Documentation
¶
Index ¶
- func CfnTrail_CFN_RESOURCE_TYPE_NAME() *string
- func CfnTrail_IsCfnElement(x interface{}) *bool
- func CfnTrail_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnTrail_IsConstruct(x interface{}) *bool
- func NewCfnTrail_Override(c CfnTrail, scope awscdk.Construct, id *string, props *CfnTrailProps)
- func NewTrail_Override(t Trail, scope constructs.Construct, id *string, props *TrailProps)
- func Trail_IsConstruct(x interface{}) *bool
- func Trail_IsResource(construct awscdk.IConstruct) *bool
- func Trail_OnEvent(scope constructs.Construct, id *string, options *awsevents.OnEventOptions) awsevents.Rule
- type AddEventSelectorOptions
- type CfnTrail
- type CfnTrailProps
- type CfnTrail_DataResourceProperty
- type CfnTrail_EventSelectorProperty
- type DataResourceType
- type ReadWriteType
- type S3EventSelector
- type Trail
- type TrailProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnTrail_CFN_RESOURCE_TYPE_NAME ¶
func CfnTrail_CFN_RESOURCE_TYPE_NAME() *string
func CfnTrail_IsCfnElement ¶
func CfnTrail_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnTrail_IsCfnResource ¶
func CfnTrail_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnTrail_IsConstruct ¶
func CfnTrail_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func NewCfnTrail_Override ¶
func NewCfnTrail_Override(c CfnTrail, scope awscdk.Construct, id *string, props *CfnTrailProps)
Create a new `AWS::CloudTrail::Trail`.
func NewTrail_Override ¶
func NewTrail_Override(t Trail, scope constructs.Construct, id *string, props *TrailProps)
Experimental.
func Trail_IsConstruct ¶
func Trail_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func Trail_IsResource ¶
func Trail_IsResource(construct awscdk.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func Trail_OnEvent ¶
func Trail_OnEvent(scope constructs.Construct, id *string, options *awsevents.OnEventOptions) awsevents.Rule
Create an event rule for when an event is recorded by any Trail in the account.
Note that the event doesn't necessarily have to come from this Trail, it can be captured from any one.
Be sure to filter the event further down using an event pattern. Experimental.
Types ¶
type AddEventSelectorOptions ¶
type AddEventSelectorOptions struct {
// Specifies whether the event selector includes management events for the trail.
// Experimental.
IncludeManagementEvents *bool `json:"includeManagementEvents"`
// Specifies whether to log read-only events, write-only events, or all events.
// Experimental.
ReadWriteType ReadWriteType `json:"readWriteType"`
}
Options for adding an event selector. Experimental.
type CfnTrail ¶
type CfnTrail interface {
awscdk.CfnResource
awscdk.IInspectable
AttrArn() *string
AttrSnsTopicArn() *string
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
CfnResourceType() *string
CloudWatchLogsLogGroupArn() *string
SetCloudWatchLogsLogGroupArn(val *string)
CloudWatchLogsRoleArn() *string
SetCloudWatchLogsRoleArn(val *string)
CreationStack() *[]*string
EnableLogFileValidation() interface{}
SetEnableLogFileValidation(val interface{})
EventSelectors() interface{}
SetEventSelectors(val interface{})
IncludeGlobalServiceEvents() interface{}
SetIncludeGlobalServiceEvents(val interface{})
IsLogging() interface{}
SetIsLogging(val interface{})
IsMultiRegionTrail() interface{}
SetIsMultiRegionTrail(val interface{})
KmsKeyId() *string
SetKmsKeyId(val *string)
LogicalId() *string
Node() awscdk.ConstructNode
Ref() *string
S3BucketName() *string
SetS3BucketName(val *string)
S3KeyPrefix() *string
SetS3KeyPrefix(val *string)
SnsTopicName() *string
SetSnsTopicName(val *string)
Stack() awscdk.Stack
Tags() awscdk.TagManager
TrailName() *string
SetTrailName(val *string)
UpdatedProperites() *map[string]interface{}
AddDeletionOverride(path *string)
AddDependsOn(target awscdk.CfnResource)
AddMetadata(key *string, value interface{})
AddOverride(path *string, value interface{})
AddPropertyDeletionOverride(propertyPath *string)
AddPropertyOverride(propertyPath *string, value interface{})
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
GetAtt(attributeName *string) awscdk.Reference
GetMetadata(key *string) interface{}
Inspect(inspector awscdk.TreeInspector)
OnPrepare()
OnSynthesize(session constructs.ISynthesisSession)
OnValidate() *[]*string
OverrideLogicalId(newLogicalId *string)
Prepare()
RenderProperties(props *map[string]interface{}) *map[string]interface{}
ShouldSynthesize() *bool
Synthesize(session awscdk.ISynthesisSession)
ToString() *string
Validate() *[]*string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::CloudTrail::Trail`.
func NewCfnTrail ¶
func NewCfnTrail(scope awscdk.Construct, id *string, props *CfnTrailProps) CfnTrail
Create a new `AWS::CloudTrail::Trail`.
type CfnTrailProps ¶
type CfnTrailProps struct {
// `AWS::CloudTrail::Trail.IsLogging`.
IsLogging interface{} `json:"isLogging"`
// `AWS::CloudTrail::Trail.S3BucketName`.
S3BucketName *string `json:"s3BucketName"`
// `AWS::CloudTrail::Trail.CloudWatchLogsLogGroupArn`.
CloudWatchLogsLogGroupArn *string `json:"cloudWatchLogsLogGroupArn"`
// `AWS::CloudTrail::Trail.CloudWatchLogsRoleArn`.
CloudWatchLogsRoleArn *string `json:"cloudWatchLogsRoleArn"`
// `AWS::CloudTrail::Trail.EnableLogFileValidation`.
EnableLogFileValidation interface{} `json:"enableLogFileValidation"`
// `AWS::CloudTrail::Trail.EventSelectors`.
EventSelectors interface{} `json:"eventSelectors"`
// `AWS::CloudTrail::Trail.IncludeGlobalServiceEvents`.
IncludeGlobalServiceEvents interface{} `json:"includeGlobalServiceEvents"`
// `AWS::CloudTrail::Trail.IsMultiRegionTrail`.
IsMultiRegionTrail interface{} `json:"isMultiRegionTrail"`
// `AWS::CloudTrail::Trail.KMSKeyId`.
KmsKeyId *string `json:"kmsKeyId"`
// `AWS::CloudTrail::Trail.S3KeyPrefix`.
S3KeyPrefix *string `json:"s3KeyPrefix"`
// `AWS::CloudTrail::Trail.SnsTopicName`.
SnsTopicName *string `json:"snsTopicName"`
// `AWS::CloudTrail::Trail.Tags`.
Tags *[]*awscdk.CfnTag `json:"tags"`
// `AWS::CloudTrail::Trail.TrailName`.
TrailName *string `json:"trailName"`
}
Properties for defining a `AWS::CloudTrail::Trail`.
type CfnTrail_EventSelectorProperty ¶
type CfnTrail_EventSelectorProperty struct {
// `CfnTrail.EventSelectorProperty.DataResources`.
DataResources interface{} `json:"dataResources"`
// `CfnTrail.EventSelectorProperty.IncludeManagementEvents`.
IncludeManagementEvents interface{} `json:"includeManagementEvents"`
// `CfnTrail.EventSelectorProperty.ReadWriteType`.
ReadWriteType *string `json:"readWriteType"`
}
type DataResourceType ¶
type DataResourceType string
Resource type for a data event. Experimental.
const ( DataResourceType_LAMBDA_FUNCTION DataResourceType = "LAMBDA_FUNCTION" DataResourceType_S3_OBJECT DataResourceType = "S3_OBJECT" )
type ReadWriteType ¶
type ReadWriteType string
Types of events that CloudTrail can log. Experimental.
const ( ReadWriteType_READ_ONLY ReadWriteType = "READ_ONLY" ReadWriteType_WRITE_ONLY ReadWriteType = "WRITE_ONLY" ReadWriteType_ALL ReadWriteType = "ALL" ReadWriteType_NONE ReadWriteType = "NONE" )
type S3EventSelector ¶
type S3EventSelector struct {
// S3 bucket.
// Experimental.
Bucket awss3.IBucket `json:"bucket"`
// Data events for objects whose key matches this prefix will be logged.
// Experimental.
ObjectPrefix *string `json:"objectPrefix"`
}
Selecting an S3 bucket and an optional prefix to be logged for data events. Experimental.
type Trail ¶
type Trail interface {
awscdk.Resource
Env() *awscdk.ResourceEnvironment
LogGroup() awslogs.ILogGroup
Node() awscdk.ConstructNode
PhysicalName() *string
Stack() awscdk.Stack
TrailArn() *string
TrailSnsTopicArn() *string
AddEventSelector(dataResourceType DataResourceType, dataResourceValues *[]*string, options *AddEventSelectorOptions)
AddLambdaEventSelector(handlers *[]awslambda.IFunction, options *AddEventSelectorOptions)
AddS3EventSelector(s3Selector *[]*S3EventSelector, options *AddEventSelectorOptions)
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
GetResourceNameAttribute(nameAttr *string) *string
LogAllLambdaDataEvents(options *AddEventSelectorOptions)
LogAllS3DataEvents(options *AddEventSelectorOptions)
OnCloudTrailEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
OnPrepare()
OnSynthesize(session constructs.ISynthesisSession)
OnValidate() *[]*string
Prepare()
Synthesize(session awscdk.ISynthesisSession)
ToString() *string
Validate() *[]*string
}
Cloud trail allows you to log events that happen in your AWS account For example:.
import { CloudTrail } from '@aws-cdk/aws-cloudtrail'
const cloudTrail = new CloudTrail(this, 'MyTrail');
NOTE the above example creates an UNENCRYPTED bucket by default, If you are required to use an Encrypted bucket you can supply a preconfigured bucket via TrailProps Experimental.
func NewTrail ¶
func NewTrail(scope constructs.Construct, id *string, props *TrailProps) Trail
Experimental.
type TrailProps ¶
type TrailProps struct {
// The Amazon S3 bucket.
// Experimental.
Bucket awss3.IBucket `json:"bucket"`
// Log Group to which CloudTrail to push logs to.
//
// Ignored if sendToCloudWatchLogs is set to false.
// Experimental.
CloudWatchLogGroup awslogs.ILogGroup `json:"cloudWatchLogGroup"`
// How long to retain logs in CloudWatchLogs.
//
// Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
// Experimental.
CloudWatchLogsRetention awslogs.RetentionDays `json:"cloudWatchLogsRetention"`
// To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation.
//
// This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing.
// This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
// You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
// Experimental.
EnableFileValidation *bool `json:"enableFileValidation"`
// The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
// Experimental.
EncryptionKey awskms.IKey `json:"encryptionKey"`
// For most services, events are recorded in the region where the action occurred.
//
// For global services such as AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53,
// events are delivered to any trail that includes global services, and are logged as occurring in US East (N. Virginia) Region.
// Experimental.
IncludeGlobalServiceEvents *bool `json:"includeGlobalServiceEvents"`
// Whether or not this trail delivers log files from multiple regions to a single S3 bucket for a single account.
// Experimental.
IsMultiRegionTrail *bool `json:"isMultiRegionTrail"`
// The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
// Deprecated: - use encryptionKey instead.
KmsKey awskms.IKey `json:"kmsKey"`
// When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
//
// Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
//
// This method sets the management configuration for this trail.
//
// Management events provide insight into management operations that are performed on resources in your AWS account.
// These are also known as control plane operations.
// Management events can also include non-API events that occur in your account.
// For example, when a user logs in to your account, CloudTrail logs the ConsoleLogin event.
// Experimental.
ManagementEvents ReadWriteType `json:"managementEvents"`
// An Amazon S3 object key prefix that precedes the name of all log files.
// Experimental.
S3KeyPrefix *string `json:"s3KeyPrefix"`
// If CloudTrail pushes logs to CloudWatch Logs in addition to S3.
//
// Disabled for cost out of the box.
// Experimental.
SendToCloudWatchLogs *bool `json:"sendToCloudWatchLogs"`
// SNS topic that is notified when new log files are published.
// Experimental.
SnsTopic awssns.ITopic `json:"snsTopic"`
// The name of the trail.
//
// We recoomend customers do not set an explicit name.
// Experimental.
TrailName *string `json:"trailName"`
}
Properties for an AWS CloudTrail trail. Experimental.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.