Crate rusoto_cloudtrail
source · [−]Expand description
This is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters, and common errors for CloudTrail.
CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service.
As an alternative to the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWSCloudTrail. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.
See the AWS CloudTrail User Guide for information about the data that is included with each AWS API call listed in the log files.
If you’re using the service, you’re probably looking for CloudTrailClient and CloudTrail.
Structs
Specifies the tags to add to a trail.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see Logging data events for trails in the AWS CloudTrail User Guide.
-
readOnly -
eventSource -
eventName -
eventCategory -
resources.type -
resources.ARN
You cannot apply both event selectors and advanced event selectors to a trail.
A single selector statement in an advanced event selector.
A client for the CloudTrail API.
Specifies the settings for each trail.
Returns the objects or data listed below if successful. Otherwise, returns an error.
The Amazon S3 buckets, AWS Lambda functions, or Amazon DynamoDB tables that you specify in your event selectors for your trail to log data events. Data events provide information about the resource operations performed on or within a resource itself. These are also known as data plane operations. You can specify up to 250 data resources for a trail.
The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors.
If you are using advanced event selectors, the maximum total number of values for all conditions, across all advanced event selectors for the trail, is 500.
The following example demonstrates how logging works when you configure logging of all data events for an S3 bucket named bucket-1. In this example, the CloudTrail user specified an empty prefix, and the option to log both Read and Write data events.
-
A user uploads an image file to
bucket-1. -
The
PutObjectAPI operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. -
A user uploads an object to an Amazon S3 bucket named
arn:aws:s3:::bucket-2. -
The
PutObjectAPI operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event.
The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named MyLambdaFunction, but not for all AWS Lambda functions.
-
A user runs a script that includes a call to the MyLambdaFunction function and the MyOtherLambdaFunction function.
-
The
InvokeAPI operation on MyLambdaFunction is an AWS Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for MyLambdaFunction, any invocations of that function are logged. The trail processes and logs the event. -
The
InvokeAPI operation on MyOtherLambdaFunction is an AWS Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, theInvokeoperation for MyOtherLambdaFunction does not match the function specified for the trail. The trail doesn’t log the event.
The request that specifies the name of a trail to delete.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Returns information about the trail.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Contains information about an event that was returned by a lookup request. The result includes a representation of a CloudTrail event.
Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.
You can configure up to five event selectors for a trail.
You cannot apply both event selectors and advanced event selectors to a trail.
The name of a trail about which you want the current status.
Returns the objects or data listed below if successful. Otherwise, returns an error.
A JSON string that contains a list of insight types that are logged on a trail.
Requests the public keys for a specified time range.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Specifies a list of trail tags to return.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Specifies an attribute and value that filter the events returned.
Contains a request for LookupEvents.
Contains a response to a LookupEvents action.
Contains information about a returned public key.
Specifies the tags to remove from a trail.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Specifies the type and name of a resource referenced by an event.
A resource tag.
The request to CloudTrail to start logging AWS API calls for an account.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Passes the request to CloudTrail to stop logging AWS API calls for the specified account.
Returns the objects or data listed below if successful. Otherwise, returns an error.
A custom key-value pair associated with a resource such as a CloudTrail trail.
The settings for a trail.
Information about a CloudTrail trail, including the trail's name, home region, and Amazon Resource Name (ARN).
Specifies settings to update for the trail.
Returns the objects or data listed below if successful. Otherwise, returns an error.
Enums
Errors returned by AddTags
Errors returned by CreateTrail
Errors returned by DeleteTrail
Errors returned by DescribeTrails
Errors returned by GetEventSelectors
Errors returned by GetInsightSelectors
Errors returned by GetTrail
Errors returned by GetTrailStatus
Errors returned by ListPublicKeys
Errors returned by ListTags
Errors returned by ListTrails
Errors returned by LookupEvents
Errors returned by PutEventSelectors
Errors returned by PutInsightSelectors
Errors returned by RemoveTags
Errors returned by StartLogging
Errors returned by StopLogging
Errors returned by UpdateTrail
Traits
Trait representing the capabilities of the CloudTrail API. CloudTrail clients implement this trait.