Upload File

aws cloudtrail - api reference€¦ · 01/11/2013  · more information about the aws sdks,...

  • Home
  • Documents
  • AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail
96
AWS CloudTrail API Reference API Version 2013-11-01

Upload: others

Post on 11-Aug-2021

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrailAPI Reference

API Version 2013-11-01

Page 2: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

AWS CloudTrail: API ReferenceCopyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.

Page 3: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

AddTags .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

CreateTrail .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

DeleteTrail .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

DescribeTrails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

GetEventSelectors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

GetInsightSelectors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

GetTrail .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

GetTrailStatus .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

API Version 2013-11-01iii

Page 4: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

ListPublicKeys .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

ListTags .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

ListTrails ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

LookupEvents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

PutEventSelectors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

PutInsightSelectors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Examples .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

RemoveTags .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

StartLogging .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

API Version 2013-11-01iv

Page 5: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

StopLogging .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

UpdateTrail .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67AdvancedEventSelector ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

AdvancedFieldSelector ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

DataResource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Event .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

EventSelector ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

InsightSelector ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

LookupAttribute .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

PublicKey .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Resource .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

ResourceTag .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Tag .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Trail .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

TrailInfo .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Common Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

API Version 2013-11-01v

Page 6: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

WelcomeThis is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters,and common errors for CloudTrail.

CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to anAmazon S3 bucket. The recorded information includes the identity of the user, the start time of theAWS API call, the source IP address, the request parameters, and the response elements returned by theservice.

NoteAs an alternative to the API, you can use one of the AWS SDKs, which consist of libraries andsample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android,etc.). The SDKs provide programmatic access to AWS CloudTrail. For example, the SDKs handlecryptographically signing requests, managing errors, and retrying requests automatically. Formore information about the AWS SDKs, including how to download and install them, see Toolsto Build on AWS .

See the AWS CloudTrail User Guide for information about the data that is included with each AWS APIcall listed in the log files.

This document was last published on September 2, 2021.

API Version 2013-11-011

http://aws.amazon.com/tools/
http://aws.amazon.com/tools/
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html
Page 7: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

ActionsThe following actions are supported:

• AddTags (p. 3)• CreateTrail (p. 6)• DeleteTrail (p. 14)• DescribeTrails (p. 16)• GetEventSelectors (p. 19)• GetInsightSelectors (p. 22)• GetTrail (p. 25)• GetTrailStatus (p. 27)• ListPublicKeys (p. 31)• ListTags (p. 34)• ListTrails (p. 37)• LookupEvents (p. 39)• PutEventSelectors (p. 43)• PutInsightSelectors (p. 48)• RemoveTags (p. 52)• StartLogging (p. 55)• StopLogging (p. 57)• UpdateTrail (p. 59)

API Version 2013-11-012

Page 8: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceAddTags

AddTagsAdds one or more tags to a trail, up to a limit of 50. Overwrites an existing tag's value when a new valueis specified for an existing tag key. Tag key names must be unique for a trail; you cannot have two keyswith the same name but different values. If you specify a key without a value, the tag will be createdwith the specified key and a value of null. You can tag a trail that applies to all AWS Regions only fromthe Region in which the trail was created (also known as its home region).

Request Syntax{ "ResourceId": "string", "TagsList": [ { "Key": "string", "Value": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

ResourceId (p. 3)

Specifies the ARN of the trail to which one or more tags will be added. The format of a trail ARN is:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: YesTagsList (p. 3)

Contains a list of tags, up to a limit of 50

Type: Array of Tag (p. 83) objects

Required: No

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

CloudTrailARNInvalidException

This exception is thrown when an operation is called with a trail ARN that is not valid. The followingis the format of a trail ARN.

API Version 2013-11-013

Page 9: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

HTTP Status Code: 400InvalidTagParameterException

This exception is thrown when the specified tag key or values are not valid. It can also occur if thereare duplicate tags or too many tags on the resource.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the specified resource is not found.

HTTP Status Code: 400ResourceTypeNotSupportedException

This exception is thrown when the specified resource type is not supported by CloudTrail.

HTTP Status Code: 400TagsLimitExceededException

The number of tags per trail has exceeded the permitted amount. Currently, the limit is 50.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2013-11-014

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 10: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-015

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/AddTags
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/AddTags
Page 11: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceCreateTrail

CreateTrailCreates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket.

Request Syntax{ "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "EnableLogFileValidation": boolean, "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicName": "string", "TagsList": [ { "Key": "string", "Value": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

CloudWatchLogsLogGroupArn (p. 6)

Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier thatrepresents the log group to which CloudTrail logs will be delivered. Not required unless you specifyCloudWatchLogsRoleArn.

Type: String

Required: NoCloudWatchLogsRoleArn (p. 6)

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

Type: String

Required: NoEnableLogFileValidation (p. 6)

Specifies whether log file integrity validation is enabled. The default is false.

NoteWhen you disable log file integrity validation, the chain of digest files is broken afterone hour. CloudTrail does not create digest files for log files that were delivered during aperiod in which log file integrity validation was disabled. For example, if you enable log fileintegrity validation at noon on January 1, disable it at noon on January 2, and re-enable

API Version 2013-11-016

Page 12: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceRequest Parameters

it at noon on January 10, digest files will not be created for the log files delivered fromnoon on January 2 to noon on January 10. The same applies whenever you stop CloudTraillogging or delete a trail.

Type: Boolean

Required: NoIncludeGlobalServiceEvents (p. 6)

Specifies whether the trail is publishing events from global services such as IAM to the log files.

Type: Boolean

Required: NoIsMultiRegionTrail (p. 6)

Specifies whether the trail is created in the current region or in all regions. The default is false, whichcreates a trail only in the region where you are signed in. As a best practice, consider creating trailsthat log events in all regions.

Type: Boolean

Required: NoIsOrganizationTrail (p. 6)

Specifies whether the trail is created for all accounts in an organization in AWS Organizations,or only for the current AWS account. The default is false, and cannot be true unless the call ismade on behalf of an AWS account that is the management account for an organization in AWSOrganizations.

Type: Boolean

Required: NoKmsKeyId (p. 6)

Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be analias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or aglobally unique identifier.

CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Regionkeys, see Using multi-Region keys in the AWS Key Management Service Developer Guide.

Examples:• alias/MyAliasName• arn:aws:kms:us-east-2:123456789012:alias/MyAliasName• arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012• 12345678-1234-1234-1234-123456789012

Type: String

Required: NoName (p. 6)

Specifies the name of the trail. The name must meet the following requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters

API Version 2013-11-017

https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
Page 13: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Syntax

• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

Type: String

Required: YesS3BucketName (p. 6)

Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3Bucket Naming Requirements.

Type: String

Required: YesS3KeyPrefix (p. 6)

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated forlog file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is200 characters.

Type: String

Required: NoSnsTopicName (p. 6)

Specifies the name of the Amazon SNS topic defined for notification of log file delivery. Themaximum length is 256 characters.

Type: String

Required: NoTagsList (p. 6)

A list of tags.

Type: Array of Tag (p. 83) objects

Required: No

Response Syntax{ "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "LogFileValidationEnabled": boolean, "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicARN": "string", "SnsTopicName": "string", "TrailARN": "string"}

API Version 2013-11-018

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
Page 14: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CloudWatchLogsLogGroupArn (p. 8)

Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will bedelivered.

Type: StringCloudWatchLogsRoleArn (p. 8)

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

Type: StringIncludeGlobalServiceEvents (p. 8)

Specifies whether the trail is publishing events from global services such as IAM to the log files.

Type: BooleanIsMultiRegionTrail (p. 8)

Specifies whether the trail exists in one region or in all regions.

Type: BooleanIsOrganizationTrail (p. 8)

Specifies whether the trail is an organization trail.

Type: BooleanKmsKeyId (p. 8)

Specifies the AWS KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fullyspecified ARN to a AWS KMS key in the following format.

arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

Type: StringLogFileValidationEnabled (p. 8)

Specifies whether log file integrity validation is enabled.

Type: BooleanName (p. 8)

Specifies the name of the trail.

Type: StringS3BucketName (p. 8)

Specifies the name of the Amazon S3 bucket designated for publishing log files.

Type: StringS3KeyPrefix (p. 8)

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated forlog file delivery. For more information, see Finding Your CloudTrail Log Files.

API Version 2013-11-019

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
Page 15: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

Type: StringSnsTopicARN (p. 8)

Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log filesare delivered. The format of a topic ARN is:

arn:aws:sns:us-east-2:123456789012:MyTopic

Type: StringSnsTopicName (p. 8)

This parameter has been deprecated.

This field is no longer in use. Use CreateTrail:SnsTopicARN (p. 10).

Type: StringTrailARN (p. 8)

Specifies the ARN of the trail that was created. The format of a trail ARN is:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

CloudTrailAccessNotEnabledException

This exception is thrown when trusted access has not been enabled between AWS CloudTrail andAWS Organizations. For more information, see Enabling Trusted Access with Other AWS Services andPrepare For Creating a Trail For Your Organization.

HTTP Status Code: 400CloudTrailInvalidClientTokenIdException

This exception is thrown when a call results in the InvalidClientTokenId error code. This canoccur when you are creating or updating a trail to send notifications to an Amazon SNS topic that isin a suspended AWS account.

HTTP Status Code: 400CloudWatchLogsDeliveryUnavailableException

Cannot set a CloudWatch Logs delivery for this region.

HTTP Status Code: 400InsufficientDependencyServiceAccessPermissionException

This exception is thrown when the IAM user or role that is used to create the organization trail islacking one or more required permissions for creating an organization trail in a required service. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400InsufficientEncryptionPolicyException

This exception is thrown when the policy on the S3 bucket or AWS KMS key is not sufficient.

API Version 2013-11-0110

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 16: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

HTTP Status Code: 400InsufficientS3BucketPolicyException

This exception is thrown when the policy on the S3 bucket is not sufficient.

HTTP Status Code: 400InsufficientSnsTopicPolicyException

This exception is thrown when the policy on the Amazon SNS topic is not sufficient.

HTTP Status Code: 400InvalidCloudWatchLogsLogGroupArnException

This exception is thrown when the provided CloudWatch Logs log group is not valid.

HTTP Status Code: 400InvalidCloudWatchLogsRoleArnException

This exception is thrown when the provided role is not valid.

HTTP Status Code: 400InvalidKmsKeyIdException

This exception is thrown when the AWS KMS key ARN is not valid.

HTTP Status Code: 400InvalidParameterCombinationException

This exception is thrown when the combination of parameters provided is not valid.

HTTP Status Code: 400InvalidS3BucketNameException

This exception is thrown when the provided S3 bucket name is not valid.

HTTP Status Code: 400InvalidS3PrefixException

This exception is thrown when the provided S3 prefix is not valid.

HTTP Status Code: 400InvalidSnsTopicNameException

This exception is thrown when the provided SNS topic name is not valid.

HTTP Status Code: 400InvalidTagParameterException

This exception is thrown when the specified tag key or values are not valid. It can also occur if thereare duplicate tags or too many tags on the resource.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

API Version 2013-11-0111

Page 17: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400KmsException

This exception is thrown when there is an issue with the specified AWS KMS key and the trail can’t beupdated.

HTTP Status Code: 400KmsKeyDisabledException

This error has been deprecated.

This exception is no longer in use.

HTTP Status Code: 400KmsKeyNotFoundException

This exception is thrown when the AWS KMS key does not exist, when the S3 bucket and the AWSKMS key are not in the same region, or when the AWS KMS key associated with the Amazon SNStopic either does not exist or is not in the same region.

HTTP Status Code: 400MaximumNumberOfTrailsExceededException

This exception is thrown when the maximum number of trails is reached.

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400OrganizationNotInAllFeaturesModeException

This exception is thrown when AWS Organizations is not configured to support all features. Allfeatures must be enabled in Organizations to support creating an organization trail. For moreinformation, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OrganizationsNotInUseException

This exception is thrown when the request is made from an AWS account that is not a member ofan organization. To make this request, sign in using the credentials of an account that belongs to anorganization.

HTTP Status Code: 400

API Version 2013-11-0112

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 18: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

S3BucketDoesNotExistException

This exception is thrown when the specified S3 bucket does not exist.

HTTP Status Code: 400TrailAlreadyExistsException

This exception is thrown when the specified trail already exists.

HTTP Status Code: 400TrailNotProvidedException

This exception is no longer in use.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0113

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/CreateTrail
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/CreateTrail
Page 19: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceDeleteTrail

DeleteTrailDeletes a trail. This operation must be called from the region in which the trail was created.DeleteTrail cannot be called on the shadow trails (replicated trails in other regions) of a trail that isenabled in all regions.

Request Syntax{ "Name": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

Name (p. 14)

Specifies the name or the CloudTrail ARN of the trail to be deleted. The following is the format of atrail ARN. arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

ConflictException

This exception is thrown when the specified resource is not ready for an operation. This can occurwhen you try to run an operation on a trail before CloudTrail has time to fully load the trail. If thisexception occurs, wait a few minutes, and then try the operation again.

HTTP Status Code: 400InsufficientDependencyServiceAccessPermissionException

This exception is thrown when the IAM user or role that is used to create the organization trail islacking one or more required permissions for creating an organization trail in a required service. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region inwhich the trail was created.

API Version 2013-11-0114

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 20: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0115

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/DeleteTrail
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/DeleteTrail
Page 21: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceDescribeTrails

DescribeTrailsRetrieves settings for one or more trails associated with the current region for your account.

Request Syntax{ "includeShadowTrails": boolean, "trailNameList": [ "string" ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

includeShadowTrails (p. 16)

Specifies whether to include shadow trails in the response. A shadow trail is the replication ina region of a trail that was created in a different region, or in the case of an organization trail,the replication of an organization trail in member accounts. If you do not include shadow trails,organization trails in a member account and region replication trails will not be returned. Thedefault is true.

Type: Boolean

Required: NotrailNameList (p. 16)

Specifies a list of trail names, trail ARNs, or both, of the trails to describe. The format of a trail ARNis:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

If an empty list is specified, information for the trail in the current region is returned.• If an empty list is specified and IncludeShadowTrails is false, then information for all trails in

the current region is returned.• If an empty list is specified and IncludeShadowTrails is null or true, then information for all trails

in the current region and any associated shadow trails in other regions is returned.

NoteIf one or more trail names are specified, information is returned only if the names matchthe names of trails belonging only to the current region. To return information about a trailin another region, you must specify its trail ARN.

Type: Array of strings

Required: No

Response Syntax{ "trailList": [

API Version 2013-11-0116

Page 22: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

{ "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "HasCustomEventSelectors": boolean, "HasInsightSelectors": boolean, "HomeRegion": "string", "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "LogFileValidationEnabled": boolean, "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicARN": "string", "SnsTopicName": "string", "TrailARN": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

trailList (p. 16)

The list of trail objects. Trail objects with string values are only returned if values for the objectsexist in a trail's configuration. For example, SNSTopicName and SNSTopicARN are only returned inresults if a trail is configured to send SNS notifications. Similarly, KMSKeyId only appears in results ifa trail's log files are encrypted with AWS KMS customer managed keys.

Type: Array of Trail (p. 84) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400

API Version 2013-11-0117

Page 23: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0118

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/DescribeTrails
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/DescribeTrails
Page 24: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceGetEventSelectors

GetEventSelectorsDescribes the settings for the event selectors that you configured for your trail. The information returnedfor your event selectors includes the following:

• If your event selector includes read-only events, write-only events, or all events. This applies to bothmanagement events and data events.

• If your event selector includes management events.• If your event selector includes data events, the resources on which you are logging data events.

For more information, see Logging Data and Management Events for Trails in the AWS CloudTrail UserGuide.

Request Syntax{ "TrailName": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

TrailName (p. 19)

Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

If you specify a trail ARN, it must be in the format:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

Response Syntax{ "AdvancedEventSelectors": [ { "FieldSelectors": [ {

API Version 2013-11-0119

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
Page 25: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

"EndsWith": [ "string" ], "Equals": [ "string" ], "Field": "string", "NotEndsWith": [ "string" ], "NotEquals": [ "string" ], "NotStartsWith": [ "string" ], "StartsWith": [ "string" ] } ], "Name": "string" } ], "EventSelectors": [ { "DataResources": [ { "Type": "string", "Values": [ "string" ] } ], "ExcludeManagementEventSources": [ "string" ], "IncludeManagementEvents": boolean, "ReadWriteType": "string" } ], "TrailARN": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AdvancedEventSelectors (p. 19)

The advanced event selectors that are configured for the trail.

Type: Array of AdvancedEventSelector (p. 68) objectsEventSelectors (p. 19)

The event selectors that are configured for the trail.

Type: Array of EventSelector (p. 76) objectsTrailARN (p. 19)

The specified trail ARN that has the event selectors.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

API Version 2013-11-0120

Page 26: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0121

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/GetEventSelectors
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/GetEventSelectors
Page 27: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceGetInsightSelectors

GetInsightSelectorsDescribes the settings for the Insights event selectors that you configured for your trail.GetInsightSelectors shows if CloudTrail Insights event logging is enabled on the trail, and if itis, which insight types are enabled. If you run GetInsightSelectors on a trail that does not haveInsights events enabled, the operation throws the exception InsightNotEnabledException

For more information, see Logging CloudTrail Insights Events for Trails in the AWS CloudTrail User Guide.

Request Syntax

{ "TrailName": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

TrailName (p. 22)

Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet thefollowing requirements:

• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

• Start with a letter or number, and end with a letter or number

• Be between 3 and 128 characters

• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

If you specify a trail ARN, it must be in the format:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

Response Syntax

{ "InsightSelectors": [ { "InsightType": "string" } ], "TrailARN": "string"}

API Version 2013-11-0122

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html
Page 28: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

InsightSelectors (p. 22)

A JSON string that contains the insight types you want to log on a trail. In this release, onlyApiCallRateInsight is supported as an insight type.

Type: Array of InsightSelector (p. 78) objectsTrailARN (p. 22)

The Amazon Resource Name (ARN) of a trail for which you want to get Insights selectors.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InsightNotEnabledException

If you run GetInsightSelectors on a trail that does not have Insights events enabled, theoperation throws the exception InsightNotEnabledException.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

API Version 2013-11-0123

Page 29: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0124

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/GetInsightSelectors
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/GetInsightSelectors
Page 30: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceGetTrail

GetTrailReturns settings information for a specified trail.

Request Syntax{ "Name": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

Name (p. 25)

The name or the Amazon Resource Name (ARN) of the trail for which you want to retrieve settingsinformation.

Type: String

Required: Yes

Response Syntax{ "Trail": { "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "HasCustomEventSelectors": boolean, "HasInsightSelectors": boolean, "HomeRegion": "string", "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "LogFileValidationEnabled": boolean, "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicARN": "string", "SnsTopicName": "string", "TrailARN": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

API Version 2013-11-0125

Page 31: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

Trail (p. 25)

The settings for a trail.

Type: Trail (p. 84) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0126

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/GetTrail
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/GetTrail
Page 32: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceGetTrailStatus

GetTrailStatusReturns a JSON-formatted list of information about the specified trail. Fields include information ondelivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail. Thisoperation returns trail status from a single region. To return trail status from all regions, you must callthe operation on each region.

Request Syntax

{ "Name": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

Name (p. 27)

Specifies the name or the CloudTrail ARN of the trail for which you are requesting status. To get thestatus of a shadow trail (a replication of the trail in another region), you must specify its ARN. Thefollowing is the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

Response Syntax

{ "IsLogging": boolean, "LatestCloudWatchLogsDeliveryError": "string", "LatestCloudWatchLogsDeliveryTime": number, "LatestDeliveryAttemptSucceeded": "string", "LatestDeliveryAttemptTime": "string", "LatestDeliveryError": "string", "LatestDeliveryTime": number, "LatestDigestDeliveryError": "string", "LatestDigestDeliveryTime": number, "LatestNotificationAttemptSucceeded": "string", "LatestNotificationAttemptTime": "string", "LatestNotificationError": "string", "LatestNotificationTime": number, "StartLoggingTime": number, "StopLoggingTime": number, "TimeLoggingStarted": "string", "TimeLoggingStopped": "string"}

API Version 2013-11-0127

Page 33: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

IsLogging (p. 27)

Whether the CloudTrail trail is currently logging AWS API calls.

Type: BooleanLatestCloudWatchLogsDeliveryError (p. 27)

Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs toCloudWatch Logs.

Type: StringLatestCloudWatchLogsDeliveryTime (p. 27)

Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs.

Type: TimestampLatestDeliveryAttemptSucceeded (p. 27)

This field is no longer in use.

Type: StringLatestDeliveryAttemptTime (p. 27)

This field is no longer in use.

Type: StringLatestDeliveryError (p. 27)

Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files tothe designated bucket. For more information, see Error Responses in the Amazon S3 API Reference.

NoteThis error occurs only when there is a problem with the destination S3 bucket, and does notoccur for requests that time out. To resolve the issue, create a new bucket, and then callUpdateTrail to specify the new bucket; or fix the existing objects so that CloudTrail canagain write to the bucket.

Type: StringLatestDeliveryTime (p. 27)

Specifies the date and time that CloudTrail last delivered log files to an account's Amazon S3 bucket.

Type: TimestampLatestDigestDeliveryError (p. 27)

Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digestfile to the designated bucket. For more information, see Error Responses in the Amazon S3 APIReference.

NoteThis error occurs only when there is a problem with the destination S3 bucket, and does notoccur for requests that time out. To resolve the issue, create a new bucket, and then call

API Version 2013-11-0128

https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
Page 34: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

UpdateTrail to specify the new bucket; or fix the existing objects so that CloudTrail canagain write to the bucket.

Type: StringLatestDigestDeliveryTime (p. 27)

Specifies the date and time that CloudTrail last delivered a digest file to an account's Amazon S3bucket.

Type: TimestampLatestNotificationAttemptSucceeded (p. 27)

This field is no longer in use.

Type: StringLatestNotificationAttemptTime (p. 27)

This field is no longer in use.

Type: StringLatestNotificationError (p. 27)

Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification.For more information about Amazon SNS errors, see the Amazon SNS Developer Guide.

Type: StringLatestNotificationTime (p. 27)

Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has writtena new log file to an account's Amazon S3 bucket.

Type: TimestampStartLoggingTime (p. 27)

Specifies the most recent date and time when CloudTrail started recording API calls for an AWSaccount.

Type: TimestampStopLoggingTime (p. 27)

Specifies the most recent date and time when CloudTrail stopped recording API calls for an AWSaccount.

Type: TimestampTimeLoggingStarted (p. 27)

This field is no longer in use.

Type: StringTimeLoggingStopped (p. 27)

This field is no longer in use.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

API Version 2013-11-0129

https://docs.aws.amazon.com/sns/latest/dg/welcome.html
Page 35: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0130

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/GetTrailStatus
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/GetTrailStatus
Page 36: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceListPublicKeys

ListPublicKeysReturns all public keys whose private keys were used to sign the digest files within the specified timerange. The public key is needed to validate digest files that were signed with its corresponding privatekey.

NoteCloudTrail uses different private and public key pairs per region. Each digest file is signed with aprivate key unique to its region. When you validate a digest file from a specific region, you mustlook in the same region for its corresponding public key.

Request Syntax{ "EndTime": number, "NextToken": "string", "StartTime": number}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

EndTime (p. 31)

Optionally specifies, in UTC, the end of the time range to look up public keys for CloudTrail digestfiles. If not specified, the current time is used.

Type: Timestamp

Required: NoNextToken (p. 31)

Reserved for future use.

Type: String

Required: NoStartTime (p. 31)

Optionally specifies, in UTC, the start of the time range to look up public keys for CloudTrail digestfiles. If not specified, the current time is used, and the current public key is returned.

Type: Timestamp

Required: No

Response Syntax{ "NextToken": "string", "PublicKeyList": [ {

API Version 2013-11-0131

Page 37: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

"Fingerprint": "string", "ValidityEndTime": number, "ValidityStartTime": number, "Value": blob } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 31)

Reserved for future use.

Type: StringPublicKeyList (p. 31)

Contains an array of PublicKey objects.

NoteThe returned public keys may have validity time ranges that overlap.

Type: Array of PublicKey (p. 80) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InvalidTimeRangeException

Occurs if the timestamp values are not valid. Either the start time occurs after the end time, or thetime range is outside the range of possible values.

HTTP Status Code: 400InvalidTokenException

Reserved for future use.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2013-11-0132

Page 38: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0133

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/ListPublicKeys
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/ListPublicKeys
Page 39: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceListTags

ListTagsLists the tags for the trail in the current region.

Request Syntax{ "NextToken": "string", "ResourceIdList": [ "string" ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

NextToken (p. 34)

Reserved for future use.

Type: String

Required: NoResourceIdList (p. 34)

Specifies a list of trail ARNs whose tags will be listed. The list has a limit of 20 ARNs. The following isthe format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: Array of strings

Required: Yes

Response Syntax{ "NextToken": "string", "ResourceTagList": [ { "ResourceId": "string", "TagsList": [ { "Key": "string", "Value": "string" } ] } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

API Version 2013-11-0134

Page 40: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

The following data is returned in JSON format by the service.

NextToken (p. 34)

Reserved for future use.

Type: StringResourceTagList (p. 34)

A list of resource tags.

Type: Array of ResourceTag (p. 82) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

CloudTrailARNInvalidException

This exception is thrown when an operation is called with a trail ARN that is not valid. The followingis the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

HTTP Status Code: 400InvalidTokenException

Reserved for future use.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the specified resource is not found.

HTTP Status Code: 400ResourceTypeNotSupportedException

This exception is thrown when the specified resource type is not supported by CloudTrail.

HTTP Status Code: 400

API Version 2013-11-0135

Page 41: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0136

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/ListTags
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/ListTags
Page 42: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceListTrails

ListTrailsLists trails that are in the current account.

Request Syntax{ "NextToken": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

NextToken (p. 37)

The token to use to get the next page of results after a previous API call. This token must be passedin with the same parameters that were specified in the the original call. For example, if the originalcall specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken shouldinclude those same parameters.

Type: String

Required: No

Response Syntax{ "NextToken": "string", "Trails": [ { "HomeRegion": "string", "Name": "string", "TrailARN": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 37)

The token to use to get the next page of results after a previous API call. If the token does notappear, there are no more results to return. The token must be passed in with the same parametersas the previous call. For example, if the original call specified an AttributeKey of 'Username' with avalue of 'root', the call with NextToken should include those same parameters.

API Version 2013-11-0137

Page 43: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

Type: StringTrails (p. 37)

Returns the name, ARN, and home region of trails in the current account.

Type: Array of TrailInfo (p. 87) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0138

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/ListTrails
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/ListTrails
Page 44: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceLookupEvents

LookupEventsLooks up management events or CloudTrail Insights events that are captured by CloudTrail. You can lookup events that occurred in a region within the last 90 days. Lookup supports the following attributes formanagement events:

• AWS access key

• Event ID

• Event name

• Event source

• Read only

• Resource name

• Resource type

• User name

Lookup supports the following attributes for Insights events:

• Event ID

• Event name

• Event source

All attributes are optional. The default number of results returned is 50, with a maximum of 50 possible.The response includes a token that you can use to get the next page of results.

ImportantThe rate of lookup requests is limited to two per second, per account, per region. If this limit isexceeded, a throttling error occurs.

Request Syntax

{ "EndTime": number, "EventCategory": "string", "LookupAttributes": [ { "AttributeKey": "string", "AttributeValue": "string" } ], "MaxResults": number, "NextToken": "string", "StartTime": number}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

API Version 2013-11-0139

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-insights-events
Page 45: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Syntax

EndTime (p. 39)

Specifies that only events that occur before or at the specified time are returned. If the specified endtime is before the specified start time, an error is returned.

Type: Timestamp

Required: NoEventCategory (p. 39)

Specifies the event category. If you do not specify an event category, events of the categoryare not returned in the response. For example, if you do not specify insight as the value ofEventCategory, no Insights events are returned.

Type: String

Valid Values: insight

Required: NoLookupAttributes (p. 39)

Contains a list of lookup attributes. Currently the list can contain only one item.

Type: Array of LookupAttribute (p. 79) objects

Required: NoMaxResults (p. 39)

The number of events to return. Possible values are 1 through 50. The default is 50.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 50.

Required: NoNextToken (p. 39)

The token to use to get the next page of results after a previous API call. This token must be passedin with the same parameters that were specified in the the original call. For example, if the originalcall specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken shouldinclude those same parameters.

Type: String

Required: NoStartTime (p. 39)

Specifies that only events that occur after or at the specified time are returned. If the specified starttime is after the specified end time, an error is returned.

Type: Timestamp

Required: No

Response Syntax{ "Events": [

API Version 2013-11-0140

Page 46: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

{ "AccessKeyId": "string", "CloudTrailEvent": "string", "EventId": "string", "EventName": "string", "EventSource": "string", "EventTime": number, "ReadOnly": "string", "Resources": [ { "ResourceName": "string", "ResourceType": "string" } ], "Username": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Events (p. 40)

A list of events returned based on the lookup attributes specified and the CloudTrail event. Theevents list is sorted by time. The most recent event is listed first.

Type: Array of Event (p. 74) objectsNextToken (p. 40)

The token to use to get the next page of results after a previous API call. If the token does notappear, there are no more results to return. The token must be passed in with the same parametersas the previous call. For example, if the original call specified an AttributeKey of 'Username' with avalue of 'root', the call with NextToken should include those same parameters.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InvalidEventCategoryException

Occurs if an event category that is not valid is specified as a value of EventCategory.

HTTP Status Code: 400InvalidLookupAttributesException

Occurs when a lookup attribute is specified that is not valid.

HTTP Status Code: 400InvalidMaxResultsException

This exception is thrown if the limit specified is not valid.

API Version 2013-11-0141

Page 47: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

HTTP Status Code: 400InvalidNextTokenException

A token that is not valid, or a token that was previously used in a request with different parameters.This exception is thrown if the token is not valid.

HTTP Status Code: 400InvalidTimeRangeException

Occurs if the timestamp values are not valid. Either the start time occurs after the end time, or thetime range is outside the range of possible values.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0142

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/LookupEvents
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/LookupEvents
Page 48: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferencePutEventSelectors

PutEventSelectorsConfigures an event selector or advanced event selectors for your trail. Use event selectors or advancedevent selectors to specify management and data event settings for your trail. By default, trails createdwithout specific event selectors are configured to log all read and write management events, and no dataevents.

When an event occurs in your account, CloudTrail evaluates the event selectors or advanced eventselectors in all trails. For each trail, if the event matches any event selector, the trail processes and logsthe event. If the event doesn't match any event selector, the trail doesn't log the event.

Example

1. You create an event selector for a trail and specify that you want write-only events.2. The EC2 GetConsoleOutput and RunInstances API operations occur in your account.3. CloudTrail evaluates whether the events match your event selectors.4. The RunInstances is a write-only event and it matches your event selector. The trail logs the event.5. The GetConsoleOutput is a read-only event that doesn't match your event selector. The trail doesn't

log the event.

The PutEventSelectors operation must be called from the region in which the trail was created;otherwise, an InvalidHomeRegionException exception is thrown.

You can configure up to five event selectors for each trail. For more information, see Logging data andmanagement events for trails and Quotas in AWS CloudTrail in the AWS CloudTrail User Guide.

You can add advanced event selectors, and conditions for your advanced event selectors,up to a maximum of 500 values for all conditions and selectors on a trail. You can useeither AdvancedEventSelectors or EventSelectors, but not both. If you applyAdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For moreinformation about advanced event selectors, see Logging data events for trails in the AWS CloudTrailUser Guide.

Request Syntax{ "AdvancedEventSelectors": [ { "FieldSelectors": [ { "EndsWith": [ "string" ], "Equals": [ "string" ], "Field": "string", "NotEndsWith": [ "string" ], "NotEquals": [ "string" ], "NotStartsWith": [ "string" ], "StartsWith": [ "string" ] } ], "Name": "string" } ], "EventSelectors": [ { "DataResources": [ { "Type": "string",

API Version 2013-11-0143

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
Page 49: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceRequest Parameters

"Values": [ "string" ] } ], "ExcludeManagementEventSources": [ "string" ], "IncludeManagementEvents": boolean, "ReadWriteType": "string" } ], "TrailName": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

AdvancedEventSelectors (p. 43)

Specifies the settings for advanced event selectors. You can add advanced event selectors, andconditions for your advanced event selectors, up to a maximum of 500 values for all conditionsand selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors, butnot both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors areoverwritten. For more information about advanced event selectors, see Logging data events fortrails in the AWS CloudTrail User Guide.

Type: Array of AdvancedEventSelector (p. 68) objects

Required: NoEventSelectors (p. 43)

Specifies the settings for your event selectors. You can configure up to five event selectorsfor a trail. You can use either EventSelectors or AdvancedEventSelectors in aPutEventSelectors request, but not both. If you apply EventSelectors to a trail, any existingAdvancedEventSelectors are overwritten.

Type: Array of EventSelector (p. 76) objects

Required: NoTrailName (p. 43)

Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

If you specify a trail ARN, it must be in the following format.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

API Version 2013-11-0144

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
Page 50: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Syntax

Response Syntax{ "AdvancedEventSelectors": [ { "FieldSelectors": [ { "EndsWith": [ "string" ], "Equals": [ "string" ], "Field": "string", "NotEndsWith": [ "string" ], "NotEquals": [ "string" ], "NotStartsWith": [ "string" ], "StartsWith": [ "string" ] } ], "Name": "string" } ], "EventSelectors": [ { "DataResources": [ { "Type": "string", "Values": [ "string" ] } ], "ExcludeManagementEventSources": [ "string" ], "IncludeManagementEvents": boolean, "ReadWriteType": "string" } ], "TrailARN": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AdvancedEventSelectors (p. 45)

Specifies the advanced event selectors configured for your trail.

Type: Array of AdvancedEventSelector (p. 68) objects

EventSelectors (p. 45)

Specifies the event selectors configured for your trail.

Type: Array of EventSelector (p. 76) objects

TrailARN (p. 45)

Specifies the ARN of the trail that was updated with event selectors. The following is the format of atrail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

API Version 2013-11-0145

Page 51: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InsufficientDependencyServiceAccessPermissionException

This exception is thrown when the IAM user or role that is used to create the organization trail islacking one or more required permissions for creating an organization trail in a required service. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400InvalidEventSelectorsException

This exception is thrown when the PutEventSelectors operation is called with a number of eventselectors, advanced event selectors, or data resources that is not valid. The combination of eventselectors or advanced event selectors and data resources is not valid. A trail can have up to 5 eventselectors. If a trail uses advanced event selectors, a maximum of 500 total values for all conditions inall advanced event selectors is allowed. A trail is limited to 250 data resources. These data resourcescan be distributed across event selectors, but the overall total cannot exceed 250.

You can:• Specify a valid number of event selectors (1 to 5) for a trail.• Specify a valid number of data resources (1 to 250) for an event selector. The limit of number of

resources on an individual event selector is configurable up to 250. However, this upper limit isallowed only if the total number of data resources does not exceed 250 across all event selectorsfor a trail.

• Specify up to 500 values for all conditions in all advanced event selectors for a trail.• Specify a valid value for a parameter. For example, specifying the ReadWriteType parameter

with a value of read-only is not valid.

HTTP Status Code: 400InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region inwhich the trail was created.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

API Version 2013-11-0146

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 52: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0147

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/PutEventSelectors
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/PutEventSelectors
Page 53: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferencePutInsightSelectors

PutInsightSelectorsLets you enable Insights event logging by specifying the Insights selectors that you want to enable onan existing trail. You also use PutInsightSelectors to turn off Insights event logging, by passing anempty list of insight types. The valid Insights event type in this release is ApiCallRateInsight.

Request Syntax{ "InsightSelectors": [ { "InsightType": "string" } ], "TrailName": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

InsightSelectors (p. 48)

A JSON string that contains the Insights types that you want to log on a trail. The valid Insights typein this release is ApiCallRateInsight.

Type: Array of InsightSelector (p. 78) objects

Required: YesTrailName (p. 48)

The name of the CloudTrail trail for which you want to change or add Insights selectors.

Type: String

Required: Yes

Response Syntax{ "InsightSelectors": [ { "InsightType": "string" } ], "TrailARN": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

API Version 2013-11-0148

Page 54: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

The following data is returned in JSON format by the service.

InsightSelectors (p. 48)

A JSON string that contains the Insights event types that you want to log on a trail. The validInsights type in this release is ApiCallRateInsight.

Type: Array of InsightSelector (p. 78) objectsTrailARN (p. 48)

The Amazon Resource Name (ARN) of a trail for which you want to change or add Insights selectors.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InsufficientEncryptionPolicyException

This exception is thrown when the policy on the S3 bucket or AWS KMS key is not sufficient.

HTTP Status Code: 400InsufficientS3BucketPolicyException

This exception is thrown when the policy on the S3 bucket is not sufficient.

HTTP Status Code: 400InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region inwhich the trail was created.

HTTP Status Code: 400InvalidInsightSelectorsException

The formatting or syntax of the InsightSelectors JSON statement in yourPutInsightSelectors or GetInsightSelectors request is not valid, or the specified insighttype in the InsightSelectors statement is not a valid insight type.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400KmsException

This exception is thrown when there is an issue with the specified AWS KMS key and the trail can’t beupdated.

API Version 2013-11-0149

Page 55: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceExamples

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400S3BucketDoesNotExistException

This exception is thrown when the specified S3 bucket does not exist.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

Examples

ExampleThe following example shows how to use Insight selectors to enable CloudTrail Insights on a trail namedSampleTrail.

{ "InsightSelectors": '[{"InsightType": "ApiCallRateInsight"}]', "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/SampleTrail"}

ExampleThe following example shows how to disable CloudTrail Insights on a trail named SampleTrail. DisableInsights event collection by passing an empty string of insight types ([ ]).

{ "InsightSelectors": [ ], "TrailARN": "arn:aws:cloudtrail:us-east-2:123456789012:trail/SampleTrail"}

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2013-11-0150

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 56: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0151

https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/PutInsightSelectors
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/PutInsightSelectors
Page 57: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceRemoveTags

RemoveTagsRemoves the specified tags from a trail.

Request Syntax{ "ResourceId": "string", "TagsList": [ { "Key": "string", "Value": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

ResourceId (p. 52)

Specifies the ARN of the trail from which tags should be removed. The format of a trail ARN is:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: YesTagsList (p. 52)

Specifies a list of tags to be removed.

Type: Array of Tag (p. 83) objects

Required: No

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

CloudTrailARNInvalidException

This exception is thrown when an operation is called with a trail ARN that is not valid. The followingis the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

API Version 2013-11-0152

Page 58: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

HTTP Status Code: 400InvalidTagParameterException

This exception is thrown when the specified tag key or values are not valid. It can also occur if thereare duplicate tags or too many tags on the resource.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the specified resource is not found.

HTTP Status Code: 400ResourceTypeNotSupportedException

This exception is thrown when the specified resource type is not supported by CloudTrail.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go

API Version 2013-11-0153

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/RemoveTags
Page 59: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0154

https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/RemoveTags
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/RemoveTags
Page 60: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceStartLogging

StartLoggingStarts the recording of AWS API calls and log file delivery for a trail. For a trail that is enabled in allregions, this operation must be called from the region in which the trail was created. This operationcannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in allregions.

Request Syntax

{ "Name": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

Name (p. 55)

Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs AWS API calls. Thefollowing is the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InsufficientDependencyServiceAccessPermissionException

This exception is thrown when the IAM user or role that is used to create the organization trail islacking one or more required permissions for creating an organization trail in a required service. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400

InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region inwhich the trail was created.

HTTP Status Code: 400

API Version 2013-11-0155

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 61: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0156

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/StartLogging
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/StartLogging
Page 62: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceStopLogging

StopLoggingSuspends the recording of AWS API calls and log file delivery for the specified trail. Under mostcircumstances, there is no need to use this action. You can update a trail without stopping it first. Thisaction is the only way to stop recording. For a trail enabled in all regions, this operation must be calledfrom the region in which the trail was created, or an InvalidHomeRegionException will occur. Thisoperation cannot be called on the shadow trails (replicated trails in other regions) of a trail enabled in allregions.

Request Syntax{ "Name": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

Name (p. 57)

Specifies the name or the CloudTrail ARN of the trail for which CloudTrail will stop logging AWS APIcalls. The following is the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

InsufficientDependencyServiceAccessPermissionException

This exception is thrown when the IAM user or role that is used to create the organization trail islacking one or more required permissions for creating an organization trail in a required service. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region inwhich the trail was created.

HTTP Status Code: 400

API Version 2013-11-0157

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 63: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0158

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/StopLogging
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/StopLogging
Page 64: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceUpdateTrail

UpdateTrailUpdates trail settings that control what events you are logging, and how to handle log files. Changes to atrail do not require stopping the CloudTrail service. Use this action to designate an existing bucket for logdelivery. If the existing bucket has previously been a target for CloudTrail log files, an IAM policy existsfor the bucket. UpdateTrail must be called from the region in which the trail was created; otherwise,an InvalidHomeRegionException is thrown.

Request Syntax{ "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "EnableLogFileValidation": boolean, "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicName": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 88).

The request accepts the following data in JSON format.

CloudWatchLogsLogGroupArn (p. 59)

Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier thatrepresents the log group to which CloudTrail logs are delivered. Not required unless you specifyCloudWatchLogsRoleArn.

Type: String

Required: NoCloudWatchLogsRoleArn (p. 59)

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

Type: String

Required: NoEnableLogFileValidation (p. 59)

Specifies whether log file validation is enabled. The default is false.

NoteWhen you disable log file integrity validation, the chain of digest files is broken afterone hour. CloudTrail does not create digest files for log files that were delivered during aperiod in which log file integrity validation was disabled. For example, if you enable log fileintegrity validation at noon on January 1, disable it at noon on January 2, and re-enableit at noon on January 10, digest files will not be created for the log files delivered from

API Version 2013-11-0159

Page 65: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceRequest Parameters

noon on January 2 to noon on January 10. The same applies whenever you stop CloudTraillogging or delete a trail.

Type: Boolean

Required: NoIncludeGlobalServiceEvents (p. 59)

Specifies whether the trail is publishing events from global services such as IAM to the log files.

Type: Boolean

Required: NoIsMultiRegionTrail (p. 59)

Specifies whether the trail applies only to the current region or to all regions. The default is false. Ifthe trail exists only in the current region and this value is set to true, shadow trails (replications ofthe trail) will be created in the other regions. If the trail exists in all regions and this value is set tofalse, the trail will remain in the region where it was created, and its shadow trails in other regionswill be deleted. As a best practice, consider using trails that log events in all regions.

Type: Boolean

Required: NoIsOrganizationTrail (p. 59)

Specifies whether the trail is applied to all accounts in an organization in AWS Organizations,or only for the current AWS account. The default is false, and cannot be true unless the call ismade on behalf of an AWS account that is the management account for an organization in AWSOrganizations. If the trail is not an organization trail and this is set to true, the trail will be createdin all AWS accounts that belong to the organization. If the trail is an organization trail and this is setto false, the trail will remain in the current AWS account but be deleted from all member accountsin the organization.

Type: Boolean

Required: NoKmsKeyId (p. 59)

Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be analias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or aglobally unique identifier.

CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Regionkeys, see Using multi-Region keys in the AWS Key Management Service Developer Guide.

Examples:• alias/MyAliasName• arn:aws:kms:us-east-2:123456789012:alias/MyAliasName• arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012• 12345678-1234-1234-1234-123456789012

Type: String

Required: NoName (p. 59)

Specifies the name of the trail or trail ARN. If Name is a trail name, the string must meet thefollowing requirements:

API Version 2013-11-0160

https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
Page 66: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Syntax

• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

If Name is a trail ARN, it must be in the following format.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: YesS3BucketName (p. 59)

Specifies the name of the Amazon S3 bucket designated for publishing log files. See Amazon S3Bucket Naming Requirements.

Type: String

Required: NoS3KeyPrefix (p. 59)

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated forlog file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is200 characters.

Type: String

Required: NoSnsTopicName (p. 59)

Specifies the name of the Amazon SNS topic defined for notification of log file delivery. Themaximum length is 256 characters.

Type: String

Required: No

Response Syntax{ "CloudWatchLogsLogGroupArn": "string", "CloudWatchLogsRoleArn": "string", "IncludeGlobalServiceEvents": boolean, "IsMultiRegionTrail": boolean, "IsOrganizationTrail": boolean, "KmsKeyId": "string", "LogFileValidationEnabled": boolean, "Name": "string", "S3BucketName": "string", "S3KeyPrefix": "string", "SnsTopicARN": "string", "SnsTopicName": "string", "TrailARN": "string"}

API Version 2013-11-0161

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
Page 67: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CloudWatchLogsLogGroupArn (p. 61)

Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs are delivered.

Type: StringCloudWatchLogsRoleArn (p. 61)

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

Type: StringIncludeGlobalServiceEvents (p. 61)

Specifies whether the trail is publishing events from global services such as IAM to the log files.

Type: BooleanIsMultiRegionTrail (p. 61)

Specifies whether the trail exists in one region or in all regions.

Type: BooleanIsOrganizationTrail (p. 61)

Specifies whether the trail is an organization trail.

Type: BooleanKmsKeyId (p. 61)

Specifies the AWS KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fullyspecified ARN to a AWS KMS key in the following format.

arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

Type: StringLogFileValidationEnabled (p. 61)

Specifies whether log file integrity validation is enabled.

Type: BooleanName (p. 61)

Specifies the name of the trail.

Type: StringS3BucketName (p. 61)

Specifies the name of the Amazon S3 bucket designated for publishing log files.

Type: StringS3KeyPrefix (p. 61)

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated forlog file delivery. For more information, see Finding Your IAM Log Files.

API Version 2013-11-0162

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
Page 68: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

Type: StringSnsTopicARN (p. 61)

Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log filesare delivered. The following is the format of a topic ARN.

arn:aws:sns:us-east-2:123456789012:MyTopic

Type: StringSnsTopicName (p. 61)

This parameter has been deprecated.

This field is no longer in use. Use UpdateTrail:SnsTopicARN (p. 63).

Type: StringTrailARN (p. 61)

Specifies the ARN of the trail that was updated. The following is the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 90).

CloudTrailAccessNotEnabledException

This exception is thrown when trusted access has not been enabled between AWS CloudTrail andAWS Organizations. For more information, see Enabling Trusted Access with Other AWS Services andPrepare For Creating a Trail For Your Organization.

HTTP Status Code: 400CloudTrailInvalidClientTokenIdException

This exception is thrown when a call results in the InvalidClientTokenId error code. This canoccur when you are creating or updating a trail to send notifications to an Amazon SNS topic that isin a suspended AWS account.

HTTP Status Code: 400CloudWatchLogsDeliveryUnavailableException

Cannot set a CloudWatch Logs delivery for this region.

HTTP Status Code: 400InsufficientDependencyServiceAccessPermissionException

This exception is thrown when the IAM user or role that is used to create the organization trail islacking one or more required permissions for creating an organization trail in a required service. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400InsufficientEncryptionPolicyException

This exception is thrown when the policy on the S3 bucket or AWS KMS key is not sufficient.

API Version 2013-11-0163

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 69: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

HTTP Status Code: 400InsufficientS3BucketPolicyException

This exception is thrown when the policy on the S3 bucket is not sufficient.

HTTP Status Code: 400InsufficientSnsTopicPolicyException

This exception is thrown when the policy on the Amazon SNS topic is not sufficient.

HTTP Status Code: 400InvalidCloudWatchLogsLogGroupArnException

This exception is thrown when the provided CloudWatch Logs log group is not valid.

HTTP Status Code: 400InvalidCloudWatchLogsRoleArnException

This exception is thrown when the provided role is not valid.

HTTP Status Code: 400InvalidEventSelectorsException

This exception is thrown when the PutEventSelectors operation is called with a number of eventselectors, advanced event selectors, or data resources that is not valid. The combination of eventselectors or advanced event selectors and data resources is not valid. A trail can have up to 5 eventselectors. If a trail uses advanced event selectors, a maximum of 500 total values for all conditions inall advanced event selectors is allowed. A trail is limited to 250 data resources. These data resourcescan be distributed across event selectors, but the overall total cannot exceed 250.

You can:• Specify a valid number of event selectors (1 to 5) for a trail.• Specify a valid number of data resources (1 to 250) for an event selector. The limit of number of

resources on an individual event selector is configurable up to 250. However, this upper limit isallowed only if the total number of data resources does not exceed 250 across all event selectorsfor a trail.

• Specify up to 500 values for all conditions in all advanced event selectors for a trail.• Specify a valid value for a parameter. For example, specifying the ReadWriteType parameter

with a value of read-only is not valid.

HTTP Status Code: 400InvalidHomeRegionException

This exception is thrown when an operation is called on a trail from a region other than the region inwhich the trail was created.

HTTP Status Code: 400InvalidKmsKeyIdException

This exception is thrown when the AWS KMS key ARN is not valid.

HTTP Status Code: 400InvalidParameterCombinationException

This exception is thrown when the combination of parameters provided is not valid.

HTTP Status Code: 400

API Version 2013-11-0164

Page 70: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceErrors

InvalidS3BucketNameException

This exception is thrown when the provided S3 bucket name is not valid.

HTTP Status Code: 400InvalidS3PrefixException

This exception is thrown when the provided S3 prefix is not valid.

HTTP Status Code: 400InvalidSnsTopicNameException

This exception is thrown when the provided SNS topic name is not valid.

HTTP Status Code: 400InvalidTrailNameException

This exception is thrown when the provided trail name is not valid. Trail names must meet thefollowing requirements:• Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)• Start with a letter or number, and end with a letter or number• Be between 3 and 128 characters• Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.

• Not be in IP address format (for example, 192.168.5.4)

HTTP Status Code: 400KmsException

This exception is thrown when there is an issue with the specified AWS KMS key and the trail can’t beupdated.

HTTP Status Code: 400KmsKeyDisabledException

This error has been deprecated.

This exception is no longer in use.

HTTP Status Code: 400KmsKeyNotFoundException

This exception is thrown when the AWS KMS key does not exist, when the S3 bucket and the AWSKMS key are not in the same region, or when the AWS KMS key associated with the Amazon SNStopic either does not exist or is not in the same region.

HTTP Status Code: 400NotOrganizationMasterAccountException

This exception is thrown when the AWS account making the request to create or update anorganization trail is not the management account for an organization in AWS Organizations. Formore information, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

API Version 2013-11-0165

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
Page 71: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

HTTP Status Code: 400OrganizationNotInAllFeaturesModeException

This exception is thrown when AWS Organizations is not configured to support all features. Allfeatures must be enabled in Organizations to support creating an organization trail. For moreinformation, see Prepare For Creating a Trail For Your Organization.

HTTP Status Code: 400OrganizationsNotInUseException

This exception is thrown when the request is made from an AWS account that is not a member ofan organization. To make this request, sign in using the credentials of an account that belongs to anorganization.

HTTP Status Code: 400S3BucketDoesNotExistException

This exception is thrown when the specified S3 bucket does not exist.

HTTP Status Code: 400TrailNotFoundException

This exception is thrown when the trail with the given name is not found.

HTTP Status Code: 400TrailNotProvidedException

This exception is no longer in use.

HTTP Status Code: 400UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

API Version 2013-11-0166

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html
https://docs.aws.amazon.com/goto/aws-cli/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/DotNetSDKV3/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/SdkForPHPV3/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/boto3/cloudtrail-2013-11-01/UpdateTrail
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/UpdateTrail
Page 72: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

Data TypesThe AWS CloudTrail API contains several data types that various actions use. This section describes eachdata type in detail.

NoteThe order of each element in a data type structure is not guaranteed. Applications should notassume a particular order.

The following data types are supported:

• AdvancedEventSelector (p. 68)• AdvancedFieldSelector (p. 69)• DataResource (p. 72)• Event (p. 74)• EventSelector (p. 76)• InsightSelector (p. 78)• LookupAttribute (p. 79)• PublicKey (p. 80)• Resource (p. 81)• ResourceTag (p. 82)• Tag (p. 83)• Trail (p. 84)• TrailInfo (p. 87)

API Version 2013-11-0167

Page 73: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceAdvancedEventSelector

AdvancedEventSelectorAdvanced event selectors let you create fine-grained selectors for the following AWS CloudTrail eventrecord fields. They help you control costs by logging only those events that are important to you.For more information about advanced event selectors, see Logging data events for trails in the AWSCloudTrail User Guide.

• readOnly

• eventSource

• eventName

• eventCategory

• resources.type

• resources.ARN

You cannot apply both event selectors and advanced event selectors to a trail.

ContentsFieldSelectors

Contains all selector statements in an advanced event selector.

Type: Array of AdvancedFieldSelector (p. 69) objects

Array Members: Minimum number of 1 item.

Required: YesName

An optional, descriptive name for an advanced event selector, such as "Log data events for only twoS3 buckets".

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1000.

Pattern: .*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0168

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/AdvancedEventSelector
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/AdvancedEventSelector
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/AdvancedEventSelector
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/AdvancedEventSelector
Page 74: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceAdvancedFieldSelector

AdvancedFieldSelectorA single selector statement in an advanced event selector.

ContentsEndsWith

An operator that includes events that match the last few characters of the event record fieldspecified as the value of Field.

Type: Array of strings

Array Members: Minimum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .+

Required: NoEquals

An operator that includes events that match the exact value of the event record field specifiedas the value of Field. This is the only valid operator that you can use with the readOnly,eventCategory, and resources.type fields.

Type: Array of strings

Array Members: Minimum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .+

Required: NoField

A field in an event record on which to filter events to be logged. Supported fields include readOnly,eventCategory, eventSource (for management events), eventName, resources.type, andresources.ARN.• readOnly - Optional. Can be set to Equals a value of true or false. A value of false logs

both read and write events.• eventSource - For filtering management events only. This can be set only to NotEqualskms.amazonaws.com.

• eventName - Can use any operator. You can use it to filter in or filter out any data event loggedto CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple values for thisfield, separated by commas.

• eventCategory - This is required. It must be set to Equals, and the value must be Managementor Data.

• resources.type - This field is required. resources.type can only use the Equals operator,and the value can be one of the following: AWS::S3::Object, AWS::S3::AccessPoint,AWS::Lambda::Function, AWS::DynamoDB::Table, AWS::S3Outposts::Object,AWS::ManagedBlockchain::Node, AWS::S3ObjectLambda::AccessPoint, orAWS::EC2::Snapshot. You can have only one resources.type field per selector. To log dataevents on more than one resource type, add another selector.

• resources.ARN - You can use any operator with resources.ARN, but if you use Equals orNotEquals, the value must exactly match the ARN of a valid resource of the type you've

API Version 2013-11-0169

Page 75: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceContents

specified in the template as the value of resources.type. For example, if resources.type equalsAWS::S3::Object, the ARN must be in one of the following formats. To log all data events forall objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARNas the matching value.

The trailing slash is intentional; do not exclude it. Replace the text between less than and greaterthan symbols (<>) with resource-specific information.• arn:<partition>:s3:::<bucket_name>/

• arn:<partition>:s3:::<bucket_name>/<object_path>/

When resources.type equals AWS::S3::AccessPoint, and the operator is set to Equals orNotEquals, the ARN must be in one of the following formats. To log events on all objects in anS3 access point, we recommend that you use only the access point ARN, don’t include the objectpath, and use the StartsWith or NotStartsWith operators.• arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>

• arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>

When resources.type equals AWS::Lambda::Function, and the operator is set to Equals orNotEquals, the ARN must be in the following format:• arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>

When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals orNotEquals, the ARN must be in the following format:• arn:<partition>:dynamodb:<region>:<account_ID>:table:<table_name>

When resources.type equals AWS::S3Outposts::Object, and the operator is set to Equalsor NotEquals, the ARN must be in the following format:• arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>

When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set toEquals or NotEquals, the ARN must be in the following format:• arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>

When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is setto Equals or NotEquals, the ARN must be in the following format:• arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>

When resources.type equals AWS::EC2::Snapshot, and the operator is set to Equals orNotEquals, the ARN must be in the following format:• arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1000.

Pattern: [\w|\d|\.|_]+

Required: YesNotEndsWith

An operator that excludes events that match the last few characters of the event record fieldspecified as the value of Field.

Type: Array of strings

Array Members: Minimum number of 1 item.

API Version 2013-11-0170

Page 76: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .+

Required: NoNotEquals

An operator that excludes events that match the exact value of the event record field specified asthe value of Field.

Type: Array of strings

Array Members: Minimum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .+

Required: NoNotStartsWith

An operator that excludes events that match the first few characters of the event record fieldspecified as the value of Field.

Type: Array of strings

Array Members: Minimum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .+

Required: NoStartsWith

An operator that includes events that match the first few characters of the event record fieldspecified as the value of Field.

Type: Array of strings

Array Members: Minimum number of 1 item.

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0171

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/AdvancedFieldSelector
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/AdvancedFieldSelector
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/AdvancedFieldSelector
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/AdvancedFieldSelector
Page 77: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceDataResource

DataResourceThe Amazon S3 buckets, AWS Lambda functions, or Amazon DynamoDB tables that you specify in yourevent selectors for your trail to log data events. Data events provide information about the resourceoperations performed on or within a resource itself. These are also known as data plane operations. Youcan specify up to 250 data resources for a trail.

NoteThe total number of allowed data resources is 250. This number can be distributed between 1and 5 event selectors, but the total cannot exceed 250 across all selectors.If you are using advanced event selectors, the maximum total number of values for allconditions, across all advanced event selectors for the trail, is 500.

The following example demonstrates how logging works when you configure logging of all data eventsfor an S3 bucket named bucket-1. In this example, the CloudTrail user specified an empty prefix, andthe option to log both Read and Write data events.

1. A user uploads an image file to bucket-1.2. The PutObject API operation is an Amazon S3 object-level API. It is recorded as a data event in

CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occuron any object in that bucket are logged. The trail processes and logs the event.

3. A user uploads an object to an Amazon S3 bucket named arn:aws:s3:::bucket-2.4. The PutObject API operation occurred for an object in an S3 bucket that the CloudTrail user didn't

specify for the trail. The trail doesn’t log the event.

The following example demonstrates how logging works when you configure logging of AWS Lambdadata events for a Lambda function named MyLambdaFunction, but not for all Lambda functions.

1. A user runs a script that includes a call to the MyLambdaFunction function and theMyOtherLambdaFunction function.

2. The Invoke API operation on MyLambdaFunction is an Lambda API. It is recorded as a data eventin CloudTrail. Because the CloudTrail user specified logging data events for MyLambdaFunction, anyinvocations of that function are logged. The trail processes and logs the event.

3. The Invoke API operation on MyOtherLambdaFunction is an Lambda API. Because the CloudTrailuser did not specify logging data events for all Lambda functions, the Invoke operation forMyOtherLambdaFunction does not match the function specified for the trail. The trail doesn’t log theevent.

ContentsType

The resource type in which you want to log data events. You can specify AWS::S3::Object,AWS::Lambda::Function, or AWS::DynamoDB::Table resources.

The AWS::S3Outposts::Object, AWS::ManagedBlockchain::Node,AWS::S3ObjectLambda::AccessPoint, and AWS::EC2::Snapshot resource types are not validin basic event selectors. To log data events on these resource types, use advanced event selectors.

Type: String

Required: NoValues

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.

API Version 2013-11-0172

Page 78: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

• To log data events for all objects in all S3 buckets in your AWS account, specify the prefix asarn:aws:s3:::.

NoteThis also enables logging of data event activity performed by any user or role in yourAWS account, even if that activity is performed on a bucket that belongs to another AWSaccount.

• To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefixsuch as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this S3 bucket.

• To log data events for specific objects, specify the S3 bucket and object prefix such asarn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in this S3bucket that match the prefix.

• To log data events for all Lambda functions in your AWS account, specify the prefix asarn:aws:lambda.

NoteThis also enables logging of Invoke activity performed by any user or role in your AWSaccount, even if that activity is performed on a function that belongs to another AWSaccount.

• To log data events for a specific Lambda function, specify the function ARN.

NoteLambda function ARNs are exact. For example, if you specify a function ARNarn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only belogged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not belogged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

• To log data events for all DynamoDB tables in your AWS account, specify the prefix asarn:aws:dynamodb.

Type: Array of strings

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0173

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/DataResource
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/DataResource
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/DataResource
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/DataResource
Page 79: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceEvent

EventContains information about an event that was returned by a lookup request. The result includes arepresentation of a CloudTrail event.

ContentsAccessKeyId

The AWS access key ID that was used to sign the request. If the request was made with temporarysecurity credentials, this is the access key ID of the temporary credentials.

Type: String

Required: NoCloudTrailEvent

A JSON string that contains a representation of the event returned.

Type: String

Required: NoEventId

The CloudTrail ID of the event returned.

Type: String

Required: NoEventName

The name of the event returned.

Type: String

Required: NoEventSource

The AWS service to which the request was made.

Type: String

Required: NoEventTime

The date and time of the event returned.

Type: Timestamp

Required: NoReadOnly

Information about whether the event is a write event or a read event.

Type: String

Required: No

API Version 2013-11-0174

Page 80: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

Resources

A list of resources referenced by the event returned.

Type: Array of Resource (p. 81) objects

Required: NoUsername

A user name or role name of the requester that called the API in the event returned.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0175

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/Event
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/Event
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/Event
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/Event
Page 81: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceEventSelector

EventSelectorUse event selectors to further specify the management and data event settings for your trail. By default,trails created without specific event selectors will be configured to log all read and write managementevents, and no data events. When an event occurs in your account, CloudTrail evaluates the eventselector for all trails. For each trail, if the event matches any event selector, the trail processes and logsthe event. If the event doesn't match any event selector, the trail doesn't log the event.

You can configure up to five event selectors for a trail.

You cannot apply both event selectors and advanced event selectors to a trail.

ContentsDataResources

CloudTrail supports data event logging for Amazon S3 objects, AWS Lambda functions, and AmazonDynamoDB tables with basic event selectors. You can specify up to 250 resources for an individualevent selector, but the total number of data resources cannot exceed 250 across all event selectorsin a trail. This limit does not apply if you configure resource logging for all data events.

For more information, see Data Events and Limits in AWS CloudTrail in the AWS CloudTrail UserGuide.

Type: Array of DataResource (p. 72) objects

Required: NoExcludeManagementEventSources

An optional list of service event sources from which you do not want management events to belogged on your trail. In this release, the list can be empty (disables the filter), or it can filter out AWSKey Management Service or Amazon RDS Data API events by containing kms.amazonaws.com orrdsdata.amazonaws.com. By default, ExcludeManagementEventSources is empty, and AWSKMS and Amazon RDS Data API events are logged to your trail.

Type: Array of strings

Required: NoIncludeManagementEvents

Specify if you want your event selector to include management events for your trail.

For more information, see Management Events in the AWS CloudTrail User Guide.

By default, the value is true.

The first copy of management events is free. You are charged for additional copies of managementevents that you are logging on any subsequent trail in the same region. For more information aboutCloudTrail pricing, see AWS CloudTrail Pricing.

Type: Boolean

Required: NoReadWriteType

Specify if you want your trail to log read-only events, write-only events, or all. For example, the EC2GetConsoleOutput is a read-only API operation and RunInstances is a write-only API operation.

API Version 2013-11-0176

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events
http://aws.amazon.com/cloudtrail/pricing/
Page 82: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

By default, the value is All.

Type: String

Valid Values: ReadOnly | WriteOnly | All

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0177

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/EventSelector
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/EventSelector
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/EventSelector
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/EventSelector
Page 83: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceInsightSelector

InsightSelectorA JSON string that contains a list of insight types that are logged on a trail.

ContentsInsightType

The type of Insights events to log on a trail. The valid Insights type in this release isApiCallRateInsight.

Type: String

Valid Values: ApiCallRateInsight

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0178

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/InsightSelector
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/InsightSelector
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/InsightSelector
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/InsightSelector
Page 84: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceLookupAttribute

LookupAttributeSpecifies an attribute and value that filter the events returned.

ContentsAttributeKey

Specifies an attribute on which to filter the events returned.

Type: String

Valid Values: EventId | EventName | ReadOnly | Username | ResourceType |ResourceName | EventSource | AccessKeyId

Required: YesAttributeValue

Specifies a value for the specified AttributeKey.

Type: String

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0179

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/LookupAttribute
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/LookupAttribute
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/LookupAttribute
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/LookupAttribute
Page 85: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferencePublicKey

PublicKeyContains information about a returned public key.

ContentsFingerprint

The fingerprint of the public key.

Type: String

Required: NoValidityEndTime

The ending time of validity of the public key.

Type: Timestamp

Required: NoValidityStartTime

The starting time of validity of the public key.

Type: Timestamp

Required: NoValue

The DER encoded public key value in PKCS#1 format.

Type: Base64-encoded binary data object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0180

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/PublicKey
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/PublicKey
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/PublicKey
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/PublicKey
Page 86: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResource

ResourceSpecifies the type and name of a resource referenced by an event.

ContentsResourceName

The name of the resource referenced by the event returned. These are user-created names whosevalues will depend on the environment. For example, the resource name might be "auto-scaling-test-group" for an Auto Scaling Group or "i-1234567" for an EC2 Instance.

Type: String

Required: NoResourceType

The type of a resource referenced by the event returned. When the resource type cannot bedetermined, null is returned. Some examples of resource types are: Instance for EC2, Trail forCloudTrail, DBInstance for Amazon RDS, and AccessKey for IAM. To learn more about how to lookup and filter events by the resource types supported for a service, see Filtering CloudTrail Events.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0181

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html#filtering-cloudtrail-events
https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/Resource
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/Resource
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/Resource
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/Resource
Page 87: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceResourceTag

ResourceTagA resource tag.

ContentsResourceId

Specifies the ARN of the resource.

Type: String

Required: NoTagsList

A list of tags.

Type: Array of Tag (p. 83) objects

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0182

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/ResourceTag
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/ResourceTag
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/ResourceTag
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/ResourceTag
Page 88: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceTag

TagA custom key-value pair associated with a resource such as a CloudTrail trail.

ContentsKey

The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. Thekey must be unique for the resource to which it applies.

Type: String

Required: YesValue

The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0183

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/Tag
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/Tag
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/Tag
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/Tag
Page 89: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceTrail

TrailThe settings for a trail.

ContentsCloudWatchLogsLogGroupArn

Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log group towhich CloudTrail logs will be delivered.

Type: String

Required: NoCloudWatchLogsRoleArn

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

Type: String

Required: NoHasCustomEventSelectors

Specifies if the trail has custom event selectors.

Type: Boolean

Required: NoHasInsightSelectors

Specifies whether a trail has insight types specified in an InsightSelector list.

Type: Boolean

Required: NoHomeRegion

The region in which the trail was created.

Type: String

Required: NoIncludeGlobalServiceEvents

Set to True to include AWS API calls from AWS global services such as IAM. Otherwise, False.

Type: Boolean

Required: NoIsMultiRegionTrail

Specifies whether the trail exists only in one region or exists in all regions.

Type: Boolean

Required: NoIsOrganizationTrail

Specifies whether the trail is an organization trail.

API Version 2013-11-0184

Page 90: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceContents

Type: Boolean

Required: NoKmsKeyId

Specifies the AWS KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fullyspecified ARN to a AWS KMS key in the following format.

arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

Type: String

Required: NoLogFileValidationEnabled

Specifies whether log file validation is enabled.

Type: Boolean

Required: NoName

Name of the trail set by calling CreateTrail (p. 6). The maximum length is 128 characters.

Type: String

Required: NoS3BucketName

Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. See Amazon S3 BucketNaming Requirements.

Type: String

Required: NoS3KeyPrefix

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated forlog file delivery. For more information, see Finding Your CloudTrail Log Files. The maximum length is200 characters.

Type: String

Required: NoSnsTopicARN

Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log filesare delivered. The following is the format of a topic ARN.

arn:aws:sns:us-east-2:123456789012:MyTopic

Type: String

Required: NoSnsTopicName

This member has been deprecated.

This field is no longer in use. Use Trail:SnsTopicARN (p. 85).

API Version 2013-11-0185

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create_trail_naming_policy.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
Page 91: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceSee Also

Type: String

Required: NoTrailARN

Specifies the ARN of the trail. The following is the format of a trail ARN.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0186

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/Trail
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/Trail
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/Trail
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/Trail
Page 92: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API ReferenceTrailInfo

TrailInfoInformation about a CloudTrail trail, including the trail's name, home region, and Amazon ResourceName (ARN).

ContentsHomeRegion

The AWS Region in which a trail was created.

Type: String

Required: NoName

The name of a trail.

Type: String

Required: NoTrailARN

The ARN of a trail.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java V2• AWS SDK for Ruby V3

API Version 2013-11-0187

https://docs.aws.amazon.com/goto/SdkForCpp/cloudtrail-2013-11-01/TrailInfo
https://docs.aws.amazon.com/goto/SdkForGoV1/cloudtrail-2013-11-01/TrailInfo
https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudtrail-2013-11-01/TrailInfo
https://docs.aws.amazon.com/goto/SdkForRubyV3/cloudtrail-2013-11-01/TrailInfo
Page 93: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

Common ParametersThe following list contains the parameters that all actions use for signing Signature Version 4 requestswith a query string. Any action-specific parameters are listed in the topic for that action. For moreinformation about Signature Version 4, see Signature Version 4 Signing Process in the Amazon WebServices General Reference.

Action

The action to be performed.

Type: string

Required: YesVersion

The API version that the request is written for, expressed in the format YYYY-MM-DD.

Type: string

Required: YesX-Amz-Algorithm

The hash algorithm that you used to create the request signature.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Valid Values: AWS4-HMAC-SHA256

Required: ConditionalX-Amz-Credential

The credential scope value, which is a string that includes your access key, the date, the region youare targeting, the service you are requesting, and a termination string ("aws4_request"). The value isexpressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.

For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon WebServices General Reference.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: ConditionalX-Amz-Date

The date that is used to create the signature. The format must be ISO 8601 basic format(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:20120325T120000Z.

Condition: X-Amz-Date is optional for all requests; it can be used to override the date used forsigning requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is

API Version 2013-11-0188

http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
Page 94: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

not required. When X-Amz-Date is used, it always overrides the value of the Date header. Formore information, see Handling Dates in Signature Version 4 in the Amazon Web Services GeneralReference.

Type: string

Required: ConditionalX-Amz-Security-Token

The temporary security token that was obtained through a call to AWS Security Token Service (AWSSTS). For a list of services that support temporary security credentials from AWS Security TokenService, go to AWS Services That Work with IAM in the IAM User Guide.

Condition: If you're using temporary security credentials from the AWS Security Token Service, youmust include the security token.

Type: string

Required: ConditionalX-Amz-Signature

Specifies the hex-encoded signature that was calculated from the string to sign and the derivedsigning key.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: ConditionalX-Amz-SignedHeaders

Specifies all the HTTP headers that were included as part of the canonical request. For moreinformation about specifying signed headers, see Task 1: Create a Canonical Request For SignatureVersion 4 in the Amazon Web Services General Reference.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: Conditional

API Version 2013-11-0189

http://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
Page 95: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

Common ErrorsThis section lists the errors common to the API actions of all AWS services. For errors specific to an APIaction for this service, see the topic for that API action.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 400IncompleteSignature

The request signature does not conform to AWS standards.

HTTP Status Code: 400InternalFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500InvalidAction

The action or operation requested is invalid. Verify that the action is typed correctly.

HTTP Status Code: 400InvalidClientTokenId

The X.509 certificate or AWS access key ID provided does not exist in our records.

HTTP Status Code: 403InvalidParameterCombination

Parameters that must not be used together were used together.

HTTP Status Code: 400InvalidParameterValue

An invalid or out-of-range value was supplied for the input parameter.

HTTP Status Code: 400InvalidQueryParameter

The AWS query string is malformed or does not adhere to AWS standards.

HTTP Status Code: 400MalformedQueryString

The query string contains a syntax error.

HTTP Status Code: 404MissingAction

The request is missing an action or a required parameter.

HTTP Status Code: 400

API Version 2013-11-0190

Page 96: AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail API Reference

MissingAuthenticationToken

The request must contain either a valid (registered) AWS access key ID or X.509 certificate.

HTTP Status Code: 403MissingParameter

A required parameter for the specified action is not supplied.

HTTP Status Code: 400NotAuthorized

You do not have permission to perform this action.

HTTP Status Code: 400OptInRequired

The AWS access key ID needs a subscription for the service.

HTTP Status Code: 403RequestExpired

The request reached the service more than 15 minutes after the date stamp on the request or morethan 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stampon the request is more than 15 minutes in the future.

HTTP Status Code: 400ServiceUnavailable

The request has failed due to a temporary failure of the server.

HTTP Status Code: 503ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 400ValidationError

The input fails to satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

API Version 2013-11-0191


8KMiles aids a leading Internet FM ... - Amazon Web Services8kmprod.s3.amazonaws.com/wp-content/uploads/2016/... · AWS CloudTrail and AWS Config set up with Python AWS Lambda for

Automated Compliance and Governance with AWS Config and AWS CloudTrail - June 2017 AWS Online Tech Talks

Getting Started with AWS IoT, Devices & SDKs

Manage AWS Services - SplunkConf AWS Services Cost, Security, ... AWS Add-on Get Data In Config CloudWatch Kinesis SQS CloudTrail Billing S3 Multi accounts Assume Role High throughput

Amazon AI Services - Amazon Web Servicesaws-de-media.s3-eu-west-1.amazonaws.com/images... · Amazon AI Services. ... Cognito CloudTrail CloudWatch AWS Services Action AWS Lambda

May 2020 DSM Guide - IBM...Configuring an Amazon AWS CloudTrail log source by using the Amazon Web Services protocol.188 Configuring an Amazon AWS CloudTrail log source by using the

CloudSec Fundamentals: Getting shit done · 2020. 11. 19. · Low hanging fruit examples (AWS) AWS GuardDuty - Generates alerts based on Flow Logs + DNS queries + AWS Cloudtrail logs

Webinar: Securely Configuring and Mining AWS CloudTrail

(SEC318) AWS CloudTrail Deep Dive

Integrate AWS CloudTrail

Amazon S3 Cookbookcdn.oreillystatic.com/oreilly/booksamplers/packt/9781785280702_Sa… · Chapter 1, Managing Common Operations with AWS SDKs, introduces what AWS SDKs can do with

Security at Scale: Logging in AWS Web Services – Security at Scale: Logging in AWS October 2015 Page 1 of 16 Security at Scale: Logging in AWS How AWS CloudTrail can help you achieve

(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols

Getting started with AWS security · AWS CloudTrail informs you of activity and Amazon ... China , Beijing (2) Ningxia(2) Announced Regions Stockholm ... Availability Zone C Each

How banks are using Cloud to improve security AWS Christophe... · AWS Config. AWS CloudTrail. Amazon CloudWatch. VPC Flow Logs. AWS Systems Manager. AWS Shield. AWS WAF – Web application

Sumo Logic AWS CloudTrail Application

Enabling Self-Service for Data Scientists with AWS …aws-de-media.s3.amazonaws.com/images/AWS_Summit... · Amazon EC2 Systems Manager AWS CloudTrail AWS Config AWS Managed Services

AWS CloudTrail & Alert Logic Log Manager

AWS CloudTrail - Guide de l'utilisateur · La visibilité sur l'activité de votre compte AWS est un aspect essentiel des bonnes pratiques de sécurité et opérationnelles. Vous

Agile and Keyless Cloud Security Response...ACM, AWS CloudTrail, AWS IAM, AWS IAM Access Analyzer, AWS Lambda, AWS Security Hub. • Platform: Platform independent Avoid credential

Mitigate Risks Using Cloud-Native Infrastructure Security · AWS Cloud us-east-1a Availability Zone Services VPC 10.1.0.0/16 Proof of Concept VPC 10.250.0.0/16 AWS CloudTrail AWS

Intrusion Detection in the Cloud - Amazon Web Servicesawsmedia.s3.amazonaws.com/SEC402.pdf ·  · 2013-11-21AWS IAM AWS STS (Security Token Service) AWS CloudTrail Amazon Redshift

TECHNICAL BRIEF Expert-enabled SaaS Security built for AWS...AlertLogic.com EXPERT-ENABLED SAAS SECURITY BUILT FOR AWS 3 Security Integrated (cont.) AWS CLOUDTRAIL AWS CloudTrail records

THE PRACTICAL GUIDE TO AWS CLOUDTRAILclick.cloudcheckr.com/rs/222-ENM-584/images/...THE PRACTICAL GUIDE TO AWS CLOUDTRAIL whitepaper AWS CloudTrail is an Amazon cloud service that

Windows on AWS - london-summit-slides …london-summit-slides-2017.s3.amazonaws.com/How AWS can help yo… · AWS IAM Amazon S3 AWS CloudTrail AWS Config Logging and monitoring platform

AWS CloudTrail - 使用者指南...AWS CloudTrail 使用者指南 CloudTrail 工作流程 CloudTrail API 建立線索時,這是預設選項。如需更多詳細資訊,請參閱

Aws cloudtrail Ug

Yinlin Chen, Jim Tuttle, William A. Ingram Information ...AWS Lambda Amazon DynamoDB Amazon CloudFront Amazon Route 53 Amazon CloudWatch AWS CloudTrail AWS CloudFormation IAM Amazon

AWS Config - Developer Guide Config Developer Guide Deleting a Service-Linked Role for AWS Config 157 Logging AWS Config API Calls with AWS CloudTrail 158 AWS Config Information

(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR

(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014

AWS CloudTrail - Guia do usuário...AWS CloudTrail Guia do usuário Como CloudTrail funciona Se for adicionada alguma região depois que você criar uma trilha que se aplica a todas

Deep Dive: Infrastructure as Code - AWS - Amazon S3and...Deep Dive: Infrastructure as Code Steven Bryen – Solutions Architect, AWS Raj Wilkhu ... AWS CloudTrail ! AWS CloudWatch

 · 2020-01-14 · Amazon Elasticsearch Service (Amazon ES) AWS AppSync Amazon API Gateway Amazon Cognito AWS KMS AWS CloudTrail 管理与安全 IAM

Getting Started with AWS - Sysfore · AWS CloudTrail, AWS CodeDeploy, Amazon Cognito, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, ... Getting Started with AWS Amazon Web Services