Class CfnTrail.DataResourceProperty
The Amazon S3 buckets, AWS Lambda functions, or Amazon DynamoDB tables that you specify in your event selectors for your trail to log data events.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.CloudTrail
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class DataResourceProperty : Object, CfnTrail.IDataResourceProperty
Syntax (vb)
Public Class DataResourceProperty
Inherits Object
Implements CfnTrail.IDataResourceProperty
Remarks
Data events provide information about the resource operations performed on or within a resource itself. These are also known as data plane operations. You can specify up to 250 data resources for a trail.
The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail.
If you are using advanced event selectors, the maximum total number of values for all conditions, across all advanced event selectors for the trail, is 500.
The following example demonstrates how logging works when you configure logging of all data events for an S3 bucket named bucket-1
. In this example, the CloudTrail user specified an empty prefix, and the option to log both Read
and Write
data events.
The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named MyLambdaFunction , but not for all Lambda functions.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CloudTrail;
var dataResourceProperty = new DataResourceProperty {
Type = "type",
// the properties below are optional
Values = new [] { "values" }
};
Synopsis
Constructors
DataResourceProperty() |
Properties
Type | The resource type in which you want to log data events. |
Values | An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects. |
Constructors
DataResourceProperty()
public DataResourceProperty()
Properties
Type
The resource type in which you want to log data events.
public string Type { get; set; }
Property Value
System.String
Remarks
You can specify the following basic event selector resource types:
Additional resource types are available through advanced event selectors. For more information about these additional resource types, see AdvancedFieldSelector .
Values
An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.
public string[] Values { get; set; }
Property Value
System.String[]
Remarks
This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account .
This also enables logging of <code>Invoke</code> activity performed by any user or role in your AWS account , even if that activity is performed on a function that belongs to another AWS account .
Lambda function ARNs are exact. For example, if you specify a function ARN <em>arn:aws:lambda:us-west-2:111111111111:function:helloworld</em> , data events will only be logged for <em>arn:aws:lambda:us-west-2:111111111111:function:helloworld</em> . They will not be logged for <em>arn:aws:lambda:us-west-2:111111111111:function:helloworld2</em> .