aws-cdk-lib 2.100.0__py3-none-any.whl → 2.101.1__py3-none-any.whl

aws_cdk/aws_cloudfront/__init__.py

@@ -3600,6 +3600,19 @@ class CfnContinuousDeploymentPolicy(
                 staging_distribution_dns_names=["stagingDistributionDnsNames"],
         
                 # the properties below are optional
+                single_header_policy_config=cloudfront.CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty(
+                    header="header",
+                    value="value"
+                ),
+                single_weight_policy_config=cloudfront.CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty(
+                    weight=123,
+        
+                    # the properties below are optional
+                    session_stickiness_config=cloudfront.CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty(
+                        idle_ttl=123,
+                        maximum_ttl=123
+                    )
+                ),
                 traffic_config=cloudfront.CfnContinuousDeploymentPolicy.TrafficConfigProperty(
                     type="type",
         
@@ -3617,7 +3630,8 @@ class CfnContinuousDeploymentPolicy(
                             maximum_ttl=123
                         )
                     )
-                )
+                ),
+                type="type"
             )
         )
     '''
@@ -3721,7 +3735,10 @@ class CfnContinuousDeploymentPolicy(
         name_mapping={
             "enabled": "enabled",
             "staging_distribution_dns_names": "stagingDistributionDnsNames",
+            "single_header_policy_config": "singleHeaderPolicyConfig",
+            "single_weight_policy_config": "singleWeightPolicyConfig",
             "traffic_config": "trafficConfig",
+            "type": "type",
         },
     )
     class ContinuousDeploymentPolicyConfigProperty:
@@ -3730,13 +3747,19 @@ class CfnContinuousDeploymentPolicy(
             *,
             enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
             staging_distribution_dns_names: typing.Sequence[builtins.str],
+            single_header_policy_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            single_weight_policy_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             traffic_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnContinuousDeploymentPolicy.TrafficConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+            type: typing.Optional[builtins.str] = None,
         ) -> None:
             '''Contains the configuration for a continuous deployment policy.
 
             :param enabled: A Boolean that indicates whether this continuous deployment policy is enabled (in effect). When this value is ``true`` , this policy is enabled and in effect. When this value is ``false`` , this policy is not enabled and has no effect.
             :param staging_distribution_dns_names: The CloudFront domain name of the staging distribution. For example: ``d111111abcdef8.cloudfront.net`` .
+            :param single_header_policy_config: 
+            :param single_weight_policy_config: 
             :param traffic_config: Contains the parameters for routing production traffic from your primary to staging distributions.
+            :param type: 
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html
             :exampleMetadata: fixture=_generated
@@ -3752,6 +3775,19 @@ class CfnContinuousDeploymentPolicy(
                     staging_distribution_dns_names=["stagingDistributionDnsNames"],
                 
                     # the properties below are optional
+                    single_header_policy_config=cloudfront.CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty(
+                        header="header",
+                        value="value"
+                    ),
+                    single_weight_policy_config=cloudfront.CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty(
+                        weight=123,
+                
+                        # the properties below are optional
+                        session_stickiness_config=cloudfront.CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty(
+                            idle_ttl=123,
+                            maximum_ttl=123
+                        )
+                    ),
                     traffic_config=cloudfront.CfnContinuousDeploymentPolicy.TrafficConfigProperty(
                         type="type",
                 
@@ -3769,20 +3805,30 @@ class CfnContinuousDeploymentPolicy(
                                 maximum_ttl=123
                             )
                         )
-                    )
+                    ),
+                    type="type"
                 )
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__5bd1a74dffe3773a269b4a42a8f5fc37c7934b0931fd845b2923603086ea48cc)
                 check_type(argname="argument enabled", value=enabled, expected_type=type_hints["enabled"])
                 check_type(argname="argument staging_distribution_dns_names", value=staging_distribution_dns_names, expected_type=type_hints["staging_distribution_dns_names"])
+                check_type(argname="argument single_header_policy_config", value=single_header_policy_config, expected_type=type_hints["single_header_policy_config"])
+                check_type(argname="argument single_weight_policy_config", value=single_weight_policy_config, expected_type=type_hints["single_weight_policy_config"])
                 check_type(argname="argument traffic_config", value=traffic_config, expected_type=type_hints["traffic_config"])
+                check_type(argname="argument type", value=type, expected_type=type_hints["type"])
             self._values: typing.Dict[builtins.str, typing.Any] = {
                 "enabled": enabled,
                 "staging_distribution_dns_names": staging_distribution_dns_names,
             }
+            if single_header_policy_config is not None:
+                self._values["single_header_policy_config"] = single_header_policy_config
+            if single_weight_policy_config is not None:
+                self._values["single_weight_policy_config"] = single_weight_policy_config
             if traffic_config is not None:
                 self._values["traffic_config"] = traffic_config
+            if type is not None:
+                self._values["type"] = type
 
         @builtins.property
         def enabled(self) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
@@ -3808,6 +3854,26 @@ class CfnContinuousDeploymentPolicy(
             assert result is not None, "Required property 'staging_distribution_dns_names' is missing"
             return typing.cast(typing.List[builtins.str], result)
 
+        @builtins.property
+        def single_header_policy_config(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty"]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig-singleheaderpolicyconfig
+            '''
+            result = self._values.get("single_header_policy_config")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty"]], result)
+
+        @builtins.property
+        def single_weight_policy_config(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty"]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig-singleweightpolicyconfig
+            '''
+            result = self._values.get("single_weight_policy_config")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty"]], result)
+
         @builtins.property
         def traffic_config(
             self,
@@ -3819,6 +3885,14 @@ class CfnContinuousDeploymentPolicy(
             result = self._values.get("traffic_config")
             return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.TrafficConfigProperty"]], result)
 
+        @builtins.property
+        def type(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig-type
+            '''
+            result = self._values.get("type")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         def __eq__(self, rhs: typing.Any) -> builtins.bool:
             return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -3970,6 +4044,69 @@ class CfnContinuousDeploymentPolicy(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_cloudfront.CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty",
+        jsii_struct_bases=[],
+        name_mapping={"header": "header", "value": "value"},
+    )
+    class SingleHeaderPolicyConfigProperty:
+        def __init__(self, *, header: builtins.str, value: builtins.str) -> None:
+            '''
+            :param header: 
+            :param value: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleheaderpolicyconfig.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_cloudfront as cloudfront
+                
+                single_header_policy_config_property = cloudfront.CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty(
+                    header="header",
+                    value="value"
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__cdc8f6ee6354e61b27155f9e23e4aa75f2a7ba61db0aefaa8b33d79f7772fe16)
+                check_type(argname="argument header", value=header, expected_type=type_hints["header"])
+                check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "header": header,
+                "value": value,
+            }
+
+        @builtins.property
+        def header(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleheaderpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleheaderpolicyconfig-header
+            '''
+            result = self._values.get("header")
+            assert result is not None, "Required property 'header' is missing"
+            return typing.cast(builtins.str, result)
+
+        @builtins.property
+        def value(self) -> builtins.str:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleheaderpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleheaderpolicyconfig-value
+            '''
+            result = self._values.get("value")
+            assert result is not None, "Required property 'value' is missing"
+            return typing.cast(builtins.str, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "SingleHeaderPolicyConfigProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_cloudfront.CfnContinuousDeploymentPolicy.SingleWeightConfigProperty",
         jsii_struct_bases=[],
@@ -4053,6 +4190,84 @@ class CfnContinuousDeploymentPolicy(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_cloudfront.CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty",
+        jsii_struct_bases=[],
+        name_mapping={
+            "weight": "weight",
+            "session_stickiness_config": "sessionStickinessConfig",
+        },
+    )
+    class SingleWeightPolicyConfigProperty:
+        def __init__(
+            self,
+            *,
+            weight: jsii.Number,
+            session_stickiness_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
+        ) -> None:
+            '''
+            :param weight: 
+            :param session_stickiness_config: 
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleweightpolicyconfig.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_cloudfront as cloudfront
+                
+                single_weight_policy_config_property = cloudfront.CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty(
+                    weight=123,
+                
+                    # the properties below are optional
+                    session_stickiness_config=cloudfront.CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty(
+                        idle_ttl=123,
+                        maximum_ttl=123
+                    )
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__84e0588982dd4503df87db99f734b545b51a61216a04cbf8ae433c7e6041c065)
+                check_type(argname="argument weight", value=weight, expected_type=type_hints["weight"])
+                check_type(argname="argument session_stickiness_config", value=session_stickiness_config, expected_type=type_hints["session_stickiness_config"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "weight": weight,
+            }
+            if session_stickiness_config is not None:
+                self._values["session_stickiness_config"] = session_stickiness_config
+
+        @builtins.property
+        def weight(self) -> jsii.Number:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleweightpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleweightpolicyconfig-weight
+            '''
+            result = self._values.get("weight")
+            assert result is not None, "Required property 'weight' is missing"
+            return typing.cast(jsii.Number, result)
+
+        @builtins.property
+        def session_stickiness_config(
+            self,
+        ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty"]]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleweightpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleweightpolicyconfig-sessionstickinessconfig
+            '''
+            result = self._values.get("session_stickiness_config")
+            return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty"]], result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "SingleWeightPolicyConfigProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_cloudfront.CfnContinuousDeploymentPolicy.TrafficConfigProperty",
         jsii_struct_bases=[],
@@ -4193,6 +4408,19 @@ class CfnContinuousDeploymentPolicyProps:
                     staging_distribution_dns_names=["stagingDistributionDnsNames"],
             
                     # the properties below are optional
+                    single_header_policy_config=cloudfront.CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty(
+                        header="header",
+                        value="value"
+                    ),
+                    single_weight_policy_config=cloudfront.CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty(
+                        weight=123,
+            
+                        # the properties below are optional
+                        session_stickiness_config=cloudfront.CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty(
+                            idle_ttl=123,
+                            maximum_ttl=123
+                        )
+                    ),
                     traffic_config=cloudfront.CfnContinuousDeploymentPolicy.TrafficConfigProperty(
                         type="type",
             
@@ -4210,7 +4438,8 @@ class CfnContinuousDeploymentPolicyProps:
                                 maximum_ttl=123
                             )
                         )
-                    )
+                    ),
+                    type="type"
                 )
             )
         '''
@@ -22074,7 +22303,10 @@ def _typecheckingstub__5bd1a74dffe3773a269b4a42a8f5fc37c7934b0931fd845b292360308
     *,
     enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
     staging_distribution_dns_names: typing.Sequence[builtins.str],
+    single_header_policy_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    single_weight_policy_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     traffic_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnContinuousDeploymentPolicy.TrafficConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+    type: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -22095,6 +22327,14 @@ def _typecheckingstub__ab2cd352992c9ba2b394cb9901d11c00f78ce00fd375f0cc51f4ae240
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__cdc8f6ee6354e61b27155f9e23e4aa75f2a7ba61db0aefaa8b33d79f7772fe16(
+    *,
+    header: builtins.str,
+    value: builtins.str,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__1ba7d952d1015505a10d7999960852df19dab54d6b3113134cf9174ef1030b16(
     *,
     weight: jsii.Number,
@@ -22103,6 +22343,14 @@ def _typecheckingstub__1ba7d952d1015505a10d7999960852df19dab54d6b3113134cf9174ef
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__84e0588982dd4503df87db99f734b545b51a61216a04cbf8ae433c7e6041c065(
+    *,
+    weight: jsii.Number,
+    session_stickiness_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__25e3b1d96d558cd97eeb1dde2cdbe1659675a2229aa5fd29c732485f764f4aa8(
     *,
     type: builtins.str,

aws_cdk/aws_cloudtrail/__init__.py

@@ -1137,7 +1137,7 @@ class CfnEventDataStore(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported. For CloudTrail event records, supported fields include ``readOnly`` , ``eventCategory`` , ``eventSource`` (for management events), ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail event records, the value must be ``Management`` or ``Data`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GuardDuty::Detector`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::VerifiedPermissions::PolicyStore`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>::workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported. For CloudTrail event records, supported fields include ``readOnly`` , ``eventCategory`` , ``eventSource`` (for management events), ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail event records, the value must be ``Management`` or ``Data`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GuardDuty::Detector`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>::workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`` When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`` When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -1231,10 +1231,14 @@ class CfnEventDataStore(
             - ``AWS::SageMaker::Endpoint``
             - ``AWS::SageMaker::ExperimentTrialComponent``
             - ``AWS::SageMaker::FeatureGroup``
+            - ``AWS::SNS::PlatformEndpoint``
+            - ``AWS::SNS::Topic``
             - ``AWS::S3::AccessPoint``
             - ``AWS::S3ObjectLambda::AccessPoint``
             - ``AWS::S3Outposts::Object``
             - ``AWS::SSMMessages::ControlChannel``
+            - ``AWS::Timestream::Database``
+            - ``AWS::Timestream::Table``
             - ``AWS::VerifiedPermissions::PolicyStore``
 
             You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector.
@@ -1326,6 +1330,14 @@ class CfnEventDataStore(
 
             - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>``
 
+            When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>``
+
+            When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>``
+
             When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators.
 
             - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>``
@@ -1343,6 +1355,14 @@ class CfnEventDataStore(
 
             - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>``
 
+            When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>``
+
+            When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>``
+
             When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
 
             - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
@@ -2433,7 +2453,7 @@ class CfnTrail(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported. For CloudTrail event records, supported fields include ``readOnly`` , ``eventCategory`` , ``eventSource`` (for management events), ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail event records, the value must be ``Management`` or ``Data`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GuardDuty::Detector`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::VerifiedPermissions::PolicyStore`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>::workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the field is used only for selecting events as filtering is not supported. For CloudTrail event records, supported fields include ``readOnly`` , ``eventCategory`` , ``eventSource`` (for management events), ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for AWS Config configuration items, Audit Manager evidence, or non- AWS events, the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail event records, the value must be ``Management`` or ``Data`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GuardDuty::Detector`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>::workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`` When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`` When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -2527,10 +2547,14 @@ class CfnTrail(
             - ``AWS::SageMaker::Endpoint``
             - ``AWS::SageMaker::ExperimentTrialComponent``
             - ``AWS::SageMaker::FeatureGroup``
+            - ``AWS::SNS::PlatformEndpoint``
+            - ``AWS::SNS::Topic``
             - ``AWS::S3::AccessPoint``
             - ``AWS::S3ObjectLambda::AccessPoint``
             - ``AWS::S3Outposts::Object``
             - ``AWS::SSMMessages::ControlChannel``
+            - ``AWS::Timestream::Database``
+            - ``AWS::Timestream::Table``
             - ``AWS::VerifiedPermissions::PolicyStore``
 
             You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector.
@@ -2622,6 +2646,14 @@ class CfnTrail(
 
             - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>``
 
+            When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>``
+
+            When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>``
+
             When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators.
 
             - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>``
@@ -2639,6 +2671,14 @@ class CfnTrail(
 
             - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>``
 
+            When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>``
+
+            When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
+
+            - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>``
+
             When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
 
             - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
@@ -2750,7 +2790,7 @@ class CfnTrail(
             - The ``Invoke`` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event.
             - The ``Invoke`` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the ``Invoke`` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event.
 
-            :param type: The resource type in which you want to log data events. You can specify the following *basic* event selector resource types: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` The following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see `AdvancedFieldSelector <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html>`_ . - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GuardDuty::Detector`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::VerifiedPermissions::PolicyStore``
+            :param type: The resource type in which you want to log data events. You can specify the following *basic* event selector resource types: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` The following resource types are also available through *advanced* event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see `AdvancedFieldSelector <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html>`_ . - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GuardDuty::Detector`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore``
             :param values: An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects. - To log data events for all objects in all S3 buckets in your AWS account , specify the prefix as ``arn:aws:s3`` . .. epigraph:: This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account . - To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as ``arn:aws:s3:::bucket-1/`` . The trail logs data events for all objects in this S3 bucket. - To log data events for specific objects, specify the S3 bucket and object prefix such as ``arn:aws:s3:::bucket-1/example-images`` . The trail logs data events for objects in this S3 bucket that match the prefix. - To log data events for all Lambda functions in your AWS account , specify the prefix as ``arn:aws:lambda`` . .. epigraph:: This also enables logging of ``Invoke`` activity performed by any user or role in your AWS account , even if that activity is performed on a function that belongs to another AWS account . - To log data events for a specific Lambda function, specify the function ARN. .. epigraph:: Lambda function ARNs are exact. For example, if you specify a function ARN *arn:aws:lambda:us-west-2:111111111111:function:helloworld* , data events will only be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld* . They will not be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld2* . - To log data events for all DynamoDB tables in your AWS account , specify the prefix as ``arn:aws:dynamodb`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-trail-dataresource.html
@@ -2809,10 +2849,14 @@ class CfnTrail(
             - ``AWS::SageMaker::Endpoint``
             - ``AWS::SageMaker::ExperimentTrialComponent``
             - ``AWS::SageMaker::FeatureGroup``
+            - ``AWS::SNS::PlatformEndpoint``
+            - ``AWS::SNS::Topic``
             - ``AWS::S3::AccessPoint``
             - ``AWS::S3ObjectLambda::AccessPoint``
             - ``AWS::S3Outposts::Object``
             - ``AWS::SSMMessages::ControlChannel``
+            - ``AWS::Timestream::Database``
+            - ``AWS::Timestream::Table``
             - ``AWS::VerifiedPermissions::PolicyStore``
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-trail-dataresource.html#cfn-cloudtrail-trail-dataresource-type