Class: Aws::CloudTrail::Types::AdvancedEventSelector

Inherits:

Struct

• Object
• Struct
• Aws::CloudTrail::Types::AdvancedEventSelector

Includes:

Structure

Defined in:

lib/aws-sdk-cloudtrail/types.rb

Overview

Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events], [Logging network activity events], and [Logging management events] topics in the *CloudTrail User Guide*.

You cannot apply both event selectors and advanced event selectors to a trail.

**Supported CloudTrail event record fields for management events**

• ‘eventCategory` (required)

• ‘eventSource`

• ‘readOnly`

The following additional fields are available for event data stores:

• ‘eventName`

• ‘eventType`

• ‘sessionCredentialFromConsole`

• ‘userIdentity.arn`

**Supported CloudTrail event record fields for data events**

• ‘eventCategory` (required)

• ‘resources.type` (required)

• ‘readOnly`

• ‘eventName`

• ‘resources.ARN`

The following additional fields are available for event data stores:

• ‘eventSource`

• ‘eventType`

• ‘sessionCredentialFromConsole`

• ‘userIdentity.arn`

**Supported CloudTrail event record fields for network activity events**

<note markdown=“1”> Network activity events is in preview release for CloudTrail and is subject to change.

</note>

• ‘eventCategory` (required)

• ‘eventSource` (required)

• ‘eventName`

• ‘errorCode` - The only valid value for `errorCode` is `VpceAccessDenied`.

• ‘vpcEndpointId`

<note markdown=“1”> For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is ‘eventCategory`.

</note>

[1]: docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html [2]: docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html [3]: docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #field_selectors ⇒ Array<Types::AdvancedFieldSelector>

  Contains all selector statements in an advanced event selector.

• #name ⇒ String

  An optional, descriptive name for an advanced event selector, such as “Log data events for only two S3 buckets”.

Instance Attribute Details

#field_selectors ⇒ Array<Types::AdvancedFieldSelector>

Contains all selector statements in an advanced event selector.

Returns:

• (Array<Types::AdvancedFieldSelector>)

# File 'lib/aws-sdk-cloudtrail/types.rb', line 176

class AdvancedEventSelector < Struct.new(
  :name,
  :field_selectors)
  SENSITIVE = []
  include Aws::Structure
end

#name ⇒ String

An optional, descriptive name for an advanced event selector, such as “Log data events for only two S3 buckets”.

Returns:

• (String)

# File 'lib/aws-sdk-cloudtrail/types.rb', line 176

class AdvancedEventSelector < Struct.new(
  :name,
  :field_selectors)
  SENSITIVE = []
  include Aws::Structure
end