Class Trail
Cloud trail allows you to log events that happen in your AWS account For example:.
Inherited Members
Namespace: Amazon.CDK.AWS.CloudTrail
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class Trail : Resource, IResource
Syntax (vb)
Public Class Trail
Inherits Resource
Implements IResource
Remarks
import { CloudTrail } from 'aws-cdk-lib/aws-cloudtrail'
const cloudTrail = new CloudTrail(this, 'MyTrail');
ExampleMetadata: infused
Examples
using Amazon.CDK.AWS.CloudTrail;
var myKeyAlias = Alias.FromAliasName(this, "myKey", "alias/aws/s3");
var trail = new Trail(this, "myCloudTrail", new TrailProps {
SendToCloudWatchLogs = true,
EncryptionKey = myKeyAlias
});
Synopsis
Constructors
Trail(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
Trail(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Trail(Construct, String, ITrailProps) |
Properties
LogGroup | The CloudWatch log group to which CloudTrail events are sent. |
TrailArn | ARN of the CloudTrail trail i.e. arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail. |
TrailSnsTopicArn | ARN of the Amazon SNS topic that's associated with the CloudTrail trail, i.e. arn:aws:sns:us-east-2:123456789012:mySNSTopic. |
Methods
AddEventSelector(DataResourceType, String[], IAddEventSelectorOptions) | When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails. |
AddLambdaEventSelector(IFunction[], IAddEventSelectorOptions) | When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails. |
AddS3EventSelector(IS3EventSelector[], IAddEventSelectorOptions) | When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails. |
LogAllLambdaDataEvents(IAddEventSelectorOptions) | Log all Lambda data events for all lambda functions the account. |
LogAllS3DataEvents(IAddEventSelectorOptions) | Log all S3 data events for all objects for all buckets in the account. |
OnEvent(Construct, String, IOnEventOptions) | Create an event rule for when an event is recorded by any Trail in the account. |
Constructors
Trail(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected Trail(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
Trail(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected Trail(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Trail(Construct, String, ITrailProps)
public Trail(Construct scope, string id, ITrailProps props = null)
Parameters
- scope Constructs.Construct
- id System.String
- props ITrailProps
Properties
LogGroup
The CloudWatch log group to which CloudTrail events are sent.
public virtual ILogGroup LogGroup { get; }
Property Value
Remarks
undefined
if sendToCloudWatchLogs
property is false.
TrailArn
ARN of the CloudTrail trail i.e. arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail.
public virtual string TrailArn { get; }
Property Value
System.String
Remarks
Attribute: true
TrailSnsTopicArn
ARN of the Amazon SNS topic that's associated with the CloudTrail trail, i.e. arn:aws:sns:us-east-2:123456789012:mySNSTopic.
public virtual string TrailSnsTopicArn { get; }
Property Value
System.String
Remarks
Attribute: true
Methods
AddEventSelector(DataResourceType, String[], IAddEventSelectorOptions)
When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
public virtual void AddEventSelector(DataResourceType dataResourceType, string[] dataResourceValues, IAddEventSelectorOptions options = null)
Parameters
- dataResourceType DataResourceType
- dataResourceValues System.String[]
the list of data resource ARNs to include in logging (maximum 250 entries).
- options IAddEventSelectorOptions
the options to configure logging of management and data events.
Remarks
Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
This method adds an Event Selector for filtering events that match either S3 or Lambda function operations.
Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.
AddLambdaEventSelector(IFunction[], IAddEventSelectorOptions)
When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
public virtual void AddLambdaEventSelector(IFunction[] handlers, IAddEventSelectorOptions options = null)
Parameters
- handlers IFunction[]
the list of lambda function handlers whose data events should be logged (maximum 250 entries).
- options IAddEventSelectorOptions
the options to configure logging of management and data events.
Remarks
Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
This method adds a Lambda Data Event Selector for filtering events that match Lambda function operations.
Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.
AddS3EventSelector(IS3EventSelector[], IAddEventSelectorOptions)
When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
public virtual void AddS3EventSelector(IS3EventSelector[] s3Selector, IAddEventSelectorOptions options = null)
Parameters
- s3Selector IS3EventSelector[]
the list of S3 bucket with optional prefix to include in logging (maximum 250 entries).
- options IAddEventSelectorOptions
the options to configure logging of management and data events.
Remarks
Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
This method adds an S3 Data Event Selector for filtering events that match S3 operations.
Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.
LogAllLambdaDataEvents(IAddEventSelectorOptions)
Log all Lambda data events for all lambda functions the account.
public virtual void LogAllLambdaDataEvents(IAddEventSelectorOptions options = null)
Parameters
- options IAddEventSelectorOptions
Remarks
LogAllS3DataEvents(IAddEventSelectorOptions)
Log all S3 data events for all objects for all buckets in the account.
public virtual void LogAllS3DataEvents(IAddEventSelectorOptions options = null)
Parameters
- options IAddEventSelectorOptions
Remarks
OnEvent(Construct, String, IOnEventOptions)
Create an event rule for when an event is recorded by any Trail in the account.
public static Rule OnEvent(Construct scope, string id, IOnEventOptions options = null)
Parameters
- scope Constructs.Construct
- id System.String
- options IOnEventOptions
Returns
Remarks
Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.
Be sure to filter the event further down using an event pattern.