Interface ITrailProps
Properties for an AWS CloudTrail trail.
Namespace: Amazon.CDK.AWS.CloudTrail
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ITrailProps
Syntax (vb)
Public Interface ITrailProps
Remarks
ExampleMetadata: infused
Examples
var trail = new Trail(this, "CloudTrail", new TrailProps {
// ...
ManagementEvents = ReadWriteType.READ_ONLY
});
Synopsis
Properties
Bucket | The Amazon S3 bucket. |
CloudWatchLogGroup | Log Group to which CloudTrail to push logs to. |
CloudWatchLogsRetention | How long to retain logs in CloudWatchLogs. |
EnableFileValidation | To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. |
EncryptionKey | The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs. |
IncludeGlobalServiceEvents | For most services, events are recorded in the region where the action occurred. |
InsightTypes | A JSON string that contains the insight types you want to log on a trail. |
IsMultiRegionTrail | Whether or not this trail delivers log files from multiple regions to a single S3 bucket for a single account. |
IsOrganizationTrail | Specifies whether the trail is applied to all accounts in an organization in AWS Organizations, or only for the current AWS account. |
ManagementEvents | When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails. |
OrgId | The orgId. |
S3KeyPrefix | An Amazon S3 object key prefix that precedes the name of all log files. |
SendToCloudWatchLogs | If CloudTrail pushes logs to CloudWatch Logs in addition to S3. |
SnsTopic | SNS topic that is notified when new log files are published. |
TrailName | The name of the trail. |
Properties
Bucket
The Amazon S3 bucket.
virtual IBucket Bucket { get; }
Property Value
Remarks
Default: - if not supplied a bucket will be created with all the correct permisions
CloudWatchLogGroup
Log Group to which CloudTrail to push logs to.
virtual ILogGroup CloudWatchLogGroup { get; }
Property Value
Remarks
Ignored if sendToCloudWatchLogs is set to false.
Default: - a new log group is created and used.
CloudWatchLogsRetention
How long to retain logs in CloudWatchLogs.
virtual Nullable<RetentionDays> CloudWatchLogsRetention { get; }
Property Value
System.Nullable<RetentionDays>
Remarks
Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
Default: logs.RetentionDays.ONE_YEAR
EnableFileValidation
To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation.
virtual Nullable<bool> EnableFileValidation { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
Default: true
EncryptionKey
The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
virtual IKey EncryptionKey { get; }
Property Value
Remarks
Default: - No encryption.
IncludeGlobalServiceEvents
For most services, events are recorded in the region where the action occurred.
virtual Nullable<bool> IncludeGlobalServiceEvents { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
For global services such as AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53, events are delivered to any trail that includes global services, and are logged as occurring in US East (N. Virginia) Region.
Default: true
InsightTypes
A JSON string that contains the insight types you want to log on a trail.
virtual InsightType[] InsightTypes { get; }
Property Value
Remarks
Default: - No Value.
IsMultiRegionTrail
Whether or not this trail delivers log files from multiple regions to a single S3 bucket for a single account.
virtual Nullable<bool> IsMultiRegionTrail { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: true
IsOrganizationTrail
Specifies whether the trail is applied to all accounts in an organization in AWS Organizations, or only for the current AWS account.
virtual Nullable<bool> IsOrganizationTrail { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
If this is set to true then the current account must be the management account. If it is not, then CloudFormation will throw an error.
If this is set to true and the current account is a management account for an organization in AWS Organizations, the trail will be created in all AWS accounts that belong to the organization. If this is set to false, the trail will remain in the current AWS account but be deleted from all member accounts in the organization.
Default: - false
ManagementEvents
When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
virtual Nullable<ReadWriteType> ManagementEvents { get; }
Property Value
System.Nullable<ReadWriteType>
Remarks
Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
This method sets the management configuration for this trail.
Management events provide insight into management operations that are performed on resources in your AWS account. These are also known as control plane operations. Management events can also include non-API events that occur in your account. For example, when a user logs in to your account, CloudTrail logs the ConsoleLogin event.
Default: ReadWriteType.ALL
OrgId
The orgId.
virtual string OrgId { get; }
Property Value
System.String
Remarks
Required when isOrganizationTrail
is set to true to attach the necessary permissions.
Default: - No orgId
S3KeyPrefix
An Amazon S3 object key prefix that precedes the name of all log files.
virtual string S3KeyPrefix { get; }
Property Value
System.String
Remarks
Default: - No prefix.
SendToCloudWatchLogs
If CloudTrail pushes logs to CloudWatch Logs in addition to S3.
virtual Nullable<bool> SendToCloudWatchLogs { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Disabled for cost out of the box.
Default: false
SnsTopic
SNS topic that is notified when new log files are published.
virtual ITopic SnsTopic { get; }
Property Value
Remarks
Default: - No notifications.
TrailName
The name of the trail.
virtual string TrailName { get; }
Property Value
System.String
Remarks
We recommend customers do not set an explicit name.
Default: - AWS CloudFormation generated name.