This exception is thrown when the combination of parameters provided is not * valid.
* + * @throws {@link InvalidParameterException} (client fault) + *The request includes a parameter that is not valid.
+ * * @throws {@link InvalidS3BucketNameException} (client fault) *This exception is thrown when the provided S3 bucket name is not valid.
* diff --git a/clients/client-cloudtrail/src/commands/DescribeTrailsCommand.ts b/clients/client-cloudtrail/src/commands/DescribeTrailsCommand.ts index 2161f7928bff..2b18bd65f6c0 100644 --- a/clients/client-cloudtrail/src/commands/DescribeTrailsCommand.ts +++ b/clients/client-cloudtrail/src/commands/DescribeTrailsCommand.ts @@ -75,6 +75,17 @@ export interface DescribeTrailsCommandOutput extends DescribeTrailsResponse, __M * @see {@link DescribeTrailsCommandOutput} for command's `response` shape. * @see {@link CloudTrailClientResolvedConfig | config} for CloudTrailClient's `config` shape. * + * @throws {@link CloudTrailARNInvalidException} (client fault) + *This exception is thrown when an operation is called with an ARN that is not valid.
+ *The following is the format of a trail ARN: arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
+ *
The following is the format of an event data store ARN:
+ * arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
+ *
The following is the format of a channel ARN:
+ * arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
+ *
This exception is thrown when the provided trail name is not valid. Trail names must * meet the following requirements:
diff --git a/clients/client-cloudtrail/src/commands/ListImportFailuresCommand.ts b/clients/client-cloudtrail/src/commands/ListImportFailuresCommand.ts index f2803dbe3aad..269b1ab26841 100644 --- a/clients/client-cloudtrail/src/commands/ListImportFailuresCommand.ts +++ b/clients/client-cloudtrail/src/commands/ListImportFailuresCommand.ts @@ -67,6 +67,9 @@ export interface ListImportFailuresCommandOutput extends ListImportFailuresRespo *A token that is not valid, or a token that was previously used in a request with * different parameters. This exception is thrown if the token is not valid.
* + * @throws {@link InvalidParameterException} (client fault) + *The request includes a parameter that is not valid.
+ * * @throws {@link OperationNotPermittedException} (client fault) *This exception is thrown when the requested operation is not permitted.
* diff --git a/clients/client-cloudtrail/src/models/models_0.ts b/clients/client-cloudtrail/src/models/models_0.ts index b5f810614bac..eafae9147be9 100644 --- a/clients/client-cloudtrail/src/models/models_0.ts +++ b/clients/client-cloudtrail/src/models/models_0.ts @@ -766,6 +766,11 @@ export interface AdvancedFieldSelector { * *
+ * AWS::AppConfig::Configuration
+ *
* AWS::B2BI::Transformer
*
+ * AWS::GreengrassV2::ComponentVersion
+ *
+ * AWS::GreengrassV2::Deployment
+ *
* AWS::GuardDuty::Detector
*
+ * AWS::IoT::Certificate
+ *
+ * AWS::IoT::Thing
+ *
+ * AWS::IoTSiteWise::Asset
+ *
+ * AWS::IoTSiteWise::TimeSeries
+ *
* AWS::IoTTwinMaker::Entity
*
- * AWS::SageMaker::Endpoint
+ * AWS::S3::AccessPoint
*
- * AWS::SageMaker::ExperimentTrialComponent
+ * AWS::S3ObjectLambda::AccessPoint
*
- * AWS::SageMaker::FeatureGroup
+ * AWS::S3Outposts::Object
*
- * AWS::ServiceDiscovery::Namespace
+ * AWS::SageMaker::Endpoint
*
- * AWS::ServiceDiscovery::Service
+ * AWS::SageMaker::ExperimentTrialComponent
*
- * AWS::SCN::Instance
+ * AWS::SageMaker::FeatureGroup
*
- * AWS::SNS::PlatformEndpoint
+ * AWS::ServiceDiscovery::Namespace
*
- * AWS::SNS::Topic
+ * AWS::ServiceDiscovery::Service
*
- * AWS::SQS::Queue
+ * AWS::SCN::Instance
*
- * AWS::S3::AccessPoint
+ * AWS::SNS::PlatformEndpoint
*
- * AWS::S3ObjectLambda::AccessPoint
+ * AWS::SNS::Topic
*
- * AWS::S3Outposts::Object
+ * AWS::SWF::Domain
+ *
+ * AWS::SQS::Queue
*
When resources.type equals AWS::AppConfig::Configuration, and the operator is
+ * set to Equals or NotEquals, the ARN must be in the
+ * following format:
+ * arn:
+ *
When resources.type equals AWS::B2BI::Transformer, and the operator is
* set to Equals or NotEquals, the ARN must be in the
* following format:
When resources.type equals AWS::GreengrassV2::ComponentVersion, and the
+ * operator is set to Equals or NotEquals, the ARN must be in
+ * the following format:
+ * arn:
+ *
When resources.type equals AWS::GreengrassV2::Deployment, and the
+ * operator is set to Equals or NotEquals, the ARN must be in
+ * the following format:
+ * arn:
When resources.type equals AWS::GuardDuty::Detector, and the
* operator is set to Equals or NotEquals, the ARN must be in
* the following format:
When resources.type equals AWS::IoT::Certificate,
+ * and the operator is set to Equals or NotEquals, the ARN
+ * must be in the following format:
+ * arn:
+ *
When resources.type equals AWS::IoT::Thing,
+ * and the operator is set to Equals or NotEquals, the ARN
+ * must be in the following format:
+ * arn:
+ *
When resources.type equals AWS::IoTSiteWise::Asset,
+ * and the operator is set to Equals or NotEquals, the ARN
+ * must be in the following format:
+ * arn:
+ *
When resources.type equals AWS::IoTSiteWise::TimeSeries,
+ * and the operator is set to Equals or NotEquals, the ARN
+ * must be in the following format:
+ * arn:
+ *
When resources.type equals AWS::IoTTwinMaker::Entity,
* and the operator is set to Equals or NotEquals, the ARN
* must be in the following format:
When resources.type equals AWS::S3::AccessPoint, and the
+ * operator is set to Equals or NotEquals, the ARN must be in
+ * one of the following formats. To log events on all objects in an S3 access point, we
+ * recommend that you use only the access point ARN, don’t include the object path, and
+ * use the StartsWith or NotStartsWith operators.
+ * arn:
+ *
+ * arn:
+ *
When resources.type equals
+ * AWS::S3ObjectLambda::AccessPoint, and the operator is set to
+ * Equals or NotEquals, the ARN must be in the following
+ * format:
+ * arn:
+ *
When resources.type equals AWS::S3Outposts::Object, and
+ * the operator is set to Equals or NotEquals, the ARN must be
+ * in the following format:
+ * arn:
+ *
When resources.type equals AWS::SageMaker::Endpoint, and the operator is set to
* Equals or NotEquals, the ARN must be in the following format:
When resources.type equals AWS::SQS::Queue,
+ *
When resources.type equals AWS::SWF::Domain,
* and the operator is set to Equals or NotEquals, the ARN
* must be in the following format:
- * arn:
- *
When resources.type equals AWS::S3::AccessPoint, and the
- * operator is set to Equals or NotEquals, the ARN must be in
- * one of the following formats. To log events on all objects in an S3 access point, we
- * recommend that you use only the access point ARN, don’t include the object path, and
- * use the StartsWith or NotStartsWith operators.
- * arn:
- *
- * arn:
- *
When resources.type equals
- * AWS::S3ObjectLambda::AccessPoint, and the operator is set to
- * Equals or NotEquals, the ARN must be in the following
- * format:
- * arn:
+ * arn:
*
When resources.type equals AWS::S3Outposts::Object, and
- * the operator is set to Equals or NotEquals, the ARN must be
- * in the following format:
When resources.type equals AWS::SQS::Queue,
+ * and the operator is set to Equals or NotEquals, the ARN
+ * must be in the following format:
- * arn:
+ * arn:
*
Advanced event selectors let you create fine-grained selectors for the following CloudTrail event record fields. They help you control costs by logging only those + *
Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those * events that are important to you. For more information about advanced event selectors, see - * Logging data events in the CloudTrail User Guide.
+ * Logging management events and + * Logging data events in the CloudTrail User Guide. + *You cannot apply both event selectors and advanced event selectors to a trail.
+ *+ * Supported CloudTrail event record fields for management events + *
*
- * readOnly
- *
eventCategory (required)
* @@ -1589,17 +1713,30 @@ export interface AdvancedFieldSelector { *
- * eventName
+ * readOnly
*
+ * Supported CloudTrail event record fields for data events + *
+ *
+ * eventCategory (required)
- * eventCategory
+ * resources.type (required)
+ * readOnly
*
- * resources.type
+ * eventName
*
You cannot apply both event selectors and advanced event selectors to a trail.
+ *For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is
+ * eventCategory.
Specifies a value for the specified AttributeKey.
+ *Specifies a value for the specified AttributeKey.
The maximum length for the AttributeValue is 2000 characters. The
+ * following characters ('_', ' ', ',',
+ * '\\n') count as two characters towards the 2000 character limit.
Advanced event selectors let you create fine-grained selectors for the following CloudTrail event record fields. They help you control costs by logging only those\n events that are important to you. For more information about advanced event selectors, see\n Logging data events in the CloudTrail User Guide.
\n\n readOnly\n
\n eventSource\n
\n eventName\n
\n eventCategory\n
\n resources.type\n
\n resources.ARN\n
You cannot apply both event selectors and advanced event selectors to a trail.
" + "smithy.api#documentation": "Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those\n events that are important to you. For more information about advanced event selectors, see\n Logging management events and \n Logging data events in the CloudTrail User Guide.
\nYou cannot apply both event selectors and advanced event selectors to a trail.
\n\n Supported CloudTrail event record fields for management events\n
\n\n eventCategory (required)
\n eventSource\n
\n readOnly\n
\n Supported CloudTrail event record fields for data events\n
\n\n eventCategory (required)
\n resources.type (required)
\n readOnly\n
\n eventName\n
\n resources.ARN\n
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.
A field in a CloudTrail event record on which to filter events to be logged. For\n event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for\n selecting events as filtering is not supported.
\nFor CloudTrail management events, supported fields include readOnly,\n eventCategory, and eventSource.
For CloudTrail data events, supported fields include readOnly,\n eventCategory, eventName, resources.type, and resources.ARN.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.
\n \n readOnly\n - Optional. Can be set to\n Equals a value of true or false. If you do\n not add this field, CloudTrail logs both read and\n write events. A value of true logs only\n read events. A value of false logs only\n write events.
\n \n eventSource\n - For filtering\n management events only. This can be set to NotEquals\n kms.amazonaws.com or NotEquals\n rdsdata.amazonaws.com.
\n \n eventName\n - Can use any operator.\n You can use it to filter in or filter out any data event logged to CloudTrail,\n such as PutBucket or GetSnapshotBlock. You can have\n multiple values for this field, separated by commas.
\n \n eventCategory\n - This is required and\n must be set to Equals. \n
\n For CloudTrail management events, the value\n must be Management. \n
\n For CloudTrail data events, the value\n must be Data. \n
The following are used only for event data stores:
\n\n For CloudTrail Insights events, the value\n must be Insight. \n
\n For Config\n configuration items, the value must be ConfigurationItem.\n
\n For Audit Manager evidence, the value must be Evidence.\n
\n For non-Amazon Web Services events, the value must be ActivityAuditLog.\n
\n \n resources.type\n - This field is\n required for CloudTrail data events. resources.type can only\n use the Equals operator, and the value can be one of the\n following:
\n AWS::DynamoDB::Table\n
\n AWS::Lambda::Function\n
\n AWS::S3::Object\n
\n AWS::B2BI::Transformer\n
\n AWS::Bedrock::AgentAlias\n
\n AWS::Bedrock::KnowledgeBase\n
\n AWS::Cassandra::Table\n
\n AWS::CloudFront::KeyValueStore\n
\n AWS::CloudTrail::Channel\n
\n AWS::CodeWhisperer::Customization\n
\n AWS::CodeWhisperer::Profile\n
\n AWS::Cognito::IdentityPool\n
\n AWS::DynamoDB::Stream\n
\n AWS::EC2::Snapshot\n
\n AWS::EMRWAL::Workspace\n
\n AWS::FinSpace::Environment\n
\n AWS::Glue::Table\n
\n AWS::GuardDuty::Detector\n
\n AWS::IoTTwinMaker::Entity\n
\n AWS::IoTTwinMaker::Workspace\n
\n AWS::KendraRanking::ExecutionPlan\n
\n AWS::KinesisVideo::Stream\n
\n AWS::ManagedBlockchain::Network\n
\n AWS::ManagedBlockchain::Node\n
\n AWS::MedicalImaging::Datastore\n
\n AWS::NeptuneGraph::Graph\n
\n AWS::PCAConnectorAD::Connector\n
\n AWS::QBusiness::Application\n
\n AWS::QBusiness::DataSource\n
\n AWS::QBusiness::Index\n
\n AWS::QBusiness::WebExperience\n
\n AWS::RDS::DBCluster\n
\n AWS::SageMaker::Endpoint\n
\n AWS::SageMaker::ExperimentTrialComponent\n
\n AWS::SageMaker::FeatureGroup\n
\n AWS::ServiceDiscovery::Namespace \n
\n AWS::ServiceDiscovery::Service\n
\n AWS::SCN::Instance\n
\n AWS::SNS::PlatformEndpoint\n
\n AWS::SNS::Topic\n
\n AWS::SQS::Queue\n
\n AWS::S3::AccessPoint\n
\n AWS::S3ObjectLambda::AccessPoint\n
\n AWS::S3Outposts::Object\n
\n AWS::SSMMessages::ControlChannel\n
\n AWS::ThinClient::Device\n
\n AWS::ThinClient::Environment\n
\n AWS::Timestream::Database\n
\n AWS::Timestream::Table\n
\n AWS::VerifiedPermissions::PolicyStore\n
You can have only one resources.type field per selector. To log data\n events on more than one resource type, add another selector.
\n \n resources.ARN\n - You can use any\n operator with resources.ARN, but if you use Equals or\n NotEquals, the value must exactly match the ARN of a valid resource\n of the type you've specified in the template as the value of resources.type. For\n example, if resources.type equals AWS::S3::Object, the ARN must be in\n one of the following formats. To log all data events for all objects in a specific S3\n bucket, use the StartsWith operator, and include only the bucket ARN as\n the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between\n less than and greater than symbols (<>) with resource-specific information.
\n\n arn:\n
\n arn:\n
When resources.type equals AWS::DynamoDB::Table, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Lambda::Function, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::B2BI::Transformer, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Bedrock::AgentAlias, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Bedrock::KnowledgeBase, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Cassandra::Table, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CloudFront::KeyValueStore, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CloudTrail::Channel, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Customization, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Cognito::IdentityPool, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::DynamoDB::Stream, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::EC2::Snapshot, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::EMRWAL::Workspace, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::FinSpace::Environment,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Glue::Table, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::GuardDuty::Detector, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::IoTTwinMaker::Entity,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::IoTTwinMaker::Workspace,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::KinesisVideo::Stream, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Network,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Node,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::MedicalImaging::Datastore,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::NeptuneGraph::Graph,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::PCAConnectorAD::Connector,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::Application,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::DataSource,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::Index,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::WebExperience,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::RDS::DBCluster,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::Endpoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SCN::Instance, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::ServiceDiscovery::Namespace, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::ServiceDiscovery::Service, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SNS::PlatformEndpoint,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SNS::Topic,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SQS::Queue,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::S3::AccessPoint, and the\n operator is set to Equals or NotEquals, the ARN must be in\n one of the following formats. To log events on all objects in an S3 access point, we\n recommend that you use only the access point ARN, don’t include the object path, and\n use the StartsWith or NotStartsWith operators.
\n arn:\n
\n arn:\n
When resources.type equals\n AWS::S3ObjectLambda::AccessPoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following\n format:
\n arn:\n
When resources.type equals AWS::S3Outposts::Object, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::SSMMessages::ControlChannel, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::ThinClient::Device, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::ThinClient::Environment, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::Timestream::Database,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Timestream::Table,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::VerifiedPermissions::PolicyStore, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
A field in a CloudTrail event record on which to filter events to be logged. For\n event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for\n selecting events as filtering is not supported.
\nFor CloudTrail management events, supported fields include readOnly,\n eventCategory, and eventSource.
For CloudTrail data events, supported fields include readOnly,\n eventCategory, eventName, resources.type, and resources.ARN.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.
\n \n readOnly\n - Optional. Can be set to\n Equals a value of true or false. If you do\n not add this field, CloudTrail logs both read and\n write events. A value of true logs only\n read events. A value of false logs only\n write events.
\n \n eventSource\n - For filtering\n management events only. This can be set to NotEquals\n kms.amazonaws.com or NotEquals\n rdsdata.amazonaws.com.
\n \n eventName\n - Can use any operator.\n You can use it to filter in or filter out any data event logged to CloudTrail,\n such as PutBucket or GetSnapshotBlock. You can have\n multiple values for this field, separated by commas.
\n \n eventCategory\n - This is required and\n must be set to Equals. \n
\n For CloudTrail management events, the value\n must be Management. \n
\n For CloudTrail data events, the value\n must be Data. \n
The following are used only for event data stores:
\n\n For CloudTrail Insights events, the value\n must be Insight. \n
\n For Config\n configuration items, the value must be ConfigurationItem.\n
\n For Audit Manager evidence, the value must be Evidence.\n
\n For non-Amazon Web Services events, the value must be ActivityAuditLog.\n
\n \n resources.type\n - This field is\n required for CloudTrail data events. resources.type can only\n use the Equals operator, and the value can be one of the\n following:
\n AWS::DynamoDB::Table\n
\n AWS::Lambda::Function\n
\n AWS::S3::Object\n
\n AWS::AppConfig::Configuration\n
\n AWS::B2BI::Transformer\n
\n AWS::Bedrock::AgentAlias\n
\n AWS::Bedrock::KnowledgeBase\n
\n AWS::Cassandra::Table\n
\n AWS::CloudFront::KeyValueStore\n
\n AWS::CloudTrail::Channel\n
\n AWS::CodeWhisperer::Customization\n
\n AWS::CodeWhisperer::Profile\n
\n AWS::Cognito::IdentityPool\n
\n AWS::DynamoDB::Stream\n
\n AWS::EC2::Snapshot\n
\n AWS::EMRWAL::Workspace\n
\n AWS::FinSpace::Environment\n
\n AWS::Glue::Table\n
\n AWS::GreengrassV2::ComponentVersion\n
\n AWS::GreengrassV2::Deployment\n
\n AWS::GuardDuty::Detector\n
\n AWS::IoT::Certificate\n
\n AWS::IoT::Thing\n
\n AWS::IoTSiteWise::Asset\n
\n AWS::IoTSiteWise::TimeSeries\n
\n AWS::IoTTwinMaker::Entity\n
\n AWS::IoTTwinMaker::Workspace\n
\n AWS::KendraRanking::ExecutionPlan\n
\n AWS::KinesisVideo::Stream\n
\n AWS::ManagedBlockchain::Network\n
\n AWS::ManagedBlockchain::Node\n
\n AWS::MedicalImaging::Datastore\n
\n AWS::NeptuneGraph::Graph\n
\n AWS::PCAConnectorAD::Connector\n
\n AWS::QBusiness::Application\n
\n AWS::QBusiness::DataSource\n
\n AWS::QBusiness::Index\n
\n AWS::QBusiness::WebExperience\n
\n AWS::RDS::DBCluster\n
\n AWS::S3::AccessPoint\n
\n AWS::S3ObjectLambda::AccessPoint\n
\n AWS::S3Outposts::Object\n
\n AWS::SageMaker::Endpoint\n
\n AWS::SageMaker::ExperimentTrialComponent\n
\n AWS::SageMaker::FeatureGroup\n
\n AWS::ServiceDiscovery::Namespace \n
\n AWS::ServiceDiscovery::Service\n
\n AWS::SCN::Instance\n
\n AWS::SNS::PlatformEndpoint\n
\n AWS::SNS::Topic\n
\n AWS::SWF::Domain\n
\n AWS::SQS::Queue\n
\n AWS::SSMMessages::ControlChannel\n
\n AWS::ThinClient::Device\n
\n AWS::ThinClient::Environment\n
\n AWS::Timestream::Database\n
\n AWS::Timestream::Table\n
\n AWS::VerifiedPermissions::PolicyStore\n
You can have only one resources.type field per selector. To log data\n events on more than one resource type, add another selector.
\n \n resources.ARN\n - You can use any\n operator with resources.ARN, but if you use Equals or\n NotEquals, the value must exactly match the ARN of a valid resource\n of the type you've specified in the template as the value of resources.type. For\n example, if resources.type equals AWS::S3::Object, the ARN must be in\n one of the following formats. To log all data events for all objects in a specific S3\n bucket, use the StartsWith operator, and include only the bucket ARN as\n the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between\n less than and greater than symbols (<>) with resource-specific information.
\n\n arn:\n
\n arn:\n
When resources.type equals AWS::DynamoDB::Table, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Lambda::Function, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::AppConfig::Configuration, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::B2BI::Transformer, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Bedrock::AgentAlias, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Bedrock::KnowledgeBase, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Cassandra::Table, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CloudFront::KeyValueStore, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CloudTrail::Channel, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Customization, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::Cognito::IdentityPool, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
When resources.type equals AWS::DynamoDB::Stream, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::EC2::Snapshot, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::EMRWAL::Workspace, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::FinSpace::Environment,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Glue::Table, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::GreengrassV2::ComponentVersion, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::GreengrassV2::Deployment, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:
When resources.type equals AWS::GuardDuty::Detector, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::IoT::Certificate,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::IoT::Thing,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::IoTSiteWise::Asset,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::IoTSiteWise::TimeSeries,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::IoTTwinMaker::Entity,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::IoTTwinMaker::Workspace,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::KinesisVideo::Stream, and the\n operator is set to Equals or NotEquals, the ARN must be in\n the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Network,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::ManagedBlockchain::Node,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::MedicalImaging::Datastore,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::NeptuneGraph::Graph,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::PCAConnectorAD::Connector,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::Application,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::DataSource,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::Index,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::QBusiness::WebExperience,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::RDS::DBCluster,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::S3::AccessPoint, and the\n operator is set to Equals or NotEquals, the ARN must be in\n one of the following formats. To log events on all objects in an S3 access point, we\n recommend that you use only the access point ARN, don’t include the object path, and\n use the StartsWith or NotStartsWith operators.
\n arn:\n
\n arn:\n
When resources.type equals\n AWS::S3ObjectLambda::AccessPoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following\n format:
\n arn:\n
When resources.type equals AWS::S3Outposts::Object, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::Endpoint, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SCN::Instance, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::ServiceDiscovery::Namespace, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::ServiceDiscovery::Service, and the operator is set to\n Equals or NotEquals, the ARN must be in the following format:
\n arn:\n
When resources.type equals AWS::SNS::PlatformEndpoint,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SNS::Topic,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SWF::Domain,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SQS::Queue,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::SSMMessages::ControlChannel, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::ThinClient::Device, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::ThinClient::Environment, and\n the operator is set to Equals or NotEquals, the ARN must be\n in the following format:
\n arn:\n
When resources.type equals AWS::Timestream::Database,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::Timestream::Table,\n and the operator is set to Equals or NotEquals, the ARN\n must be in the following format:
\n arn:\n
When resources.type equals AWS::VerifiedPermissions::PolicyStore, and the operator is\n set to Equals or NotEquals, the ARN must be in the\n following format:
\n arn:\n
Specifies a value for the specified AttributeKey.
", + "smithy.api#documentation": "Specifies a value for the specified AttributeKey.
The maximum length for the AttributeValue is 2000 characters. The\n following characters ('_', ' ', ',',\n '\\\\n') count as two characters towards the 2000 character limit.