Module Smaws_Client_CloudTrail.PutEventSelectors

val request : Smaws_Lib.Context.t -> put_event_selectors_request -> (put_event_selectors_response, [> Smaws_Lib.Protocols.AwsJson.error | `CloudTrailARNInvalidException of cloud_trail_arn_invalid_exception | `ConflictException of conflict_exception | `InsufficientDependencyServiceAccessPermissionException of insufficient_dependency_service_access_permission_exception | `InvalidEventSelectorsException of invalid_event_selectors_exception | `InvalidHomeRegionException of invalid_home_region_exception | `InvalidTrailNameException of invalid_trail_name_exception | `NoManagementAccountSLRExistsException of no_management_account_slr_exists_exception | `NotOrganizationMasterAccountException of not_organization_master_account_exception | `OperationNotPermittedException of operation_not_permitted_exception | `ThrottlingException of throttling_exception | `TrailNotFoundException of trail_not_found_exception | `UnsupportedOperationException of unsupported_operation_exception ]) Stdlib.result

Configures an event selector or advanced event selectors for your trail. Use event selectors or advanced event selectors to specify management and data event settings for your trail. If you want your trail to log Insights events, be sure the event selector enables logging of the Insights event types you want configured for your trail. For more information about logging Insights events, see Logging Insights events in the CloudTrail User Guide. By default, trails created without specific event selectors are configured to log all read and write management events, and no data events.

When an event occurs in your account, CloudTrail evaluates the event selectors or advanced event selectors in all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

Example

  1. You create an event selector for a trail and specify that you want write-only events.
  2. The EC2 GetConsoleOutput and RunInstances API operations occur in your account.
  3. CloudTrail evaluates whether the events match your event selectors.
  4. The RunInstances is a write-only event and it matches your event selector. The trail logs the event.
  5. The GetConsoleOutput is a read-only event that doesn't match your event selector. The trail doesn't log the event.

The PutEventSelectors operation must be called from the Region in which the trail was created; otherwise, an InvalidHomeRegionException exception is thrown.

You can configure up to five event selectors for each trail. For more information, see Logging management events, Logging data events, and Quotas in CloudTrail in the CloudTrail User Guide.

You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors, but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events in the CloudTrail User Guide.