Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS CloudTrail Trail DataResource

The DataResource property type specifies Amazon S3 objects for event selectors in a CloudTrail trail. Data events are object-level API operations that access Amazon S3 objects, such as GetObject, DeleteObject, and PutObject. You can specify up to 250 Amazon S3 buckets and object prefixes for a trail. For more information, see DataResource in the AWS CloudTrail API Reference.

DataResource is a property of the CloudTrail Trail EventSelector property type.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : String, "Values" : [ String, ... ] }

YAML

Copy
Type: String Values: - String

Properties

Type

The resource type to log data events for. You can specify only the following value: AWS::S3::Object.

Required: Yes

Type: String

Update requires: No interruption

Values

A list of ARN-like strings for the specified Amazon S3 objects.

To log data events for all objects in an Amazon S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in the bucket.

To log data events for specific objects, specify the Amazon S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in the bucket that match the prefix.

Required: No

Type: List of strings

Update requires: No interruption

On this page: