Struct aws_sdk_cloudtrail::Client

pub struct Client { /* private fields */ }

Client for AWS CloudTrail

Client for invoking operations on AWS CloudTrail. Each operation on AWS CloudTrail is a method on this this struct. .send() MUST be invoked on the generated operations to dispatch the request to the service.

Constructing a Client

A Config is required to construct a client. For most use cases, the aws-config crate should be used to automatically resolve this config using aws_config::load_from_env(), since this will resolve an SdkConfig which can be shared across multiple different AWS SDK clients. This config resolution process can be customized by calling aws_config::from_env() instead, which returns a ConfigLoader that uses the builder pattern to customize the default config.

In the simplest case, creating a client looks as follows:

let config = aws_config::load_from_env().await;
let client = aws_sdk_cloudtrail::Client::new(&config);

Occasionally, SDKs may have additional service-specific values that can be set on the Config that is absent from SdkConfig, or slightly different settings for a specific client may be desired. The Config struct implements From<&SdkConfig>, so setting these specific settings can be done as follows:

let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_cloudtrail::config::Builder::from(&sdk_config)
    .some_service_specific_setting("value")
    .build();

See the aws-config docs and Config for more information on customizing configuration.

Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.

Using the Client

A client has a function for every operation that can be performed by the service. For example, the AddTags operation has a Client::add_tags, function which returns a builder for that operation. The fluent builder ultimately has a send() function that returns an async future that returns a result, as illustrated below:

let result = client.add_tags()
    .resource_id("example")
    .send()
    .await;

The underlying HTTP requests that get made by this can be modified with the customize_operation function on the fluent builder. See the customize module for more information.

Implementations

impl Client

pub fn add_tags(&self) -> AddTagsFluentBuilder

Constructs a fluent builder for the AddTags operation.

• The fluent builder is configurable:
  • resource_id(impl Into<String>) / set_resource_id(Option<String>):
    required: true
    

    Specifies the ARN of the trail, event data store, or channel to which one or more tags will be added.

    The format of a trail ARN is: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    The format of an event data store ARN is: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

    The format of a channel ARN is: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

    
    
  • tags_list(Tag) / set_tags_list(Option<Vec::<Tag>>):
    required: true
    

    Contains a list of tags, up to a limit of 50

    
    
• On success, responds with AddTagsOutput
• On failure, responds with SdkError<AddTagsError>

impl Client

pub fn cancel_query(&self) -> CancelQueryFluentBuilder

Constructs a fluent builder for the CancelQuery operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: false
    

    The ARN (or the ID suffix of the ARN) of an event data store on which the specified query is running.

    
    
  • query_id(impl Into<String>) / set_query_id(Option<String>):
    required: true
    

    The ID of the query that you want to cancel. The QueryId comes from the response of a StartQuery operation.

    
    
• On success, responds with CancelQueryOutput with field(s):
  • query_id(String):

    The ID of the canceled query.

  • query_status(QueryStatus):

    Shows the status of a query after a CancelQuery request. Typically, the values shown are either RUNNING or CANCELLED.

• On failure, responds with SdkError<CancelQueryError>

impl Client

pub fn create_channel(&self) -> CreateChannelFluentBuilder

Constructs a fluent builder for the CreateChannel operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    The name of the channel.

    
    
  • source(impl Into<String>) / set_source(Option<String>):
    required: true
    

    The name of the partner or external event source. You cannot change this name after you create the channel. A maximum of one channel is allowed per source.

    A source can be either Custom for all valid non-Amazon Web Services events, or the name of a partner event source. For information about the source names for available partners, see Additional information about integration partners in the CloudTrail User Guide.

    
    
  • destinations(Destination) / set_destinations(Option<Vec::<Destination>>):
    required: true
    

    One or more event data stores to which events arriving through a channel will be logged.

    
    
  • tags(Tag) / set_tags(Option<Vec::<Tag>>):
    required: false
    

    A list of tags.

    
    
• On success, responds with CreateChannelOutput with field(s):
  • channel_arn(Option<String>):

    The Amazon Resource Name (ARN) of the new channel.

  • name(Option<String>):

    The name of the new channel.

  • source(Option<String>):

    The partner or external event source name.

  • destinations(Option<Vec::<Destination>>):

    The event data stores that log the events arriving through the channel.

  • tags(Option<Vec::<Tag>>):

    A list of tags.

• On failure, responds with SdkError<CreateChannelError>

impl Client

pub fn create_event_data_store(&self) -> CreateEventDataStoreFluentBuilder

Constructs a fluent builder for the CreateEventDataStore operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    The name of the event data store.

    
    
  • advanced_event_selectors(AdvancedEventSelector) / set_advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):
    required: false
    

    The advanced event selectors to use to select the events for the data store. You can configure up to five advanced event selectors for each event data store.

    For more information about how to use advanced event selectors to log CloudTrail events, see Log events by using advanced event selectors in the CloudTrail User Guide.

    For more information about how to use advanced event selectors to include Config configuration items in your event data store, see Create an event data store for Config configuration items in the CloudTrail User Guide.

    For more information about how to use advanced event selectors to include non-Amazon Web Services events in your event data store, see Create an integration to log events from outside Amazon Web Services in the CloudTrail User Guide.

    
    
  • multi_region_enabled(bool) / set_multi_region_enabled(Option<bool>):
    required: false
    

    Specifies whether the event data store includes events from all Regions, or only from the Region in which the event data store is created.

    
    
  • organization_enabled(bool) / set_organization_enabled(Option<bool>):
    required: false
    

    Specifies whether an event data store collects events logged for an organization in Organizations.

    
    
  • retention_period(i32) / set_retention_period(Option<i32>):
    required: false
    

    The retention period of the event data store, in days. If BillingMode is set to EXTENDABLE_RETENTION_PRICING, you can set a retention period of up to 3653 days, the equivalent of 10 years. If BillingMode is set to FIXED_RETENTION_PRICING, you can set a retention period of up to 2557 days, the equivalent of seven years.

    CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.

    If you plan to copy trail events to this event data store, we recommend that you consider both the age of the events that you want to copy as well as how long you want to keep the copied events in your event data store. For example, if you copy trail events that are 5 years old and specify a retention period of 7 years, the event data store will retain those events for two years.

    
    
  • termination_protection_enabled(bool) / set_termination_protection_enabled(Option<bool>):
    required: false
    

    Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled.

    
    
  • tags_list(Tag) / set_tags_list(Option<Vec::<Tag>>):
    required: false
    

    A list of tags.

    
    
  • kms_key_id(impl Into<String>) / set_kms_key_id(Option<String>):
    required: false
    

    Specifies the KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.

    Disabling or deleting the KMS key, or removing CloudTrail permissions on the key, prevents CloudTrail from logging events to the event data store, and prevents users from querying the data in the event data store that was encrypted with the key. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. Before you disable or delete a KMS key that you are using with an event data store, delete or back up your event data store.

    CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.

    Examples:

    • alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

    • 12345678-1234-1234-1234-123456789012

    
    
  • start_ingestion(bool) / set_start_ingestion(Option<bool>):
    required: false
    

    Specifies whether the event data store should start ingesting live events. The default is true.

    
    
  • billing_mode(BillingMode) / set_billing_mode(Option<BillingMode>):
    required: false
    

    The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.

    The following are the possible values:

    • EXTENDABLE_RETENTION_PRICING - This billing mode is generally recommended if you want a flexible retention period of up to 3653 days (about 10 years). The default retention period for this billing mode is 366 days.

    • FIXED_RETENTION_PRICING - This billing mode is recommended if you expect to ingest more than 25 TB of event data per month and need a retention period of up to 2557 days (about 7 years). The default retention period for this billing mode is 2557 days.

    The default value is EXTENDABLE_RETENTION_PRICING.

    For more information about CloudTrail pricing, see CloudTrail Pricing and Managing CloudTrail Lake costs.

    
    
• On success, responds with CreateEventDataStoreOutput with field(s):
  • event_data_store_arn(Option<String>):

    The ARN of the event data store.

  • name(Option<String>):

    The name of the event data store.

  • status(Option<EventDataStoreStatus>):

    The status of event data store creation.

  • advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):

    The advanced event selectors that were used to select the events for the data store.

  • multi_region_enabled(Option<bool>):

    Indicates whether the event data store collects events from all Regions, or only from the Region in which it was created.

  • organization_enabled(Option<bool>):

    Indicates whether an event data store is collecting logged events for an organization in Organizations.

  • retention_period(Option<i32>):

    The retention period of an event data store, in days.

  • termination_protection_enabled(Option<bool>):

    Indicates whether termination protection is enabled for the event data store.

  • tags_list(Option<Vec::<Tag>>):

    A list of tags.

  • created_timestamp(Option<DateTime>):

    The timestamp that shows when the event data store was created.

  • updated_timestamp(Option<DateTime>):

    The timestamp that shows when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.

  • kms_key_id(Option<String>):

    Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.

    arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

  • billing_mode(Option<BillingMode>):

    The billing mode for the event data store.

• On failure, responds with SdkError<CreateEventDataStoreError>

impl Client

pub fn create_trail(&self) -> CreateTrailFluentBuilder

Constructs a fluent builder for the CreateTrail operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    Specifies the name of the trail. The name must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

    • Start with a letter or number, and end with a letter or number

    • Be between 3 and 128 characters

    • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my–namespace are not valid.

    • Not be in IP address format (for example, 192.168.5.4)

    
    
  • s3_bucket_name(impl Into<String>) / set_s3_bucket_name(Option<String>):
    required: true
    

    Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements.

    
    
  • s3_key_prefix(impl Into<String>) / set_s3_key_prefix(Option<String>):
    required: false
    

    Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.

    
    
  • sns_topic_name(impl Into<String>) / set_sns_topic_name(Option<String>):
    required: false
    

    Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.

    
    
  • include_global_service_events(bool) / set_include_global_service_events(Option<bool>):
    required: false
    

    Specifies whether the trail is publishing events from global services such as IAM to the log files.

    
    
  • is_multi_region_trail(bool) / set_is_multi_region_trail(Option<bool>):
    required: false
    

    Specifies whether the trail is created in the current Region or in all Regions. The default is false, which creates a trail only in the Region where you are signed in. As a best practice, consider creating trails that log events in all Regions.

    
    
  • enable_log_file_validation(bool) / set_enable_log_file_validation(Option<bool>):
    required: false
    

    Specifies whether log file integrity validation is enabled. The default is false.

    When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.

    
    
  • cloud_watch_logs_log_group_arn(impl Into<String>) / set_cloud_watch_logs_log_group_arn(Option<String>):
    required: false
    

    Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. You must use a log group that exists in your account.

    Not required unless you specify CloudWatchLogsRoleArn.

    
    
  • cloud_watch_logs_role_arn(impl Into<String>) / set_cloud_watch_logs_role_arn(Option<String>):
    required: false
    

    Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group. You must use a role that exists in your account.

    
    
  • kms_key_id(impl Into<String>) / set_kms_key_id(Option<String>):
    required: false
    

    Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.

    CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.

    Examples:

    • alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

    • 12345678-1234-1234-1234-123456789012

    
    
  • is_organization_trail(bool) / set_is_organization_trail(Option<bool>):
    required: false
    

    Specifies whether the trail is created for all accounts in an organization in Organizations, or only for the current Amazon Web Services account. The default is false, and cannot be true unless the call is made on behalf of an Amazon Web Services account that is the management account or delegated administrator account for an organization in Organizations.

    
    
  • tags_list(Tag) / set_tags_list(Option<Vec::<Tag>>):
    required: false
    

    A list of tags.

    
    
• On success, responds with CreateTrailOutput with field(s):
  • name(Option<String>):

    Specifies the name of the trail.

  • s3_bucket_name(Option<String>):

    Specifies the name of the Amazon S3 bucket designated for publishing log files.

  • s3_key_prefix(Option<String>):

    Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files.

  • sns_topic_name(Option<String>):

    This field is no longer in use. Use SnsTopicARN.

  • sns_topic_arn(Option<String>):

    Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The format of a topic ARN is:

    arn:aws:sns:us-east-2:123456789012:MyTopic

  • include_global_service_events(Option<bool>):

    Specifies whether the trail is publishing events from global services such as IAM to the log files.

  • is_multi_region_trail(Option<bool>):

    Specifies whether the trail exists in one Region or in all Regions.

  • trail_arn(Option<String>):

    Specifies the ARN of the trail that was created. The format of a trail ARN is:

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

  • log_file_validation_enabled(Option<bool>):

    Specifies whether log file integrity validation is enabled.

  • cloud_watch_logs_log_group_arn(Option<String>):

    Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will be delivered.

  • cloud_watch_logs_role_arn(Option<String>):

    Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.

  • kms_key_id(Option<String>):

    Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.

    arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

  • is_organization_trail(Option<bool>):

    Specifies whether the trail is an organization trail.

• On failure, responds with SdkError<CreateTrailError>

impl Client

pub fn delete_channel(&self) -> DeleteChannelFluentBuilder

Constructs a fluent builder for the DeleteChannel operation.

• The fluent builder is configurable:
  • channel(impl Into<String>) / set_channel(Option<String>):
    required: true
    

    The ARN or the UUID value of the channel that you want to delete.

    
    
• On success, responds with DeleteChannelOutput
• On failure, responds with SdkError<DeleteChannelError>

impl Client

pub fn delete_event_data_store(&self) -> DeleteEventDataStoreFluentBuilder

Constructs a fluent builder for the DeleteEventDataStore operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or the ID suffix of the ARN) of the event data store to delete.

    
    
• On success, responds with DeleteEventDataStoreOutput
• On failure, responds with SdkError<DeleteEventDataStoreError>

impl Client

pub fn delete_resource_policy(&self) -> DeleteResourcePolicyFluentBuilder

Constructs a fluent builder for the DeleteResourcePolicy operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) of the CloudTrail channel you’re deleting the resource-based policy from. The following is the format of a resource ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel.

    
    
• On success, responds with DeleteResourcePolicyOutput
• On failure, responds with SdkError<DeleteResourcePolicyError>

impl Client

pub fn delete_trail(&self) -> DeleteTrailFluentBuilder

Constructs a fluent builder for the DeleteTrail operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    Specifies the name or the CloudTrail ARN of the trail to be deleted. The following is the format of a trail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
• On success, responds with DeleteTrailOutput
• On failure, responds with SdkError<DeleteTrailError>

impl Client

pub fn deregister_organization_delegated_admin( &self ) -> DeregisterOrganizationDelegatedAdminFluentBuilder

Constructs a fluent builder for the DeregisterOrganizationDelegatedAdmin operation.

• The fluent builder is configurable:
  • delegated_admin_account_id(impl Into<String>) / set_delegated_admin_account_id(Option<String>):
    required: true
    

    A delegated administrator account ID. This is a member account in an organization that is currently designated as a delegated administrator.

    
    
• On success, responds with DeregisterOrganizationDelegatedAdminOutput
• On failure, responds with SdkError<DeregisterOrganizationDelegatedAdminError>

impl Client

pub fn describe_query(&self) -> DescribeQueryFluentBuilder

Constructs a fluent builder for the DescribeQuery operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: false
    

    The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.

    
    
  • query_id(impl Into<String>) / set_query_id(Option<String>):
    required: false
    

    The query ID.

    
    
  • query_alias(impl Into<String>) / set_query_alias(Option<String>):
    required: false
    

    The alias that identifies a query template.

    
    
• On success, responds with DescribeQueryOutput with field(s):
  • query_id(Option<String>):

    The ID of the query.

  • query_string(Option<String>):

    The SQL code of a query.

  • query_status(Option<QueryStatus>):

    The status of a query. Values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED

  • query_statistics(Option<QueryStatisticsForDescribeQuery>):

    Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query’s creation time.

  • error_message(Option<String>):

    The error message returned if a query failed.

  • delivery_s3_uri(Option<String>):

    The URI for the S3 bucket where CloudTrail delivered query results, if applicable.

  • delivery_status(Option<DeliveryStatus>):

    The delivery status.

• On failure, responds with SdkError<DescribeQueryError>

impl Client

pub fn describe_trails(&self) -> DescribeTrailsFluentBuilder

Constructs a fluent builder for the DescribeTrails operation.

• The fluent builder is configurable:
  • trail_name_list(impl Into<String>) / set_trail_name_list(Option<Vec::<String>>):
    required: false
    

    Specifies a list of trail names, trail ARNs, or both, of the trails to describe. The format of a trail ARN is:

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    If an empty list is specified, information for the trail in the current Region is returned.

    • If an empty list is specified and IncludeShadowTrails is false, then information for all trails in the current Region is returned.

    • If an empty list is specified and IncludeShadowTrails is null or true, then information for all trails in the current Region and any associated shadow trails in other Regions is returned.

    If one or more trail names are specified, information is returned only if the names match the names of trails belonging only to the current Region and current account. To return information about a trail in another Region, you must specify its trail ARN.

    
    
  • include_shadow_trails(bool) / set_include_shadow_trails(Option<bool>):
    required: false
    

    Specifies whether to include shadow trails in the response. A shadow trail is the replication in a Region of a trail that was created in a different Region, or in the case of an organization trail, the replication of an organization trail in member accounts. If you do not include shadow trails, organization trails in a member account and Region replication trails will not be returned. The default is true.

    
    
• On success, responds with DescribeTrailsOutput with field(s):
  • trail_list(Option<Vec::<Trail>>):

    The list of trail objects. Trail objects with string values are only returned if values for the objects exist in a trail’s configuration. For example, SNSTopicName and SNSTopicARN are only returned in results if a trail is configured to send SNS notifications. Similarly, KMSKeyId only appears in results if a trail’s log files are encrypted with KMS customer managed keys.

• On failure, responds with SdkError<DescribeTrailsError>

impl Client

pub fn disable_federation(&self) -> DisableFederationFluentBuilder

Constructs a fluent builder for the DisableFederation operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or ID suffix of the ARN) of the event data store for which you want to disable Lake query federation.

    
    
• On success, responds with DisableFederationOutput with field(s):
  • event_data_store_arn(Option<String>):

    The ARN of the event data store for which you disabled Lake query federation.

  • federation_status(Option<FederationStatus>):

    The federation status.

• On failure, responds with SdkError<DisableFederationError>

impl Client

pub fn enable_federation(&self) -> EnableFederationFluentBuilder

Constructs a fluent builder for the EnableFederation operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or ID suffix of the ARN) of the event data store for which you want to enable Lake query federation.

    
    
  • federation_role_arn(impl Into<String>) / set_federation_role_arn(Option<String>):
    required: true
    

    The ARN of the federation role to use for the event data store. Amazon Web Services services like Lake Formation use this federation role to access data for the federated event data store. The federation role must exist in your account and provide the required minimum permissions.

    
    
• On success, responds with EnableFederationOutput with field(s):
  • event_data_store_arn(Option<String>):

    The ARN of the event data store for which you enabled Lake query federation.

  • federation_status(Option<FederationStatus>):

    The federation status.

  • federation_role_arn(Option<String>):

    The ARN of the federation role.

• On failure, responds with SdkError<EnableFederationError>

impl Client

pub fn get_channel(&self) -> GetChannelFluentBuilder

Constructs a fluent builder for the GetChannel operation.

• The fluent builder is configurable:
  • channel(impl Into<String>) / set_channel(Option<String>):
    required: true
    

    The ARN or UUID of a channel.

    
    
• On success, responds with GetChannelOutput with field(s):
  • channel_arn(Option<String>):

    The ARN of an channel returned by a GetChannel request.

  • name(Option<String>):

    The name of the CloudTrail channel. For service-linked channels, the name is aws-service-channel/service-name/custom-suffix where service-name represents the name of the Amazon Web Services service that created the channel and custom-suffix represents the suffix generated by the Amazon Web Services service.

  • source(Option<String>):

    The source for the CloudTrail channel.

  • source_config(Option<SourceConfig>):

    Provides information about the advanced event selectors configured for the channel, and whether the channel applies to all Regions or a single Region.

  • destinations(Option<Vec::<Destination>>):

    The destinations for the channel. For channels created for integrations, the destinations are the event data stores that log events arriving through the channel. For service-linked channels, the destination is the Amazon Web Services service that created the service-linked channel to receive events.

  • ingestion_status(Option<IngestionStatus>):

    A table showing information about the most recent successful and failed attempts to ingest events.

• On failure, responds with SdkError<GetChannelError>

impl Client

pub fn get_event_data_store(&self) -> GetEventDataStoreFluentBuilder

Constructs a fluent builder for the GetEventDataStore operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or ID suffix of the ARN) of the event data store about which you want information.

    
    
• On success, responds with GetEventDataStoreOutput with field(s):
  • event_data_store_arn(Option<String>):

    The event data store Amazon Resource Number (ARN).

  • name(Option<String>):

    The name of the event data store.

  • status(Option<EventDataStoreStatus>):

    The status of an event data store.

  • advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):

    The advanced event selectors used to select events for the data store.

  • multi_region_enabled(Option<bool>):

    Indicates whether the event data store includes events from all Regions, or only from the Region in which it was created.

  • organization_enabled(Option<bool>):

    Indicates whether an event data store is collecting logged events for an organization in Organizations.

  • retention_period(Option<i32>):

    The retention period of the event data store, in days.

  • termination_protection_enabled(Option<bool>):

    Indicates that termination protection is enabled.

  • created_timestamp(Option<DateTime>):

    The timestamp of the event data store’s creation.

  • updated_timestamp(Option<DateTime>):

    Shows the time that an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.

  • kms_key_id(Option<String>):

    Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.

    arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

  • billing_mode(Option<BillingMode>):

    The billing mode for the event data store.

  • federation_status(Option<FederationStatus>):

    Indicates the Lake query federation status. The status is ENABLED if Lake query federation is enabled, or DISABLED if Lake query federation is disabled. You cannot delete an event data store if the FederationStatus is ENABLED.

  • federation_role_arn(Option<String>):

    If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.

• On failure, responds with SdkError<GetEventDataStoreError>

impl Client

pub fn get_event_selectors(&self) -> GetEventSelectorsFluentBuilder

Constructs a fluent builder for the GetEventSelectors operation.

• The fluent builder is configurable:
  • trail_name(impl Into<String>) / set_trail_name(Option<String>):
    required: true
    

    Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

    • Start with a letter or number, and end with a letter or number

    • Be between 3 and 128 characters

    • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my–namespace are not valid.

    • Not be in IP address format (for example, 192.168.5.4)

    If you specify a trail ARN, it must be in the format:

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
• On success, responds with GetEventSelectorsOutput with field(s):
  • trail_arn(Option<String>):

    The specified trail ARN that has the event selectors.

  • event_selectors(Option<Vec::<EventSelector>>):

    The event selectors that are configured for the trail.

  • advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):

    The advanced event selectors that are configured for the trail.

• On failure, responds with SdkError<GetEventSelectorsError>

impl Client

pub fn get_import(&self) -> GetImportFluentBuilder

Constructs a fluent builder for the GetImport operation.

• The fluent builder is configurable:
  • import_id(impl Into<String>) / set_import_id(Option<String>):
    required: true
    

    The ID for the import.

    
    
• On success, responds with GetImportOutput with field(s):
  • import_id(Option<String>):

    The ID of the import.

  • destinations(Option<Vec::<String>>):

    The ARN of the destination event data store.

  • import_source(Option<ImportSource>):

    The source S3 bucket.

  • start_event_time(Option<DateTime>):

    Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

  • end_event_time(Option<DateTime>):

    Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

  • import_status(Option<ImportStatus>):

    The status of the import.

  • created_timestamp(Option<DateTime>):

    The timestamp of the import’s creation.

  • updated_timestamp(Option<DateTime>):

    The timestamp of when the import was updated.

  • import_statistics(Option<ImportStatistics>):

    Provides statistics for the import. CloudTrail does not update import statistics in real-time. Returned values for parameters such as EventsCompleted may be lower than the actual value, because CloudTrail updates statistics incrementally over the course of the import.

• On failure, responds with SdkError<GetImportError>

impl Client

pub fn get_insight_selectors(&self) -> GetInsightSelectorsFluentBuilder

Constructs a fluent builder for the GetInsightSelectors operation.

• The fluent builder is configurable:
  • trail_name(impl Into<String>) / set_trail_name(Option<String>):
    required: false
    

    Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

    • Start with a letter or number, and end with a letter or number

    • Be between 3 and 128 characters

    • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my–namespace are not valid.

    • Not be in IP address format (for example, 192.168.5.4)

    If you specify a trail ARN, it must be in the format:

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    You cannot use this parameter with the EventDataStore parameter.

    
    
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: false
    

    Specifies the ARN (or ID suffix of the ARN) of the event data store for which you want to get Insights selectors.

    You cannot use this parameter with the TrailName parameter.

    
    
• On success, responds with GetInsightSelectorsOutput with field(s):
  • trail_arn(Option<String>):

    The Amazon Resource Name (ARN) of a trail for which you want to get Insights selectors.

  • insight_selectors(Option<Vec::<InsightSelector>>):

    A JSON string that contains the Insight types you want to log on a trail or event data store. ApiErrorRateInsight and ApiCallRateInsight are supported as Insights types.

  • event_data_store_arn(Option<String>):

    The ARN of the source event data store that enabled Insights events.

  • insights_destination(Option<String>):

    The ARN of the destination event data store that logs Insights events.

• On failure, responds with SdkError<GetInsightSelectorsError>

impl Client

pub fn get_query_results(&self) -> GetQueryResultsFluentBuilder

Constructs a fluent builder for the GetQueryResults operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: false
    

    The ARN (or ID suffix of the ARN) of the event data store against which the query was run.

    
    
  • query_id(impl Into<String>) / set_query_id(Option<String>):
    required: true
    

    The ID of the query for which you want to get results.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token you can use to get the next page of query results.

    
    
  • max_query_results(i32) / set_max_query_results(Option<i32>):
    required: false
    

    The maximum number of query results to display on a single page.

    
    
• On success, responds with GetQueryResultsOutput with field(s):
  • query_status(Option<QueryStatus>):

    The status of the query. Values include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.

  • query_statistics(Option<QueryStatistics>):

    Shows the count of query results.

  • query_result_rows(Option<Vec::<Vec::<HashMap::<String, String>>>>):

    Contains the individual event results of the query.

  • next_token(Option<String>):

    A token you can use to get the next page of query results.

  • error_message(Option<String>):

    The error message returned if a query failed.

• On failure, responds with SdkError<GetQueryResultsError>

impl Client

pub fn get_resource_policy(&self) -> GetResourcePolicyFluentBuilder

Constructs a fluent builder for the GetResourcePolicy operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel.

    
    
• On success, responds with GetResourcePolicyOutput with field(s):
  • resource_arn(Option<String>):

    The Amazon Resource Name (ARN) of the CloudTrail channel attached to resource-based policy.

  • resource_policy(Option<String>):

    A JSON-formatted string that contains the resource-based policy attached to the CloudTrail channel.

• On failure, responds with SdkError<GetResourcePolicyError>

impl Client

pub fn get_trail(&self) -> GetTrailFluentBuilder

Constructs a fluent builder for the GetTrail operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    The name or the Amazon Resource Name (ARN) of the trail for which you want to retrieve settings information.

    
    
• On success, responds with GetTrailOutput with field(s):
  • trail(Option<Trail>):

    The settings for a trail.

• On failure, responds with SdkError<GetTrailError>

impl Client

pub fn get_trail_status(&self) -> GetTrailStatusFluentBuilder

Constructs a fluent builder for the GetTrailStatus operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    Specifies the name or the CloudTrail ARN of the trail for which you are requesting status. To get the status of a shadow trail (a replication of the trail in another Region), you must specify its ARN. The following is the format of a trail ARN.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
• On success, responds with GetTrailStatusOutput with field(s):
  • is_logging(Option<bool>):

    Whether the CloudTrail trail is currently logging Amazon Web Services API calls.

  • latest_delivery_error(Option<String>):

    Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket. For more information, see Error Responses in the Amazon S3 API Reference.

    This error occurs only when there is a problem with the destination S3 bucket, and does not occur for requests that time out. To resolve the issue, create a new bucket, and then call UpdateTrail to specify the new bucket; or fix the existing objects so that CloudTrail can again write to the bucket.

  • latest_notification_error(Option<String>):

    Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification. For more information about Amazon SNS errors, see the Amazon SNS Developer Guide.

  • latest_delivery_time(Option<DateTime>):

    Specifies the date and time that CloudTrail last delivered log files to an account’s Amazon S3 bucket.

  • latest_notification_time(Option<DateTime>):

    Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has written a new log file to an account’s Amazon S3 bucket.

  • start_logging_time(Option<DateTime>):

    Specifies the most recent date and time when CloudTrail started recording API calls for an Amazon Web Services account.

  • stop_logging_time(Option<DateTime>):

    Specifies the most recent date and time when CloudTrail stopped recording API calls for an Amazon Web Services account.

  • latest_cloud_watch_logs_delivery_error(Option<String>):

    Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs.

  • latest_cloud_watch_logs_delivery_time(Option<DateTime>):

    Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs.

  • latest_digest_delivery_time(Option<DateTime>):

    Specifies the date and time that CloudTrail last delivered a digest file to an account’s Amazon S3 bucket.

  • latest_digest_delivery_error(Option<String>):

    Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket. For more information, see Error Responses in the Amazon S3 API Reference.

    This error occurs only when there is a problem with the destination S3 bucket, and does not occur for requests that time out. To resolve the issue, create a new bucket, and then call UpdateTrail to specify the new bucket; or fix the existing objects so that CloudTrail can again write to the bucket.

  • latest_delivery_attempt_time(Option<String>):

    This field is no longer in use.

  • latest_notification_attempt_time(Option<String>):

    This field is no longer in use.

  • latest_notification_attempt_succeeded(Option<String>):

    This field is no longer in use.

  • latest_delivery_attempt_succeeded(Option<String>):

    This field is no longer in use.

  • time_logging_started(Option<String>):

    This field is no longer in use.

  • time_logging_stopped(Option<String>):

    This field is no longer in use.

• On failure, responds with SdkError<GetTrailStatusError>

impl Client

pub fn list_channels(&self) -> ListChannelsFluentBuilder

Constructs a fluent builder for the ListChannels operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of CloudTrail channels to display on a single page.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of ‘Username’ with a value of ‘root’, the call with NextToken should include those same parameters.

    
    
• On success, responds with ListChannelsOutput with field(s):
  • channels(Option<Vec::<Channel>>):

    The list of channels in the account.

  • next_token(Option<String>):

    The token to use to get the next page of results after a previous API call.

• On failure, responds with SdkError<ListChannelsError>

impl Client

pub fn list_event_data_stores(&self) -> ListEventDataStoresFluentBuilder

Constructs a fluent builder for the ListEventDataStores operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token you can use to get the next page of event data store results.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of event data stores to display on a single page.

    
    
• On success, responds with ListEventDataStoresOutput with field(s):
  • event_data_stores(Option<Vec::<EventDataStore>>):

    Contains information about event data stores in the account, in the current Region.

  • next_token(Option<String>):

    A token you can use to get the next page of results.

• On failure, responds with SdkError<ListEventDataStoresError>

impl Client

pub fn list_import_failures(&self) -> ListImportFailuresFluentBuilder

Constructs a fluent builder for the ListImportFailures operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • import_id(impl Into<String>) / set_import_id(Option<String>):
    required: true
    

    The ID of the import.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of failures to display on a single page.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token you can use to get the next page of import failures.

    
    
• On success, responds with ListImportFailuresOutput with field(s):
  • failures(Option<Vec::<ImportFailureListItem>>):

    Contains information about the import failures.

  • next_token(Option<String>):

    A token you can use to get the next page of results.

• On failure, responds with SdkError<ListImportFailuresError>

impl Client

pub fn list_imports(&self) -> ListImportsFluentBuilder

Constructs a fluent builder for the ListImports operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of imports to display on a single page.

    
    
  • destination(impl Into<String>) / set_destination(Option<String>):
    required: false
    

    The ARN of the destination event data store.

    
    
  • import_status(ImportStatus) / set_import_status(Option<ImportStatus>):
    required: false
    

    The status of the import.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token you can use to get the next page of import results.

    
    
• On success, responds with ListImportsOutput with field(s):
  • imports(Option<Vec::<ImportsListItem>>):

    The list of returned imports.

  • next_token(Option<String>):

    A token you can use to get the next page of import results.

• On failure, responds with SdkError<ListImportsError>

impl Client

pub fn list_insights_metric_data(&self) -> ListInsightsMetricDataFluentBuilder

Constructs a fluent builder for the ListInsightsMetricData operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • event_source(impl Into<String>) / set_event_source(Option<String>):
    required: true
    

    The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.

    
    
  • event_name(impl Into<String>) / set_event_name(Option<String>):
    required: true
    

    The name of the event, typically the Amazon Web Services API on which unusual levels of activity were recorded.

    
    
  • insight_type(InsightType) / set_insight_type(Option<InsightType>):
    required: true
    

    The type of CloudTrail Insights event, which is either ApiCallRateInsight or ApiErrorRateInsight. The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes.

    
    
  • error_code(impl Into<String>) / set_error_code(Option<String>):
    required: false
    

    Conditionally required if the InsightType parameter is set to ApiErrorRateInsight.

    If returning metrics for the ApiErrorRateInsight Insights type, this is the error to retrieve data for. For example, AccessDenied.

    
    
  • start_time(DateTime) / set_start_time(Option<DateTime>):
    required: false
    

    Specifies, in UTC, the start time for time-series data. The value specified is inclusive; results include data points with the specified time stamp.

    The default is 90 days before the time of request.

    
    
  • end_time(DateTime) / set_end_time(Option<DateTime>):
    required: false
    

    Specifies, in UTC, the end time for time-series data. The value specified is exclusive; results include data points up to the specified time stamp.

    The default is the time of request.

    
    
  • period(i32) / set_period(Option<i32>):
    required: false
    

    Granularity of data to retrieve, in seconds. Valid values are 60, 300, and 3600. If you specify any other value, you will get an error. The default is 3600 seconds.

    
    
  • data_type(InsightsMetricDataType) / set_data_type(Option<InsightsMetricDataType>):
    required: false
    

    Type of datapoints to return. Valid values are NonZeroData and FillWithZeros. The default is NonZeroData.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of datapoints to return. Valid values are integers from 1 to 21600. The default value is 21600.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Returned if all datapoints can’t be returned in a single call. For example, due to reaching MaxResults.

    Add this parameter to the request to continue retrieving results starting from the last evaluated point.

    
    
• On success, responds with ListInsightsMetricDataOutput with field(s):
  • event_source(Option<String>):

    The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.

  • event_name(Option<String>):

    The name of the event, typically the Amazon Web Services API on which unusual levels of activity were recorded.

  • insight_type(Option<InsightType>):

    The type of CloudTrail Insights event, which is either ApiCallRateInsight or ApiErrorRateInsight. The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume. The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes.

  • error_code(Option<String>):

    Only returned if InsightType parameter was set to ApiErrorRateInsight.

    If returning metrics for the ApiErrorRateInsight Insights type, this is the error to retrieve data for. For example, AccessDenied.

  • timestamps(Option<Vec::<DateTime>>):

    List of timestamps at intervals corresponding to the specified time period.

  • values(Option<Vec::<f64>>):

    List of values representing the API call rate or error rate at each timestamp. The number of values is equal to the number of timestamps.

  • next_token(Option<String>):

    Only returned if the full results could not be returned in a single query. You can set the NextToken parameter in the next request to this value to continue retrieval.

• On failure, responds with SdkError<ListInsightsMetricDataError>

impl Client

pub fn list_public_keys(&self) -> ListPublicKeysFluentBuilder

Constructs a fluent builder for the ListPublicKeys operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • start_time(DateTime) / set_start_time(Option<DateTime>):
    required: false
    

    Optionally specifies, in UTC, the start of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used, and the current public key is returned.

    
    
  • end_time(DateTime) / set_end_time(Option<DateTime>):
    required: false
    

    Optionally specifies, in UTC, the end of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Reserved for future use.

    
    
• On success, responds with ListPublicKeysOutput with field(s):
  • public_key_list(Option<Vec::<PublicKey>>):

    Contains an array of PublicKey objects.

    The returned public keys may have validity time ranges that overlap.

  • next_token(Option<String>):

    Reserved for future use.

• On failure, responds with SdkError<ListPublicKeysError>

impl Client

pub fn list_queries(&self) -> ListQueriesFluentBuilder

Constructs a fluent builder for the ListQueries operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or the ID suffix of the ARN) of an event data store on which queries were run.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token you can use to get the next page of results.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of queries to show on a page.

    
    
  • start_time(DateTime) / set_start_time(Option<DateTime>):
    required: false
    

    Use with EndTime to bound a ListQueries request, and limit its results to only those queries run within a specified time period.

    
    
  • end_time(DateTime) / set_end_time(Option<DateTime>):
    required: false
    

    Use with StartTime to bound a ListQueries request, and limit its results to only those queries run within a specified time period.

    
    
  • query_status(QueryStatus) / set_query_status(Option<QueryStatus>):
    required: false
    

    The status of queries that you want to return in results. Valid values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.

    
    
• On success, responds with ListQueriesOutput with field(s):
  • queries(Option<Vec::<Query>>):

    Lists matching query results, and shows query ID, status, and creation time of each query.

  • next_token(Option<String>):

    A token you can use to get the next page of results.

• On failure, responds with SdkError<ListQueriesError>

impl Client

pub fn list_tags(&self) -> ListTagsFluentBuilder

Constructs a fluent builder for the ListTags operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • resource_id_list(impl Into<String>) / set_resource_id_list(Option<Vec::<String>>):
    required: true
    

    Specifies a list of trail, event data store, or channel ARNs whose tags will be listed. The list has a limit of 20 ARNs.

    Example trail ARN format: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

    Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Reserved for future use.

    
    
• On success, responds with ListTagsOutput with field(s):
  • resource_tag_list(Option<Vec::<ResourceTag>>):

    A list of resource tags.

  • next_token(Option<String>):

    Reserved for future use.

• On failure, responds with SdkError<ListTagsError>

impl Client

pub fn list_trails(&self) -> ListTrailsFluentBuilder

Constructs a fluent builder for the ListTrails operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of ‘Username’ with a value of ‘root’, the call with NextToken should include those same parameters.

    
    
• On success, responds with ListTrailsOutput with field(s):
  • trails(Option<Vec::<TrailInfo>>):

    Returns the name, ARN, and home Region of trails in the current account.

  • next_token(Option<String>):

    The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified an AttributeKey of ‘Username’ with a value of ‘root’, the call with NextToken should include those same parameters.

• On failure, responds with SdkError<ListTrailsError>

impl Client

pub fn lookup_events(&self) -> LookupEventsFluentBuilder

Constructs a fluent builder for the LookupEvents operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • lookup_attributes(LookupAttribute) / set_lookup_attributes(Option<Vec::<LookupAttribute>>):
    required: false
    

    Contains a list of lookup attributes. Currently the list can contain only one item.

    
    
  • start_time(DateTime) / set_start_time(Option<DateTime>):
    required: false
    

    Specifies that only events that occur after or at the specified time are returned. If the specified start time is after the specified end time, an error is returned.

    
    
  • end_time(DateTime) / set_end_time(Option<DateTime>):
    required: false
    

    Specifies that only events that occur before or at the specified time are returned. If the specified end time is before the specified start time, an error is returned.

    
    
  • event_category(EventCategory) / set_event_category(Option<EventCategory>):
    required: false
    

    Specifies the event category. If you do not specify an event category, events of the category are not returned in the response. For example, if you do not specify insight as the value of EventCategory, no Insights events are returned.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The number of events to return. Possible values are 1 through 50. The default is 50.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified an AttributeKey of ‘Username’ with a value of ‘root’, the call with NextToken should include those same parameters.

    
    
• On success, responds with LookupEventsOutput with field(s):
  • events(Option<Vec::<Event>>):

    A list of events returned based on the lookup attributes specified and the CloudTrail event. The events list is sorted by time. The most recent event is listed first.

  • next_token(Option<String>):

    The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified an AttributeKey of ‘Username’ with a value of ‘root’, the call with NextToken should include those same parameters.

• On failure, responds with SdkError<LookupEventsError>

impl Client

pub fn put_event_selectors(&self) -> PutEventSelectorsFluentBuilder

Constructs a fluent builder for the PutEventSelectors operation.

• The fluent builder is configurable:
  • trail_name(impl Into<String>) / set_trail_name(Option<String>):
    required: true
    

    Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

    • Start with a letter or number, and end with a letter or number

    • Be between 3 and 128 characters

    • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my–namespace are not valid.

    • Not be in IP address format (for example, 192.168.5.4)

    If you specify a trail ARN, it must be in the following format.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
  • event_selectors(EventSelector) / set_event_selectors(Option<Vec::<EventSelector>>):
    required: false
    

    Specifies the settings for your event selectors. You can configure up to five event selectors for a trail. You can use either EventSelectors or AdvancedEventSelectors in a PutEventSelectors request, but not both. If you apply EventSelectors to a trail, any existing AdvancedEventSelectors are overwritten.

    
    
  • advanced_event_selectors(AdvancedEventSelector) / set_advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):
    required: false
    

    Specifies the settings for advanced event selectors. You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors, but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events in the CloudTrail User Guide.

    
    
• On success, responds with PutEventSelectorsOutput with field(s):
  • trail_arn(Option<String>):

    Specifies the ARN of the trail that was updated with event selectors. The following is the format of a trail ARN.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

  • event_selectors(Option<Vec::<EventSelector>>):

    Specifies the event selectors configured for your trail.

  • advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):

    Specifies the advanced event selectors configured for your trail.

• On failure, responds with SdkError<PutEventSelectorsError>

impl Client

pub fn put_insight_selectors(&self) -> PutInsightSelectorsFluentBuilder

Constructs a fluent builder for the PutInsightSelectors operation.

• The fluent builder is configurable:
  • trail_name(impl Into<String>) / set_trail_name(Option<String>):
    required: false
    

    The name of the CloudTrail trail for which you want to change or add Insights selectors.

    You cannot use this parameter with the EventDataStore and InsightsDestination parameters.

    
    
  • insight_selectors(InsightSelector) / set_insight_selectors(Option<Vec::<InsightSelector>>):
    required: true
    

    A JSON string that contains the Insights types you want to log on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.

    The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.

    The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.

    
    
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: false
    

    The ARN (or ID suffix of the ARN) of the source event data store for which you want to change or add Insights selectors. To enable Insights on an event data store, you must provide both the EventDataStore and InsightsDestination parameters.

    You cannot use this parameter with the TrailName parameter.

    
    
  • insights_destination(impl Into<String>) / set_insights_destination(Option<String>):
    required: false
    

    The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. To enable Insights on an event data store, you must provide both the EventDataStore and InsightsDestination parameters.

    You cannot use this parameter with the TrailName parameter.

    
    
• On success, responds with PutInsightSelectorsOutput with field(s):
  • trail_arn(Option<String>):

    The Amazon Resource Name (ARN) of a trail for which you want to change or add Insights selectors.

  • insight_selectors(Option<Vec::<InsightSelector>>):

    A JSON string that contains the Insights event types that you want to log on a trail or event data store. The valid Insights types are ApiErrorRateInsight and ApiCallRateInsight.

  • event_data_store_arn(Option<String>):

    The Amazon Resource Name (ARN) of the source event data store for which you want to change or add Insights selectors.

  • insights_destination(Option<String>):

    The ARN of the destination event data store that logs Insights events.

• On failure, responds with SdkError<PutInsightSelectorsError>

impl Client

pub fn put_resource_policy(&self) -> PutResourcePolicyFluentBuilder

Constructs a fluent builder for the PutResourcePolicy operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel.

    
    
  • resource_policy(impl Into<String>) / set_resource_policy(Option<String>):
    required: true
    

    A JSON-formatted string for an Amazon Web Services resource-based policy.

    The following are requirements for the resource policy:

    • Contains only one action: cloudtrail-data:PutAuditEvents

    • Contains at least one statement. The policy can have a maximum of 20 statements.

    • Each statement contains at least one principal. A statement can have a maximum of 50 principals.

    
    
• On success, responds with PutResourcePolicyOutput with field(s):
  • resource_arn(Option<String>):

    The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy.

  • resource_policy(Option<String>):

    The JSON-formatted string of the Amazon Web Services resource-based policy attached to the CloudTrail channel.

• On failure, responds with SdkError<PutResourcePolicyError>

impl Client

pub fn register_organization_delegated_admin( &self ) -> RegisterOrganizationDelegatedAdminFluentBuilder

Constructs a fluent builder for the RegisterOrganizationDelegatedAdmin operation.

• The fluent builder is configurable:
  • member_account_id(impl Into<String>) / set_member_account_id(Option<String>):
    required: true
    

    An organization member account ID that you want to designate as a delegated administrator.

    
    
• On success, responds with RegisterOrganizationDelegatedAdminOutput
• On failure, responds with SdkError<RegisterOrganizationDelegatedAdminError>

impl Client

pub fn remove_tags(&self) -> RemoveTagsFluentBuilder

Constructs a fluent builder for the RemoveTags operation.

• The fluent builder is configurable:
  • resource_id(impl Into<String>) / set_resource_id(Option<String>):
    required: true
    

    Specifies the ARN of the trail, event data store, or channel from which tags should be removed.

    Example trail ARN format: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

    Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

    
    
  • tags_list(Tag) / set_tags_list(Option<Vec::<Tag>>):
    required: true
    

    Specifies a list of tags to be removed.

    
    
• On success, responds with RemoveTagsOutput
• On failure, responds with SdkError<RemoveTagsError>

impl Client

pub fn restore_event_data_store(&self) -> RestoreEventDataStoreFluentBuilder

Constructs a fluent builder for the RestoreEventDataStore operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or the ID suffix of the ARN) of the event data store that you want to restore.

    
    
• On success, responds with RestoreEventDataStoreOutput with field(s):
  • event_data_store_arn(Option<String>):

    The event data store ARN.

  • name(Option<String>):

    The name of the event data store.

  • status(Option<EventDataStoreStatus>):

    The status of the event data store.

  • advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):

    The advanced event selectors that were used to select events.

  • multi_region_enabled(Option<bool>):

    Indicates whether the event data store is collecting events from all Regions, or only from the Region in which the event data store was created.

  • organization_enabled(Option<bool>):

    Indicates whether an event data store is collecting logged events for an organization in Organizations.

  • retention_period(Option<i32>):

    The retention period, in days.

  • termination_protection_enabled(Option<bool>):

    Indicates that termination protection is enabled and the event data store cannot be automatically deleted.

  • created_timestamp(Option<DateTime>):

    The timestamp of an event data store’s creation.

  • updated_timestamp(Option<DateTime>):

    The timestamp that shows when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.

  • kms_key_id(Option<String>):

    Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.

    arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

  • billing_mode(Option<BillingMode>):

    The billing mode for the event data store.

• On failure, responds with SdkError<RestoreEventDataStoreError>

impl Client

pub fn start_event_data_store_ingestion( &self ) -> StartEventDataStoreIngestionFluentBuilder

Constructs a fluent builder for the StartEventDataStoreIngestion operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or ID suffix of the ARN) of the event data store for which you want to start ingestion.

    
    
• On success, responds with StartEventDataStoreIngestionOutput
• On failure, responds with SdkError<StartEventDataStoreIngestionError>

impl Client

pub fn start_import(&self) -> StartImportFluentBuilder

Constructs a fluent builder for the StartImport operation.

• The fluent builder is configurable:
  • destinations(impl Into<String>) / set_destinations(Option<Vec::<String>>):
    required: false
    

    The ARN of the destination event data store. Use this parameter for a new import.

    
    
  • import_source(ImportSource) / set_import_source(Option<ImportSource>):
    required: false
    

    The source S3 bucket for the import. Use this parameter for a new import.

    
    
  • start_event_time(DateTime) / set_start_event_time(Option<DateTime>):
    required: false
    

    Use with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period. When you specify a time range, CloudTrail checks the prefix and log file names to verify the names contain a date between the specified StartEventTime and EndEventTime before attempting to import events.

    
    
  • end_event_time(DateTime) / set_end_event_time(Option<DateTime>):
    required: false
    

    Use with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period. When you specify a time range, CloudTrail checks the prefix and log file names to verify the names contain a date between the specified StartEventTime and EndEventTime before attempting to import events.

    
    
  • import_id(impl Into<String>) / set_import_id(Option<String>):
    required: false
    

    The ID of the import. Use this parameter when you are retrying an import.

    
    
• On success, responds with StartImportOutput with field(s):
  • import_id(Option<String>):

    The ID of the import.

  • destinations(Option<Vec::<String>>):

    The ARN of the destination event data store.

  • import_source(Option<ImportSource>):

    The source S3 bucket for the import.

  • start_event_time(Option<DateTime>):

    Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

  • end_event_time(Option<DateTime>):

    Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

  • import_status(Option<ImportStatus>):

    Shows the status of the import after a StartImport request. An import finishes with a status of COMPLETED if there were no failures, or FAILED if there were failures.

  • created_timestamp(Option<DateTime>):

    The timestamp for the import’s creation.

  • updated_timestamp(Option<DateTime>):

    The timestamp of the import’s last update, if applicable.

• On failure, responds with SdkError<StartImportError>

impl Client

pub fn start_logging(&self) -> StartLoggingFluentBuilder

Constructs a fluent builder for the StartLogging operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs Amazon Web Services API calls. The following is the format of a trail ARN.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
• On success, responds with StartLoggingOutput
• On failure, responds with SdkError<StartLoggingError>

impl Client

pub fn start_query(&self) -> StartQueryFluentBuilder

Constructs a fluent builder for the StartQuery operation.

• The fluent builder is configurable:
  • query_statement(impl Into<String>) / set_query_statement(Option<String>):
    required: false
    

    The SQL code of your query.

    
    
  • delivery_s3_uri(impl Into<String>) / set_delivery_s3_uri(Option<String>):
    required: false
    

    The URI for the S3 bucket where CloudTrail delivers the query results.

    
    
  • query_alias(impl Into<String>) / set_query_alias(Option<String>):
    required: false
    

    The alias that identifies a query template.

    
    
  • query_parameters(impl Into<String>) / set_query_parameters(Option<Vec::<String>>):
    required: false
    

    The query parameters for the specified QueryAlias.

    
    
• On success, responds with StartQueryOutput with field(s):
  • query_id(Option<String>):

    The ID of the started query.

• On failure, responds with SdkError<StartQueryError>

impl Client

pub fn stop_event_data_store_ingestion( &self ) -> StopEventDataStoreIngestionFluentBuilder

Constructs a fluent builder for the StopEventDataStoreIngestion operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or ID suffix of the ARN) of the event data store for which you want to stop ingestion.

    
    
• On success, responds with StopEventDataStoreIngestionOutput
• On failure, responds with SdkError<StopEventDataStoreIngestionError>

impl Client

pub fn stop_import(&self) -> StopImportFluentBuilder

Constructs a fluent builder for the StopImport operation.

• The fluent builder is configurable:
  • import_id(impl Into<String>) / set_import_id(Option<String>):
    required: true
    

    The ID of the import.

    
    
• On success, responds with StopImportOutput with field(s):
  • import_id(Option<String>):

    The ID for the import.

  • import_source(Option<ImportSource>):

    The source S3 bucket for the import.

  • destinations(Option<Vec::<String>>):

    The ARN of the destination event data store.

  • import_status(Option<ImportStatus>):

    The status of the import.

  • created_timestamp(Option<DateTime>):

    The timestamp of the import’s creation.

  • updated_timestamp(Option<DateTime>):

    The timestamp of the import’s last update.

  • start_event_time(Option<DateTime>):

    Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

  • end_event_time(Option<DateTime>):

    Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

  • import_statistics(Option<ImportStatistics>):

    Returns information on the stopped import.

• On failure, responds with SdkError<StopImportError>

impl Client

pub fn stop_logging(&self) -> StopLoggingFluentBuilder

Constructs a fluent builder for the StopLogging operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    Specifies the name or the CloudTrail ARN of the trail for which CloudTrail will stop logging Amazon Web Services API calls. The following is the format of a trail ARN.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
• On success, responds with StopLoggingOutput
• On failure, responds with SdkError<StopLoggingError>

impl Client

pub fn update_channel(&self) -> UpdateChannelFluentBuilder

Constructs a fluent builder for the UpdateChannel operation.

• The fluent builder is configurable:
  • channel(impl Into<String>) / set_channel(Option<String>):
    required: true
    

    The ARN or ID (the ARN suffix) of the channel that you want to update.

    
    
  • destinations(Destination) / set_destinations(Option<Vec::<Destination>>):
    required: false
    

    The ARNs of event data stores that you want to log events arriving through the channel.

    
    
  • name(impl Into<String>) / set_name(Option<String>):
    required: false
    

    Changes the name of the channel.

    
    
• On success, responds with UpdateChannelOutput with field(s):
  • channel_arn(Option<String>):

    The ARN of the channel that was updated.

  • name(Option<String>):

    The name of the channel that was updated.

  • source(Option<String>):

    The event source of the channel that was updated.

  • destinations(Option<Vec::<Destination>>):

    The event data stores that log events arriving through the channel.

• On failure, responds with SdkError<UpdateChannelError>

impl Client

pub fn update_event_data_store(&self) -> UpdateEventDataStoreFluentBuilder

Constructs a fluent builder for the UpdateEventDataStore operation.

• The fluent builder is configurable:
  • event_data_store(impl Into<String>) / set_event_data_store(Option<String>):
    required: true
    

    The ARN (or the ID suffix of the ARN) of the event data store that you want to update.

    
    
  • name(impl Into<String>) / set_name(Option<String>):
    required: false
    

    The event data store name.

    
    
  • advanced_event_selectors(AdvancedEventSelector) / set_advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):
    required: false
    

    The advanced event selectors used to select events for the event data store. You can configure up to five advanced event selectors for each event data store.

    
    
  • multi_region_enabled(bool) / set_multi_region_enabled(Option<bool>):
    required: false
    

    Specifies whether an event data store collects events from all Regions, or only from the Region in which it was created.

    
    
  • organization_enabled(bool) / set_organization_enabled(Option<bool>):
    required: false
    

    Specifies whether an event data store collects events logged for an organization in Organizations.

    Only the management account for the organization can convert an organization event data store to a non-organization event data store, or convert a non-organization event data store to an organization event data store.

    
    
  • retention_period(i32) / set_retention_period(Option<i32>):
    required: false
    

    The retention period of the event data store, in days. If BillingMode is set to EXTENDABLE_RETENTION_PRICING, you can set a retention period of up to 3653 days, the equivalent of 10 years. If BillingMode is set to FIXED_RETENTION_PRICING, you can set a retention period of up to 2557 days, the equivalent of seven years.

    CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.

    If you decrease the retention period of an event data store, CloudTrail will remove any events with an eventTime older than the new retention period. For example, if the previous retention period was 365 days and you decrease it to 100 days, CloudTrail will remove events with an eventTime older than 100 days.

    
    
  • termination_protection_enabled(bool) / set_termination_protection_enabled(Option<bool>):
    required: false
    

    Indicates that termination protection is enabled and the event data store cannot be automatically deleted.

    
    
  • kms_key_id(impl Into<String>) / set_kms_key_id(Option<String>):
    required: false
    

    Specifies the KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.

    Disabling or deleting the KMS key, or removing CloudTrail permissions on the key, prevents CloudTrail from logging events to the event data store, and prevents users from querying the data in the event data store that was encrypted with the key. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. Before you disable or delete a KMS key that you are using with an event data store, delete or back up your event data store.

    CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.

    Examples:

    • alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

    • 12345678-1234-1234-1234-123456789012

    
    
  • billing_mode(BillingMode) / set_billing_mode(Option<BillingMode>):
    required: false
    

    You can’t change the billing mode from EXTENDABLE_RETENTION_PRICING to FIXED_RETENTION_PRICING. If BillingMode is set to EXTENDABLE_RETENTION_PRICING and you want to use FIXED_RETENTION_PRICING instead, you’ll need to stop ingestion on the event data store and create a new event data store that uses FIXED_RETENTION_PRICING.

    The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.

    The following are the possible values:

    • EXTENDABLE_RETENTION_PRICING - This billing mode is generally recommended if you want a flexible retention period of up to 3653 days (about 10 years). The default retention period for this billing mode is 366 days.

    • FIXED_RETENTION_PRICING - This billing mode is recommended if you expect to ingest more than 25 TB of event data per month and need a retention period of up to 2557 days (about 7 years). The default retention period for this billing mode is 2557 days.

    For more information about CloudTrail pricing, see CloudTrail Pricing and Managing CloudTrail Lake costs.

    
    
• On success, responds with UpdateEventDataStoreOutput with field(s):
  • event_data_store_arn(Option<String>):

    The ARN of the event data store.

  • name(Option<String>):

    The name of the event data store.

  • status(Option<EventDataStoreStatus>):

    The status of an event data store.

  • advanced_event_selectors(Option<Vec::<AdvancedEventSelector>>):

    The advanced event selectors that are applied to the event data store.

  • multi_region_enabled(Option<bool>):

    Indicates whether the event data store includes events from all Regions, or only from the Region in which it was created.

  • organization_enabled(Option<bool>):

    Indicates whether an event data store is collecting logged events for an organization in Organizations.

  • retention_period(Option<i32>):

    The retention period, in days.

  • termination_protection_enabled(Option<bool>):

    Indicates whether termination protection is enabled for the event data store.

  • created_timestamp(Option<DateTime>):

    The timestamp that shows when an event data store was first created.

  • updated_timestamp(Option<DateTime>):

    The timestamp that shows when the event data store was last updated. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp.

  • kms_key_id(Option<String>):

    Specifies the KMS key ID that encrypts the events delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.

    arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

  • billing_mode(Option<BillingMode>):

    The billing mode for the event data store.

  • federation_status(Option<FederationStatus>):

    Indicates the Lake query federation status. The status is ENABLED if Lake query federation is enabled, or DISABLED if Lake query federation is disabled. You cannot delete an event data store if the FederationStatus is ENABLED.

  • federation_role_arn(Option<String>):

    If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.

• On failure, responds with SdkError<UpdateEventDataStoreError>

impl Client

pub fn update_trail(&self) -> UpdateTrailFluentBuilder

Constructs a fluent builder for the UpdateTrail operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    Specifies the name of the trail or trail ARN. If Name is a trail name, the string must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

    • Start with a letter or number, and end with a letter or number

    • Be between 3 and 128 characters

    • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my–namespace are not valid.

    • Not be in IP address format (for example, 192.168.5.4)

    If Name is a trail ARN, it must be in the following format.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

    
    
  • s3_bucket_name(impl Into<String>) / set_s3_bucket_name(Option<String>):
    required: false
    

    Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements.

    
    
  • s3_key_prefix(impl Into<String>) / set_s3_key_prefix(Option<String>):
    required: false
    

    Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.

    
    
  • sns_topic_name(impl Into<String>) / set_sns_topic_name(Option<String>):
    required: false
    

    Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.

    
    
  • include_global_service_events(bool) / set_include_global_service_events(Option<bool>):
    required: false
    

    Specifies whether the trail is publishing events from global services such as IAM to the log files.

    
    
  • is_multi_region_trail(bool) / set_is_multi_region_trail(Option<bool>):
    required: false
    

    Specifies whether the trail applies only to the current Region or to all Regions. The default is false. If the trail exists only in the current Region and this value is set to true, shadow trails (replications of the trail) will be created in the other Regions. If the trail exists in all Regions and this value is set to false, the trail will remain in the Region where it was created, and its shadow trails in other Regions will be deleted. As a best practice, consider using trails that log events in all Regions.

    
    
  • enable_log_file_validation(bool) / set_enable_log_file_validation(Option<bool>):
    required: false
    

    Specifies whether log file validation is enabled. The default is false.

    When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.

    
    
  • cloud_watch_logs_log_group_arn(impl Into<String>) / set_cloud_watch_logs_log_group_arn(Option<String>):
    required: false
    

    Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered. You must use a log group that exists in your account.

    Not required unless you specify CloudWatchLogsRoleArn.

    
    
  • cloud_watch_logs_role_arn(impl Into<String>) / set_cloud_watch_logs_role_arn(Option<String>):
    required: false
    

    Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group. You must use a role that exists in your account.

    
    
  • kms_key_id(impl Into<String>) / set_kms_key_id(Option<String>):
    required: false
    

    Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by “alias/”, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.

    CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.

    Examples:

    • alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:alias/MyAliasName

    • arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

    • 12345678-1234-1234-1234-123456789012

    
    
  • is_organization_trail(bool) / set_is_organization_trail(Option<bool>):
    required: false
    

    Specifies whether the trail is applied to all accounts in an organization in Organizations, or only for the current Amazon Web Services account. The default is false, and cannot be true unless the call is made on behalf of an Amazon Web Services account that is the management account for an organization in Organizations. If the trail is not an organization trail and this is set to true, the trail will be created in all Amazon Web Services accounts that belong to the organization. If the trail is an organization trail and this is set to false, the trail will remain in the current Amazon Web Services account but be deleted from all member accounts in the organization.

    Only the management account for the organization can convert an organization trail to a non-organization trail, or convert a non-organization trail to an organization trail.

    
    
• On success, responds with UpdateTrailOutput with field(s):
  • name(Option<String>):

    Specifies the name of the trail.

  • s3_bucket_name(Option<String>):

    Specifies the name of the Amazon S3 bucket designated for publishing log files.

  • s3_key_prefix(Option<String>):

    Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your IAM Log Files.

  • sns_topic_name(Option<String>):

    This field is no longer in use. Use SnsTopicARN.

  • sns_topic_arn(Option<String>):

    Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The following is the format of a topic ARN.

    arn:aws:sns:us-east-2:123456789012:MyTopic

  • include_global_service_events(Option<bool>):

    Specifies whether the trail is publishing events from global services such as IAM to the log files.

  • is_multi_region_trail(Option<bool>):

    Specifies whether the trail exists in one Region or in all Regions.

  • trail_arn(Option<String>):

    Specifies the ARN of the trail that was updated. The following is the format of a trail ARN.

    arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

  • log_file_validation_enabled(Option<bool>):

    Specifies whether log file integrity validation is enabled.

  • cloud_watch_logs_log_group_arn(Option<String>):

    Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs are delivered.

  • cloud_watch_logs_role_arn(Option<String>):

    Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.

  • kms_key_id(Option<String>):

    Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.

    arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

  • is_organization_trail(Option<bool>):

    Specifies whether the trail is an organization trail.

• On failure, responds with SdkError<UpdateTrailError>

impl Client

pub fn from_conf(conf: Config) -> Self

Creates a new client from the service Config.

Panics

This method will panic in the following cases:

• Retries or timeouts are enabled without a sleep_impl configured.
• Identity caching is enabled without a sleep_impl and time_source configured.
• No behavior_version is provided.

The panic message for each of these will have instructions on how to resolve them.

pub fn config(&self) -> &Config

Returns the client’s configuration.

impl Client

pub fn new(sdk_config: &SdkConfig) -> Self

Creates a new client from an SDK Config.

Panics

• This method will panic if the sdk_config is missing an async sleep implementation. If you experience this panic, set the sleep_impl on the Config passed into this function to fix it.
• This method will panic if the sdk_config is missing an HTTP connector. If you experience this panic, set the http_connector on the Config passed into this function to fix it.
• This method will panic if no BehaviorVersion is provided. If you experience this panic, set behavior_version on the Config or enable the behavior-version-latest Cargo feature.

Trait Implementations

impl Clone for Client

fn clone(&self) -> Client

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Client

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.