software.amazon.awscdk.services.cloudtrail

Class Trail

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.cloudtrail.Trail

All Implemented Interfaces:

IConstruct, IDependable, IResource

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:44.300Z")
public class Trail
extends Resource

Cloud trail allows you to log events that happen in your AWS account For example:.

import { CloudTrail } from '@aws-cdk/aws-cloudtrail'

const cloudTrail = new CloudTrail(this, 'MyTrail');

NOTE the above example creates an UNENCRYPTED bucket by default, If you are required to use an Encrypted bucket you can supply a preconfigured bucket via TrailProps

Example:

 import software.amazon.awscdk.services.cloudtrail.*;
 IAlias myKeyAlias = Alias.fromAliasName(this, "myKey", "alias/aws/s3");
 Trail trail = Trail.Builder.create(this, "myCloudTrail")
         .sendToCloudWatchLogs(true)
         .kmsKey(myKeyAlias)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Trail.Builder A fluent builder for Trail.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Trail(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Trail(software.amazon.jsii.JsiiObjectRef objRef)
	Trail(software.constructs.Construct scope, java.lang.String id)
	Trail(software.constructs.Construct scope, java.lang.String id, TrailProps props)

Method Summary

Modifier and Type	Method and Description
void	addEventSelector(DataResourceType dataResourceType, java.util.List<java.lang.String> dataResourceValues) When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
void	addEventSelector(DataResourceType dataResourceType, java.util.List<java.lang.String> dataResourceValues, AddEventSelectorOptions options) When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
void	addLambdaEventSelector(java.util.List<IFunction> handlers) When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
void	addLambdaEventSelector(java.util.List<IFunction> handlers, AddEventSelectorOptions options) When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
void	addS3EventSelector(java.util.List<S3EventSelector> s3Selector) When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
void	addS3EventSelector(java.util.List<S3EventSelector> s3Selector, AddEventSelectorOptions options) When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
ILogGroup	getLogGroup() The CloudWatch log group to which CloudTrail events are sent.
java.lang.String	getTrailArn() ARN of the CloudTrail trail i.e.
java.lang.String	getTrailSnsTopicArn() ARN of the Amazon SNS topic that's associated with the CloudTrail trail, i.e.
void	logAllLambdaDataEvents() Log all Lamda data events for all lambda functions the account.
void	logAllLambdaDataEvents(AddEventSelectorOptions options) Log all Lamda data events for all lambda functions the account.
void	logAllS3DataEvents() Log all S3 data events for all objects for all buckets in the account.
void	logAllS3DataEvents(AddEventSelectorOptions options) Log all S3 data events for all objects for all buckets in the account.
Rule	onCloudTrailEvent(java.lang.String id) Deprecated. - use Trail.onEvent()
Rule	onCloudTrailEvent(java.lang.String id, OnEventOptions options) Deprecated. - use Trail.onEvent()
static Rule	onEvent(software.constructs.Construct scope, java.lang.String id) Create an event rule for when an event is recorded by any Trail in the account.
static Rule	onEvent(software.constructs.Construct scope, java.lang.String id, OnEventOptions options) Create an event rule for when an event is recorded by any Trail in the account.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Constructor Detail

Trail

protected Trail(software.amazon.jsii.JsiiObjectRef objRef)

Trail

protected Trail(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Trail

public Trail(software.constructs.Construct scope,
             java.lang.String id,
             TrailProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

Trail

public Trail(software.constructs.Construct scope,
             java.lang.String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

onEvent

public static Rule onEvent(software.constructs.Construct scope,
                           java.lang.String id,
                           OnEventOptions options)

Create an event rule for when an event is recorded by any Trail in the account.

Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

Be sure to filter the event further down using an event pattern.

Parameters:

scope - This parameter is required.

id - This parameter is required.

options -

onEvent

public static Rule onEvent(software.constructs.Construct scope,
                           java.lang.String id)

Create an event rule for when an event is recorded by any Trail in the account.

Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

Be sure to filter the event further down using an event pattern.

Parameters:

scope - This parameter is required.

id - This parameter is required.

addEventSelector

public void addEventSelector(DataResourceType dataResourceType,
                             java.util.List<java.lang.String> dataResourceValues,
                             AddEventSelectorOptions options)

When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

This method adds an Event Selector for filtering events that match either S3 or Lambda function operations.

Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

Parameters:

dataResourceType - This parameter is required.

dataResourceValues - the list of data resource ARNs to include in logging (maximum 250 entries). This parameter is required.

options - the options to configure logging of management and data events.

addEventSelector

public void addEventSelector(DataResourceType dataResourceType,
                             java.util.List<java.lang.String> dataResourceValues)

When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

This method adds an Event Selector for filtering events that match either S3 or Lambda function operations.

Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

Parameters:

dataResourceType - This parameter is required.

dataResourceValues - the list of data resource ARNs to include in logging (maximum 250 entries). This parameter is required.

addLambdaEventSelector

public void addLambdaEventSelector(java.util.List<IFunction> handlers,
                                   AddEventSelectorOptions options)

When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

This method adds a Lambda Data Event Selector for filtering events that match Lambda function operations.

Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

Parameters:

handlers - the list of lambda function handlers whose data events should be logged (maximum 250 entries). This parameter is required.

options - the options to configure logging of management and data events.

addLambdaEventSelector

public void addLambdaEventSelector(java.util.List<IFunction> handlers)

When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

This method adds a Lambda Data Event Selector for filtering events that match Lambda function operations.

Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

Parameters:

handlers - the list of lambda function handlers whose data events should be logged (maximum 250 entries). This parameter is required.

addS3EventSelector

public void addS3EventSelector(java.util.List<S3EventSelector> s3Selector,
                               AddEventSelectorOptions options)

When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

This method adds an S3 Data Event Selector for filtering events that match S3 operations.

Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

Parameters:

s3Selector - the list of S3 bucket with optional prefix to include in logging (maximum 250 entries). This parameter is required.

options - the options to configure logging of management and data events.

addS3EventSelector

public void addS3EventSelector(java.util.List<S3EventSelector> s3Selector)

When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

This method adds an S3 Data Event Selector for filtering events that match S3 operations.

Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

Parameters:

s3Selector - the list of S3 bucket with optional prefix to include in logging (maximum 250 entries). This parameter is required.

logAllLambdaDataEvents

public void logAllLambdaDataEvents(AddEventSelectorOptions options)

Log all Lamda data events for all lambda functions the account.

Default: false

Parameters:

options -

See Also:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html

logAllLambdaDataEvents

public void logAllLambdaDataEvents()

Log all Lamda data events for all lambda functions the account.

Default: false

See Also:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html

logAllS3DataEvents

public void logAllS3DataEvents(AddEventSelectorOptions options)

Log all S3 data events for all objects for all buckets in the account.

Default: false

Parameters:

options -

See Also:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html

logAllS3DataEvents

public void logAllS3DataEvents()

Log all S3 data events for all objects for all buckets in the account.

Default: false

See Also:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html

onCloudTrailEvent

@Deprecated
public Rule onCloudTrailEvent(java.lang.String id,
                                          OnEventOptions options)

Deprecated. - use Trail.onEvent()

(deprecated) Create an event rule for when an event is recorded by any Trail in the account.

Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

Be sure to filter the event further down using an event pattern.

Parameters:

id - This parameter is required.

options -

onCloudTrailEvent

@Deprecated
public Rule onCloudTrailEvent(java.lang.String id)

Deprecated. - use Trail.onEvent()

(deprecated) Create an event rule for when an event is recorded by any Trail in the account.

Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

Be sure to filter the event further down using an event pattern.

Parameters:

id - This parameter is required.

getTrailArn

public java.lang.String getTrailArn()

ARN of the CloudTrail trail i.e. arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail.

getTrailSnsTopicArn

public java.lang.String getTrailSnsTopicArn()

ARN of the Amazon SNS topic that's associated with the CloudTrail trail, i.e. arn:aws:sns:us-east-2:123456789012:mySNSTopic.

getLogGroup

public ILogGroup getLogGroup()

The CloudWatch log group to which CloudTrail events are sent.

undefined if sendToCloudWatchLogs property is false.