/* * Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with * the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions * and limitations under the License. */ package com.amazonaws.services.cloudtrail.model; import java.io.Serializable; import javax.annotation.Generated; import com.amazonaws.protocol.StructuredPojo; import com.amazonaws.protocol.ProtocolMarshaller; /** *

* A single selector statement in an advanced event selector. *

* * @see AWS * API Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class AdvancedFieldSelector implements Serializable, Cloneable, StructuredPojo { /** *

* A field in a CloudTrail event record on which to filter events to be logged. For event data stores for Config * configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for * selecting events as filtering is not supported. *

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, and * resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, * the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both read and write * events. A value of true logs only read events. A value of false logs only * write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data event * logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple * values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of the * following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one resource * type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if you use * Equals or NotEquals, the value must exactly match the ARN of a valid resource of the * type you've speciﬁed in the template as the value of resources.type. For example, if resources.type equals * AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all * objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the * matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals * or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log events on * all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object * path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

*/ private String field; /** *

* An operator that includes events that match the exact value of the event record field specified as the value of * Field. This is the only valid operator that you can use with the readOnly, * eventCategory, and resources.type fields. *

*/ private com.amazonaws.internal.SdkInternalList equals; /** *

* An operator that includes events that match the first few characters of the event record field specified as the * value of Field. *

*/ private com.amazonaws.internal.SdkInternalList startsWith; /** *

* An operator that includes events that match the last few characters of the event record field specified as the * value of Field. *

*/ private com.amazonaws.internal.SdkInternalList endsWith; /** *

* An operator that excludes events that match the exact value of the event record field specified as the value of * Field. *

*/ private com.amazonaws.internal.SdkInternalList notEquals; /** *

* An operator that excludes events that match the first few characters of the event record field specified as the * value of Field. *

*/ private com.amazonaws.internal.SdkInternalList notStartsWith; /** *

* An operator that excludes events that match the last few characters of the event record field specified as the * value of Field. *

*/ private com.amazonaws.internal.SdkInternalList notEndsWith; /** *

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, and * resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, * the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both read and write * events. A value of true logs only read events. A value of false logs only * write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data event * logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple * values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of the * following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one resource * type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if you use * Equals or NotEquals, the value must exactly match the ARN of a valid resource of the * type you've speciﬁed in the template as the value of resources.type. For example, if resources.type equals * AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all * objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the * matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals * or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log events on * all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object * path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

* * @param field * A field in a CloudTrail event record on which to filter events to be logged. For event data stores for * Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used * only for selecting events as filtering is not supported.

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, and * resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services * events, the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true * or false. If you do not add this field, CloudTrail logs both read and * write events. A value of true logs only read events. A value of * false logs only write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data * event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have * multiple values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of the * following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one * resource type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if you * use Equals or NotEquals, the value must exactly match the ARN of a valid * resource of the type you've speciﬁed in the template as the value of resources.type. For example, if * resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To * log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and * include only the bucket ARN as the matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than * symbols (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the * operator is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log * events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t * include the object path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is * set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, and * resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, * the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both read and write * events. A value of true logs only read events. A value of false logs only * write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data event * logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple * values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of the * following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one resource * type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if you use * Equals or NotEquals, the value must exactly match the ARN of a valid resource of the * type you've speciﬁed in the template as the value of resources.type. For example, if resources.type equals * AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all * objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the * matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals * or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log events on * all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object * path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, * and resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services * events, the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true * or false. If you do not add this field, CloudTrail logs both read and * write events. A value of true logs only read events. A value of * false logs only write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data * event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have * multiple values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of * the following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one * resource type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if * you use Equals or NotEquals, the value must exactly match the ARN of a valid * resource of the type you've speciﬁed in the template as the value of resources.type. For example, if * resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To * log all data events for all objects in a specific S3 bucket, use the StartsWith operator, * and include only the bucket ARN as the matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than * symbols (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is * set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the * operator is set to Equals or NotEquals, the ARN must be in the following * format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is * set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log * events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t * include the object path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, and * resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, * the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true or * false. If you do not add this field, CloudTrail logs both read and write * events. A value of true logs only read events. A value of false logs only * write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data event * logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple * values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of the * following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one resource * type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if you use * Equals or NotEquals, the value must exactly match the ARN of a valid resource of the * type you've speciﬁed in the template as the value of resources.type. For example, if resources.type equals * AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all * objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the * matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols * (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or * NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals * or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log events on * all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object * path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

* For CloudTrail event records, supported fields include readOnly, eventCategory, * eventSource (for management events), eventName, resources.type, and * resources.ARN. *

* For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services * events, the only supported field is eventCategory. *

*
* readOnly - Optional. Can be set to Equals a value of true * or false. If you do not add this field, CloudTrail logs both read and * write events. A value of true logs only read events. A value of * false logs only write events. *
*
*
* eventSource - For filtering management events only. This can be set only to * NotEquals kms.amazonaws.com. *
*
*
* eventName - Can use any operator. You can use it to ﬁlter in or ﬁlter out any data * event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have * multiple values for this ﬁeld, separated by commas. *
*
*
* eventCategory - This is required and must be set to Equals. *
*
- *
  * For CloudTrail event records, the value must be Management or Data. *
  *
- *
  * For Config configuration items, the value must be ConfigurationItem. *
  *
- *
  * For Audit Manager evidence, the value must be Evidence. *
  *
- *
  * For non-Amazon Web Services events, the value must be ActivityAuditLog. *
  *
*
*
* resources.type - This ﬁeld is required for CloudTrail data events. * resources.type can only use the Equals operator, and the value can be one of the * following: *
*
- *
  * AWS::DynamoDB::Table *
  *
- *
  * AWS::Lambda::Function *
  *
- *
  * AWS::S3::Object *
  *
- *
  * AWS::CloudTrail::Channel *
  *
- *
  * AWS::CodeWhisperer::Profile *
  *
- *
  * AWS::Cognito::IdentityPool *
  *
- *
  * AWS::DynamoDB::Stream *
  *
- *
  * AWS::EC2::Snapshot *
  *
- *
  * AWS::EMRWAL::Workspace *
  *
- *
  * AWS::FinSpace::Environment *
  *
- *
  * AWS::Glue::Table *
  *
- *
  * AWS::GuardDuty::Detector *
  *
- *
  * AWS::KendraRanking::ExecutionPlan *
  *
- *
  * AWS::ManagedBlockchain::Node *
  *
- *
  * AWS::SageMaker::ExperimentTrialComponent *
  *
- *
  * AWS::SageMaker::FeatureGroup *
  *
- *
  * AWS::S3::AccessPoint *
  *
- *
  * AWS::S3ObjectLambda::AccessPoint *
  *
- *
  * AWS::S3Outposts::Object *
  *
*
* You can have only one resources.type ﬁeld per selector. To log data events on more than one * resource type, add another selector. *
*
*
* resources.ARN - You can use any operator with resources.ARN, but if you * use Equals or NotEquals, the value must exactly match the ARN of a valid * resource of the type you've speciﬁed in the template as the value of resources.type. For example, if * resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To * log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and * include only the bucket ARN as the matching value. *
*
* The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than * symbols (<>) with resource-specific information. *
*
- *
  * arn:<partition>:s3:::<bucket_name>/ *
  *
- *
  * arn:<partition>:s3:::<bucket_name>/<object_path>/ *
  *
*
* When resources.type equals AWS::DynamoDB::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> *
  *
*
* When resources.type equals AWS::Lambda::Function, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> *
  *
*
* When resources.type equals AWS::CloudTrail::Channel, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> *
  *
*
* When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> *
  *
*
* When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> *
  *
*
* When resources.type equals AWS::DynamoDB::Stream, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> *
  *
*
* When resources.type equals AWS::EC2::Snapshot, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> *
  *
*
* When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:emrwal:<region>::workspace/<workspace_name> *
  *
*
* When resources.type equals AWS::FinSpace::Environment, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> *
  *
*
* When resources.type equals AWS::Glue::Table, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> *
  *
*
* When resources.type equals AWS::GuardDuty::Detector, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> *
  *
*
* When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator * is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> *
  *
*
* When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> *
  *
*
* When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the * operator is set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> *
  *
*
* When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set * to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> *
  *
*
* When resources.type equals AWS::S3::AccessPoint, and the operator is set to * Equals or NotEquals, the ARN must be in one of the following formats. To log * events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t * include the object path, and use the StartsWith or NotStartsWith operators. *
*
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
- *
  * arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> *
  *
*
* When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is * set to Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> *
  *
*
* When resources.type equals AWS::S3Outposts::Object, and the operator is set to * Equals or NotEquals, the ARN must be in the following format: *
*
- *
  * arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> *
  *
*

Field

readOnly

eventCategory

resources.type

getEquals() { if (equals == null) { equals = new com.amazonaws.internal.SdkInternalList(); } return equals; } /** *

* * @param equals * An operator that includes events that match the exact value of the event record field specified as the * value of Field. This is the only valid operator that you can use with the * readOnly, eventCategory, and resources.type fields. */ public void setEquals(java.util.Collection equals) { if (equals == null) { this.equals = null; return; } this.equals = new com.amazonaws.internal.SdkInternalList(equals); } /** *

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setEquals(java.util.Collection)} or {@link #withEquals(java.util.Collection)} if you want to override the * existing values. *

* * @param equals * An operator that includes events that match the exact value of the event record field specified as the * value of Field. This is the only valid operator that you can use with the * readOnly, eventCategory, and resources.type fields. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withEquals(String... equals) { if (this.equals == null) { setEquals(new com.amazonaws.internal.SdkInternalList(equals.length)); } for (String ele : equals) { this.equals.add(ele); } return this; } /** *

* * @param equals * An operator that includes events that match the exact value of the event record field specified as the * value of Field. This is the only valid operator that you can use with the * readOnly, eventCategory, and resources.type fields. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withEquals(java.util.Collection equals) { setEquals(equals); return this; } /** *

* An operator that includes events that match the first few characters of the event record field specified as the * value of Field. *

* * @return An operator that includes events that match the first few characters of the event record field specified * as the value of Field. */ public java.util.List getStartsWith() { if (startsWith == null) { startsWith = new com.amazonaws.internal.SdkInternalList(); } return startsWith; } /** *

* An operator that includes events that match the first few characters of the event record field specified as the * value of Field. *

* * @param startsWith * An operator that includes events that match the first few characters of the event record field specified * as the value of Field. */ public void setStartsWith(java.util.Collection startsWith) { if (startsWith == null) { this.startsWith = null; return; } this.startsWith = new com.amazonaws.internal.SdkInternalList(startsWith); } /** *

* An operator that includes events that match the first few characters of the event record field specified as the * value of Field. *

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setStartsWith(java.util.Collection)} or {@link #withStartsWith(java.util.Collection)} if you want to * override the existing values. *

* * @param startsWith * An operator that includes events that match the first few characters of the event record field specified * as the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withStartsWith(String... startsWith) { if (this.startsWith == null) { setStartsWith(new com.amazonaws.internal.SdkInternalList(startsWith.length)); } for (String ele : startsWith) { this.startsWith.add(ele); } return this; } /** *

* An operator that includes events that match the first few characters of the event record field specified as the * value of Field. *

* * @param startsWith * An operator that includes events that match the first few characters of the event record field specified * as the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withStartsWith(java.util.Collection startsWith) { setStartsWith(startsWith); return this; } /** *

* An operator that includes events that match the last few characters of the event record field specified as the * value of Field. *

* * @return An operator that includes events that match the last few characters of the event record field specified * as the value of Field. */ public java.util.List getEndsWith() { if (endsWith == null) { endsWith = new com.amazonaws.internal.SdkInternalList(); } return endsWith; } /** *

* An operator that includes events that match the last few characters of the event record field specified as the * value of Field. *

* * @param endsWith * An operator that includes events that match the last few characters of the event record field specified as * the value of Field. */ public void setEndsWith(java.util.Collection endsWith) { if (endsWith == null) { this.endsWith = null; return; } this.endsWith = new com.amazonaws.internal.SdkInternalList(endsWith); } /** *

* An operator that includes events that match the last few characters of the event record field specified as the * value of Field. *

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setEndsWith(java.util.Collection)} or {@link #withEndsWith(java.util.Collection)} if you want to override * the existing values. *

* * @param endsWith * An operator that includes events that match the last few characters of the event record field specified as * the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withEndsWith(String... endsWith) { if (this.endsWith == null) { setEndsWith(new com.amazonaws.internal.SdkInternalList(endsWith.length)); } for (String ele : endsWith) { this.endsWith.add(ele); } return this; } /** *

* An operator that includes events that match the last few characters of the event record field specified as the * value of Field. *

* * @param endsWith * An operator that includes events that match the last few characters of the event record field specified as * the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withEndsWith(java.util.Collection endsWith) { setEndsWith(endsWith); return this; } /** *

* An operator that excludes events that match the exact value of the event record field specified as the value of * Field. *

* * @return An operator that excludes events that match the exact value of the event record field specified as the * value of Field. */ public java.util.List getNotEquals() { if (notEquals == null) { notEquals = new com.amazonaws.internal.SdkInternalList(); } return notEquals; } /** *

* An operator that excludes events that match the exact value of the event record field specified as the value of * Field. *

* * @param notEquals * An operator that excludes events that match the exact value of the event record field specified as the * value of Field. */ public void setNotEquals(java.util.Collection notEquals) { if (notEquals == null) { this.notEquals = null; return; } this.notEquals = new com.amazonaws.internal.SdkInternalList(notEquals); } /** *

* An operator that excludes events that match the exact value of the event record field specified as the value of * Field. *

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setNotEquals(java.util.Collection)} or {@link #withNotEquals(java.util.Collection)} if you want to * override the existing values. *

* * @param notEquals * An operator that excludes events that match the exact value of the event record field specified as the * value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withNotEquals(String... notEquals) { if (this.notEquals == null) { setNotEquals(new com.amazonaws.internal.SdkInternalList(notEquals.length)); } for (String ele : notEquals) { this.notEquals.add(ele); } return this; } /** *

* An operator that excludes events that match the exact value of the event record field specified as the value of * Field. *

* * @param notEquals * An operator that excludes events that match the exact value of the event record field specified as the * value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withNotEquals(java.util.Collection notEquals) { setNotEquals(notEquals); return this; } /** *

* An operator that excludes events that match the first few characters of the event record field specified as the * value of Field. *

* * @return An operator that excludes events that match the first few characters of the event record field specified * as the value of Field. */ public java.util.List getNotStartsWith() { if (notStartsWith == null) { notStartsWith = new com.amazonaws.internal.SdkInternalList(); } return notStartsWith; } /** *

* An operator that excludes events that match the first few characters of the event record field specified as the * value of Field. *

* * @param notStartsWith * An operator that excludes events that match the first few characters of the event record field specified * as the value of Field. */ public void setNotStartsWith(java.util.Collection notStartsWith) { if (notStartsWith == null) { this.notStartsWith = null; return; } this.notStartsWith = new com.amazonaws.internal.SdkInternalList(notStartsWith); } /** *

* An operator that excludes events that match the first few characters of the event record field specified as the * value of Field. *

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setNotStartsWith(java.util.Collection)} or {@link #withNotStartsWith(java.util.Collection)} if you want * to override the existing values. *

* * @param notStartsWith * An operator that excludes events that match the first few characters of the event record field specified * as the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withNotStartsWith(String... notStartsWith) { if (this.notStartsWith == null) { setNotStartsWith(new com.amazonaws.internal.SdkInternalList(notStartsWith.length)); } for (String ele : notStartsWith) { this.notStartsWith.add(ele); } return this; } /** *

* An operator that excludes events that match the first few characters of the event record field specified as the * value of Field. *

* * @param notStartsWith * An operator that excludes events that match the first few characters of the event record field specified * as the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withNotStartsWith(java.util.Collection notStartsWith) { setNotStartsWith(notStartsWith); return this; } /** *

* An operator that excludes events that match the last few characters of the event record field specified as the * value of Field. *

* * @return An operator that excludes events that match the last few characters of the event record field specified * as the value of Field. */ public java.util.List getNotEndsWith() { if (notEndsWith == null) { notEndsWith = new com.amazonaws.internal.SdkInternalList(); } return notEndsWith; } /** *

* An operator that excludes events that match the last few characters of the event record field specified as the * value of Field. *

* * @param notEndsWith * An operator that excludes events that match the last few characters of the event record field specified as * the value of Field. */ public void setNotEndsWith(java.util.Collection notEndsWith) { if (notEndsWith == null) { this.notEndsWith = null; return; } this.notEndsWith = new com.amazonaws.internal.SdkInternalList(notEndsWith); } /** *

* An operator that excludes events that match the last few characters of the event record field specified as the * value of Field. *

* NOTE: This method appends the values to the existing list (if any). Use * {@link #setNotEndsWith(java.util.Collection)} or {@link #withNotEndsWith(java.util.Collection)} if you want to * override the existing values. *

* An operator that excludes events that match the last few characters of the event record field specified as the * value of Field. *

* * @param notEndsWith * An operator that excludes events that match the last few characters of the event record field specified as * the value of Field. * @return Returns a reference to this object so that method calls can be chained together. */ public AdvancedFieldSelector withNotEndsWith(java.util.Collection notEndsWith) { setNotEndsWith(notEndsWith); return this; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getField() != null) sb.append("Field: ").append(getField()).append(","); if (getEquals() != null) sb.append("Equals: ").append(getEquals()).append(","); if (getStartsWith() != null) sb.append("StartsWith: ").append(getStartsWith()).append(","); if (getEndsWith() != null) sb.append("EndsWith: ").append(getEndsWith()).append(","); if (getNotEquals() != null) sb.append("NotEquals: ").append(getNotEquals()).append(","); if (getNotStartsWith() != null) sb.append("NotStartsWith: ").append(getNotStartsWith()).append(","); if (getNotEndsWith() != null) sb.append("NotEndsWith: ").append(getNotEndsWith()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof AdvancedFieldSelector == false) return false; AdvancedFieldSelector other = (AdvancedFieldSelector) obj; if (other.getField() == null ^ this.getField() == null) return false; if (other.getField() != null && other.getField().equals(this.getField()) == false) return false; if (other.getEquals() == null ^ this.getEquals() == null) return false; if (other.getEquals() != null && other.getEquals().equals(this.getEquals()) == false) return false; if (other.getStartsWith() == null ^ this.getStartsWith() == null) return false; if (other.getStartsWith() != null && other.getStartsWith().equals(this.getStartsWith()) == false) return false; if (other.getEndsWith() == null ^ this.getEndsWith() == null) return false; if (other.getEndsWith() != null && other.getEndsWith().equals(this.getEndsWith()) == false) return false; if (other.getNotEquals() == null ^ this.getNotEquals() == null) return false; if (other.getNotEquals() != null && other.getNotEquals().equals(this.getNotEquals()) == false) return false; if (other.getNotStartsWith() == null ^ this.getNotStartsWith() == null) return false; if (other.getNotStartsWith() != null && other.getNotStartsWith().equals(this.getNotStartsWith()) == false) return false; if (other.getNotEndsWith() == null ^ this.getNotEndsWith() == null) return false; if (other.getNotEndsWith() != null && other.getNotEndsWith().equals(this.getNotEndsWith()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getField() == null) ? 0 : getField().hashCode()); hashCode = prime * hashCode + ((getEquals() == null) ? 0 : getEquals().hashCode()); hashCode = prime * hashCode + ((getStartsWith() == null) ? 0 : getStartsWith().hashCode()); hashCode = prime * hashCode + ((getEndsWith() == null) ? 0 : getEndsWith().hashCode()); hashCode = prime * hashCode + ((getNotEquals() == null) ? 0 : getNotEquals().hashCode()); hashCode = prime * hashCode + ((getNotStartsWith() == null) ? 0 : getNotStartsWith().hashCode()); hashCode = prime * hashCode + ((getNotEndsWith() == null) ? 0 : getNotEndsWith().hashCode()); return hashCode; } @Override public AdvancedFieldSelector clone() { try { return (AdvancedFieldSelector) super.clone(); } catch (CloneNotSupportedException e) { throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e); } } @com.amazonaws.annotation.SdkInternalApi @Override public void marshall(ProtocolMarshaller protocolMarshaller) { com.amazonaws.services.cloudtrail.model.transform.AdvancedFieldSelectorMarshaller.getInstance().marshall(this, protocolMarshaller); } }