Package software.amazon.awscdk.services.cloudtrail

Class TrailProps.Builder

java.lang.Object
software.amazon.awscdk.services.cloudtrail.TrailProps.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<TrailProps>
Enclosing interface:
TrailProps
@Stability(Stable) public static final class TrailProps.Builder extends Object implements software.amazon.jsii.Builder<TrailProps>
A builder for TrailProps

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • bucket

      @Stability(Stable) public TrailProps.Builder bucket(IBucket bucket)
      Sets the value of TrailProps.getBucket()
      Parameters:
      bucket - The Amazon S3 bucket.
      Returns:
      this

    • cloudWatchLogGroup

      @Stability(Stable) public TrailProps.Builder cloudWatchLogGroup(ILogGroup cloudWatchLogGroup)
      Sets the value of TrailProps.getCloudWatchLogGroup()
      Parameters:
      cloudWatchLogGroup - Log Group to which CloudTrail to push logs to. Ignored if sendToCloudWatchLogs is set to false.
      Returns:
      this

    • cloudWatchLogsRetention

      @Stability(Stable) public TrailProps.Builder cloudWatchLogsRetention(RetentionDays cloudWatchLogsRetention)
      Sets the value of TrailProps.getCloudWatchLogsRetention()
      Parameters:
      cloudWatchLogsRetention - How long to retain logs in CloudWatchLogs. Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
      Returns:
      this

    • enableFileValidation

      @Stability(Stable) public TrailProps.Builder enableFileValidation(Boolean enableFileValidation)
      Sets the value of TrailProps.getEnableFileValidation()
      Parameters:
      enableFileValidation - To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
      Returns:
      this

    • encryptionKey

      @Stability(Stable) public TrailProps.Builder encryptionKey(IKey encryptionKey)
      Sets the value of TrailProps.getEncryptionKey()
      Parameters:
      encryptionKey - The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
      Returns:
      this

    • includeGlobalServiceEvents

      @Stability(Stable) public TrailProps.Builder includeGlobalServiceEvents(Boolean includeGlobalServiceEvents)
      Sets the value of TrailProps.getIncludeGlobalServiceEvents()
      Parameters:
      includeGlobalServiceEvents - For most services, events are recorded in the region where the action occurred. For global services such as AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53, events are delivered to any trail that includes global services, and are logged as occurring in US East (N. Virginia) Region.
      Returns:
      this

    • insightTypes

      @Stability(Stable) public TrailProps.Builder insightTypes(List<? extends InsightType> insightTypes)
      Sets the value of TrailProps.getInsightTypes()
      Parameters:
      insightTypes - A JSON string that contains the insight types you want to log on a trail.
      Returns:
      this

    • isMultiRegionTrail

      @Stability(Stable) public TrailProps.Builder isMultiRegionTrail(Boolean isMultiRegionTrail)
      Sets the value of TrailProps.getIsMultiRegionTrail()
      Parameters:
      isMultiRegionTrail - Whether or not this trail delivers log files from multiple regions to a single S3 bucket for a single account.
      Returns:
      this

    • isOrganizationTrail

      @Stability(Stable) public TrailProps.Builder isOrganizationTrail(Boolean isOrganizationTrail)
      Sets the value of TrailProps.getIsOrganizationTrail()
      Parameters:
      isOrganizationTrail - Specifies whether the trail is applied to all accounts in an organization in AWS Organizations, or only for the current AWS account. If this is set to true then the current account must be the management account. If it is not, then CloudFormation will throw an error.

      If this is set to true and the current account is a management account for an organization in AWS Organizations, the trail will be created in all AWS accounts that belong to the organization. If this is set to false, the trail will remain in the current AWS account but be deleted from all member accounts in the organization.

      Returns:
      this

    • managementEvents

      @Stability(Stable) public TrailProps.Builder managementEvents(ReadWriteType managementEvents)
      Sets the value of TrailProps.getManagementEvents()
      Parameters:
      managementEvents - When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails. Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.

      This method sets the management configuration for this trail.

      Management events provide insight into management operations that are performed on resources in your AWS account. These are also known as control plane operations. Management events can also include non-API events that occur in your account. For example, when a user logs in to your account, CloudTrail logs the ConsoleLogin event.

      Returns:
      this

    • orgId

      @Stability(Stable) public TrailProps.Builder orgId(String orgId)
      Sets the value of TrailProps.getOrgId()
      Parameters:
      orgId - The orgId. Required when isOrganizationTrail is set to true to attach the necessary permissions.
      Returns:
      this

    • s3KeyPrefix

      @Stability(Stable) public TrailProps.Builder s3KeyPrefix(String s3KeyPrefix)
      Sets the value of TrailProps.getS3KeyPrefix()
      Parameters:
      s3KeyPrefix - An Amazon S3 object key prefix that precedes the name of all log files.
      Returns:
      this

    • sendToCloudWatchLogs

      @Stability(Stable) public TrailProps.Builder sendToCloudWatchLogs(Boolean sendToCloudWatchLogs)
      Sets the value of TrailProps.getSendToCloudWatchLogs()
      Parameters:
      sendToCloudWatchLogs - If CloudTrail pushes logs to CloudWatch Logs in addition to S3. Disabled for cost out of the box.
      Returns:
      this

    • snsTopic

      @Stability(Stable) public TrailProps.Builder snsTopic(ITopic snsTopic)
      Sets the value of TrailProps.getSnsTopic()
      Parameters:
      snsTopic - SNS topic that is notified when new log files are published.
      Returns:
      this

    • trailName

      @Stability(Stable) public TrailProps.Builder trailName(String trailName)
      Sets the value of TrailProps.getTrailName()
      Parameters:
      trailName - The name of the trail. We recommend customers do not set an explicit name.
      Returns:
      this

    • build

      @Stability(Stable) public TrailProps build()
      Builds the configured instance.
      Specified by:
      build in interface software.amazon.jsii.Builder<TrailProps>
      Returns:
      a new instance of TrailProps
      Throws:
      NullPointerException - if any required attribute was not provided