Documentation ¶
Index ¶
- type GetServiceAccountArgs
- type GetServiceAccountResult
- type Trail
- type TrailArgs
- type TrailEventSelector
- type TrailEventSelectorArgs
- type TrailEventSelectorArray
- type TrailEventSelectorArrayInput
- type TrailEventSelectorArrayOutput
- func (TrailEventSelectorArrayOutput) ElementType() reflect.Type
- func (o TrailEventSelectorArrayOutput) Index(i pulumi.IntInput) TrailEventSelectorOutput
- func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput
- func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput
- type TrailEventSelectorDataResource
- type TrailEventSelectorDataResourceArgs
- func (TrailEventSelectorDataResourceArgs) ElementType() reflect.Type
- func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
- func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput
- type TrailEventSelectorDataResourceArray
- func (TrailEventSelectorDataResourceArray) ElementType() reflect.Type
- func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
- func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput
- type TrailEventSelectorDataResourceArrayInput
- type TrailEventSelectorDataResourceArrayOutput
- func (TrailEventSelectorDataResourceArrayOutput) ElementType() reflect.Type
- func (o TrailEventSelectorDataResourceArrayOutput) Index(i pulumi.IntInput) TrailEventSelectorDataResourceOutput
- func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
- func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput
- type TrailEventSelectorDataResourceInput
- type TrailEventSelectorDataResourceOutput
- func (TrailEventSelectorDataResourceOutput) ElementType() reflect.Type
- func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
- func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput
- func (o TrailEventSelectorDataResourceOutput) Type() pulumi.StringOutput
- func (o TrailEventSelectorDataResourceOutput) Values() pulumi.StringArrayOutput
- type TrailEventSelectorInput
- type TrailEventSelectorOutput
- func (o TrailEventSelectorOutput) DataResources() TrailEventSelectorDataResourceArrayOutput
- func (TrailEventSelectorOutput) ElementType() reflect.Type
- func (o TrailEventSelectorOutput) IncludeManagementEvents() pulumi.BoolPtrOutput
- func (o TrailEventSelectorOutput) ReadWriteType() pulumi.StringPtrOutput
- func (o TrailEventSelectorOutput) ToTrailEventSelectorOutput() TrailEventSelectorOutput
- func (o TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput
- type TrailInsightSelector
- type TrailInsightSelectorArgs
- type TrailInsightSelectorArray
- type TrailInsightSelectorArrayInput
- type TrailInsightSelectorArrayOutput
- func (TrailInsightSelectorArrayOutput) ElementType() reflect.Type
- func (o TrailInsightSelectorArrayOutput) Index(i pulumi.IntInput) TrailInsightSelectorOutput
- func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput
- func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput
- type TrailInsightSelectorInput
- type TrailInsightSelectorOutput
- func (TrailInsightSelectorOutput) ElementType() reflect.Type
- func (o TrailInsightSelectorOutput) InsightType() pulumi.StringOutput
- func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput
- func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput
- type TrailState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GetServiceAccountArgs ¶
type GetServiceAccountArgs struct { // Name of the region whose AWS CloudTrail account ID is desired. // Defaults to the region from the AWS provider configuration. Region *string `pulumi:"region"` }
A collection of arguments for invoking getServiceAccount.
type GetServiceAccountResult ¶
type GetServiceAccountResult struct { // The ARN of the AWS CloudTrail service account in the selected region. Arn string `pulumi:"arn"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Region *string `pulumi:"region"` }
A collection of values returned by getServiceAccount.
func GetServiceAccount ¶
func GetServiceAccount(ctx *pulumi.Context, args *GetServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetServiceAccountResult, error)
Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html) in a given region for the purpose of allowing CloudTrail to store trail data in S3.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { main, err := cloudtrail.GetServiceAccount(ctx, nil, nil) if err != nil { return err } _, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{ ForceDestroy: pulumi.Bool(true), Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2008-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Sid\": \"Put bucket policy needed for trails\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"AWS\": \"", main.Arn, "\"\n", " },\n", " \"Action\": \"s3:PutObject\",\n", " \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\n", " },\n", " {\n", " \"Sid\": \"Get bucket policy needed for trails\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"AWS\": \"", main.Arn, "\"\n", " },\n", " \"Action\": \"s3:GetBucketAcl\",\n", " \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\n", " }\n", " ]\n", "}\n", "\n")), }) if err != nil { return err } return nil }) }
```
type Trail ¶
type Trail struct { pulumi.CustomResourceState // The Amazon Resource Name of the trail. Arn pulumi.StringOutput `pulumi:"arn"` // Specifies a log group name using an Amazon Resource Name (ARN), // that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard. CloudWatchLogsGroupArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsGroupArn"` // Specifies the role for the CloudWatch Logs // endpoint to assume to write to a user’s log group. CloudWatchLogsRoleArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsRoleArn"` // Specifies whether log file integrity validation is enabled. // Defaults to `false`. EnableLogFileValidation pulumi.BoolPtrOutput `pulumi:"enableLogFileValidation"` // Enables logging for the trail. Defaults to `true`. // Setting this to `false` will pause logging. EnableLogging pulumi.BoolPtrOutput `pulumi:"enableLogging"` // Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these. EventSelectors TrailEventSelectorArrayOutput `pulumi:"eventSelectors"` // The region in which the trail was created. HomeRegion pulumi.StringOutput `pulumi:"homeRegion"` // Specifies whether the trail is publishing events // from global services such as IAM to the log files. Defaults to `true`. IncludeGlobalServiceEvents pulumi.BoolPtrOutput `pulumi:"includeGlobalServiceEvents"` // Specifies an insight selector for identifying unusual operational activity. Fields documented below. InsightSelectors TrailInsightSelectorArrayOutput `pulumi:"insightSelectors"` // Specifies whether the trail is created in the current // region or in all regions. Defaults to `false`. IsMultiRegionTrail pulumi.BoolPtrOutput `pulumi:"isMultiRegionTrail"` // Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`. IsOrganizationTrail pulumi.BoolPtrOutput `pulumi:"isOrganizationTrail"` // Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail. KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"` // Specifies the name of the trail. Name pulumi.StringOutput `pulumi:"name"` // Specifies the name of the S3 bucket designated for publishing log files. S3BucketName pulumi.StringOutput `pulumi:"s3BucketName"` // Specifies the S3 key prefix that follows // the name of the bucket you have designated for log file delivery. S3KeyPrefix pulumi.StringPtrOutput `pulumi:"s3KeyPrefix"` // Specifies the name of the Amazon SNS topic // defined for notification of log file delivery. SnsTopicName pulumi.StringPtrOutput `pulumi:"snsTopicName"` // A map of tags to assign to the trail Tags pulumi.StringMapOutput `pulumi:"tags"` }
Provides a CloudTrail resource.
> *NOTE:* For a multi-region trail, this resource must be in the home region of the trail.
> *NOTE:* For an organization trail, this resource must be in the master account of the organization.
## Example Usage ### Basic
Enable CloudTrail to capture all compatible management events in region. For capturing events from services like IAM, `includeGlobalServiceEvents` must be enabled.
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := aws.GetCallerIdentity(ctx, nil, nil) if err != nil { return err } foo, err := s3.NewBucket(ctx, "foo", &s3.BucketArgs{ ForceDestroy: pulumi.Bool(true), Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Sid\": \"AWSCloudTrailAclCheck\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"Service\": \"cloudtrail.amazonaws.com\"\n", " },\n", " \"Action\": \"s3:GetBucketAcl\",\n", " \"Resource\": \"arn:aws:s3:::tf-test-trail\"\n", " },\n", " {\n", " \"Sid\": \"AWSCloudTrailWrite\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"Service\": \"cloudtrail.amazonaws.com\"\n", " },\n", " \"Action\": \"s3:PutObject\",\n", " \"Resource\": \"arn:aws:s3:::tf-test-trail/prefix/AWSLogs/", current.AccountId, "/*\",\n", " \"Condition\": {\n", " \"StringEquals\": {\n", " \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n", " }\n", " }\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = cloudtrail.NewTrail(ctx, "foobar", &cloudtrail.TrailArgs{ S3BucketName: foo.ID(), S3KeyPrefix: pulumi.String("prefix"), IncludeGlobalServiceEvents: pulumi.Bool(false), }) if err != nil { return err } return nil }) }
``` ### Data Event Logging
CloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the [CloudTrail API DataResource documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DataResource.html). ### Logging All Lambda Function Invocations
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{ EventSelectors: cloudtrail.TrailEventSelectorArray{ &cloudtrail.TrailEventSelectorArgs{ DataResources: cloudtrail.TrailEventSelectorDataResourceArray{ &cloudtrail.TrailEventSelectorDataResourceArgs{ Type: pulumi.String("AWS::Lambda::Function"), Values: pulumi.StringArray{ pulumi.String("arn:aws:lambda"), }, }, }, IncludeManagementEvents: pulumi.Bool(true), ReadWriteType: pulumi.String("All"), }, }, }) if err != nil { return err } return nil }) }
``` ### Logging All S3 Bucket Object Events
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{ EventSelectors: cloudtrail.TrailEventSelectorArray{ &cloudtrail.TrailEventSelectorArgs{ DataResources: cloudtrail.TrailEventSelectorDataResourceArray{ &cloudtrail.TrailEventSelectorDataResourceArgs{ Type: pulumi.String("AWS::S3::Object"), Values: pulumi.StringArray{ pulumi.String("arn:aws:s3:::"), }, }, }, IncludeManagementEvents: pulumi.Bool(true), ReadWriteType: pulumi.String("All"), }, }, }) if err != nil { return err } return nil }) }
``` ### Logging Individual S3 Bucket Events
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { important_bucket, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{ Bucket: "important-bucket", }, nil) if err != nil { return err } _, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{ EventSelectors: cloudtrail.TrailEventSelectorArray{ &cloudtrail.TrailEventSelectorArgs{ DataResources: cloudtrail.TrailEventSelectorDataResourceArray{ &cloudtrail.TrailEventSelectorDataResourceArgs{ Type: pulumi.String("AWS::S3::Object"), Values: pulumi.StringArray{ pulumi.String(fmt.Sprintf("%v%v", important_bucket.Arn, "/")), }, }, }, IncludeManagementEvents: pulumi.Bool(true), ReadWriteType: pulumi.String("All"), }, }, }) if err != nil { return err } return nil }) }
``` ### Sending Events to CloudWatch Logs
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudtrail" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudwatch" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil) if err != nil { return err } _, err = cloudtrail.NewTrail(ctx, "exampleTrail", &cloudtrail.TrailArgs{ CloudWatchLogsGroupArn: exampleLogGroup.Arn.ApplyT(func(arn string) (string, error) { return fmt.Sprintf("%v%v", arn, ":*"), nil }).(pulumi.StringOutput), }) if err != nil { return err } return nil }) }
```
func GetTrail ¶
func GetTrail(ctx *pulumi.Context, name string, id pulumi.IDInput, state *TrailState, opts ...pulumi.ResourceOption) (*Trail, error)
GetTrail gets an existing Trail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
type TrailArgs ¶
type TrailArgs struct { // Specifies a log group name using an Amazon Resource Name (ARN), // that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard. CloudWatchLogsGroupArn pulumi.StringPtrInput // Specifies the role for the CloudWatch Logs // endpoint to assume to write to a user’s log group. CloudWatchLogsRoleArn pulumi.StringPtrInput // Specifies whether log file integrity validation is enabled. // Defaults to `false`. EnableLogFileValidation pulumi.BoolPtrInput // Enables logging for the trail. Defaults to `true`. // Setting this to `false` will pause logging. EnableLogging pulumi.BoolPtrInput // Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these. EventSelectors TrailEventSelectorArrayInput // Specifies whether the trail is publishing events // from global services such as IAM to the log files. Defaults to `true`. IncludeGlobalServiceEvents pulumi.BoolPtrInput // Specifies an insight selector for identifying unusual operational activity. Fields documented below. InsightSelectors TrailInsightSelectorArrayInput // Specifies whether the trail is created in the current // region or in all regions. Defaults to `false`. IsMultiRegionTrail pulumi.BoolPtrInput // Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`. IsOrganizationTrail pulumi.BoolPtrInput // Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail. KmsKeyId pulumi.StringPtrInput // Specifies the name of the trail. Name pulumi.StringPtrInput // Specifies the name of the S3 bucket designated for publishing log files. S3BucketName pulumi.StringInput // Specifies the S3 key prefix that follows // the name of the bucket you have designated for log file delivery. S3KeyPrefix pulumi.StringPtrInput // Specifies the name of the Amazon SNS topic // defined for notification of log file delivery. SnsTopicName pulumi.StringPtrInput // A map of tags to assign to the trail Tags pulumi.StringMapInput }
The set of arguments for constructing a Trail resource.
func (TrailArgs) ElementType ¶
type TrailEventSelector ¶
type TrailEventSelector struct { // Specifies logging data events. Fields documented below. DataResources []TrailEventSelectorDataResource `pulumi:"dataResources"` // Specify if you want your event selector to include management events for your trail. IncludeManagementEvents *bool `pulumi:"includeManagementEvents"` // Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`. ReadWriteType *string `pulumi:"readWriteType"` }
type TrailEventSelectorArgs ¶
type TrailEventSelectorArgs struct { // Specifies logging data events. Fields documented below. DataResources TrailEventSelectorDataResourceArrayInput `pulumi:"dataResources"` // Specify if you want your event selector to include management events for your trail. IncludeManagementEvents pulumi.BoolPtrInput `pulumi:"includeManagementEvents"` // Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`. ReadWriteType pulumi.StringPtrInput `pulumi:"readWriteType"` }
func (TrailEventSelectorArgs) ElementType ¶
func (TrailEventSelectorArgs) ElementType() reflect.Type
func (TrailEventSelectorArgs) ToTrailEventSelectorOutput ¶
func (i TrailEventSelectorArgs) ToTrailEventSelectorOutput() TrailEventSelectorOutput
func (TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext ¶
func (i TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput
type TrailEventSelectorArray ¶
type TrailEventSelectorArray []TrailEventSelectorInput
func (TrailEventSelectorArray) ElementType ¶
func (TrailEventSelectorArray) ElementType() reflect.Type
func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutput ¶
func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput
func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext ¶
func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput
type TrailEventSelectorArrayInput ¶
type TrailEventSelectorArrayInput interface { pulumi.Input ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput ToTrailEventSelectorArrayOutputWithContext(context.Context) TrailEventSelectorArrayOutput }
TrailEventSelectorArrayInput is an input type that accepts TrailEventSelectorArray and TrailEventSelectorArrayOutput values. You can construct a concrete instance of `TrailEventSelectorArrayInput` via:
TrailEventSelectorArray{ TrailEventSelectorArgs{...} }
type TrailEventSelectorArrayOutput ¶
type TrailEventSelectorArrayOutput struct{ *pulumi.OutputState }
func (TrailEventSelectorArrayOutput) ElementType ¶
func (TrailEventSelectorArrayOutput) ElementType() reflect.Type
func (TrailEventSelectorArrayOutput) Index ¶
func (o TrailEventSelectorArrayOutput) Index(i pulumi.IntInput) TrailEventSelectorOutput
func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput ¶
func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput
func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext ¶
func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput
type TrailEventSelectorDataResource ¶
type TrailEventSelectorDataResource struct { // The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" Type string `pulumi:"type"` // A list of ARN for the specified S3 buckets and object prefixes.. Values []string `pulumi:"values"` }
type TrailEventSelectorDataResourceArgs ¶
type TrailEventSelectorDataResourceArgs struct { // The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" Type pulumi.StringInput `pulumi:"type"` // A list of ARN for the specified S3 buckets and object prefixes.. Values pulumi.StringArrayInput `pulumi:"values"` }
func (TrailEventSelectorDataResourceArgs) ElementType ¶
func (TrailEventSelectorDataResourceArgs) ElementType() reflect.Type
func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput ¶
func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext ¶
func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput
type TrailEventSelectorDataResourceArray ¶
type TrailEventSelectorDataResourceArray []TrailEventSelectorDataResourceInput
func (TrailEventSelectorDataResourceArray) ElementType ¶
func (TrailEventSelectorDataResourceArray) ElementType() reflect.Type
func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput ¶
func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext ¶
func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput
type TrailEventSelectorDataResourceArrayInput ¶
type TrailEventSelectorDataResourceArrayInput interface { pulumi.Input ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput ToTrailEventSelectorDataResourceArrayOutputWithContext(context.Context) TrailEventSelectorDataResourceArrayOutput }
TrailEventSelectorDataResourceArrayInput is an input type that accepts TrailEventSelectorDataResourceArray and TrailEventSelectorDataResourceArrayOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceArrayInput` via:
TrailEventSelectorDataResourceArray{ TrailEventSelectorDataResourceArgs{...} }
type TrailEventSelectorDataResourceArrayOutput ¶
type TrailEventSelectorDataResourceArrayOutput struct{ *pulumi.OutputState }
func (TrailEventSelectorDataResourceArrayOutput) ElementType ¶
func (TrailEventSelectorDataResourceArrayOutput) ElementType() reflect.Type
func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput ¶
func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext ¶
func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput
type TrailEventSelectorDataResourceInput ¶
type TrailEventSelectorDataResourceInput interface { pulumi.Input ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput ToTrailEventSelectorDataResourceOutputWithContext(context.Context) TrailEventSelectorDataResourceOutput }
TrailEventSelectorDataResourceInput is an input type that accepts TrailEventSelectorDataResourceArgs and TrailEventSelectorDataResourceOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceInput` via:
TrailEventSelectorDataResourceArgs{...}
type TrailEventSelectorDataResourceOutput ¶
type TrailEventSelectorDataResourceOutput struct{ *pulumi.OutputState }
func (TrailEventSelectorDataResourceOutput) ElementType ¶
func (TrailEventSelectorDataResourceOutput) ElementType() reflect.Type
func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput ¶
func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext ¶
func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput
func (TrailEventSelectorDataResourceOutput) Type ¶
func (o TrailEventSelectorDataResourceOutput) Type() pulumi.StringOutput
The resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function"
func (TrailEventSelectorDataResourceOutput) Values ¶
func (o TrailEventSelectorDataResourceOutput) Values() pulumi.StringArrayOutput
A list of ARN for the specified S3 buckets and object prefixes..
type TrailEventSelectorInput ¶
type TrailEventSelectorInput interface { pulumi.Input ToTrailEventSelectorOutput() TrailEventSelectorOutput ToTrailEventSelectorOutputWithContext(context.Context) TrailEventSelectorOutput }
TrailEventSelectorInput is an input type that accepts TrailEventSelectorArgs and TrailEventSelectorOutput values. You can construct a concrete instance of `TrailEventSelectorInput` via:
TrailEventSelectorArgs{...}
type TrailEventSelectorOutput ¶
type TrailEventSelectorOutput struct{ *pulumi.OutputState }
func (TrailEventSelectorOutput) DataResources ¶
func (o TrailEventSelectorOutput) DataResources() TrailEventSelectorDataResourceArrayOutput
Specifies logging data events. Fields documented below.
func (TrailEventSelectorOutput) ElementType ¶
func (TrailEventSelectorOutput) ElementType() reflect.Type
func (TrailEventSelectorOutput) IncludeManagementEvents ¶
func (o TrailEventSelectorOutput) IncludeManagementEvents() pulumi.BoolPtrOutput
Specify if you want your event selector to include management events for your trail.
func (TrailEventSelectorOutput) ReadWriteType ¶
func (o TrailEventSelectorOutput) ReadWriteType() pulumi.StringPtrOutput
Specify if you want your trail to log read-only events, write-only events, or all. By default, the value is All. You can specify only the following value: "ReadOnly", "WriteOnly", "All". Defaults to `All`.
func (TrailEventSelectorOutput) ToTrailEventSelectorOutput ¶
func (o TrailEventSelectorOutput) ToTrailEventSelectorOutput() TrailEventSelectorOutput
func (TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext ¶
func (o TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput
type TrailInsightSelector ¶ added in v3.3.0
type TrailInsightSelector struct { // The type of insights to log on a trail. In this release, only `ApiCallRateInsight` is supported as an insight type. InsightType string `pulumi:"insightType"` }
type TrailInsightSelectorArgs ¶ added in v3.3.0
type TrailInsightSelectorArgs struct { // The type of insights to log on a trail. In this release, only `ApiCallRateInsight` is supported as an insight type. InsightType pulumi.StringInput `pulumi:"insightType"` }
func (TrailInsightSelectorArgs) ElementType ¶ added in v3.3.0
func (TrailInsightSelectorArgs) ElementType() reflect.Type
func (TrailInsightSelectorArgs) ToTrailInsightSelectorOutput ¶ added in v3.3.0
func (i TrailInsightSelectorArgs) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput
func (TrailInsightSelectorArgs) ToTrailInsightSelectorOutputWithContext ¶ added in v3.3.0
func (i TrailInsightSelectorArgs) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput
type TrailInsightSelectorArray ¶ added in v3.3.0
type TrailInsightSelectorArray []TrailInsightSelectorInput
func (TrailInsightSelectorArray) ElementType ¶ added in v3.3.0
func (TrailInsightSelectorArray) ElementType() reflect.Type
func (TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutput ¶ added in v3.3.0
func (i TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput
func (TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutputWithContext ¶ added in v3.3.0
func (i TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput
type TrailInsightSelectorArrayInput ¶ added in v3.3.0
type TrailInsightSelectorArrayInput interface { pulumi.Input ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput ToTrailInsightSelectorArrayOutputWithContext(context.Context) TrailInsightSelectorArrayOutput }
TrailInsightSelectorArrayInput is an input type that accepts TrailInsightSelectorArray and TrailInsightSelectorArrayOutput values. You can construct a concrete instance of `TrailInsightSelectorArrayInput` via:
TrailInsightSelectorArray{ TrailInsightSelectorArgs{...} }
type TrailInsightSelectorArrayOutput ¶ added in v3.3.0
type TrailInsightSelectorArrayOutput struct{ *pulumi.OutputState }
func (TrailInsightSelectorArrayOutput) ElementType ¶ added in v3.3.0
func (TrailInsightSelectorArrayOutput) ElementType() reflect.Type
func (TrailInsightSelectorArrayOutput) Index ¶ added in v3.3.0
func (o TrailInsightSelectorArrayOutput) Index(i pulumi.IntInput) TrailInsightSelectorOutput
func (TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput ¶ added in v3.3.0
func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput
func (TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext ¶ added in v3.3.0
func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput
type TrailInsightSelectorInput ¶ added in v3.3.0
type TrailInsightSelectorInput interface { pulumi.Input ToTrailInsightSelectorOutput() TrailInsightSelectorOutput ToTrailInsightSelectorOutputWithContext(context.Context) TrailInsightSelectorOutput }
TrailInsightSelectorInput is an input type that accepts TrailInsightSelectorArgs and TrailInsightSelectorOutput values. You can construct a concrete instance of `TrailInsightSelectorInput` via:
TrailInsightSelectorArgs{...}
type TrailInsightSelectorOutput ¶ added in v3.3.0
type TrailInsightSelectorOutput struct{ *pulumi.OutputState }
func (TrailInsightSelectorOutput) ElementType ¶ added in v3.3.0
func (TrailInsightSelectorOutput) ElementType() reflect.Type
func (TrailInsightSelectorOutput) InsightType ¶ added in v3.3.0
func (o TrailInsightSelectorOutput) InsightType() pulumi.StringOutput
The type of insights to log on a trail. In this release, only `ApiCallRateInsight` is supported as an insight type.
func (TrailInsightSelectorOutput) ToTrailInsightSelectorOutput ¶ added in v3.3.0
func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput
func (TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext ¶ added in v3.3.0
func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput
type TrailState ¶
type TrailState struct { // The Amazon Resource Name of the trail. Arn pulumi.StringPtrInput // Specifies a log group name using an Amazon Resource Name (ARN), // that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard. CloudWatchLogsGroupArn pulumi.StringPtrInput // Specifies the role for the CloudWatch Logs // endpoint to assume to write to a user’s log group. CloudWatchLogsRoleArn pulumi.StringPtrInput // Specifies whether log file integrity validation is enabled. // Defaults to `false`. EnableLogFileValidation pulumi.BoolPtrInput // Enables logging for the trail. Defaults to `true`. // Setting this to `false` will pause logging. EnableLogging pulumi.BoolPtrInput // Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these. EventSelectors TrailEventSelectorArrayInput // The region in which the trail was created. HomeRegion pulumi.StringPtrInput // Specifies whether the trail is publishing events // from global services such as IAM to the log files. Defaults to `true`. IncludeGlobalServiceEvents pulumi.BoolPtrInput // Specifies an insight selector for identifying unusual operational activity. Fields documented below. InsightSelectors TrailInsightSelectorArrayInput // Specifies whether the trail is created in the current // region or in all regions. Defaults to `false`. IsMultiRegionTrail pulumi.BoolPtrInput // Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`. IsOrganizationTrail pulumi.BoolPtrInput // Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail. KmsKeyId pulumi.StringPtrInput // Specifies the name of the trail. Name pulumi.StringPtrInput // Specifies the name of the S3 bucket designated for publishing log files. S3BucketName pulumi.StringPtrInput // Specifies the S3 key prefix that follows // the name of the bucket you have designated for log file delivery. S3KeyPrefix pulumi.StringPtrInput // Specifies the name of the Amazon SNS topic // defined for notification of log file delivery. SnsTopicName pulumi.StringPtrInput // A map of tags to assign to the trail Tags pulumi.StringMapInput }
func (TrailState) ElementType ¶
func (TrailState) ElementType() reflect.Type