Smaws_Client_CloudTrail.Typestype nonrec query_parameters = query_parameter listtype nonrec view_properties_map =
(view_properties_key * view_properties_value) listtype nonrec widget = {view_properties : view_properties_map option;The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide..
*)query_parameters : query_parameters option;The query parameters for the widget.
*)query_statement : query_statement option;The SQL query statement for the widget.
*)query_alias : query_alias option;The query alias used to identify the query for the widget.
*)}A widget on a CloudTrail Lake dashboard.
type nonrec widget_list = widget listtype nonrec update_trail_response = {is_organization_trail : boolean_ option;Specifies whether the trail is an organization trail.
*)kms_key_id : string_ option;Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
cloud_watch_logs_role_arn : string_ option;Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
*)cloud_watch_logs_log_group_arn : string_ option;Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs are delivered.
*)log_file_validation_enabled : boolean_ option;Specifies whether log file integrity validation is enabled.
*)trail_ar_n : string_ option;Specifies the ARN of the trail that was updated. The following is the format of a trail ARN.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
is_multi_region_trail : boolean_ option;Specifies whether the trail exists in one Region or in all Regions.
*)include_global_service_events : boolean_ option;Specifies whether the trail is publishing events from global services such as IAM to the log files.
*)sns_topic_ar_n : string_ option;Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The following is the format of a topic ARN.
arn:aws:sns:us-east-2:123456789012:MyTopic
sns_topic_name : string_ option;This field is no longer in use. Use SnsTopicARN.
s3_key_prefix : string_ option;Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your IAM Log Files.
*)s3_bucket_name : string_ option;Specifies the name of the Amazon S3 bucket designated for publishing log files.
*)name : string_ option;Specifies the name of the trail.
*)}Returns the objects or data listed below if successful. Otherwise, returns an error.
type nonrec update_trail_request = {is_organization_trail : boolean_ option;Specifies whether the trail is applied to all accounts in an organization in Organizations, or only for the current Amazon Web Services account. The default is false, and cannot be true unless the call is made on behalf of an Amazon Web Services account that is the management account for an organization in Organizations. If the trail is not an organization trail and this is set to true, the trail will be created in all Amazon Web Services accounts that belong to the organization. If the trail is an organization trail and this is set to false, the trail will remain in the current Amazon Web Services account but be deleted from all member accounts in the organization.
Only the management account for the organization can convert an organization trail to a non-organization trail, or convert a non-organization trail to an organization trail.
*)kms_key_id : string_ option;Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
cloud_watch_logs_role_arn : string_ option;Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. You must use a role that exists in your account.
*)cloud_watch_logs_log_group_arn : string_ option;Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered. You must use a log group that exists in your account.
Not required unless you specify CloudWatchLogsRoleArn.
enable_log_file_validation : boolean_ option;Specifies whether log file validation is enabled. The default is false.
When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.
*)is_multi_region_trail : boolean_ option;Specifies whether the trail applies only to the current Region or to all Regions. The default is false. If the trail exists only in the current Region and this value is set to true, shadow trails (replications of the trail) will be created in the other Regions. If the trail exists in all Regions and this value is set to false, the trail will remain in the Region where it was created, and its shadow trails in other Regions will be deleted. As a best practice, consider using trails that log events in all Regions.
*)include_global_service_events : boolean_ option;Specifies whether the trail is publishing events from global services such as IAM to the log files.
*)sns_topic_name : string_ option;Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.
*)s3_key_prefix : string_ option;Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.
*)s3_bucket_name : string_ option;Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket naming rules.
*)name : string_;Specifies the name of the trail or trail ARN. If Name is a trail name, the string must meet the following requirements:
my-_namespace and my--namespace are not valid.If Name is a trail ARN, it must be in the following format.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}Specifies settings to update for the trail.
type nonrec unsupported_operation_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the requested operation is not supported.
type nonrec trail_not_provided_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is no longer in use.
type nonrec trail_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the trail with the given name is not found.
type nonrec throttling_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the request rate exceeds the limit.
type nonrec s3_bucket_does_not_exist_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified S3 bucket does not exist.
type nonrec organizations_not_in_use_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the request is made from an Amazon Web Services account that is not a member of an organization. To make this request, sign in using the credentials of an account that belongs to an organization.
type nonrec organization_not_in_all_features_mode_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when Organizations is not configured to support all features. All features must be enabled in Organizations to support creating an organization trail or event data store.
type nonrec operation_not_permitted_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the requested operation is not permitted.
type nonrec not_organization_master_account_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the Amazon Web Services account making the request to create or update an organization trail or event data store is not the management account for an organization in Organizations. For more information, see Prepare For Creating a Trail For Your Organization or Organization event data stores.
type nonrec no_management_account_slr_exists_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the management account does not have a service-linked role.
type nonrec kms_key_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the KMS key does not exist, when the S3 bucket and the KMS key are not in the same Region, or when the KMS key associated with the Amazon SNS topic either does not exist or is not in the same Region.
type nonrec kms_key_disabled_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is no longer in use.
type nonrec kms_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when there is an issue with the specified KMS key and the trail or event data store can't be updated.
type nonrec invalid_trail_name_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:
my-_namespace and my--namespace are not valid.type nonrec invalid_sns_topic_name_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided SNS topic name is not valid.
type nonrec invalid_s3_prefix_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided S3 prefix is not valid.
type nonrec invalid_s3_bucket_name_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided S3 bucket name is not valid.
type nonrec invalid_parameter_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The request includes a parameter that is not valid.
type nonrec invalid_parameter_combination_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the combination of parameters provided is not valid.
type nonrec invalid_kms_key_id_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the KMS key ARN is not valid.
type nonrec invalid_home_region_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when an operation is called on a trail from a Region other than the Region in which the trail was created.
type nonrec invalid_event_selectors_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the PutEventSelectors operation is called with a number of event selectors, advanced event selectors, or data resources that is not valid. The combination of event selectors or advanced event selectors and data resources is not valid. A trail can have up to 5 event selectors. If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. A trail is limited to 250 data resources. These data resources can be distributed across event selectors, but the overall total cannot exceed 250.
You can:
ReadWriteType parameter with a value of read-only is not valid.type nonrec invalid_cloud_watch_logs_role_arn_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided role is not valid.
type nonrec invalid_cloud_watch_logs_log_group_arn_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided CloudWatch Logs log group is not valid.
type nonrec insufficient_sns_topic_policy_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the policy on the Amazon SNS topic is not sufficient.
type nonrec insufficient_s3_bucket_policy_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the policy on the S3 bucket is not sufficient.
type nonrec insufficient_encryption_policy_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}For the CreateTrail PutInsightSelectors, UpdateTrail, StartQuery, and StartImport operations, this exception is thrown when the policy on the S3 bucket or KMS key does not have sufficient permissions for the operation.
For all other operations, this exception is thrown when the policy for the KMS key does not have sufficient permissions for the operation.
type nonrec insufficient_dependency_service_access_permission_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the IAM identity that is used to create the organization resource lacks one or more required permissions for creating an organization resource in a required service.
type nonrec conflict_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified resource is not ready for an operation. This can occur when you try to run an operation on a resource before CloudTrail has time to fully load the resource, or because another operation is modifying the resource. If this exception occurs, wait a few minutes, and then try the operation again.
Cannot set a CloudWatch Logs delivery for this Region.
type nonrec cloud_trail_invalid_client_token_id_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when a call results in the InvalidClientTokenId error code. This can occur when you are creating or updating a trail to send notifications to an Amazon SNS topic that is in a suspended Amazon Web Services account.
type nonrec cloud_trail_arn_invalid_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when an operation is called with an ARN that is not valid.
The following is the format of a trail ARN: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
The following is the format of an event data store ARN: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
The following is the format of a dashboard ARN: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
The following is the format of a channel ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
type nonrec cloud_trail_access_not_enabled_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when trusted access has not been enabled between CloudTrail and Organizations. For more information, see How to enable or disable trusted access in the Organizations User Guide and Prepare For Creating a Trail For Your Organization in the CloudTrail User Guide.
type nonrec operator = operator_value listtype nonrec advanced_field_selector = {not_ends_with : operator option;An operator that excludes events that match the last few characters of the event record field specified as the value of Field.
not_starts_with : operator option;An operator that excludes events that match the first few characters of the event record field specified as the value of Field.
not_equals : operator option;An operator that excludes events that match the exact value of the event record field specified as the value of Field.
ends_with : operator option;An operator that includes events that match the last few characters of the event record field specified as the value of Field.
starts_with : operator option;An operator that includes events that match the first few characters of the event record field specified as the value of Field.
equals : operator option;An operator that includes events that match the exact value of the event record field specified as the value of Field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
field : selector_field;A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for selecting events as filtering is not supported.
For more information, see AdvancedFieldSelector in the CloudTrail API Reference.
Selectors don't support the use of wildcards like * . To match multiple values with a single condition, you may use StartsWith, EndsWith, NotStartsWith, or NotEndsWith to explicitly match the beginning or end of the event field.
}A single selector statement in an advanced event selector.
type nonrec advanced_field_selectors = advanced_field_selector listtype nonrec advanced_event_selector = {field_selectors : advanced_field_selectors;Contains all selector statements in an advanced event selector.
*)name : selector_name option;An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
*)}Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the Logging data events, Logging network activity events, and Logging management events topics in the CloudTrail User Guide.
You cannot apply both event selectors and advanced event selectors to a trail.
For information about configurable advanced event selector fields, see AdvancedEventSelector in the CloudTrail API Reference.
type nonrec advanced_event_selectors = advanced_event_selector listtype nonrec update_event_data_store_response = {federation_role_arn : federation_role_arn option;If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.
*)federation_status : federation_status option;Indicates the Lake query federation status. The status is ENABLED if Lake query federation is enabled, or DISABLED if Lake query federation is disabled. You cannot delete an event data store if the FederationStatus is ENABLED.
billing_mode : billing_mode option;The billing mode for the event data store.
*)kms_key_id : event_data_store_kms_key_id option;Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
updated_timestamp : date option;The timestamp that shows when the event data store was last updated. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.
created_timestamp : date option;The timestamp that shows when an event data store was first created.
*)termination_protection_enabled : termination_protection_enabled option;Indicates whether termination protection is enabled for the event data store.
*)retention_period : retention_period option;The retention period, in days.
*)organization_enabled : boolean_ option;Indicates whether an event data store is collecting logged events for an organization in Organizations.
*)multi_region_enabled : boolean_ option;Indicates whether the event data store includes events from all Regions, or only from the Region in which it was created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors that are applied to the event data store.
*)status : event_data_store_status option;The status of an event data store.
*)name : event_data_store_name option;The name of the event data store.
*)event_data_store_arn : event_data_store_arn option;The ARN of the event data store.
*)}type nonrec update_event_data_store_request = {billing_mode : billing_mode option;You can't change the billing mode from EXTENDABLE_RETENTION_PRICING to FIXED_RETENTION_PRICING. If BillingMode is set to EXTENDABLE_RETENTION_PRICING and you want to use FIXED_RETENTION_PRICING instead, you'll need to stop ingestion on the event data store and create a new event data store that uses FIXED_RETENTION_PRICING.
The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.
The following are the possible values:
EXTENDABLE_RETENTION_PRICING - This billing mode is generally recommended if you want a flexible retention period of up to 3653 days (about 10 years). The default retention period for this billing mode is 366 days.FIXED_RETENTION_PRICING - This billing mode is recommended if you expect to ingest more than 25 TB of event data per month and need a retention period of up to 2557 days (about 7 years). The default retention period for this billing mode is 2557 days.For more information about CloudTrail pricing, see CloudTrail Pricing and Managing CloudTrail Lake costs.
*)kms_key_id : event_data_store_kms_key_id option;Specifies the KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
Disabling or deleting the KMS key, or removing CloudTrail permissions on the key, prevents CloudTrail from logging events to the event data store, and prevents users from querying the data in the event data store that was encrypted with the key. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. Before you disable or delete a KMS key that you are using with an event data store, delete or back up your event data store.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasNamearn:aws:kms:us-east-2:123456789012:alias/MyAliasNamearn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-12345678901212345678-1234-1234-1234-123456789012termination_protection_enabled : termination_protection_enabled option;Indicates that termination protection is enabled and the event data store cannot be automatically deleted.
*)retention_period : retention_period option;The retention period of the event data store, in days. If BillingMode is set to EXTENDABLE_RETENTION_PRICING, you can set a retention period of up to 3653 days, the equivalent of 10 years. If BillingMode is set to FIXED_RETENTION_PRICING, you can set a retention period of up to 2557 days, the equivalent of seven years.
CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you decrease the retention period of an event data store, CloudTrail will remove any events with an eventTime older than the new retention period. For example, if the previous retention period was 365 days and you decrease it to 100 days, CloudTrail will remove events with an eventTime older than 100 days.
organization_enabled : boolean_ option;Specifies whether an event data store collects events logged for an organization in Organizations.
Only the management account for the organization can convert an organization event data store to a non-organization event data store, or convert a non-organization event data store to an organization event data store.
*)multi_region_enabled : boolean_ option;Specifies whether an event data store collects events from all Regions, or only from the Region in which it was created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors used to select events for the event data store. You can configure up to five advanced event selectors for each event data store.
*)name : event_data_store_name option;The event data store name.
*)event_data_store : event_data_store_arn;The ARN (or the ID suffix of the ARN) of the event data store that you want to update.
*)}type nonrec invalid_insight_selectors_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}For PutInsightSelectors, this exception is thrown when the formatting or syntax of the InsightSelectors JSON statement is not valid, or the specified InsightType in the InsightSelectors statement is not valid. Valid values for InsightType are ApiCallRateInsight and ApiErrorRateInsight. To enable Insights on an event data store, the destination event data store specified by the InsightsDestination parameter must log Insights events and the source event data store specified by the EventDataStore parameter must log management events.
For UpdateEventDataStore, this exception is thrown if Insights are enabled on the event data store and the updated advanced event selectors are not compatible with the configured InsightSelectors. If the InsightSelectors includes an InsightType of ApiCallRateInsight, the source event data store must log write management events. If the InsightSelectors includes an InsightType of ApiErrorRateInsight, the source event data store must log management events.
type nonrec inactive_event_data_store_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The event data store is inactive.
type nonrec event_data_store_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The specified event data store was not found.
type nonrec event_data_store_has_ongoing_import_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when you try to update or delete an event data store that currently has an import in progress.
type nonrec event_data_store_arn_invalid_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The specified event data store ARN is not valid or does not map to an event data store in your account.
type nonrec event_data_store_already_exists_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}An event data store with that name already exists.
type nonrec refresh_schedule_frequency = {value : refresh_schedule_frequency_value option;The value for the refresh schedule.
For custom dashboards, the following values are valid when the unit is HOURS: 1, 6, 12, 24
For custom dashboards, the only valid value when the unit is DAYS is 1.
For the Highlights dashboard, the Value must be 6.
unit_ : refresh_schedule_frequency_unit option;The unit to use for the refresh.
For custom dashboards, the unit can be HOURS or DAYS.
For the Highlights dashboard, the Unit must be HOURS.
}Specifies the frequency for a dashboard refresh schedule.
For a custom dashboard, you can schedule a refresh for every 1, 6, 12, or 24 hours, or every day.
type nonrec refresh_schedule = {time_of_day : time_of_day option;The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00.
*)status : refresh_schedule_status option;Specifies whether the refresh schedule is enabled. Set the value to ENABLED to enable the refresh schedule, or to DISABLED to turn off the refresh schedule.
frequency : refresh_schedule_frequency option;The frequency at which you want the dashboard refreshed.
*)}The schedule for a dashboard refresh.
type nonrec update_dashboard_response = {updated_timestamp : date option;The timestamp that shows when the dashboard was updated.
*)created_timestamp : date option;The timestamp that shows when the dashboard was created.
*)termination_protection_enabled : termination_protection_enabled option;Indicates whether termination protection is enabled for the dashboard.
*)refresh_schedule : refresh_schedule option;The refresh schedule for the dashboard, if configured.
*)widgets : widget_list option;An array of widgets for the dashboard.
*)type_ : dashboard_type option;The type of dashboard.
*)name : dashboard_name option;The name for the dashboard.
*)dashboard_arn : dashboard_arn option;The ARN for the dashboard.
*)}type nonrec request_widget = {view_properties : view_properties_map;The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide.
*)query_parameters : query_parameters option;The optional query parameters. The following query parameters are valid: $StartTime$, $EndTime$, and $Period$.
query_statement : query_statement;The query statement for the widget. For custom dashboard widgets, you can query across multiple event data stores as long as all event data stores exist in your account.
When a query uses ? with eventTime, ? must be surrounded by single quotes as follows: '?'.
}Contains information about a widget on a CloudTrail Lake dashboard.
type nonrec request_widget_list = request_widget listtype nonrec update_dashboard_request = {termination_protection_enabled : termination_protection_enabled option;Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled.
*)refresh_schedule : refresh_schedule option;The refresh schedule configuration for the dashboard.
*)widgets : request_widget_list option;An array of widgets for the dashboard. A custom dashboard can have a maximum of 10 widgets.
To add new widgets, pass in an array that includes the existing widgets along with any new widgets. Run the GetDashboard operation to get the list of widgets for the dashboard.
To remove widgets, pass in an array that includes the existing widgets minus the widgets you want removed.
*)dashboard_id : dashboard_arn;The name or ARN of the dashboard.
*)}type nonrec service_quota_exceeded_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the quota is exceeded. For information about CloudTrail quotas, see Service quotas in the Amazon Web Services General Reference.
type nonrec resource_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified resource is not found.
type nonrec invalid_query_statement_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The query that was submitted has validation errors, or uses incorrect syntax or unsupported keywords. For more information about writing a query, see Create or edit a query in the CloudTrail User Guide.
type nonrec destination = {location : location;For channels used for a CloudTrail Lake integration, the location is the ARN of an event data store that receives events from a channel. For service-linked channels, the location is the name of the Amazon Web Services service.
*)type_ : destination_type;The type of destination for events arriving from a channel. For channels used for a CloudTrail Lake integration, the value is EVENT_DATA_STORE. For service-linked channels, the value is AWS_SERVICE.
}Contains information about the destination receiving events.
type nonrec destinations = destination listtype nonrec update_channel_response = {destinations : destinations option;The event data stores that log events arriving through the channel.
*)source : source option;The event source of the channel that was updated.
*)name : channel_name option;The name of the channel that was updated.
*)channel_arn : channel_arn option;The ARN of the channel that was updated.
*)}type nonrec update_channel_request = {name : channel_name option;Changes the name of the channel.
*)destinations : destinations option;The ARNs of event data stores that you want to log events arriving through the channel.
*)channel : channel_arn;The ARN or ID (the ARN suffix) of the channel that you want to update.
*)}type nonrec invalid_event_data_store_category_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when event categories of specified event data stores are not valid.
type nonrec channel_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when CloudTrail cannot find the specified channel.
type nonrec channel_arn_invalid_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified value of ChannelARN is not valid.
type nonrec channel_already_exists_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided channel already exists.
type nonrec trail_info = {home_region : string_ option;The Amazon Web Services Region in which a trail was created.
*)name : string_ option;The name of a trail.
*)trail_ar_n : string_ option;The ARN of a trail.
*)}Information about a CloudTrail trail, including the trail's name, home Region, and Amazon Resource Name (ARN).
type nonrec trails = trail_info listtype nonrec trail_name_list = string_ listtype nonrec trail = {is_organization_trail : boolean_ option;Specifies whether the trail is an organization trail.
*)has_insight_selectors : boolean_ option;Specifies whether a trail has insight types specified in an InsightSelector list.
has_custom_event_selectors : boolean_ option;Specifies if the trail has custom event selectors.
*)kms_key_id : string_ option;Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
cloud_watch_logs_role_arn : string_ option;Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
*)cloud_watch_logs_log_group_arn : string_ option;Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered.
*)log_file_validation_enabled : boolean_ option;Specifies whether log file validation is enabled.
*)trail_ar_n : string_ option;Specifies the ARN of the trail. The following is the format of a trail ARN.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
home_region : string_ option;The Region in which the trail was created.
*)is_multi_region_trail : boolean_ option;Specifies whether the trail exists only in one Region or exists in all Regions.
*)include_global_service_events : boolean_ option;Set to True to include Amazon Web Services API calls from Amazon Web Services global services such as IAM. Otherwise, False.
*)sns_topic_ar_n : string_ option;Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The following is the format of a topic ARN.
arn:aws:sns:us-east-2:123456789012:MyTopic
sns_topic_name : string_ option;This field is no longer in use. Use SnsTopicARN.
s3_key_prefix : string_ option;Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.
*)s3_bucket_name : string_ option;Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. See Amazon S3 Bucket naming rules.
*)name : string_ option;Name of the trail set by calling CreateTrail. The maximum length is 128 characters.
}The settings for a trail.
type nonrec trail_list = trail listtype nonrec trail_already_exists_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified trail already exists.
type nonrec timestamps = date listtype nonrec tag = {value : tag_value option;The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters.
*)key : tag_key;The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies.
*)}A custom key-value pair associated with a resource such as a CloudTrail trail, event data store, dashboard, or channel.
type nonrec tags_list = tag listThe number of tags per trail, event data store, dashboard, or channel has exceeded the permitted amount. Currently, the limit is 50.
type nonrec stop_logging_request = {name : string_;Specifies the name or the CloudTrail ARN of the trail for which CloudTrail will stop logging Amazon Web Services API calls. The following is the format of a trail ARN.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}Passes the request to CloudTrail to stop logging Amazon Web Services API calls for the specified account.
type nonrec s3_import_source = {s3_bucket_access_role_arn : string_;The IAM ARN role used to access the source S3 bucket.
*)s3_bucket_region : string_;The Region associated with the source S3 bucket.
*)s3_location_uri : string_;The URI for the source S3 bucket.
*)}The settings for the source S3 bucket.
The import source.
type nonrec import_destinations = event_data_store_arn listtype nonrec import_statistics = {failed_entries : long option;The number of failed entries.
*)events_completed : long option;The number of trail events imported into the event data store.
*)files_completed : long option;The number of log files that completed import.
*)prefixes_completed : long option;The number of S3 prefixes that completed import.
*)prefixes_found : long option;The number of S3 prefixes found for the import.
*)}Provides statistics for the specified ImportID. CloudTrail does not update import statistics in real-time. Returned values for parameters such as EventsCompleted may be lower than the actual value, because CloudTrail updates statistics incrementally over the course of the import.
type nonrec stop_import_response = {import_statistics : import_statistics option;Returns information on the stopped import.
*)end_event_time : date option;Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.
start_event_time : date option;Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.
updated_timestamp : date option;The timestamp of the import's last update.
*)created_timestamp : date option;The timestamp of the import's creation.
*)import_status : import_status option;The status of the import.
*)destinations : import_destinations option;The ARN of the destination event data store.
*)import_source : import_source option;The source S3 bucket for the import.
*)import_id : uui_d option;The ID for the import.
*)}type nonrec import_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The specified import was not found.
type nonrec stop_event_data_store_ingestion_request = {event_data_store : event_data_store_arn;The ARN (or ID suffix of the ARN) of the event data store for which you want to stop ingestion.
*)}type nonrec invalid_event_data_store_status_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The event data store is not in a status that supports the operation.
type nonrec start_query_response = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)query_id : uui_d option;The ID of the started query.
*)}type nonrec start_query_request = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)query_parameters : query_parameters option;The query parameters for the specified QueryAlias.
query_alias : query_alias option;The alias that identifies a query template.
*)delivery_s3_uri : delivery_s3_uri option;The URI for the S3 bucket where CloudTrail delivers the query results.
*)query_statement : query_statement option;The SQL code of your query.
*)}type nonrec max_concurrent_queries_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}You are already running the maximum number of concurrent queries. The maximum number of concurrent queries is 10. Wait a minute for some queries to finish, and then run the query again.
type nonrec start_logging_request = {name : string_;Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs Amazon Web Services API calls. The following is the format of a trail ARN.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}The request to CloudTrail to start logging Amazon Web Services API calls for an account.
type nonrec start_import_response = {updated_timestamp : date option;The timestamp of the import's last update, if applicable.
*)created_timestamp : date option;The timestamp for the import's creation.
*)import_status : import_status option;Shows the status of the import after a StartImport request. An import finishes with a status of COMPLETED if there were no failures, or FAILED if there were failures.
end_event_time : date option;Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.
start_event_time : date option;Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.
import_source : import_source option;The source S3 bucket for the import.
*)destinations : import_destinations option;The ARN of the destination event data store.
*)import_id : uui_d option;The ID of the import.
*)}type nonrec start_import_request = {import_id : uui_d option;The ID of the import. Use this parameter when you are retrying an import.
*)end_event_time : date option;Use with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period. When you specify a time range, CloudTrail checks the prefix and log file names to verify the names contain a date between the specified StartEventTime and EndEventTime before attempting to import events.
start_event_time : date option;Use with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period. When you specify a time range, CloudTrail checks the prefix and log file names to verify the names contain a date between the specified StartEventTime and EndEventTime before attempting to import events.
import_source : import_source option;The source S3 bucket for the import. Use this parameter for a new import.
*)destinations : import_destinations option;The ARN of the destination event data store. Use this parameter for a new import.
*)}type nonrec invalid_import_source_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided source S3 bucket is not valid for import.
type nonrec account_has_ongoing_import_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when you start a new import and a previous import is still in progress.
type nonrec start_event_data_store_ingestion_request = {event_data_store : event_data_store_arn;The ARN (or ID suffix of the ARN) of the event data store for which you want to start ingestion.
*)}type nonrec start_dashboard_refresh_response = {refresh_id : refresh_id option;The refresh ID for the dashboard.
*)}type nonrec query_parameter_values =
(query_parameter_key * query_parameter_value) listtype nonrec start_dashboard_refresh_request = {query_parameter_values : query_parameter_values option;The query parameter values for the dashboard
For custom dashboards, the following query parameters are valid: $StartTime$, $EndTime$, and $Period$.
For managed dashboards, the following query parameters are valid: $StartTime$, $EndTime$, $Period$, and $EventDataStoreId$. The $EventDataStoreId$ query parameter is required.
dashboard_id : dashboard_arn;The name or ARN of the dashboard.
*)}type nonrec source_config = {advanced_event_selectors : advanced_event_selectors option;The advanced event selectors that are configured for the channel.
*)apply_to_all_regions : boolean_ option;Specifies whether the channel applies to a single Region or to all Regions.
*)}Contains configuration information about the channel.
type nonrec search_sample_queries_search_result = {relevance : sample_query_relevance option;A value between 0 and 1 indicating the similarity between the search phrase and result.
*)sq_l : sample_query_sq_l option;The SQL code of the sample query.
*)description : sample_query_description option;A longer description of a sample query.
*)name : sample_query_name option;The name of a sample query.
*)}A search result returned by the SearchSampleQueries operation.
type nonrec search_sample_queries_search_results =
search_sample_queries_search_result listtype nonrec search_sample_queries_response = {next_token : pagination_token option;A token you can use to get the next page of results.
*)search_results : search_sample_queries_search_results option;A list of objects containing the search results ordered from most relevant to least relevant.
*)}type nonrec search_sample_queries_request = {next_token : pagination_token option;A token you can use to get the next page of results. The length constraint is in characters, not words.
*)max_results : search_sample_queries_max_results option;The maximum number of results to return on a single page. The default value is 10.
*)search_phrase : search_sample_queries_search_phrase;The natural language phrase to use for the semantic search. The phrase must be in English. The length constraint is in characters, not words.
*)}type nonrec restore_event_data_store_response = {billing_mode : billing_mode option;The billing mode for the event data store.
*)kms_key_id : event_data_store_kms_key_id option;Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
updated_timestamp : date option;The timestamp that shows when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.
created_timestamp : date option;The timestamp of an event data store's creation.
*)termination_protection_enabled : termination_protection_enabled option;Indicates that termination protection is enabled and the event data store cannot be automatically deleted.
*)retention_period : retention_period option;The retention period, in days.
*)organization_enabled : boolean_ option;Indicates whether an event data store is collecting logged events for an organization in Organizations.
*)multi_region_enabled : boolean_ option;Indicates whether the event data store is collecting events from all Regions, or only from the Region in which the event data store was created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors that were used to select events.
*)status : event_data_store_status option;The status of the event data store.
*)name : event_data_store_name option;The name of the event data store.
*)event_data_store_arn : event_data_store_arn option;The event data store ARN.
*)}type nonrec restore_event_data_store_request = {event_data_store : event_data_store_arn;The ARN (or the ID suffix of the ARN) of the event data store that you want to restore.
*)}type nonrec event_data_store_max_limit_exceeded_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}Your account has used the maximum number of event data stores.
type nonrec resource_type_not_supported_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified resource type is not supported by CloudTrail.
A resource tag.
type nonrec resource_tag_list = resource_tag listtype nonrec resource_policy_not_valid_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the resouce-based policy has syntax errors, or contains a principal that is not valid.
type nonrec resource_policy_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified resource policy is not found.
type nonrec resource = {resource_name : string_ option;The name of the resource referenced by the event returned. These are user-created names whose values will depend on the environment. For example, the resource name might be "auto-scaling-test-group" for an Auto Scaling Group or "i-1234567" for an EC2 Instance.
*)resource_type : string_ option;The type of a resource referenced by the event returned. When the resource type cannot be determined, null is returned. Some examples of resource types are: Instance for EC2, Trail for CloudTrail, DBInstance for Amazon RDS, and AccessKey for IAM. To learn more about how to look up and filter events by the resource types supported for a service, see Filtering CloudTrail Events.
*)}Specifies the type and name of a resource referenced by an event.
type nonrec resource_list = resource listtype nonrec resource_id_list = string_ listtype nonrec resource_arn_not_valid_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the provided resource does not exist, or the ARN format of the resource is not valid.
The following is the format of an event data store ARN: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
The following is the format of a dashboard ARN: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
The following is the format of a channel ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
Specifies the tags to remove from a trail, event data store, dashboard, or channel.
type nonrec invalid_tag_parameter_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified tag key or values are not valid. It can also occur if there are duplicate tags or too many tags on the resource.
type nonrec register_organization_delegated_admin_request = {member_account_id : account_id;An organization member account ID that you want to designate as a delegated administrator.
*)}Specifies an organization member account ID as a CloudTrail delegated administrator.
type nonrec not_organization_management_account_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the account making the request is not the organization's management account.
type nonrec insufficient_iam_access_permission_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The task can't be completed because you are signed in with an account that lacks permissions to view or create a service-linked role. Sign in with an account that has the required permissions and then try again.
type nonrec delegated_admin_account_limit_exceeded_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the maximum number of CloudTrail delegated administrators is reached.
type nonrec cannot_delegate_management_account_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the management account of an organization is registered as the CloudTrail delegated administrator.
type nonrec account_registered_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the account is already registered as the CloudTrail delegated administrator.
type nonrec account_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified account is not found or not part of an organization.
type nonrec query_statistics_for_describe_query = {creation_time : date option;The creation time of the query.
*)execution_time_in_millis : integer option;The query's run time, in milliseconds.
*)bytes_scanned : long option;The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.
*)events_scanned : long option;The number of events that the query scanned in the event data store.
*)events_matched : long option;The number of events that matched a query.
*)}Gets metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.
type nonrec query_statistics = {bytes_scanned : long option;The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.
*)total_results_count : integer option;The total number of results returned by a query.
*)results_count : integer option;The number of results returned.
*)}Metadata about a query, such as the number of results.
type nonrec query_result_column = (query_result_key * query_result_value) listtype nonrec query_result_row = query_result_column listtype nonrec query_result_rows = query_result_row listtype nonrec query_id_not_found_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The query ID does not exist or does not map to a query.
type nonrec query = {creation_time : date option;The creation time of a query.
*)query_status : query_status option;The status of the query. This can be QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.
query_id : uui_d option;The ID of a query.
*)}A SQL string of criteria about events that you want to collect in an event data store.
type nonrec queries = query listtype nonrec put_resource_policy_response = {delegated_admin_resource_policy : resource_policy option;The default resource-based policy that is automatically generated for the delegated administrator of an Organizations organization. This policy will be evaluated in tandem with any policy you submit for the resource. For more information about this policy, see Default resource policy for delegated administrators.
*)resource_policy : resource_policy option;The JSON-formatted string of the Amazon Web Services resource-based policy attached to the CloudTrail event data store, dashboard, or channel.
*)resource_arn : resource_arn option;The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
}type nonrec put_resource_policy_request = {resource_policy : resource_policy;A JSON-formatted string for an Amazon Web Services resource-based policy.
For example resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.
*)resource_arn : resource_arn;The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
}type nonrec insight_selector = {insight_type : insight_type option;The type of Insights events to log on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
}A JSON string that contains a list of Insights types that are logged on a trail or event data store.
type nonrec insight_selectors = insight_selector listtype nonrec put_insight_selectors_response = {insights_destination : event_data_store_arn option;The ARN of the destination event data store that logs Insights events.
*)event_data_store_arn : event_data_store_arn option;The Amazon Resource Name (ARN) of the source event data store for which you want to change or add Insights selectors.
*)insight_selectors : insight_selectors option;A JSON string that contains the Insights event types that you want to log on a trail or event data store. The valid Insights types are ApiErrorRateInsight and ApiCallRateInsight.
trail_ar_n : string_ option;The Amazon Resource Name (ARN) of a trail for which you want to change or add Insights selectors.
*)}type nonrec put_insight_selectors_request = {insights_destination : event_data_store_arn option;The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. To enable Insights on an event data store, you must provide both the EventDataStore and InsightsDestination parameters.
You cannot use this parameter with the TrailName parameter.
event_data_store : event_data_store_arn option;The ARN (or ID suffix of the ARN) of the source event data store for which you want to change or add Insights selectors. To enable Insights on an event data store, you must provide both the EventDataStore and InsightsDestination parameters.
You cannot use this parameter with the TrailName parameter.
insight_selectors : insight_selectors;A JSON string that contains the Insights types you want to log on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
trail_name : string_ option;The name of the CloudTrail trail for which you want to change or add Insights selectors.
You cannot use this parameter with the EventDataStore and InsightsDestination parameters.
}type nonrec data_resource_values = string_ listtype nonrec data_resource = {values : data_resource_values option;An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified resource type.
To log data events for all objects in all S3 buckets in your Amazon Web Services account, specify the prefix as arn:aws:s3.
This also enables logging of data event activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a bucket that belongs to another Amazon Web Services account.
arn:aws:s3:::amzn-s3-demo-bucket1/. The trail logs data events for all objects in this S3 bucket.arn:aws:s3:::amzn-s3-demo-bucket1/example-images. The trail logs data events for objects in this S3 bucket that match the prefix.To log data events for all Lambda functions in your Amazon Web Services account, specify the prefix as arn:aws:lambda.
This also enables logging of Invoke activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a function that belongs to another Amazon Web Services account.
To log data events for a specific Lambda function, specify the function ARN.
Lambda function ARNs are exact. For example, if you specify a function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
arn:aws:dynamodb.type_ : string_ option;The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::TableAWS::Lambda::FunctionAWS::S3::ObjectAdditional resource types are available through advanced event selectors. For more information, see AdvancedEventSelector.
*)}You can configure the DataResource in an EventSelector to log data events for the following three resource types:
AWS::DynamoDB::TableAWS::Lambda::FunctionAWS::S3::ObjectTo log data events for all other resource types including objects stored in directory buckets, you must use AdvancedEventSelectors. You must also use AdvancedEventSelectors if you want to filter on the eventName field.
Configure the DataResource to specify the resource type and resource ARNs for which you want to log data events.
The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail.
The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named amzn-s3-demo-bucket1. In this example, the CloudTrail user specified an empty prefix, and the option to log both Read and Write data events.
amzn-s3-demo-bucket1.PutObject API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event.arn:aws:s3:::amzn-s3-demo-bucket1.PutObject API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event.The following example demonstrates how logging works when you configure logging of Lambda data events for a Lambda function named MyLambdaFunction, but not for all Lambda functions.
Invoke API operation on MyLambdaFunction is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for MyLambdaFunction, any invocations of that function are logged. The trail processes and logs the event.Invoke API operation on MyOtherLambdaFunction is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the Invoke operation for MyOtherLambdaFunction does not match the function specified for the trail. The trail doesn’t log the event.type nonrec data_resources = data_resource listtype nonrec exclude_management_event_sources = string_ listtype nonrec event_selector = {exclude_management_event_sources : exclude_management_event_sources option;An optional list of service event sources from which you do not want management events to be logged on your trail. In this release, the list can be empty (disables the filter), or it can filter out Key Management Service or Amazon RDS Data API events by containing kms.amazonaws.com or rdsdata.amazonaws.com. By default, ExcludeManagementEventSources is empty, and KMS and Amazon RDS Data API events are logged to your trail. You can exclude management event sources only in Regions that support the event source.
data_resources : data_resources option;CloudTrail supports data event logging for Amazon S3 objects in standard S3 buckets, Lambda functions, and Amazon DynamoDB tables with basic event selectors. You can specify up to 250 resources for an individual event selector, but the total number of data resources cannot exceed 250 across all event selectors in a trail. This limit does not apply if you configure resource logging for all data events.
For more information, see Data Events and Limits in CloudTrail in the CloudTrail User Guide.
To log data events for all other resource types including objects stored in directory buckets, you must use AdvancedEventSelectors. You must also use AdvancedEventSelectors if you want to filter on the eventName field.
include_management_events : boolean_ option;Specify if you want your event selector to include management events for your trail.
For more information, see Management Events in the CloudTrail User Guide.
By default, the value is true.
The first copy of management events is free. You are charged for additional copies of management events that you are logging on any subsequent trail in the same Region. For more information about CloudTrail pricing, see CloudTrail Pricing.
*)read_write_type : read_write_type option;Specify if you want your trail to log read-only events, write-only events, or all. For example, the EC2 GetConsoleOutput is a read-only API operation and RunInstances is a write-only API operation.
By default, the value is All.
}Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.
You can configure up to five event selectors for a trail.
You cannot apply both event selectors and advanced event selectors to a trail.
type nonrec event_selectors = event_selector listtype nonrec put_event_selectors_response = {advanced_event_selectors : advanced_event_selectors option;Specifies the advanced event selectors configured for your trail.
*)event_selectors : event_selectors option;Specifies the event selectors configured for your trail.
*)trail_ar_n : string_ option;Specifies the ARN of the trail that was updated with event selectors. The following is the format of a trail ARN.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}type nonrec put_event_selectors_request = {advanced_event_selectors : advanced_event_selectors option;Specifies the settings for advanced event selectors. You can use advanced event selectors to log management events, data events for all resource types, and network activity events.
You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors, but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events and Logging network activity events in the CloudTrail User Guide.
event_selectors : event_selectors option;Specifies the settings for your event selectors. You can use event selectors to log management events and data events for the following resource types:
AWS::DynamoDB::TableAWS::Lambda::FunctionAWS::S3::ObjectYou can't use event selectors to log network activity events.
You can configure up to five event selectors for a trail. You can use either EventSelectors or AdvancedEventSelectors in a PutEventSelectors request, but not both. If you apply EventSelectors to a trail, any existing AdvancedEventSelectors are overwritten.
trail_name : string_;Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:
my-_namespace and my--namespace are not valid.If you specify a trail ARN, it must be in the following format.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}type nonrec operator_target_list = operator_target_list_member listtype nonrec context_key_selector = {equals : operator_target_list;A list of keys defined by Type to be included in CloudTrail enriched events.
*)type_ : type_;Specifies the type of the event record field in ContextKeySelector. Valid values include RequestContext, TagContext.
*)}An object that contains information types to be included in CloudTrail enriched events.
type nonrec context_key_selectors = context_key_selector listtype nonrec put_event_configuration_response = {context_key_selectors : context_key_selectors option;The list of context key selectors that are configured for the event data store.
*)max_event_size : max_event_size option;The maximum allowed size for events stored in the specified event data store.
*)event_data_store_arn : event_data_store_arn option;The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings were updated.
*)}type nonrec put_event_configuration_request = {context_key_selectors : context_key_selectors;A list of context key selectors that will be included to provide enriched event data.
*)max_event_size : max_event_size;The maximum allowed size for events to be stored in the specified event data store. If you are using context key selectors, MaxEventSize must be set to Large.
*)event_data_store : string_ option;The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to update event configuration settings.
*)}type nonrec public_key = {fingerprint : string_ option;The fingerprint of the public key.
*)validity_end_time : date option;The ending time of validity of the public key.
*)validity_start_time : date option;The starting time of validity of the public key.
*)value : byte_buffer option;The DER encoded public key value in PKCS#1 format.
*)}Contains information about a returned public key.
type nonrec public_key_list = public_key listtype nonrec partition_key = {type_ : partition_key_type;The data type of the partition key. For example, bigint or string.
name : partition_key_name;The name of the partition key.
*)}Contains information about a partition key for an event data store.
type nonrec partition_key_list = partition_key listtype nonrec maximum_number_of_trails_exceeded_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the maximum number of trails is reached.
type nonrec event = {cloud_trail_event : string_ option;A JSON string that contains a representation of the event returned.
*)resources : resource_list option;A list of resources referenced by the event returned.
*)username : string_ option;A user name or role name of the requester that called the API in the event returned.
*)event_source : string_ option;The Amazon Web Services service to which the request was made.
*)event_time : date option;The date and time of the event returned.
*)access_key_id : string_ option;The Amazon Web Services access key ID that was used to sign the request. If the request was made with temporary security credentials, this is the access key ID of the temporary credentials.
*)read_only : string_ option;Information about whether the event is a write event or a read event.
*)event_name : string_ option;The name of the event returned.
*)event_id : string_ option;The CloudTrail ID of the event returned.
*)}Contains information about an event that was returned by a lookup request. The result includes a representation of a CloudTrail event.
type nonrec events_list = event listtype nonrec lookup_events_response = {next_token : next_token option;The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
*)events : events_list option;A list of events returned based on the lookup attributes specified and the CloudTrail event. The events list is sorted by time. The most recent event is listed first.
*)}Contains a response to a LookupEvents action.
type nonrec lookup_attribute = {attribute_value : lookup_attribute_value;Specifies a value for the specified AttributeKey.
The maximum length for the AttributeValue is 2000 characters. The following characters ('_', ' ', ',', '\\n') count as two characters towards the 2000 character limit.
attribute_key : lookup_attribute_key;Specifies an attribute on which to filter the events returned.
*)}Specifies an attribute and value that filter the events returned.
type nonrec lookup_attributes_list = lookup_attribute listtype nonrec lookup_events_request = {next_token : next_token option;The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
*)max_results : max_results option;The number of events to return. Possible values are 1 through 50. The default is 50.
*)event_category : event_category option;Specifies the event category. If you do not specify an event category, events of the category are not returned in the response. For example, if you do not specify insight as the value of EventCategory, no Insights events are returned.
end_time : date option;Specifies that only events that occur before or at the specified time are returned. If the specified end time is before the specified start time, an error is returned.
*)start_time : date option;Specifies that only events that occur after or at the specified time are returned. If the specified start time is after the specified end time, an error is returned.
*)lookup_attributes : lookup_attributes_list option;Contains a list of lookup attributes. Currently the list can contain only one item.
*)}Contains a request for LookupEvents.
type nonrec invalid_time_range_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}Occurs if the timestamp values are not valid. Either the start time occurs after the end time, or the time range is outside the range of possible values.
type nonrec invalid_next_token_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}A token that is not valid, or a token that was previously used in a request with different parameters. This exception is thrown if the token is not valid.
type nonrec invalid_max_results_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown if the limit specified is not valid.
type nonrec invalid_lookup_attributes_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}Occurs when a lookup attribute is specified that is not valid.
type nonrec invalid_event_category_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}Occurs if an event category that is not valid is specified as a value of EventCategory.
type nonrec list_trails_response = {next_token : string_ option;The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
*)trails : trails option;Returns the name, ARN, and home Region of trails in the current account.
*)}type nonrec list_trails_request = {next_token : string_ option;The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
*)}Returns the objects or data listed below if successful. Otherwise, returns an error.
type nonrec invalid_token_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}Reserved for future use.
type nonrec list_queries_response = {next_token : pagination_token option;A token you can use to get the next page of results.
*)queries : queries option;Lists matching query results, and shows query ID, status, and creation time of each query.
*)}type nonrec list_queries_request = {query_status : query_status option;The status of queries that you want to return in results. Valid values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.
end_time : date option;Use with StartTime to bound a ListQueries request, and limit its results to only those queries run within a specified time period.
start_time : date option;Use with EndTime to bound a ListQueries request, and limit its results to only those queries run within a specified time period.
max_results : list_queries_max_results_count option;The maximum number of queries to show on a page.
*)next_token : pagination_token option;A token you can use to get the next page of results.
*)event_data_store : event_data_store_arn;The ARN (or the ID suffix of the ARN) of an event data store on which queries were run.
*)}type nonrec invalid_query_status_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The query status is not valid for the operation.
type nonrec invalid_date_range_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}A date range for the query was specified that is not valid. Be sure that the start time is chronologically before the end time. For more information about writing a query, see Create or edit a query in the CloudTrail User Guide.
type nonrec list_public_keys_response = {next_token : string_ option;Reserved for future use.
*)public_key_list : public_key_list option;Contains an array of PublicKey objects.
The returned public keys may have validity time ranges that overlap.
*)}Returns the objects or data listed below if successful. Otherwise, returns an error.
type nonrec list_public_keys_request = {next_token : string_ option;Reserved for future use.
*)end_time : date option;Optionally specifies, in UTC, the end of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used.
*)start_time : date option;Optionally specifies, in UTC, the start of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used, and the current public key is returned.
*)}Requests the public keys for a specified time range.
type nonrec insights_metric_values = double listtype nonrec list_insights_metric_data_response = {next_token : insights_metric_next_token option;Only returned if the full results could not be returned in a single query. You can set the NextToken parameter in the next request to this value to continue retrieval.
values : insights_metric_values option;List of values representing the API call rate or error rate at each timestamp. The number of values is equal to the number of timestamps.
*)timestamps : timestamps option;List of timestamps at intervals corresponding to the specified time period.
*)error_code : error_code option;Only returned if InsightType parameter was set to ApiErrorRateInsight.
If returning metrics for the ApiErrorRateInsight Insights type, this is the error to retrieve data for. For example, AccessDenied.
insight_type : insight_type option;The type of CloudTrail Insights event, which is either ApiCallRateInsight or ApiErrorRateInsight. The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes.
event_name : event_name option;The name of the event, typically the Amazon Web Services API on which unusual levels of activity were recorded.
*)event_source : event_source option;The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.
}type nonrec list_insights_metric_data_request = {next_token : insights_metric_next_token option;Returned if all datapoints can't be returned in a single call. For example, due to reaching MaxResults.
Add this parameter to the request to continue retrieving results starting from the last evaluated point.
*)max_results : insights_metric_max_results option;The maximum number of data points to return. Valid values are integers from 1 to 21600. The default value is 21600.
*)data_type : insights_metric_data_type option;Type of data points to return. Valid values are NonZeroData and FillWithZeros. The default is NonZeroData.
period : insights_metric_period option;Granularity of data to retrieve, in seconds. Valid values are 60, 300, and 3600. If you specify any other value, you will get an error. The default is 3600 seconds.
end_time : date option;Specifies, in UTC, the end time for time-series data. The value specified is exclusive; results include data points up to the specified time stamp.
The default is the time of request.
*)start_time : date option;Specifies, in UTC, the start time for time-series data. The value specified is inclusive; results include data points with the specified time stamp.
The default is 90 days before the time of request.
*)error_code : error_code option;Conditionally required if the InsightType parameter is set to ApiErrorRateInsight.
If returning metrics for the ApiErrorRateInsight Insights type, this is the error to retrieve data for. For example, AccessDenied.
insight_type : insight_type;The type of CloudTrail Insights event, which is either ApiCallRateInsight or ApiErrorRateInsight. The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes.
event_name : event_name;The name of the event, typically the Amazon Web Services API on which unusual levels of activity were recorded.
*)event_source : event_source;The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.
}type nonrec imports_list_item = {updated_timestamp : date option;The timestamp of the import's last update.
*)created_timestamp : date option;The timestamp of the import's creation.
*)destinations : import_destinations option;The ARN of the destination event data store.
*)import_status : import_status option;The status of the import.
*)import_id : uui_d option;The ID of the import.
*)}Contains information about an import that was returned by a lookup request.
type nonrec imports_list = imports_list_item listtype nonrec list_imports_response = {next_token : pagination_token option;A token you can use to get the next page of import results.
*)imports : imports_list option;The list of returned imports.
*)}type nonrec list_imports_request = {next_token : pagination_token option;A token you can use to get the next page of import results.
*)import_status : import_status option;The status of the import.
*)destination : event_data_store_arn option;The ARN of the destination event data store.
*)max_results : list_imports_max_results_count option;The maximum number of imports to display on a single page.
*)}type nonrec import_failure_list_item = {last_updated_time : date option;When the import was last updated.
*)error_message : string_ option;Provides the reason the import failed.
*)error_type : string_ option;The type of import error.
*)status : import_failure_status option;The status of the import.
*)location : string_ option;The location of the failure in the S3 bucket.
*)}Provides information about an import failure.
type nonrec import_failure_list = import_failure_list_item listtype nonrec list_import_failures_response = {next_token : pagination_token option;A token you can use to get the next page of results.
*)failures : import_failure_list option;Contains information about the import failures.
*)}type nonrec list_import_failures_request = {next_token : pagination_token option;A token you can use to get the next page of import failures.
*)max_results : list_import_failures_max_results_count option;The maximum number of failures to display on a single page.
*)import_id : uui_d;The ID of the import.
*)}type nonrec event_data_store = {updated_timestamp : date option;The timestamp showing when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.
created_timestamp : date option;The timestamp of the event data store's creation.
*)retention_period : retention_period option;The retention period, in days.
*)organization_enabled : boolean_ option;Indicates that an event data store is collecting logged events for an organization.
*)multi_region_enabled : boolean_ option;Indicates whether the event data store includes events from all Regions, or only from the Region in which it was created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors that were used to select events for the data store.
*)status : event_data_store_status option;The status of an event data store.
*)termination_protection_enabled : termination_protection_enabled option;Indicates whether the event data store is protected from termination.
*)name : event_data_store_name option;The name of the event data store.
*)event_data_store_arn : event_data_store_arn option;The ARN of the event data store.
*)}A storage lake of event data against which you can run complex SQL-based queries. An event data store can include events that you have logged on your account. To select events for an event data store, use advanced event selectors.
type nonrec event_data_stores = event_data_store listtype nonrec list_event_data_stores_response = {next_token : pagination_token option;A token you can use to get the next page of results.
*)event_data_stores : event_data_stores option;Contains information about event data stores in the account, in the current Region.
*)}type nonrec list_event_data_stores_request = {max_results : list_event_data_stores_max_results_count option;The maximum number of event data stores to display on a single page.
*)next_token : pagination_token option;A token you can use to get the next page of event data store results.
*)}type nonrec dashboard_detail = {type_ : dashboard_type option;The type of dashboard.
*)dashboard_arn : dashboard_arn option;The ARN for the dashboard.
*)}Provides information about a CloudTrail Lake dashboard.
type nonrec dashboards = dashboard_detail listtype nonrec list_dashboards_response = {next_token : pagination_token option;A token you can use to get the next page of dashboard results.
*)dashboards : dashboards option;Contains information about dashboards in the account, in the current Region that match the applied filters.
*)}type nonrec list_dashboards_request = {max_results : list_dashboards_max_results_count option;The maximum number of dashboards to display on a single page.
*)next_token : pagination_token option;A token you can use to get the next page of dashboard results.
*)type_ : dashboard_type option;Specify a dashboard type to filter on: CUSTOM or MANAGED.
name_prefix : dashboard_name option;Specify a name prefix to filter on.
*)}type nonrec channel = {name : channel_name option;The name of the CloudTrail channel. For service-linked channels, the name is aws-service-channel/service-name/custom-suffix where service-name represents the name of the Amazon Web Services service that created the channel and custom-suffix represents the suffix created by the Amazon Web Services service.
channel_arn : channel_arn option;The Amazon Resource Name (ARN) of a channel.
*)}Contains information about a returned CloudTrail channel.
type nonrec channels = channel listtype nonrec list_channels_response = {next_token : pagination_token option;The token to use to get the next page of results after a previous API call.
*)channels : channels option;The list of channels in the account.
*)}type nonrec list_channels_request = {next_token : pagination_token option;The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters.
*)max_results : list_channels_max_results_count option;The maximum number of CloudTrail channels to display on a single page.
*)}type nonrec invalid_source_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified value of Source is not valid.
type nonrec insight_not_enabled_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}If you run GetInsightSelectors on a trail or event data store that does not have Insights events enabled, the operation throws the exception InsightNotEnabledException.
type nonrec ingestion_status = {latest_ingestion_attempt_event_i_d : uui_d option;The event ID of the most recent attempt to ingest events.
*)latest_ingestion_attempt_time : date option;The time stamp of the most recent attempt to ingest events on the channel.
*)latest_ingestion_error_code : error_message option;The error code for the most recent failure to ingest events.
*)latest_ingestion_success_event_i_d : uui_d option;The event ID of the most recent successful ingestion of events.
*)latest_ingestion_success_time : date option;The time stamp of the most recent successful ingestion of events for the channel.
*)}A table showing information about the most recent successful and failed attempts to ingest events.
type nonrec inactive_query_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The specified query cannot be canceled because it is in the FINISHED, FAILED, TIMED_OUT, or CANCELLED state.
type nonrec get_trail_status_response = {time_logging_stopped : string_ option;This field is no longer in use.
*)time_logging_started : string_ option;This field is no longer in use.
*)latest_delivery_attempt_succeeded : string_ option;This field is no longer in use.
*)latest_notification_attempt_succeeded : string_ option;This field is no longer in use.
*)latest_notification_attempt_time : string_ option;This field is no longer in use.
*)latest_delivery_attempt_time : string_ option;This field is no longer in use.
*)latest_digest_delivery_error : string_ option;Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket. For more information, see Error Responses in the Amazon S3 API Reference.
This error occurs only when there is a problem with the destination S3 bucket, and does not occur for requests that time out. To resolve the issue, fix the bucket policy so that CloudTrail can write to the bucket; or create a new bucket and call UpdateTrail to specify the new bucket.
latest_digest_delivery_time : date option;Specifies the date and time that CloudTrail last delivered a digest file to an account's Amazon S3 bucket.
*)latest_cloud_watch_logs_delivery_time : date option;Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs.
*)latest_cloud_watch_logs_delivery_error : string_ option;Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs.
*)stop_logging_time : date option;Specifies the most recent date and time when CloudTrail stopped recording API calls for an Amazon Web Services account.
*)start_logging_time : date option;Specifies the most recent date and time when CloudTrail started recording API calls for an Amazon Web Services account.
*)latest_notification_time : date option;Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has written a new log file to an account's Amazon S3 bucket.
*)latest_delivery_time : date option;Specifies the date and time that CloudTrail last delivered log files to an account's Amazon S3 bucket.
*)latest_notification_error : string_ option;Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification. For more information about Amazon SNS errors, see the Amazon SNS Developer Guide.
*)latest_delivery_error : string_ option;Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket. For more information, see Error Responses in the Amazon S3 API Reference.
This error occurs only when there is a problem with the destination S3 bucket, and does not occur for requests that time out. To resolve the issue, fix the bucket policy so that CloudTrail can write to the bucket; or create a new bucket and call UpdateTrail to specify the new bucket.
is_logging : boolean_ option;Whether the CloudTrail trail is currently logging Amazon Web Services API calls.
*)}Returns the objects or data listed below if successful. Otherwise, returns an error.
type nonrec get_trail_status_request = {name : string_;Specifies the name or the CloudTrail ARN of the trail for which you are requesting status. To get the status of a shadow trail (a replication of the trail in another Region), you must specify its ARN.
The following is the format of a trail ARN: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
If the trail is an organization trail and you are a member account in the organization in Organizations, you must provide the full ARN of that trail, and not just the name.
*)}The name of a trail about which you want the current status.
type nonrec get_trail_request = {name : string_;The name or the Amazon Resource Name (ARN) of the trail for which you want to retrieve settings information.
*)}type nonrec get_resource_policy_response = {delegated_admin_resource_policy : resource_policy option;The default resource-based policy that is automatically generated for the delegated administrator of an Organizations organization. This policy will be evaluated in tandem with any policy you submit for the resource. For more information about this policy, see Default resource policy for delegated administrators.
*)resource_policy : resource_policy option;A JSON-formatted string that contains the resource-based policy attached to the CloudTrail event data store, dashboard, or channel.
*)resource_arn : resource_arn option;The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
}type nonrec get_resource_policy_request = {resource_arn : resource_arn;The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
}type nonrec get_query_results_response = {error_message : error_message option;The error message returned if a query failed.
*)next_token : pagination_token option;A token you can use to get the next page of query results.
*)query_result_rows : query_result_rows option;Contains the individual event results of the query.
*)query_statistics : query_statistics option;Shows the count of query results.
*)query_status : query_status option;The status of the query. Values include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.
}type nonrec get_query_results_request = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)max_query_results : max_query_results option;The maximum number of query results to display on a single page.
*)next_token : pagination_token option;A token you can use to get the next page of query results.
*)query_id : uui_d;The ID of the query for which you want to get results.
*)event_data_store : event_data_store_arn option;The ARN (or ID suffix of the ARN) of the event data store against which the query was run.
*)}type nonrec get_insight_selectors_response = {insights_destination : event_data_store_arn option;The ARN of the destination event data store that logs Insights events.
*)event_data_store_arn : event_data_store_arn option;The ARN of the source event data store that enabled Insights events.
*)insight_selectors : insight_selectors option;A JSON string that contains the Insight types you want to log on a trail or event data store. ApiErrorRateInsight and ApiCallRateInsight are supported as Insights types.
trail_ar_n : string_ option;The Amazon Resource Name (ARN) of a trail for which you want to get Insights selectors.
*)}type nonrec get_insight_selectors_request = {event_data_store : event_data_store_arn option;Specifies the ARN (or ID suffix of the ARN) of the event data store for which you want to get Insights selectors.
You cannot use this parameter with the TrailName parameter.
trail_name : string_ option;Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:
my-_namespace and my--namespace are not valid.If you specify a trail ARN, it must be in the format:
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
You cannot use this parameter with the EventDataStore parameter.
}type nonrec get_import_response = {import_statistics : import_statistics option;Provides statistics for the import. CloudTrail does not update import statistics in real-time. Returned values for parameters such as EventsCompleted may be lower than the actual value, because CloudTrail updates statistics incrementally over the course of the import.
updated_timestamp : date option;The timestamp of when the import was updated.
*)created_timestamp : date option;The timestamp of the import's creation.
*)import_status : import_status option;The status of the import.
*)end_event_time : date option;Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.
start_event_time : date option;Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.
import_source : import_source option;The source S3 bucket.
*)destinations : import_destinations option;The ARN of the destination event data store.
*)import_id : uui_d option;The ID of the import.
*)}type nonrec get_event_selectors_response = {advanced_event_selectors : advanced_event_selectors option;The advanced event selectors that are configured for the trail.
*)event_selectors : event_selectors option;The event selectors that are configured for the trail.
*)trail_ar_n : string_ option;The specified trail ARN that has the event selectors.
*)}type nonrec get_event_selectors_request = {trail_name : string_;Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:
my-_namespace and my--namespace are not valid.If you specify a trail ARN, it must be in the format:
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}type nonrec get_event_data_store_response = {partition_keys : partition_key_list option;The partition keys for the event data store. To improve query performance and efficiency, CloudTrail Lake organizes event data into partitions based on values derived from partition keys.
*)federation_role_arn : federation_role_arn option;If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.
*)federation_status : federation_status option;Indicates the Lake query federation status. The status is ENABLED if Lake query federation is enabled, or DISABLED if Lake query federation is disabled. You cannot delete an event data store if the FederationStatus is ENABLED.
billing_mode : billing_mode option;The billing mode for the event data store.
*)kms_key_id : event_data_store_kms_key_id option;Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
updated_timestamp : date option;Shows the time that an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.
created_timestamp : date option;The timestamp of the event data store's creation.
*)termination_protection_enabled : termination_protection_enabled option;Indicates that termination protection is enabled.
*)retention_period : retention_period option;The retention period of the event data store, in days.
*)organization_enabled : boolean_ option;Indicates whether an event data store is collecting logged events for an organization in Organizations.
*)multi_region_enabled : boolean_ option;Indicates whether the event data store includes events from all Regions, or only from the Region in which it was created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors used to select events for the data store.
*)status : event_data_store_status option;The status of an event data store.
*)name : event_data_store_name option;The name of the event data store.
*)event_data_store_arn : event_data_store_arn option;The event data store Amazon Resource Number (ARN).
*)}type nonrec get_event_data_store_request = {event_data_store : event_data_store_arn;The ARN (or ID suffix of the ARN) of the event data store about which you want information.
*)}type nonrec get_event_configuration_response = {context_key_selectors : context_key_selectors option;The list of context key selectors that are configured for the event data store.
*)max_event_size : max_event_size option;The maximum allowed size for events stored in the specified event data store.
*)event_data_store_arn : event_data_store_arn option;The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings are returned.
*)}type nonrec get_event_configuration_request = {event_data_store : string_ option;The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to retrieve event configuration settings.
*)}type nonrec get_dashboard_response = {termination_protection_enabled : termination_protection_enabled option;Indicates whether termination protection is enabled for the dashboard.
*)last_refresh_failure_reason : error_message option;Provides information about failures for the last scheduled refresh.
*)last_refresh_id : refresh_id option;The ID of the last dashboard refresh.
*)updated_timestamp : date option;The timestamp that shows when the dashboard was last updated.
*)created_timestamp : date option;The timestamp that shows when the dashboard was created.
*)refresh_schedule : refresh_schedule option;The refresh schedule for the dashboard, if configured.
*)widgets : widget_list option;An array of widgets for the dashboard.
*)status : dashboard_status option;The status of the dashboard.
*)type_ : dashboard_type option;The type of dashboard.
*)dashboard_arn : dashboard_arn option;The ARN for the dashboard.
*)}type nonrec get_dashboard_request = {dashboard_id : dashboard_arn;The name or ARN for the dashboard.
*)}type nonrec get_channel_response = {ingestion_status : ingestion_status option;A table showing information about the most recent successful and failed attempts to ingest events.
*)destinations : destinations option;The destinations for the channel. For channels created for integrations, the destinations are the event data stores that log events arriving through the channel. For service-linked channels, the destination is the Amazon Web Services service that created the service-linked channel to receive events.
*)source_config : source_config option;Provides information about the advanced event selectors configured for the channel, and whether the channel applies to all Regions or a single Region.
*)source : source option;The source for the CloudTrail channel.
*)name : channel_name option;The name of the CloudTrail channel. For service-linked channels, the name is aws-service-channel/service-name/custom-suffix where service-name represents the name of the Amazon Web Services service that created the channel and custom-suffix represents the suffix generated by the Amazon Web Services service.
channel_arn : channel_arn option;The ARN of an channel returned by a GetChannel request.
}type nonrec generate_response_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when a valid query could not be generated for the provided prompt.
type nonrec generate_query_response = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)query_alias : query_alias option;An alias that identifies the prompt. When you run the StartQuery operation, you can pass in either the QueryAlias or QueryStatement parameter.
query_statement : query_statement option;The SQL query statement generated from the prompt.
*)}type nonrec event_data_store_list = event_data_store_arn listtype nonrec generate_query_request = {prompt : prompt;The prompt that you want to use to generate the query. The prompt must be in English. For example prompts, see Example prompts in the CloudTrail user guide.
*)event_data_stores : event_data_store_list;The ARN (or ID suffix of the ARN) of the event data store that you want to query. You can only specify one event data store.
*)}type nonrec event_data_store_termination_protected_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}The event data store cannot be deleted because termination protection is enabled for it.
type nonrec event_data_store_federation_enabled_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}You cannot delete the event data store because Lake query federation is enabled. To delete the event data store, run the DisableFederation operation to disable Lake query federation on the event data store.
type nonrec enable_federation_response = {federation_role_arn : federation_role_arn option;The ARN of the federation role.
*)federation_status : federation_status option;The federation status.
*)event_data_store_arn : event_data_store_arn option;The ARN of the event data store for which you enabled Lake query federation.
*)}type nonrec enable_federation_request = {federation_role_arn : federation_role_arn;The ARN of the federation role to use for the event data store. Amazon Web Services services like Lake Formation use this federation role to access data for the federated event data store. The federation role must exist in your account and provide the required minimum permissions.
*)event_data_store : event_data_store_arn;The ARN (or ID suffix of the ARN) of the event data store for which you want to enable Lake query federation.
*)}type nonrec concurrent_modification_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}You are trying to update a resource when another request is in progress. Allow sufficient wait time for the previous request to complete, then retry your request.
type nonrec access_denied_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}You do not have sufficient access to perform this action.
type nonrec disable_federation_response = {federation_status : federation_status option;The federation status.
*)event_data_store_arn : event_data_store_arn option;The ARN of the event data store for which you disabled Lake query federation.
*)}type nonrec disable_federation_request = {event_data_store : event_data_store_arn;The ARN (or ID suffix of the ARN) of the event data store for which you want to disable Lake query federation.
*)}type nonrec describe_trails_response = {trail_list : trail_list option;The list of trail objects. Trail objects with string values are only returned if values for the objects exist in a trail's configuration. For example, SNSTopicName and SNSTopicARN are only returned in results if a trail is configured to send SNS notifications. Similarly, KMSKeyId only appears in results if a trail's log files are encrypted with KMS customer managed keys.
}Returns the objects or data listed below if successful. Otherwise, returns an error.
type nonrec describe_trails_request = {include_shadow_trails : boolean_ option;Specifies whether to include shadow trails in the response. A shadow trail is the replication in a Region of a trail that was created in a different Region, or in the case of an organization trail, the replication of an organization trail in member accounts. If you do not include shadow trails, organization trails in a member account and Region replication trails will not be returned. The default is true.
*)trail_name_list : trail_name_list option;Specifies a list of trail names, trail ARNs, or both, of the trails to describe. The format of a trail ARN is:
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
If an empty list is specified, information for the trail in the current Region is returned.
IncludeShadowTrails is false, then information for all trails in the current Region is returned.If one or more trail names are specified, information is returned only if the names match the names of trails belonging only to the current Region and current account. To return information about a trail in another Region, you must specify its trail ARN.
*)}Returns information about the trail.
type nonrec describe_query_response = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)prompt : prompt option;The prompt used for a generated query. For information about generated queries, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.
*)delivery_status : delivery_status option;The delivery status.
*)delivery_s3_uri : delivery_s3_uri option;The URI for the S3 bucket where CloudTrail delivered query results, if applicable.
*)error_message : error_message option;The error message returned if a query failed.
*)query_statistics : query_statistics_for_describe_query option;Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.
*)query_status : query_status option;The status of a query. Values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED
query_string : query_statement option;The SQL code of a query.
*)query_id : uui_d option;The ID of the query.
*)}type nonrec describe_query_request = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)refresh_id : refresh_id option;The ID of the dashboard refresh.
*)query_alias : query_alias option;The alias that identifies a query template.
*)query_id : uui_d option;The query ID.
*)event_data_store : event_data_store_arn option;The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.
*)}type nonrec deregister_organization_delegated_admin_request = {delegated_admin_account_id : account_id;A delegated administrator account ID. This is a member account in an organization that is currently designated as a delegated administrator.
*)}Removes CloudTrail delegated administrator permissions from a specified member account in an organization that is currently designated as a delegated administrator.
type nonrec account_not_registered_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified account is not registered as the CloudTrail delegated administrator.
type nonrec delete_trail_request = {name : string_;Specifies the name or the CloudTrail ARN of the trail to be deleted. The following is the format of a trail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
}The request that specifies the name of a trail to delete.
type nonrec delete_resource_policy_request = {resource_arn : resource_arn;The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel you're deleting the resource-based policy from.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
}type nonrec delete_event_data_store_request = {event_data_store : event_data_store_arn;The ARN (or the ID suffix of the ARN) of the event data store to delete.
*)}type nonrec channel_exists_for_eds_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the specified event data store cannot yet be deleted because it is in use by a channel.
type nonrec delete_dashboard_request = {dashboard_id : dashboard_arn;The name or ARN for the dashboard.
*)}type nonrec delete_channel_request = {channel : channel_arn;The ARN or the UUID value of the channel that you want to delete.
}type nonrec create_trail_response = {is_organization_trail : boolean_ option;Specifies whether the trail is an organization trail.
*)kms_key_id : string_ option;Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
cloud_watch_logs_role_arn : string_ option;Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
*)cloud_watch_logs_log_group_arn : string_ option;Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will be delivered.
*)log_file_validation_enabled : boolean_ option;Specifies whether log file integrity validation is enabled.
*)trail_ar_n : string_ option;Specifies the ARN of the trail that was created. The format of a trail ARN is:
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
is_multi_region_trail : boolean_ option;Specifies whether the trail exists in one Region or in all Regions.
*)include_global_service_events : boolean_ option;Specifies whether the trail is publishing events from global services such as IAM to the log files.
*)sns_topic_ar_n : string_ option;Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The format of a topic ARN is:
arn:aws:sns:us-east-2:123456789012:MyTopic
sns_topic_name : string_ option;This field is no longer in use. Use SnsTopicARN.
s3_key_prefix : string_ option;Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files.
*)s3_bucket_name : string_ option;Specifies the name of the Amazon S3 bucket designated for publishing log files.
*)name : string_ option;Specifies the name of the trail.
*)}Returns the objects or data listed below if successful. Otherwise, returns an error.
type nonrec create_trail_request = {is_organization_trail : boolean_ option;Specifies whether the trail is created for all accounts in an organization in Organizations, or only for the current Amazon Web Services account. The default is false, and cannot be true unless the call is made on behalf of an Amazon Web Services account that is the management account or delegated administrator account for an organization in Organizations.
*)kms_key_id : string_ option;Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasNamearn:aws:kms:us-east-2:123456789012:alias/MyAliasNamearn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-12345678901212345678-1234-1234-1234-123456789012cloud_watch_logs_role_arn : string_ option;Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. You must use a role that exists in your account.
*)cloud_watch_logs_log_group_arn : string_ option;Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. You must use a log group that exists in your account.
Not required unless you specify CloudWatchLogsRoleArn.
enable_log_file_validation : boolean_ option;Specifies whether log file integrity validation is enabled. The default is false.
When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.
*)is_multi_region_trail : boolean_ option;Specifies whether the trail is created in the current Region or in all Regions. The default is false, which creates a trail only in the Region where you are signed in. As a best practice, consider creating trails that log events in all Regions.
*)include_global_service_events : boolean_ option;Specifies whether the trail is publishing events from global services such as IAM to the log files.
*)sns_topic_name : string_ option;Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.
*)s3_key_prefix : string_ option;Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.
*)s3_bucket_name : string_;Specifies the name of the Amazon S3 bucket designated for publishing log files. For information about bucket naming rules, see Bucket naming rules in the Amazon Simple Storage Service User Guide.
*)name : string_;Specifies the name of the trail. The name must meet the following requirements:
my-_namespace and my--namespace are not valid.}Specifies the settings for each trail.
type nonrec create_event_data_store_response = {billing_mode : billing_mode option;The billing mode for the event data store.
*)kms_key_id : event_data_store_kms_key_id option;Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
updated_timestamp : date option;The timestamp that shows when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.
created_timestamp : date option;The timestamp that shows when the event data store was created.
*)termination_protection_enabled : termination_protection_enabled option;Indicates whether termination protection is enabled for the event data store.
*)retention_period : retention_period option;The retention period of an event data store, in days.
*)organization_enabled : boolean_ option;Indicates whether an event data store is collecting logged events for an organization in Organizations.
*)multi_region_enabled : boolean_ option;Indicates whether the event data store collects events from all Regions, or only from the Region in which it was created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors that were used to select the events for the data store.
*)status : event_data_store_status option;The status of event data store creation.
*)name : event_data_store_name option;The name of the event data store.
*)event_data_store_arn : event_data_store_arn option;The ARN of the event data store.
*)}type nonrec create_event_data_store_request = {billing_mode : billing_mode option;The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.
The following are the possible values:
EXTENDABLE_RETENTION_PRICING - This billing mode is generally recommended if you want a flexible retention period of up to 3653 days (about 10 years). The default retention period for this billing mode is 366 days.FIXED_RETENTION_PRICING - This billing mode is recommended if you expect to ingest more than 25 TB of event data per month and need a retention period of up to 2557 days (about 7 years). The default retention period for this billing mode is 2557 days.The default value is EXTENDABLE_RETENTION_PRICING.
For more information about CloudTrail pricing, see CloudTrail Pricing and Managing CloudTrail Lake costs.
*)start_ingestion : boolean_ option;Specifies whether the event data store should start ingesting live events. The default is true.
*)kms_key_id : event_data_store_kms_key_id option;Specifies the KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
Disabling or deleting the KMS key, or removing CloudTrail permissions on the key, prevents CloudTrail from logging events to the event data store, and prevents users from querying the data in the event data store that was encrypted with the key. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. Before you disable or delete a KMS key that you are using with an event data store, delete or back up your event data store.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasNamearn:aws:kms:us-east-2:123456789012:alias/MyAliasNamearn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-12345678901212345678-1234-1234-1234-123456789012termination_protection_enabled : termination_protection_enabled option;Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled.
*)retention_period : retention_period option;The retention period of the event data store, in days. If BillingMode is set to EXTENDABLE_RETENTION_PRICING, you can set a retention period of up to 3653 days, the equivalent of 10 years. If BillingMode is set to FIXED_RETENTION_PRICING, you can set a retention period of up to 2557 days, the equivalent of seven years.
CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you plan to copy trail events to this event data store, we recommend that you consider both the age of the events that you want to copy as well as how long you want to keep the copied events in your event data store. For example, if you copy trail events that are 5 years old and specify a retention period of 7 years, the event data store will retain those events for two years.
*)organization_enabled : boolean_ option;Specifies whether an event data store collects events logged for an organization in Organizations.
*)multi_region_enabled : boolean_ option;Specifies whether the event data store includes events from all Regions, or only from the Region in which the event data store is created.
*)advanced_event_selectors : advanced_event_selectors option;The advanced event selectors to use to select the events for the data store. You can configure up to five advanced event selectors for each event data store.
For more information about how to use advanced event selectors to log CloudTrail events, see Log events by using advanced event selectors in the CloudTrail User Guide.
For more information about how to use advanced event selectors to include Config configuration items in your event data store, see Create an event data store for Config configuration items in the CloudTrail User Guide.
For more information about how to use advanced event selectors to include events outside of Amazon Web Services events in your event data store, see Create an integration to log events from outside Amazon Web Services in the CloudTrail User Guide.
*)name : event_data_store_name;The name of the event data store.
*)}type nonrec create_dashboard_response = {termination_protection_enabled : termination_protection_enabled option;Indicates whether termination protection is enabled for the dashboard.
*)refresh_schedule : refresh_schedule option;The refresh schedule for the dashboard, if configured.
*)widgets : widget_list option;An array of widgets for the dashboard.
*)type_ : dashboard_type option;The dashboard type.
*)name : dashboard_name option;The name of the dashboard.
*)dashboard_arn : dashboard_arn option;The ARN for the dashboard.
*)}type nonrec create_dashboard_request = {widgets : request_widget_list option;An array of widgets for a custom dashboard. A custom dashboard can have a maximum of ten widgets.
You do not need to specify widgets for the Highlights dashboard.
*)termination_protection_enabled : termination_protection_enabled option;Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled.
*)refresh_schedule : refresh_schedule option;The refresh schedule configuration for the dashboard.
To create the Highlights dashboard, you must set a refresh schedule and set the Status to ENABLED. The Unit for the refresh schedule must be HOURS and the Value must be 6.
name : dashboard_name;The name of the dashboard. The name must be unique to your account.
To create the Highlights dashboard, the name must be AWSCloudTrail-Highlights.
}type nonrec create_channel_response = {destinations : destinations option;The event data stores that log the events arriving through the channel.
*)source : source option;The partner or external event source name.
*)name : channel_name option;The name of the new channel.
*)channel_arn : channel_arn option;The Amazon Resource Name (ARN) of the new channel.
*)}type nonrec create_channel_request = {destinations : destinations;One or more event data stores to which events arriving through a channel will be logged.
*)source : source;The name of the partner or external event source. You cannot change this name after you create the channel. A maximum of one channel is allowed per source.
A source can be either Custom for all valid non-Amazon Web Services events, or the name of a partner event source. For information about the source names for available partners, see Additional information about integration partners in the CloudTrail User Guide.
name : channel_name;The name of the channel.
*)}type nonrec channel_max_limit_exceeded_exception = {message : error_message option;Brief description of the exception returned by the request.
*)}This exception is thrown when the maximum number of channels limit is exceeded.
type nonrec cancel_query_response = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)query_status : query_status;Shows the status of a query after a CancelQuery request. Typically, the values shown are either RUNNING or CANCELLED.
query_id : uui_d;The ID of the canceled query.
*)}type nonrec cancel_query_request = {event_data_store_owner_account_id : account_id option;The account ID of the event data store owner.
*)query_id : uui_d;The ID of the query that you want to cancel. The QueryId comes from the response of a StartQuery operation.
event_data_store : event_data_store_arn option;The ARN (or the ID suffix of the ARN) of an event data store on which the specified query is running.
*)}