Docs
PackagesAWSx (Pulumi Crosswalk for AWS) v2.9.0 published on Wednesday, Apr 24, 2024 by Pulumi
awsx.cloudtrail.Trail
Explore with Pulumi AI
AWSx (Pulumi Crosswalk for AWS) v2.9.0 published on Wednesday, Apr 24, 2024 by Pulumi
Create Trail Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Trail(name: string, args?: TrailArgs, opts?: CustomResourceOptions);@overload
def Trail(resource_name: str,
args: Optional[TrailArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Trail(resource_name: str,
opts: Optional[ResourceOptions] = None,
advanced_event_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailAdvancedEventSelectorArgs]] = None,
cloud_watch_logs_group: Optional[_awsx.OptionalLogGroupArgs] = None,
enable_log_file_validation: Optional[bool] = None,
enable_logging: Optional[bool] = None,
event_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailEventSelectorArgs]] = None,
include_global_service_events: Optional[bool] = None,
insight_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailInsightSelectorArgs]] = None,
is_multi_region_trail: Optional[bool] = None,
is_organization_trail: Optional[bool] = None,
kms_key_id: Optional[str] = None,
name: Optional[str] = None,
s3_bucket: Optional[_awsx.RequiredBucketArgs] = None,
s3_key_prefix: Optional[str] = None,
sns_topic_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewTrail(ctx *Context, name string, args *TrailArgs, opts ...ResourceOption) (*Trail, error)public Trail(string name, TrailArgs? args = null, CustomResourceOptions? opts = null)type: awsx:cloudtrail:Trail
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TrailArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TrailArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TrailArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TrailArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TrailArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var trailResource = new Awsx.Cloudtrail.Trail("trailResource", new()
{
AdvancedEventSelectors = new[]
{
new Aws.Cloudtrail.Inputs.TrailAdvancedEventSelectorArgs
{
FieldSelectors = new[]
{
new Aws.Cloudtrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs
{
Field = "string",
EndsWiths = new[]
{
"string",
},
Equals = new[]
{
"string",
},
NotEndsWiths = new[]
{
"string",
},
NotEquals = new[]
{
"string",
},
NotStartsWiths = new[]
{
"string",
},
StartsWiths = new[]
{
"string",
},
},
},
Name = "string",
},
},
CloudWatchLogsGroup = new Awsx.Awsx.Inputs.OptionalLogGroupArgs
{
Args = new Awsx.Awsx.Inputs.LogGroupArgs
{
KmsKeyId = "string",
LogGroupClass = "string",
Name = "string",
NamePrefix = "string",
RetentionInDays = 0,
SkipDestroy = false,
Tags =
{
{ "string", "string" },
},
},
Enable = false,
Existing = new Awsx.Awsx.Inputs.ExistingLogGroupArgs
{
Arn = "string",
Name = "string",
Region = "string",
},
},
EnableLogFileValidation = false,
EnableLogging = false,
EventSelectors = new[]
{
new Aws.Cloudtrail.Inputs.TrailEventSelectorArgs
{
DataResources = new[]
{
new Aws.Cloudtrail.Inputs.TrailEventSelectorDataResourceArgs
{
Type = "string",
Values = new[]
{
"string",
},
},
},
ExcludeManagementEventSources = new[]
{
"string",
},
IncludeManagementEvents = false,
ReadWriteType = "string",
},
},
IncludeGlobalServiceEvents = false,
InsightSelectors = new[]
{
new Aws.Cloudtrail.Inputs.TrailInsightSelectorArgs
{
InsightType = "string",
},
},
IsMultiRegionTrail = false,
IsOrganizationTrail = false,
KmsKeyId = "string",
Name = "string",
S3Bucket = new Awsx.Awsx.Inputs.RequiredBucketArgs
{
Args = new Awsx.Awsx.Inputs.BucketArgs
{
AccelerationStatus = "string",
Acl = "string",
Arn = "string",
Bucket = "string",
BucketPrefix = "string",
CorsRules = new()
{
new Aws.S3.Inputs.BucketCorsRuleArgs
{
AllowedMethods = new()
{
"string",
},
AllowedOrigins = new()
{
"string",
},
AllowedHeaders = new()
{
"string",
},
ExposeHeaders = new()
{
"string",
},
MaxAgeSeconds = 0,
},
},
ForceDestroy = false,
Grants = new()
{
new Aws.S3.Inputs.BucketGrantArgs
{
Permissions = new()
{
"string",
},
Type = "string",
Id = "string",
Uri = "string",
},
},
HostedZoneId = "string",
LifecycleRules = new()
{
new Aws.S3.Inputs.BucketLifecycleRuleArgs
{
Enabled = false,
AbortIncompleteMultipartUploadDays = 0,
Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs
{
Date = "string",
Days = 0,
ExpiredObjectDeleteMarker = false,
},
Id = "string",
NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs
{
Days = 0,
},
NoncurrentVersionTransitions = new()
{
new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs
{
StorageClass = "string",
Days = 0,
},
},
Prefix = "string",
Tags =
{
{ "string", "string" },
},
Transitions = new()
{
new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs
{
StorageClass = "string",
Date = "string",
Days = 0,
},
},
},
},
Loggings = new()
{
new Aws.S3.Inputs.BucketLoggingArgs
{
TargetBucket = "string",
TargetPrefix = "string",
},
},
ObjectLockConfiguration = new Aws.S3.Inputs.BucketObjectLockConfigurationArgs
{
ObjectLockEnabled = "string",
Rule = new Aws.S3.Inputs.BucketObjectLockConfigurationRuleArgs
{
DefaultRetention = new Aws.S3.Inputs.BucketObjectLockConfigurationRuleDefaultRetentionArgs
{
Mode = "string",
Days = 0,
Years = 0,
},
},
},
Policy = "string",
ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs
{
Role = "string",
Rules = new()
{
new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs
{
Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs
{
Bucket = "string",
AccessControlTranslation = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs
{
Owner = "string",
},
AccountId = "string",
Metrics = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationMetricsArgs
{
Minutes = 0,
Status = "string",
},
ReplicaKmsKeyId = "string",
ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs
{
Minutes = 0,
Status = "string",
},
StorageClass = "string",
},
Status = "string",
DeleteMarkerReplicationStatus = "string",
Filter = new Aws.S3.Inputs.BucketReplicationConfigurationRuleFilterArgs
{
Prefix = "string",
Tags =
{
{ "string", "string" },
},
},
Id = "string",
Prefix = "string",
Priority = 0,
SourceSelectionCriteria = new Aws.S3.Inputs.BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs
{
SseKmsEncryptedObjects = new Aws.S3.Inputs.BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
{
Enabled = false,
},
},
},
},
},
RequestPayer = "string",
ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs
{
Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs
{
ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs
{
SseAlgorithm = "string",
KmsMasterKeyId = "string",
},
BucketKeyEnabled = false,
},
},
Tags =
{
{ "string", "string" },
},
Versioning = new Aws.S3.Inputs.BucketVersioningArgs
{
Enabled = false,
MfaDelete = false,
},
Website = new Aws.S3.Inputs.BucketWebsiteArgs
{
ErrorDocument = "string",
IndexDocument = "string",
RedirectAllRequestsTo = "string",
RoutingRules = "string",
},
WebsiteDomain = "string",
WebsiteEndpoint = "string",
},
Existing = new Awsx.Awsx.Inputs.ExistingBucketArgs
{
Arn = "string",
Name = "string",
},
},
S3KeyPrefix = "string",
SnsTopicName = "string",
Tags =
{
{ "string", "string" },
},
});
Coming soon!
var trailResource = new Trail("trailResource", TrailArgs.builder()
.advancedEventSelectors(TrailAdvancedEventSelectorArgs.builder()
.fieldSelectors(TrailAdvancedEventSelectorFieldSelectorArgs.builder()
.field("string")
.endsWiths("string")
.equals("string")
.notEndsWiths("string")
.notEquals("string")
.notStartsWiths("string")
.startsWiths("string")
.build())
.name("string")
.build())
.cloudWatchLogsGroup(OptionalLogGroupArgs.builder()
.args(LogGroupArgs.builder()
.kmsKeyId("string")
.logGroupClass("string")
.name("string")
.namePrefix("string")
.retentionInDays(0)
.skipDestroy(false)
.tags(Map.of("string", "string"))
.build())
.enable(false)
.existing(ExistingLogGroupArgs.builder()
.arn("string")
.name("string")
.region("string")
.build())
.build())
.enableLogFileValidation(false)
.enableLogging(false)
.eventSelectors(TrailEventSelectorArgs.builder()
.dataResources(TrailEventSelectorDataResourceArgs.builder()
.type("string")
.values("string")
.build())
.excludeManagementEventSources("string")
.includeManagementEvents(false)
.readWriteType("string")
.build())
.includeGlobalServiceEvents(false)
.insightSelectors(TrailInsightSelectorArgs.builder()
.insightType("string")
.build())
.isMultiRegionTrail(false)
.isOrganizationTrail(false)
.kmsKeyId("string")
.name("string")
.s3Bucket(RequiredBucketArgs.builder()
.args(BucketArgs.builder()
.accelerationStatus("string")
.acl("string")
.arn("string")
.bucket("string")
.bucketPrefix("string")
.corsRules(BucketCorsRuleArgs.builder()
.allowedMethods("string")
.allowedOrigins("string")
.allowedHeaders("string")
.exposeHeaders("string")
.maxAgeSeconds(0)
.build())
.forceDestroy(false)
.grants(BucketGrantArgs.builder()
.permissions("string")
.type("string")
.id("string")
.uri("string")
.build())
.hostedZoneId("string")
.lifecycleRules(BucketLifecycleRuleArgs.builder()
.enabled(false)
.abortIncompleteMultipartUploadDays(0)
.expiration(BucketLifecycleRuleExpirationArgs.builder()
.date("string")
.days(0)
.expiredObjectDeleteMarker(false)
.build())
.id("string")
.noncurrentVersionExpiration(BucketLifecycleRuleNoncurrentVersionExpirationArgs.builder()
.days(0)
.build())
.noncurrentVersionTransitions(BucketLifecycleRuleNoncurrentVersionTransitionArgs.builder()
.storageClass("string")
.days(0)
.build())
.prefix("string")
.tags(Map.of("string", "string"))
.transitions(BucketLifecycleRuleTransitionArgs.builder()
.storageClass("string")
.date("string")
.days(0)
.build())
.build())
.loggings(BucketLoggingArgs.builder()
.targetBucket("string")
.targetPrefix("string")
.build())
.objectLockConfiguration(BucketObjectLockConfigurationArgs.builder()
.objectLockEnabled("string")
.rule(BucketObjectLockConfigurationRuleArgs.builder()
.defaultRetention(BucketObjectLockConfigurationRuleDefaultRetentionArgs.builder()
.mode("string")
.days(0)
.years(0)
.build())
.build())
.build())
.policy("string")
.replicationConfiguration(BucketReplicationConfigurationArgs.builder()
.role("string")
.rules(BucketReplicationConfigurationRuleArgs.builder()
.destination(BucketReplicationConfigurationRuleDestinationArgs.builder()
.bucket("string")
.accessControlTranslation(BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs.builder()
.owner("string")
.build())
.accountId("string")
.metrics(BucketReplicationConfigurationRuleDestinationMetricsArgs.builder()
.minutes(0)
.status("string")
.build())
.replicaKmsKeyId("string")
.replicationTime(BucketReplicationConfigurationRuleDestinationReplicationTimeArgs.builder()
.minutes(0)
.status("string")
.build())
.storageClass("string")
.build())
.status("string")
.deleteMarkerReplicationStatus("string")
.filter(BucketReplicationConfigurationRuleFilterArgs.builder()
.prefix("string")
.tags(Map.of("string", "string"))
.build())
.id("string")
.prefix("string")
.priority(0)
.sourceSelectionCriteria(BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs.builder()
.sseKmsEncryptedObjects(BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs.builder()
.enabled(false)
.build())
.build())
.build())
.build())
.requestPayer("string")
.serverSideEncryptionConfiguration(BucketServerSideEncryptionConfigurationArgs.builder()
.rule(BucketServerSideEncryptionConfigurationRuleArgs.builder()
.applyServerSideEncryptionByDefault(BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs.builder()
.sseAlgorithm("string")
.kmsMasterKeyId("string")
.build())
.bucketKeyEnabled(false)
.build())
.build())
.tags(Map.of("string", "string"))
.versioning(BucketVersioningArgs.builder()
.enabled(false)
.mfaDelete(false)
.build())
.website(BucketWebsiteArgs.builder()
.errorDocument("string")
.indexDocument("string")
.redirectAllRequestsTo("string")
.routingRules("string")
.build())
.websiteDomain("string")
.websiteEndpoint("string")
.build())
.existing(ExistingBucketArgs.builder()
.arn("string")
.name("string")
.build())
.build())
.s3KeyPrefix("string")
.snsTopicName("string")
.tags(Map.of("string", "string"))
.build());
trail_resource = awsx.cloudtrail.Trail("trailResource",
advanced_event_selectors=[aws.cloudtrail.TrailAdvancedEventSelectorArgs(
field_selectors=[aws.cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs(
field="string",
ends_withs=["string"],
equals=["string"],
not_ends_withs=["string"],
not_equals=["string"],
not_starts_withs=["string"],
starts_withs=["string"],
)],
name="string",
)],
cloud_watch_logs_group=awsx.awsx.OptionalLogGroupArgs(
args=awsx.awsx.LogGroupArgs(
kms_key_id="string",
log_group_class="string",
name="string",
name_prefix="string",
retention_in_days=0,
skip_destroy=False,
tags={
"string": "string",
},
),
enable=False,
existing=awsx.awsx.ExistingLogGroupArgs(
arn="string",
name="string",
region="string",
),
),
enable_log_file_validation=False,
enable_logging=False,
event_selectors=[aws.cloudtrail.TrailEventSelectorArgs(
data_resources=[aws.cloudtrail.TrailEventSelectorDataResourceArgs(
type="string",
values=["string"],
)],
exclude_management_event_sources=["string"],
include_management_events=False,
read_write_type="string",
)],
include_global_service_events=False,
insight_selectors=[aws.cloudtrail.TrailInsightSelectorArgs(
insight_type="string",
)],
is_multi_region_trail=False,
is_organization_trail=False,
kms_key_id="string",
name="string",
s3_bucket=awsx.awsx.RequiredBucketArgs(
args=awsx.awsx.BucketArgs(
acceleration_status="string",
acl="string",
arn="string",
bucket="string",
bucket_prefix="string",
cors_rules=[aws.s3.BucketCorsRuleArgs(
allowed_methods=["string"],
allowed_origins=["string"],
allowed_headers=["string"],
expose_headers=["string"],
max_age_seconds=0,
)],
force_destroy=False,
grants=[aws.s3.BucketGrantArgs(
permissions=["string"],
type="string",
id="string",
uri="string",
)],
hosted_zone_id="string",
lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(
enabled=False,
abort_incomplete_multipart_upload_days=0,
expiration=aws.s3.BucketLifecycleRuleExpirationArgs(
date="string",
days=0,
expired_object_delete_marker=False,
),
id="string",
noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(
days=0,
),
noncurrent_version_transitions=[aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(
storage_class="string",
days=0,
)],
prefix="string",
tags={
"string": "string",
},
transitions=[aws.s3.BucketLifecycleRuleTransitionArgs(
storage_class="string",
date="string",
days=0,
)],
)],
loggings=[aws.s3.BucketLoggingArgs(
target_bucket="string",
target_prefix="string",
)],
object_lock_configuration=aws.s3.BucketObjectLockConfigurationArgs(
object_lock_enabled="string",
rule=aws.s3.BucketObjectLockConfigurationRuleArgs(
default_retention=aws.s3.BucketObjectLockConfigurationRuleDefaultRetentionArgs(
mode="string",
days=0,
years=0,
),
),
),
policy="string",
replication_configuration=aws.s3.BucketReplicationConfigurationArgs(
role="string",
rules=[aws.s3.BucketReplicationConfigurationRuleArgs(
destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(
bucket="string",
access_control_translation=aws.s3.BucketReplicationConfigurationRuleDestinationAccessControlTranslationArgs(
owner="string",
),
account_id="string",
metrics=aws.s3.BucketReplicationConfigurationRuleDestinationMetricsArgs(
minutes=0,
status="string",
),
replica_kms_key_id="string",
replication_time=aws.s3.BucketReplicationConfigurationRuleDestinationReplicationTimeArgs(
minutes=0,
status="string",
),
storage_class="string",
),
status="string",
delete_marker_replication_status="string",
filter=aws.s3.BucketReplicationConfigurationRuleFilterArgs(
prefix="string",
tags={
"string": "string",
},
),
id="string",
prefix="string",
priority=0,
source_selection_criteria=aws.s3.BucketReplicationConfigurationRuleSourceSelectionCriteriaArgs(
sse_kms_encrypted_objects=aws.s3.BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs(
enabled=False,
),
),
)],
),
request_payer="string",
server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(
rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(
apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(
sse_algorithm="string",
kms_master_key_id="string",
),
bucket_key_enabled=False,
),
),
tags={
"string": "string",
},
versioning=aws.s3.BucketVersioningArgs(
enabled=False,
mfa_delete=False,
),
website=aws.s3.BucketWebsiteArgs(
error_document="string",
index_document="string",
redirect_all_requests_to="string",
routing_rules="string",
),
website_domain="string",
website_endpoint="string",
),
existing=awsx.awsx.ExistingBucketArgs(
arn="string",
name="string",
),
),
s3_key_prefix="string",
sns_topic_name="string",
tags={
"string": "string",
})
const trailResource = new awsx.cloudtrail.Trail("trailResource", {
advancedEventSelectors: [{
fieldSelectors: [{
field: "string",
endsWiths: ["string"],
equals: ["string"],
notEndsWiths: ["string"],
notEquals: ["string"],
notStartsWiths: ["string"],
startsWiths: ["string"],
}],
name: "string",
}],
cloudWatchLogsGroup: {
args: {
kmsKeyId: "string",
logGroupClass: "string",
name: "string",
namePrefix: "string",
retentionInDays: 0,
skipDestroy: false,
tags: {
string: "string",
},
},
enable: false,
existing: {
arn: "string",
name: "string",
region: "string",
},
},
enableLogFileValidation: false,
enableLogging: false,
eventSelectors: [{
dataResources: [{
type: "string",
values: ["string"],
}],
excludeManagementEventSources: ["string"],
includeManagementEvents: false,
readWriteType: "string",
}],
includeGlobalServiceEvents: false,
insightSelectors: [{
insightType: "string",
}],
isMultiRegionTrail: false,
isOrganizationTrail: false,
kmsKeyId: "string",
name: "string",
s3Bucket: {
args: {
accelerationStatus: "string",
acl: "string",
arn: "string",
bucket: "string",
bucketPrefix: "string",
corsRules: [{
allowedMethods: ["string"],
allowedOrigins: ["string"],
allowedHeaders: ["string"],
exposeHeaders: ["string"],
maxAgeSeconds: 0,
}],
forceDestroy: false,
grants: [{
permissions: ["string"],
type: "string",
id: "string",
uri: "string",
}],
hostedZoneId: "string",
lifecycleRules: [{
enabled: false,
abortIncompleteMultipartUploadDays: 0,
expiration: {
date: "string",
days: 0,
expiredObjectDeleteMarker: false,
},
id: "string",
noncurrentVersionExpiration: {
days: 0,
},
noncurrentVersionTransitions: [{
storageClass: "string",
days: 0,
}],
prefix: "string",
tags: {
string: "string",
},
transitions: [{
storageClass: "string",
date: "string",
days: 0,
}],
}],
loggings: [{
targetBucket: "string",
targetPrefix: "string",
}],
objectLockConfiguration: {
objectLockEnabled: "string",
rule: {
defaultRetention: {
mode: "string",
days: 0,
years: 0,
},
},
},
policy: "string",
replicationConfiguration: {
role: "string",
rules: [{
destination: {
bucket: "string",
accessControlTranslation: {
owner: "string",
},
accountId: "string",
metrics: {
minutes: 0,
status: "string",
},
replicaKmsKeyId: "string",
replicationTime: {
minutes: 0,
status: "string",
},
storageClass: "string",
},
status: "string",
deleteMarkerReplicationStatus: "string",
filter: {
prefix: "string",
tags: {
string: "string",
},
},
id: "string",
prefix: "string",
priority: 0,
sourceSelectionCriteria: {
sseKmsEncryptedObjects: {
enabled: false,
},
},
}],
},
requestPayer: "string",
serverSideEncryptionConfiguration: {
rule: {
applyServerSideEncryptionByDefault: {
sseAlgorithm: "string",
kmsMasterKeyId: "string",
},
bucketKeyEnabled: false,
},
},
tags: {
string: "string",
},
versioning: {
enabled: false,
mfaDelete: false,
},
website: {
errorDocument: "string",
indexDocument: "string",
redirectAllRequestsTo: "string",
routingRules: "string",
},
websiteDomain: "string",
websiteEndpoint: "string",
},
existing: {
arn: "string",
name: "string",
},
},
s3KeyPrefix: "string",
snsTopicName: "string",
tags: {
string: "string",
},
});
type: awsx:cloudtrail:Trail
properties:
advancedEventSelectors:
- fieldSelectors:
- endsWiths:
- string
equals:
- string
field: string
notEndsWiths:
- string
notEquals:
- string
notStartsWiths:
- string
startsWiths:
- string
name: string
cloudWatchLogsGroup:
args:
kmsKeyId: string
logGroupClass: string
name: string
namePrefix: string
retentionInDays: 0
skipDestroy: false
tags:
string: string
enable: false
existing:
arn: string
name: string
region: string
enableLogFileValidation: false
enableLogging: false
eventSelectors:
- dataResources:
- type: string
values:
- string
excludeManagementEventSources:
- string
includeManagementEvents: false
readWriteType: string
includeGlobalServiceEvents: false
insightSelectors:
- insightType: string
isMultiRegionTrail: false
isOrganizationTrail: false
kmsKeyId: string
name: string
s3Bucket:
args:
accelerationStatus: string
acl: string
arn: string
bucket: string
bucketPrefix: string
corsRules:
- allowedHeaders:
- string
allowedMethods:
- string
allowedOrigins:
- string
exposeHeaders:
- string
maxAgeSeconds: 0
forceDestroy: false
grants:
- id: string
permissions:
- string
type: string
uri: string
hostedZoneId: string
lifecycleRules:
- abortIncompleteMultipartUploadDays: 0
enabled: false
expiration:
date: string
days: 0
expiredObjectDeleteMarker: false
id: string
noncurrentVersionExpiration:
days: 0
noncurrentVersionTransitions:
- days: 0
storageClass: string
prefix: string
tags:
string: string
transitions:
- date: string
days: 0
storageClass: string
loggings:
- targetBucket: string
targetPrefix: string
objectLockConfiguration:
objectLockEnabled: string
rule:
defaultRetention:
days: 0
mode: string
years: 0
policy: string
replicationConfiguration:
role: string
rules:
- deleteMarkerReplicationStatus: string
destination:
accessControlTranslation:
owner: string
accountId: string
bucket: string
metrics:
minutes: 0
status: string
replicaKmsKeyId: string
replicationTime:
minutes: 0
status: string
storageClass: string
filter:
prefix: string
tags:
string: string
id: string
prefix: string
priority: 0
sourceSelectionCriteria:
sseKmsEncryptedObjects:
enabled: false
status: string
requestPayer: string
serverSideEncryptionConfiguration:
rule:
applyServerSideEncryptionByDefault:
kmsMasterKeyId: string
sseAlgorithm: string
bucketKeyEnabled: false
tags:
string: string
versioning:
enabled: false
mfaDelete: false
website:
errorDocument: string
indexDocument: string
redirectAllRequestsTo: string
routingRules: string
websiteDomain: string
websiteEndpoint: string
existing:
arn: string
name: string
s3KeyPrefix: string
snsTopicName: string
tags:
string: string
Trail Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Trail resource accepts the following input properties:
- Advanced
Event List<Pulumi.Selectors Aws. Cloud Trail. Inputs. Trail Advanced Event Selector> - Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with
event_selector. - Cloud
Watch Pulumi.Logs Group Awsx. Awsx. Inputs. Optional Log Group - Log group to which CloudTrail logs will be delivered.
- Enable
Log boolFile Validation - Whether log file integrity validation is enabled. Defaults to
false. - Enable
Logging bool - Enables logging for the trail. Defaults to
true. Setting this tofalsewill pause logging. - Event
Selectors List<Pulumi.Aws. Cloud Trail. Inputs. Trail Event Selector> - Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with
advanced_event_selector. - Include
Global boolService Events - Whether the trail is publishing events from global services such as IAM to the log files. Defaults to
true. - Insight
Selectors List<Pulumi.Aws. Cloud Trail. Inputs. Trail Insight Selector> - Configuration block for identifying unusual operational activity. See details below.
- Is
Multi boolRegion Trail - Whether the trail is created in the current region or in all regions. Defaults to
false. - Is
Organization boolTrail - Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to
false. - Kms
Key stringId - KMS key ARN to use to encrypt the logs delivered by CloudTrail.
- Name string
- Name of the trail.
- S3Bucket
Pulumi.
Awsx. Awsx. Inputs. Required Bucket - S3 bucket designated for publishing log files.
- S3Key
Prefix string - S3 key prefix that follows the name of the bucket you have designated for log file delivery.
- Sns
Topic stringName - Name of the Amazon SNS topic defined for notification of log file delivery.
- Dictionary<string, string>
- Map of tags to assign to the trail. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Advanced
Event TrailSelectors Advanced Event Selector Args - Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with
event_selector. - Cloud
Watch OptionalLogs Group Log Group Args - Log group to which CloudTrail logs will be delivered.
- Enable
Log boolFile Validation - Whether log file integrity validation is enabled. Defaults to
false. - Enable
Logging bool - Enables logging for the trail. Defaults to
true. Setting this tofalsewill pause logging. - Event
Selectors TrailEvent Selector Args - Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with
advanced_event_selector. - Include
Global boolService Events - Whether the trail is publishing events from global services such as IAM to the log files. Defaults to
true. - Insight
Selectors TrailInsight Selector Args - Configuration block for identifying unusual operational activity. See details below.
- Is
Multi boolRegion Trail - Whether the trail is created in the current region or in all regions. Defaults to
false. - Is
Organization boolTrail - Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to
false. - Kms
Key stringId - KMS key ARN to use to encrypt the logs delivered by CloudTrail.
- Name string
- Name of the trail.
- S3Bucket
Required
Bucket Args - S3 bucket designated for publishing log files.
- S3Key
Prefix string - S3 key prefix that follows the name of the bucket you have designated for log file delivery.
- Sns
Topic stringName - Name of the Amazon SNS topic defined for notification of log file delivery.
- map[string]string
- Map of tags to assign to the trail. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- advanced
Event List<TrailSelectors Advanced Event Selector> - Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with
event_selector. - cloud
Watch OptionalLogs Group Log Group - Log group to which CloudTrail logs will be delivered.
- enable
Log BooleanFile Validation - Whether log file integrity validation is enabled. Defaults to
false. - enable
Logging Boolean - Enables logging for the trail. Defaults to
true. Setting this tofalsewill pause logging. - event
Selectors List<TrailEvent Selector> - Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with
advanced_event_selector. - include
Global BooleanService Events - Whether the trail is publishing events from global services such as IAM to the log files. Defaults to
true. - insight
Selectors List<TrailInsight Selector> - Configuration block for identifying unusual operational activity. See details below.
- is
Multi BooleanRegion Trail - Whether the trail is created in the current region or in all regions. Defaults to
false. - is
Organization BooleanTrail - Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to
false. - kms
Key StringId - KMS key ARN to use to encrypt the logs delivered by CloudTrail.
- name String
- Name of the trail.
- s3Bucket
Required
Bucket - S3 bucket designated for publishing log files.
- s3Key
Prefix String - S3 key prefix that follows the name of the bucket you have designated for log file delivery.
- sns
Topic StringName - Name of the Amazon SNS topic defined for notification of log file delivery.
- Map<String,String>
- Map of tags to assign to the trail. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- advanced
Event pulumiSelectors Aws.types.input. Trail Advanced Event Selector[] - Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with
event_selector. - cloud
Watch awsx.Logs Group Optional Log Group - Log group to which CloudTrail logs will be delivered.
- enable
Log booleanFile Validation - Whether log file integrity validation is enabled. Defaults to
false. - enable
Logging boolean - Enables logging for the trail. Defaults to
true. Setting this tofalsewill pause logging. - event
Selectors pulumiAws.types.input. Trail Event Selector[] - Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with
advanced_event_selector. - include
Global booleanService Events - Whether the trail is publishing events from global services such as IAM to the log files. Defaults to
true. - insight
Selectors pulumiAws.types.input. Trail Insight Selector[] - Configuration block for identifying unusual operational activity. See details below.
- is
Multi booleanRegion Trail - Whether the trail is created in the current region or in all regions. Defaults to
false. - is
Organization booleanTrail - Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to
false. - kms
Key stringId - KMS key ARN to use to encrypt the logs delivered by CloudTrail.
- name string
- Name of the trail.
- s3Bucket
awsx.
Required Bucket - S3 bucket designated for publishing log files.
- s3Key
Prefix string - S3 key prefix that follows the name of the bucket you have designated for log file delivery.
- sns
Topic stringName - Name of the Amazon SNS topic defined for notification of log file delivery.
- {[key: string]: string}
- Map of tags to assign to the trail. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- advanced_
event_ Sequence[pulumi_selectors aws.cloudtrail. Trail Advanced Event Selector Args] - Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with
event_selector. - cloud_
watch_ awsx.logs_ group Optional Log Group Args - Log group to which CloudTrail logs will be delivered.
- enable_
log_ boolfile_ validation - Whether log file integrity validation is enabled. Defaults to
false. - enable_
logging bool - Enables logging for the trail. Defaults to
true. Setting this tofalsewill pause logging. - event_
selectors Sequence[pulumi_aws.cloudtrail. Trail Event Selector Args] - Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with
advanced_event_selector. - include_
global_ boolservice_ events - Whether the trail is publishing events from global services such as IAM to the log files. Defaults to
true. - insight_
selectors Sequence[pulumi_aws.cloudtrail. Trail Insight Selector Args] - Configuration block for identifying unusual operational activity. See details below.
- is_
multi_ boolregion_ trail - Whether the trail is created in the current region or in all regions. Defaults to
false. - is_
organization_ booltrail - Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to
false. - kms_
key_ strid - KMS key ARN to use to encrypt the logs delivered by CloudTrail.
- name str
- Name of the trail.
- s3_
bucket awsx.Required Bucket Args - S3 bucket designated for publishing log files.
- s3_
key_ strprefix - S3 key prefix that follows the name of the bucket you have designated for log file delivery.
- sns_
topic_ strname - Name of the Amazon SNS topic defined for notification of log file delivery.
- Mapping[str, str]
- Map of tags to assign to the trail. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- advanced
Event List<Property Map>Selectors - Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with
event_selector. - cloud
Watch Property MapLogs Group - Log group to which CloudTrail logs will be delivered.
- enable
Log BooleanFile Validation - Whether log file integrity validation is enabled. Defaults to
false. - enable
Logging Boolean - Enables logging for the trail. Defaults to
true. Setting this tofalsewill pause logging. - event
Selectors List<Property Map> - Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with
advanced_event_selector. - include
Global BooleanService Events - Whether the trail is publishing events from global services such as IAM to the log files. Defaults to
true. - insight
Selectors List<Property Map> - Configuration block for identifying unusual operational activity. See details below.
- is
Multi BooleanRegion Trail - Whether the trail is created in the current region or in all regions. Defaults to
false. - is
Organization BooleanTrail - Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to
false. - kms
Key StringId - KMS key ARN to use to encrypt the logs delivered by CloudTrail.
- name String
- Name of the trail.
- s3Bucket Property Map
- S3 bucket designated for publishing log files.
- s3Key
Prefix String - S3 key prefix that follows the name of the bucket you have designated for log file delivery.
- sns
Topic StringName - Name of the Amazon SNS topic defined for notification of log file delivery.
- Map<String>
- Map of tags to assign to the trail. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the Trail resource produces the following output properties:
- Aws
Trail Pulumi.Aws. Cloud Trail. Trail - The CloudTrail Trail. This type is defined in the AWS Classic package.
- Bucket
Pulumi.
Aws. S3. Bucket - The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
- Log
Group Pulumi.Aws. Cloud Watch. Log Group - The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
- Trail Trail
- The CloudTrail Trail. This type is defined in the AWS Classic package.
- Bucket Bucket
- The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
- Log
Group LogGroup - The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
- trail Trail
- The CloudTrail Trail. This type is defined in the AWS Classic package.
- bucket Bucket
- The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
- log
Group LogGroup - The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
- trail
pulumi
Aws. Trail - The CloudTrail Trail. This type is defined in the AWS Classic package.
- bucket
pulumi
Aws.s3. Bucket - The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
- log
Group pulumiAws.cloudwatch. Log Group - The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
- trail
pulumi_
aws.cloudtrail. Trail - The CloudTrail Trail. This type is defined in the AWS Classic package.
- bucket
pulumi_
aws.s3. Bucket - The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
- log_
group pulumi_aws.cloudwatch. Log Group - The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
- trail aws::Trail
- The CloudTrail Trail. This type is defined in the AWS Classic package.
- bucket aws:s3:Bucket
- The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
- log
Group aws:cloudwatch:LogGroup - The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
Supporting Types
Bucket, BucketArgs
- Acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - Acl string
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - Arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - Bucket
Name string - The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - Cors
Rules List<Pulumi.Aws. S3. Inputs. Bucket Cors Rule> - A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
List<Pulumi.
Aws. S3. Inputs. Bucket Grant> - An ACL policy grant (documented below). Conflicts with
acl. - Hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules List<Pulumi.Aws. S3. Inputs. Bucket Lifecycle Rule> - A configuration of object lifecycle management (documented below).
- Loggings
List<Pulumi.
Aws. S3. Inputs. Bucket Logging> - A settings of bucket logging (documented below).
- Object
Lock Pulumi.Configuration Aws. S3. Inputs. Bucket Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1This type is defined in the AWS Classic package.
- Policy string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - Replication
Configuration Pulumi.Aws. S3. Inputs. Bucket Replication Configuration A configuration of replication configuration (documented below).
This type is defined in the AWS Classic package.
- Request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - Server
Side Pulumi.Encryption Configuration Aws. S3. Inputs. Bucket Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
This type is defined in the AWS Classic package.
- Dictionary<string, string>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Versioning
Pulumi.
Aws. S3. Inputs. Bucket Versioning A state of versioning (documented below)
This type is defined in the AWS Classic package.
- Website
Pulumi.
Aws. S3. Inputs. Bucket Website A website object (documented below).
This type is defined in the AWS Classic package.
- Website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- Acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - Acl string
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - Arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - Bucket string
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- Bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - Cors
Rules BucketCors Rule - A rule of Cross-Origin Resource Sharing (documented below).
- Force
Destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- Grants
Bucket
Grant - An ACL policy grant (documented below). Conflicts with
acl. - Hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- Lifecycle
Rules BucketLifecycle Rule - A configuration of object lifecycle management (documented below).
- Loggings
Bucket
Logging - A settings of bucket logging (documented below).
- Object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1This type is defined in the AWS Classic package.
- Policy string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - Replication
Configuration BucketReplication Configuration A configuration of replication configuration (documented below).
This type is defined in the AWS Classic package.
- Request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - Server
Side BucketEncryption Configuration Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
This type is defined in the AWS Classic package.
- map[string]string
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Versioning
Bucket
Versioning A state of versioning (documented below)
This type is defined in the AWS Classic package.
- Website
Bucket
Website A website object (documented below).
This type is defined in the AWS Classic package.
- Website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- Website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl String
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn String
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket String
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix String - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors
Rules List<BucketCors Rule> - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
List<Bucket
Grant> - An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone StringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<BucketLifecycle Rule> - A configuration of object lifecycle management (documented below).
- loggings
List<Bucket
Logging> - A settings of bucket logging (documented below).
- object
Lock BucketConfiguration Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1This type is defined in the AWS Classic package.
- policy String
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication
Configuration BucketReplication Configuration A configuration of replication configuration (documented below).
This type is defined in the AWS Classic package.
- request
Payer String - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side BucketEncryption Configuration Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
This type is defined in the AWS Classic package.
- Map<String,String>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning
Bucket
Versioning A state of versioning (documented below)
This type is defined in the AWS Classic package.
- website
Bucket
Website A website object (documented below).
This type is defined in the AWS Classic package.
- website
Domain String - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status string - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl string
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn string
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket string
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix string - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors
Rules pulumiAws.types.input.s3. Bucket Cors Rule[] - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
pulumi
Aws.types.input.s3. Bucket Grant[] - An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone stringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules pulumiAws.types.input.s3. Bucket Lifecycle Rule[] - A configuration of object lifecycle management (documented below).
- loggings
pulumi
Aws.types.input.s3. Bucket Logging[] - A settings of bucket logging (documented below).
- object
Lock pulumiConfiguration Aws.types.input.s3. Bucket Object Lock Configuration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1This type is defined in the AWS Classic package.
- policy string
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication
Configuration pulumiAws.types.input.s3. Bucket Replication Configuration A configuration of replication configuration (documented below).
This type is defined in the AWS Classic package.
- request
Payer string - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side pulumiEncryption Configuration Aws.types.input.s3. Bucket Server Side Encryption Configuration A configuration of server-side encryption configuration (documented below)
This type is defined in the AWS Classic package.
- {[key: string]: string}
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning
pulumi
Aws.types.input.s3. Bucket Versioning A state of versioning (documented below)
This type is defined in the AWS Classic package.
- website
pulumi
Aws.types.input.s3. Bucket Website A website object (documented below).
This type is defined in the AWS Classic package.
- website
Domain string - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint string - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration_
status str - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl str
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn str
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket str
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket_
prefix str - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors_
rules Sequence[pulumi_aws.s3. Bucket Cors Rule Args] - A rule of Cross-Origin Resource Sharing (documented below).
- force_
destroy bool - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants
Sequence[pulumi_
aws.s3. Bucket Grant Args] - An ACL policy grant (documented below). Conflicts with
acl. - hosted_
zone_ strid - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle_
rules Sequence[pulumi_aws.s3. Bucket Lifecycle Rule Args] - A configuration of object lifecycle management (documented below).
- loggings
Sequence[pulumi_
aws.s3. Bucket Logging Args] - A settings of bucket logging (documented below).
- object_
lock_ pulumi_configuration aws.s3. Bucket Object Lock Configuration Args A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1This type is defined in the AWS Classic package.
- policy str
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication_
configuration pulumi_aws.s3. Bucket Replication Configuration Args A configuration of replication configuration (documented below).
This type is defined in the AWS Classic package.
- request_
payer str - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server_
side_ pulumi_encryption_ configuration aws.s3. Bucket Server Side Encryption Configuration Args A configuration of server-side encryption configuration (documented below)
This type is defined in the AWS Classic package.
- Mapping[str, str]
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning
pulumi_
aws.s3. Bucket Versioning Args A state of versioning (documented below)
This type is defined in the AWS Classic package.
- website
pulumi_
aws.s3. Bucket Website Args A website object (documented below).
This type is defined in the AWS Classic package.
- website_
domain str - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website_
endpoint str - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
- acceleration
Status String - Sets the accelerate configuration of an existing bucket. Can be
EnabledorSuspended. - acl String
- The canned ACL to apply. Valid values are
private,public-read,public-read-write,aws-exec-read,authenticated-read, andlog-delivery-write. Defaults toprivate. Conflicts withgrant. - arn String
- The ARN of the bucket. Will be of format
arn:aws:s3:::bucketname. - bucket String
- The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
- bucket
Prefix String - Creates a unique bucket name beginning with the specified prefix. Conflicts with
bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here. - cors
Rules List<Property Map> - A rule of Cross-Origin Resource Sharing (documented below).
- force
Destroy Boolean - A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
- grants List<Property Map>
- An ACL policy grant (documented below). Conflicts with
acl. - hosted
Zone StringId - The Route 53 Hosted Zone ID for this bucket's region.
- lifecycle
Rules List<Property Map> - A configuration of object lifecycle management (documented below).
- loggings List<Property Map>
- A settings of bucket logging (documented below).
- object
Lock Property MapConfiguration A configuration of S3 object locking (documented below)
NOTE: You cannot use
acceleration_statusincn-north-1orus-gov-west-1This type is defined in the AWS Classic package.
- policy String
- A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a
pulumi preview. In this case, please make sure you use the verbose/specific version of the policy. - replication
Configuration Property Map A configuration of replication configuration (documented below).
This type is defined in the AWS Classic package.
- request
Payer String - Specifies who should bear the cost of Amazon S3 data transfer.
Can be either
BucketOwnerorRequester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. - server
Side Property MapEncryption Configuration A configuration of server-side encryption configuration (documented below)
This type is defined in the AWS Classic package.
- Map<String>
- A map of tags to assign to the bucket. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - versioning Property Map
A state of versioning (documented below)
This type is defined in the AWS Classic package.
- website Property Map
A website object (documented below).
This type is defined in the AWS Classic package.
- website
Domain String - The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
- website
Endpoint String - The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
ExistingBucket, ExistingBucketArgs
ExistingLogGroup, ExistingLogGroupArgs
LogGroup, LogGroupArgs
- Kms
Key stringId - The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
- Log
Group stringClass - Specified the log class of the log group. Possible values are:
STANDARDorINFREQUENT_ACCESS. - Name string
- The name of the log group. If omitted, this provider will assign a random, unique name.
- Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - Retention
In intDays - Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
- Skip
Destroy bool - Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
- Dictionary<string, string>
- A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Kms
Key stringId - The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
- Log
Group stringClass - Specified the log class of the log group. Possible values are:
STANDARDorINFREQUENT_ACCESS. - Name string
- The name of the log group. If omitted, this provider will assign a random, unique name.
- Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - Retention
In intDays - Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
- Skip
Destroy bool - Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
- map[string]string
- A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- kms
Key StringId - The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
- log
Group StringClass - Specified the log class of the log group. Possible values are:
STANDARDorINFREQUENT_ACCESS. - name String
- The name of the log group. If omitted, this provider will assign a random, unique name.
- name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. - retention
In IntegerDays - Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
- skip
Destroy Boolean - Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
- Map<String,String>
- A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- kms
Key stringId - The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
- log
Group stringClass - Specified the log class of the log group. Possible values are:
STANDARDorINFREQUENT_ACCESS. - name string
- The name of the log group. If omitted, this provider will assign a random, unique name.
- name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - retention
In numberDays - Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
- skip
Destroy boolean - Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
- {[key: string]: string}
- A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- kms_
key_ strid - The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
- log_
group_ strclass - Specified the log class of the log group. Possible values are:
STANDARDorINFREQUENT_ACCESS. - name str
- The name of the log group. If omitted, this provider will assign a random, unique name.
- name_
prefix str - Creates a unique name beginning with the specified prefix. Conflicts with
name. - retention_
in_ intdays - Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
- skip_
destroy bool - Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
- Mapping[str, str]
- A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- kms
Key StringId - The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
- log
Group StringClass - Specified the log class of the log group. Possible values are:
STANDARDorINFREQUENT_ACCESS. - name String
- The name of the log group. If omitted, this provider will assign a random, unique name.
- name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. - retention
In NumberDays - Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
- skip
Destroy Boolean - Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
- Map<String>
- A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
OptionalLogGroup, OptionalLogGroupArgs
- Args
Pulumi.
Awsx. Awsx. Inputs. Log Group - Arguments to use instead of the default values during creation.
- Enable bool
- Enable creation of the log group.
- Existing
Pulumi.
Awsx. Awsx. Inputs. Existing Log Group - Identity of an existing log group to use. Cannot be used in combination with
argsoropts.
- Args
Log
Group - Arguments to use instead of the default values during creation.
- Enable bool
- Enable creation of the log group.
- Existing
Existing
Log Group - Identity of an existing log group to use. Cannot be used in combination with
argsoropts.
- args
Log
Group - Arguments to use instead of the default values during creation.
- enable Boolean
- Enable creation of the log group.
- existing
Existing
Log Group - Identity of an existing log group to use. Cannot be used in combination with
argsoropts.
- args
awsx.
Log Group - Arguments to use instead of the default values during creation.
- enable boolean
- Enable creation of the log group.
- existing
awsx.
Existing Log Group - Identity of an existing log group to use. Cannot be used in combination with
argsoropts.
- args
awsx.
Log Group - Arguments to use instead of the default values during creation.
- enable bool
- Enable creation of the log group.
- existing
awsx.
Existing Log Group - Identity of an existing log group to use. Cannot be used in combination with
argsoropts.
- args Property Map
- Arguments to use instead of the default values during creation.
- enable Boolean
- Enable creation of the log group.
- existing Property Map
- Identity of an existing log group to use. Cannot be used in combination with
argsoropts.
RequiredBucket, RequiredBucketArgs
- Args
Pulumi.
Awsx. Awsx. Inputs. Bucket - Arguments to use instead of the default values during creation.
- Existing
Pulumi.
Awsx. Awsx. Inputs. Existing Bucket - Identity of an existing bucket to use. Cannot be used in combination with
args.
- Args Bucket
- Arguments to use instead of the default values during creation.
- Existing
Existing
Bucket - Identity of an existing bucket to use. Cannot be used in combination with
args.
- args Bucket
- Arguments to use instead of the default values during creation.
- existing
Existing
Bucket - Identity of an existing bucket to use. Cannot be used in combination with
args.
- args
awsx.
Bucket - Arguments to use instead of the default values during creation.
- existing
awsx.
Existing Bucket - Identity of an existing bucket to use. Cannot be used in combination with
args.
- args
awsx.
Bucket - Arguments to use instead of the default values during creation.
- existing
awsx.
Existing Bucket - Identity of an existing bucket to use. Cannot be used in combination with
args.
- args Property Map
- Arguments to use instead of the default values during creation.
- existing Property Map
- Identity of an existing bucket to use. Cannot be used in combination with
args.
Package Details
- Repository
- AWSx (Pulumi Crosswalk for AWS) pulumi/pulumi-awsx
- License
- Apache-2.0
AWSx (Pulumi Crosswalk for AWS) v2.9.0 published on Wednesday, Apr 24, 2024 by Pulumi