- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
account_id
Type: STRING
advanced_event_selectors
Type: UNORDERED_LIST_STRUCT
Provider name: AdvancedEventSelectors
Description: The advanced event selectors that are configured for the trail.
field_selectors
UNORDERED_LIST_STRUCT
FieldSelectors
ends_with
UNORDERED_LIST_STRING
EndsWith
Field
.equals
UNORDERED_LIST_STRING
Equals
Field
. This is the only valid operator that you can use with the readOnly
, eventCategory
, and resources.type
fields.field
STRING
Field
readOnly
, eventCategory
, eventSource
(for management events), eventName
, resources.type
, and resources.ARN
.readOnly
- Optional. Can be set to Equals
a value of true
or false
. If you do not add this field, CloudTrail logs both read
and write
events. A value of true
logs only read
events. A value of false
logs only write
events.eventSource
- For filtering management events only. This can be set only to NotEquals
kms.amazonaws.com
.eventName
- Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket
or GetSnapshotBlock
. You can have multiple values for this field, separated by commas.eventCategory
- This is required. It must be set to Equals
, and the value must be Management
or Data
.resources.type
- This field is required. resources.type
can only use the Equals
operator, and the value can be one of the following:AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
AWS::S3Outposts::Object
AWS::ManagedBlockchain::Node
AWS::S3ObjectLambda::AccessPoint
AWS::EC2::Snapshot
AWS::S3::AccessPoint
AWS::DynamoDB::Stream
AWS::Glue::Table
resources.type
field per selector. To log data events on more than one resource type, add another selector.resources.ARN
- You can use any operator with resources.ARN
, but if you use Equals
or NotEquals
, the value must exactly match the ARN of a valid resource of the type you’ve specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object
, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith
operator, and include only the bucket ARN as the matching value. The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
resources.type
equals AWS::S3::AccessPoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith
or NotStartsWith
operators.arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
AWS::Lambda::Function
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
AWS::DynamoDB::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
resources.type
equals AWS::S3Outposts::Object
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
resources.type
equals AWS::ManagedBlockchain::Node
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
resources.type
equals AWS::S3ObjectLambda::AccessPoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
resources.type
equals AWS::EC2::Snapshot
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
resources.type
equals AWS::DynamoDB::Stream
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
resources.type
equals AWS::Glue::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
not_ends_with
UNORDERED_LIST_STRING
NotEndsWith
Field
.not_equals
UNORDERED_LIST_STRING
NotEquals
Field
.not_starts_with
UNORDERED_LIST_STRING
NotStartsWith
Field
.starts_with
UNORDERED_LIST_STRING
StartsWith
Field
.name
STRING
Name
cloud_watch_logs_log_group_arn
Type: STRING
Provider name: CloudWatchLogsLogGroupArn
Description: Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered.
cloud_watch_logs_role_arn
Type: STRING
Provider name: CloudWatchLogsRoleArn
Description: Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group.
event_selectors
Type: UNORDERED_LIST_STRUCT
Provider name: EventSelectors
Description: The event selectors that are configured for the trail.
data_resources
UNORDERED_LIST_STRUCT
DataResources
type
STRING
Type
AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
AWS::S3Outposts::Object
AWS::ManagedBlockchain::Node
AWS::S3ObjectLambda::AccessPoint
AWS::EC2::Snapshot
AWS::S3::AccessPoint
AWS::DynamoDB::Stream
AWS::Glue::Table
values
UNORDERED_LIST_STRING
Values
arn:aws:s3
. arn:aws:s3:::bucket-1/
. The trail logs data events for all objects in this S3 bucket.arn:aws:s3:::bucket-1/example-images
. The trail logs data events for objects in this S3 bucket that match the prefix.arn:aws:lambda
. Invoke
activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a function that belongs to another Amazon Web Services account.arn:aws:dynamodb
.exclude_management_event_sources
UNORDERED_LIST_STRING
ExcludeManagementEventSources
kms.amazonaws.com
or rdsdata.amazonaws.com
. By default, ExcludeManagementEventSources
is empty, and KMS and Amazon RDS Data API events are logged to your trail. You can exclude management event sources only in regions that support the event source.include_management_events
BOOLEAN
IncludeManagementEvents
true
. The first copy of management events is free. You are charged for additional copies of management events that you are logging on any subsequent trail in the same region. For more information about CloudTrail pricing, see CloudTrail Pricing.read_write_type
STRING
ReadWriteType
GetConsoleOutput
is a read-only API operation and RunInstances
is a write-only API operation. By default, the value is All
.has_custom_event_selectors
Type: BOOLEAN
Provider name: HasCustomEventSelectors
Description: Specifies if the trail has custom event selectors.
has_insight_selectors
Type: BOOLEAN
Provider name: HasInsightSelectors
Description: Specifies whether a trail has insight types specified in an InsightSelector
list.
home_region
Type: STRING
Provider name: HomeRegion
Description: The region in which the trail was created.
include_global_service_events
Type: BOOLEAN
Provider name: IncludeGlobalServiceEvents
Description: Set to True to include Amazon Web Services API calls from Amazon Web Services global services such as IAM. Otherwise, False.
is_multi_region_trail
Type: BOOLEAN
Provider name: IsMultiRegionTrail
Description: Specifies whether the trail exists only in one region or exists in all regions.
is_organization_trail
Type: BOOLEAN
Provider name: IsOrganizationTrail
Description: Specifies whether the trail is an organization trail.
kms_key_id
Type: STRING
Provider name: KmsKeyId
Description: Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format. arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
log_file_validation_enabled
Type: BOOLEAN
Provider name: LogFileValidationEnabled
Description: Specifies whether log file validation is enabled.
name
Type: STRING
Provider name: Name
Description: Name of the trail set by calling CreateTrail. The maximum length is 128 characters.
s3_bucket_name
Type: STRING
Provider name: S3BucketName
Description: Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. See Amazon S3 Bucket Naming Requirements.
s3_key_prefix
Type: STRING
Provider name: S3KeyPrefix
Description: Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is 200 characters.
sns_topic_arn
Type: STRING
Provider name: SnsTopicARN
Description: Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. The following is the format of a topic ARN. arn:aws:sns:us-east-2:123456789012:MyTopic
sns_topic_name
Type: STRING
Provider name: SnsTopicName
Description: This field is no longer in use. Use SnsTopicARN.
tags
Type: UNORDERED_LIST_STRING
trail_arn
Type: STRING
Provider name: TrailARN
Description: The specified trail ARN that has the event selectors.
trail_status
Type: STRUCT
Provider name: GetTrailStatusResponse
is_logging
BOOLEAN
IsLogging
latest_cloud_watch_logs_delivery_error
STRING
LatestCloudWatchLogsDeliveryError
latest_cloud_watch_logs_delivery_time
TIMESTAMP
LatestCloudWatchLogsDeliveryTime
latest_delivery_attempt_succeeded
STRING
LatestDeliveryAttemptSucceeded
latest_delivery_attempt_time
STRING
LatestDeliveryAttemptTime
latest_delivery_error
STRING
LatestDeliveryError
UpdateTrail
to specify the new bucket; or fix the existing objects so that CloudTrail can again write to the bucket.latest_delivery_time
TIMESTAMP
LatestDeliveryTime
latest_digest_delivery_error
STRING
LatestDigestDeliveryError
UpdateTrail
to specify the new bucket; or fix the existing objects so that CloudTrail can again write to the bucket.latest_digest_delivery_time
TIMESTAMP
LatestDigestDeliveryTime
latest_notification_attempt_succeeded
STRING
LatestNotificationAttemptSucceeded
latest_notification_attempt_time
STRING
LatestNotificationAttemptTime
latest_notification_error
STRING
LatestNotificationError
latest_notification_time
TIMESTAMP
LatestNotificationTime
start_logging_time
TIMESTAMP
StartLoggingTime
stop_logging_time
TIMESTAMP
StopLoggingTime
time_logging_started
STRING
TimeLoggingStarted
time_logging_stopped
STRING
TimeLoggingStopped