cloudtrail

package
v2.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetServiceAccountArgs

type GetServiceAccountArgs struct {
	// Name of the region whose AWS CloudTrail account ID is desired.
	// Defaults to the region from the AWS provider configuration.
	Region *string `pulumi:"region"`
}

A collection of arguments for invoking getServiceAccount.

type GetServiceAccountResult

type GetServiceAccountResult struct {
	// The ARN of the AWS CloudTrail service account in the selected region.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id     string  `pulumi:"id"`
	Region *string `pulumi:"region"`
}

A collection of values returned by getServiceAccount.

func GetServiceAccount

func GetServiceAccount(ctx *pulumi.Context, args *GetServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetServiceAccountResult, error)

Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html) in a given region for the purpose of allowing CloudTrail to store trail data in S3.

type Trail

type Trail struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name of the trail.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Specifies a log group name using an Amazon Resource Name (ARN),
	// that represents the log group to which CloudTrail logs will be delivered.
	CloudWatchLogsGroupArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsGroupArn"`
	// Specifies the role for the CloudWatch Logs
	// endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsRoleArn"`
	// Specifies whether log file integrity validation is enabled.
	// Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrOutput `pulumi:"enableLogFileValidation"`
	// Enables logging for the trail. Defaults to `true`.
	// Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrOutput `pulumi:"enableLogging"`
	// Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayOutput `pulumi:"eventSelectors"`
	// The region in which the trail was created.
	HomeRegion pulumi.StringOutput `pulumi:"homeRegion"`
	// Specifies whether the trail is publishing events
	// from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrOutput `pulumi:"includeGlobalServiceEvents"`
	// Specifies whether the trail is created in the current
	// region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrOutput `pulumi:"isMultiRegionTrail"`
	// Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrOutput `pulumi:"isOrganizationTrail"`
	// Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// Specifies the name of the trail.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies the name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringOutput `pulumi:"s3BucketName"`
	// Specifies the S3 key prefix that follows
	// the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrOutput `pulumi:"s3KeyPrefix"`
	// Specifies the name of the Amazon SNS topic
	// defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrOutput `pulumi:"snsTopicName"`
	// A map of tags to assign to the trail
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a CloudTrail resource.

> *NOTE:* For a multi-region trail, this resource must be in the home region of the trail.

> *NOTE:* For an organization trail, this resource must be in the master account of the organization.

## Example Usage

### Logging All Lambda Function Invocations

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cloudtrail"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					DataResource: []map[string]interface{}{
						map[string]interface{}{
							"type": "AWS::Lambda::Function",
							"values": pulumi.StringArray{
								pulumi.String("arn:aws:lambda"),
							},
						},
					},
					IncludeManagementEvents: pulumi.Bool(true),
					ReadWriteType:           pulumi.String("All"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

### Logging All S3 Bucket Object Events

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cloudtrail"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					DataResource: []map[string]interface{}{
						map[string]interface{}{
							"type": "AWS::S3::Object",
							"values": pulumi.StringArray{
								pulumi.String("arn:aws:s3:::"),
							},
						},
					},
					IncludeManagementEvents: pulumi.Bool(true),
					ReadWriteType:           pulumi.String("All"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetTrail

func GetTrail(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TrailState, opts ...pulumi.ResourceOption) (*Trail, error)

GetTrail gets an existing Trail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTrail

func NewTrail(ctx *pulumi.Context,
	name string, args *TrailArgs, opts ...pulumi.ResourceOption) (*Trail, error)

NewTrail registers a new resource with the given unique name, arguments, and options.

type TrailArgs

type TrailArgs struct {
	// Specifies a log group name using an Amazon Resource Name (ARN),
	// that represents the log group to which CloudTrail logs will be delivered.
	CloudWatchLogsGroupArn pulumi.StringPtrInput
	// Specifies the role for the CloudWatch Logs
	// endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrInput
	// Specifies whether log file integrity validation is enabled.
	// Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrInput
	// Enables logging for the trail. Defaults to `true`.
	// Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrInput
	// Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayInput
	// Specifies whether the trail is publishing events
	// from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrInput
	// Specifies whether the trail is created in the current
	// region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrInput
	// Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrInput
	// Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrInput
	// Specifies the name of the trail.
	Name pulumi.StringPtrInput
	// Specifies the name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringInput
	// Specifies the S3 key prefix that follows
	// the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrInput
	// Specifies the name of the Amazon SNS topic
	// defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrInput
	// A map of tags to assign to the trail
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Trail resource.

func (TrailArgs) ElementType

func (TrailArgs) ElementType() reflect.Type

type TrailEventSelector

type TrailEventSelector struct {
	// Specifies logging data events. Fields documented below.
	DataResources []TrailEventSelectorDataResource `pulumi:"dataResources"`
	// Specify if you want your event selector to include management events for your trail.
	IncludeManagementEvents *bool `pulumi:"includeManagementEvents"`
	// Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.
	ReadWriteType *string `pulumi:"readWriteType"`
}

type TrailEventSelectorArgs

type TrailEventSelectorArgs struct {
	// Specifies logging data events. Fields documented below.
	DataResources TrailEventSelectorDataResourceArrayInput `pulumi:"dataResources"`
	// Specify if you want your event selector to include management events for your trail.
	IncludeManagementEvents pulumi.BoolPtrInput `pulumi:"includeManagementEvents"`
	// Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.
	ReadWriteType pulumi.StringPtrInput `pulumi:"readWriteType"`
}

func (TrailEventSelectorArgs) ElementType

func (TrailEventSelectorArgs) ElementType() reflect.Type

func (TrailEventSelectorArgs) ToTrailEventSelectorOutput

func (i TrailEventSelectorArgs) ToTrailEventSelectorOutput() TrailEventSelectorOutput

func (TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext

func (i TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput

type TrailEventSelectorArray

type TrailEventSelectorArray []TrailEventSelectorInput

func (TrailEventSelectorArray) ElementType

func (TrailEventSelectorArray) ElementType() reflect.Type

func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutput

func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput

func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext

func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput

type TrailEventSelectorArrayInput

type TrailEventSelectorArrayInput interface {
	pulumi.Input

	ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput
	ToTrailEventSelectorArrayOutputWithContext(context.Context) TrailEventSelectorArrayOutput
}

TrailEventSelectorArrayInput is an input type that accepts TrailEventSelectorArray and TrailEventSelectorArrayOutput values. You can construct a concrete instance of `TrailEventSelectorArrayInput` via:

TrailEventSelectorArray{ TrailEventSelectorArgs{...} }

type TrailEventSelectorArrayOutput

type TrailEventSelectorArrayOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorArrayOutput) ElementType

func (TrailEventSelectorArrayOutput) Index

func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput

func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput

func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext

func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput

type TrailEventSelectorDataResource

type TrailEventSelectorDataResource struct {
	// The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"
	Type string `pulumi:"type"`
	// A list of ARN for the specified S3 buckets and object prefixes..
	Values []string `pulumi:"values"`
}

type TrailEventSelectorDataResourceArgs

type TrailEventSelectorDataResourceArgs struct {
	// The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"
	Type pulumi.StringInput `pulumi:"type"`
	// A list of ARN for the specified S3 buckets and object prefixes..
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (TrailEventSelectorDataResourceArgs) ElementType

func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput

func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext

func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput

type TrailEventSelectorDataResourceArray

type TrailEventSelectorDataResourceArray []TrailEventSelectorDataResourceInput

func (TrailEventSelectorDataResourceArray) ElementType

func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput

func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput

func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext

func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceArrayInput

type TrailEventSelectorDataResourceArrayInput interface {
	pulumi.Input

	ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
	ToTrailEventSelectorDataResourceArrayOutputWithContext(context.Context) TrailEventSelectorDataResourceArrayOutput
}

TrailEventSelectorDataResourceArrayInput is an input type that accepts TrailEventSelectorDataResourceArray and TrailEventSelectorDataResourceArrayOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceArrayInput` via:

TrailEventSelectorDataResourceArray{ TrailEventSelectorDataResourceArgs{...} }

type TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceArrayOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorDataResourceArrayOutput) ElementType

func (TrailEventSelectorDataResourceArrayOutput) Index

func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput

func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput

func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext

func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceInput

type TrailEventSelectorDataResourceInput interface {
	pulumi.Input

	ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
	ToTrailEventSelectorDataResourceOutputWithContext(context.Context) TrailEventSelectorDataResourceOutput
}

TrailEventSelectorDataResourceInput is an input type that accepts TrailEventSelectorDataResourceArgs and TrailEventSelectorDataResourceOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceInput` via:

TrailEventSelectorDataResourceArgs{...}

type TrailEventSelectorDataResourceOutput

type TrailEventSelectorDataResourceOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorDataResourceOutput) ElementType

func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput

func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext

func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceOutput) Type

The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"

func (TrailEventSelectorDataResourceOutput) Values

A list of ARN for the specified S3 buckets and object prefixes..

type TrailEventSelectorInput

type TrailEventSelectorInput interface {
	pulumi.Input

	ToTrailEventSelectorOutput() TrailEventSelectorOutput
	ToTrailEventSelectorOutputWithContext(context.Context) TrailEventSelectorOutput
}

TrailEventSelectorInput is an input type that accepts TrailEventSelectorArgs and TrailEventSelectorOutput values. You can construct a concrete instance of `TrailEventSelectorInput` via:

TrailEventSelectorArgs{...}

type TrailEventSelectorOutput

type TrailEventSelectorOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorOutput) DataResources

Specifies logging data events. Fields documented below.

func (TrailEventSelectorOutput) ElementType

func (TrailEventSelectorOutput) ElementType() reflect.Type

func (TrailEventSelectorOutput) IncludeManagementEvents

func (o TrailEventSelectorOutput) IncludeManagementEvents() pulumi.BoolPtrOutput

Specify if you want your event selector to include management events for your trail.

func (TrailEventSelectorOutput) ReadWriteType

Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.

func (TrailEventSelectorOutput) ToTrailEventSelectorOutput

func (o TrailEventSelectorOutput) ToTrailEventSelectorOutput() TrailEventSelectorOutput

func (TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext

func (o TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput

type TrailState

type TrailState struct {
	// The Amazon Resource Name of the trail.
	Arn pulumi.StringPtrInput
	// Specifies a log group name using an Amazon Resource Name (ARN),
	// that represents the log group to which CloudTrail logs will be delivered.
	CloudWatchLogsGroupArn pulumi.StringPtrInput
	// Specifies the role for the CloudWatch Logs
	// endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrInput
	// Specifies whether log file integrity validation is enabled.
	// Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrInput
	// Enables logging for the trail. Defaults to `true`.
	// Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrInput
	// Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayInput
	// The region in which the trail was created.
	HomeRegion pulumi.StringPtrInput
	// Specifies whether the trail is publishing events
	// from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrInput
	// Specifies whether the trail is created in the current
	// region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrInput
	// Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrInput
	// Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrInput
	// Specifies the name of the trail.
	Name pulumi.StringPtrInput
	// Specifies the name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringPtrInput
	// Specifies the S3 key prefix that follows
	// the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrInput
	// Specifies the name of the Amazon SNS topic
	// defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrInput
	// A map of tags to assign to the trail
	Tags pulumi.StringMapInput
}

func (TrailState) ElementType

func (TrailState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL