AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Configures an event selector or advanced event selectors for your trail. Use event selectors or advanced event selectors to specify management and data event settings for your trail. If you want your trail to log Insights events, be sure the event selector enables logging of the Insights event types you want configured for your trail. For more information about logging Insights events, see Logging Insights events for trails in the CloudTrail User Guide. By default, trails created without specific event selectors are configured to log all read and write management events, and no data events.

When an event occurs in your account, CloudTrail evaluates the event selectors or advanced event selectors in all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

Example

  1. You create an event selector for a trail and specify that you want write-only events.

  2. The EC2 GetConsoleOutput and RunInstances API operations occur in your account.

  3. CloudTrail evaluates whether the events match your event selectors.

  4. The RunInstances is a write-only event and it matches your event selector. The trail logs the event.

  5. The GetConsoleOutput is a read-only event that doesn't match your event selector. The trail doesn't log the event.

The PutEventSelectors operation must be called from the Region in which the trail was created; otherwise, an InvalidHomeRegionException exception is thrown.

You can configure up to five event selectors for each trail. For more information, see Logging management events, Logging data events, and Quotas in CloudTrail in the CloudTrail User Guide.

You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors, but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events in the CloudTrail User Guide.

Note:

For .NET Core this operation is only available in asynchronous form. Please refer to PutEventSelectorsAsync.

Namespace: Amazon.CloudTrail
Assembly: AWSSDK.CloudTrail.dll
Version: 3.x.y.z

Syntax

C#
public abstract PutEventSelectorsResponse PutEventSelectors(
         PutEventSelectorsRequest request
)

Parameters

request
Type: Amazon.CloudTrail.Model.PutEventSelectorsRequest

Container for the necessary parameters to execute the PutEventSelectors service method.

Return Value


The response from the PutEventSelectors service method, as returned by CloudTrail.

Exceptions

ExceptionCondition
CloudTrailARNInvalidException This exception is thrown when an operation is called with an ARN that is not valid. The following is the format of a trail ARN: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail The following is the format of an event data store ARN: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE The following is the format of a channel ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
ConflictException This exception is thrown when the specified resource is not ready for an operation. This can occur when you try to run an operation on a resource before CloudTrail has time to fully load the resource, or because another operation is modifying the resource. If this exception occurs, wait a few minutes, and then try the operation again.
InsufficientDependencyServiceAccessPermissionException This exception is thrown when the IAM identity that is used to create the organization resource lacks one or more required permissions for creating an organization resource in a required service.
InvalidEventSelectorsException This exception is thrown when the PutEventSelectors operation is called with a number of event selectors, advanced event selectors, or data resources that is not valid. The combination of event selectors or advanced event selectors and data resources is not valid. A trail can have up to 5 event selectors. If a trail uses advanced event selectors, a maximum of 500 total values for all conditions in all advanced event selectors is allowed. A trail is limited to 250 data resources. These data resources can be distributed across event selectors, but the overall total cannot exceed 250. You can: Specify a valid number of event selectors (1 to 5) for a trail. Specify a valid number of data resources (1 to 250) for an event selector. The limit of number of resources on an individual event selector is configurable up to 250. However, this upper limit is allowed only if the total number of data resources does not exceed 250 across all event selectors for a trail. Specify up to 500 values for all conditions in all advanced event selectors for a trail. Specify a valid value for a parameter. For example, specifying the ReadWriteType parameter with a value of read-only is not valid.
InvalidHomeRegionException This exception is thrown when an operation is called on a trail from a Region other than the Region in which the trail was created.
InvalidTrailNameException This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements: Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-) Start with a letter or number, and end with a letter or number Be between 3 and 128 characters Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid. Not be in IP address format (for example, 192.168.5.4)
NoManagementAccountSLRExistsException This exception is thrown when the management account does not have a service-linked role.
NotOrganizationMasterAccountException This exception is thrown when the Amazon Web Services account making the request to create or update an organization trail or event data store is not the management account for an organization in Organizations. For more information, see Prepare For Creating a Trail For Your Organization or Create an event data store.
OperationNotPermittedException This exception is thrown when the requested operation is not permitted.
ThrottlingException This exception is thrown when the request rate exceeds the limit.
TrailNotFoundException This exception is thrown when the trail with the given name is not found.
UnsupportedOperationException This exception is thrown when the requested operation is not supported.

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

See Also