PutInsightSelectors
Lets you enable Insights event logging by specifying the Insights selectors that you
want to enable on an existing trail. You also use PutInsightSelectors
to turn
off Insights event logging, by passing an empty list of insight types. The valid Insights
event types in this release are ApiErrorRateInsight
and
ApiCallRateInsight
.
To log CloudTrail Insights events on API call volume, the trail
must log write
management events. To log CloudTrail
Insights events on API error rate, the trail must log read
or
write
management events. You can call GetEventSelectors
on a trail
to check whether the trail logs management events.
Request Syntax
{
"InsightSelectors": [
{
"InsightType": "string
"
}
],
"TrailName": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- InsightSelectors
-
A JSON string that contains the insight types you want to log on a trail.
ApiCallRateInsight
andApiErrorRateInsight
are valid Insight types.The
ApiCallRateInsight
Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.The
ApiErrorRateInsight
Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.Type: Array of InsightSelector objects
Required: Yes
- TrailName
-
The name of the CloudTrail trail for which you want to change or add Insights selectors.
Type: String
Required: Yes
Response Syntax
{
"InsightSelectors": [
{
"InsightType": "string"
}
],
"TrailARN": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- InsightSelectors
-
A JSON string that contains the Insights event types that you want to log on a trail. The valid Insights types in this release are
ApiErrorRateInsight
andApiCallRateInsight
.Type: Array of InsightSelector objects
- TrailARN
-
The Amazon Resource Name (ARN) of a trail for which you want to change or add Insights selectors.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- CloudTrailARNInvalidException
-
This exception is thrown when an operation is called with a trail ARN that is not valid. The following is the format of a trail ARN.
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
This exception is also thrown when you call
AddTags
orRemoveTags
on a trail, event data store, or channel with a resource ARN that is not valid.The following is the format of an event data store ARN:
arn:aws:cloudtrail:us-east-2:12345678910:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
The following is the format of a channel ARN:
arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
HTTP Status Code: 400
- InsufficientEncryptionPolicyException
-
This exception is thrown when the policy on the S3 bucket or AWS KMS key does not have sufficient permissions for the operation.
HTTP Status Code: 400
- InsufficientS3BucketPolicyException
-
This exception is thrown when the policy on the S3 bucket is not sufficient.
HTTP Status Code: 400
- InvalidHomeRegionException
-
This exception is thrown when an operation is called on a trail from a region other than the region in which the trail was created.
HTTP Status Code: 400
- InvalidInsightSelectorsException
-
The formatting or syntax of the
InsightSelectors
JSON statement in yourPutInsightSelectors
orGetInsightSelectors
request is not valid, or the specified insight type in theInsightSelectors
statement is not a valid insight type.HTTP Status Code: 400
- InvalidTrailNameException
-
This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:
-
Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
-
Start with a letter or number, and end with a letter or number
-
Be between 3 and 128 characters
-
Have no adjacent periods, underscores or dashes. Names like
my-_namespace
andmy--namespace
are not valid. -
Not be in IP address format (for example, 192.168.5.4)
HTTP Status Code: 400
-
- KmsException
-
This exception is thrown when there is an issue with the specified AWS KMS key and the trail or event data store can't be updated.
HTTP Status Code: 400
- NoManagementAccountSLRExistsException
-
This exception is thrown when the management account does not have a service-linked role.
HTTP Status Code: 400
- NotOrganizationMasterAccountException
-
This exception is thrown when the AWS account making the request to create or update an organization trail or event data store is not the management account for an organization in AWS Organizations. For more information, see Prepare For Creating a Trail For Your Organization or Create an event data store.
HTTP Status Code: 400
- OperationNotPermittedException
-
This exception is thrown when the requested operation is not permitted.
HTTP Status Code: 400
- S3BucketDoesNotExistException
-
This exception is thrown when the specified S3 bucket does not exist.
HTTP Status Code: 400
- TrailNotFoundException
-
This exception is thrown when the trail with the given name is not found.
HTTP Status Code: 400
- UnsupportedOperationException
-
This exception is thrown when the requested operation is not supported.
HTTP Status Code: 400
Examples
Example
The following example shows how to use Insight selectors to enable CloudTrail Insights on a trail named SampleTrail.
{ "InsightSelectors": '[{"InsightType": "ApiCallRateInsight"},{"InsightType": "ApiErrorRateInsight"}]', "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/SampleTrail" }
Example
The following example shows how to disable CloudTrail Insights on a trail
named SampleTrail. Disable Insights event collection by passing an empty string of
insight types ([ ]
).
{ "InsightSelectors": [ ], "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/SampleTrail" }
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: