/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the cloudtrail-2013-11-01.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.CloudTrail.Model { /// /// A single selector statement in an advanced event selector. /// public partial class AdvancedFieldSelector { private List _endsWith = new List(); private List _equals = new List(); private string _field; private List _notEndsWith = new List(); private List _notEquals = new List(); private List _notStartsWith = new List(); private List _startsWith = new List(); /// /// Gets and sets the property EndsWith. /// /// An operator that includes events that match the last few characters of the event record /// field specified as the value of Field. /// /// [AWSProperty(Min=1)] public List EndsWith { get { return this._endsWith; } set { this._endsWith = value; } } // Check to see if EndsWith property is set internal bool IsSetEndsWith() { return this._endsWith != null && this._endsWith.Count > 0; } /// /// Gets and sets the property Equals. /// /// An operator that includes events that match the exact value of the event record field /// specified as the value of Field. This is the only valid operator that /// you can use with the readOnly, eventCategory, and resources.type /// fields. /// /// [AWSProperty(Min=1)] public List Equals { get { return this._equals; } set { this._equals = value; } } // Check to see if Equals property is set internal bool IsSetEquals() { return this._equals != null && this._equals.Count > 0; } /// /// Gets and sets the property Field. /// /// A field in a CloudTrail event record on which to filter events to be logged. For /// event data stores for Config configuration items, Audit Manager evidence, or non-Amazon /// Web Services events, the field is used only for selecting events as filtering is not /// supported. /// /// /// /// For CloudTrail event records, supported fields include readOnly, eventCategory, /// eventSource (for management events), eventName, resources.type, /// and resources.ARN. /// /// /// /// For event data stores for Config configuration items, Audit Manager evidence, or /// non-Amazon Web Services events, the only supported field is eventCategory. /// /// ///
  • /// /// readOnly - Optional. Can be set to Equals a value /// of true or false. If you do not add this field, CloudTrail /// logs both read and write events. A value of true /// logs only read events. A value of false logs only write /// events. /// ///
  • /// /// eventSource - For filtering management events only. This can /// be set only to NotEquals kms.amazonaws.com. /// ///
  • /// /// eventName - Can use any operator. You can use it to filter in /// or filter out any data event logged to CloudTrail, such as PutBucket or /// GetSnapshotBlock. You can have multiple values for this field, separated /// by commas. /// ///
  • /// /// eventCategory - This is required and must be set to Equals. /// /// ///
    • /// /// For CloudTrail event records, the value must be Management or Data. /// /// ///
    • /// /// For Config configuration items, the value must be ConfigurationItem. /// /// ///
    • /// /// For Audit Manager evidence, the value must be Evidence. /// ///
    • /// /// For non-Amazon Web Services events, the value must be ActivityAuditLog. /// /// ///
  • /// /// resources.type - This field is required for CloudTrail data /// events. resources.type can only use the Equals operator, /// and the value can be one of the following: /// ///
    • /// /// AWS::DynamoDB::Table /// ///
    • /// /// AWS::Lambda::Function /// ///
    • /// /// AWS::S3::Object /// ///
    • /// /// AWS::CloudTrail::Channel /// ///
    • /// /// AWS::CodeWhisperer::Profile /// ///
    • /// /// AWS::Cognito::IdentityPool /// ///
    • /// /// AWS::DynamoDB::Stream /// ///
    • /// /// AWS::EC2::Snapshot /// ///
    • /// /// AWS::EMRWAL::Workspace /// ///
    • /// /// AWS::FinSpace::Environment /// ///
    • /// /// AWS::Glue::Table /// ///
    • /// /// AWS::GuardDuty::Detector /// ///
    • /// /// AWS::KendraRanking::ExecutionPlan /// ///
    • /// /// AWS::ManagedBlockchain::Node /// ///
    • /// /// AWS::SageMaker::ExperimentTrialComponent /// ///
    • /// /// AWS::SageMaker::FeatureGroup /// ///
    • /// /// AWS::S3::AccessPoint /// ///
    • /// /// AWS::S3ObjectLambda::AccessPoint /// ///
    • /// /// AWS::S3Outposts::Object /// ///
    /// /// You can have only one resources.type field per selector. To log data /// events on more than one resource type, add another selector. /// ///
  • /// /// resources.ARN - You can use any operator with resources.ARN, /// but if you use Equals or NotEquals, the value must exactly /// match the ARN of a valid resource of the type you've specified in the template as the /// value of resources.type. For example, if resources.type equals AWS::S3::Object, /// the ARN must be in one of the following formats. To log all data events for all objects /// in a specific S3 bucket, use the StartsWith operator, and include only /// the bucket ARN as the matching value. /// /// /// /// The trailing slash is intentional; do not exclude it. Replace the text between less /// than and greater than symbols (<>) with resource-specific information. /// ///
    • /// /// arn:<partition>:s3:::<bucket_name>/ /// ///
    • /// /// arn:<partition>:s3:::<bucket_name>/<object_path>/ /// /// ///
    /// /// When resources.type equals AWS::DynamoDB::Table, and the operator is /// set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name> /// /// ///
    /// /// When resources.type equals AWS::Lambda::Function, and the operator is /// set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:lambda:<region>:<account_ID>:function:<function_name> /// /// ///
    /// /// When resources.type equals AWS::CloudTrail::Channel, and the operator /// is set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID> /// /// ///
    /// /// When resources.type equals AWS::CodeWhisperer::Profile, and the operator /// is set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID> /// /// ///
    /// /// When resources.type equals AWS::Cognito::IdentityPool, and the operator /// is set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID> /// /// ///
    /// /// When resources.type equals AWS::DynamoDB::Stream, and the /// operator is set to Equals or NotEquals, the ARN must be /// in the following format: /// ///
    • /// /// arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time> /// /// ///
    /// /// When resources.type equals AWS::EC2::Snapshot, and the operator /// is set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:ec2:<region>::snapshot/<snapshot_ID> /// /// ///
    /// /// When resources.type equals AWS::EMRWAL::Workspace, and the /// operator is set to Equals or NotEquals, the ARN must be /// in the following format: /// ///
    • /// /// arn:<partition>:emrwal:<region>::workspace/<workspace_name> /// /// ///
    /// /// When resources.type equals AWS::FinSpace::Environment, and /// the operator is set to Equals or NotEquals, the ARN must /// be in the following format: /// ///
    • /// /// arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID> /// /// ///
    /// /// When resources.type equals AWS::Glue::Table, and the operator /// is set to Equals or NotEquals, the ARN must be in the following /// format: /// ///
    • /// /// arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name> /// /// ///
    /// /// When resources.type equals AWS::GuardDuty::Detector, and /// the operator is set to Equals or NotEquals, the ARN must /// be in the following format: /// ///
    • /// /// arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID> /// /// ///
    /// /// When resources.type equals AWS::KendraRanking::ExecutionPlan, /// and the operator is set to Equals or NotEquals, the ARN /// must be in the following format: /// ///
    • /// /// arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID> /// /// ///
    /// /// When resources.type equals AWS::ManagedBlockchain::Node, /// and the operator is set to Equals or NotEquals, the ARN /// must be in the following format: /// ///
    • /// /// arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID> /// /// ///
    /// /// When resources.type equals AWS::SageMaker::ExperimentTrialComponent, /// and the operator is set to Equals or NotEquals, the ARN /// must be in the following format: /// ///
    • /// /// arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name> /// /// ///
    /// /// When resources.type equals AWS::SageMaker::FeatureGroup, /// and the operator is set to Equals or NotEquals, the ARN /// must be in the following format: /// ///
    • /// /// arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name> /// /// ///
    /// /// When resources.type equals AWS::S3::AccessPoint, and the /// operator is set to Equals or NotEquals, the ARN must be /// in one of the following formats. To log events on all objects in an S3 access point, /// we recommend that you use only the access point ARN, don’t include the object path, /// and use the StartsWith or NotStartsWith operators. /// ///
    • /// /// arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name> /// /// ///
    • /// /// arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path> /// /// ///
    /// /// When resources.type equals AWS::S3ObjectLambda::AccessPoint, /// and the operator is set to Equals or NotEquals, the ARN /// must be in the following format: /// ///
    • /// /// arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name> /// /// ///
    /// /// When resources.type equals AWS::S3Outposts::Object, and /// the operator is set to Equals or NotEquals, the ARN must /// be in the following format: /// ///
    • /// /// arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path> /// /// ///
/// [AWSProperty(Required=true, Min=1, Max=1000)] public string Field { get { return this._field; } set { this._field = value; } } // Check to see if Field property is set internal bool IsSetField() { return this._field != null; } /// /// Gets and sets the property NotEndsWith. /// /// An operator that excludes events that match the last few characters of the event /// record field specified as the value of Field. /// /// [AWSProperty(Min=1)] public List NotEndsWith { get { return this._notEndsWith; } set { this._notEndsWith = value; } } // Check to see if NotEndsWith property is set internal bool IsSetNotEndsWith() { return this._notEndsWith != null && this._notEndsWith.Count > 0; } /// /// Gets and sets the property NotEquals. /// /// An operator that excludes events that match the exact value of the event record field /// specified as the value of Field. /// /// [AWSProperty(Min=1)] public List NotEquals { get { return this._notEquals; } set { this._notEquals = value; } } // Check to see if NotEquals property is set internal bool IsSetNotEquals() { return this._notEquals != null && this._notEquals.Count > 0; } /// /// Gets and sets the property NotStartsWith. /// /// An operator that excludes events that match the first few characters of the event /// record field specified as the value of Field. /// /// [AWSProperty(Min=1)] public List NotStartsWith { get { return this._notStartsWith; } set { this._notStartsWith = value; } } // Check to see if NotStartsWith property is set internal bool IsSetNotStartsWith() { return this._notStartsWith != null && this._notStartsWith.Count > 0; } /// /// Gets and sets the property StartsWith. /// /// An operator that includes events that match the first few characters of the event /// record field specified as the value of Field. /// /// [AWSProperty(Min=1)] public List StartsWith { get { return this._startsWith; } set { this._startsWith = value; } } // Check to see if StartsWith property is set internal bool IsSetStartsWith() { return this._startsWith != null && this._startsWith.Count > 0; } } }