/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the cloudtrail-2013-11-01.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.CloudTrail.Model { /// /// The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables that you specify /// in your event selectors for your trail to log data events. Data events provide information /// about the resource operations performed on or within a resource itself. These are /// also known as data plane operations. You can specify up to 250 data resources for /// a trail. /// /// /// /// The total number of allowed data resources is 250. This number can be distributed /// between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors /// for the trail. /// /// /// /// If you are using advanced event selectors, the maximum total number of values for /// all conditions, across all advanced event selectors for the trail, is 500. /// /// /// /// The following example demonstrates how logging works when you configure logging of /// all data events for an S3 bucket named bucket-1. In this example, the /// CloudTrail user specified an empty prefix, and the option to log both Read /// and Write data events. /// ///
  1. /// /// A user uploads an image file to bucket-1. /// ///
  2. /// /// The PutObject API operation is an Amazon S3 object-level API. It is recorded /// as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket /// with an empty prefix, events that occur on any object in that bucket are logged. The /// trail processes and logs the event. /// ///
  3. /// /// A user uploads an object to an Amazon S3 bucket named arn:aws:s3:::bucket-2. /// ///
  4. /// /// The PutObject API operation occurred for an object in an S3 bucket that /// the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. /// ///
/// /// The following example demonstrates how logging works when you configure logging of /// Lambda data events for a Lambda function named MyLambdaFunction, but not for /// all Lambda functions. /// ///
  1. /// /// A user runs a script that includes a call to the MyLambdaFunction function /// and the MyOtherLambdaFunction function. /// ///
  2. /// /// The Invoke API operation on MyLambdaFunction is an Lambda API. /// It is recorded as a data event in CloudTrail. Because the CloudTrail user specified /// logging data events for MyLambdaFunction, any invocations of that function /// are logged. The trail processes and logs the event. /// ///
  3. /// /// The Invoke API operation on MyOtherLambdaFunction is an Lambda /// API. Because the CloudTrail user did not specify logging data events for all Lambda /// functions, the Invoke operation for MyOtherLambdaFunction does /// not match the function specified for the trail. The trail doesn’t log the event. /// ///
/// public partial class DataResource { private string _type; private List _values = new List(); /// /// Gets and sets the property Type. /// /// The resource type in which you want to log data events. You can specify the following /// basic event selector resource types: /// ///
  • /// /// AWS::DynamoDB::Table /// ///
  • /// /// AWS::Lambda::Function /// ///
  • /// /// AWS::S3::Object /// ///
/// /// The following resource types are also available through advanced event selectors. /// Basic event selector resource types are valid in advanced event selectors, but advanced /// event selector resource types are not valid in basic event selectors. For more information, /// see AdvancedFieldSelector. /// ///
  • /// /// AWS::CloudTrail::Channel /// ///
  • /// /// AWS::CodeWhisperer::Profile /// ///
  • /// /// AWS::Cognito::IdentityPool /// ///
  • /// /// AWS::DynamoDB::Stream /// ///
  • /// /// AWS::EC2::Snapshot /// ///
  • /// /// AWS::EMRWAL::Workspace /// ///
  • /// /// AWS::FinSpace::Environment /// ///
  • /// /// AWS::Glue::Table /// ///
  • /// /// AWS::GuardDuty::Detector /// ///
  • /// /// AWS::KendraRanking::ExecutionPlan /// ///
  • /// /// AWS::ManagedBlockchain::Node /// ///
  • /// /// AWS::SageMaker::ExperimentTrialComponent /// ///
  • /// /// AWS::SageMaker::FeatureGroup /// ///
  • /// /// AWS::S3::AccessPoint /// ///
  • /// /// AWS::S3ObjectLambda::AccessPoint /// ///
  • /// /// AWS::S3Outposts::Object /// ///
/// public string Type { get { return this._type; } set { this._type = value; } } // Check to see if Type property is set internal bool IsSetType() { return this._type != null; } /// /// Gets and sets the property Values. /// /// An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified /// objects. /// ///
  • /// /// To log data events for all objects in all S3 buckets in your Amazon Web Services account, /// specify the prefix as arn:aws:s3. /// /// /// /// This also enables logging of data event activity performed by any user or role in /// your Amazon Web Services account, even if that activity is performed on a bucket that /// belongs to another Amazon Web Services account. /// ///
  • /// /// To log data events for all objects in an S3 bucket, specify the bucket and an empty /// object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events /// for all objects in this S3 bucket. /// ///
  • /// /// To log data events for specific objects, specify the S3 bucket and object prefix such /// as arn:aws:s3:::bucket-1/example-images. The trail logs data events for /// objects in this S3 bucket that match the prefix. /// ///
  • /// /// To log data events for all Lambda functions in your Amazon Web Services account, specify /// the prefix as arn:aws:lambda. /// /// /// /// This also enables logging of Invoke activity performed by any user or /// role in your Amazon Web Services account, even if that activity is performed on a /// function that belongs to another Amazon Web Services account. /// ///
  • /// /// To log data events for a specific Lambda function, specify the function ARN. /// /// /// /// Lambda function ARNs are exact. For example, if you specify a function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, /// data events will only be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. /// They will not be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2. /// ///
  • /// /// To log data events for all DynamoDB tables in your Amazon Web Services account, specify /// the prefix as arn:aws:dynamodb. /// ///
/// public List Values { get { return this._values; } set { this._values = value; } } // Check to see if Values property is set internal bool IsSetValues() { return this._values != null && this._values.Count > 0; } } }