AWS v6.80.0, May 6 25

AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi

aws.cloudtrail.EventDataStore

Explore with Pulumi AI

AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic

The most simple event data store configuration requires us to only set the name attribute. The event data store will automatically capture all management events. To capture management events from all the regions, multi_region_enabled must be true.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cloudtrail.EventDataStore("example", {name: "example-event-data-store"});

import pulumi
import pulumi_aws as aws

example = aws.cloudtrail.EventDataStore("example", name="example-event-data-store")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudtrail.NewEventDataStore(ctx, "example", &cloudtrail.EventDataStoreArgs{
			Name: pulumi.String("example-event-data-store"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.CloudTrail.EventDataStore("example", new()
    {
        Name = "example-event-data-store",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudtrail.EventDataStore;
import com.pulumi.aws.cloudtrail.EventDataStoreArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new EventDataStore("example", EventDataStoreArgs.builder()
            .name("example-event-data-store")
            .build());

    }
}

resources:
  example:
    type: aws:cloudtrail:EventDataStore
    properties:
      name: example-event-data-store

Data Event Logging

CloudTrail can log Data Events for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:

CloudTrail API AdvancedFieldSelector documentation

Log all DynamoDB PutEvent actions for a specific DynamoDB table

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const table = aws.dynamodb.getTable({
    name: "not-important-dynamodb-table",
});
const example = new aws.cloudtrail.EventDataStore("example", {advancedEventSelectors: [{
    name: "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
    fieldSelectors: [
        {
            field: "eventCategory",
            equals: ["Data"],
        },
        {
            field: "resources.type",
            equals: ["AWS::DynamoDB::Table"],
        },
        {
            field: "eventName",
            equals: ["PutItem"],
        },
        {
            field: "resources.ARN",
            equals: [table.then(table => table.arn)],
        },
    ],
}]});

import pulumi
import pulumi_aws as aws

table = aws.dynamodb.get_table(name="not-important-dynamodb-table")
example = aws.cloudtrail.EventDataStore("example", advanced_event_selectors=[{
    "name": "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
    "field_selectors": [
        {
            "field": "eventCategory",
            "equals": ["Data"],
        },
        {
            "field": "resources.type",
            "equals": ["AWS::DynamoDB::Table"],
        },
        {
            "field": "eventName",
            "equals": ["PutItem"],
        },
        {
            "field": "resources.ARN",
            "equals": [table.arn],
        },
    ],
}])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		table, err := dynamodb.LookupTable(ctx, &dynamodb.LookupTableArgs{
			Name: "not-important-dynamodb-table",
		}, nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewEventDataStore(ctx, "example", &cloudtrail.EventDataStoreArgs{
			AdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{
				&cloudtrail.EventDataStoreAdvancedEventSelectorArgs{
					Name: pulumi.String("Log all DynamoDB PutEvent actions for a specific DynamoDB table"),
					FieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("eventCategory"),
							Equals: pulumi.StringArray{
								pulumi.String("Data"),
							},
						},
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("resources.type"),
							Equals: pulumi.StringArray{
								pulumi.String("AWS::DynamoDB::Table"),
							},
						},
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("eventName"),
							Equals: pulumi.StringArray{
								pulumi.String("PutItem"),
							},
						},
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("resources.ARN"),
							Equals: pulumi.StringArray{
								pulumi.String(table.Arn),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var table = Aws.DynamoDB.GetTable.Invoke(new()
    {
        Name = "not-important-dynamodb-table",
    });

    var example = new Aws.CloudTrail.EventDataStore("example", new()
    {
        AdvancedEventSelectors = new[]
        {
            new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs
            {
                Name = "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
                FieldSelectors = new[]
                {
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "eventCategory",
                        Equals = new[]
                        {
                            "Data",
                        },
                    },
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "resources.type",
                        Equals = new[]
                        {
                            "AWS::DynamoDB::Table",
                        },
                    },
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "eventName",
                        Equals = new[]
                        {
                            "PutItem",
                        },
                    },
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "resources.ARN",
                        Equals = new[]
                        {
                            table.Apply(getTableResult => getTableResult.Arn),
                        },
                    },
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.dynamodb.DynamodbFunctions;
import com.pulumi.aws.dynamodb.inputs.GetTableArgs;
import com.pulumi.aws.cloudtrail.EventDataStore;
import com.pulumi.aws.cloudtrail.EventDataStoreArgs;
import com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var table = DynamodbFunctions.getTable(GetTableArgs.builder()
            .name("not-important-dynamodb-table")
            .build());

        var example = new EventDataStore("example", EventDataStoreArgs.builder()
            .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()
                .name("Log all DynamoDB PutEvent actions for a specific DynamoDB table")
                .fieldSelectors(                
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("eventCategory")
                        .equals("Data")
                        .build(),
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("resources.type")
                        .equals("AWS::DynamoDB::Table")
                        .build(),
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("eventName")
                        .equals("PutItem")
                        .build(),
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("resources.ARN")
                        .equals(table.arn())
                        .build())
                .build())
            .build());

    }
}

resources:
  example:
    type: aws:cloudtrail:EventDataStore
    properties:
      advancedEventSelectors:
        - name: Log all DynamoDB PutEvent actions for a specific DynamoDB table
          fieldSelectors:
            - field: eventCategory
              equals:
                - Data
            - field: resources.type
              equals:
                - AWS::DynamoDB::Table
            - field: eventName
              equals:
                - PutItem
            - field: resources.ARN
              equals:
                - ${table.arn}
variables:
  table:
    fn::invoke:
      function: aws:dynamodb:getTable
      arguments:
        name: not-important-dynamodb-table

Create EventDataStore Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new EventDataStore(name: string, args?: EventDataStoreArgs, opts?: CustomResourceOptions);

@overload
def EventDataStore(resource_name: str,
                   args: Optional[EventDataStoreArgs] = None,
                   opts: Optional[ResourceOptions] = None)

@overload
def EventDataStore(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   advanced_event_selectors: Optional[Sequence[EventDataStoreAdvancedEventSelectorArgs]] = None,
                   billing_mode: Optional[str] = None,
                   kms_key_id: Optional[str] = None,
                   multi_region_enabled: Optional[bool] = None,
                   name: Optional[str] = None,
                   organization_enabled: Optional[bool] = None,
                   retention_period: Optional[int] = None,
                   suspend: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   termination_protection_enabled: Optional[bool] = None)

func NewEventDataStore(ctx *Context, name string, args *EventDataStoreArgs, opts ...ResourceOption) (*EventDataStore, error)

public EventDataStore(string name, EventDataStoreArgs? args = null, CustomResourceOptions? opts = null)

public EventDataStore(String name, EventDataStoreArgs args)
public EventDataStore(String name, EventDataStoreArgs args, CustomResourceOptions options)

type: aws:cloudtrail:EventDataStore
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args EventDataStoreArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args EventDataStoreArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args EventDataStoreArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args EventDataStoreArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args EventDataStoreArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var eventDataStoreResource = new Aws.CloudTrail.EventDataStore("eventDataStoreResource", new()
{
    AdvancedEventSelectors = new[]
    {
        new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs
        {
            FieldSelectors = new[]
            {
                new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                {
                    EndsWiths = new[]
                    {
                        "string",
                    },
                    Equals = new[]
                    {
                        "string",
                    },
                    Field = "string",
                    NotEndsWiths = new[]
                    {
                        "string",
                    },
                    NotEquals = new[]
                    {
                        "string",
                    },
                    NotStartsWiths = new[]
                    {
                        "string",
                    },
                    StartsWiths = new[]
                    {
                        "string",
                    },
                },
            },
            Name = "string",
        },
    },
    BillingMode = "string",
    KmsKeyId = "string",
    MultiRegionEnabled = false,
    Name = "string",
    OrganizationEnabled = false,
    RetentionPeriod = 0,
    Suspend = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TerminationProtectionEnabled = false,
});

example, err := cloudtrail.NewEventDataStore(ctx, "eventDataStoreResource", &cloudtrail.EventDataStoreArgs{
	AdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{
		&cloudtrail.EventDataStoreAdvancedEventSelectorArgs{
			FieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{
				&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
					EndsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
					Equals: pulumi.StringArray{
						pulumi.String("string"),
					},
					Field: pulumi.String("string"),
					NotEndsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
					NotEquals: pulumi.StringArray{
						pulumi.String("string"),
					},
					NotStartsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
					StartsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Name: pulumi.String("string"),
		},
	},
	BillingMode:         pulumi.String("string"),
	KmsKeyId:            pulumi.String("string"),
	MultiRegionEnabled:  pulumi.Bool(false),
	Name:                pulumi.String("string"),
	OrganizationEnabled: pulumi.Bool(false),
	RetentionPeriod:     pulumi.Int(0),
	Suspend:             pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TerminationProtectionEnabled: pulumi.Bool(false),
})

var eventDataStoreResource = new EventDataStore("eventDataStoreResource", EventDataStoreArgs.builder()
    .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()
        .fieldSelectors(EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
            .endsWiths("string")
            .equals("string")
            .field("string")
            .notEndsWiths("string")
            .notEquals("string")
            .notStartsWiths("string")
            .startsWiths("string")
            .build())
        .name("string")
        .build())
    .billingMode("string")
    .kmsKeyId("string")
    .multiRegionEnabled(false)
    .name("string")
    .organizationEnabled(false)
    .retentionPeriod(0)
    .suspend("string")
    .tags(Map.of("string", "string"))
    .terminationProtectionEnabled(false)
    .build());

event_data_store_resource = aws.cloudtrail.EventDataStore("eventDataStoreResource",
    advanced_event_selectors=[{
        "field_selectors": [{
            "ends_withs": ["string"],
            "equals": ["string"],
            "field": "string",
            "not_ends_withs": ["string"],
            "not_equals": ["string"],
            "not_starts_withs": ["string"],
            "starts_withs": ["string"],
        }],
        "name": "string",
    }],
    billing_mode="string",
    kms_key_id="string",
    multi_region_enabled=False,
    name="string",
    organization_enabled=False,
    retention_period=0,
    suspend="string",
    tags={
        "string": "string",
    },
    termination_protection_enabled=False)

const eventDataStoreResource = new aws.cloudtrail.EventDataStore("eventDataStoreResource", {
    advancedEventSelectors: [{
        fieldSelectors: [{
            endsWiths: ["string"],
            equals: ["string"],
            field: "string",
            notEndsWiths: ["string"],
            notEquals: ["string"],
            notStartsWiths: ["string"],
            startsWiths: ["string"],
        }],
        name: "string",
    }],
    billingMode: "string",
    kmsKeyId: "string",
    multiRegionEnabled: false,
    name: "string",
    organizationEnabled: false,
    retentionPeriod: 0,
    suspend: "string",
    tags: {
        string: "string",
    },
    terminationProtectionEnabled: false,
});

type: aws:cloudtrail:EventDataStore
properties:
    advancedEventSelectors:
        - fieldSelectors:
            - endsWiths:
                - string
              equals:
                - string
              field: string
              notEndsWiths:
                - string
              notEquals:
                - string
              notStartsWiths:
                - string
              startsWiths:
                - string
          name: string
    billingMode: string
    kmsKeyId: string
    multiRegionEnabled: false
    name: string
    organizationEnabled: false
    retentionPeriod: 0
    suspend: string
    tags:
        string: string
    terminationProtectionEnabled: false

EventDataStore Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The EventDataStore resource accepts the following input properties:

AdvancedEventSelectors List<EventDataStoreAdvancedEventSelector>: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
BillingMode string: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
KmsKeyId string: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
MultiRegionEnabled bool: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
Name string: The name of the event data store.
OrganizationEnabled bool: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
RetentionPeriod int: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
Suspend string: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TerminationProtectionEnabled bool: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

AdvancedEventSelectors []EventDataStoreAdvancedEventSelectorArgs: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
BillingMode string: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
KmsKeyId string: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
MultiRegionEnabled bool: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
Name string: The name of the event data store.
OrganizationEnabled bool: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
RetentionPeriod int: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
Suspend string: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TerminationProtectionEnabled bool: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advancedEventSelectors List<EventDataStoreAdvancedEventSelector>: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
billingMode String: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kmsKeyId String: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multiRegionEnabled Boolean: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name String: The name of the event data store.
organizationEnabled Boolean: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retentionPeriod Integer: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend String: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
terminationProtectionEnabled Boolean: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advancedEventSelectors EventDataStoreAdvancedEventSelector[]: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
billingMode string: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kmsKeyId string: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multiRegionEnabled boolean: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name string: The name of the event data store.
organizationEnabled boolean: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retentionPeriod number: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend string: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
terminationProtectionEnabled boolean: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advanced_event_selectors Sequence[EventDataStoreAdvancedEventSelectorArgs]: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
billing_mode str: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kms_key_id str: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multi_region_enabled bool: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name str: The name of the event data store.
organization_enabled bool: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retention_period int: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend str: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
termination_protection_enabled bool: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advancedEventSelectors List<Property Map>: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
billingMode String: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kmsKeyId String: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multiRegionEnabled Boolean: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name String: The name of the event data store.
organizationEnabled Boolean: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retentionPeriod Number: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend String: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
terminationProtectionEnabled Boolean: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

Outputs

All input properties are implicitly available as output properties. Additionally, the EventDataStore resource produces the following output properties:

Arn string: ARN of the event data store.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: ARN of the event data store.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the event data store.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: ARN of the event data store.
id string: The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: ARN of the event data store.
id str: The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the event data store.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing EventDataStore Resource

Get an existing EventDataStore resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: EventDataStoreState, opts?: CustomResourceOptions): EventDataStore

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        advanced_event_selectors: Optional[Sequence[EventDataStoreAdvancedEventSelectorArgs]] = None,
        arn: Optional[str] = None,
        billing_mode: Optional[str] = None,
        kms_key_id: Optional[str] = None,
        multi_region_enabled: Optional[bool] = None,
        name: Optional[str] = None,
        organization_enabled: Optional[bool] = None,
        retention_period: Optional[int] = None,
        suspend: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        termination_protection_enabled: Optional[bool] = None) -> EventDataStore

func GetEventDataStore(ctx *Context, name string, id IDInput, state *EventDataStoreState, opts ...ResourceOption) (*EventDataStore, error)

public static EventDataStore Get(string name, Input<string> id, EventDataStoreState? state, CustomResourceOptions? opts = null)

public static EventDataStore get(String name, Output<String> id, EventDataStoreState state, CustomResourceOptions options)

resources:  _:    type: aws:cloudtrail:EventDataStore    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdvancedEventSelectors List<EventDataStoreAdvancedEventSelector>: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
Arn string: ARN of the event data store.
BillingMode string: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
KmsKeyId string: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
MultiRegionEnabled bool: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
Name string: The name of the event data store.
OrganizationEnabled bool: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
RetentionPeriod int: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
Suspend string: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TerminationProtectionEnabled bool: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

AdvancedEventSelectors []EventDataStoreAdvancedEventSelectorArgs: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
Arn string: ARN of the event data store.
BillingMode string: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
KmsKeyId string: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
MultiRegionEnabled bool: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
Name string: The name of the event data store.
OrganizationEnabled bool: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
RetentionPeriod int: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
Suspend string: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TerminationProtectionEnabled bool: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advancedEventSelectors List<EventDataStoreAdvancedEventSelector>: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
arn String: ARN of the event data store.
billingMode String: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kmsKeyId String: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multiRegionEnabled Boolean: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name String: The name of the event data store.
organizationEnabled Boolean: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retentionPeriod Integer: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend String: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
terminationProtectionEnabled Boolean: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advancedEventSelectors EventDataStoreAdvancedEventSelector[]: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
arn string: ARN of the event data store.
billingMode string: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kmsKeyId string: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multiRegionEnabled boolean: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name string: The name of the event data store.
organizationEnabled boolean: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retentionPeriod number: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend string: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
terminationProtectionEnabled boolean: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advanced_event_selectors Sequence[EventDataStoreAdvancedEventSelectorArgs]: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
arn str: ARN of the event data store.
billing_mode str: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kms_key_id str: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multi_region_enabled bool: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name str: The name of the event data store.
organization_enabled bool: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retention_period int: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend str: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
termination_protection_enabled bool: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

advancedEventSelectors List<Property Map>: The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
arn String: ARN of the event data store.
billingMode String: The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICING and FIXED_RETENTION_PRICING. Defaults to EXTENDABLE_RETENTION_PRICING.
kmsKeyId String: Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
multiRegionEnabled Boolean: Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
name String: The name of the event data store.
organizationEnabled Boolean: Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
retentionPeriod Number: The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
suspend String: Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set to false, ingestion is active.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
terminationProtectionEnabled Boolean: Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.

Supporting Types

EventDataStoreAdvancedEventSelector, EventDataStoreAdvancedEventSelectorArgs

FieldSelectors List<EventDataStoreAdvancedEventSelectorFieldSelector>: Specifies the selector statements in an advanced event selector. Fields documented below.
Name string: Specifies the name of the advanced event selector.

FieldSelectors []EventDataStoreAdvancedEventSelectorFieldSelector: Specifies the selector statements in an advanced event selector. Fields documented below.
Name string: Specifies the name of the advanced event selector.

fieldSelectors List<EventDataStoreAdvancedEventSelectorFieldSelector>: Specifies the selector statements in an advanced event selector. Fields documented below.
name String: Specifies the name of the advanced event selector.

fieldSelectors EventDataStoreAdvancedEventSelectorFieldSelector[]: Specifies the selector statements in an advanced event selector. Fields documented below.
name string: Specifies the name of the advanced event selector.

field_selectors Sequence[EventDataStoreAdvancedEventSelectorFieldSelector]: Specifies the selector statements in an advanced event selector. Fields documented below.
name str: Specifies the name of the advanced event selector.

fieldSelectors List<Property Map>: Specifies the selector statements in an advanced event selector. Fields documented below.
name String: Specifies the name of the advanced event selector.

EventDataStoreAdvancedEventSelectorFieldSelector, EventDataStoreAdvancedEventSelectorFieldSelectorArgs

EndsWiths List<string>: A list of values that includes events that match the last few characters of the event record field specified as the value of field.
Equals List<string>: A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
Field string: Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly, eventSource, eventName, eventCategory, resources.type, resources.ARN.
NotEndsWiths List<string>: A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
NotEquals List<string>: A list of values that excludes events that match the exact value of the event record field specified as the value of field.
NotStartsWiths List<string>: A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
StartsWiths List<string>: A list of values that includes events that match the first few characters of the event record field specified as the value of field.

EndsWiths []string: A list of values that includes events that match the last few characters of the event record field specified as the value of field.
Equals []string: A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
Field string: Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly, eventSource, eventName, eventCategory, resources.type, resources.ARN.
NotEndsWiths []string: A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
NotEquals []string: A list of values that excludes events that match the exact value of the event record field specified as the value of field.
NotStartsWiths []string: A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
StartsWiths []string: A list of values that includes events that match the first few characters of the event record field specified as the value of field.

endsWiths List<String>: A list of values that includes events that match the last few characters of the event record field specified as the value of field.
equals_ List<String>: A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
field String: Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly, eventSource, eventName, eventCategory, resources.type, resources.ARN.
notEndsWiths List<String>: A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
notEquals List<String>: A list of values that excludes events that match the exact value of the event record field specified as the value of field.
notStartsWiths List<String>: A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
startsWiths List<String>: A list of values that includes events that match the first few characters of the event record field specified as the value of field.

endsWiths string[]: A list of values that includes events that match the last few characters of the event record field specified as the value of field.
equals string[]: A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
field string: Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly, eventSource, eventName, eventCategory, resources.type, resources.ARN.
notEndsWiths string[]: A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
notEquals string[]: A list of values that excludes events that match the exact value of the event record field specified as the value of field.
notStartsWiths string[]: A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
startsWiths string[]: A list of values that includes events that match the first few characters of the event record field specified as the value of field.

ends_withs Sequence[str]: A list of values that includes events that match the last few characters of the event record field specified as the value of field.
equals Sequence[str]: A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
field str: Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly, eventSource, eventName, eventCategory, resources.type, resources.ARN.
not_ends_withs Sequence[str]: A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
not_equals Sequence[str]: A list of values that excludes events that match the exact value of the event record field specified as the value of field.
not_starts_withs Sequence[str]: A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
starts_withs Sequence[str]: A list of values that includes events that match the first few characters of the event record field specified as the value of field.

endsWiths List<String>: A list of values that includes events that match the last few characters of the event record field specified as the value of field.
equals List<String>: A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with the readOnly, eventCategory, and resources.type fields.
field String: Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly, eventSource, eventName, eventCategory, resources.type, resources.ARN.
notEndsWiths List<String>: A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
notEquals List<String>: A list of values that excludes events that match the exact value of the event record field specified as the value of field.
notStartsWiths List<String>: A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
startsWiths List<String>: A list of values that includes events that match the first few characters of the event record field specified as the value of field.

Import

Using pulumi import, import event data stores using their arn. For example:

$ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi

pulumi/pulumi-aws

aws.cloudtrail.EventDataStore

On this page

On this page

Example Usage

Basic

Data Event Logging

Log all DynamoDB PutEvent actions for a specific DynamoDB table

Create EventDataStore Resource

Constructor syntax

Parameters

Constructor example

EventDataStore Resource Properties

Inputs

Outputs

Look up Existing EventDataStore Resource

Supporting Types

EventDataStoreAdvancedEventSelector, EventDataStoreAdvancedEventSelectorArgs

EventDataStoreAdvancedEventSelectorFieldSelector, EventDataStoreAdvancedEventSelectorFieldSelectorArgs

Import

Package Details

On this page

On this page