Menu
AWS CloudTrail
API Reference (API Version 2013-11-01)

PutEventSelectors

Configures an event selector for your trail. Use event selectors to specify whether you want your trail to log management and/or data events. When an event occurs in your account, CloudTrail evaluates the event selectors in all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

Example

  1. You create an event selector for a trail and specify that you want write-only events.

  2. The EC2 GetConsoleOutput and RunInstances API operations occur in your account.

  3. CloudTrail evaluates whether the events match your event selectors.

  4. The RunInstances is a write-only event and it matches your event selector. The trail logs the event.

  5. The GetConsoleOutput is a read-only event but it doesn't match your event selector. The trail doesn't log the event.

The PutEventSelectors operation must be called from the region in which the trail was created; otherwise, an InvalidHomeRegionException is thrown.

You can configure up to five event selectors for each trail. For more information, see Logging Data and Management Events for Trails in the AWS CloudTrail User Guide.

Request Syntax

{
   "EventSelectors": [ 
      { 
         "DataResources": [ 
            { 
               "Type": "string",
               "Values": [ "string" ]
            }
         ],
         "IncludeManagementEvents": boolean,
         "ReadWriteType": "string"
      }
   ],
   "TrailName": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

EventSelectors

Specifies the settings for your event selectors. You can configure up to five event selectors for a trail.

Type: Array of EventSelector objects

Required: No

TrailName

Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

  • Start with a letter or number, and end with a letter or number

  • Be between 3 and 128 characters

  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

  • Not be in IP address format (for example, 192.168.5.4)

If you specify a trail ARN, it must be in the format:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: No

Response Syntax

{
   "EventSelectors": [ 
      { 
         "DataResources": [ 
            { 
               "Type": "string",
               "Values": [ "string" ]
            }
         ],
         "IncludeManagementEvents": boolean,
         "ReadWriteType": "string"
      }
   ],
   "TrailARN": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

EventSelectors

Specifies the event selectors configured for your trail.

Type: Array of EventSelector objects

TrailARN

Specifies the ARN of the trail that was updated with event selectors. The format of a trail ARN is:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidEventSelectorsException

This exception is thrown when the PutEventSelectors operation is called with an invalid number of event selectors, data resources, or an invalid value for a parameter:

  • Specify a valid number of event selectors (1 to 5) for a trail.

  • Specify a valid number of data resources (1 to 250) for an event selector.

  • Specify a valid value for a parameter. For example, specifying the ReadWriteType parameter with a value of read-only is invalid.

HTTP Status Code: 400

InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region in which the trail was created.

HTTP Status Code: 400

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

  • Start with a letter or number, and end with a letter or number

  • Be between 3 and 128 characters

  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

  • Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400

OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400

TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: