Interface CfnTrail.IDataResourceProperty
You can configure the DataResource
in an EventSelector
to log data events for the following three resource types:.
Namespace: Amazon.CDK.AWS.CloudTrail
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IDataResourceProperty
Syntax (vb)
Public Interface IDataResourceProperty
Remarks
To log data events for all other resource types including objects stored in directory buckets , you must use AdvancedEventSelectors . You must also use AdvancedEventSelectors
if you want to filter on the eventName
field.
Configure the DataResource
to specify the resource type and resource ARNs for which you want to log data events.
The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail.
The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named amzn-s3-demo-bucket1
. In this example, the CloudTrail user specified an empty prefix, and the option to log both Read
and Write
data events.
The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named MyLambdaFunction , but not for all Lambda functions.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CloudTrail;
var dataResourceProperty = new DataResourceProperty {
Type = "type",
// the properties below are optional
Values = new [] { "values" }
};
Synopsis
Properties
Type | The resource type in which you want to log data events. |
Values | An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified resource type. |
Properties
Type
The resource type in which you want to log data events.
string Type { get; }
Property Value
System.String
Remarks
You can specify the following basic event selector resource types:
Additional resource types are available through advanced event selectors. For more information about these additional resource types, see AdvancedFieldSelector .
Values
An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified resource type.
virtual string[] Values { get; }
Property Value
System.String[]
Remarks
This also enables logging of data event activity performed by any user or role in your AWS account , even if that activity is performed on a bucket that belongs to another AWS account .
This also enables logging of <code>Invoke</code> activity performed by any user or role in your AWS account , even if that activity is performed on a function that belongs to another AWS account .
Lambda function ARNs are exact. For example, if you specify a function ARN <em>arn:aws:lambda:us-west-2:111111111111:function:helloworld</em> , data events will only be logged for <em>arn:aws:lambda:us-west-2:111111111111:function:helloworld</em> . They will not be logged for <em>arn:aws:lambda:us-west-2:111111111111:function:helloworld2</em> .