1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package types 4 5import ( 6 "time" 7) 8 9// Advanced event selectors let you create fine-grained selectors for the following 10// AWS CloudTrail event record fields. They help you control costs by logging only 11// those events that are important to you. For more information about advanced 12// event selectors, see Logging data events for trails 13// (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) 14// in the AWS CloudTrail User Guide. 15// 16// * readOnly 17// 18// * eventSource 19// 20// * eventName 21// 22// * 23// eventCategory 24// 25// * resources.type 26// 27// * resources.ARN 28// 29// You cannot apply both event 30// selectors and advanced event selectors to a trail. 31type AdvancedEventSelector struct { 32 33 // Contains all selector statements in an advanced event selector. 34 // 35 // This member is required. 36 FieldSelectors []AdvancedFieldSelector 37 38 // An optional, descriptive name for an advanced event selector, such as "Log data 39 // events for only two S3 buckets". 40 Name *string 41} 42 43// A single selector statement in an advanced event selector. 44type AdvancedFieldSelector struct { 45 46 // A field in an event record on which to filter events to be logged. Supported 47 // fields include readOnly, eventCategory, eventSource (for management events), 48 // eventName, resources.type, and resources.ARN. 49 // 50 // * readOnly - Optional. Can be set 51 // to Equals a value of true or false. A value of false logs both read and write 52 // events. 53 // 54 // * eventSource - For filtering management events only. This can be set 55 // only to NotEqualskms.amazonaws.com. 56 // 57 // * eventName - Can use any operator. You can 58 // use it to filter in or filter out any data event logged to CloudTrail, such as 59 // PutBucket. You can have multiple values for this field, separated by commas. 60 // 61 // * 62 // eventCategory - This is required. It must be set to Equals, and the value must 63 // be Management or Data. 64 // 65 // * resources.type - This field is required. resources.type 66 // can only use the Equals operator, and the value can be one of the following: 67 // AWS::S3::Object, AWS::Lambda::Function, or AWS::S3Outposts::Object. You can have 68 // only one resources.type field per selector. To log data events on more than one 69 // resource type, add another selector. 70 // 71 // * resources.ARN - You can use any operator 72 // with resources.ARN, but if you use Equals or NotEquals, the value must exactly 73 // match the ARN of a valid resource of the type you've specified in the template as 74 // the value of resources.type. For example, if resources.type equals 75 // AWS::S3::Object, the ARN must be in one of the following formats. The trailing 76 // slash is intentional; do not exclude it. 77 // 78 // * arn:partition:s3:::bucket_name/ 79 // 80 // * 81 // arn:partition:s3:::bucket_name/object_or_file_name/ 82 // 83 // When resources.type equals 84 // AWS::Lambda::Function, and the operator is set to Equals or NotEquals, the ARN 85 // must be in the following format: 86 // 87 // * 88 // arn:partition:lambda:region:account_ID:function:function_name 89 // 90 // When 91 // resources.type equals AWS::S3Outposts::Object, and the operator is set to Equals 92 // or NotEquals, the ARN must be in the following format: 93 // 94 // * 95 // arn:partition:s3-outposts:region:>account_ID:object_path 96 // 97 // This member is required. 98 Field *string 99 100 // An operator that includes events that match the last few characters of the event 101 // record field specified as the value of Field. 102 EndsWith []string 103 104 // An operator that includes events that match the exact value of the event record 105 // field specified as the value of Field. This is the only valid operator that you 106 // can use with the readOnly, eventCategory, and resources.type fields. 107 Equals []string 108 109 // An operator that excludes events that match the last few characters of the event 110 // record field specified as the value of Field. 111 NotEndsWith []string 112 113 // An operator that excludes events that match the exact value of the event record 114 // field specified as the value of Field. 115 NotEquals []string 116 117 // An operator that excludes events that match the first few characters of the 118 // event record field specified as the value of Field. 119 NotStartsWith []string 120 121 // An operator that includes events that match the first few characters of the 122 // event record field specified as the value of Field. 123 StartsWith []string 124} 125 126// The Amazon S3 buckets or AWS Lambda functions that you specify in your event 127// selectors for your trail to log data events. Data events provide information 128// about the resource operations performed on or within a resource itself. These 129// are also known as data plane operations. You can specify up to 250 data 130// resources for a trail. The total number of allowed data resources is 250. This 131// number can be distributed between 1 and 5 event selectors, but the total cannot 132// exceed 250 across all selectors. If you are using advanced event selectors, the 133// maximum total number of values for all conditions, across all advanced event 134// selectors for the trail, is 500. The following example demonstrates how logging 135// works when you configure logging of all data events for an S3 bucket named 136// bucket-1. In this example, the CloudTrail user specified an empty prefix, and 137// the option to log both Read and Write data events. 138// 139// * A user uploads an image 140// file to bucket-1. 141// 142// * The PutObject API operation is an Amazon S3 object-level 143// API. It is recorded as a data event in CloudTrail. Because the CloudTrail user 144// specified an S3 bucket with an empty prefix, events that occur on any object in 145// that bucket are logged. The trail processes and logs the event. 146// 147// * A user 148// uploads an object to an Amazon S3 bucket named arn:aws:s3:::bucket-2. 149// 150// * The 151// PutObject API operation occurred for an object in an S3 bucket that the 152// CloudTrail user didn't specify for the trail. The trail doesn’t log the 153// event. 154// 155// The following example demonstrates how logging works when you configure 156// logging of AWS Lambda data events for a Lambda function named MyLambdaFunction, 157// but not for all AWS Lambda functions. 158// 159// * A user runs a script that includes a 160// call to the MyLambdaFunction function and the MyOtherLambdaFunction function. 161// 162// * 163// The Invoke API operation on MyLambdaFunction is an AWS Lambda API. It is 164// recorded as a data event in CloudTrail. Because the CloudTrail user specified 165// logging data events for MyLambdaFunction, any invocations of that function are 166// logged. The trail processes and logs the event. 167// 168// * The Invoke API operation on 169// MyOtherLambdaFunction is an AWS Lambda API. Because the CloudTrail user did not 170// specify logging data events for all Lambda functions, the Invoke operation for 171// MyOtherLambdaFunction does not match the function specified for the trail. The 172// trail doesn’t log the event. 173type DataResource struct { 174 175 // The resource type in which you want to log data events. You can specify 176 // AWS::S3::Object or AWS::Lambda::Function resources. The AWS::S3Outposts::Object 177 // resource type is not valid in basic event selectors. To log data events on this 178 // resource type, use advanced event selectors. 179 Type *string 180 181 // An array of Amazon Resource Name (ARN) strings or partial ARN strings for the 182 // specified objects. 183 // 184 // * To log data events for all objects in all S3 buckets in 185 // your AWS account, specify the prefix as arn:aws:s3:::. This will also enable 186 // logging of data event activity performed by any user or role in your AWS 187 // account, even if that activity is performed on a bucket that belongs to another 188 // AWS account. 189 // 190 // * To log data events for all objects in an S3 bucket, specify the 191 // bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs 192 // data events for all objects in this S3 bucket. 193 // 194 // * To log data events for 195 // specific objects, specify the S3 bucket and object prefix such as 196 // arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in 197 // this S3 bucket that match the prefix. 198 // 199 // * To log data events for all functions in 200 // your AWS account, specify the prefix as arn:aws:lambda. This will also enable 201 // logging of Invoke activity performed by any user or role in your AWS account, 202 // even if that activity is performed on a function that belongs to another AWS 203 // account. 204 // 205 // * To log data events for a specific Lambda function, specify the 206 // function ARN. Lambda function ARNs are exact. For example, if you specify a 207 // function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, data 208 // events will only be logged for 209 // arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be 210 // logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2. 211 Values []string 212} 213 214// Contains information about an event that was returned by a lookup request. The 215// result includes a representation of a CloudTrail event. 216type Event struct { 217 218 // The AWS access key ID that was used to sign the request. If the request was made 219 // with temporary security credentials, this is the access key ID of the temporary 220 // credentials. 221 AccessKeyId *string 222 223 // A JSON string that contains a representation of the event returned. 224 CloudTrailEvent *string 225 226 // The CloudTrail ID of the event returned. 227 EventId *string 228 229 // The name of the event returned. 230 EventName *string 231 232 // The AWS service that the request was made to. 233 EventSource *string 234 235 // The date and time of the event returned. 236 EventTime *time.Time 237 238 // Information about whether the event is a write event or a read event. 239 ReadOnly *string 240 241 // A list of resources referenced by the event returned. 242 Resources []Resource 243 244 // A user name or role name of the requester that called the API in the event 245 // returned. 246 Username *string 247} 248 249// Use event selectors to further specify the management and data event settings 250// for your trail. By default, trails created without specific event selectors will 251// be configured to log all read and write management events, and no data events. 252// When an event occurs in your account, CloudTrail evaluates the event selector 253// for all trails. For each trail, if the event matches any event selector, the 254// trail processes and logs the event. If the event doesn't match any event 255// selector, the trail doesn't log the event. You can configure up to five event 256// selectors for a trail. You cannot apply both event selectors and advanced event 257// selectors to a trail. 258type EventSelector struct { 259 260 // CloudTrail supports data event logging for Amazon S3 objects and AWS Lambda 261 // functions. You can specify up to 250 resources for an individual event selector, 262 // but the total number of data resources cannot exceed 250 across all event 263 // selectors in a trail. This limit does not apply if you configure resource 264 // logging for all data events. For more information, see Data Events 265 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events) 266 // and Limits in AWS CloudTrail 267 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) 268 // in the AWS CloudTrail User Guide. 269 DataResources []DataResource 270 271 // An optional list of service event sources from which you do not want management 272 // events to be logged on your trail. In this release, the list can be empty 273 // (disables the filter), or it can filter out AWS Key Management Service events by 274 // containing "kms.amazonaws.com". By default, ExcludeManagementEventSources is 275 // empty, and AWS KMS events are included in events that are logged to your trail. 276 ExcludeManagementEventSources []string 277 278 // Specify if you want your event selector to include management events for your 279 // trail. For more information, see Management Events 280 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events) 281 // in the AWS CloudTrail User Guide. By default, the value is true. The first copy 282 // of management events is free. You are charged for additional copies of 283 // management events that you are logging on any subsequent trail in the same 284 // region. For more information about CloudTrail pricing, see AWS CloudTrail 285 // Pricing (http://aws.amazon.com/cloudtrail/pricing/). 286 IncludeManagementEvents *bool 287 288 // Specify if you want your trail to log read-only events, write-only events, or 289 // all. For example, the EC2 GetConsoleOutput is a read-only API operation and 290 // RunInstances is a write-only API operation. By default, the value is All. 291 ReadWriteType ReadWriteType 292} 293 294// A JSON string that contains a list of insight types that are logged on a trail. 295type InsightSelector struct { 296 297 // The type of insights to log on a trail. In this release, only ApiCallRateInsight 298 // is supported as an insight type. 299 InsightType InsightType 300} 301 302// Specifies an attribute and value that filter the events returned. 303type LookupAttribute struct { 304 305 // Specifies an attribute on which to filter the events returned. 306 // 307 // This member is required. 308 AttributeKey LookupAttributeKey 309 310 // Specifies a value for the specified AttributeKey. 311 // 312 // This member is required. 313 AttributeValue *string 314} 315 316// Contains information about a returned public key. 317type PublicKey struct { 318 319 // The fingerprint of the public key. 320 Fingerprint *string 321 322 // The ending time of validity of the public key. 323 ValidityEndTime *time.Time 324 325 // The starting time of validity of the public key. 326 ValidityStartTime *time.Time 327 328 // The DER encoded public key value in PKCS#1 format. 329 Value []byte 330} 331 332// Specifies the type and name of a resource referenced by an event. 333type Resource struct { 334 335 // The name of the resource referenced by the event returned. These are 336 // user-created names whose values will depend on the environment. For example, the 337 // resource name might be "auto-scaling-test-group" for an Auto Scaling Group or 338 // "i-1234567" for an EC2 Instance. 339 ResourceName *string 340 341 // The type of a resource referenced by the event returned. When the resource type 342 // cannot be determined, null is returned. Some examples of resource types are: 343 // Instance for EC2, Trail for CloudTrail, DBInstance for RDS, and AccessKey for 344 // IAM. To learn more about how to look up and filter events by the resource types 345 // supported for a service, see Filtering CloudTrail Events 346 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events). 347 ResourceType *string 348} 349 350// A resource tag. 351type ResourceTag struct { 352 353 // Specifies the ARN of the resource. 354 ResourceId *string 355 356 // A list of tags. 357 TagsList []Tag 358} 359 360// A custom key-value pair associated with a resource such as a CloudTrail trail. 361type Tag struct { 362 363 // The key in a key-value pair. The key must be must be no longer than 128 Unicode 364 // characters. The key must be unique for the resource to which it applies. 365 // 366 // This member is required. 367 Key *string 368 369 // The value in a key-value pair of a tag. The value must be no longer than 256 370 // Unicode characters. 371 Value *string 372} 373 374// The settings for a trail. 375type Trail struct { 376 377 // Specifies an Amazon Resource Name (ARN), a unique identifier that represents the 378 // log group to which CloudTrail logs will be delivered. 379 CloudWatchLogsLogGroupArn *string 380 381 // Specifies the role for the CloudWatch Logs endpoint to assume to write to a 382 // user's log group. 383 CloudWatchLogsRoleArn *string 384 385 // Specifies if the trail has custom event selectors. 386 HasCustomEventSelectors *bool 387 388 // Specifies whether a trail has insight types specified in an InsightSelector 389 // list. 390 HasInsightSelectors *bool 391 392 // The region in which the trail was created. 393 HomeRegion *string 394 395 // Set to True to include AWS API calls from AWS global services such as IAM. 396 // Otherwise, False. 397 IncludeGlobalServiceEvents *bool 398 399 // Specifies whether the trail exists only in one region or exists in all regions. 400 IsMultiRegionTrail *bool 401 402 // Specifies whether the trail is an organization trail. 403 IsOrganizationTrail *bool 404 405 // Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The 406 // value is a fully specified ARN to a KMS key in the format: 407 // arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012 408 KmsKeyId *string 409 410 // Specifies whether log file validation is enabled. 411 LogFileValidationEnabled *bool 412 413 // Name of the trail set by calling CreateTrail. The maximum length is 128 414 // characters. 415 Name *string 416 417 // Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. 418 // See Amazon S3 Bucket Naming Requirements 419 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html). 420 S3BucketName *string 421 422 // Specifies the Amazon S3 key prefix that comes after the name of the bucket you 423 // have designated for log file delivery. For more information, see Finding Your 424 // CloudTrail Log Files 425 // (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html).The 426 // maximum length is 200 characters. 427 S3KeyPrefix *string 428 429 // Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send 430 // notifications when log files are delivered. The format of a topic ARN is: 431 // arn:aws:sns:us-east-2:123456789012:MyTopic 432 SnsTopicARN *string 433 434 // This field is no longer in use. Use SnsTopicARN. 435 // 436 // Deprecated: This member has been deprecated. 437 SnsTopicName *string 438 439 // Specifies the ARN of the trail. The format of a trail ARN is: 440 // arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail 441 TrailARN *string 442} 443 444// Information about a CloudTrail trail, including the trail's name, home region, 445// and Amazon Resource Name (ARN). 446type TrailInfo struct { 447 448 // The AWS region in which a trail was created. 449 HomeRegion *string 450 451 // The name of a trail. 452 Name *string 453 454 // The ARN of a trail. 455 TrailARN *string 456} 457