aws-cdk-lib 2.152.0__py3-none-any.whl → 2.154.0__py3-none-any.whl

aws_cdk/aws_cloudtrail/__init__.py

@@ -473,7 +473,7 @@ class CfnChannel(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__af90446cbf2dae59bef52fb3ee6ec0e5b9c6098eff5af75a5963dd51c4683a5e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "destinations", value)
+        jsii.set(self, "destinations", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -486,7 +486,7 @@ class CfnChannel(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9f6f560b40b7326691d9bf63d6ea7b8ad77377af3911f812fa5d243141752b34)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="source")
@@ -499,7 +499,7 @@ class CfnChannel(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__63777c16355eca1495edc2932fdadb55a7e3c86d73124f1d93d1c28b2ad64ee7)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "source", value)
+        jsii.set(self, "source", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -512,7 +512,7 @@ class CfnChannel(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__29044cfd0c28f00acd85e04beb454a19a2c4d87d4786f0af019f0209c639da8b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_cloudtrail.CfnChannel.DestinationProperty",
@@ -913,7 +913,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__7bc51d9a1ef5affc48ffb624785b29a7a5d0a3eba5e72b94f687da94194f4973)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "advancedEventSelectors", value)
+        jsii.set(self, "advancedEventSelectors", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="billingMode")
@@ -926,7 +926,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__106939491635761bff083d6af3ca26d1723f9df71ec433399c5746554b88e334)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "billingMode", value)
+        jsii.set(self, "billingMode", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="federationEnabled")
@@ -944,7 +944,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__765513d5a073b76962f766e5dc1a967c4ad42a5bb2200d9f880aac945789b35d)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "federationEnabled", value)
+        jsii.set(self, "federationEnabled", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="federationRoleArn")
@@ -957,7 +957,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__02d5876fb281f125b4a84c7554b6ae992b9b7433cab839d402d60601a9872704)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "federationRoleArn", value)
+        jsii.set(self, "federationRoleArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="ingestionEnabled")
@@ -975,7 +975,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__3120b4fc57c151f577843e6f55242684964162de4d4061991c82480a0fae581b)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "ingestionEnabled", value)
+        jsii.set(self, "ingestionEnabled", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="insightsDestination")
@@ -988,7 +988,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d10aa59d5d60b5a68edf57d8df52934e03f5e4f0802a1d7dab4552592f2ee609)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "insightsDestination", value)
+        jsii.set(self, "insightsDestination", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="insightSelectors")
@@ -1006,7 +1006,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b360ff34d6b267287ccf6e4c636b401ab6c739c7a90856639462b1c738855c92)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "insightSelectors", value)
+        jsii.set(self, "insightSelectors", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="kmsKeyId")
@@ -1019,7 +1019,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b2945b7a3d4af202bf1a8d8550ce4b17a1ab219e4dd829832fc9bd51a53c69b0)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "kmsKeyId", value)
+        jsii.set(self, "kmsKeyId", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="multiRegionEnabled")
@@ -1037,7 +1037,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__69742230d7479a5e2d180046d6dbe2ea4627b1fbe6861d248e8fa77f7c0dcd20)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "multiRegionEnabled", value)
+        jsii.set(self, "multiRegionEnabled", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="name")
@@ -1050,7 +1050,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a01c2b1ec1e4ebac8e9e92744ee1402309ee4033c2267e1089f605b125f4b192)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
+        jsii.set(self, "name", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="organizationEnabled")
@@ -1068,7 +1068,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__565712bf828bb8c2b0f6a80ca025d431aa72043d60fff9a95e02336f6f1e0d1c)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "organizationEnabled", value)
+        jsii.set(self, "organizationEnabled", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="retentionPeriod")
@@ -1081,7 +1081,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__9508e34267838b75568905c8769ff7999130a13cb85b3d1abf67ef17b5958102)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "retentionPeriod", value)
+        jsii.set(self, "retentionPeriod", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -1094,7 +1094,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e6acb86a62af0621d981781f78b5611035089e25ca1472411f75d1b6e352ead2)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="terminationProtectionEnabled")
@@ -1112,7 +1112,7 @@ class CfnEventDataStore(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__f57ea7bcecd4a4cd58674384395db2bcf2721c3bcfa216c86922651a268041e5)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "terminationProtectionEnabled", value)
+        jsii.set(self, "terminationProtectionEnabled", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_cloudtrail.CfnEventDataStore.AdvancedEventSelectorProperty",
@@ -1248,7 +1248,7 @@ class CfnEventDataStore(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::FlowAlias`` - ``AWS::Bedrock::Guardrail`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CloudWatch::Metric`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::DynamoDB::Table`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::Kinesis::Stream`` - ``AWS::Kinesis::StreamConsumer`` - ``AWS::KinesisVideo::Stream`` - ``AWS::Lambda::Function`` - ``AWS::MachineLearning::MlModel`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::One::UKey`` - ``AWS::One::User`` - ``AWS::PaymentCryptography::Alias`` - ``AWS::PaymentCryptography::Key`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::PCAConnectorSCEP::Connector`` - ``AWS::QApps:QApp`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::S3::AccessPoint`` - ``AWS::S3::Object`` - ``AWS::S3Express::Object`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::StepFunctions::StateMachine`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs.
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::FlowAlias`` - ``AWS::Bedrock::Guardrail`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CloudWatch::Metric`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::DynamoDB::Table`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::Kinesis::Stream`` - ``AWS::Kinesis::StreamConsumer`` - ``AWS::KinesisVideo::Stream`` - ``AWS::Lambda::Function`` - ``AWS::MachineLearning::MlModel`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::One::UKey`` - ``AWS::One::User`` - ``AWS::PaymentCryptography::Alias`` - ``AWS::PaymentCryptography::Key`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::PCAConnectorSCEP::Connector`` - ``AWS::QApps:QApp`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::RUM::AppMonitor`` - ``AWS::S3::AccessPoint`` - ``AWS::S3::Object`` - ``AWS::S3Express::Object`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::StepFunctions::StateMachine`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs.
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -1378,6 +1378,7 @@ class CfnEventDataStore(
             - ``AWS::QBusiness::Index``
             - ``AWS::QBusiness::WebExperience``
             - ``AWS::RDS::DBCluster``
+            - ``AWS::RUM::AppMonitor``
             - ``AWS::S3::AccessPoint``
             - ``AWS::S3::Object``
             - ``AWS::S3Express::Object``
@@ -1994,7 +1995,7 @@ class CfnResourcePolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c2bbc7a61c40e678ccc323afced9d77064978b41254369fee4db815497450dcd)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "resourceArn", value)
+        jsii.set(self, "resourceArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="resourcePolicy")
@@ -2007,7 +2008,7 @@ class CfnResourcePolicy(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__e81052ff397bfd1d58bc17a51da7f1ee393c63b322c1b7d43b49b11f481e0ade)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "resourcePolicy", value)
+        jsii.set(self, "resourcePolicy", value) # pyright: ignore[reportArgumentType]
 
 
 @jsii.data_type(
@@ -2302,7 +2303,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__28420bf6c9605a8eeb3ac59acf7f894b63e53a96b92e9d477f9cd206f2f9cf41)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "isLogging", value)
+        jsii.set(self, "isLogging", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="s3BucketName")
@@ -2315,7 +2316,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__950bb01f69a31c7f47512f3a4330d4ce5db85c66795a79936ef3af33a322c8b2)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "s3BucketName", value)
+        jsii.set(self, "s3BucketName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="advancedEventSelectors")
@@ -2333,7 +2334,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ae10dc28d41ecf82427e4cef4ce27f9c40933974aaf57ffd8e73f19c06621f53)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "advancedEventSelectors", value)
+        jsii.set(self, "advancedEventSelectors", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="cloudWatchLogsLogGroupArn")
@@ -2349,7 +2350,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__58f37437f0af59fad3f65c1d9ef003f52fa49f6aabcba3b40c779f379b8b0410)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "cloudWatchLogsLogGroupArn", value)
+        jsii.set(self, "cloudWatchLogsLogGroupArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="cloudWatchLogsRoleArn")
@@ -2362,7 +2363,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__cabe9b73fb8bc4d76fde324653a247811fa621cc9003d2c46e84b890b919cd28)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "cloudWatchLogsRoleArn", value)
+        jsii.set(self, "cloudWatchLogsRoleArn", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="enableLogFileValidation")
@@ -2383,7 +2384,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__0b942505386f8e61551da02925be57cd0474923089182c193fde0b17fe804056)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "enableLogFileValidation", value)
+        jsii.set(self, "enableLogFileValidation", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="eventSelectors")
@@ -2401,7 +2402,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1ef2943100a700e4bd2b0922f697c3d0da51c014bec4f2a8c4063f59e83067d7)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "eventSelectors", value)
+        jsii.set(self, "eventSelectors", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="includeGlobalServiceEvents")
@@ -2419,7 +2420,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__1a1c2489b0dca720e7fab9917132eaf8dc9468d58f2d500bccd7579577d74434)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "includeGlobalServiceEvents", value)
+        jsii.set(self, "includeGlobalServiceEvents", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="insightSelectors")
@@ -2437,7 +2438,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__2d11150f51682efcafc38f048d84c35a263b443e02355965298d566b0714947d)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "insightSelectors", value)
+        jsii.set(self, "insightSelectors", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="isMultiRegionTrail")
@@ -2455,7 +2456,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__48558347dbb5febc8abf93096cfc174c76cbab4c443d68076643e329fb0787c0)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "isMultiRegionTrail", value)
+        jsii.set(self, "isMultiRegionTrail", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="isOrganizationTrail")
@@ -2473,7 +2474,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__583ab7d05361279f7f55956fec04616c02d033f55ef6113a3cf8c36630cd5ec5)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "isOrganizationTrail", value)
+        jsii.set(self, "isOrganizationTrail", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="kmsKeyId")
@@ -2486,7 +2487,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__4fac6d2810385893265f6ef2611c9d8ceaa7635731b1ae56291d8e43a83cc907)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "kmsKeyId", value)
+        jsii.set(self, "kmsKeyId", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="s3KeyPrefix")
@@ -2499,7 +2500,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__a62410d04026f326fad72a00ba17b36e83eb965baeada846126607f600de0f7f)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "s3KeyPrefix", value)
+        jsii.set(self, "s3KeyPrefix", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="snsTopicName")
@@ -2512,7 +2513,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__99ce4d6977c0c8f0ad39dd667104baf8babcda3f6e64b94361cd24302f9bfb12)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "snsTopicName", value)
+        jsii.set(self, "snsTopicName", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="tagsRaw")
@@ -2525,7 +2526,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__b6e90bde6d2082aefdd7c19acee054825987d54ead9c95ec2dbe11a014f72339)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "tagsRaw", value)
+        jsii.set(self, "tagsRaw", value) # pyright: ignore[reportArgumentType]
 
     @builtins.property
     @jsii.member(jsii_name="trailName")
@@ -2541,7 +2542,7 @@ class CfnTrail(
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__29683f56476eaa26adca4a9a9312d409428d1af457282b2a0f93af552333a02e)
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "trailName", value)
+        jsii.set(self, "trailName", value) # pyright: ignore[reportArgumentType]
 
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_cloudtrail.CfnTrail.AdvancedEventSelectorProperty",
@@ -2677,7 +2678,7 @@ class CfnTrail(
         ) -> None:
             '''A single selector statement in an advanced event selector.
 
-            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::FlowAlias`` - ``AWS::Bedrock::Guardrail`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CloudWatch::Metric`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::DynamoDB::Table`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::Kinesis::Stream`` - ``AWS::Kinesis::StreamConsumer`` - ``AWS::KinesisVideo::Stream`` - ``AWS::Lambda::Function`` - ``AWS::MachineLearning::MlModel`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::One::UKey`` - ``AWS::One::User`` - ``AWS::PaymentCryptography::Alias`` - ``AWS::PaymentCryptography::Key`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::PCAConnectorSCEP::Connector`` - ``AWS::QApps:QApp`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::S3::AccessPoint`` - ``AWS::S3::Object`` - ``AWS::S3Express::Object`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::StepFunctions::StateMachine`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs.
+            :param field: A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported. For CloudTrail management events, supported fields include ``readOnly`` , ``eventCategory`` , and ``eventSource`` . For CloudTrail data events, supported fields include ``readOnly`` , ``eventCategory`` , ``eventName`` , ``resources.type`` , and ``resources.ARN`` . For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is ``eventCategory`` . - *``readOnly``* - Optional. Can be set to ``Equals`` a value of ``true`` or ``false`` . If you do not add this field, CloudTrail logs both ``read`` and ``write`` events. A value of ``true`` logs only ``read`` events. A value of ``false`` logs only ``write`` events. - *``eventSource``* - For filtering management events only. This can be set to ``NotEquals`` ``kms.amazonaws.com`` or ``NotEquals`` ``rdsdata.amazonaws.com`` . - *``eventName``* - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as ``PutBucket`` or ``GetSnapshotBlock`` . You can have multiple values for this field, separated by commas. - *``eventCategory``* - This is required and must be set to ``Equals`` . - For CloudTrail management events, the value must be ``Management`` . - For CloudTrail data events, the value must be ``Data`` . The following are used only for event data stores: - For CloudTrail Insights events, the value must be ``Insight`` . - For AWS Config configuration items, the value must be ``ConfigurationItem`` . - For Audit Manager evidence, the value must be ``Evidence`` . - For non- AWS events, the value must be ``ActivityAuditLog`` . - *``resources.type``* - This field is required for CloudTrail data events. ``resources.type`` can only use the ``Equals`` operator, and the value can be one of the following: - ``AWS::AppConfig::Configuration`` - ``AWS::B2BI::Transformer`` - ``AWS::Bedrock::AgentAlias`` - ``AWS::Bedrock::FlowAlias`` - ``AWS::Bedrock::Guardrail`` - ``AWS::Bedrock::KnowledgeBase`` - ``AWS::Cassandra::Table`` - ``AWS::CloudFront::KeyValueStore`` - ``AWS::CloudTrail::Channel`` - ``AWS::CloudWatch::Metric`` - ``AWS::CodeWhisperer::Customization`` - ``AWS::CodeWhisperer::Profile`` - ``AWS::Cognito::IdentityPool`` - ``AWS::DynamoDB::Stream`` - ``AWS::DynamoDB::Table`` - ``AWS::EC2::Snapshot`` - ``AWS::EMRWAL::Workspace`` - ``AWS::FinSpace::Environment`` - ``AWS::Glue::Table`` - ``AWS::GreengrassV2::ComponentVersion`` - ``AWS::GreengrassV2::Deployment`` - ``AWS::GuardDuty::Detector`` - ``AWS::IoT::Certificate`` - ``AWS::IoT::Thing`` - ``AWS::IoTSiteWise::Asset`` - ``AWS::IoTSiteWise::TimeSeries`` - ``AWS::IoTTwinMaker::Entity`` - ``AWS::IoTTwinMaker::Workspace`` - ``AWS::KendraRanking::ExecutionPlan`` - ``AWS::Kinesis::Stream`` - ``AWS::Kinesis::StreamConsumer`` - ``AWS::KinesisVideo::Stream`` - ``AWS::Lambda::Function`` - ``AWS::MachineLearning::MlModel`` - ``AWS::ManagedBlockchain::Network`` - ``AWS::ManagedBlockchain::Node`` - ``AWS::MedicalImaging::Datastore`` - ``AWS::NeptuneGraph::Graph`` - ``AWS::One::UKey`` - ``AWS::One::User`` - ``AWS::PaymentCryptography::Alias`` - ``AWS::PaymentCryptography::Key`` - ``AWS::PCAConnectorAD::Connector`` - ``AWS::PCAConnectorSCEP::Connector`` - ``AWS::QApps:QApp`` - ``AWS::QBusiness::Application`` - ``AWS::QBusiness::DataSource`` - ``AWS::QBusiness::Index`` - ``AWS::QBusiness::WebExperience`` - ``AWS::RDS::DBCluster`` - ``AWS::RUM::AppMonitor`` - ``AWS::S3::AccessPoint`` - ``AWS::S3::Object`` - ``AWS::S3Express::Object`` - ``AWS::S3ObjectLambda::AccessPoint`` - ``AWS::S3Outposts::Object`` - ``AWS::SageMaker::Endpoint`` - ``AWS::SageMaker::ExperimentTrialComponent`` - ``AWS::SageMaker::FeatureGroup`` - ``AWS::ServiceDiscovery::Namespace`` - ``AWS::ServiceDiscovery::Service`` - ``AWS::SCN::Instance`` - ``AWS::SNS::PlatformEndpoint`` - ``AWS::SNS::Topic`` - ``AWS::SQS::Queue`` - ``AWS::SSM::ManagedNode`` - ``AWS::SSMMessages::ControlChannel`` - ``AWS::StepFunctions::StateMachine`` - ``AWS::SWF::Domain`` - ``AWS::ThinClient::Device`` - ``AWS::ThinClient::Environment`` - ``AWS::Timestream::Database`` - ``AWS::Timestream::Table`` - ``AWS::VerifiedPermissions::PolicyStore`` - ``AWS::XRay::Trace`` You can have only one ``resources.type`` field per selector. To log data events on more than one resource type, add another selector. - *``resources.ARN``* - You can use any operator with ``resources.ARN`` , but if you use ``Equals`` or ``NotEquals`` , the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, use the ``StartsWith`` operator, and include only the bucket ARN as the matching value. For information about filtering on the ``resources.ARN`` field, see `Filtering data events by resources.ARN <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/filtering-data-events.html#filtering-data-events-resourcearn>`_ in the *AWS CloudTrail User Guide* . .. epigraph:: You can't use the ``resources.ARN`` field to filter resource types that do not have ARNs.
             :param ends_with: An operator that includes events that match the last few characters of the event record field specified as the value of ``Field`` .
             :param equal_to: An operator that includes events that match the exact value of the event record field specified as the value of ``Field`` . This is the only valid operator that you can use with the ``readOnly`` , ``eventCategory`` , and ``resources.type`` fields.
             :param not_ends_with: An operator that excludes events that match the last few characters of the event record field specified as the value of ``Field`` .
@@ -2807,6 +2808,7 @@ class CfnTrail(
             - ``AWS::QBusiness::Index``
             - ``AWS::QBusiness::WebExperience``
             - ``AWS::RDS::DBCluster``
+            - ``AWS::RUM::AppMonitor``
             - ``AWS::S3::AccessPoint``
             - ``AWS::S3::Object``
             - ``AWS::S3Express::Object``
@@ -2938,11 +2940,11 @@ class CfnTrail(
 
                The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail.
 
-            The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named ``DOC-EXAMPLE-BUCKET1`` . In this example, the CloudTrail user specified an empty prefix, and the option to log both ``Read`` and ``Write`` data events.
+            The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named ``amzn-s3-demo-bucket1`` . In this example, the CloudTrail user specified an empty prefix, and the option to log both ``Read`` and ``Write`` data events.
 
-            - A user uploads an image file to ``DOC-EXAMPLE-BUCKET1`` .
+            - A user uploads an image file to ``amzn-s3-demo-bucket1`` .
             - The ``PutObject`` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event.
-            - A user uploads an object to an Amazon S3 bucket named ``arn:aws:s3:::DOC-EXAMPLE-BUCKET1`` .
+            - A user uploads an object to an Amazon S3 bucket named ``arn:aws:s3:::amzn-s3-demo-bucket1`` .
             - The ``PutObject`` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event.
 
             The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions.
@@ -2952,7 +2954,7 @@ class CfnTrail(
             - The ``Invoke`` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the ``Invoke`` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event.
 
             :param type: The resource type in which you want to log data events. You can specify the following *basic* event selector resource types: - ``AWS::DynamoDB::Table`` - ``AWS::Lambda::Function`` - ``AWS::S3::Object`` Additional resource types are available through *advanced* event selectors. For more information about these additional resource types, see `AdvancedFieldSelector <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html>`_ .
-            :param values: An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified resource type. - To log data events for all objects in all S3 buckets in your AWS account , specify the prefix as ``arn:aws:s3`` . .. epigraph:: This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account . - To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as ``arn:aws:s3:::DOC-EXAMPLE-BUCKET1/`` . The trail logs data events for all objects in this S3 bucket. - To log data events for specific objects, specify the S3 bucket and object prefix such as ``arn:aws:s3:::DOC-EXAMPLE-BUCKET1/example-images`` . The trail logs data events for objects in this S3 bucket that match the prefix. - To log data events for all Lambda functions in your AWS account , specify the prefix as ``arn:aws:lambda`` . .. epigraph:: This also enables logging of ``Invoke`` activity performed by any user or role in your AWS account , even if that activity is performed on a function that belongs to another AWS account . - To log data events for a specific Lambda function, specify the function ARN. .. epigraph:: Lambda function ARNs are exact. For example, if you specify a function ARN *arn:aws:lambda:us-west-2:111111111111:function:helloworld* , data events will only be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld* . They will not be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld2* . - To log data events for all DynamoDB tables in your AWS account , specify the prefix as ``arn:aws:dynamodb`` .
+            :param values: An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified resource type. - To log data events for all objects in all S3 buckets in your AWS account , specify the prefix as ``arn:aws:s3`` . .. epigraph:: This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account . - To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as ``arn:aws:s3:::amzn-s3-demo-bucket1/`` . The trail logs data events for all objects in this S3 bucket. - To log data events for specific objects, specify the S3 bucket and object prefix such as ``arn:aws:s3:::amzn-s3-demo-bucket1/example-images`` . The trail logs data events for objects in this S3 bucket that match the prefix. - To log data events for all Lambda functions in your AWS account , specify the prefix as ``arn:aws:lambda`` . .. epigraph:: This also enables logging of ``Invoke`` activity performed by any user or role in your AWS account , even if that activity is performed on a function that belongs to another AWS account . - To log data events for a specific Lambda function, specify the function ARN. .. epigraph:: Lambda function ARNs are exact. For example, if you specify a function ARN *arn:aws:lambda:us-west-2:111111111111:function:helloworld* , data events will only be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld* . They will not be logged for *arn:aws:lambda:us-west-2:111111111111:function:helloworld2* . - To log data events for all DynamoDB tables in your AWS account , specify the prefix as ``arn:aws:dynamodb`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudtrail-trail-dataresource.html
             :exampleMetadata: fixture=_generated
@@ -3008,8 +3010,8 @@ class CfnTrail(
 
                This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account .
 
-            - To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as ``arn:aws:s3:::DOC-EXAMPLE-BUCKET1/`` . The trail logs data events for all objects in this S3 bucket.
-            - To log data events for specific objects, specify the S3 bucket and object prefix such as ``arn:aws:s3:::DOC-EXAMPLE-BUCKET1/example-images`` . The trail logs data events for objects in this S3 bucket that match the prefix.
+            - To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as ``arn:aws:s3:::amzn-s3-demo-bucket1/`` . The trail logs data events for all objects in this S3 bucket.
+            - To log data events for specific objects, specify the S3 bucket and object prefix such as ``arn:aws:s3:::amzn-s3-demo-bucket1/example-images`` . The trail logs data events for objects in this S3 bucket that match the prefix.
             - To log data events for all Lambda functions in your AWS account , specify the prefix as ``arn:aws:lambda`` .
 
             .. epigraph::