Trail
data class TrailArgs(val advancedEventSelectors: Output<List<TrailAdvancedEventSelectorArgs>>? = null, val cloudWatchLogsGroupArn: Output<String>? = null, val cloudWatchLogsRoleArn: Output<String>? = null, val enableLogFileValidation: Output<Boolean>? = null, val enableLogging: Output<Boolean>? = null, val eventSelectors: Output<List<TrailEventSelectorArgs>>? = null, val includeGlobalServiceEvents: Output<Boolean>? = null, val insightSelectors: Output<List<TrailInsightSelectorArgs>>? = null, val isMultiRegionTrail: Output<Boolean>? = null, val isOrganizationTrail: Output<Boolean>? = null, val kmsKeyId: Output<String>? = null, val name: Output<String>? = null, val s3BucketName: Output<String>? = null, val s3KeyPrefix: Output<String>? = null, val snsTopicName: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<TrailArgs>
Provides a CloudTrail resource.
Tip: For a multi-region trail, this resource must be in the home region of the trail. Tip: For an organization trail, this resource must be in the master account of the organization.
Example Usage
Basic
Enable CloudTrail to capture all compatible management events in region. For capturing events from services like IAM, include_global_service_events must be enabled.
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.inputs.GetPartitionArgs;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleBucketV2 = new BucketV2("exampleBucketV2", BucketV2Args.builder()
.forceDestroy(true)
.build());
var exampleTrail = new Trail("exampleTrail", TrailArgs.builder()
.s3BucketName(exampleBucketV2.id())
.s3KeyPrefix("prefix")
.includeGlobalServiceEvents(false)
.build());
final var currentCallerIdentity = AwsFunctions.getCallerIdentity();
final var currentPartition = AwsFunctions.getPartition();
final var currentRegion = AwsFunctions.getRegion();
final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(
GetPolicyDocumentStatementArgs.builder()
.sid("AWSCloudTrailAclCheck")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("cloudtrail.amazonaws.com")
.build())
.actions("s3:GetBucketAcl")
.resources(exampleBucketV2.arn())
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:SourceArn")
.values(String.format("arn:%s:cloudtrail:%s:%s:trail/example", currentPartition.applyValue(getPartitionResult -> getPartitionResult.partition()),currentRegion.applyValue(getRegionResult -> getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId())))
.build())
.build(),
GetPolicyDocumentStatementArgs.builder()
.sid("AWSCloudTrailWrite")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("cloudtrail.amazonaws.com")
.build())
.actions("s3:PutObject")
.resources(exampleBucketV2.arn().applyValue(arn -> String.format("%s/prefix/AWSLogs/%s/*", arn,currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()))))
.conditions(
GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("s3:x-amz-acl")
.values("bucket-owner-full-control")
.build(),
GetPolicyDocumentStatementConditionArgs.builder()
.test("StringEquals")
.variable("aws:SourceArn")
.values(String.format("arn:%s:cloudtrail:%s:%s:trail/example", currentPartition.applyValue(getPartitionResult -> getPartitionResult.partition()),currentRegion.applyValue(getRegionResult -> getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId())))
.build())
.build())
.build());
var exampleBucketPolicy = new BucketPolicy("exampleBucketPolicy", BucketPolicyArgs.builder()
.bucket(exampleBucketV2.id())
.policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(examplePolicyDocument -> examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}Content copied to clipboard
Logging All Lambda Function Invocations By Using Basic Event Selectors
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Trail("example", TrailArgs.builder()
.eventSelectors(TrailEventSelectorArgs.builder()
.dataResources(TrailEventSelectorDataResourceArgs.builder()
.type("AWS::Lambda::Function")
.values("arn:aws:lambda")
.build())
.includeManagementEvents(true)
.readWriteType("All")
.build())
.build());
}
}Content copied to clipboard
Logging All S3 Object Events By Using Basic Event Selectors
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Trail("example", TrailArgs.builder()
.eventSelectors(TrailEventSelectorArgs.builder()
.dataResources(TrailEventSelectorDataResourceArgs.builder()
.type("AWS::S3::Object")
.values("arn:aws:s3")
.build())
.includeManagementEvents(true)
.readWriteType("All")
.build())
.build());
}
}Content copied to clipboard
Logging Individual S3 Bucket Events By Using Basic Event Selectors
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.inputs.GetBucketArgs;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var important-bucket = S3Functions.getBucket(GetBucketArgs.builder()
.bucket("important-bucket")
.build());
var example = new Trail("example", TrailArgs.builder()
.eventSelectors(TrailEventSelectorArgs.builder()
.dataResources(TrailEventSelectorDataResourceArgs.builder()
.type("AWS::S3::Object")
.values(String.format("%s/", important_bucket.arn()))
.build())
.includeManagementEvents(true)
.readWriteType("All")
.build())
.build());
}
}Content copied to clipboard
Logging All S3 Object Events Except For Two S3 Buckets By Using Advanced Event Selectors
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.inputs.GetBucketArgs;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import com.pulumi.aws.cloudtrail.inputs.TrailAdvancedEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var not-important-bucket-1 = S3Functions.getBucket(GetBucketArgs.builder()
.bucket("not-important-bucket-1")
.build());
final var not-important-bucket-2 = S3Functions.getBucket(GetBucketArgs.builder()
.bucket("not-important-bucket-2")
.build());
var example = new Trail("example", TrailArgs.builder()
.advancedEventSelectors(
TrailAdvancedEventSelectorArgs.builder()
.fieldSelectors(
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("Data")
.field("eventCategory")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.field("resources.ARN")
.notStartsWith(
String.format("%s/", not_important_bucket_1.arn()),
String.format("%s/", not_important_bucket_2.arn()))
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("AWS::S3::Object")
.field("resources.type")
.build())
.name("Log all S3 objects events except for two S3 buckets")
.build(),
TrailAdvancedEventSelectorArgs.builder()
.fieldSelectors(TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("Management")
.field("eventCategory")
.build())
.name("Log readOnly and writeOnly management events")
.build())
.build());
}
}Content copied to clipboard
Logging Individual S3 Buckets And Specific Event Names By Using Advanced Event Selectors
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.S3Functions;
import com.pulumi.aws.s3.inputs.GetBucketArgs;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import com.pulumi.aws.cloudtrail.inputs.TrailAdvancedEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var important-bucket-1 = S3Functions.getBucket(GetBucketArgs.builder()
.bucket("important-bucket-1")
.build());
final var important-bucket-2 = S3Functions.getBucket(GetBucketArgs.builder()
.bucket("important-bucket-2")
.build());
final var important-bucket-3 = S3Functions.getBucket(GetBucketArgs.builder()
.bucket("important-bucket-3")
.build());
var example = new Trail("example", TrailArgs.builder()
.advancedEventSelectors(
TrailAdvancedEventSelectorArgs.builder()
.fieldSelectors(
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("Data")
.field("eventCategory")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals(
"PutObject",
"DeleteObject")
.field("eventName")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.field("resources.ARN")
.startsWith(
String.format("%s/", important_bucket_1.arn()),
String.format("%s/", important_bucket_2.arn()))
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("false")
.field("readOnly")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("AWS::S3::Object")
.field("resources.type")
.build())
.name("Log PutObject and DeleteObject events for two S3 buckets")
.build(),
TrailAdvancedEventSelectorArgs.builder()
.fieldSelectors(
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("Data")
.field("eventCategory")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.field("eventName")
.startsWith("Delete")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals(String.format("%s/important-prefix", important_bucket_3.arn()))
.field("resources.ARN")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("false")
.field("readOnly")
.build(),
TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.equals("AWS::S3::Object")
.field("resources.type")
.build())
.name("Log Delete* events for one S3 bucket")
.build())
.build());
}
}Content copied to clipboard
Sending Events to CloudWatch Logs
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudtrail.Trail;
import com.pulumi.aws.cloudtrail.TrailArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleLogGroup = new LogGroup("exampleLogGroup");
var exampleTrail = new Trail("exampleTrail", TrailArgs.builder()
.cloudWatchLogsGroupArn(exampleLogGroup.arn().applyValue(arn -> String.format("%s:*", arn)))
.build());
}
}Content copied to clipboard
Import
Using pulumi import, import Cloudtrails using the name. For example:
$ pulumi import aws:cloudtrail/trail:Trail sample my-sample-trailContent copied to clipboard
Constructors
Link copied to clipboard
fun TrailArgs(advancedEventSelectors: Output<List<TrailAdvancedEventSelectorArgs>>? = null, cloudWatchLogsGroupArn: Output<String>? = null, cloudWatchLogsRoleArn: Output<String>? = null, enableLogFileValidation: Output<Boolean>? = null, enableLogging: Output<Boolean>? = null, eventSelectors: Output<List<TrailEventSelectorArgs>>? = null, includeGlobalServiceEvents: Output<Boolean>? = null, insightSelectors: Output<List<TrailInsightSelectorArgs>>? = null, isMultiRegionTrail: Output<Boolean>? = null, isOrganizationTrail: Output<Boolean>? = null, kmsKeyId: Output<String>? = null, name: Output<String>? = null, s3BucketName: Output<String>? = null, s3KeyPrefix: Output<String>? = null, snsTopicName: Output<String>? = null, tags: Output<Map<String, String>>? = null)
Functions
Properties
Link copied to clipboard
Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.