PutInsightSelectors

Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. You also use PutInsightSelectors to turn off Insights event logging, by passing an empty list of insight types. The valid Insights event types in this release are ApiErrorRateInsight and ApiCallRateInsight.

Request Syntax

{
   "InsightSelectors": [ 
      { 
         "InsightType": "string"
      }
   ],
   "TrailName": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

InsightSelectors

A JSON string that contains the insight types you want to log on a trail. ApiCallRateInsight and ApiErrorRateInsight are valid insight types.

Type: Array of InsightSelector objects

Required: Yes

TrailName

The name of the CloudTrail trail for which you want to change or add Insights selectors.

Type: String

Required: Yes

Response Syntax

{
   "InsightSelectors": [ 
      { 
         "InsightType": "string"
      }
   ],
   "TrailARN": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

InsightSelectors

A JSON string that contains the Insights event types that you want to log on a trail. The valid Insights types in this release are ApiErrorRateInsight and ApiCallRateInsight.

Type: Array of InsightSelector objects

TrailARN

The Amazon Resource Name (ARN) of a trail for which you want to change or add Insights selectors.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InsufficientEncryptionPolicyException

This exception is thrown when the policy on the S3 bucket or AWS KMS key does not have sufficient permissions for the operation.

HTTP Status Code: 400

InsufficientS3BucketPolicyException

This exception is thrown when the policy on the S3 bucket is not sufficient.

HTTP Status Code: 400

InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region in which the trail was created.

HTTP Status Code: 400

InvalidInsightSelectorsException

The formatting or syntax of the InsightSelectors JSON statement in your PutInsightSelectors or GetInsightSelectors request is not valid, or the specified insight type in the InsightSelectors statement is not a valid insight type.

HTTP Status Code: 400

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

• Start with a letter or number, and end with a letter or number

• Be between 3 and 128 characters

• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400

KmsException

This exception is thrown when there is an issue with the specified AWS KMS key and the trail or event data store can't be updated.

HTTP Status Code: 400

NoManagementAccountSLRExistsException

This exception is thrown when the management account does not have a service-linked role.

HTTP Status Code: 400

NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update an organization trail or event data store is not the management account for an organization in AWS Organizations. For more information, see Prepare For Creating a Trail For Your Organization or Create an event data store.

HTTP Status Code: 400

OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400

S3BucketDoesNotExistException

This exception is thrown when the specified S3 bucket does not exist.

HTTP Status Code: 400

TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

Examples

Example

The following example shows how to use Insight selectors to enable CloudTrail Insights on a trail named SampleTrail.

{
   "InsightSelectors": '[{"InsightType": "ApiCallRateInsight"},{"InsightType": "ApiErrorRateInsight"}]',
   "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/SampleTrail"
}

Example

The following example shows how to disable CloudTrail Insights on a trail named SampleTrail. Disable Insights event collection by passing an empty string of insight types ([ ]).

{
   "InsightSelectors": [ ],
   "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/SampleTrail"
}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3