cloudtrail

class pulumi_aws.cloudtrail.GetServiceAccountResult(arn=None, region=None, id=None)

A collection of values returned by getServiceAccount.

arn = None

The ARN of the AWS CloudTrail service account in the selected region.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.cloudtrail.Trail(resource_name, opts=None, cloud_watch_logs_group_arn=None, cloud_watch_logs_role_arn=None, enable_log_file_validation=None, enable_logging=None, event_selectors=None, include_global_service_events=None, is_multi_region_trail=None, is_organization_trail=None, kms_key_id=None, name=None, s3_bucket_name=None, s3_key_prefix=None, sns_topic_name=None, tags=None, __name__=None, __opts__=None)

Provides a CloudTrail resource.

NOTE: For a multi-region trail, this resource must be in the home region of the trail.

NOTE: For an organization trail, this resource must be in the master account of the organization.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • cloud_watch_logs_group_arn (pulumi.Input[str]) – Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered.
  • cloud_watch_logs_role_arn (pulumi.Input[str]) – Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.
  • enable_log_file_validation (pulumi.Input[bool]) – Specifies whether log file integrity validation is enabled. Defaults to false.
  • enable_logging (pulumi.Input[bool]) – Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
  • event_selectors (pulumi.Input[list]) – Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these.
  • include_global_service_events (pulumi.Input[bool]) – Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
  • is_multi_region_trail (pulumi.Input[bool]) – Specifies whether the trail is created in the current region or in all regions. Defaults to false.
  • is_organization_trail (pulumi.Input[bool]) – Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
  • kms_key_id (pulumi.Input[str]) – Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.
  • name (pulumi.Input[str]) – Specifies the name of the trail.
  • s3_bucket_name (pulumi.Input[str]) – Specifies the name of the S3 bucket designated for publishing log files.
  • s3_key_prefix (pulumi.Input[str]) – Specifies the S3 key prefix that follows the name of the bucket you have designated for log file delivery.
  • sns_topic_name (pulumi.Input[str]) – Specifies the name of the Amazon SNS topic defined for notification of log file delivery.
  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the trail
arn = None

The Amazon Resource Name of the trail.

cloud_watch_logs_group_arn = None

Specifies a log group name using an Amazon Resource Name (ARN), that represents the log group to which CloudTrail logs will be delivered.

cloud_watch_logs_role_arn = None

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.

enable_log_file_validation = None

Specifies whether log file integrity validation is enabled. Defaults to false.

enable_logging = None

Enables logging for the trail. Defaults to true. Setting this to false will pause logging.

event_selectors = None

Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these.

home_region = None

The region in which the trail was created.

include_global_service_events = None

Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.

is_multi_region_trail = None

Specifies whether the trail is created in the current region or in all regions. Defaults to false.

is_organization_trail = None

Specifies whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.

kms_key_id = None

Specifies the KMS key ARN to use to encrypt the logs delivered by CloudTrail.

name = None

Specifies the name of the trail.

s3_bucket_name = None

Specifies the name of the S3 bucket designated for publishing log files.

s3_key_prefix = None

Specifies the S3 key prefix that follows the name of the bucket you have designated for log file delivery.

sns_topic_name = None

Specifies the name of the Amazon SNS topic defined for notification of log file delivery.

tags = None

A mapping of tags to assign to the trail

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_aws.cloudtrail.get_service_account(region=None, opts=None)

Use this data source to get the Account ID of the AWS CloudTrail Service Account in a given region for the purpose of allowing CloudTrail to store trail data in S3.