cloudtrail

package
v4.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2021 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GetFunctionArgs added in v4.5.0 

type GetFunctionArgs struct {
	// Name of the CloudFront function.
	Name string `pulumi:"name"`
	// The function’s stage, either `DEVELOPMENT` or `LIVE`.
	Stage string `pulumi:"stage"`
}

A collection of arguments for invoking getFunction.

type GetFunctionResult added in v4.5.0 

type GetFunctionResult struct {
	// Amazon Resource Name (ARN) identifying your CloudFront Function.
	Arn string `pulumi:"arn"`
	// Source code of the function
	Code string `pulumi:"code"`
	// Comment.
	Comment string `pulumi:"comment"`
	// ETag hash of the function
	Etag string `pulumi:"etag"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// When this resource was last modified.
	LastModifiedTime string `pulumi:"lastModifiedTime"`
	Name             string `pulumi:"name"`
	// Identifier of the function's runtime.
	Runtime string `pulumi:"runtime"`
	Stage   string `pulumi:"stage"`
	// Status of the function. Can be `UNPUBLISHED`, `UNASSOCIATED` or `ASSOCIATED`.
	Status string `pulumi:"status"`
}

A collection of values returned by getFunction.

func GetFunction added in v4.5.0 

func GetFunction(ctx *pulumi.Context, args *GetFunctionArgs, opts ...pulumi.InvokeOption) (*GetFunctionResult, error)

Provides information about a CloudFront Function.

type GetServiceAccountArgs 

type GetServiceAccountArgs struct {
	// Name of the region whose AWS CloudTrail account ID is desired.
	// Defaults to the region from the AWS provider configuration.
	Region *string `pulumi:"region"`
}

A collection of arguments for invoking getServiceAccount.

type GetServiceAccountResult 

type GetServiceAccountResult struct {
	// The ARN of the AWS CloudTrail service account in the selected region.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id     string  `pulumi:"id"`
	Region *string `pulumi:"region"`
}

A collection of values returned by getServiceAccount.

func GetServiceAccount 

func GetServiceAccount(ctx *pulumi.Context, args *GetServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetServiceAccountResult, error)

Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html) in a given region for the purpose of allowing CloudTrail to store trail data in S3.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		main, err := cloudtrail.GetServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			ForceDestroy: pulumi.Bool(true),
			Policy:       pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2008-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"Put bucket policy needed for trails\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"AWS\": \"", main.Arn, "\"\n", "      },\n", "      \"Action\": \"s3:PutObject\",\n", "      \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\n", "    },\n", "    {\n", "      \"Sid\": \"Get bucket policy needed for trails\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"AWS\": \"", main.Arn, "\"\n", "      },\n", "      \"Action\": \"s3:GetBucketAcl\",\n", "      \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\n", "    }\n", "  ]\n", "}\n", "\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type Trail 

type Trail struct {
	pulumi.CustomResourceState

	// ARN of the trail.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.
	CloudWatchLogsGroupArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsGroupArn"`
	// Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrOutput `pulumi:"cloudWatchLogsRoleArn"`
	// Whether log file integrity validation is enabled. Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrOutput `pulumi:"enableLogFileValidation"`
	// Enables logging for the trail. Defaults to `true`. Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrOutput `pulumi:"enableLogging"`
	// Configuration block of an event selector for enabling data event logging. See details below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayOutput `pulumi:"eventSelectors"`
	// Region in which the trail was created.
	HomeRegion pulumi.StringOutput `pulumi:"homeRegion"`
	// Whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrOutput `pulumi:"includeGlobalServiceEvents"`
	// Configuration block for identifying unusual operational activity. See details below.
	InsightSelectors TrailInsightSelectorArrayOutput `pulumi:"insightSelectors"`
	// Whether the trail is created in the current region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrOutput `pulumi:"isMultiRegionTrail"`
	// Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrOutput `pulumi:"isOrganizationTrail"`
	// KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"`
	// Name of the trail.
	Name pulumi.StringOutput `pulumi:"name"`
	// Name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringOutput `pulumi:"s3BucketName"`
	// S3 key prefix that follows the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrOutput `pulumi:"s3KeyPrefix"`
	// Name of the Amazon SNS topic defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrOutput `pulumi:"snsTopicName"`
	// Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}

Provides a CloudTrail resource.

> **Tip:** For a multi-region trail, this resource must be in the home region of the trail.

> **Tip:** For an organization trail, this resource must be in the master account of the organization.

## Example Usage ### Basic

Enable CloudTrail to capture all compatible management events in region. For capturing events from services like IAM, `includeGlobalServiceEvents` must be enabled.

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucketPolicy(ctx, "bucketPolicy", &s3.BucketPolicyArgs{
			Bucket: bucket.ID(),
			Policy: pulumi.All(bucket.ID(), bucket.ID()).ApplyT(func(_args []interface{}) (string, error) {
				bucketId := _args[0].(string)
				bucketId1 := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "  {\n", "      \"Version\": \"2012-10-17\",\n", "      \"Statement\": [\n", "          {\n", "              \"Sid\": \"AWSCloudTrailAclCheck\",\n", "              \"Effect\": \"Allow\",\n", "              \"Principal\": {\n", "                \"Service\": \"cloudtrail.amazonaws.com\"\n", "              },\n", "              \"Action\": \"s3:GetBucketAcl\",\n", "              \"Resource\": \"arn:aws:s3:::", bucketId, "\"\n", "          },\n", "          {\n", "              \"Sid\": \"AWSCloudTrailWrite\",\n", "              \"Effect\": \"Allow\",\n", "              \"Principal\": {\n", "                \"Service\": \"cloudtrail.amazonaws.com\"\n", "              },\n", "              \"Action\": \"s3:PutObject\",\n", "              \"Resource\": \"arn:aws:s3:::", bucketId1, "/prefix/AWSLogs/", current.AccountId, "/*\",\n", "              \"Condition\": {\n", "                  \"StringEquals\": {\n", "                      \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n", "                  }\n", "              }\n", "          }\n", "      ]\n", "  }\n"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "foobar", &cloudtrail.TrailArgs{
			S3BucketName:               bucket.ID(),
			S3KeyPrefix:                pulumi.String("prefix"),
			IncludeGlobalServiceEvents: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Data Event Logging

CloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the [CloudTrail API DataResource documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DataResource.html). ### Logging All Lambda Function Invocations

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			S3BucketName: bucket.ID(),
			S3KeyPrefix:  pulumi.String("prefix"),
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					ReadWriteType:           pulumi.String("All"),
					IncludeManagementEvents: pulumi.Bool(true),
					DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
						&cloudtrail.TrailEventSelectorDataResourceArgs{
							Type: pulumi.String("AWS::Lambda::Function"),
							Values: pulumi.StringArray{
								pulumi.String("arn:aws:lambda"),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Logging All S3 Bucket Object Events

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			S3BucketName: bucket.ID(),
			S3KeyPrefix:  pulumi.String("prefix"),
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					ReadWriteType:           pulumi.String("All"),
					IncludeManagementEvents: pulumi.Bool(true),
					DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
						&cloudtrail.TrailEventSelectorDataResourceArgs{
							Type: pulumi.String("AWS::S3::Object"),
							Values: pulumi.StringArray{
								pulumi.String("arn:aws:s3:::"),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Logging Individual S3 Bucket Events

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		important_bucket, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{
			Bucket: "important-bucket",
		}, nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "example", &cloudtrail.TrailArgs{
			S3BucketName: pulumi.String(important_bucket.Id),
			S3KeyPrefix:  pulumi.String("prefix"),
			EventSelectors: cloudtrail.TrailEventSelectorArray{
				&cloudtrail.TrailEventSelectorArgs{
					ReadWriteType:           pulumi.String("All"),
					IncludeManagementEvents: pulumi.Bool(true),
					DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
						&cloudtrail.TrailEventSelectorDataResourceArgs{
							Type: pulumi.String("AWS::S3::Object"),
							Values: pulumi.StringArray{
								pulumi.String(fmt.Sprintf("%v%v", important_bucket.Arn, "/")),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Sending Events to CloudWatch Logs

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v4/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetPartition(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil)
		if err != nil {
			return err
		}
		testRole, err := iam.NewRole(ctx, "testRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"cloudtrail.", current.DnsSuffix, "\"\n", "      },\n", "      \"Action\": \"sts:AssumeRole\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "testRolePolicy", &iam.RolePolicyArgs{
			Role:   testRole.ID(),
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"AWSCloudTrailCreateLogStream\",\n", "      \"Effect\": \"Allow\",\n", "      \"Action\": [\n", "        \"logs:CreateLogStream\",\n", "        \"logs:PutLogEvents\"\n", "      ],\n", "      \"Resource\": \"", aws_cloudwatch_log_group.Test.Arn, ":*\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewTrail(ctx, "exampleTrail", &cloudtrail.TrailArgs{
			S3BucketName:          pulumi.Any(data.Aws_s3_bucket.Important - bucket.Id),
			S3KeyPrefix:           pulumi.String("prefix"),
			CloudWatchLogsRoleArn: testRole.Arn,
			CloudWatchLogsGroupArn: exampleLogGroup.Arn.ApplyT(func(arn string) (string, error) {
				return fmt.Sprintf("%v%v", arn, ":*"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Cloudtrails can be imported using the `name`, e.g.

```sh 

$ pulumi import aws:cloudtrail/trail:Trail sample my-sample-trail

```

func GetTrail 

func GetTrail(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *TrailState, opts ...pulumi.ResourceOption) (*Trail, error)

GetTrail gets an existing Trail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewTrail 

func NewTrail(ctx *pulumi.Context,
	name string, args *TrailArgs, opts ...pulumi.ResourceOption) (*Trail, error)

NewTrail registers a new resource with the given unique name, arguments, and options.

func (*Trail) ElementType 

func (*Trail) ElementType() reflect.Type

func (*Trail) ToTrailOutput 

func (i *Trail) ToTrailOutput() TrailOutput

func (*Trail) ToTrailOutputWithContext 

func (i *Trail) ToTrailOutputWithContext(ctx context.Context) TrailOutput

func (*Trail) ToTrailPtrOutput 

func (i *Trail) ToTrailPtrOutput() TrailPtrOutput

func (*Trail) ToTrailPtrOutputWithContext 

func (i *Trail) ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput

type TrailArgs 

type TrailArgs struct {
	// Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.
	CloudWatchLogsGroupArn pulumi.StringPtrInput
	// Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrInput
	// Whether log file integrity validation is enabled. Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrInput
	// Enables logging for the trail. Defaults to `true`. Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrInput
	// Configuration block of an event selector for enabling data event logging. See details below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayInput
	// Whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrInput
	// Configuration block for identifying unusual operational activity. See details below.
	InsightSelectors TrailInsightSelectorArrayInput
	// Whether the trail is created in the current region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrInput
	// Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrInput
	// KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrInput
	// Name of the trail.
	Name pulumi.StringPtrInput
	// Name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringInput
	// S3 key prefix that follows the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrInput
	// Name of the Amazon SNS topic defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrInput
	// Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider.
	TagsAll pulumi.StringMapInput
}

The set of arguments for constructing a Trail resource.

func (TrailArgs) ElementType 

func (TrailArgs) ElementType() reflect.Type

type TrailArray 

type TrailArray []TrailInput

func (TrailArray) ElementType 

func (TrailArray) ElementType() reflect.Type

func (TrailArray) ToTrailArrayOutput 

func (i TrailArray) ToTrailArrayOutput() TrailArrayOutput

func (TrailArray) ToTrailArrayOutputWithContext 

func (i TrailArray) ToTrailArrayOutputWithContext(ctx context.Context) TrailArrayOutput

type TrailArrayInput 

type TrailArrayInput interface {
	pulumi.Input

	ToTrailArrayOutput() TrailArrayOutput
	ToTrailArrayOutputWithContext(context.Context) TrailArrayOutput
}

TrailArrayInput is an input type that accepts TrailArray and TrailArrayOutput values. You can construct a concrete instance of `TrailArrayInput` via: 

TrailArray{ TrailArgs{...} }

type TrailArrayOutput 

type TrailArrayOutput struct{ *pulumi.OutputState }

func (TrailArrayOutput) ElementType 

func (TrailArrayOutput) ElementType() reflect.Type

func (TrailArrayOutput) Index 

func (o TrailArrayOutput) Index(i pulumi.IntInput) TrailOutput

func (TrailArrayOutput) ToTrailArrayOutput 

func (o TrailArrayOutput) ToTrailArrayOutput() TrailArrayOutput

func (TrailArrayOutput) ToTrailArrayOutputWithContext 

func (o TrailArrayOutput) ToTrailArrayOutputWithContext(ctx context.Context) TrailArrayOutput

type TrailEventSelector 

type TrailEventSelector struct {
	// Configuration block for data events. See details below.
	DataResources []TrailEventSelectorDataResource `pulumi:"dataResources"`
	// Whether to include management events for your trail.
	IncludeManagementEvents *bool `pulumi:"includeManagementEvents"`
	// Type of events to log. Valid values are `ReadOnly`, `WriteOnly`, `All`. Default value is `All`.
	ReadWriteType *string `pulumi:"readWriteType"`
}

type TrailEventSelectorArgs 

type TrailEventSelectorArgs struct {
	// Configuration block for data events. See details below.
	DataResources TrailEventSelectorDataResourceArrayInput `pulumi:"dataResources"`
	// Whether to include management events for your trail.
	IncludeManagementEvents pulumi.BoolPtrInput `pulumi:"includeManagementEvents"`
	// Type of events to log. Valid values are `ReadOnly`, `WriteOnly`, `All`. Default value is `All`.
	ReadWriteType pulumi.StringPtrInput `pulumi:"readWriteType"`
}

func (TrailEventSelectorArgs) ElementType 

func (TrailEventSelectorArgs) ElementType() reflect.Type

func (TrailEventSelectorArgs) ToTrailEventSelectorOutput 

func (i TrailEventSelectorArgs) ToTrailEventSelectorOutput() TrailEventSelectorOutput

func (TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext 

func (i TrailEventSelectorArgs) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput

type TrailEventSelectorArray 

type TrailEventSelectorArray []TrailEventSelectorInput

func (TrailEventSelectorArray) ElementType 

func (TrailEventSelectorArray) ElementType() reflect.Type

func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutput 

func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput

func (TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext 

func (i TrailEventSelectorArray) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput

type TrailEventSelectorArrayInput 

type TrailEventSelectorArrayInput interface {
	pulumi.Input

	ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput
	ToTrailEventSelectorArrayOutputWithContext(context.Context) TrailEventSelectorArrayOutput
}

TrailEventSelectorArrayInput is an input type that accepts TrailEventSelectorArray and TrailEventSelectorArrayOutput values. You can construct a concrete instance of `TrailEventSelectorArrayInput` via: 

TrailEventSelectorArray{ TrailEventSelectorArgs{...} }

type TrailEventSelectorArrayOutput 

type TrailEventSelectorArrayOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorArrayOutput) ElementType 

func (TrailEventSelectorArrayOutput) ElementType() reflect.Type

func (TrailEventSelectorArrayOutput) Index 

func (o TrailEventSelectorArrayOutput) Index(i pulumi.IntInput) TrailEventSelectorOutput

func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput 

func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutput() TrailEventSelectorArrayOutput

func (TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext 

func (o TrailEventSelectorArrayOutput) ToTrailEventSelectorArrayOutputWithContext(ctx context.Context) TrailEventSelectorArrayOutput

type TrailEventSelectorDataResource 

type TrailEventSelectorDataResource struct {
	// Resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table".
	Type string `pulumi:"type"`
	// List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued `type`. For example, `arn:aws:s3:::<bucket name>/` for all objects in a bucket, `arn:aws:s3:::<bucket name>/key` for specific objects, `arn:aws:lambda` for all lambda events within an account, `arn:aws:lambda:<region>:<account number>:function:<function name>` for a specific Lambda function, `arn:aws:dynamodb` for all DDB events for all tables within an account, or `arn:aws:dynamodb:<region>:<account number>:table/<table name>` for a specific DynamoDB table.
	Values []string `pulumi:"values"`
}

type TrailEventSelectorDataResourceArgs 

type TrailEventSelectorDataResourceArgs struct {
	// Resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table".
	Type pulumi.StringInput `pulumi:"type"`
	// List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued `type`. For example, `arn:aws:s3:::<bucket name>/` for all objects in a bucket, `arn:aws:s3:::<bucket name>/key` for specific objects, `arn:aws:lambda` for all lambda events within an account, `arn:aws:lambda:<region>:<account number>:function:<function name>` for a specific Lambda function, `arn:aws:dynamodb` for all DDB events for all tables within an account, or `arn:aws:dynamodb:<region>:<account number>:table/<table name>` for a specific DynamoDB table.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (TrailEventSelectorDataResourceArgs) ElementType 

func (TrailEventSelectorDataResourceArgs) ElementType() reflect.Type

func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput 

func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext 

func (i TrailEventSelectorDataResourceArgs) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput

type TrailEventSelectorDataResourceArray 

type TrailEventSelectorDataResourceArray []TrailEventSelectorDataResourceInput

func (TrailEventSelectorDataResourceArray) ElementType 

func (TrailEventSelectorDataResourceArray) ElementType() reflect.Type

func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput 

func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput

func (TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext 

func (i TrailEventSelectorDataResourceArray) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceArrayInput 

type TrailEventSelectorDataResourceArrayInput interface {
	pulumi.Input

	ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput
	ToTrailEventSelectorDataResourceArrayOutputWithContext(context.Context) TrailEventSelectorDataResourceArrayOutput
}

TrailEventSelectorDataResourceArrayInput is an input type that accepts TrailEventSelectorDataResourceArray and TrailEventSelectorDataResourceArrayOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceArrayInput` via: 

TrailEventSelectorDataResourceArray{ TrailEventSelectorDataResourceArgs{...} }

type TrailEventSelectorDataResourceArrayOutput 

type TrailEventSelectorDataResourceArrayOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorDataResourceArrayOutput) ElementType 

func (TrailEventSelectorDataResourceArrayOutput) ElementType() reflect.Type

func (TrailEventSelectorDataResourceArrayOutput) Index 

func (o TrailEventSelectorDataResourceArrayOutput) Index(i pulumi.IntInput) TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput 

func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutput() TrailEventSelectorDataResourceArrayOutput

func (TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext 

func (o TrailEventSelectorDataResourceArrayOutput) ToTrailEventSelectorDataResourceArrayOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceArrayOutput

type TrailEventSelectorDataResourceInput 

type TrailEventSelectorDataResourceInput interface {
	pulumi.Input

	ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput
	ToTrailEventSelectorDataResourceOutputWithContext(context.Context) TrailEventSelectorDataResourceOutput
}

TrailEventSelectorDataResourceInput is an input type that accepts TrailEventSelectorDataResourceArgs and TrailEventSelectorDataResourceOutput values. You can construct a concrete instance of `TrailEventSelectorDataResourceInput` via: 

TrailEventSelectorDataResourceArgs{...}

type TrailEventSelectorDataResourceOutput 

type TrailEventSelectorDataResourceOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorDataResourceOutput) ElementType 

func (TrailEventSelectorDataResourceOutput) ElementType() reflect.Type

func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput 

func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutput() TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext 

func (o TrailEventSelectorDataResourceOutput) ToTrailEventSelectorDataResourceOutputWithContext(ctx context.Context) TrailEventSelectorDataResourceOutput

func (TrailEventSelectorDataResourceOutput) Type 

func (o TrailEventSelectorDataResourceOutput) Type() pulumi.StringOutput

Resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table".

func (TrailEventSelectorDataResourceOutput) Values 

func (o TrailEventSelectorDataResourceOutput) Values() pulumi.StringArrayOutput

List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued `type`. For example, `arn:aws:s3:::<bucket name>/` for all objects in a bucket, `arn:aws:s3:::<bucket name>/key` for specific objects, `arn:aws:lambda` for all lambda events within an account, `arn:aws:lambda:<region>:<account number>:function:<function name>` for a specific Lambda function, `arn:aws:dynamodb` for all DDB events for all tables within an account, or `arn:aws:dynamodb:<region>:<account number>:table/<table name>` for a specific DynamoDB table.

type TrailEventSelectorInput 

type TrailEventSelectorInput interface {
	pulumi.Input

	ToTrailEventSelectorOutput() TrailEventSelectorOutput
	ToTrailEventSelectorOutputWithContext(context.Context) TrailEventSelectorOutput
}

TrailEventSelectorInput is an input type that accepts TrailEventSelectorArgs and TrailEventSelectorOutput values. You can construct a concrete instance of `TrailEventSelectorInput` via: 

TrailEventSelectorArgs{...}

type TrailEventSelectorOutput 

type TrailEventSelectorOutput struct{ *pulumi.OutputState }

func (TrailEventSelectorOutput) DataResources 

func (o TrailEventSelectorOutput) DataResources() TrailEventSelectorDataResourceArrayOutput

Configuration block for data events. See details below.

func (TrailEventSelectorOutput) ElementType 

func (TrailEventSelectorOutput) ElementType() reflect.Type

func (TrailEventSelectorOutput) IncludeManagementEvents 

func (o TrailEventSelectorOutput) IncludeManagementEvents() pulumi.BoolPtrOutput

Whether to include management events for your trail.

func (TrailEventSelectorOutput) ReadWriteType 

func (o TrailEventSelectorOutput) ReadWriteType() pulumi.StringPtrOutput

Type of events to log. Valid values are `ReadOnly`, `WriteOnly`, `All`. Default value is `All`.

func (TrailEventSelectorOutput) ToTrailEventSelectorOutput 

func (o TrailEventSelectorOutput) ToTrailEventSelectorOutput() TrailEventSelectorOutput

func (TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext 

func (o TrailEventSelectorOutput) ToTrailEventSelectorOutputWithContext(ctx context.Context) TrailEventSelectorOutput

type TrailInput 

type TrailInput interface {
	pulumi.Input

	ToTrailOutput() TrailOutput
	ToTrailOutputWithContext(ctx context.Context) TrailOutput
}

type TrailInsightSelector 

type TrailInsightSelector struct {
	// Type of insights to log on a trail. The valid value is `ApiCallRateInsight`.
	InsightType string `pulumi:"insightType"`
}

type TrailInsightSelectorArgs 

type TrailInsightSelectorArgs struct {
	// Type of insights to log on a trail. The valid value is `ApiCallRateInsight`.
	InsightType pulumi.StringInput `pulumi:"insightType"`
}

func (TrailInsightSelectorArgs) ElementType 

func (TrailInsightSelectorArgs) ElementType() reflect.Type

func (TrailInsightSelectorArgs) ToTrailInsightSelectorOutput 

func (i TrailInsightSelectorArgs) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput

func (TrailInsightSelectorArgs) ToTrailInsightSelectorOutputWithContext 

func (i TrailInsightSelectorArgs) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput

type TrailInsightSelectorArray 

type TrailInsightSelectorArray []TrailInsightSelectorInput

func (TrailInsightSelectorArray) ElementType 

func (TrailInsightSelectorArray) ElementType() reflect.Type

func (TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutput 

func (i TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput

func (TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutputWithContext 

func (i TrailInsightSelectorArray) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput

type TrailInsightSelectorArrayInput 

type TrailInsightSelectorArrayInput interface {
	pulumi.Input

	ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput
	ToTrailInsightSelectorArrayOutputWithContext(context.Context) TrailInsightSelectorArrayOutput
}

TrailInsightSelectorArrayInput is an input type that accepts TrailInsightSelectorArray and TrailInsightSelectorArrayOutput values. You can construct a concrete instance of `TrailInsightSelectorArrayInput` via: 

TrailInsightSelectorArray{ TrailInsightSelectorArgs{...} }

type TrailInsightSelectorArrayOutput 

type TrailInsightSelectorArrayOutput struct{ *pulumi.OutputState }

func (TrailInsightSelectorArrayOutput) ElementType 

func (TrailInsightSelectorArrayOutput) ElementType() reflect.Type

func (TrailInsightSelectorArrayOutput) Index 

func (o TrailInsightSelectorArrayOutput) Index(i pulumi.IntInput) TrailInsightSelectorOutput

func (TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput 

func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutput() TrailInsightSelectorArrayOutput

func (TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext 

func (o TrailInsightSelectorArrayOutput) ToTrailInsightSelectorArrayOutputWithContext(ctx context.Context) TrailInsightSelectorArrayOutput

type TrailInsightSelectorInput 

type TrailInsightSelectorInput interface {
	pulumi.Input

	ToTrailInsightSelectorOutput() TrailInsightSelectorOutput
	ToTrailInsightSelectorOutputWithContext(context.Context) TrailInsightSelectorOutput
}

TrailInsightSelectorInput is an input type that accepts TrailInsightSelectorArgs and TrailInsightSelectorOutput values. You can construct a concrete instance of `TrailInsightSelectorInput` via: 

TrailInsightSelectorArgs{...}

type TrailInsightSelectorOutput 

type TrailInsightSelectorOutput struct{ *pulumi.OutputState }

func (TrailInsightSelectorOutput) ElementType 

func (TrailInsightSelectorOutput) ElementType() reflect.Type

func (TrailInsightSelectorOutput) InsightType 

func (o TrailInsightSelectorOutput) InsightType() pulumi.StringOutput

Type of insights to log on a trail. The valid value is `ApiCallRateInsight`.

func (TrailInsightSelectorOutput) ToTrailInsightSelectorOutput 

func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutput() TrailInsightSelectorOutput

func (TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext 

func (o TrailInsightSelectorOutput) ToTrailInsightSelectorOutputWithContext(ctx context.Context) TrailInsightSelectorOutput

type TrailMap 

type TrailMap map[string]TrailInput

func (TrailMap) ElementType 

func (TrailMap) ElementType() reflect.Type

func (TrailMap) ToTrailMapOutput 

func (i TrailMap) ToTrailMapOutput() TrailMapOutput

func (TrailMap) ToTrailMapOutputWithContext 

func (i TrailMap) ToTrailMapOutputWithContext(ctx context.Context) TrailMapOutput

type TrailMapInput 

type TrailMapInput interface {
	pulumi.Input

	ToTrailMapOutput() TrailMapOutput
	ToTrailMapOutputWithContext(context.Context) TrailMapOutput
}

TrailMapInput is an input type that accepts TrailMap and TrailMapOutput values. You can construct a concrete instance of `TrailMapInput` via: 

TrailMap{ "key": TrailArgs{...} }

type TrailMapOutput 

type TrailMapOutput struct{ *pulumi.OutputState }

func (TrailMapOutput) ElementType 

func (TrailMapOutput) ElementType() reflect.Type

func (TrailMapOutput) MapIndex 

func (o TrailMapOutput) MapIndex(k pulumi.StringInput) TrailOutput

func (TrailMapOutput) ToTrailMapOutput 

func (o TrailMapOutput) ToTrailMapOutput() TrailMapOutput

func (TrailMapOutput) ToTrailMapOutputWithContext 

func (o TrailMapOutput) ToTrailMapOutputWithContext(ctx context.Context) TrailMapOutput

type TrailOutput 

type TrailOutput struct {
	*pulumi.OutputState
}

func (TrailOutput) ElementType 

func (TrailOutput) ElementType() reflect.Type

func (TrailOutput) ToTrailOutput 

func (o TrailOutput) ToTrailOutput() TrailOutput

func (TrailOutput) ToTrailOutputWithContext 

func (o TrailOutput) ToTrailOutputWithContext(ctx context.Context) TrailOutput

func (TrailOutput) ToTrailPtrOutput 

func (o TrailOutput) ToTrailPtrOutput() TrailPtrOutput

func (TrailOutput) ToTrailPtrOutputWithContext 

func (o TrailOutput) ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput

type TrailPtrInput 

type TrailPtrInput interface {
	pulumi.Input

	ToTrailPtrOutput() TrailPtrOutput
	ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput
}

type TrailPtrOutput 

type TrailPtrOutput struct {
	*pulumi.OutputState
}

func (TrailPtrOutput) ElementType 

func (TrailPtrOutput) ElementType() reflect.Type

func (TrailPtrOutput) ToTrailPtrOutput 

func (o TrailPtrOutput) ToTrailPtrOutput() TrailPtrOutput

func (TrailPtrOutput) ToTrailPtrOutputWithContext 

func (o TrailPtrOutput) ToTrailPtrOutputWithContext(ctx context.Context) TrailPtrOutput

type TrailState 

type TrailState struct {
	// ARN of the trail.
	Arn pulumi.StringPtrInput
	// Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.
	CloudWatchLogsGroupArn pulumi.StringPtrInput
	// Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.
	CloudWatchLogsRoleArn pulumi.StringPtrInput
	// Whether log file integrity validation is enabled. Defaults to `false`.
	EnableLogFileValidation pulumi.BoolPtrInput
	// Enables logging for the trail. Defaults to `true`. Setting this to `false` will pause logging.
	EnableLogging pulumi.BoolPtrInput
	// Configuration block of an event selector for enabling data event logging. See details below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.
	EventSelectors TrailEventSelectorArrayInput
	// Region in which the trail was created.
	HomeRegion pulumi.StringPtrInput
	// Whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`.
	IncludeGlobalServiceEvents pulumi.BoolPtrInput
	// Configuration block for identifying unusual operational activity. See details below.
	InsightSelectors TrailInsightSelectorArrayInput
	// Whether the trail is created in the current region or in all regions. Defaults to `false`.
	IsMultiRegionTrail pulumi.BoolPtrInput
	// Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.
	IsOrganizationTrail pulumi.BoolPtrInput
	// KMS key ARN to use to encrypt the logs delivered by CloudTrail.
	KmsKeyId pulumi.StringPtrInput
	// Name of the trail.
	Name pulumi.StringPtrInput
	// Name of the S3 bucket designated for publishing log files.
	S3BucketName pulumi.StringPtrInput
	// S3 key prefix that follows the name of the bucket you have designated for log file delivery.
	S3KeyPrefix pulumi.StringPtrInput
	// Name of the Amazon SNS topic defined for notification of log file delivery.
	SnsTopicName pulumi.StringPtrInput
	// Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider.
	TagsAll pulumi.StringMapInput
}

func (TrailState) ElementType 

func (TrailState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.