AWS CloudTrail

Update trail

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Update trail settings that control the events being logged, and how to handle log files.

Inputs

フィールド

種類

説明

region [required]

enum

default: us-east-1

name [required]

string

The name of the trail or trail ARN.

s3BucketName

string

The name of the Amazon S3 bucket designated for publishing log files.

s3KeyPrefix

string

The Amazon S3 key prefix that comes after the name of the bucket designated for log file delivery.

isMultiRegionTrail

boolean

Apply the trail only to the current region or to all regions.

default: true

enableLogFileValidation

boolean

Enable log file validation. See the note under Digest file chaining in the AWS CloudTrail digest file structure documentation for information about the effects of disabling log file integrity validation.

default: true

cloudWatchLogsRoleArn

string

Specify the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

cloudWatchLogsLogGroupArn

string

Specify a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered. Not required unless you specify Cloud watch logs role.

kmsKeyId

string

Specify the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. CloudTrail also supports KMS multi-Region keys.

Outputs

フィールド

種類

説明

Name

string

Specifies the name of the trail.

S3BucketName

string

Specifies the name of the Amazon S3 bucket designated for publishing log files.

S3KeyPrefix

string

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your IAM Log Files.

SnsTopicName

string

This field is no longer in use. Use SnsTopicARN.

SnsTopicARN

string

Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The following is the format of a topic ARN. arn:aws:sns:us-east-2:123456789012:MyTopic

IncludeGlobalServiceEvents

boolean

Specifies whether the trail is publishing events from global services such as IAM to the log files.

IsMultiRegionTrail

boolean

Specifies whether the trail exists in one Region or in all Regions.

TrailARN

string

Specifies the ARN of the trail that was updated. The following is the format of a trail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

LogFileValidationEnabled

boolean

Specifies whether log file integrity validation is enabled.

CloudWatchLogsLogGroupArn

string

Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs are delivered.

CloudWatchLogsRoleArn

string

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

KmsKeyId

string

Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format. arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

IsOrganizationTrail

boolean

Specifies whether the trail is an organization trail.

amzRequestId [required]

string