published on Sunday, Jun 28, 2026 by spectrocloud
published on Sunday, Jun 28, 2026 by spectrocloud
Resource for managing tenant audit trail data sinks (CloudWatch or Splunk) in Spectro Cloud.
Audit trails forward Palette tenant audit logs to AWS CloudWatch or Splunk HEC. Each tenant supports at most one CloudWatch audit trail and one Splunk audit trail. Both sink types can be configured on the same tenant at the same time.
CloudWatch audit trails are managed via POST /v1/tenants/{tenantUID}/assets/dataSinks. CloudWatch credentials and Splunk HEC settings are validated against Palette before create and update, matching the cloud account and tenant settings UI flow.
Example Usage
CloudWatch with access keys
This example mirrors the tenant settings UI payload: log group dev-hubble-audits in us-east-1 with secret credentials. Omit stream to write to the log group without a dedicated log stream.
import * as pulumi from "@pulumi/pulumi";
import * as spectrocloud from "@pulumi/spectrocloud";
const cloudwatch = new spectrocloud.AuditTrail("cloudwatch", {
name: "rag",
type: "cloudwatch",
cloudwatch: {
group: "dev-hubble-audits",
region: "us-east-1",
credentialType: "secret",
accessKey: awsAccessKey,
secretKey: awsSecretKey,
partition: "aws",
},
});
import pulumi
import pulumi_spectrocloud as spectrocloud
cloudwatch = spectrocloud.AuditTrail("cloudwatch",
name="rag",
type="cloudwatch",
cloudwatch={
"group": "dev-hubble-audits",
"region": "us-east-1",
"credential_type": "secret",
"access_key": aws_access_key,
"secret_key": aws_secret_key,
"partition": "aws",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/spectrocloud/spectrocloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := spectrocloud.NewAuditTrail(ctx, "cloudwatch", &spectrocloud.AuditTrailArgs{
Name: pulumi.String("rag"),
Type: pulumi.String("cloudwatch"),
Cloudwatch: &spectrocloud.AuditTrailCloudwatchArgs{
Group: pulumi.String("dev-hubble-audits"),
Region: pulumi.String("us-east-1"),
CredentialType: pulumi.String("secret"),
AccessKey: pulumi.Any(awsAccessKey),
SecretKey: pulumi.Any(awsSecretKey),
Partition: pulumi.String("aws"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Spectrocloud = Pulumi.Spectrocloud;
return await Deployment.RunAsync(() =>
{
var cloudwatch = new Spectrocloud.AuditTrail("cloudwatch", new()
{
Name = "rag",
Type = "cloudwatch",
Cloudwatch = new Spectrocloud.Inputs.AuditTrailCloudwatchArgs
{
Group = "dev-hubble-audits",
Region = "us-east-1",
CredentialType = "secret",
AccessKey = awsAccessKey,
SecretKey = awsSecretKey,
Partition = "aws",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.spectrocloud.AuditTrail;
import com.pulumi.spectrocloud.AuditTrailArgs;
import com.pulumi.spectrocloud.inputs.AuditTrailCloudwatchArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudwatch = new AuditTrail("cloudwatch", AuditTrailArgs.builder()
.name("rag")
.type("cloudwatch")
.cloudwatch(AuditTrailCloudwatchArgs.builder()
.group("dev-hubble-audits")
.region("us-east-1")
.credentialType("secret")
.accessKey(awsAccessKey)
.secretKey(awsSecretKey)
.partition("aws")
.build())
.build());
}
}
resources:
cloudwatch:
type: spectrocloud:AuditTrail
properties:
name: rag
type: cloudwatch
cloudwatch:
group: dev-hubble-audits
region: us-east-1
credentialType: secret
accessKey: ${awsAccessKey}
secretKey: ${awsSecretKey}
partition: aws
Example coming soon!
CloudWatch with STS
import * as pulumi from "@pulumi/pulumi";
import * as spectrocloud from "@pulumi/spectrocloud";
const cloudwatchSts = new spectrocloud.AuditTrail("cloudwatch_sts", {
name: "rag-sts",
type: "cloudwatch",
cloudwatch: {
group: "dev-hubble-audits",
region: "us-east-1",
credentialType: "sts",
arn: awsStsRoleArn,
externalId: awsExternalId,
partition: "aws",
},
});
import pulumi
import pulumi_spectrocloud as spectrocloud
cloudwatch_sts = spectrocloud.AuditTrail("cloudwatch_sts",
name="rag-sts",
type="cloudwatch",
cloudwatch={
"group": "dev-hubble-audits",
"region": "us-east-1",
"credential_type": "sts",
"arn": aws_sts_role_arn,
"external_id": aws_external_id,
"partition": "aws",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/spectrocloud/spectrocloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := spectrocloud.NewAuditTrail(ctx, "cloudwatch_sts", &spectrocloud.AuditTrailArgs{
Name: pulumi.String("rag-sts"),
Type: pulumi.String("cloudwatch"),
Cloudwatch: &spectrocloud.AuditTrailCloudwatchArgs{
Group: pulumi.String("dev-hubble-audits"),
Region: pulumi.String("us-east-1"),
CredentialType: pulumi.String("sts"),
Arn: pulumi.Any(awsStsRoleArn),
ExternalId: pulumi.Any(awsExternalId),
Partition: pulumi.String("aws"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Spectrocloud = Pulumi.Spectrocloud;
return await Deployment.RunAsync(() =>
{
var cloudwatchSts = new Spectrocloud.AuditTrail("cloudwatch_sts", new()
{
Name = "rag-sts",
Type = "cloudwatch",
Cloudwatch = new Spectrocloud.Inputs.AuditTrailCloudwatchArgs
{
Group = "dev-hubble-audits",
Region = "us-east-1",
CredentialType = "sts",
Arn = awsStsRoleArn,
ExternalId = awsExternalId,
Partition = "aws",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.spectrocloud.AuditTrail;
import com.pulumi.spectrocloud.AuditTrailArgs;
import com.pulumi.spectrocloud.inputs.AuditTrailCloudwatchArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudwatchSts = new AuditTrail("cloudwatchSts", AuditTrailArgs.builder()
.name("rag-sts")
.type("cloudwatch")
.cloudwatch(AuditTrailCloudwatchArgs.builder()
.group("dev-hubble-audits")
.region("us-east-1")
.credentialType("sts")
.arn(awsStsRoleArn)
.externalId(awsExternalId)
.partition("aws")
.build())
.build());
}
}
resources:
cloudwatchSts:
type: spectrocloud:AuditTrail
name: cloudwatch_sts
properties:
name: rag-sts
type: cloudwatch
cloudwatch:
group: dev-hubble-audits
region: us-east-1
credentialType: sts
arn: ${awsStsRoleArn}
externalId: ${awsExternalId}
partition: aws
Example coming soon!
Splunk HEC
import * as pulumi from "@pulumi/pulumi";
import * as spectrocloud from "@pulumi/spectrocloud";
const splunk = new spectrocloud.AuditTrail("splunk", {
name: "test-tf",
type: "splunk",
splunk: {
hecUrl: "https://http-inputs-example.splunkcloud.com:443",
token: splunkHecToken,
index: "main",
source: "palette",
tlsConfig: {
insecureSkipVerify: false,
},
},
});
import pulumi
import pulumi_spectrocloud as spectrocloud
splunk = spectrocloud.AuditTrail("splunk",
name="test-tf",
type="splunk",
splunk={
"hec_url": "https://http-inputs-example.splunkcloud.com:443",
"token": splunk_hec_token,
"index": "main",
"source": "palette",
"tls_config": {
"insecure_skip_verify": False,
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/spectrocloud/spectrocloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := spectrocloud.NewAuditTrail(ctx, "splunk", &spectrocloud.AuditTrailArgs{
Name: pulumi.String("test-tf"),
Type: pulumi.String("splunk"),
Splunk: &spectrocloud.AuditTrailSplunkArgs{
HecUrl: pulumi.String("https://http-inputs-example.splunkcloud.com:443"),
Token: pulumi.Any(splunkHecToken),
Index: pulumi.String("main"),
Source: pulumi.String("palette"),
TlsConfig: &spectrocloud.AuditTrailSplunkTlsConfigArgs{
InsecureSkipVerify: pulumi.Bool(false),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Spectrocloud = Pulumi.Spectrocloud;
return await Deployment.RunAsync(() =>
{
var splunk = new Spectrocloud.AuditTrail("splunk", new()
{
Name = "test-tf",
Type = "splunk",
Splunk = new Spectrocloud.Inputs.AuditTrailSplunkArgs
{
HecUrl = "https://http-inputs-example.splunkcloud.com:443",
Token = splunkHecToken,
Index = "main",
Source = "palette",
TlsConfig = new Spectrocloud.Inputs.AuditTrailSplunkTlsConfigArgs
{
InsecureSkipVerify = false,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.spectrocloud.AuditTrail;
import com.pulumi.spectrocloud.AuditTrailArgs;
import com.pulumi.spectrocloud.inputs.AuditTrailSplunkArgs;
import com.pulumi.spectrocloud.inputs.AuditTrailSplunkTlsConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var splunk = new AuditTrail("splunk", AuditTrailArgs.builder()
.name("test-tf")
.type("splunk")
.splunk(AuditTrailSplunkArgs.builder()
.hecUrl("https://http-inputs-example.splunkcloud.com:443")
.token(splunkHecToken)
.index("main")
.source("palette")
.tlsConfig(AuditTrailSplunkTlsConfigArgs.builder()
.insecureSkipVerify(false)
.build())
.build())
.build());
}
}
resources:
splunk:
type: spectrocloud:AuditTrail
properties:
name: test-tf
type: splunk
splunk:
hecUrl: https://http-inputs-example.splunkcloud.com:443
token: ${splunkHecToken}
index: main
source: palette
tlsConfig:
insecureSkipVerify: false
Example coming soon!
Create AuditTrail Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuditTrail(name: string, args: AuditTrailArgs, opts?: CustomResourceOptions);@overload
def AuditTrail(resource_name: str,
args: AuditTrailArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuditTrail(resource_name: str,
opts: Optional[ResourceOptions] = None,
type: Optional[str] = None,
audit_trail_id: Optional[str] = None,
cloudwatch: Optional[AuditTrailCloudwatchArgs] = None,
name: Optional[str] = None,
splunk: Optional[AuditTrailSplunkArgs] = None,
timeouts: Optional[AuditTrailTimeoutsArgs] = None)func NewAuditTrail(ctx *Context, name string, args AuditTrailArgs, opts ...ResourceOption) (*AuditTrail, error)public AuditTrail(string name, AuditTrailArgs args, CustomResourceOptions? opts = null)
public AuditTrail(String name, AuditTrailArgs args)
public AuditTrail(String name, AuditTrailArgs args, CustomResourceOptions options)
type: spectrocloud:AuditTrail
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "spectrocloud_audittrail" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args AuditTrailArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuditTrailArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuditTrailArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuditTrailArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuditTrailArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var auditTrailResource = new Spectrocloud.AuditTrail("auditTrailResource", new()
{
Type = "string",
AuditTrailId = "string",
Cloudwatch = new Spectrocloud.Inputs.AuditTrailCloudwatchArgs
{
Group = "string",
Region = "string",
AccessKey = "string",
Arn = "string",
CredentialType = "string",
ExternalId = "string",
Partition = "string",
SecretKey = "string",
Stream = "string",
},
Name = "string",
Splunk = new Spectrocloud.Inputs.AuditTrailSplunkArgs
{
HecUrl = "string",
Token = "string",
Index = "string",
Source = "string",
TlsConfig = new Spectrocloud.Inputs.AuditTrailSplunkTlsConfigArgs
{
CaCertBase64 = "string",
InsecureSkipVerify = false,
TlsVerification = false,
},
},
Timeouts = new Spectrocloud.Inputs.AuditTrailTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
});
example, err := spectrocloud.NewAuditTrail(ctx, "auditTrailResource", &spectrocloud.AuditTrailArgs{
Type: pulumi.String("string"),
AuditTrailId: pulumi.String("string"),
Cloudwatch: &spectrocloud.AuditTrailCloudwatchArgs{
Group: pulumi.String("string"),
Region: pulumi.String("string"),
AccessKey: pulumi.String("string"),
Arn: pulumi.String("string"),
CredentialType: pulumi.String("string"),
ExternalId: pulumi.String("string"),
Partition: pulumi.String("string"),
SecretKey: pulumi.String("string"),
Stream: pulumi.String("string"),
},
Name: pulumi.String("string"),
Splunk: &spectrocloud.AuditTrailSplunkArgs{
HecUrl: pulumi.String("string"),
Token: pulumi.String("string"),
Index: pulumi.String("string"),
Source: pulumi.String("string"),
TlsConfig: &spectrocloud.AuditTrailSplunkTlsConfigArgs{
CaCertBase64: pulumi.String("string"),
InsecureSkipVerify: pulumi.Bool(false),
TlsVerification: pulumi.Bool(false),
},
},
Timeouts: &spectrocloud.AuditTrailTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
resource "spectrocloud_audittrail" "auditTrailResource" {
type = "string"
audit_trail_id = "string"
cloudwatch = {
group = "string"
region = "string"
access_key = "string"
arn = "string"
credential_type = "string"
external_id = "string"
partition = "string"
secret_key = "string"
stream = "string"
}
name = "string"
splunk = {
hec_url = "string"
token = "string"
index = "string"
source = "string"
tls_config = {
ca_cert_base64 = "string"
insecure_skip_verify = false
tls_verification = false
}
}
timeouts = {
create = "string"
delete = "string"
update = "string"
}
}
var auditTrailResource = new AuditTrail("auditTrailResource", AuditTrailArgs.builder()
.type("string")
.auditTrailId("string")
.cloudwatch(AuditTrailCloudwatchArgs.builder()
.group("string")
.region("string")
.accessKey("string")
.arn("string")
.credentialType("string")
.externalId("string")
.partition("string")
.secretKey("string")
.stream("string")
.build())
.name("string")
.splunk(AuditTrailSplunkArgs.builder()
.hecUrl("string")
.token("string")
.index("string")
.source("string")
.tlsConfig(AuditTrailSplunkTlsConfigArgs.builder()
.caCertBase64("string")
.insecureSkipVerify(false)
.tlsVerification(false)
.build())
.build())
.timeouts(AuditTrailTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.build());
audit_trail_resource = spectrocloud.AuditTrail("auditTrailResource",
type="string",
audit_trail_id="string",
cloudwatch={
"group": "string",
"region": "string",
"access_key": "string",
"arn": "string",
"credential_type": "string",
"external_id": "string",
"partition": "string",
"secret_key": "string",
"stream": "string",
},
name="string",
splunk={
"hec_url": "string",
"token": "string",
"index": "string",
"source": "string",
"tls_config": {
"ca_cert_base64": "string",
"insecure_skip_verify": False,
"tls_verification": False,
},
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
})
const auditTrailResource = new spectrocloud.AuditTrail("auditTrailResource", {
type: "string",
auditTrailId: "string",
cloudwatch: {
group: "string",
region: "string",
accessKey: "string",
arn: "string",
credentialType: "string",
externalId: "string",
partition: "string",
secretKey: "string",
stream: "string",
},
name: "string",
splunk: {
hecUrl: "string",
token: "string",
index: "string",
source: "string",
tlsConfig: {
caCertBase64: "string",
insecureSkipVerify: false,
tlsVerification: false,
},
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
});
type: spectrocloud:AuditTrail
properties:
auditTrailId: string
cloudwatch:
accessKey: string
arn: string
credentialType: string
externalId: string
group: string
partition: string
region: string
secretKey: string
stream: string
name: string
splunk:
hecUrl: string
index: string
source: string
tlsConfig:
caCertBase64: string
insecureSkipVerify: false
tlsVerification: false
token: string
timeouts:
create: string
delete: string
update: string
type: string
AuditTrail Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuditTrail resource accepts the following input properties:
- Type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - Audit
Trail stringId - The ID of this resource.
- Cloudwatch
Audit
Trail Cloudwatch - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - Name string
- Human-readable name for the audit trail.
- Splunk
Audit
Trail Splunk - Splunk HEC audit trail configuration. Required when
typeissplunk. - Timeouts
Audit
Trail Timeouts
- Type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - Audit
Trail stringId - The ID of this resource.
- Cloudwatch
Audit
Trail Cloudwatch Args - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - Name string
- Human-readable name for the audit trail.
- Splunk
Audit
Trail Splunk Args - Splunk HEC audit trail configuration. Required when
typeissplunk. - Timeouts
Audit
Trail Timeouts Args
- type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - audit_
trail_ stringid - The ID of this resource.
- cloudwatch object
- CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name string
- Human-readable name for the audit trail.
- splunk object
- Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts object
- type String
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - audit
Trail StringId - The ID of this resource.
- cloudwatch
Audit
Trail Cloudwatch - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name String
- Human-readable name for the audit trail.
- splunk
Audit
Trail Splunk - Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts
Audit
Trail Timeouts
- type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - audit
Trail stringId - The ID of this resource.
- cloudwatch
Audit
Trail Cloudwatch - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name string
- Human-readable name for the audit trail.
- splunk
Audit
Trail Splunk - Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts
Audit
Trail Timeouts
- type str
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - audit_
trail_ strid - The ID of this resource.
- cloudwatch
Audit
Trail Cloudwatch Args - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name str
- Human-readable name for the audit trail.
- splunk
Audit
Trail Splunk Args - Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts
Audit
Trail Timeouts Args
- type String
- Audit trail sink type. Allowed values are
cloudwatchorsplunk. - audit
Trail StringId - The ID of this resource.
- cloudwatch Property Map
- CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name String
- Human-readable name for the audit trail.
- splunk Property Map
- Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the AuditTrail resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AuditTrail Resource
Get an existing AuditTrail resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuditTrailState, opts?: CustomResourceOptions): AuditTrail@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
audit_trail_id: Optional[str] = None,
cloudwatch: Optional[AuditTrailCloudwatchArgs] = None,
name: Optional[str] = None,
splunk: Optional[AuditTrailSplunkArgs] = None,
timeouts: Optional[AuditTrailTimeoutsArgs] = None,
type: Optional[str] = None) -> AuditTrailfunc GetAuditTrail(ctx *Context, name string, id IDInput, state *AuditTrailState, opts ...ResourceOption) (*AuditTrail, error)public static AuditTrail Get(string name, Input<string> id, AuditTrailState? state, CustomResourceOptions? opts = null)public static AuditTrail get(String name, Output<String> id, AuditTrailState state, CustomResourceOptions options)resources: _: type: spectrocloud:AuditTrail get: id: ${id}import {
to = spectrocloud_audittrail.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Audit
Trail stringId - The ID of this resource.
- Cloudwatch
Audit
Trail Cloudwatch - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - Name string
- Human-readable name for the audit trail.
- Splunk
Audit
Trail Splunk - Splunk HEC audit trail configuration. Required when
typeissplunk. - Timeouts
Audit
Trail Timeouts - Type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
- Audit
Trail stringId - The ID of this resource.
- Cloudwatch
Audit
Trail Cloudwatch Args - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - Name string
- Human-readable name for the audit trail.
- Splunk
Audit
Trail Splunk Args - Splunk HEC audit trail configuration. Required when
typeissplunk. - Timeouts
Audit
Trail Timeouts Args - Type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
- audit_
trail_ stringid - The ID of this resource.
- cloudwatch object
- CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name string
- Human-readable name for the audit trail.
- splunk object
- Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts object
- type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
- audit
Trail StringId - The ID of this resource.
- cloudwatch
Audit
Trail Cloudwatch - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name String
- Human-readable name for the audit trail.
- splunk
Audit
Trail Splunk - Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts
Audit
Trail Timeouts - type String
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
- audit
Trail stringId - The ID of this resource.
- cloudwatch
Audit
Trail Cloudwatch - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name string
- Human-readable name for the audit trail.
- splunk
Audit
Trail Splunk - Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts
Audit
Trail Timeouts - type string
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
- audit_
trail_ strid - The ID of this resource.
- cloudwatch
Audit
Trail Cloudwatch Args - CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name str
- Human-readable name for the audit trail.
- splunk
Audit
Trail Splunk Args - Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts
Audit
Trail Timeouts Args - type str
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
- audit
Trail StringId - The ID of this resource.
- cloudwatch Property Map
- CloudWatch audit trail configuration. Required when
typeiscloudwatch. - name String
- Human-readable name for the audit trail.
- splunk Property Map
- Splunk HEC audit trail configuration. Required when
typeissplunk. - timeouts Property Map
- type String
- Audit trail sink type. Allowed values are
cloudwatchorsplunk.
Supporting Types
AuditTrailCloudwatch, AuditTrailCloudwatchArgs
- Group string
- CloudWatch log group name.
- Region string
- AWS region for CloudWatch.
- Access
Key string - AWS access key. Required when
credential_typeissecret. - Arn string
- IAM role ARN. Required when
credential_typeissts. - Credential
Type string - AWS credential type. Allowed values are
secretorsts. Default issecret. - External
Id string - External ID for STS role assumption. Used with
credential_typests. - Partition string
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - Secret
Key string - AWS secret key. Required when
credential_typeissecret. - Stream string
- Optional CloudWatch log stream name.
- Group string
- CloudWatch log group name.
- Region string
- AWS region for CloudWatch.
- Access
Key string - AWS access key. Required when
credential_typeissecret. - Arn string
- IAM role ARN. Required when
credential_typeissts. - Credential
Type string - AWS credential type. Allowed values are
secretorsts. Default issecret. - External
Id string - External ID for STS role assumption. Used with
credential_typests. - Partition string
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - Secret
Key string - AWS secret key. Required when
credential_typeissecret. - Stream string
- Optional CloudWatch log stream name.
- group string
- CloudWatch log group name.
- region string
- AWS region for CloudWatch.
- access_
key string - AWS access key. Required when
credential_typeissecret. - arn string
- IAM role ARN. Required when
credential_typeissts. - credential_
type string - AWS credential type. Allowed values are
secretorsts. Default issecret. - external_
id string - External ID for STS role assumption. Used with
credential_typests. - partition string
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - secret_
key string - AWS secret key. Required when
credential_typeissecret. - stream string
- Optional CloudWatch log stream name.
- group String
- CloudWatch log group name.
- region String
- AWS region for CloudWatch.
- access
Key String - AWS access key. Required when
credential_typeissecret. - arn String
- IAM role ARN. Required when
credential_typeissts. - credential
Type String - AWS credential type. Allowed values are
secretorsts. Default issecret. - external
Id String - External ID for STS role assumption. Used with
credential_typests. - partition String
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - secret
Key String - AWS secret key. Required when
credential_typeissecret. - stream String
- Optional CloudWatch log stream name.
- group string
- CloudWatch log group name.
- region string
- AWS region for CloudWatch.
- access
Key string - AWS access key. Required when
credential_typeissecret. - arn string
- IAM role ARN. Required when
credential_typeissts. - credential
Type string - AWS credential type. Allowed values are
secretorsts. Default issecret. - external
Id string - External ID for STS role assumption. Used with
credential_typests. - partition string
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - secret
Key string - AWS secret key. Required when
credential_typeissecret. - stream string
- Optional CloudWatch log stream name.
- group str
- CloudWatch log group name.
- region str
- AWS region for CloudWatch.
- access_
key str - AWS access key. Required when
credential_typeissecret. - arn str
- IAM role ARN. Required when
credential_typeissts. - credential_
type str - AWS credential type. Allowed values are
secretorsts. Default issecret. - external_
id str - External ID for STS role assumption. Used with
credential_typests. - partition str
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - secret_
key str - AWS secret key. Required when
credential_typeissecret. - stream str
- Optional CloudWatch log stream name.
- group String
- CloudWatch log group name.
- region String
- AWS region for CloudWatch.
- access
Key String - AWS access key. Required when
credential_typeissecret. - arn String
- IAM role ARN. Required when
credential_typeissts. - credential
Type String - AWS credential type. Allowed values are
secretorsts. Default issecret. - external
Id String - External ID for STS role assumption. Used with
credential_typests. - partition String
- AWS partition. Allowed values are
awsoraws-us-gov. Default isaws. - secret
Key String - AWS secret key. Required when
credential_typeissecret. - stream String
- Optional CloudWatch log stream name.
AuditTrailSplunk, AuditTrailSplunkArgs
- hec_
url str - Splunk HTTP Event Collector (HEC) URL.
- token str
- Splunk HEC token.
- index str
- Optional Splunk index. Uses the token default when empty.
- source str
- Optional Splunk source. Uses the token default when empty.
- tls_
config AuditTrail Splunk Tls Config - Optional TLS configuration for Splunk HEC.
AuditTrailSplunkTlsConfig, AuditTrailSplunkTlsConfigArgs
- Ca
Cert stringBase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- Insecure
Skip boolVerify - Skip TLS certificate verification when set to
true. Default isfalse. - Tls
Verification bool - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
- Ca
Cert stringBase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- Insecure
Skip boolVerify - Skip TLS certificate verification when set to
true. Default isfalse. - Tls
Verification bool - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
- ca_
cert_ stringbase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- insecure_
skip_ boolverify - Skip TLS certificate verification when set to
true. Default isfalse. - tls_
verification bool - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
- ca
Cert StringBase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- insecure
Skip BooleanVerify - Skip TLS certificate verification when set to
true. Default isfalse. - tls
Verification Boolean - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
- ca
Cert stringBase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- insecure
Skip booleanVerify - Skip TLS certificate verification when set to
true. Default isfalse. - tls
Verification boolean - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
- ca_
cert_ strbase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- insecure_
skip_ boolverify - Skip TLS certificate verification when set to
true. Default isfalse. - tls_
verification bool - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
- ca
Cert StringBase64 - Base64-encoded CA certificate for self-signed Splunk instances.
- insecure
Skip BooleanVerify - Skip TLS certificate verification when set to
true. Default isfalse. - tls
Verification Boolean - Whether TLS certificate verification is enabled. Computed as the inverse of
insecure_skip_verify.
AuditTrailTimeouts, AuditTrailTimeoutsArgs
Import
Import an audit trail using its Palette UID:
console
$ pulumi import spectrocloud:index/auditTrail:AuditTrail example <uid>
The provider detects whether the UID belongs to a Splunk or CloudWatch audit trail.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- spectrocloud spectrocloud/terraform-provider-spectrocloud
- License
- Notes
- This Pulumi package is based on the
spectrocloudTerraform Provider.
published on Sunday, Jun 28, 2026 by spectrocloud