AWS Tools for Windows PowerShell
Command Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Synopsis

Invokes the UpdateTrail operation against AWS CloudTrail.

Syntax

Update-CTTrail
-Name <String>
-S3BucketName <String>
-S3KeyPrefix <String>
-CloudWatchLogsLogGroupArn <String>
-CloudWatchLogsRoleArn <String>
-EnableLogFileValidation <Boolean>
-IncludeGlobalServiceEvent <Boolean>
-IsMultiRegionTrail <Boolean>
-KmsKeyId <String>
-SnsTopicName <String>
-Force <SwitchParameter>

Description

Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the CloudTrail service. Use this action to designate an existing bucket for log delivery. If the existing bucket has previously been a target for CloudTrail log files, an IAM policy exists for the bucket. UpdateTrail must be called from the region in which the trail was created; otherwise, an InvalidHomeRegionException is thrown.

Parameters

-CloudWatchLogsLogGroupArn <String>
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn.
Required?False
Position?Named
Accept pipeline input?False
-CloudWatchLogsRoleArn <String>
Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
Required?False
Position?Named
Accept pipeline input?False
-EnableLogFileValidation <Boolean>
Specifies whether log file validation is enabled. The default is false.When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail will not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.
Required?False
Position?Named
Accept pipeline input?False
-Force <SwitchParameter>
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
Required?False
Position?Named
Accept pipeline input?False
-IncludeGlobalServiceEvent <Boolean>
Specifies whether the trail is publishing events from global services such as IAM to the log files.
Required?False
Position?Named
Accept pipeline input?False
-IsMultiRegionTrail <Boolean>
Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted.
Required?False
Position?Named
Accept pipeline input?False
-KmsKeyId <String>
Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.Examples:
  • alias/MyAliasName
  • arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
  • arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
  • 12345678-1234-1234-1234-123456789012
Required?False
Position?Named
Accept pipeline input?False
-Name <String>
Specifies the name of the trail or trail ARN. If Name is a trail name, the string must meet the following requirements:
  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
  • Start with a letter or number, and end with a letter or number
  • Be between 3 and 128 characters
  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.
  • Not be in IP address format (for example, 192.168.5.4)
If Name is a trail ARN, it must be in the format:arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail
Required?False
Position?1
Accept pipeline input?True (ByValue, ByPropertyName)
-S3BucketName <String>
Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3 Bucket Naming Requirements.
Required?False
Position?2
Accept pipeline input?True (ByPropertyName)
-S3KeyPrefix <String>
Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.
Required?False
Position?3
Accept pipeline input?True (ByPropertyName)
-SnsTopicName <String>
Specifies the name of the Amazon SNS topic defined for notification of log file delivery. The maximum length is 256 characters.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)

Common Credential and Region Parameters

-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.
Required? False
Position? Named
Accept pipeline input? False
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.
Required? False
Position? Named
Accept pipeline input? False
-ProfileLocation <String>

Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)

If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials. Note that the encrypted credential file is not supported on all platforms. It will be skipped when searching for profiles on Windows Nano Server, Mac, and Linux platforms.

If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.

As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.

Required? False
Position? Named
Accept pipeline input? False
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.
Required? False
Position? Named
Accept pipeline input? False
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.
Required? False
Position? Named
Accept pipeline input? False
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.
Required? False
Position? Named
Accept pipeline input? False
-SessionToken <String>
The session token if the access and secret keys are temporary session-based credentials.
Required? False
Position? Named
Accept pipeline input? False
-Region <String>
The system name of the AWS region in which the operation should be invoked. For example, us-east-1, eu-west-1 etc.
Required? False
Position? Named
Accept pipeline input? False
-EndpointUrl <String>

The endpoint to make the call against.

Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.

Required? False
Position? Named
Accept pipeline input? False

Inputs

You can pipe a String object to this cmdlet for the Name parameter.

Outputs

This cmdlet returns a Amazon.CloudTrail.Model.UpdateTrailResponse object containing multiple properties. The object can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack.

Examples

Example 1

PS C:\>Update-CTTrail -Name "awscloudtrail-example" -IncludeGlobalServiceEvents $true -S3KeyPrefix "globallogs"
Updates the specified trail so that global service events (such as those from IAM) are recorded and changes the common key prefix of the log files going forwards to be 'globallogs'.

Example 2

PS C:\>Update-CTTrail -Name "awscloudtrail-example" -SnsTopicName "mlog-deliverytopic2"
Updates the specified trail so notifications about new log deliveries are sent to the specified SNS topic.

Example 3

PS C:\>Update-CTTrail -Name "awscloudtrail-example" -S3BucketName "otherlogs"
Updates the specified trail so logs are delivered to a different bucket.

Supported Version

AWS Tools for PowerShell: 2.x.y.z