Package software.amazon.awscdk.services.cloudtrail

Class Trail

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.Resource
software.amazon.awscdk.services.cloudtrail.Trail
All Implemented Interfaces:
IConstruct, IDependable, IResource, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:40.925Z") @Stability(Stable) public class Trail extends Resource
Cloud trail allows you to log events that happen in your AWS account For example:.

import { CloudTrail } from '@aws-cdk/aws-cloudtrail'

const cloudTrail = new CloudTrail(this, 'MyTrail');

NOTE the above example creates an UNENCRYPTED bucket by default, If you are required to use an Encrypted bucket you can supply a preconfigured bucket via TrailProps

Example: 

 import software.amazon.awscdk.services.cloudtrail.*;
 IAlias myKeyAlias = Alias.fromAliasName(this, "myKey", "alias/aws/s3");
 Trail trail = Trail.Builder.create(this, "myCloudTrail")
         .sendToCloudWatchLogs(true)
         .kmsKey(myKeyAlias)
         .build();

  • Constructor Details

    • Trail

      protected Trail(software.amazon.jsii.JsiiObjectRef objRef)

    • Trail

      protected Trail(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • Trail

      @Stability(Stable) public Trail(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable TrailProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -

    • Trail

      @Stability(Stable) public Trail(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

  • Method Details

    • onEvent

      @Stability(Stable) @NotNull public static Rule onEvent(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable OnEventOptions options)
      Create an event rule for when an event is recorded by any Trail in the account.

      Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

      Be sure to filter the event further down using an event pattern.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      options -

    • onEvent

      @Stability(Stable) @NotNull public static Rule onEvent(@NotNull software.constructs.Construct scope, @NotNull String id)
      Create an event rule for when an event is recorded by any Trail in the account.

      Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

      Be sure to filter the event further down using an event pattern.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.

    • addEventSelector

      @Stability(Stable) public void addEventSelector(@NotNull DataResourceType dataResourceType, @NotNull List<String> dataResourceValues, @Nullable AddEventSelectorOptions options)
      When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

      Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method adds an Event Selector for filtering events that match either S3 or Lambda function operations.

      Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

      Parameters:
      dataResourceType - This parameter is required.
      dataResourceValues - the list of data resource ARNs to include in logging (maximum 250 entries). This parameter is required.
      options - the options to configure logging of management and data events.

    • addEventSelector

      @Stability(Stable) public void addEventSelector(@NotNull DataResourceType dataResourceType, @NotNull List<String> dataResourceValues)
      When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

      Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method adds an Event Selector for filtering events that match either S3 or Lambda function operations.

      Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

      Parameters:
      dataResourceType - This parameter is required.
      dataResourceValues - the list of data resource ARNs to include in logging (maximum 250 entries). This parameter is required.

    • addLambdaEventSelector

      @Stability(Stable) public void addLambdaEventSelector(@NotNull List<IFunction> handlers, @Nullable AddEventSelectorOptions options)
      When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

      Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method adds a Lambda Data Event Selector for filtering events that match Lambda function operations.

      Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

      Parameters:
      handlers - the list of lambda function handlers whose data events should be logged (maximum 250 entries). This parameter is required.
      options - the options to configure logging of management and data events.

    • addLambdaEventSelector

      @Stability(Stable) public void addLambdaEventSelector(@NotNull List<IFunction> handlers)
      When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

      Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method adds a Lambda Data Event Selector for filtering events that match Lambda function operations.

      Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

      Parameters:
      handlers - the list of lambda function handlers whose data events should be logged (maximum 250 entries). This parameter is required.

    • addS3EventSelector

      @Stability(Stable) public void addS3EventSelector(@NotNull List<S3EventSelector> s3Selector, @Nullable AddEventSelectorOptions options)
      When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

      Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method adds an S3 Data Event Selector for filtering events that match S3 operations.

      Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

      Parameters:
      s3Selector - the list of S3 bucket with optional prefix to include in logging (maximum 250 entries). This parameter is required.
      options - the options to configure logging of management and data events.

    • addS3EventSelector

      @Stability(Stable) public void addS3EventSelector(@NotNull List<S3EventSelector> s3Selector)
      When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.

      Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method adds an S3 Data Event Selector for filtering events that match S3 operations.

      Data events: These events provide insight into the resource operations performed on or within a resource. These are also known as data plane operations.

      Parameters:
      s3Selector - the list of S3 bucket with optional prefix to include in logging (maximum 250 entries). This parameter is required.

    • logAllLambdaDataEvents

      @Stability(Stable) public void logAllLambdaDataEvents(@Nullable AddEventSelectorOptions options)
      Log all Lamda data events for all lambda functions the account.

      Default: false

      Parameters:
      options -
      See Also:

    • logAllLambdaDataEvents

      @Stability(Stable) public void logAllLambdaDataEvents()
      Log all Lamda data events for all lambda functions the account.

      Default: false

      See Also:

    • logAllS3DataEvents

      @Stability(Stable) public void logAllS3DataEvents(@Nullable AddEventSelectorOptions options)
      Log all S3 data events for all objects for all buckets in the account.

      Default: false

      Parameters:
      options -
      See Also:

    • logAllS3DataEvents

      @Stability(Stable) public void logAllS3DataEvents()
      Log all S3 data events for all objects for all buckets in the account.

      Default: false

      See Also:

    • onCloudTrailEvent

      @Stability(Deprecated) @Deprecated @NotNull public Rule onCloudTrailEvent(@NotNull String id, @Nullable OnEventOptions options)
      Deprecated.
      • use Trail.onEvent()
      (deprecated) Create an event rule for when an event is recorded by any Trail in the account.

      Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

      Be sure to filter the event further down using an event pattern.

      Parameters:
      id - This parameter is required.
      options -

    • onCloudTrailEvent

      @Stability(Deprecated) @Deprecated @NotNull public Rule onCloudTrailEvent(@NotNull String id)
      Deprecated.
      • use Trail.onEvent()
      (deprecated) Create an event rule for when an event is recorded by any Trail in the account.

      Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

      Be sure to filter the event further down using an event pattern.

      Parameters:
      id - This parameter is required.

    • getTrailArn

      @Stability(Stable) @NotNull public String getTrailArn()
      ARN of the CloudTrail trail i.e. arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail.

    • getTrailSnsTopicArn

      @Stability(Stable) @NotNull public String getTrailSnsTopicArn()
      ARN of the Amazon SNS topic that's associated with the CloudTrail trail, i.e. arn:aws:sns:us-east-2:123456789012:mySNSTopic.

    • getLogGroup

      @Stability(Stable) @Nullable public ILogGroup getLogGroup()
      The CloudWatch log group to which CloudTrail events are sent.

      undefined if sendToCloudWatchLogs property is false.