awscloudtrail

package
v1.133.0-devpreview Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 19, 2021 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CfnTrail_CFN_RESOURCE_TYPE_NAME 

func CfnTrail_CFN_RESOURCE_TYPE_NAME() *string

func CfnTrail_IsCfnElement 

func CfnTrail_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnTrail_IsCfnResource 

func CfnTrail_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnTrail_IsConstruct 

func CfnTrail_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func NewCfnTrail_Override 

func NewCfnTrail_Override(c CfnTrail, scope awscdk.Construct, id *string, props *CfnTrailProps)

Create a new `AWS::CloudTrail::Trail`.

func NewTrail_Override 

func NewTrail_Override(t Trail, scope constructs.Construct, id *string, props *TrailProps)

Experimental.

func Trail_IsConstruct 

func Trail_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func Trail_IsResource 

func Trail_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func Trail_OnEvent 

func Trail_OnEvent(scope constructs.Construct, id *string, options *awsevents.OnEventOptions) awsevents.Rule

Create an event rule for when an event is recorded by any Trail in the account.

Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.

Be sure to filter the event further down using an event pattern. Experimental.

Types

type AddEventSelectorOptions 

type AddEventSelectorOptions struct {
	// An optional list of service event sources from which you do not want management events to be logged on your trail.
	// Experimental.
	ExcludeManagementEventSources *[]ManagementEventSources `json:"excludeManagementEventSources"`
	// Specifies whether the event selector includes management events for the trail.
	// Experimental.
	IncludeManagementEvents *bool `json:"includeManagementEvents"`
	// Specifies whether to log read-only events, write-only events, or all events.
	// Experimental.
	ReadWriteType ReadWriteType `json:"readWriteType"`
}

Options for adding an event selector.

TODO: EXAMPLE

Experimental.

type CfnTrail 

type CfnTrail interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrArn() *string
	AttrSnsTopicArn() *string
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CloudWatchLogsLogGroupArn() *string
	SetCloudWatchLogsLogGroupArn(val *string)
	CloudWatchLogsRoleArn() *string
	SetCloudWatchLogsRoleArn(val *string)
	CreationStack() *[]*string
	EnableLogFileValidation() interface{}
	SetEnableLogFileValidation(val interface{})
	EventSelectors() interface{}
	SetEventSelectors(val interface{})
	IncludeGlobalServiceEvents() interface{}
	SetIncludeGlobalServiceEvents(val interface{})
	InsightSelectors() interface{}
	SetInsightSelectors(val interface{})
	IsLogging() interface{}
	SetIsLogging(val interface{})
	IsMultiRegionTrail() interface{}
	SetIsMultiRegionTrail(val interface{})
	IsOrganizationTrail() interface{}
	SetIsOrganizationTrail(val interface{})
	KmsKeyId() *string
	SetKmsKeyId(val *string)
	LogicalId() *string
	Node() awscdk.ConstructNode
	Ref() *string
	S3BucketName() *string
	SetS3BucketName(val *string)
	S3KeyPrefix() *string
	SetS3KeyPrefix(val *string)
	SnsTopicName() *string
	SetSnsTopicName(val *string)
	Stack() awscdk.Stack
	Tags() awscdk.TagManager
	TrailName() *string
	SetTrailName(val *string)
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::CloudTrail::Trail`.

func NewCfnTrail 

func NewCfnTrail(scope awscdk.Construct, id *string, props *CfnTrailProps) CfnTrail

Create a new `AWS::CloudTrail::Trail`.

type CfnTrailProps 

type CfnTrailProps struct {
	// `AWS::CloudTrail::Trail.IsLogging`.
	IsLogging interface{} `json:"isLogging"`
	// `AWS::CloudTrail::Trail.S3BucketName`.
	S3BucketName *string `json:"s3BucketName"`
	// `AWS::CloudTrail::Trail.CloudWatchLogsLogGroupArn`.
	CloudWatchLogsLogGroupArn *string `json:"cloudWatchLogsLogGroupArn"`
	// `AWS::CloudTrail::Trail.CloudWatchLogsRoleArn`.
	CloudWatchLogsRoleArn *string `json:"cloudWatchLogsRoleArn"`
	// `AWS::CloudTrail::Trail.EnableLogFileValidation`.
	EnableLogFileValidation interface{} `json:"enableLogFileValidation"`
	// `AWS::CloudTrail::Trail.EventSelectors`.
	EventSelectors interface{} `json:"eventSelectors"`
	// `AWS::CloudTrail::Trail.IncludeGlobalServiceEvents`.
	IncludeGlobalServiceEvents interface{} `json:"includeGlobalServiceEvents"`
	// `AWS::CloudTrail::Trail.InsightSelectors`.
	InsightSelectors interface{} `json:"insightSelectors"`
	// `AWS::CloudTrail::Trail.IsMultiRegionTrail`.
	IsMultiRegionTrail interface{} `json:"isMultiRegionTrail"`
	// `AWS::CloudTrail::Trail.IsOrganizationTrail`.
	IsOrganizationTrail interface{} `json:"isOrganizationTrail"`
	// `AWS::CloudTrail::Trail.KMSKeyId`.
	KmsKeyId *string `json:"kmsKeyId"`
	// `AWS::CloudTrail::Trail.S3KeyPrefix`.
	S3KeyPrefix *string `json:"s3KeyPrefix"`
	// `AWS::CloudTrail::Trail.SnsTopicName`.
	SnsTopicName *string `json:"snsTopicName"`
	// `AWS::CloudTrail::Trail.Tags`.
	Tags *[]*awscdk.CfnTag `json:"tags"`
	// `AWS::CloudTrail::Trail.TrailName`.
	TrailName *string `json:"trailName"`
}

Properties for defining a `AWS::CloudTrail::Trail`.

type CfnTrail_DataResourceProperty 

type CfnTrail_DataResourceProperty struct {
	// `CfnTrail.DataResourceProperty.Type`.
	Type *string `json:"type"`
	// `CfnTrail.DataResourceProperty.Values`.
	Values *[]*string `json:"values"`
}

type CfnTrail_EventSelectorProperty 

type CfnTrail_EventSelectorProperty struct {
	// `CfnTrail.EventSelectorProperty.DataResources`.
	DataResources interface{} `json:"dataResources"`
	// `CfnTrail.EventSelectorProperty.ExcludeManagementEventSources`.
	ExcludeManagementEventSources *[]*string `json:"excludeManagementEventSources"`
	// `CfnTrail.EventSelectorProperty.IncludeManagementEvents`.
	IncludeManagementEvents interface{} `json:"includeManagementEvents"`
	// `CfnTrail.EventSelectorProperty.ReadWriteType`.
	ReadWriteType *string `json:"readWriteType"`
}

type CfnTrail_InsightSelectorProperty 

type CfnTrail_InsightSelectorProperty struct {
	// `CfnTrail.InsightSelectorProperty.InsightType`.
	InsightType *string `json:"insightType"`
}

type DataResourceType 

type DataResourceType string

Resource type for a data event. Experimental. 

const (
	DataResourceType_LAMBDA_FUNCTION DataResourceType = "LAMBDA_FUNCTION"
	DataResourceType_S3_OBJECT       DataResourceType = "S3_OBJECT"
)

type ManagementEventSources 

type ManagementEventSources string

Types of management event sources that can be excluded. Experimental. 

const (
	ManagementEventSources_KMS          ManagementEventSources = "KMS"
	ManagementEventSources_RDS_DATA_API ManagementEventSources = "RDS_DATA_API"
)

type ReadWriteType 

type ReadWriteType string

Types of events that CloudTrail can log.

TODO: EXAMPLE

Experimental. 

const (
	ReadWriteType_READ_ONLY  ReadWriteType = "READ_ONLY"
	ReadWriteType_WRITE_ONLY ReadWriteType = "WRITE_ONLY"
	ReadWriteType_ALL        ReadWriteType = "ALL"
	ReadWriteType_NONE       ReadWriteType = "NONE"
)

type S3EventSelector 

type S3EventSelector struct {
	// S3 bucket.
	// Experimental.
	Bucket awss3.IBucket `json:"bucket"`
	// Data events for objects whose key matches this prefix will be logged.
	// Experimental.
	ObjectPrefix *string `json:"objectPrefix"`
}

Selecting an S3 bucket and an optional prefix to be logged for data events. Experimental.

type Trail 

type Trail interface {
	awscdk.Resource
	Env() *awscdk.ResourceEnvironment
	LogGroup() awslogs.ILogGroup
	Node() awscdk.ConstructNode
	PhysicalName() *string
	Stack() awscdk.Stack
	TrailArn() *string
	TrailSnsTopicArn() *string
	AddEventSelector(dataResourceType DataResourceType, dataResourceValues *[]*string, options *AddEventSelectorOptions)
	AddLambdaEventSelector(handlers *[]awslambda.IFunction, options *AddEventSelectorOptions)
	AddS3EventSelector(s3Selector *[]*S3EventSelector, options *AddEventSelectorOptions)
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	LogAllLambdaDataEvents(options *AddEventSelectorOptions)
	LogAllS3DataEvents(options *AddEventSelectorOptions)
	OnCloudTrailEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

Cloud trail allows you to log events that happen in your AWS account For example:.

import { CloudTrail } from '@aws-cdk/aws-cloudtrail'

const cloudTrail = new CloudTrail(this, 'MyTrail');

NOTE the above example creates an UNENCRYPTED bucket by default, If you are required to use an Encrypted bucket you can supply a preconfigured bucket via TrailProps

TODO: EXAMPLE

Experimental.

func NewTrail 

func NewTrail(scope constructs.Construct, id *string, props *TrailProps) Trail

Experimental.

type TrailProps 

type TrailProps struct {
	// The Amazon S3 bucket.
	// Experimental.
	Bucket awss3.IBucket `json:"bucket"`
	// Log Group to which CloudTrail to push logs to.
	//
	// Ignored if sendToCloudWatchLogs is set to false.
	// Experimental.
	CloudWatchLogGroup awslogs.ILogGroup `json:"cloudWatchLogGroup"`
	// How long to retain logs in CloudWatchLogs.
	//
	// Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
	// Experimental.
	CloudWatchLogsRetention awslogs.RetentionDays `json:"cloudWatchLogsRetention"`
	// To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation.
	//
	// This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing.
	// This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
	// You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
	// Experimental.
	EnableFileValidation *bool `json:"enableFileValidation"`
	// The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// For most services, events are recorded in the region where the action occurred.
	//
	// For global services such as AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53,
	// events are delivered to any trail that includes global services, and are logged as occurring in US East (N. Virginia) Region.
	// Experimental.
	IncludeGlobalServiceEvents *bool `json:"includeGlobalServiceEvents"`
	// Whether or not this trail delivers log files from multiple regions to a single S3 bucket for a single account.
	// Experimental.
	IsMultiRegionTrail *bool `json:"isMultiRegionTrail"`
	// The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
	// Deprecated: - use encryptionKey instead.
	KmsKey awskms.IKey `json:"kmsKey"`
	// When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
	//
	// Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
	//
	// This method sets the management configuration for this trail.
	//
	// Management events provide insight into management operations that are performed on resources in your AWS account.
	// These are also known as control plane operations.
	// Management events can also include non-API events that occur in your account.
	// For example, when a user logs in to your account, CloudTrail logs the ConsoleLogin event.
	// Experimental.
	ManagementEvents ReadWriteType `json:"managementEvents"`
	// An Amazon S3 object key prefix that precedes the name of all log files.
	// Experimental.
	S3KeyPrefix *string `json:"s3KeyPrefix"`
	// If CloudTrail pushes logs to CloudWatch Logs in addition to S3.
	//
	// Disabled for cost out of the box.
	// Experimental.
	SendToCloudWatchLogs *bool `json:"sendToCloudWatchLogs"`
	// SNS topic that is notified when new log files are published.
	// Experimental.
	SnsTopic awssns.ITopic `json:"snsTopic"`
	// The name of the trail.
	//
	// We recommend customers do not set an explicit name.
	// Experimental.
	TrailName *string `json:"trailName"`
}

Properties for an AWS CloudTrail trail.

TODO: EXAMPLE

Experimental.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.