AWS CLI Command Reference

Note:

You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . cloudtrail-data ]

put-audit-events

Description

Ingests your application events into CloudTrail Lake. A required parameter, auditEvents , accepts the JSON records (also called payload ) of events that you want CloudTrail to ingest. You can add up to 100 of these events (or up to 1 MB) per PutAuditEvents request.

See also: AWS API Documentation

Synopsis

  put-audit-events
--audit-events <value>
--channel-arn <value>
[--external-id <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]

Options

--audit-events (list)

The JSON payload of events that you want to ingest. You can also point to the JSON event payload in a file.

(structure)

An event from a source outside of Amazon Web Services that you want CloudTrail to log.

eventData -> (string)

The content of an audit event that comes from the event, such as userIdentity , userAgent , and eventSource .

eventDataChecksum -> (string)

A checksum is a base64-SHA256 algorithm that helps you verify that CloudTrail receives the event that matches with the checksum. Calculate the checksum by running a command like the following:

printf %s *$eventdata* | openssl dgst -binary -sha256 | base64

id -> (string)

The original event ID from the source event.

Shorthand Syntax:

eventData=string,eventDataChecksum=string,id=string ...

JSON Syntax:

[
  {
    "eventData": "string",
    "eventDataChecksum": "string",
    "id": "string"
  }
  ...
]

--channel-arn (string)

The ARN or ID (the ARN suffix) of a channel.

--external-id (string)

A unique identifier that is conditionally required when the channel's resource policy includes an external ID. This value can be any string, such as a passphrase or account number.

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command's default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json
  • text
  • table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

Output

failed -> (list)

Lists events in the provided event payload that could not be ingested into CloudTrail, and includes the error code and error message returned for events that could not be ingested.

(structure)

Includes the error code and error message for events that could not be ingested by CloudTrail.

errorCode -> (string)

The error code for events that could not be ingested by CloudTrail. Possible error codes include: FieldTooLong , FieldNotFound , InvalidChecksum , InvalidData , InvalidRecipient , InvalidEventSource , AccountNotSubscribed , Throttling , and InternalFailure .

errorMessage -> (string)

The message that describes the error for events that could not be ingested by CloudTrail.

id -> (string)

The original event ID from the source event that could not be ingested by CloudTrail.

successful -> (list)

Lists events in the provided event payload that were successfully ingested into CloudTrail.

(structure)

A response that includes successful and failed event results.

eventID -> (string)

The event ID assigned by CloudTrail.

id -> (string)

The original event ID from the source event.