aws_lite_rs/types/cloudtrail.rs
1//! Types for the AWS CloudTrail API (v1).
2//!
3//! Auto-generated from the AWS Botocore Model.
4//! **Do not edit manually** — modify the manifest and re-run codegen.
5
6use serde::{Deserialize, Serialize};
7
8/// Returns information about the trail.
9///
10/// **AWS API**: `cloudtrail.v1.DescribeTrailsRequest`
11/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//DescribeTrailsRequest>
12#[derive(Debug, Clone, Default, Serialize, Deserialize)]
13#[serde(rename_all = "PascalCase")]
14pub struct DescribeTrailsRequest {
15 /// Specifies a list of trail names, trail ARNs, or both, of the trails to describe. The
16 /// format of a trail ARN is: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail If an
17 /// empty list is specified, information for the trail in the current Region is returned. If
18 /// an empty list is specified and IncludeShadowTrails is false, then information for all
19 /// trails in the current Region is returned. If an empty list is specified and
20 /// IncludeShadowTrails is null or true, then information for all trails in the current
21 /// Region and any associated shadow trails in other Regions is returned. If one or more
22 /// trail names are specified, information is returned only if the names match the names of
23 /// trails belonging only to the current Region and current account. To return information
24 /// about a trail in another Region, you must specify its trail ARN.
25 #[serde(rename = "trailNameList")]
26 #[serde(default)]
27 #[serde(skip_serializing_if = "Vec::is_empty")]
28 pub trail_name_list: Vec<String>,
29
30 /// Specifies whether to include shadow trails in the response. A shadow trail is the
31 /// replication in a Region of a trail that was created in a different Region, or in the
32 /// case of an organization trail, the replication of an organization trail in member
33 /// accounts. If you do not include shadow trails, organization trails in a member account
34 /// and Region replication trails will not be returned. The default is true.
35 #[serde(rename = "includeShadowTrails")]
36 #[serde(skip_serializing_if = "Option::is_none")]
37 pub include_shadow_trails: Option<bool>,
38}
39
40impl DescribeTrailsRequest {
41 #[cfg(any(test, feature = "test-support"))]
42 /// Create a fixture instance for testing.
43 pub fn fixture() -> Self {
44 Self {
45 trail_name_list: vec![],
46 include_shadow_trails: Some(false),
47 }
48 }
49}
50
51/// Returns the objects or data listed below if successful. Otherwise, returns an error.
52///
53/// **AWS API**: `cloudtrail.v1.DescribeTrailsResponse`
54/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//DescribeTrailsResponse>
55#[derive(Debug, Clone, Default, Serialize, Deserialize)]
56#[serde(rename_all = "PascalCase")]
57pub struct DescribeTrailsResponse {
58 /// The list of trail objects. Trail objects with string values are only returned if values
59 /// for the objects exist in a trail's configuration. For example, SNSTopicName and
60 /// SNSTopicARN are only returned in results if a trail is configured to send SNS
61 /// notifications. Similarly, KMSKeyId only appears in results if a trail's log files are
62 /// encrypted with KMS customer managed keys.
63 #[serde(rename = "trailList")]
64 #[serde(default)]
65 #[serde(skip_serializing_if = "Vec::is_empty")]
66 pub trail_list: Vec<Trail>,
67}
68
69impl DescribeTrailsResponse {
70 #[cfg(any(test, feature = "test-support"))]
71 /// Create a fixture instance for testing.
72 pub fn fixture() -> Self {
73 Self { trail_list: vec![] }
74 }
75}
76
77/// The settings for a trail.
78///
79/// **AWS API**: `cloudtrail.v1.Trail`
80/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//Trail>
81///
82/// ## Coverage
83/// 15 of 16 fields included.
84/// Omitted fields:
85/// - `SnsTopicName` — not selected in manifest
86#[derive(Debug, Clone, Default, Serialize, Deserialize)]
87#[serde(rename_all = "PascalCase")]
88pub struct Trail {
89 /// Name of the trail set by calling CreateTrail. The maximum length is 128 characters.
90 #[serde(skip_serializing_if = "Option::is_none")]
91 pub name: Option<String>,
92
93 /// Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. See Amazon
94 /// S3 Bucket naming rules.
95 #[serde(skip_serializing_if = "Option::is_none")]
96 pub s3_bucket_name: Option<String>,
97
98 /// Specifies the Amazon S3 key prefix that comes after the name of the bucket you have
99 /// designated for log file delivery. For more information, see Finding Your CloudTrail Log
100 /// Files. The maximum length is 200 characters.
101 #[serde(skip_serializing_if = "Option::is_none")]
102 pub s3_key_prefix: Option<String>,
103
104 /// Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications
105 /// when log files are delivered. The following is the format of a topic ARN.
106 /// arn:aws:sns:us-east-2:123456789012:MyTopic
107 #[serde(rename = "SnsTopicARN")]
108 #[serde(skip_serializing_if = "Option::is_none")]
109 pub sns_topic_arn: Option<String>,
110
111 /// Set to True to include Amazon Web Services API calls from Amazon Web Services global
112 /// services such as IAM. Otherwise, False.
113 #[serde(skip_serializing_if = "Option::is_none")]
114 pub include_global_service_events: Option<bool>,
115
116 /// Specifies whether the trail exists only in one Region or exists in all Regions.
117 #[serde(skip_serializing_if = "Option::is_none")]
118 pub is_multi_region_trail: Option<bool>,
119
120 /// The Region in which the trail was created.
121 #[serde(skip_serializing_if = "Option::is_none")]
122 pub home_region: Option<String>,
123
124 /// Specifies the ARN of the trail. The following is the format of a trail ARN.
125 /// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
126 #[serde(rename = "TrailARN")]
127 #[serde(skip_serializing_if = "Option::is_none")]
128 pub trail_arn: Option<String>,
129
130 /// Specifies whether log file validation is enabled.
131 #[serde(skip_serializing_if = "Option::is_none")]
132 pub log_file_validation_enabled: Option<bool>,
133
134 /// Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log
135 /// group to which CloudTrail logs will be delivered.
136 #[serde(skip_serializing_if = "Option::is_none")]
137 pub cloud_watch_logs_log_group_arn: Option<String>,
138
139 /// Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log
140 /// group.
141 #[serde(skip_serializing_if = "Option::is_none")]
142 pub cloud_watch_logs_role_arn: Option<String>,
143
144 /// Specifies the KMS key ID that encrypts the logs and digest files delivered by
145 /// CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
146 /// arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
147 #[serde(skip_serializing_if = "Option::is_none")]
148 pub kms_key_id: Option<String>,
149
150 /// Specifies if the trail has custom event selectors.
151 #[serde(skip_serializing_if = "Option::is_none")]
152 pub has_custom_event_selectors: Option<bool>,
153
154 /// Specifies whether a trail has insight types specified in an InsightSelector list.
155 #[serde(skip_serializing_if = "Option::is_none")]
156 pub has_insight_selectors: Option<bool>,
157
158 /// Specifies whether the trail is an organization trail.
159 #[serde(skip_serializing_if = "Option::is_none")]
160 pub is_organization_trail: Option<bool>,
161}
162
163impl Trail {
164 #[cfg(any(test, feature = "test-support"))]
165 /// Create a fixture instance for testing.
166 pub fn fixture() -> Self {
167 Self {
168 name: Some("test-name".into()),
169 s3_bucket_name: Some("test-s3_bucket_name".into()),
170 s3_key_prefix: Some("test-s3_key_prefix".into()),
171 sns_topic_arn: Some("test-sns_topic_arn".into()),
172 include_global_service_events: Some(false),
173 is_multi_region_trail: Some(false),
174 home_region: Some("test-home_region".into()),
175 trail_arn: Some("test-trail_arn".into()),
176 log_file_validation_enabled: Some(false),
177 cloud_watch_logs_log_group_arn: Some("test-cloud_watch_logs_log_group_arn".into()),
178 cloud_watch_logs_role_arn: Some("test-cloud_watch_logs_role_arn".into()),
179 kms_key_id: Some("test-kms_key_id".into()),
180 has_custom_event_selectors: Some(false),
181 has_insight_selectors: Some(false),
182 is_organization_trail: Some(false),
183 }
184 }
185}
186
187/// The name of a trail about which you want the current status.
188///
189/// **AWS API**: `cloudtrail.v1.GetTrailStatusRequest`
190/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//GetTrailStatusRequest>
191#[derive(Debug, Clone, Default, Serialize, Deserialize)]
192#[serde(rename_all = "PascalCase")]
193pub struct GetTrailStatusRequest {
194 /// Specifies the name or the CloudTrail ARN of the trail for which you are requesting
195 /// status. To get the status of a shadow trail (a replication of the trail in another
196 /// Region), you must specify its ARN. The following is the format of a trail ARN:
197 /// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail If the trail is an organization
198 /// trail and you are a member account in the organization in Organizations, you must
199 /// provide the full ARN of that trail, and not just the name.
200 pub name: String,
201}
202
203impl GetTrailStatusRequest {
204 #[cfg(any(test, feature = "test-support"))]
205 /// Create a fixture instance for testing.
206 pub fn fixture() -> Self {
207 Self {
208 name: "test-name".into(),
209 }
210 }
211}
212
213/// Returns the objects or data listed below if successful. Otherwise, returns an error.
214///
215/// **AWS API**: `cloudtrail.v1.GetTrailStatusResponse`
216/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//GetTrailStatusResponse>
217///
218/// ## Coverage
219/// 11 of 17 fields included.
220/// Omitted fields:
221/// - `LatestDeliveryAttemptTime` — not selected in manifest
222/// - `LatestNotificationAttemptTime` — not selected in manifest
223/// - `LatestNotificationAttemptSucceeded` — not selected in manifest
224/// - `LatestDeliveryAttemptSucceeded` — not selected in manifest
225/// - `TimeLoggingStarted` — not selected in manifest
226/// - `TimeLoggingStopped` — not selected in manifest
227#[derive(Debug, Clone, Default, Serialize, Deserialize)]
228#[serde(rename_all = "PascalCase")]
229pub struct GetTrailStatusResponse {
230 /// Whether the CloudTrail trail is currently logging Amazon Web Services API calls.
231 #[serde(skip_serializing_if = "Option::is_none")]
232 pub is_logging: Option<bool>,
233
234 /// Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log
235 /// files to the designated bucket. For more information, see Error Responses in the Amazon
236 /// S3 API Reference. This error occurs only when there is a problem with the destination S3
237 /// bucket, and does not occur for requests that time out. To resolve the issue, fix the
238 /// bucket policy so that CloudTrail can write to the bucket; or create a new bucket and
239 /// call UpdateTrail to specify the new bucket.
240 #[serde(skip_serializing_if = "Option::is_none")]
241 pub latest_delivery_error: Option<String>,
242
243 /// Displays any Amazon SNS error that CloudTrail encountered when attempting to send a
244 /// notification. For more information about Amazon SNS errors, see the Amazon SNS Developer
245 /// Guide.
246 #[serde(skip_serializing_if = "Option::is_none")]
247 pub latest_notification_error: Option<String>,
248
249 /// Specifies the date and time that CloudTrail last delivered log files to an account's
250 /// Amazon S3 bucket.
251 #[serde(skip_serializing_if = "Option::is_none")]
252 pub latest_delivery_time: Option<f64>,
253
254 /// Specifies the date and time of the most recent Amazon SNS notification that CloudTrail
255 /// has written a new log file to an account's Amazon S3 bucket.
256 #[serde(skip_serializing_if = "Option::is_none")]
257 pub latest_notification_time: Option<f64>,
258
259 /// Specifies the most recent date and time when CloudTrail started recording API calls for
260 /// an Amazon Web Services account.
261 #[serde(skip_serializing_if = "Option::is_none")]
262 pub start_logging_time: Option<f64>,
263
264 /// Specifies the most recent date and time when CloudTrail stopped recording API calls for
265 /// an Amazon Web Services account.
266 #[serde(skip_serializing_if = "Option::is_none")]
267 pub stop_logging_time: Option<f64>,
268
269 /// Displays any CloudWatch Logs error that CloudTrail encountered when attempting to
270 /// deliver logs to CloudWatch Logs.
271 #[serde(skip_serializing_if = "Option::is_none")]
272 pub latest_cloud_watch_logs_delivery_error: Option<String>,
273
274 /// Displays the most recent date and time when CloudTrail delivered logs to CloudWatch
275 /// Logs.
276 #[serde(skip_serializing_if = "Option::is_none")]
277 pub latest_cloud_watch_logs_delivery_time: Option<f64>,
278
279 /// Specifies the date and time that CloudTrail last delivered a digest file to an account's
280 /// Amazon S3 bucket.
281 #[serde(skip_serializing_if = "Option::is_none")]
282 pub latest_digest_delivery_time: Option<f64>,
283
284 /// Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a
285 /// digest file to the designated bucket. For more information, see Error Responses in the
286 /// Amazon S3 API Reference. This error occurs only when there is a problem with the
287 /// destination S3 bucket, and does not occur for requests that time out. To resolve the
288 /// issue, fix the bucket policy so that CloudTrail can write to the bucket; or create a new
289 /// bucket and call UpdateTrail to specify the new bucket.
290 #[serde(skip_serializing_if = "Option::is_none")]
291 pub latest_digest_delivery_error: Option<String>,
292}
293
294impl GetTrailStatusResponse {
295 #[cfg(any(test, feature = "test-support"))]
296 /// Create a fixture instance for testing.
297 pub fn fixture() -> Self {
298 Self {
299 is_logging: Some(false),
300 latest_delivery_error: Some("test-latest_delivery_error".into()),
301 latest_notification_error: Some("test-latest_notification_error".into()),
302 latest_cloud_watch_logs_delivery_error: Some(
303 "test-latest_cloud_watch_logs_delivery_error".into(),
304 ),
305 latest_digest_delivery_error: Some("test-latest_digest_delivery_error".into()),
306 ..Default::default()
307 }
308 }
309}
310
311///
312/// **AWS API**: `cloudtrail.v1.GetEventSelectorsRequest`
313/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//GetEventSelectorsRequest>
314#[derive(Debug, Clone, Default, Serialize, Deserialize)]
315#[serde(rename_all = "PascalCase")]
316pub struct GetEventSelectorsRequest {
317 /// Specifies the name of the trail or trail ARN. If you specify a trail name, the string
318 /// must meet the following requirements: Contain only ASCII letters (a-z, A-Z), numbers
319 /// (0-9), periods (.), underscores (_), or dashes (-) Start with a letter or number, and
320 /// end with a letter or number Be between 3 and 128 characters Have no adjacent periods,
321 /// underscores or dashes. Names like my-_namespace and my--namespace are not valid. Not be
322 /// in IP address format (for example, 192.168.5.4) If you specify a trail ARN, it must be
323 /// in the format: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
324 pub trail_name: String,
325}
326
327impl GetEventSelectorsRequest {
328 #[cfg(any(test, feature = "test-support"))]
329 /// Create a fixture instance for testing.
330 pub fn fixture() -> Self {
331 Self {
332 trail_name: "test-trail_name".into(),
333 }
334 }
335}
336
337///
338/// **AWS API**: `cloudtrail.v1.GetEventSelectorsResponse`
339/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//GetEventSelectorsResponse>
340#[derive(Debug, Clone, Default, Serialize, Deserialize)]
341#[serde(rename_all = "PascalCase")]
342pub struct GetEventSelectorsResponse {
343 /// The specified trail ARN that has the event selectors.
344 #[serde(rename = "TrailARN")]
345 #[serde(skip_serializing_if = "Option::is_none")]
346 pub trail_arn: Option<String>,
347
348 /// The event selectors that are configured for the trail.
349 #[serde(default)]
350 #[serde(skip_serializing_if = "Vec::is_empty")]
351 pub event_selectors: Vec<EventSelector>,
352
353 /// The advanced event selectors that are configured for the trail.
354 #[serde(default)]
355 #[serde(skip_serializing_if = "Vec::is_empty")]
356 pub advanced_event_selectors: Vec<AdvancedEventSelector>,
357}
358
359impl GetEventSelectorsResponse {
360 #[cfg(any(test, feature = "test-support"))]
361 /// Create a fixture instance for testing.
362 pub fn fixture() -> Self {
363 Self {
364 trail_arn: Some("test-trail_arn".into()),
365 event_selectors: vec![],
366 advanced_event_selectors: vec![],
367 }
368 }
369}
370
371/// Use event selectors to further specify the management and data event settings for your
372/// trail. By default, trails created without specific event selectors will be configured to log
373/// all read and write management events, and no data events. When an event occurs in your
374/// account, CloudTrail evaluates the event selector for all trails. For each trail, if the
375/// event matches any event selector, the trail processes and logs the event. If the event
376/// doesn't match any event selector, the trail doesn't log the event. You can configure up to
377/// five event selectors for a trail. You cannot apply both event selectors and advanced event
378/// selectors to a trail.
379///
380/// **AWS API**: `cloudtrail.v1.EventSelector`
381/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//EventSelector>
382///
383/// ## Coverage
384/// 3 of 4 fields included.
385/// Omitted fields:
386/// - `ExcludeManagementEventSources` — not selected in manifest
387#[derive(Debug, Clone, Default, Serialize, Deserialize)]
388#[serde(rename_all = "PascalCase")]
389pub struct EventSelector {
390 /// Specify if you want your trail to log read-only events, write-only events, or all. For
391 /// example, the EC2 GetConsoleOutput is a read-only API operation and RunInstances is a
392 /// write-only API operation. By default, the value is All.
393 #[serde(skip_serializing_if = "Option::is_none")]
394 pub read_write_type: Option<String>,
395
396 /// Specify if you want your event selector to include management events for your trail. For
397 /// more information, see Management Events in the CloudTrail User Guide. By default, the
398 /// value is true. The first copy of management events is free. You are charged for
399 /// additional copies of management events that you are logging on any subsequent trail in
400 /// the same Region. For more information about CloudTrail pricing, see CloudTrail Pricing.
401 #[serde(skip_serializing_if = "Option::is_none")]
402 pub include_management_events: Option<bool>,
403
404 /// CloudTrail supports data event logging for Amazon S3 objects in standard S3 buckets,
405 /// Lambda functions, and Amazon DynamoDB tables with basic event selectors. You can specify
406 /// up to 250 resources for an individual event selector, but the total number of data
407 /// resources cannot exceed 250 across all event selectors in a trail. This limit does not
408 /// apply if you configure resource logging for all data events. For more information, see
409 /// Data Events and Limits in CloudTrail in the CloudTrail User Guide. To log data events
410 /// for all other resource types including objects stored in directory buckets, you must use
411 /// AdvancedEventSelectors. You must also use AdvancedEventSelectors if you want to filter
412 /// on the eventName field.
413 #[serde(default)]
414 #[serde(skip_serializing_if = "Vec::is_empty")]
415 pub data_resources: Vec<DataResource>,
416}
417
418impl EventSelector {
419 #[cfg(any(test, feature = "test-support"))]
420 /// Create a fixture instance for testing.
421 pub fn fixture() -> Self {
422 Self {
423 read_write_type: Some("test-read_write_type".into()),
424 include_management_events: Some(false),
425 data_resources: vec![],
426 }
427 }
428}
429
430/// You can configure the DataResource in an EventSelector to log data events for the following
431/// three resource types: AWS::DynamoDB::Table AWS::Lambda::Function AWS::S3::Object To log data
432/// events for all other resource types including objects stored in directory buckets, you must
433/// use AdvancedEventSelectors. You must also use AdvancedEventSelectors if you want to filter
434/// on the eventName field. Configure the DataResource to specify the resource type and resource
435/// ARNs for which you want to log data events. The total number of allowed data resources is
436/// 250. This number can be distributed between 1 and 5 event selectors, but the total cannot
437/// exceed 250 across all selectors for the trail. The following example demonstrates how
438/// logging works when you configure logging of all data events for a general purpose bucket
439/// named amzn-s3-demo-bucket1. In this example, the CloudTrail user specified an empty prefix,
440/// and the option to log both Read and Write data events. A user uploads an image file to
441/// amzn-s3-demo-bucket1. The PutObject API operation is an Amazon S3 object-level API. It is
442/// recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket
443/// with an empty prefix, events that occur on any object in that bucket are logged. The trail
444/// processes and logs the event. A user uploads an object to an Amazon S3 bucket named
445/// arn:aws:s3:::amzn-s3-demo-bucket1. The PutObject API operation occurred for an object in an
446/// S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the
447/// event. The following example demonstrates how logging works when you configure logging of
448/// Lambda data events for a Lambda function named MyLambdaFunction, but not for all Lambda
449/// functions. A user runs a script that includes a call to the MyLambdaFunction function and
450/// the MyOtherLambdaFunction function. The Invoke API operation on MyLambdaFunction is an
451/// Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user
452/// specified logging data events for MyLambdaFunction, any invocations of that function are
453/// logged. The trail processes and logs the event. The Invoke API operation on
454/// MyOtherLambdaFunction is an Lambda API. Because the CloudTrail user did not specify logging
455/// data events for all Lambda functions, the Invoke operation for MyOtherLambdaFunction does
456/// not match the function specified for the trail. The trail doesn’t log the event.
457///
458/// **AWS API**: `cloudtrail.v1.DataResource`
459/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//DataResource>
460#[derive(Debug, Clone, Default, Serialize, Deserialize)]
461#[serde(rename_all = "PascalCase")]
462pub struct DataResource {
463 /// The resource type in which you want to log data events. You can specify the following
464 /// basic event selector resource types: AWS::DynamoDB::Table AWS::Lambda::Function
465 /// AWS::S3::Object Additional resource types are available through advanced event
466 /// selectors. For more information, see AdvancedEventSelector.
467 #[serde(rename = "Type")]
468 #[serde(skip_serializing_if = "Option::is_none")]
469 pub r#type: Option<String>,
470
471 /// An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified
472 /// resource type. To log data events for all objects in all S3 buckets in your Amazon Web
473 /// Services account, specify the prefix as arn:aws:s3. This also enables logging of data
474 /// event activity performed by any user or role in your Amazon Web Services account, even
475 /// if that activity is performed on a bucket that belongs to another Amazon Web Services
476 /// account. To log data events for all objects in an S3 bucket, specify the bucket and an
477 /// empty object prefix such as arn:aws:s3:::amzn-s3-demo-bucket1/. The trail logs data
478 /// events for all objects in this S3 bucket. To log data events for specific objects,
479 /// specify the S3 bucket and object prefix such as arn:aws:s3:::amzn-s3-demo-
480 /// bucket1/example-images. The trail logs data events for objects in this S3 bucket that
481 /// match the prefix. To log data events for all Lambda functions in your Amazon Web
482 /// Services account, specify the prefix as arn:aws:lambda. This also enables logging of
483 /// Invoke activity performed by any user or role in your Amazon Web Services account, even
484 /// if that activity is performed on a function that belongs to another Amazon Web Services
485 /// account. To log data events for a specific Lambda function, specify the function ARN.
486 /// Lambda function ARNs are exact. For example, if you specify a function ARN
487 /// arn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only be
488 /// logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be
489 /// logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2. To log data
490 /// events for all DynamoDB tables in your Amazon Web Services account, specify the prefix
491 /// as arn:aws:dynamodb.
492 #[serde(default)]
493 #[serde(skip_serializing_if = "Vec::is_empty")]
494 pub values: Vec<String>,
495}
496
497impl DataResource {
498 #[cfg(any(test, feature = "test-support"))]
499 /// Create a fixture instance for testing.
500 pub fn fixture() -> Self {
501 Self {
502 r#type: Some("test-type".into()),
503 values: vec![],
504 }
505 }
506}
507
508/// Advanced event selectors let you create fine-grained selectors for CloudTrail management,
509/// data, and network activity events. They help you control costs by logging only those events
510/// that are important to you. For more information about configuring advanced event selectors,
511/// see the Logging data events, Logging network activity events, and Logging management events
512/// topics in the CloudTrail User Guide. You cannot apply both event selectors and advanced
513/// event selectors to a trail. For information about configurable advanced event selector
514/// fields, see AdvancedEventSelector in the CloudTrail API Reference.
515///
516/// **AWS API**: `cloudtrail.v1.AdvancedEventSelector`
517/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//AdvancedEventSelector>
518#[derive(Debug, Clone, Default, Serialize, Deserialize)]
519#[serde(rename_all = "PascalCase")]
520pub struct AdvancedEventSelector {
521 /// An optional, descriptive name for an advanced event selector, such as "Log data events
522 /// for only two S3 buckets".
523 #[serde(skip_serializing_if = "Option::is_none")]
524 pub name: Option<String>,
525
526 /// Contains all selector statements in an advanced event selector.
527 #[serde(default)]
528 pub field_selectors: Vec<AdvancedFieldSelector>,
529}
530
531impl AdvancedEventSelector {
532 #[cfg(any(test, feature = "test-support"))]
533 /// Create a fixture instance for testing.
534 pub fn fixture() -> Self {
535 Self {
536 name: Some("test-name".into()),
537 field_selectors: vec![],
538 }
539 }
540}
541
542/// A single selector statement in an advanced event selector.
543///
544/// **AWS API**: `cloudtrail.v1.AdvancedFieldSelector`
545/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//AdvancedFieldSelector>
546#[derive(Debug, Clone, Default, Serialize, Deserialize)]
547#[serde(rename_all = "PascalCase")]
548pub struct AdvancedFieldSelector {
549 /// A field in a CloudTrail event record on which to filter events to be logged. For event
550 /// data stores for CloudTrail Insights events, Config configuration items, Audit Manager
551 /// evidence, or events outside of Amazon Web Services, the field is used only for selecting
552 /// events as filtering is not supported. For more information, see AdvancedFieldSelector in
553 /// the CloudTrail API Reference. Selectors don't support the use of wildcards like * . To
554 /// match multiple values with a single condition, you may use StartsWith, EndsWith,
555 /// NotStartsWith, or NotEndsWith to explicitly match the beginning or end of the event
556 /// field.
557 pub field: String,
558
559 /// An operator that includes events that match the exact value of the event record field
560 /// specified as the value of Field. This is the only valid operator that you can use with
561 /// the readOnly, eventCategory, and resources.type fields.
562 #[serde(default)]
563 #[serde(skip_serializing_if = "Vec::is_empty")]
564 pub equals: Vec<String>,
565
566 /// An operator that includes events that match the first few characters of the event record
567 /// field specified as the value of Field.
568 #[serde(default)]
569 #[serde(skip_serializing_if = "Vec::is_empty")]
570 pub starts_with: Vec<String>,
571
572 /// An operator that includes events that match the last few characters of the event record
573 /// field specified as the value of Field.
574 #[serde(default)]
575 #[serde(skip_serializing_if = "Vec::is_empty")]
576 pub ends_with: Vec<String>,
577
578 /// An operator that excludes events that match the exact value of the event record field
579 /// specified as the value of Field.
580 #[serde(default)]
581 #[serde(skip_serializing_if = "Vec::is_empty")]
582 pub not_equals: Vec<String>,
583
584 /// An operator that excludes events that match the first few characters of the event record
585 /// field specified as the value of Field.
586 #[serde(default)]
587 #[serde(skip_serializing_if = "Vec::is_empty")]
588 pub not_starts_with: Vec<String>,
589
590 /// An operator that excludes events that match the last few characters of the event record
591 /// field specified as the value of Field.
592 #[serde(default)]
593 #[serde(skip_serializing_if = "Vec::is_empty")]
594 pub not_ends_with: Vec<String>,
595}
596
597impl AdvancedFieldSelector {
598 #[cfg(any(test, feature = "test-support"))]
599 /// Create a fixture instance for testing.
600 pub fn fixture() -> Self {
601 Self {
602 field: "test-field".into(),
603 equals: vec![],
604 starts_with: vec![],
605 ends_with: vec![],
606 not_equals: vec![],
607 not_starts_with: vec![],
608 not_ends_with: vec![],
609 }
610 }
611}
612
613/// The request that specifies the name of a trail to delete.
614///
615/// **AWS API**: `cloudtrail.v1.DeleteTrailRequest`
616/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//DeleteTrailRequest>
617#[derive(Debug, Clone, Default, Serialize, Deserialize)]
618#[serde(rename_all = "PascalCase")]
619pub struct DeleteTrailRequest {
620 /// Specifies the name or the CloudTrail ARN of the trail to be deleted. The following is
621 /// the format of a trail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
622 pub name: String,
623}
624
625impl DeleteTrailRequest {
626 #[cfg(any(test, feature = "test-support"))]
627 /// Create a fixture instance for testing.
628 pub fn fixture() -> Self {
629 Self {
630 name: "test-name".into(),
631 }
632 }
633}
634
635/// Returns the objects or data listed below if successful. Otherwise, returns an error.
636///
637/// **AWS API**: `cloudtrail.v1.DeleteTrailResponse`
638/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//DeleteTrailResponse>
639#[derive(Debug, Clone, Default, Serialize, Deserialize)]
640#[serde(rename_all = "PascalCase")]
641pub struct DeleteTrailResponse {}
642
643impl DeleteTrailResponse {
644 #[cfg(any(test, feature = "test-support"))]
645 /// Create a fixture instance for testing.
646 pub fn fixture() -> Self {
647 Self {}
648 }
649}
650
651/// Specifies settings to update for the trail.
652///
653/// **AWS API**: `cloudtrail.v1.UpdateTrailRequest`
654/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//UpdateTrailRequest>
655#[derive(Debug, Clone, Default, Serialize, Deserialize)]
656#[serde(rename_all = "PascalCase")]
657pub struct UpdateTrailRequest {
658 /// Specifies the name of the trail or trail ARN. If Name is a trail name, the string must
659 /// meet the following requirements: Contain only ASCII letters (a-z, A-Z), numbers (0-9),
660 /// periods (.), underscores (_), or dashes (-) Start with a letter or number, and end with
661 /// a letter or number Be between 3 and 128 characters Have no adjacent periods, underscores
662 /// or dashes. Names like my-_namespace and my--namespace are not valid. Not be in IP
663 /// address format (for example, 192.168.5.4) If Name is a trail ARN, it must be in the
664 /// following format. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
665 pub name: String,
666
667 /// Specifies the name of the Amazon S3 bucket designated for publishing log files. See
668 /// Amazon S3 Bucket naming rules.
669 #[serde(skip_serializing_if = "Option::is_none")]
670 pub s3_bucket_name: Option<String>,
671
672 /// Specifies the Amazon S3 key prefix that comes after the name of the bucket you have
673 /// designated for log file delivery. For more information, see Finding Your CloudTrail Log
674 /// Files. The maximum length is 200 characters.
675 #[serde(skip_serializing_if = "Option::is_none")]
676 pub s3_key_prefix: Option<String>,
677
678 /// Specifies the name or ARN of the Amazon SNS topic defined for notification of log file
679 /// delivery. The maximum length is 256 characters.
680 #[serde(skip_serializing_if = "Option::is_none")]
681 pub sns_topic_name: Option<String>,
682
683 /// Specifies whether the trail is publishing events from global services such as IAM to the
684 /// log files.
685 #[serde(skip_serializing_if = "Option::is_none")]
686 pub include_global_service_events: Option<bool>,
687
688 /// Specifies whether the trail applies only to the current Region or to all Regions. The
689 /// default is false. If the trail exists only in the current Region and this value is set
690 /// to true, shadow trails (replications of the trail) will be created in the other Regions.
691 /// If the trail exists in all Regions and this value is set to false, the trail will remain
692 /// in the Region where it was created, and its shadow trails in other Regions will be
693 /// deleted. As a best practice, consider using trails that log events in all Regions.
694 #[serde(skip_serializing_if = "Option::is_none")]
695 pub is_multi_region_trail: Option<bool>,
696
697 /// Specifies whether log file validation is enabled. The default is false. When you disable
698 /// log file integrity validation, the chain of digest files is broken after one hour.
699 /// CloudTrail does not create digest files for log files that were delivered during a
700 /// period in which log file integrity validation was disabled. For example, if you enable
701 /// log file integrity validation at noon on January 1, disable it at noon on January 2, and
702 /// re-enable it at noon on January 10, digest files will not be created for the log files
703 /// delivered from noon on January 2 to noon on January 10. The same applies whenever you
704 /// stop CloudTrail logging or delete a trail.
705 #[serde(skip_serializing_if = "Option::is_none")]
706 pub enable_log_file_validation: Option<bool>,
707
708 /// Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that
709 /// represents the log group to which CloudTrail logs are delivered. You must use a log
710 /// group that exists in your account. Not required unless you specify
711 /// CloudWatchLogsRoleArn.
712 #[serde(skip_serializing_if = "Option::is_none")]
713 pub cloud_watch_logs_log_group_arn: Option<String>,
714
715 /// Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log
716 /// group. You must use a role that exists in your account.
717 #[serde(skip_serializing_if = "Option::is_none")]
718 pub cloud_watch_logs_role_arn: Option<String>,
719
720 /// Specifies the KMS key ID to use to encrypt the logs and digest files delivered by
721 /// CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN
722 /// to an alias, a fully specified ARN to a key, or a globally unique identifier. CloudTrail
723 /// also supports KMS multi-Region keys. For more information about multi-Region keys, see
724 /// Using multi-Region keys in the Key Management Service Developer Guide. Examples:
725 /// alias/MyAliasName arn:aws:kms:us-east-2:123456789012:alias/MyAliasName arn:aws:kms:us-
726 /// east-2:123456789012:key/12345678-1234-1234-1234-123456789012
727 /// 12345678-1234-1234-1234-123456789012
728 #[serde(skip_serializing_if = "Option::is_none")]
729 pub kms_key_id: Option<String>,
730
731 /// Specifies whether the trail is applied to all accounts in an organization in
732 /// Organizations, or only for the current Amazon Web Services account. The default is
733 /// false, and cannot be true unless the call is made on behalf of an Amazon Web Services
734 /// account that is the management account for an organization in Organizations. If the
735 /// trail is not an organization trail and this is set to true, the trail will be created in
736 /// all Amazon Web Services accounts that belong to the organization. If the trail is an
737 /// organization trail and this is set to false, the trail will remain in the current Amazon
738 /// Web Services account but be deleted from all member accounts in the organization. Only
739 /// the management account for the organization can convert an organization trail to a non-
740 /// organization trail, or convert a non-organization trail to an organization trail.
741 #[serde(skip_serializing_if = "Option::is_none")]
742 pub is_organization_trail: Option<bool>,
743}
744
745impl UpdateTrailRequest {
746 #[cfg(any(test, feature = "test-support"))]
747 /// Create a fixture instance for testing.
748 pub fn fixture() -> Self {
749 Self {
750 name: "test-name".into(),
751 s3_bucket_name: Some("test-s3_bucket_name".into()),
752 s3_key_prefix: Some("test-s3_key_prefix".into()),
753 sns_topic_name: Some("test-sns_topic_name".into()),
754 include_global_service_events: Some(false),
755 is_multi_region_trail: Some(false),
756 enable_log_file_validation: Some(false),
757 cloud_watch_logs_log_group_arn: Some("test-cloud_watch_logs_log_group_arn".into()),
758 cloud_watch_logs_role_arn: Some("test-cloud_watch_logs_role_arn".into()),
759 kms_key_id: Some("test-kms_key_id".into()),
760 is_organization_trail: Some(false),
761 }
762 }
763}
764
765/// Returns the objects or data listed below if successful. Otherwise, returns an error.
766///
767/// **AWS API**: `cloudtrail.v1.UpdateTrailResponse`
768/// **Reference**: <https://docs.aws.amazon.com/awscloudtrail/latest/APIReference//UpdateTrailResponse>
769///
770/// ## Coverage
771/// 12 of 13 fields included.
772/// Omitted fields:
773/// - `SnsTopicName` — not selected in manifest
774#[derive(Debug, Clone, Default, Serialize, Deserialize)]
775#[serde(rename_all = "PascalCase")]
776pub struct UpdateTrailResponse {
777 /// Specifies the name of the trail.
778 #[serde(skip_serializing_if = "Option::is_none")]
779 pub name: Option<String>,
780
781 /// Specifies the name of the Amazon S3 bucket designated for publishing log files.
782 #[serde(skip_serializing_if = "Option::is_none")]
783 pub s3_bucket_name: Option<String>,
784
785 /// Specifies the Amazon S3 key prefix that comes after the name of the bucket you have
786 /// designated for log file delivery. For more information, see Finding Your IAM Log Files.
787 #[serde(skip_serializing_if = "Option::is_none")]
788 pub s3_key_prefix: Option<String>,
789
790 /// Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications
791 /// when log files are delivered. The following is the format of a topic ARN.
792 /// arn:aws:sns:us-east-2:123456789012:MyTopic
793 #[serde(rename = "SnsTopicARN")]
794 #[serde(skip_serializing_if = "Option::is_none")]
795 pub sns_topic_arn: Option<String>,
796
797 /// Specifies whether the trail is publishing events from global services such as IAM to the
798 /// log files.
799 #[serde(skip_serializing_if = "Option::is_none")]
800 pub include_global_service_events: Option<bool>,
801
802 /// Specifies whether the trail exists in one Region or in all Regions.
803 #[serde(skip_serializing_if = "Option::is_none")]
804 pub is_multi_region_trail: Option<bool>,
805
806 /// Specifies the ARN of the trail that was updated. The following is the format of a trail
807 /// ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
808 #[serde(rename = "TrailARN")]
809 #[serde(skip_serializing_if = "Option::is_none")]
810 pub trail_arn: Option<String>,
811
812 /// Specifies whether log file integrity validation is enabled.
813 #[serde(skip_serializing_if = "Option::is_none")]
814 pub log_file_validation_enabled: Option<bool>,
815
816 /// Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs are
817 /// delivered.
818 #[serde(skip_serializing_if = "Option::is_none")]
819 pub cloud_watch_logs_log_group_arn: Option<String>,
820
821 /// Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log
822 /// group.
823 #[serde(skip_serializing_if = "Option::is_none")]
824 pub cloud_watch_logs_role_arn: Option<String>,
825
826 /// Specifies the KMS key ID that encrypts the logs and digest files delivered by
827 /// CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
828 /// arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
829 #[serde(skip_serializing_if = "Option::is_none")]
830 pub kms_key_id: Option<String>,
831
832 /// Specifies whether the trail is an organization trail.
833 #[serde(skip_serializing_if = "Option::is_none")]
834 pub is_organization_trail: Option<bool>,
835}
836
837impl UpdateTrailResponse {
838 #[cfg(any(test, feature = "test-support"))]
839 /// Create a fixture instance for testing.
840 pub fn fixture() -> Self {
841 Self {
842 name: Some("test-name".into()),
843 s3_bucket_name: Some("test-s3_bucket_name".into()),
844 s3_key_prefix: Some("test-s3_key_prefix".into()),
845 sns_topic_arn: Some("test-sns_topic_arn".into()),
846 include_global_service_events: Some(false),
847 is_multi_region_trail: Some(false),
848 trail_arn: Some("test-trail_arn".into()),
849 log_file_validation_enabled: Some(false),
850 cloud_watch_logs_log_group_arn: Some("test-cloud_watch_logs_log_group_arn".into()),
851 cloud_watch_logs_role_arn: Some("test-cloud_watch_logs_role_arn".into()),
852 kms_key_id: Some("test-kms_key_id".into()),
853 is_organization_trail: Some(false),
854 }
855 }
856}