/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace CloudTrail { namespace Model { /** *

The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables that you * specify in your event selectors for your trail to log data events. Data events * provide information about the resource operations performed on or within a * resource itself. These are also known as data plane operations. You can specify * up to 250 data resources for a trail.

The total number of allowed * data resources is 250. This number can be distributed between 1 and 5 event * selectors, but the total cannot exceed 250 across all selectors for the * trail.

If you are using advanced event selectors, the maximum total * number of values for all conditions, across all advanced event selectors for the * trail, is 500.

The following example demonstrates how logging * works when you configure logging of all data events for an S3 bucket named * bucket-1. In this example, the CloudTrail user specified an empty * prefix, and the option to log both Read and Write data * events.

  1. A user uploads an image file to * bucket-1.

  2. The PutObject API * operation is an Amazon S3 object-level API. It is recorded as a data event in * CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty * prefix, events that occur on any object in that bucket are logged. The trail * processes and logs the event.

  3. A user uploads an object to an * Amazon S3 bucket named arn:aws:s3:::bucket-2.

  4. The * PutObject API operation occurred for an object in an S3 bucket that * the CloudTrail user didn't specify for the trail. The trail doesn’t log the * event.

The following example demonstrates how logging works * when you configure logging of Lambda data events for a Lambda function named * MyLambdaFunction, but not for all Lambda functions.

  1. A * user runs a script that includes a call to the MyLambdaFunction function * and the MyOtherLambdaFunction function.

  2. The * Invoke API operation on MyLambdaFunction is an Lambda API. * It is recorded as a data event in CloudTrail. Because the CloudTrail user * specified logging data events for MyLambdaFunction, any invocations of * that function are logged. The trail processes and logs the event.

  3. *

    The Invoke API operation on MyOtherLambdaFunction is an * Lambda API. Because the CloudTrail user did not specify logging data events for * all Lambda functions, the Invoke operation for * MyOtherLambdaFunction does not match the function specified for the * trail. The trail doesn’t log the event.

See Also:

* AWS * API Reference

*/ class DataResource { public: AWS_CLOUDTRAIL_API DataResource(); AWS_CLOUDTRAIL_API DataResource(Aws::Utils::Json::JsonView jsonValue); AWS_CLOUDTRAIL_API DataResource& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_CLOUDTRAIL_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline const Aws::String& GetType() const{ return m_type; } /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline bool TypeHasBeenSet() const { return m_typeHasBeenSet; } /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline void SetType(const Aws::String& value) { m_typeHasBeenSet = true; m_type = value; } /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline void SetType(Aws::String&& value) { m_typeHasBeenSet = true; m_type = std::move(value); } /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline void SetType(const char* value) { m_typeHasBeenSet = true; m_type.assign(value); } /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline DataResource& WithType(const Aws::String& value) { SetType(value); return *this;} /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline DataResource& WithType(Aws::String&& value) { SetType(std::move(value)); return *this;} /** *

The resource type in which you want to log data events. You can specify the * following basic event selector resource types:

  • * AWS::DynamoDB::Table

  • * AWS::Lambda::Function

  • * AWS::S3::Object

The following resource types * are also available through advanced event selectors. Basic event selector * resource types are valid in advanced event selectors, but advanced event * selector resource types are not valid in basic event selectors. For more * information, see AdvancedFieldSelector.

*

  • AWS::CloudTrail::Channel

  • * AWS::CodeWhisperer::Profile

  • * AWS::Cognito::IdentityPool

  • * AWS::DynamoDB::Stream

  • * AWS::EC2::Snapshot

  • * AWS::EMRWAL::Workspace

  • * AWS::FinSpace::Environment

  • * AWS::Glue::Table

  • * AWS::GuardDuty::Detector

  • * AWS::KendraRanking::ExecutionPlan

  • * AWS::ManagedBlockchain::Node

  • * AWS::SageMaker::ExperimentTrialComponent

  • * AWS::SageMaker::FeatureGroup

  • * AWS::S3::AccessPoint

  • * AWS::S3ObjectLambda::AccessPoint

  • * AWS::S3Outposts::Object

*/ inline DataResource& WithType(const char* value) { SetType(value); return *this;} /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline const Aws::Vector& GetValues() const{ return m_values; } /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline bool ValuesHasBeenSet() const { return m_valuesHasBeenSet; } /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline void SetValues(const Aws::Vector& value) { m_valuesHasBeenSet = true; m_values = value; } /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline void SetValues(Aws::Vector&& value) { m_valuesHasBeenSet = true; m_values = std::move(value); } /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline DataResource& WithValues(const Aws::Vector& value) { SetValues(value); return *this;} /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline DataResource& WithValues(Aws::Vector&& value) { SetValues(std::move(value)); return *this;} /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline DataResource& AddValues(const Aws::String& value) { m_valuesHasBeenSet = true; m_values.push_back(value); return *this; } /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline DataResource& AddValues(Aws::String&& value) { m_valuesHasBeenSet = true; m_values.push_back(std::move(value)); return *this; } /** *

An array of Amazon Resource Name (ARN) strings or partial ARN strings for the * specified objects.

  • To log data events for all objects in all S3 * buckets in your Amazon Web Services account, specify the prefix as * arn:aws:s3.

    This also enables logging of data event * activity performed by any user or role in your Amazon Web Services account, even * if that activity is performed on a bucket that belongs to another Amazon Web * Services account.

  • To log data events for all objects * in an S3 bucket, specify the bucket and an empty object prefix such as * arn:aws:s3:::bucket-1/. The trail logs data events for all objects * in this S3 bucket.

  • To log data events for specific objects, * specify the S3 bucket and object prefix such as * arn:aws:s3:::bucket-1/example-images. The trail logs data events * for objects in this S3 bucket that match the prefix.

  • To log * data events for all Lambda functions in your Amazon Web Services account, * specify the prefix as arn:aws:lambda.

    This also * enables logging of Invoke activity performed by any user or role in * your Amazon Web Services account, even if that activity is performed on a * function that belongs to another Amazon Web Services account.

    • *

  • To log data events for a specific Lambda function, specify the function * ARN.

    Lambda function ARNs are exact. For example, if you specify a * function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, * data events will only be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not * be logged for * arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

    *

  • To log data events for all DynamoDB tables in your Amazon Web * Services account, specify the prefix as arn:aws:dynamodb.

    • *
*/ inline DataResource& AddValues(const char* value) { m_valuesHasBeenSet = true; m_values.push_back(value); return *this; } private: Aws::String m_type; bool m_typeHasBeenSet = false; Aws::Vector m_values; bool m_valuesHasBeenSet = false; }; } // namespace Model } // namespace CloudTrail } // namespace Aws