</code>.</p>
3842
3376
  * </li>
3843
3377
  * <li>
3844
3378
  * <p>The <code>PutObject</code> API operation occurred for an object in an S3 bucket
@@ -3914,12 +3448,12 @@ export interface DataResource {
3914
3448
  * </li>
3915
3449
  * <li>
3916
3450
  * <p>To log data events for all objects in an S3 bucket, specify the bucket and an
3917
- * empty object prefix such as <code>arn:aws:s3:::bucket-1/</code>. The trail logs data
3451
+ * empty object prefix such as <code>arn:aws:s3:::amzn-s3-demo-bucket1/</code>. The trail logs data
3918
3452
  * events for all objects in this S3 bucket.</p>
3919
3453
  * </li>
3920
3454
  * <li>
3921
3455
  * <p>To log data events for specific objects, specify the S3 bucket and object prefix
3922
- * such as <code>arn:aws:s3:::bucket-1/example-images</code>. The trail logs data events
3456
+ * such as <code>arn:aws:s3:::amzn-s3-demo-bucket1/example-images</code>. The trail logs data events
3923
3457
  * for objects in this S3 bucket that match the prefix.</p>
3924
3458
  * </li>
3925
3459
  * <li>
@@ -3997,13 +3531,18 @@ export interface EventSelector {
3997
3531
  */
3998
3532
  IncludeManagementEvents?: boolean;
3999
3533
  /**
4000
- * <p>CloudTrail supports data event logging for Amazon S3 objects, Lambda functions, and Amazon DynamoDB tables with basic event selectors.
3534
+ * <p>CloudTrail supports data event logging for Amazon S3 objects in standard S3 buckets, Lambda functions, and Amazon DynamoDB tables with basic event selectors.
4001
3535
  * You can specify up to 250 resources for an individual event selector, but the total number
4002
3536
  * of data resources cannot exceed 250 across all event selectors in a trail. This limit does
4003
3537
  * not apply if you configure resource logging for all data events.</p>
4004
3538
  * <p>For more information, see <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html">Data
4005
3539
  * Events</a> and <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html">Limits in CloudTrail</a> in the <i>CloudTrail User
4006
3540
  * Guide</i>.</p>
3541
+ * <note>
3542
+ * <p>To log data events for all other resource types including objects stored in
3543
+ * <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html">directory buckets</a>, you must use <a href="https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html">AdvancedEventSelectors</a>. You must also
3544
+ * use <code>AdvancedEventSelectors</code> if you want to filter on the <code>eventName</code> field.</p>
3545
+ * </note>
4007
3546
  * @public
4008
3547
  */
4009
3548
  DataResources?: DataResource[];
@@ -5644,7 +5183,26 @@ export interface PutEventSelectorsRequest {
5644
5183
  */
5645
5184
  TrailName: string | undefined;
5646
5185
  /**
5647
- * <p>Specifies the settings for your event selectors. You can configure up to five event
5186
+ * <p>Specifies the settings for your event selectors. You can use event selectors to log management events and data events for the following resource types:</p>
5187
+ * <ul>
5188
+ * <li>
5189
+ * <p>
5190
+ * <code>AWS::DynamoDB::Table</code>
5191
+ * </p>
5192
+ * </li>
5193
+ * <li>
5194
+ * <p>
5195
+ * <code>AWS::Lambda::Function</code>
5196
+ * </p>
5197
+ * </li>
5198
+ * <li>
5199
+ * <p>
5200
+ * <code>AWS::S3::Object</code>
5201
+ * </p>
5202
+ * </li>
5203
+ * </ul>
5204
+ * <p>You can't use event selectors to log network activity events.</p>
5205
+ * <p>You can configure up to five event
5648
5206
  * selectors for a trail. You can use either <code>EventSelectors</code> or
5649
5207
  * <code>AdvancedEventSelectors</code> in a <code>PutEventSelectors</code> request, but not
5650
5208
  * both. If you apply <code>EventSelectors</code> to a trail, any existing
@@ -5653,13 +5211,17 @@ export interface PutEventSelectorsRequest {
5653
5211
  */
5654
5212
  EventSelectors?: EventSelector[];
5655
5213
  /**
5656
- * <p> Specifies the settings for advanced event selectors. You can add advanced event
5214
+ * <p> Specifies the settings for advanced event selectors. You can use advanced event selectors to
5215
+ * log management events, data events for all resource types, and network activity events.</p>
5216
+ * <p>You can add advanced event
5657
5217
  * selectors, and conditions for your advanced event selectors, up to a maximum of 500 values
5658
5218
  * for all conditions and selectors on a trail. You can use either
5659
5219
  * <code>AdvancedEventSelectors</code> or <code>EventSelectors</code>, but not both. If you
5660
5220
  * apply <code>AdvancedEventSelectors</code> to a trail, any existing
5661
5221
  * <code>EventSelectors</code> are overwritten. For more information about advanced event
5662
- * selectors, see <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html">Logging data events</a> in the <i>CloudTrail User Guide</i>. </p>
5222
+ * selectors, see <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html">Logging data events</a> and
5223
+ * <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html">Logging network activity events</a>
5224
+ * in the <i>CloudTrail User Guide</i>. </p>
5663
5225
  * @public
5664
5226
  */
5665
5227
  AdvancedEventSelectors?: AdvancedEventSelector[];