Fork me on GitHub

Module cloudtrail

@pulumi/aws > cloudtrail

Index

cloudtrail/getServiceAccount.ts cloudtrail/trail.ts

class Trail

Provides a CloudTrail resource.

constructor

new Trail(name: string, args: TrailArgs, opts?: pulumi.CustomResourceOptions)

Create a Trail resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TrailState): Trail

Get an existing Trail resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name of the trail.

property cloudWatchLogsGroupArn

public cloudWatchLogsGroupArn: pulumi.Output<string | undefined>;

Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered.

property cloudWatchLogsRoleArn

public cloudWatchLogsRoleArn: pulumi.Output<string | undefined>;

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.

property enableLogFileValidation

public enableLogFileValidation: pulumi.Output<boolean | undefined>;

Specifies whether log file integrity validation is enabled. Defaults to false.

property enableLogging

public enableLogging: pulumi.Output<boolean | undefined>;

Enables logging for the trail. Defaults to true. Setting this to false will pause logging.

property eventSelectors

public eventSelectors: pulumi.Output<{ ... }[] | undefined>;

Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these.

property homeRegion

public homeRegion: pulumi.Output<string>;

The region in which the trail was created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property includeGlobalServiceEvents

public includeGlobalServiceEvents: pulumi.Output<boolean | undefined>;

Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.

property isMultiRegionTrail

public isMultiRegionTrail: pulumi.Output<boolean | undefined>;

Specifies whether the trail is created in the current region or in all regions. Defaults to false.

property kmsKeyId

public kmsKeyId: pulumi.Output<string | undefined>;

Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.

property name

public name: pulumi.Output<string>;

Specifies the name of the trail.

property s3BucketName

public s3BucketName: pulumi.Output<string>;

Specifies the name of the S3 bucket designated for publishing log files.

property s3KeyPrefix

public s3KeyPrefix: pulumi.Output<string | undefined>;

Specifies the S3 key prefix that precedes the name of the bucket you have designated for log file delivery.

property snsTopicName

public snsTopicName: pulumi.Output<string | undefined>;

Specifies the name of the Amazon SNS topic defined for notification of log file delivery.

property tags

public tags: pulumi.Output<Tags | undefined>;

A mapping of tags to assign to the trail

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getServiceAccount

getServiceAccount(args?: GetServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetServiceAccountResult>

Use this data source to get the Account ID of the AWS CloudTrail Service Account in a given region for the purpose of allowing CloudTrail to store trail data in S3.

interface GetServiceAccountArgs

A collection of arguments for invoking getServiceAccount.

property region

region?: string;

Name of the region whose AWS CloudTrail account ID is desired. Defaults to the region from the AWS provider configuration.

interface GetServiceAccountResult

A collection of values returned by getServiceAccount.

property arn

arn: string;

The ARN of the AWS CloudTrail service account in the selected region.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

interface TrailArgs

The set of arguments for constructing a Trail resource.

property cloudWatchLogsGroupArn

cloudWatchLogsGroupArn?: pulumi.Input<string>;

Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered.

property cloudWatchLogsRoleArn

cloudWatchLogsRoleArn?: pulumi.Input<string>;

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.

property enableLogFileValidation

enableLogFileValidation?: pulumi.Input<boolean>;

Specifies whether log file integrity validation is enabled. Defaults to false.

property enableLogging

enableLogging?: pulumi.Input<boolean>;

Enables logging for the trail. Defaults to true. Setting this to false will pause logging.

property eventSelectors

eventSelectors?: pulumi.Input<pulumi.Input<{ ... }>[]>;

Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these.

property includeGlobalServiceEvents

includeGlobalServiceEvents?: pulumi.Input<boolean>;

Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.

property isMultiRegionTrail

isMultiRegionTrail?: pulumi.Input<boolean>;

Specifies whether the trail is created in the current region or in all regions. Defaults to false.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.

property name

name?: pulumi.Input<string>;

Specifies the name of the trail.

property s3BucketName

s3BucketName: pulumi.Input<string>;

Specifies the name of the S3 bucket designated for publishing log files.

property s3KeyPrefix

s3KeyPrefix?: pulumi.Input<string>;

Specifies the S3 key prefix that precedes the name of the bucket you have designated for log file delivery.

property snsTopicName

snsTopicName?: pulumi.Input<string>;

Specifies the name of the Amazon SNS topic defined for notification of log file delivery.

property tags

tags?: pulumi.Input<Tags>;

A mapping of tags to assign to the trail

interface TrailState

Input properties used for looking up and filtering Trail resources.

property arn

arn?: pulumi.Input<string>;

The Amazon Resource Name of the trail.

property cloudWatchLogsGroupArn

cloudWatchLogsGroupArn?: pulumi.Input<string>;

Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered.

property cloudWatchLogsRoleArn

cloudWatchLogsRoleArn?: pulumi.Input<string>;

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.

property enableLogFileValidation

enableLogFileValidation?: pulumi.Input<boolean>;

Specifies whether log file integrity validation is enabled. Defaults to false.

property enableLogging

enableLogging?: pulumi.Input<boolean>;

Enables logging for the trail. Defaults to true. Setting this to false will pause logging.

property eventSelectors

eventSelectors?: pulumi.Input<pulumi.Input<{ ... }>[]>;

Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these.

property homeRegion

homeRegion?: pulumi.Input<string>;

The region in which the trail was created.

property includeGlobalServiceEvents

includeGlobalServiceEvents?: pulumi.Input<boolean>;

Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.

property isMultiRegionTrail

isMultiRegionTrail?: pulumi.Input<boolean>;

Specifies whether the trail is created in the current region or in all regions. Defaults to false.

property kmsKeyId

kmsKeyId?: pulumi.Input<string>;

Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.

property name

name?: pulumi.Input<string>;

Specifies the name of the trail.

property s3BucketName

s3BucketName?: pulumi.Input<string>;

Specifies the name of the S3 bucket designated for publishing log files.

property s3KeyPrefix

s3KeyPrefix?: pulumi.Input<string>;

Specifies the S3 key prefix that precedes the name of the bucket you have designated for log file delivery.

property snsTopicName

snsTopicName?: pulumi.Input<string>;

Specifies the name of the Amazon SNS topic defined for notification of log file delivery.

property tags

tags?: pulumi.Input<Tags>;

A mapping of tags to assign to the trail