cloudtrail

package
v3.29.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetServiceAccountArgs

type GetServiceAccountArgs struct {
	// Name of the region whose AWS CloudTrail account ID is desired.
	// Defaults to the region from the AWS provider configuration.
	Region *string `pulumi:"region"`
}

A collection of arguments for invoking getServiceAccount.

type GetServiceAccountResult

type GetServiceAccountResult struct {
	// The ARN of the AWS CloudTrail service account in the selected region.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id     string  `pulumi:"id"`
	Region *string `pulumi:"region"`
}

A collection of values returned by getServiceAccount.

func GetServiceAccount

func GetServiceAccount(ctx *pulumi.Context, args *GetServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetServiceAccountResult, error)

Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html) in a given region for the purpose of allowing CloudTrail to store trail data in S3.

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		main, err := cloudtrail.GetServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			ForceDestroy: pulumi.Bool(true),
			Policy:       pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2008-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"Put bucket policy needed for trails\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"AWS\": \"", main.Arn, "\"\n", "      },\n", "      \"Action\": \"s3:PutObject\",\n", "      \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\n", "    },\n", "    {\n", "      \"Sid\": \"Get bucket policy needed for trails\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"AWS\": \"", main.Arn, "\"\n", "      },\n", "      \"Action\": \"s3:GetBucketAcl\",\n", "      \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\n", "    }\n", "  ]\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type Trail

type Trail struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name of the trail.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Specifies a log group name using an Amazon Resource Name (ARN),
	// that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.
	CloudWatchLogsGroupArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsGroupArn"`
	// Specifies the role for the CloudWatch Logs
	// endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsRoleArn"`
	// Specifies whether log file integrity validation is enabled.
	// Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrOutput `pulumi:"enableLogFileValidation"`
	// Enables logging for the trail. Defaults to `true`.
	// Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrOutput `pulumi:"enableLogging"`
	// Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayOutput `pulumi:"eventSelectors"`
	// The region in which the trail was created.
	HomeRegion pulumi.StringOutput `pulumi:"homeRegion"`
	// Specifies whether the trail is publishing events
	// from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrOutput `pulumi:"includeGlobalServiceEvents"`
	// Specifies an insight selector for identifying unusual operational activity. Fields documented below.
	InsightSelectors TrailInsightSelectorArrayOutput `pulumi:"insightSelectors"`
	// Specifies whether the trail is created in the current
	// region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrOutput `pulumi:"isMultiRegionTrail"`
	// Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrOutput `pulumi:"isOrganizationTrail"`
	// Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// Specifies the name of the trail.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies the name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringOutput `pulumi:"s3BucketName"`
	// Specifies the S3 key prefix that follows
	// the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrOutput `pulumi:"s3KeyPrefix"`
	// Specifies the name of the Amazon SNS topic
	// defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrOutput `pulumi:"snsTopicName"`
	// A map of tags to assign to the trail
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a CloudTrail resource.

> *NOTE:* For a multi-region trail, this resource must be in the home region of the trail.

> *NOTE:* For an organization trail, this resource must be in the master account of the organization.

## Example Usage ### Basic

Enable CloudTrail to capture all compatible management events in region. For capturing events from services like IAM, `includeGlobalServiceEvents` must be enabled.

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucketPolicy(ctx, "bucketPolicy", &s3.BucketPolicyArgs{
			Bucket: bucket.ID(),
			Policy: pulumi.All(bucket.ID(), bucket.ID()).ApplyT(func(_args []interface{}) (string, error) {
				bucketId := _args[0].(string)
				bucketId1 := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "  {\n", "      \"Version\": \"2012-10-17\",\n", "      \"Statement\": [\n", "          {\n", "              \"Sid\": \"AWSCloudTrailAclCheck\",\n", "              \"Effect\": \"Allow\",\n", "              \"Principal\": {\n", "                \"Service\": \"cloudtrail.amazonaws.com\"\n", "              },\n", "              \"Action\": \"s3:GetBucketAcl\",\n", "              \"Resource\": \"arn:aws:s3:::", bucketId, "\"\n", "          },\n", "          {\n", "              \"Sid\": \"AWSCloudTrailWrite\",\n", "              \"Effect\": \"Allow\",\n", "              \"Principal\": {\n", "                \"Service\": \"cloudtrail.amazonaws.com\"\n", "              },\n", "              \"Action\": \"s3:PutObject\",\n", "              \"Resource\": \"arn:aws:s3:::", bucketId1, "/prefix/AWSLogs/", current.AccountId, "/*\",\n", "              \"Condition\": {\n", "                  \"StringEquals\": {\n", "                      \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n", "                  }\n", "              }\n", "          }\n", "      ]\n", "  }\n"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "foobar", &cloudtrail.TrailArgs{
			S3BucketName:               bucket.ID(),
			S3KeyPrefix:                pulumi.String("prefix"),
			IncludeGlobalServiceEvents: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Data Event Logging

CloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the [CloudTrail API DataResource documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DataResource.html). ### Logging All Lambda Function Invocations

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			S3BucketName: bucket.ID(),
			S3KeyPrefix:  pulumi.String("prefix"),
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					ReadWriteType:           pulumi.String("All"),
					IncludeManagementEvents: pulumi.Bool(true),
					DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
						&cloudtrail.TrailEventSelectorDataResourceArgs{
							Type: pulumi.String("AWS::Lambda::Function"),
							Values: pulumi.StringArray{
								pulumi.String("arn:aws:lambda"),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Logging All S3 Bucket Object Events

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			S3BucketName: bucket.ID(),
			S3KeyPrefix:  pulumi.String("prefix"),
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					ReadWriteType:           pulumi.String("All"),
					IncludeManagementEvents: pulumi.Bool(true),
					DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
						&cloudtrail.TrailEventSelectorDataResourceArgs{
							Type: pulumi.String("AWS::S3::Object"),
							Values: pulumi.StringArray{
								pulumi.String("arn:aws:s3:::"),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Logging Individual S3 Bucket Events

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		important_bucket, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{
			Bucket: "important-bucket",
		}, nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			S3BucketName: pulumi.String(important_bucket.Id),
			S3KeyPrefix:  pulumi.String("prefix"),
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					ReadWriteType:           pulumi.String("All"),
					IncludeManagementEvents: pulumi.Bool(true),
					DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
						&cloudtrail.TrailEventSelectorDataResourceArgs{
							Type: pulumi.String("AWS::S3::Object"),
							Values: pulumi.StringArray{
								pulumi.String(fmt.Sprintf("%v%v", important_bucket.Arn, "/")),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Sending Events to CloudWatch Logs

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetPartition(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil)
		if err != nil {
			return err
		}
		testRole, err := iam.NewRole(ctx, "testRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"cloudtrail.", current.DnsSuffix, "\"\n", "      },\n", "      \"Action\": \"sts:AssumeRole\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "testRolePolicy", &iam.RolePolicyArgs{
			Role:   testRole.ID(),
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"AWSCloudTrailCreateLogStream\",\n", "      \"Effect\": \"Allow\",\n", "      \"Action\": [\n", "        \"logs:CreateLogStream\",\n", "        \"logs:PutLogEvents\"\n", "      ],\n", "      \"Resource\": \"", aws_cloudwatch_log_group.Test.Arn, ":*\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "exampleTrail", &cloudtrail.TrailArgs{
			S3BucketName:          pulumi.Any(data.Aws_s3_bucket.Important - bucket.Id),
			S3KeyPrefix:           pulumi.String("prefix"),
			CloudWatchLogsRoleArn: testRole.Arn,
			CloudWatchLogsGroupArn: exampleLogGroup.Arn.ApplyT(func(arn string) (string, error) {
				return fmt.Sprintf("%v%v", arn, ":*"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Cloudtrails can be imported using the `name`, e.g.

```sh

$ pulumi import aws:cloudtrail/trail:Trail sample my-sample-trail

```

func GetTrail

func GetTrail(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TrailState, opts ...pulumi.ResourceOption) (*Trail, error)

GetTrail gets an existing Trail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTrail

func NewTrail(ctx *pulumi.Context,
	name string, args *TrailArgs, opts ...pulumi.ResourceOption) (*Trail, error)

NewTrail registers a new resource with the given unique name, arguments, and options.

func (*Trail) ElementType added in v3.13.0

func (*Trail) ElementType() reflect.Type

func (*Trail) ToTrailOutput added in v3.13.0

func (i *Trail) ToTrailOutput() TrailOutput

func (*Trail) ToTrailOutputWithContext added in v3.13.0

func (i *Trail) ToTrailOutputWithContext(ctx context.Context) TrailOutput

func (*Trail) ToTrailPtrOutput added in v3.25.0

func (i *Trail) ToTrailPtrOutput() TrailPtrOutput

func (*Trail) ToTrailPtrOutputWithContext added in v3.25.0

func (i *Trail) ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput

type TrailArgs

type TrailArgs struct {
	// Specifies a log group name using an Amazon Resource Name (ARN),
	// that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.
	CloudWatchLogsGroupArn pulumi.StringPtrInput
	// Specifies the role for the CloudWatch Logs
	// endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrInput
	// Specifies whether log file integrity validation is enabled.
	// Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrInput
	// Enables logging for the trail. Defaults to `true`.
	// Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrInput
	// Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayInput
	// Specifies whether the trail is publishing events
	// from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrInput
	// Specifies an insight selector for identifying unusual operational activity. Fields documented below.
	InsightSelectors TrailInsightSelectorArrayInput
	// Specifies whether the trail is created in the current
	// region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrInput
	// Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrInput
	// Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrInput
	// Specifies the name of the trail.
	Name pulumi.StringPtrInput
	// Specifies the name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringInput
	// Specifies the S3 key prefix that follows
	// the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrInput
	// Specifies the name of the Amazon SNS topic
	// defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrInput
	// A map of tags to assign to the trail
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Trail resource.

func (TrailArgs) ElementType

func (TrailArgs) ElementType() reflect.Type

type TrailArray added in v3.25.0

type TrailArray []TrailInput

func (TrailArray) ElementType added in v3.25.0

func (TrailArray) ElementType() reflect.Type

func (TrailArray) ToTrailArrayOutput added in v3.25.0

func (i TrailArray) ToTrailArrayOutput() TrailArrayOutput

func (TrailArray) ToTrailArrayOutputWithContext added in v3.25.0

func (i TrailArray) ToTrailArrayOutputWithContext(ctx context.Context) TrailArrayOutput

type TrailArrayInput added in v3.25.0

type TrailArrayInput interface {
	pulumi.Input

	ToTrailArrayOutput() TrailArrayOutput
	ToTrailArrayOutputWithContext(context.Context) TrailArrayOutput
}

TrailArrayInput is an input type that accepts TrailArray and TrailArrayOutput values. You can construct a concrete instance of `TrailArrayInput` via:

TrailArray{ TrailArgs{...} }

type TrailArrayOutput added in v3.25.0

type TrailArrayOutput struct{ *pulumi.OutputState }

func (TrailArrayOutput) ElementType added in v3.25.0

func (TrailArrayOutput) ElementType() reflect.Type

func (TrailArrayOutput) Index added in v3.25.0

func (TrailArrayOutput) ToTrailArrayOutput added in v3.25.0

func (o TrailArrayOutput) ToTrailArrayOutput() TrailArrayOutput

func (TrailArrayOutput) ToTrailArrayOutputWithContext added in v3.25.0

func (o TrailArrayOutput) ToTrailArrayOutputWithContext(ctx context.Context) TrailArrayOutput

type TrailEventSelector

type TrailEventSelector struct {
	// Specifies logging data events. Fields documented below.
	DataResources []TrailEventSelectorDataResource `pulumi:"dataResources"`
	// Specify if you want your event selector to include management events for your trail.
	IncludeManagementEvents *bool `pulumi:"includeManagementEvents"`
	// Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.
	ReadWriteType *string `pulumi:"readWriteType"`
}

type TrailEventSelectorArgs

type TrailEventSelectorArgs struct {
	// Specifies logging data events. Fields documented below.
	DataResources TrailEventSelectorDataResourceArrayInput `pulumi:"dataResources"`
	// Specify if you want your event selector to include management events for your trail.
	IncludeManagementEvents pulumi.BoolPtrInput `pulumi:"includeManagementEvents"`
	// Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.
	ReadWriteType pulumi.StringPtrInput `pulumi:"readWriteType"`
}

func (TrailEventSelectorArgs) ElementType

func (TrailEventSelectorArgs) ElementType() reflect.Type

func (TrailEventSelectorArgs) ToTrailEventSelectorOutput

func (i TrailEventSelectorArgs) ToTrailEventSelectorOutput() TrailEventSelectorOutput

func (TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext

func (i TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput

type TrailEventSelectorArray

type TrailEventSelectorArray []TrailEventSelectorInput

func (TrailEventSelectorArray) ElementType

func (TrailEventSelectorArray) ElementType() reflect.Type

func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutput

func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput

func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext

func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput

type TrailEventSelectorArrayInput

type TrailEventSelectorArrayInput interface {
	pulumi.Input

	ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput
	ToTrailEventSelectorArrayOutputWithContext(context.Context) TrailEventSelectorArrayOutput
}

TrailEventSelectorArrayInput is an input type that accepts TrailEventSelectorArray and TrailEventSelectorArrayOutput values. You can construct a concrete instance of `TrailEventSelectorArrayInput` via:

TrailEventSelectorArray{ TrailEventSelectorArgs{...} }

type TrailEventSelectorArrayOutput

type TrailEventSelectorArrayOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorArrayOutput) ElementType

func (TrailEventSelectorArrayOutput) Index

func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput

func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput

func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext

func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput

type TrailEventSelectorDataResource

type TrailEventSelectorDataResource struct {
	// The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"
	Type string `pulumi:"type"`
	// A list of ARN for the specified S3 buckets and object prefixes..
	Values []string `pulumi:"values"`
}

type TrailEventSelectorDataResourceArgs

type TrailEventSelectorDataResourceArgs struct {
	// The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"
	Type pulumi.StringInput `pulumi:"type"`
	// A list of ARN for the specified S3 buckets and object prefixes..
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (TrailEventSelectorDataResourceArgs) ElementType

func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput

func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext

func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput

type TrailEventSelectorDataResourceArray

type TrailEventSelectorDataResourceArray []TrailEventSelectorDataResourceInput

func (TrailEventSelectorDataResourceArray) ElementType

func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput

func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput

func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext

func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceArrayInput

type TrailEventSelectorDataResourceArrayInput interface {
	pulumi.Input

	ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
	ToTrailEventSelectorDataResourceArrayOutputWithContext(context.Context) TrailEventSelectorDataResourceArrayOutput
}

TrailEventSelectorDataResourceArrayInput is an input type that accepts TrailEventSelectorDataResourceArray and TrailEventSelectorDataResourceArrayOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceArrayInput` via:

TrailEventSelectorDataResourceArray{ TrailEventSelectorDataResourceArgs{...} }

type TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceArrayOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorDataResourceArrayOutput) ElementType

func (TrailEventSelectorDataResourceArrayOutput) Index

func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput

func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput

func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext

func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceInput

type TrailEventSelectorDataResourceInput interface {
	pulumi.Input

	ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
	ToTrailEventSelectorDataResourceOutputWithContext(context.Context) TrailEventSelectorDataResourceOutput
}

TrailEventSelectorDataResourceInput is an input type that accepts TrailEventSelectorDataResourceArgs and TrailEventSelectorDataResourceOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceInput` via:

TrailEventSelectorDataResourceArgs{...}

type TrailEventSelectorDataResourceOutput

type TrailEventSelectorDataResourceOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorDataResourceOutput) ElementType

func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput

func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext

func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceOutput) Type

The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"

func (TrailEventSelectorDataResourceOutput) Values

A list of ARN for the specified S3 buckets and object prefixes..

type TrailEventSelectorInput

type TrailEventSelectorInput interface {
	pulumi.Input

	ToTrailEventSelectorOutput() TrailEventSelectorOutput
	ToTrailEventSelectorOutputWithContext(context.Context) TrailEventSelectorOutput
}

TrailEventSelectorInput is an input type that accepts TrailEventSelectorArgs and TrailEventSelectorOutput values. You can construct a concrete instance of `TrailEventSelectorInput` via:

TrailEventSelectorArgs{...}

type TrailEventSelectorOutput

type TrailEventSelectorOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorOutput) DataResources

Specifies logging data events. Fields documented below.

func (TrailEventSelectorOutput) ElementType

func (TrailEventSelectorOutput) ElementType() reflect.Type

func (TrailEventSelectorOutput) IncludeManagementEvents

func (o TrailEventSelectorOutput) IncludeManagementEvents() pulumi.BoolPtrOutput

Specify if you want your event selector to include management events for your trail.

func (TrailEventSelectorOutput) ReadWriteType

Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.

func (TrailEventSelectorOutput) ToTrailEventSelectorOutput

func (o TrailEventSelectorOutput) ToTrailEventSelectorOutput() TrailEventSelectorOutput

func (TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext

func (o TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput

type TrailInput added in v3.13.0

type TrailInput interface {
	pulumi.Input

	ToTrailOutput() TrailOutput
	ToTrailOutputWithContext(ctx context.Context) TrailOutput
}

type TrailInsightSelector added in v3.3.0

type TrailInsightSelector struct {
	// The type of insights to log on a trail. In this release, only `ApiCallRateInsight` is supported as an insight type.
	InsightType string `pulumi:"insightType"`
}

type TrailInsightSelectorArgs added in v3.3.0

type TrailInsightSelectorArgs struct {
	// The type of insights to log on a trail. In this release, only `ApiCallRateInsight` is supported as an insight type.
	InsightType pulumi.StringInput `pulumi:"insightType"`
}

func (TrailInsightSelectorArgs) ElementType added in v3.3.0

func (TrailInsightSelectorArgs) ElementType() reflect.Type

func (TrailInsightSelectorArgs) ToTrailInsightSelectorOutput added in v3.3.0

func (i TrailInsightSelectorArgs) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput

func (TrailInsightSelectorArgs) ToTrailInsightSelectorOutputWithContext added in v3.3.0

func (i TrailInsightSelectorArgs) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput

type TrailInsightSelectorArray added in v3.3.0

type TrailInsightSelectorArray []TrailInsightSelectorInput

func (TrailInsightSelectorArray) ElementType added in v3.3.0

func (TrailInsightSelectorArray) ElementType() reflect.Type

func (TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutput added in v3.3.0

func (i TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput

func (TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutputWithContext added in v3.3.0

func (i TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput

type TrailInsightSelectorArrayInput added in v3.3.0

type TrailInsightSelectorArrayInput interface {
	pulumi.Input

	ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput
	ToTrailInsightSelectorArrayOutputWithContext(context.Context) TrailInsightSelectorArrayOutput
}

TrailInsightSelectorArrayInput is an input type that accepts TrailInsightSelectorArray and TrailInsightSelectorArrayOutput values. You can construct a concrete instance of `TrailInsightSelectorArrayInput` via:

TrailInsightSelectorArray{ TrailInsightSelectorArgs{...} }

type TrailInsightSelectorArrayOutput added in v3.3.0

type TrailInsightSelectorArrayOutput struct{ *pulumi.OutputState }

func (TrailInsightSelectorArrayOutput) ElementType added in v3.3.0

func (TrailInsightSelectorArrayOutput) Index added in v3.3.0

func (TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput added in v3.3.0

func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput

func (TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext added in v3.3.0

func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput

type TrailInsightSelectorInput added in v3.3.0

type TrailInsightSelectorInput interface {
	pulumi.Input

	ToTrailInsightSelectorOutput() TrailInsightSelectorOutput
	ToTrailInsightSelectorOutputWithContext(context.Context) TrailInsightSelectorOutput
}

TrailInsightSelectorInput is an input type that accepts TrailInsightSelectorArgs and TrailInsightSelectorOutput values. You can construct a concrete instance of `TrailInsightSelectorInput` via:

TrailInsightSelectorArgs{...}

type TrailInsightSelectorOutput added in v3.3.0

type TrailInsightSelectorOutput struct{ *pulumi.OutputState }

func (TrailInsightSelectorOutput) ElementType added in v3.3.0

func (TrailInsightSelectorOutput) ElementType() reflect.Type

func (TrailInsightSelectorOutput) InsightType added in v3.3.0

The type of insights to log on a trail. In this release, only `ApiCallRateInsight` is supported as an insight type.

func (TrailInsightSelectorOutput) ToTrailInsightSelectorOutput added in v3.3.0

func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput

func (TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext added in v3.3.0

func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput

type TrailMap added in v3.25.0

type TrailMap map[string]TrailInput

func (TrailMap) ElementType added in v3.25.0

func (TrailMap) ElementType() reflect.Type

func (TrailMap) ToTrailMapOutput added in v3.25.0

func (i TrailMap) ToTrailMapOutput() TrailMapOutput

func (TrailMap) ToTrailMapOutputWithContext added in v3.25.0

func (i TrailMap) ToTrailMapOutputWithContext(ctx context.Context) TrailMapOutput

type TrailMapInput added in v3.25.0

type TrailMapInput interface {
	pulumi.Input

	ToTrailMapOutput() TrailMapOutput
	ToTrailMapOutputWithContext(context.Context) TrailMapOutput
}

TrailMapInput is an input type that accepts TrailMap and TrailMapOutput values. You can construct a concrete instance of `TrailMapInput` via:

TrailMap{ "key": TrailArgs{...} }

type TrailMapOutput added in v3.25.0

type TrailMapOutput struct{ *pulumi.OutputState }

func (TrailMapOutput) ElementType added in v3.25.0

func (TrailMapOutput) ElementType() reflect.Type

func (TrailMapOutput) MapIndex added in v3.25.0

func (TrailMapOutput) ToTrailMapOutput added in v3.25.0

func (o TrailMapOutput) ToTrailMapOutput() TrailMapOutput

func (TrailMapOutput) ToTrailMapOutputWithContext added in v3.25.0

func (o TrailMapOutput) ToTrailMapOutputWithContext(ctx context.Context) TrailMapOutput

type TrailOutput added in v3.13.0

type TrailOutput struct {
	*pulumi.OutputState
}

func (TrailOutput) ElementType added in v3.13.0

func (TrailOutput) ElementType() reflect.Type

func (TrailOutput) ToTrailOutput added in v3.13.0

func (o TrailOutput) ToTrailOutput() TrailOutput

func (TrailOutput) ToTrailOutputWithContext added in v3.13.0

func (o TrailOutput) ToTrailOutputWithContext(ctx context.Context) TrailOutput

func (TrailOutput) ToTrailPtrOutput added in v3.25.0

func (o TrailOutput) ToTrailPtrOutput() TrailPtrOutput

func (TrailOutput) ToTrailPtrOutputWithContext added in v3.25.0

func (o TrailOutput) ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput

type TrailPtrInput added in v3.25.0

type TrailPtrInput interface {
	pulumi.Input

	ToTrailPtrOutput() TrailPtrOutput
	ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput
}

type TrailPtrOutput added in v3.25.0

type TrailPtrOutput struct {
	*pulumi.OutputState
}

func (TrailPtrOutput) ElementType added in v3.25.0

func (TrailPtrOutput) ElementType() reflect.Type

func (TrailPtrOutput) ToTrailPtrOutput added in v3.25.0

func (o TrailPtrOutput) ToTrailPtrOutput() TrailPtrOutput

func (TrailPtrOutput) ToTrailPtrOutputWithContext added in v3.25.0

func (o TrailPtrOutput) ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput

type TrailState

type TrailState struct {
	// The Amazon Resource Name of the trail.
	Arn pulumi.StringPtrInput
	// Specifies a log group name using an Amazon Resource Name (ARN),
	// that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.
	CloudWatchLogsGroupArn pulumi.StringPtrInput
	// Specifies the role for the CloudWatch Logs
	// endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrInput
	// Specifies whether log file integrity validation is enabled.
	// Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrInput
	// Enables logging for the trail. Defaults to `true`.
	// Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrInput
	// Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayInput
	// The region in which the trail was created.
	HomeRegion pulumi.StringPtrInput
	// Specifies whether the trail is publishing events
	// from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrInput
	// Specifies an insight selector for identifying unusual operational activity. Fields documented below.
	InsightSelectors TrailInsightSelectorArrayInput
	// Specifies whether the trail is created in the current
	// region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrInput
	// Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrInput
	// Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrInput
	// Specifies the name of the trail.
	Name pulumi.StringPtrInput
	// Specifies the name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringPtrInput
	// Specifies the S3 key prefix that follows
	// the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrInput
	// Specifies the name of the Amazon SNS topic
	// defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrInput
	// A map of tags to assign to the trail
	Tags pulumi.StringMapInput
}

func (TrailState) ElementType

func (TrailState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL