[][src]Crate rusoto_cloudtrail

AWS CloudTrail

This is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters, and common errors for CloudTrail.

CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service.

As an alternative to the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWSCloudTrail. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

See the AWS CloudTrail User Guide for information about the data that is included with each AWS API call listed in the log files.

If you're using the service, you're probably looking for CloudTrailClient and CloudTrail.

Structs

AddTagsRequest

Specifies the tags to add to a trail.

AddTagsResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

CloudTrailClient

A client for the CloudTrail API.

CreateTrailRequest

Specifies the settings for each trail.

CreateTrailResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

DataResource

The Amazon S3 buckets or AWS Lambda functions that you specify in your event selectors for your trail to log data events. Data events provide insight into the resource operations performed on or within a resource itself. These are also known as data plane operations. You can specify up to 250 data resources for a trail.

The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors.

The following example demonstrates how logging works when you configure logging of all data events for an S3 bucket named bucket-1. In this example, the CloudTrail user spcified an empty prefix, and the option to log both Read and Write data events.

  1. A user uploads an image file to bucket-1.

  2. The PutObject API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event.

  3. A user uploads an object to an Amazon S3 bucket named arn:aws:s3:::bucket-2.

  4. The PutObject API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event.

The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named MyLambdaFunction, but not for all AWS Lambda functions.

  1. A user runs a script that includes a call to the MyLambdaFunction function and the MyOtherLambdaFunction function.

  2. The Invoke API operation on MyLambdaFunction is an AWS Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for MyLambdaFunction, any invocations of that function are logged. The trail processes and logs the event.

  3. The Invoke API operation on MyOtherLambdaFunction is an AWS Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the Invoke operation for MyOtherLambdaFunction does not match the function specified for the trail. The trail doesn’t log the event.

DeleteTrailRequest

The request that specifies the name of a trail to delete.

DeleteTrailResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

DescribeTrailsRequest

Returns information about the trail.

DescribeTrailsResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

Event

Contains information about an event that was returned by a lookup request. The result includes a representation of a CloudTrail event.

EventSelector

Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

You can configure up to five event selectors for a trail.

GetEventSelectorsRequest
GetEventSelectorsResponse
GetTrailStatusRequest

The name of a trail about which you want the current status.

GetTrailStatusResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

ListPublicKeysRequest

Requests the public keys for a specified time range.

ListPublicKeysResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

ListTagsRequest

Specifies a list of trail tags to return.

ListTagsResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

LookupAttribute

Specifies an attribute and value that filter the events returned.

LookupEventsRequest

Contains a request for LookupEvents.

LookupEventsResponse

Contains a response to a LookupEvents action.

PublicKey

Contains information about a returned public key.

PutEventSelectorsRequest
PutEventSelectorsResponse
RemoveTagsRequest

Specifies the tags to remove from a trail.

RemoveTagsResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

Resource

Specifies the type and name of a resource referenced by an event.

ResourceTag

A resource tag.

StartLoggingRequest

The request to CloudTrail to start logging AWS API calls for an account.

StartLoggingResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

StopLoggingRequest

Passes the request to CloudTrail to stop logging AWS API calls for the specified account.

StopLoggingResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

Tag

A custom key-value pair associated with a resource such as a CloudTrail trail.

Trail

The settings for a trail.

UpdateTrailRequest

Specifies settings to update for the trail.

UpdateTrailResponse

Returns the objects or data listed below if successful. Otherwise, returns an error.

Enums

AddTagsError

Errors returned by AddTags

CreateTrailError

Errors returned by CreateTrail

DeleteTrailError

Errors returned by DeleteTrail

DescribeTrailsError

Errors returned by DescribeTrails

GetEventSelectorsError

Errors returned by GetEventSelectors

GetTrailStatusError

Errors returned by GetTrailStatus

ListPublicKeysError

Errors returned by ListPublicKeys

ListTagsError

Errors returned by ListTags

LookupEventsError

Errors returned by LookupEvents

PutEventSelectorsError

Errors returned by PutEventSelectors

RemoveTagsError

Errors returned by RemoveTags

StartLoggingError

Errors returned by StartLogging

StopLoggingError

Errors returned by StopLogging

UpdateTrailError

Errors returned by UpdateTrail

Traits

CloudTrail

Trait representing the capabilities of the CloudTrail API. CloudTrail clients implement this trait.