AWS::CloudTrail::EventDataStore AdvancedEventSelector

Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see Logging management events and Logging data events in the AWS CloudTrail User Guide.

You cannot apply both event selectors and advanced event selectors to a trail.

Supported CloudTrail event record fields for management events

eventCategory (required)
eventSource
readOnly

Supported CloudTrail event record fields for data events

eventCategory (required)
resources.type (required)
readOnly
eventName
resources.ARN

Note

For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS, the only supported field is eventCategory.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "FieldSelectors" : [ AdvancedFieldSelector, ... ],
  "Name" : String
}

YAML


  FieldSelectors: 
    - AdvancedFieldSelector
  Name: String

Properties

FieldSelectors

Contains all selector statements in an advanced event selector.

Required: Yes

Type: Array of AdvancedFieldSelector

Minimum: 1

Update requires: No interruption

Name

An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".

Required: No

Type: String

Minimum: 1

Maximum: 1000

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::CloudTrail::EventDataStore

AdvancedFieldSelector