/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace CloudTrail { namespace Model { /** *

A single selector statement in an advanced event selector.

See * Also:

AWS * API Reference

*/ class AdvancedFieldSelector { public: AWS_CLOUDTRAIL_API AdvancedFieldSelector(); AWS_CLOUDTRAIL_API AdvancedFieldSelector(Aws::Utils::Json::JsonView jsonValue); AWS_CLOUDTRAIL_API AdvancedFieldSelector& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_CLOUDTRAIL_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

A field in a CloudTrail event record on which to filter events to be logged. * For event data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the field is used only for selecting events as * filtering is not supported.

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline const Aws::String& GetField() const{ return m_field; } /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline bool FieldHasBeenSet() const { return m_fieldHasBeenSet; } /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline void SetField(const Aws::String& value) { m_fieldHasBeenSet = true; m_field = value; } /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline void SetField(Aws::String&& value) { m_fieldHasBeenSet = true; m_field = std::move(value); } /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline void SetField(const char* value) { m_fieldHasBeenSet = true; m_field.assign(value); } /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline AdvancedFieldSelector& WithField(const Aws::String& value) { SetField(value); return *this;} /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline AdvancedFieldSelector& WithField(Aws::String&& value) { SetField(std::move(value)); return *this;} /** *

For CloudTrail event records, supported * fields include readOnly, eventCategory, * eventSource (for management events), eventName, * resources.type, and resources.ARN.

For event * data stores for Config configuration items, Audit Manager evidence, or * non-Amazon Web Services events, the only supported field is * eventCategory.

readOnly - * Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both * read and write events. A value of true * logs only read events. A value of false logs only * write events.
eventSource * - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com.
* eventName - Can use any operator. You can use it to ﬁlter in * or ﬁlter out any data event logged to CloudTrail, such as PutBucket * or GetSnapshotBlock. You can have multiple values for this ﬁeld, * separated by commas.
eventCategory - * This is required and must be set to Equals.
- For * CloudTrail event records, the value must be Management or * Data.
- For Config configuration items, the value * must be ConfigurationItem.
- For Audit Manager * evidence, the value must be Evidence.
- For * non-Amazon Web Services events, the value must be ActivityAuditLog. *
resources.type - This ﬁeld * is required for CloudTrail data events. resources.type can only use * the Equals operator, and the value can be one of the following:
*
- AWS::DynamoDB::Table
- * AWS::Lambda::Function
- * AWS::S3::Object
- * AWS::CloudTrail::Channel
- * AWS::CodeWhisperer::Profile
- * AWS::Cognito::IdentityPool
- * AWS::DynamoDB::Stream
- * AWS::EC2::Snapshot
- * AWS::EMRWAL::Workspace
- * AWS::FinSpace::Environment
- * AWS::Glue::Table
- * AWS::GuardDuty::Detector
- * AWS::KendraRanking::ExecutionPlan
- * AWS::ManagedBlockchain::Node
- * AWS::SageMaker::ExperimentTrialComponent
- * AWS::SageMaker::FeatureGroup
- * AWS::S3::AccessPoint
- * AWS::S3ObjectLambda::AccessPoint
- * AWS::S3Outposts::Object
You can have only one * resources.type ﬁeld per selector. To log data events on more than * one resource type, add another selector.
* resources.ARN - You can use any operator with * resources.ARN, but if you use Equals or * NotEquals, the value must exactly match the ARN of a valid resource * of the type you've speciﬁed in the template as the value of resources.type. For * example, if resources.type equals AWS::S3::Object, the ARN must be * in one of the following formats. To log all data events for all objects in a * specific S3 bucket, use the StartsWith operator, and include only * the bucket ARN as the matching value.

The trailing slash is intentional; * do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information.
- * arn:<partition>:s3:::<bucket_name>/
- * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
When resources.type equals * AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
When resources.type equals * AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
When resources.type equals * AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
When resources.type equals * AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
When resources.type equals * AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
When resources.type equals * AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
When resources.type equals * AWS::EC2::Snapshot, and the operator is set to Equals * or NotEquals, the ARN must be in the following format:
- * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
When resources.type equals * AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
When resources.type equals * AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
When resources.type equals * AWS::Glue::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format:
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
When resources.type equals * AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
When resources.type equals * AWS::KendraRanking::ExecutionPlan, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
When resources.type equals * AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
When resources.type equals * AWS::SageMaker::ExperimentTrialComponent, and the operator is set * to Equals or NotEquals, the ARN must be in the * following format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
When resources.type equals * AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
When resources.type equals * AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the * following formats. To log events on all objects in an S3 access point, we * recommend that you use only the access point ARN, don’t include the object path, * and use the StartsWith or NotStartsWith operators.
*
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
- * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
When resources.type equals * AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
When resources.type equals * AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following * format:
- * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *

*/ inline AdvancedFieldSelector& WithField(const char* value) { SetField(value); return *this;} /** *

An operator that includes events that match the exact value of the event * record field specified as the value of Field. This is the only * valid operator that you can use with the readOnly, * eventCategory, and resources.type fields.

*/ inline const Aws::Vector& GetEquals() const{ return m_equals; } /** *

*/ inline bool EqualsHasBeenSet() const { return m_equalsHasBeenSet; } /** *

*/ inline void SetEquals(const Aws::Vector& value) { m_equalsHasBeenSet = true; m_equals = value; } /** *

*/ inline void SetEquals(Aws::Vector&& value) { m_equalsHasBeenSet = true; m_equals = std::move(value); } /** *

*/ inline AdvancedFieldSelector& WithEquals(const Aws::Vector& value) { SetEquals(value); return *this;} /** *

*/ inline AdvancedFieldSelector& WithEquals(Aws::Vector&& value) { SetEquals(std::move(value)); return *this;} /** *

*/ inline AdvancedFieldSelector& AddEquals(const Aws::String& value) { m_equalsHasBeenSet = true; m_equals.push_back(value); return *this; } /** *

*/ inline AdvancedFieldSelector& AddEquals(Aws::String&& value) { m_equalsHasBeenSet = true; m_equals.push_back(std::move(value)); return *this; } /** *

*/ inline AdvancedFieldSelector& AddEquals(const char* value) { m_equalsHasBeenSet = true; m_equals.push_back(value); return *this; } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline const Aws::Vector& GetStartsWith() const{ return m_startsWith; } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline bool StartsWithHasBeenSet() const { return m_startsWithHasBeenSet; } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline void SetStartsWith(const Aws::Vector& value) { m_startsWithHasBeenSet = true; m_startsWith = value; } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline void SetStartsWith(Aws::Vector&& value) { m_startsWithHasBeenSet = true; m_startsWith = std::move(value); } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithStartsWith(const Aws::Vector& value) { SetStartsWith(value); return *this;} /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithStartsWith(Aws::Vector&& value) { SetStartsWith(std::move(value)); return *this;} /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddStartsWith(const Aws::String& value) { m_startsWithHasBeenSet = true; m_startsWith.push_back(value); return *this; } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddStartsWith(Aws::String&& value) { m_startsWithHasBeenSet = true; m_startsWith.push_back(std::move(value)); return *this; } /** *

An operator that includes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddStartsWith(const char* value) { m_startsWithHasBeenSet = true; m_startsWith.push_back(value); return *this; } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline const Aws::Vector& GetEndsWith() const{ return m_endsWith; } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline bool EndsWithHasBeenSet() const { return m_endsWithHasBeenSet; } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline void SetEndsWith(const Aws::Vector& value) { m_endsWithHasBeenSet = true; m_endsWith = value; } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline void SetEndsWith(Aws::Vector&& value) { m_endsWithHasBeenSet = true; m_endsWith = std::move(value); } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithEndsWith(const Aws::Vector& value) { SetEndsWith(value); return *this;} /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithEndsWith(Aws::Vector&& value) { SetEndsWith(std::move(value)); return *this;} /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddEndsWith(const Aws::String& value) { m_endsWithHasBeenSet = true; m_endsWith.push_back(value); return *this; } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddEndsWith(Aws::String&& value) { m_endsWithHasBeenSet = true; m_endsWith.push_back(std::move(value)); return *this; } /** *

An operator that includes events that match the last few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddEndsWith(const char* value) { m_endsWithHasBeenSet = true; m_endsWith.push_back(value); return *this; } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline const Aws::Vector& GetNotEquals() const{ return m_notEquals; } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline bool NotEqualsHasBeenSet() const { return m_notEqualsHasBeenSet; } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline void SetNotEquals(const Aws::Vector& value) { m_notEqualsHasBeenSet = true; m_notEquals = value; } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline void SetNotEquals(Aws::Vector&& value) { m_notEqualsHasBeenSet = true; m_notEquals = std::move(value); } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithNotEquals(const Aws::Vector& value) { SetNotEquals(value); return *this;} /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithNotEquals(Aws::Vector&& value) { SetNotEquals(std::move(value)); return *this;} /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddNotEquals(const Aws::String& value) { m_notEqualsHasBeenSet = true; m_notEquals.push_back(value); return *this; } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddNotEquals(Aws::String&& value) { m_notEqualsHasBeenSet = true; m_notEquals.push_back(std::move(value)); return *this; } /** *

An operator that excludes events that match the exact value of the event * record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddNotEquals(const char* value) { m_notEqualsHasBeenSet = true; m_notEquals.push_back(value); return *this; } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline const Aws::Vector& GetNotStartsWith() const{ return m_notStartsWith; } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline bool NotStartsWithHasBeenSet() const { return m_notStartsWithHasBeenSet; } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline void SetNotStartsWith(const Aws::Vector& value) { m_notStartsWithHasBeenSet = true; m_notStartsWith = value; } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline void SetNotStartsWith(Aws::Vector&& value) { m_notStartsWithHasBeenSet = true; m_notStartsWith = std::move(value); } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithNotStartsWith(const Aws::Vector& value) { SetNotStartsWith(value); return *this;} /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& WithNotStartsWith(Aws::Vector&& value) { SetNotStartsWith(std::move(value)); return *this;} /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddNotStartsWith(const Aws::String& value) { m_notStartsWithHasBeenSet = true; m_notStartsWith.push_back(value); return *this; } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddNotStartsWith(Aws::String&& value) { m_notStartsWithHasBeenSet = true; m_notStartsWith.push_back(std::move(value)); return *this; } /** *

An operator that excludes events that match the first few characters of the * event record field specified as the value of Field.

*/ inline AdvancedFieldSelector& AddNotStartsWith(const char* value) { m_notStartsWithHasBeenSet = true; m_notStartsWith.push_back(value); return *this; } /** *