Module cloudtrail
Resources
Others
Resources
Resource Trail
class Trail extends ComponentResource
constructor
new Trail(name: string, args?: TrailArgs, opts?: pulumi.ComponentResourceOptions)
Create a Trail resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
public static isInstance(obj: any): obj is Trail
Returns true if the given object is an instance of Trail. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property bucket
public bucket: pulumi.Output<Bucket | undefined>;
The managed S3 Bucket where the Trail will place its logs.
property logGroup
public logGroup: pulumi.Output<LogGroup | undefined>;
The managed Cloudwatch Log Group.
property trail
public trail: pulumi.Output<Trail>;
The CloudTrail Trail.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Others
interface TrailArgs
interface TrailArgs
The set of arguments for constructing a Trail resource.
property advancedEventSelectors
advancedEventSelectors?: pulumi.Input<pulumi.Input<TrailAdvancedEventSelector>[]>;
Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector
.
property cloudWatchLogsGroup
cloudWatchLogsGroup?: inputs.awsx.OptionalLogGroupArgs;
Log group to which CloudTrail logs will be delivered.
property enableLogFileValidation
enableLogFileValidation?: pulumi.Input<boolean>;
Whether log file integrity validation is enabled. Defaults to false
.
property enableLogging
enableLogging?: pulumi.Input<boolean>;
Enables logging for the trail. Defaults to true
. Setting this to false
will pause logging.
property eventSelectors
eventSelectors?: pulumi.Input<pulumi.Input<TrailEventSelector>[]>;
Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector
.
property includeGlobalServiceEvents
includeGlobalServiceEvents?: pulumi.Input<boolean>;
Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true
.
property insightSelectors
insightSelectors?: pulumi.Input<pulumi.Input<TrailInsightSelector>[]>;
Configuration block for identifying unusual operational activity. See details below.
property isMultiRegionTrail
isMultiRegionTrail?: pulumi.Input<boolean>;
Whether the trail is created in the current region or in all regions. Defaults to false
.
property isOrganizationTrail
isOrganizationTrail?: pulumi.Input<boolean>;
Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false
.
property kmsKeyId
kmsKeyId?: pulumi.Input<string>;
KMS key ARN to use to encrypt the logs delivered by CloudTrail.
property name
name?: pulumi.Input<string>;
Specifies the name of the advanced event selector.
property s3Bucket
s3Bucket?: inputs.awsx.RequiredBucketArgs;
S3 bucket designated for publishing log files.
property s3KeyPrefix
s3KeyPrefix?: pulumi.Input<string>;
S3 key prefix that follows the name of the bucket you have designated for log file delivery.
property snsTopicName
snsTopicName?: pulumi.Input<string>;
Name of the Amazon SNS topic defined for notification of log file delivery.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.