AWS::CloudTrail::Dashboard
Creates a custom dashboard or the Highlights dashboard.
-
Custom dashboards - Custom dashboards allow you to query events in any event data store type. You can add up to 10 widgets to a custom dashboard. You can manually refresh a custom dashboard, or you can set a refresh schedule.
-
Highlights dashboard - You can create the Highlights dashboard to see a summary of key user activities and API usage across all your event data stores. CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard every 6 hours. To create the Highlights dashboard, you must set and enable a refresh schedule.
CloudTrail runs queries to populate the dashboard's widgets during a manual or scheduled refresh. CloudTrail must be granted permissions to run the StartQuery operation on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to each event data store. For more information,
see Example: Allow CloudTrail to run queries to populate a dashboard in the
AWS CloudTrail User Guide.
To set a refresh schedule, CloudTrail must be granted permissions to run the StartDashboardRefresh operation to refresh the dashboard on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to the dashboard. For more information,
see
Resource-based policy example for a dashboard in the
AWS CloudTrail User Guide.
For more information about dashboards, see CloudTrail Lake dashboards in the AWS CloudTrail User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::CloudTrail::Dashboard", "Properties" : { "Name" :String, "RefreshSchedule" :RefreshSchedule, "Tags" :[ Tag, ... ], "TerminationProtectionEnabled" :Boolean, "Widgets" :[ Widget, ... ]} }
YAML
Type: AWS::CloudTrail::Dashboard Properties: Name:StringRefreshSchedule:RefreshScheduleTags:- TagTerminationProtectionEnabled:BooleanWidgets:- Widget
Properties
Name-
The name of the dashboard. The name must be unique to your account.
To create the Highlights dashboard, the name must be
AWSCloudTrail-Highlights.Required: No
Type: String
Pattern:
^[a-zA-Z0-9_\-]+$Update requires: No interruption
RefreshSchedule-
The schedule for a dashboard refresh.
Required: No
Type: RefreshSchedule
Update requires: No interruption
-
A list of tags.
Required: No
Type: Array of Tag
Update requires: No interruption
TerminationProtectionEnabled-
Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled.
Required: No
Type: Boolean
Update requires: No interruption
Widgets-
An array of widgets for a custom dashboard. A custom dashboard can have a maximum of ten widgets.
You do not need to specify widgets for the Highlights dashboard.
Required: No
Type: Array of Widget
Update requires: No interruption
Return values
Ref
Fn::GetAtt
CreatedTimestamp-
The timestamp that shows when the dashboard was created.
DashboardArn-
The ARN for the dashboard.
Status-
The status of the dashboard.
Type-
The type of dashboard.
UpdatedTimestamp-
The timestamp that shows when the dashboard was updated.
Examples
Example: Create a custom dashboard
The following example creates a custom dashboard named AccountActivityDashboard with four widgets.
In this example, a refresh schedule has been set for every 6 hours and termination protection is enabled to prevent the dashboard from being accidentally deleted.
JSON
{ "Resources": { "Dashboard": { "Type": "AWS::CloudTrail::Dashboard", "Properties": { "Name": "AccountActivityDashboard", "RefreshSchedule": { "Frequency": { "Unit": "HOURS", "Value": 6 }, "Status": "ENABLED", "TimeOfDay": "00:00" }, "Tags": [{ "Key": "k1", "Value": "v1" }, { "Key": "k2", "Value": "v2" } ], "TerminationProtectionEnabled": true, "Widgets": [{ "ViewProperties": { "Height": "2", "Width": "4", "Title": "TopErrors", "View": "Table" }, "QueryStatement": "SELECT errorCode, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' AND (errorCode is not null) GROUP BY errorCode ORDER BY eventCount DESC LIMIT 100", "QueryParameters": ["$StartTime$", "$EndTime$"] }, { "ViewProperties": { "Height": "2", "Width": "4", "Title": "MostActiveRegions", "View": "PieChart", "LabelColumn": "awsRegion", "ValueColumn": "eventCount", "FilterColumn": "awsRegion" }, "QueryStatement": "SELECT awsRegion, COUNT(*) AS eventCount FROM eds where eventTime > '?' and eventTime < '?' GROUP BY awsRegion ORDER BY eventCount LIMIT 100", "QueryParameters": ["$StartTime$", "$EndTime$"] }, { "ViewProperties": { "Height": "2", "Width": "4", "Title": "AccountActivity", "View": "LineChart", "YAxisColumn": "eventCount", "XAxisColumn": "eventDate", "FilterColumn": "readOnly" }, "QueryStatement": "SELECT DATE_TRUNC('?', eventTime) AS eventDate, IF(readOnly, 'read', 'write') AS readOnly, COUNT(*) as eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY DATE_TRUNC('?', eventTime), readOnly ORDER BY DATE_TRUNC('?', eventTime), readOnly", "QueryParameters": ["$Period$", "$StartTime$", "$EndTime$", "$Period$", "$Period$"] }, { "ViewProperties": { "Height": "2", "Width": "4", "Title": "TopServices", "View": "BarChart", "LabelColumn": "service", "ValueColumn": "eventCount", "FilterColumn": "service", "Orientation": "Horizontal" }, "QueryStatement": "SELECT REPLACE(eventSource, '.amazonaws.com') AS service, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY eventSource ORDER BY eventCount DESC LIMIT 100", "QueryParameters": ["$StartTime$", "$EndTime$"] } ] } } } }
YAML
Resources: Dashboard: Type: 'AWS::CloudTrail::Dashboard' Properties: Name: "AccountActivityDashboard" TerminationProtectionEnabled: true RefreshSchedule: Frequency: Unit: "HOURS" Value: 6 Status: "ENABLED" TimeOfDay: "00:00" Tags: - Key: "k1" Value: "v1" - Key: "k2" Value: "v2" Widgets: - QueryStatement: "SELECT errorCode, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' AND (errorCode is not null) GROUP BY errorCode ORDER BY eventCount DESC LIMIT 100" QueryParameters: - "$StartTime$" - "$EndTime$" ViewProperties: Height: "2" Width: "4" Title: "TopErrors" View: "Table" - QueryStatement: "SELECT awsRegion, COUNT(*) AS eventCount FROM eds where eventTime > '?' and eventTime < '?' GROUP BY awsRegion ORDER BY eventCount LIMIT 100" QueryParameters: - "$StartTime$" - "$EndTime$" ViewProperties: Height: "2" Width: "4" Title: "MostActiveRegions" View: "PieChart" LabelColumn: "awsRegion" ValueColumn: "eventCount" FilterColumn: "awsRegion" - QueryStatement: "SELECT DATE_TRUNC('?', eventTime) AS eventDate, IF(readOnly, 'read', 'write') AS readOnly, COUNT(*) as eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY DATE_TRUNC('?', eventTime), readOnly ORDER BY DATE_TRUNC('?', eventTime), readOnly" QueryParameters: - "$Period$" - "$StartTime$" - "$EndTime$" - "$Period$" - "$Period$" ViewProperties: Height: "2" Width: "4" Title: "AccountActivity" View: "LineChart" YAxisColumn: "eventCount" XAxisColumn: "eventDate" FilterColumn: "readOnly" - QueryStatement: "SELECT REPLACE(eventSource, '.amazonaws.com') AS service, COUNT(*) AS eventCount FROM eds WHERE eventTime > '?' AND eventTime < '?' GROUP BY eventSource ORDER BY eventCount DESC LIMIT 100" QueryParameters: - "$StartTime$" - "$EndTime$" ViewProperties: Height: "2" Width: "4" Title: "TopServices" View: "BarChart" LabelColumn: "service" ValueColumn: "eventCount" FilterColumn: "service" Orientation: "Horizontal"
