aws-cdk-lib 2.142.1__py3-none-any.whl → 2.143.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-cdk-lib might be problematic. Click here for more details.

Files changed (49) hide show
  1. aws_cdk/_jsii/__init__.py +1 -1
  2. aws_cdk/_jsii/{aws-cdk-lib@2.142.1.jsii.tgz → aws-cdk-lib@2.143.1.jsii.tgz} +0 -0
  3. aws_cdk/aws_amplify/__init__.py +12 -5
  4. aws_cdk/aws_backup/__init__.py +3 -3
  5. aws_cdk/aws_batch/__init__.py +237 -0
  6. aws_cdk/aws_bedrock/__init__.py +700 -16
  7. aws_cdk/aws_budgets/__init__.py +282 -3
  8. aws_cdk/aws_cloudtrail/__init__.py +12 -2
  9. aws_cdk/aws_codebuild/__init__.py +44 -0
  10. aws_cdk/aws_codepipeline/__init__.py +91 -4
  11. aws_cdk/aws_cognito/__init__.py +75 -0
  12. aws_cdk/aws_datazone/__init__.py +1743 -448
  13. aws_cdk/aws_dynamodb/__init__.py +60 -25
  14. aws_cdk/aws_ec2/__init__.py +112 -39
  15. aws_cdk/aws_ecs/__init__.py +3 -3
  16. aws_cdk/aws_ecs_patterns/__init__.py +106 -0
  17. aws_cdk/aws_eks/__init__.py +13 -10
  18. aws_cdk/aws_elasticache/__init__.py +9 -0
  19. aws_cdk/aws_events/__init__.py +219 -14
  20. aws_cdk/aws_events_targets/__init__.py +140 -3
  21. aws_cdk/aws_fms/__init__.py +42 -43
  22. aws_cdk/aws_fsx/__init__.py +3 -3
  23. aws_cdk/aws_identitystore/__init__.py +11 -11
  24. aws_cdk/aws_lambda/__init__.py +45 -0
  25. aws_cdk/aws_lambda_nodejs/__init__.py +16 -6
  26. aws_cdk/aws_lightsail/__init__.py +9 -0
  27. aws_cdk/aws_location/__init__.py +8 -4
  28. aws_cdk/aws_mediaconnect/__init__.py +1789 -39
  29. aws_cdk/aws_mediatailor/__init__.py +21 -1
  30. aws_cdk/aws_mwaa/__init__.py +82 -0
  31. aws_cdk/aws_neptune/__init__.py +374 -0
  32. aws_cdk/aws_personalize/__init__.py +9 -3
  33. aws_cdk/aws_pipes/__init__.py +7 -7
  34. aws_cdk/aws_quicksight/__init__.py +684 -156
  35. aws_cdk/aws_rds/__init__.py +88 -24
  36. aws_cdk/aws_redshift/__init__.py +0 -46
  37. aws_cdk/aws_route53resolver/__init__.py +23 -0
  38. aws_cdk/aws_s3/__init__.py +4 -4
  39. aws_cdk/aws_sagemaker/__init__.py +185 -4
  40. aws_cdk/aws_securityhub/__init__.py +387 -1
  41. aws_cdk/aws_ssm/__init__.py +14 -6
  42. aws_cdk/aws_sso/__init__.py +1243 -34
  43. aws_cdk/cx_api/__init__.py +16 -0
  44. {aws_cdk_lib-2.142.1.dist-info → aws_cdk_lib-2.143.1.dist-info}/METADATA +1 -1
  45. {aws_cdk_lib-2.142.1.dist-info → aws_cdk_lib-2.143.1.dist-info}/RECORD +49 -49
  46. {aws_cdk_lib-2.142.1.dist-info → aws_cdk_lib-2.143.1.dist-info}/LICENSE +0 -0
  47. {aws_cdk_lib-2.142.1.dist-info → aws_cdk_lib-2.143.1.dist-info}/NOTICE +0 -0
  48. {aws_cdk_lib-2.142.1.dist-info → aws_cdk_lib-2.143.1.dist-info}/WHEEL +0 -0
  49. {aws_cdk_lib-2.142.1.dist-info → aws_cdk_lib-2.143.1.dist-info}/top_level.txt +0 -0
aws_cdk/aws_cloudtrail/__init__.py CHANGED
@@ -1248,7 +1248,7 @@ class CfnEventDataStore(
1248
1248
  ) -> None:
1249
1249
  '''A single selector statement in an advanced event selector.
1250
1250
 
1251
- :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. The ``resources.ARN`` field can be set one of the following. If resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::AppConfig::Configuration`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID>`` When resources.type equals ``AWS::B2BI::Transformer`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>`` When resources.type equals ``AWS::Bedrock::AgentAlias`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>`` When resources.type equals ``AWS::Bedrock::KnowledgeBase`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>`` When resources.type equals ``AWS::Cassandra::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>`` When resources.type equals ``AWS::CloudFront::KeyValueStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Customization`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::ComponentVersion`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::Deployment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::IoT::Certificate`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID>`` When ``resources.type`` equals ``AWS::IoT::Thing`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::Asset`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::TimeSeries`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Entity`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::NeptuneGraph::Graph`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::QBusiness::Application`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>`` When ``resources.type`` equals ``AWS::QBusiness::DataSource`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>`` When ``resources.type`` equals ``AWS::QBusiness::Index`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>`` When ``resources.type`` equals ``AWS::QBusiness::WebExperience`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>`` When ``resources.type`` equals ``AWS::RDS::DBCluster`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::SCN::Instance`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Namespace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Service`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>`` When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`` When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>`` When ``resources.type`` equals ``AWS::SQS::Queue`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sqs:<region>:<account_ID>:<queue_name>`` When ``resources.type`` equals ``AWS::SSM::ManagedNode`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats: - ``arn:<partition>:ssm:<region>:<account_ID>:managed-instance/<instance_ID>`` - ``arn:<partition>:ec2:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When ``resources.type`` equals ``AWS::SWF::Domain`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name>`` When ``resources.type`` equals ``AWS::ThinClient::Device`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>`` When ``resources.type`` equals ``AWS::ThinClient::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`` When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
1251
+ :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::QApps:QApp`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. The ``resources.ARN`` field can be set one of the following. If resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::AppConfig::Configuration`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID>`` When resources.type equals ``AWS::B2BI::Transformer`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>`` When resources.type equals ``AWS::Bedrock::AgentAlias`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>`` When resources.type equals ``AWS::Bedrock::KnowledgeBase`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>`` When resources.type equals ``AWS::Cassandra::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>`` When resources.type equals ``AWS::CloudFront::KeyValueStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Customization`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::ComponentVersion`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::Deployment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::IoT::Certificate`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID>`` When ``resources.type`` equals ``AWS::IoT::Thing`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::Asset`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::TimeSeries`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Entity`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::NeptuneGraph::Graph`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::QApps:QApp`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qapps:<region>:<account_ID>:application/<application_UUID>/qapp/<qapp_UUID>`` When ``resources.type`` equals ``AWS::QBusiness::Application`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>`` When ``resources.type`` equals ``AWS::QBusiness::DataSource`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>`` When ``resources.type`` equals ``AWS::QBusiness::Index`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>`` When ``resources.type`` equals ``AWS::QBusiness::WebExperience`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>`` When ``resources.type`` equals ``AWS::RDS::DBCluster`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::SCN::Instance`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Namespace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Service`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>`` When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`` When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>`` When ``resources.type`` equals ``AWS::SQS::Queue`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sqs:<region>:<account_ID>:<queue_name>`` When ``resources.type`` equals ``AWS::SSM::ManagedNode`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats: - ``arn:<partition>:ssm:<region>:<account_ID>:managed-instance/<instance_ID>`` - ``arn:<partition>:ec2:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When ``resources.type`` equals ``AWS::SWF::Domain`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name>`` When ``resources.type`` equals ``AWS::ThinClient::Device`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>`` When ``resources.type`` equals ``AWS::ThinClient::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`` When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
1252
1252
  :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
1253
1253
  :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
1254
1254
  :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -1362,6 +1362,7 @@ class CfnEventDataStore(
1362
1362
  - ``AWS::MedicalImaging::Datastore``
1363
1363
  - ``AWS::NeptuneGraph::Graph``
1364
1364
  - ``AWS::PCAConnectorAD::Connector``
1365
+ - ``AWS::QApps:QApp``
1365
1366
  - ``AWS::QBusiness::Application``
1366
1367
  - ``AWS::QBusiness::DataSource``
1367
1368
  - ``AWS::QBusiness::Index``
@@ -1538,6 +1539,10 @@ class CfnEventDataStore(
1538
1539
 
1539
1540
  - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>``
1540
1541
 
1542
+ When ``resources.type`` equals ``AWS::QApps:QApp`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
1543
+
1544
+ - ``arn:<partition>:qapps:<region>:<account_ID>:application/<application_UUID>/qapp/<qapp_UUID>``
1545
+
1541
1546
  When ``resources.type`` equals ``AWS::QBusiness::Application`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
1542
1547
 
1543
1548
  - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>``
@@ -2906,7 +2911,7 @@ class CfnTrail(
2906
2911
  ) -> None:
2907
2912
  '''A single selector statement in an advanced event selector.
2908
2913
 
2909
- :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. The ``resources.ARN`` field can be set one of the following. If resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::AppConfig::Configuration`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID>`` When resources.type equals ``AWS::B2BI::Transformer`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>`` When resources.type equals ``AWS::Bedrock::AgentAlias`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>`` When resources.type equals ``AWS::Bedrock::KnowledgeBase`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>`` When resources.type equals ``AWS::Cassandra::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>`` When resources.type equals ``AWS::CloudFront::KeyValueStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Customization`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::ComponentVersion`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::Deployment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::IoT::Certificate`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID>`` When ``resources.type`` equals ``AWS::IoT::Thing`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::Asset`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::TimeSeries`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Entity`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::NeptuneGraph::Graph`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::QBusiness::Application`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>`` When ``resources.type`` equals ``AWS::QBusiness::DataSource`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>`` When ``resources.type`` equals ``AWS::QBusiness::Index`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>`` When ``resources.type`` equals ``AWS::QBusiness::WebExperience`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>`` When ``resources.type`` equals ``AWS::RDS::DBCluster`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::SCN::Instance`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Namespace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Service`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>`` When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`` When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>`` When ``resources.type`` equals ``AWS::SQS::Queue`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sqs:<region>:<account_ID>:<queue_name>`` When ``resources.type`` equals ``AWS::SSM::ManagedNode`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats: - ``arn:<partition>:ssm:<region>:<account_ID>:managed-instance/<instance_ID>`` - ``arn:<partition>:ec2:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When ``resources.type`` equals ``AWS::SWF::Domain`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name>`` When ``resources.type`` equals ``AWS::ThinClient::Device`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>`` When ``resources.type`` equals ``AWS::ThinClient::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`` When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
2914
+ :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::KinesisVideo::Stream`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::QApps:QApp`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::S3::AccessPoint`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs. The ``resources.ARN`` field can be set one of the following. If resources.type equals ``AWS::S3::Object`` , the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information. - ``arn:<partition>:s3:::<bucket_name>/`` - ``arn:<partition>:s3:::<bucket_name>/<object_path>/`` When resources.type equals ``AWS::DynamoDB::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>`` When resources.type equals ``AWS::Lambda::Function`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>`` When resources.type equals ``AWS::AppConfig::Configuration`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID>`` When resources.type equals ``AWS::B2BI::Transformer`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>`` When resources.type equals ``AWS::Bedrock::AgentAlias`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>`` When resources.type equals ``AWS::Bedrock::KnowledgeBase`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>`` When resources.type equals ``AWS::Cassandra::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>`` When resources.type equals ``AWS::CloudFront::KeyValueStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>`` When resources.type equals ``AWS::CloudTrail::Channel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>`` When resources.type equals ``AWS::CodeWhisperer::Customization`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>`` When resources.type equals ``AWS::CodeWhisperer::Profile`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>`` When resources.type equals ``AWS::Cognito::IdentityPool`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>`` When ``resources.type`` equals ``AWS::DynamoDB::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>`` When ``resources.type`` equals ``AWS::EC2::Snapshot`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>`` When ``resources.type`` equals ``AWS::EMRWAL::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>`` When ``resources.type`` equals ``AWS::FinSpace::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Glue::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::ComponentVersion`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name>`` When ``resources.type`` equals ``AWS::GreengrassV2::Deployment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID`` When ``resources.type`` equals ``AWS::GuardDuty::Detector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>`` When ``resources.type`` equals ``AWS::IoT::Certificate`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID>`` When ``resources.type`` equals ``AWS::IoT::Thing`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::Asset`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID>`` When ``resources.type`` equals ``AWS::IoTSiteWise::TimeSeries`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Entity`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>`` When ``resources.type`` equals ``AWS::IoTTwinMaker::Workspace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>`` When ``resources.type`` equals ``AWS::KendraRanking::ExecutionPlan`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>`` When ``resources.type`` equals ``AWS::KinesisVideo::Stream`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Network`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:::networks/<network_name>`` When ``resources.type`` equals ``AWS::ManagedBlockchain::Node`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>`` When ``resources.type`` equals ``AWS::MedicalImaging::Datastore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>`` When ``resources.type`` equals ``AWS::NeptuneGraph::Graph`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>`` When ``resources.type`` equals ``AWS::PCAConnectorAD::Connector`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>`` When ``resources.type`` equals ``AWS::QApps:QApp`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qapps:<region>:<account_ID>:application/<application_UUID>/qapp/<qapp_UUID>`` When ``resources.type`` equals ``AWS::QBusiness::Application`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>`` When ``resources.type`` equals ``AWS::QBusiness::DataSource`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>`` When ``resources.type`` equals ``AWS::QBusiness::Index`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>`` When ``resources.type`` equals ``AWS::QBusiness::WebExperience`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>`` When ``resources.type`` equals ``AWS::RDS::DBCluster`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>`` When ``resources.type`` equals ``AWS::S3::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the ``StartsWith`` or ``NotStartsWith`` operators. - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>`` - ``arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>`` When ``resources.type`` equals ``AWS::S3ObjectLambda::AccessPoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>`` When ``resources.type`` equals ``AWS::S3Outposts::Object`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>`` When ``resources.type`` equals ``AWS::SageMaker::Endpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>`` When ``resources.type`` equals ``AWS::SageMaker::ExperimentTrialComponent`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>`` When ``resources.type`` equals ``AWS::SageMaker::FeatureGroup`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>`` When ``resources.type`` equals ``AWS::SCN::Instance`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Namespace`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>`` When ``resources.type`` equals ``AWS::ServiceDiscovery::Service`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>`` When ``resources.type`` equals ``AWS::SNS::PlatformEndpoint`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>`` When ``resources.type`` equals ``AWS::SNS::Topic`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sns:<region>:<account_ID>:<topic_name>`` When ``resources.type`` equals ``AWS::SQS::Queue`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:sqs:<region>:<account_ID>:<queue_name>`` When ``resources.type`` equals ``AWS::SSM::ManagedNode`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in one of the following formats: - ``arn:<partition>:ssm:<region>:<account_ID>:managed-instance/<instance_ID>`` - ``arn:<partition>:ec2:<region>:<account_ID>:instance/<instance_ID>`` When ``resources.type`` equals ``AWS::SSMMessages::ControlChannel`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>`` When ``resources.type`` equals ``AWS::SWF::Domain`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name>`` When ``resources.type`` equals ``AWS::ThinClient::Device`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>`` When ``resources.type`` equals ``AWS::ThinClient::Environment`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>`` When ``resources.type`` equals ``AWS::Timestream::Database`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>`` When ``resources.type`` equals ``AWS::Timestream::Table`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>`` When resources.type equals ``AWS::VerifiedPermissions::PolicyStore`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format: - ``arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>``
2910
2915
  :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
2911
2916
  :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
2912
2917
  :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -3020,6 +3025,7 @@ class CfnTrail(
3020
3025
  - ``AWS::MedicalImaging::Datastore``
3021
3026
  - ``AWS::NeptuneGraph::Graph``
3022
3027
  - ``AWS::PCAConnectorAD::Connector``
3028
+ - ``AWS::QApps:QApp``
3023
3029
  - ``AWS::QBusiness::Application``
3024
3030
  - ``AWS::QBusiness::DataSource``
3025
3031
  - ``AWS::QBusiness::Index``
@@ -3196,6 +3202,10 @@ class CfnTrail(
3196
3202
 
3197
3203
  - ``arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>``
3198
3204
 
3205
+ When ``resources.type`` equals ``AWS::QApps:QApp`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
3206
+
3207
+ - ``arn:<partition>:qapps:<region>:<account_ID>:application/<application_UUID>/qapp/<qapp_UUID>``
3208
+
3199
3209
  When ``resources.type`` equals ``AWS::QBusiness::Application`` , and the operator is set to ``Equals`` or ``NotEquals`` , the ARN must be in the following format:
3200
3210
 
3201
3211
  - ``arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>``
aws_cdk/aws_codebuild/__init__.py CHANGED
@@ -633,6 +633,28 @@ The created policy will adjust to the report group type. If no type is specified
633
633
  For more information on the test reports feature,
634
634
  see the [AWS CodeBuild documentation](https://docs.aws.amazon.com/codebuild/latest/userguide/test-reporting.html).
635
635
 
636
+ ### Report group deletion
637
+
638
+ When a report group is removed from a stack (or the stack is deleted), the report
639
+ group will be removed according to its removal policy (which by default will
640
+ simply orphan the report group and leave it in your AWS account). If the removal
641
+ policy is set to `RemovalPolicy.DESTROY`, the report group will be deleted as long
642
+ as it does not contain any reports.
643
+
644
+ To override this and force all reports to get deleted during report group deletion,
645
+ enable the `deleteReports` option as well as setting the removal policy to
646
+ `RemovalPolicy.DESTROY`.
647
+
648
+ ```python
649
+ import aws_cdk as cdk
650
+
651
+
652
+ report_group = codebuild.ReportGroup(self, "ReportGroup",
653
+ removal_policy=cdk.RemovalPolicy.DESTROY,
654
+ delete_reports=True
655
+ )
656
+ ```
657
+
636
658
  ## Events
637
659
 
638
660
  CodeBuild projects can be used either as a source for events or be triggered
@@ -12997,6 +13019,7 @@ class ReportGroup(
12997
13019
  scope: _constructs_77d1e7e8.Construct,
12998
13020
  id: builtins.str,
12999
13021
  *,
13022
+ delete_reports: typing.Optional[builtins.bool] = None,
13000
13023
  export_bucket: typing.Optional[_IBucket_42e086fd] = None,
13001
13024
  removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
13002
13025
  report_group_name: typing.Optional[builtins.str] = None,
@@ -13006,6 +13029,7 @@ class ReportGroup(
13006
13029
  '''
13007
13030
  :param scope: -
13008
13031
  :param id: -
13032
+ :param delete_reports: If true, deleting the report group force deletes the contents of the report group. If false, the report group must be empty before attempting to delete it. Default: false
13009
13033
  :param export_bucket: An optional S3 bucket to export the reports to. Default: - the reports will not be exported
13010
13034
  :param removal_policy: What to do when this resource is deleted from a stack. As CodeBuild does not allow deleting a ResourceGroup that has reports inside of it, this is set to retain the resource by default. Default: RemovalPolicy.RETAIN
13011
13035
  :param report_group_name: The physical name of the report group. Default: - CloudFormation-generated name
@@ -13017,6 +13041,7 @@ class ReportGroup(
13017
13041
  check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
13018
13042
  check_type(argname="argument id", value=id, expected_type=type_hints["id"])
13019
13043
  props = ReportGroupProps(
13044
+ delete_reports=delete_reports,
13020
13045
  export_bucket=export_bucket,
13021
13046
  removal_policy=removal_policy,
13022
13047
  report_group_name=report_group_name,
@@ -13085,6 +13110,7 @@ class ReportGroup(
13085
13110
  jsii_type="aws-cdk-lib.aws_codebuild.ReportGroupProps",
13086
13111
  jsii_struct_bases=[],
13087
13112
  name_mapping={
13113
+ "delete_reports": "deleteReports",
13088
13114
  "export_bucket": "exportBucket",
13089
13115
  "removal_policy": "removalPolicy",
13090
13116
  "report_group_name": "reportGroupName",
@@ -13096,6 +13122,7 @@ class ReportGroupProps:
13096
13122
  def __init__(
13097
13123
  self,
13098
13124
  *,
13125
+ delete_reports: typing.Optional[builtins.bool] = None,
13099
13126
  export_bucket: typing.Optional[_IBucket_42e086fd] = None,
13100
13127
  removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
13101
13128
  report_group_name: typing.Optional[builtins.str] = None,
@@ -13104,6 +13131,7 @@ class ReportGroupProps:
13104
13131
  ) -> None:
13105
13132
  '''Construction properties for ``ReportGroup``.
13106
13133
 
13134
+ :param delete_reports: If true, deleting the report group force deletes the contents of the report group. If false, the report group must be empty before attempting to delete it. Default: false
13107
13135
  :param export_bucket: An optional S3 bucket to export the reports to. Default: - the reports will not be exported
13108
13136
  :param removal_policy: What to do when this resource is deleted from a stack. As CodeBuild does not allow deleting a ResourceGroup that has reports inside of it, this is set to retain the resource by default. Default: RemovalPolicy.RETAIN
13109
13137
  :param report_group_name: The physical name of the report group. Default: - CloudFormation-generated name
@@ -13138,12 +13166,15 @@ class ReportGroupProps:
13138
13166
  '''
13139
13167
  if __debug__:
13140
13168
  type_hints = typing.get_type_hints(_typecheckingstub__113dabd71f83c3a9d63dc8e1a01e750c97daab46899376ec28d882541d711e8d)
13169
+ check_type(argname="argument delete_reports", value=delete_reports, expected_type=type_hints["delete_reports"])
13141
13170
  check_type(argname="argument export_bucket", value=export_bucket, expected_type=type_hints["export_bucket"])
13142
13171
  check_type(argname="argument removal_policy", value=removal_policy, expected_type=type_hints["removal_policy"])
13143
13172
  check_type(argname="argument report_group_name", value=report_group_name, expected_type=type_hints["report_group_name"])
13144
13173
  check_type(argname="argument type", value=type, expected_type=type_hints["type"])
13145
13174
  check_type(argname="argument zip_export", value=zip_export, expected_type=type_hints["zip_export"])
13146
13175
  self._values: typing.Dict[builtins.str, typing.Any] = {}
13176
+ if delete_reports is not None:
13177
+ self._values["delete_reports"] = delete_reports
13147
13178
  if export_bucket is not None:
13148
13179
  self._values["export_bucket"] = export_bucket
13149
13180
  if removal_policy is not None:
@@ -13155,6 +13186,17 @@ class ReportGroupProps:
13155
13186
  if zip_export is not None:
13156
13187
  self._values["zip_export"] = zip_export
13157
13188
 
13189
+ @builtins.property
13190
+ def delete_reports(self) -> typing.Optional[builtins.bool]:
13191
+ '''If true, deleting the report group force deletes the contents of the report group.
13192
+
13193
+ If false, the report group must be empty before attempting to delete it.
13194
+
13195
+ :default: false
13196
+ '''
13197
+ result = self._values.get("delete_reports")
13198
+ return typing.cast(typing.Optional[builtins.bool], result)
13199
+
13158
13200
  @builtins.property
13159
13201
  def export_bucket(self) -> typing.Optional[_IBucket_42e086fd]:
13160
13202
  '''An optional S3 bucket to export the reports to.
@@ -17506,6 +17548,7 @@ def _typecheckingstub__90af12e9c380e5aad7e26a2a5663f995163281aac65d37f58da79d950
17506
17548
  scope: _constructs_77d1e7e8.Construct,
17507
17549
  id: builtins.str,
17508
17550
  *,
17551
+ delete_reports: typing.Optional[builtins.bool] = None,
17509
17552
  export_bucket: typing.Optional[_IBucket_42e086fd] = None,
17510
17553
  removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
17511
17554
  report_group_name: typing.Optional[builtins.str] = None,
@@ -17531,6 +17574,7 @@ def _typecheckingstub__0c43f1b89e5327905cbd3ab855ebe25b298798e44abb2a2f958ea3026
17531
17574
 
17532
17575
  def _typecheckingstub__113dabd71f83c3a9d63dc8e1a01e750c97daab46899376ec28d882541d711e8d(
17533
17576
  *,
17577
+ delete_reports: typing.Optional[builtins.bool] = None,
17534
17578
  export_bucket: typing.Optional[_IBucket_42e086fd] = None,
17535
17579
  removal_policy: typing.Optional[_RemovalPolicy_9f93c814] = None,
17536
17580
  report_group_name: typing.Optional[builtins.str] = None,
aws_cdk/aws_codepipeline/__init__.py CHANGED
@@ -2478,7 +2478,10 @@ class CfnPipeline(
2478
2478
  blockers=[codepipeline.CfnPipeline.BlockerDeclarationProperty(
2479
2479
  name="name",
2480
2480
  type="type"
2481
- )]
2481
+ )],
2482
+ on_failure=codepipeline.CfnPipeline.FailureConditionsProperty(
2483
+ result="result"
2484
+ )
2482
2485
  )],
2483
2486
 
2484
2487
  # the properties below are optional
@@ -3566,6 +3569,56 @@ class CfnPipeline(
3566
3569
  k + "=" + repr(v) for k, v in self._values.items()
3567
3570
  )
3568
3571
 
3572
+ @jsii.data_type(
3573
+ jsii_type="aws-cdk-lib.aws_codepipeline.CfnPipeline.FailureConditionsProperty",
3574
+ jsii_struct_bases=[],
3575
+ name_mapping={"result": "result"},
3576
+ )
3577
+ class FailureConditionsProperty:
3578
+ def __init__(self, *, result: builtins.str) -> None:
3579
+ '''
3580
+ :param result:
3581
+
3582
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-failureconditions.html
3583
+ :exampleMetadata: fixture=_generated
3584
+
3585
+ Example::
3586
+
3587
+ # The code below shows an example of how to instantiate this type.
3588
+ # The values are placeholders you should change.
3589
+ from aws_cdk import aws_codepipeline as codepipeline
3590
+
3591
+ failure_conditions_property = codepipeline.CfnPipeline.FailureConditionsProperty(
3592
+ result="result"
3593
+ )
3594
+ '''
3595
+ if __debug__:
3596
+ type_hints = typing.get_type_hints(_typecheckingstub__24827e49ed35c3622e48ed5d5a7874646b28153667949aaac3a40638392631b8)
3597
+ check_type(argname="argument result", value=result, expected_type=type_hints["result"])
3598
+ self._values: typing.Dict[builtins.str, typing.Any] = {
3599
+ "result": result,
3600
+ }
3601
+
3602
+ @builtins.property
3603
+ def result(self) -> builtins.str:
3604
+ '''
3605
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-failureconditions.html#cfn-codepipeline-pipeline-failureconditions-result
3606
+ '''
3607
+ result = self._values.get("result")
3608
+ assert result is not None, "Required property 'result' is missing"
3609
+ return typing.cast(builtins.str, result)
3610
+
3611
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
3612
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
3613
+
3614
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
3615
+ return not (rhs == self)
3616
+
3617
+ def __repr__(self) -> str:
3618
+ return "FailureConditionsProperty(%s)" % ", ".join(
3619
+ k + "=" + repr(v) for k, v in self._values.items()
3620
+ )
3621
+
3569
3622
  @jsii.data_type(
3570
3623
  jsii_type="aws-cdk-lib.aws_codepipeline.CfnPipeline.GitBranchFilterCriteriaProperty",
3571
3624
  jsii_struct_bases=[],
@@ -4333,7 +4386,12 @@ class CfnPipeline(
4333
4386
  @jsii.data_type(
4334
4387
  jsii_type="aws-cdk-lib.aws_codepipeline.CfnPipeline.StageDeclarationProperty",
4335
4388
  jsii_struct_bases=[],
4336
- name_mapping={"actions": "actions", "name": "name", "blockers": "blockers"},
4389
+ name_mapping={
4390
+ "actions": "actions",
4391
+ "name": "name",
4392
+ "blockers": "blockers",
4393
+ "on_failure": "onFailure",
4394
+ },
4337
4395
  )
4338
4396
  class StageDeclarationProperty:
4339
4397
  def __init__(
@@ -4342,12 +4400,14 @@ class CfnPipeline(
4342
4400
  actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnPipeline.ActionDeclarationProperty", typing.Dict[builtins.str, typing.Any]]]]],
4343
4401
  name: builtins.str,
4344
4402
  blockers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnPipeline.BlockerDeclarationProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
4403
+ on_failure: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnPipeline.FailureConditionsProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
4345
4404
  ) -> None:
4346
4405
  '''Represents information about a stage and its definition.
4347
4406
 
4348
4407
  :param actions: The actions included in a stage.
4349
4408
  :param name: The name of the stage.
4350
4409
  :param blockers: Reserved for future use.
4410
+ :param on_failure:
4351
4411
 
4352
4412
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-stagedeclaration.html
4353
4413
  :exampleMetadata: fixture=_generated
@@ -4390,7 +4450,10 @@ class CfnPipeline(
4390
4450
  blockers=[codepipeline.CfnPipeline.BlockerDeclarationProperty(
4391
4451
  name="name",
4392
4452
  type="type"
4393
- )]
4453
+ )],
4454
+ on_failure=codepipeline.CfnPipeline.FailureConditionsProperty(
4455
+ result="result"
4456
+ )
4394
4457
  )
4395
4458
  '''
4396
4459
  if __debug__:
@@ -4398,12 +4461,15 @@ class CfnPipeline(
4398
4461
  check_type(argname="argument actions", value=actions, expected_type=type_hints["actions"])
4399
4462
  check_type(argname="argument name", value=name, expected_type=type_hints["name"])
4400
4463
  check_type(argname="argument blockers", value=blockers, expected_type=type_hints["blockers"])
4464
+ check_type(argname="argument on_failure", value=on_failure, expected_type=type_hints["on_failure"])
4401
4465
  self._values: typing.Dict[builtins.str, typing.Any] = {
4402
4466
  "actions": actions,
4403
4467
  "name": name,
4404
4468
  }
4405
4469
  if blockers is not None:
4406
4470
  self._values["blockers"] = blockers
4471
+ if on_failure is not None:
4472
+ self._values["on_failure"] = on_failure
4407
4473
 
4408
4474
  @builtins.property
4409
4475
  def actions(
@@ -4438,6 +4504,16 @@ class CfnPipeline(
4438
4504
  result = self._values.get("blockers")
4439
4505
  return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnPipeline.BlockerDeclarationProperty"]]]], result)
4440
4506
 
4507
+ @builtins.property
4508
+ def on_failure(
4509
+ self,
4510
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnPipeline.FailureConditionsProperty"]]:
4511
+ '''
4512
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codepipeline-pipeline-stagedeclaration.html#cfn-codepipeline-pipeline-stagedeclaration-onfailure
4513
+ '''
4514
+ result = self._values.get("on_failure")
4515
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnPipeline.FailureConditionsProperty"]], result)
4516
+
4441
4517
  def __eq__(self, rhs: typing.Any) -> builtins.bool:
4442
4518
  return isinstance(rhs, self.__class__) and rhs._values == self._values
4443
4519
 
@@ -4705,7 +4781,10 @@ class CfnPipelineProps:
4705
4781
  blockers=[codepipeline.CfnPipeline.BlockerDeclarationProperty(
4706
4782
  name="name",
4707
4783
  type="type"
4708
- )]
4784
+ )],
4785
+ on_failure=codepipeline.CfnPipeline.FailureConditionsProperty(
4786
+ result="result"
4787
+ )
4709
4788
  )],
4710
4789
 
4711
4790
  # the properties below are optional
@@ -9792,6 +9871,13 @@ def _typecheckingstub__947de613103ce26163068b14d3b93b5c2d7f86d29fa6fc5cbd1509b11
9792
9871
  """Type checking stubs"""
9793
9872
  pass
9794
9873
 
9874
+ def _typecheckingstub__24827e49ed35c3622e48ed5d5a7874646b28153667949aaac3a40638392631b8(
9875
+ *,
9876
+ result: builtins.str,
9877
+ ) -> None:
9878
+ """Type checking stubs"""
9879
+ pass
9880
+
9795
9881
  def _typecheckingstub__1d236727cda322520f3a703d9e848a434f71ca107e953aec5359ac063333d29b(
9796
9882
  *,
9797
9883
  excludes: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -9870,6 +9956,7 @@ def _typecheckingstub__6d7aa29ffac3603e5ca76edf19c1467363376322d9bc527c818c0d2c8
9870
9956
  actions: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPipeline.ActionDeclarationProperty, typing.Dict[builtins.str, typing.Any]]]]],
9871
9957
  name: builtins.str,
9872
9958
  blockers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPipeline.BlockerDeclarationProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
9959
+ on_failure: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnPipeline.FailureConditionsProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
9873
9960
  ) -> None:
9874
9961
  """Type checking stubs"""
9875
9962
  pass