Learn R
paws.management (version 0.1.0)

cloudtrail_put_event_selectors: Configures an event selector for your trail

Description

Configures an event selector for your trail. Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events.

Usage

cloudtrail_put_event_selectors(TrailName, EventSelectors)

Arguments

TrailName

[required] Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (\_), or dashes (-)

  • Start with a letter or number, and end with a letter or number

  • Be between 3 and 128 characters

  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

  • Not be in IP address format (for example, 192.168.5.4)

If you specify a trail ARN, it must be in the format:

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

EventSelectors

[required] Specifies the settings for your event selectors. You can configure up to five event selectors for a trail.

Request syntax

svc$put_event_selectors(
  TrailName = "string",
  EventSelectors = list(
    list(
      ReadWriteType = "ReadOnly"|"WriteOnly"|"All",
      IncludeManagementEvents = TRUE|FALSE,
      DataResources = list(
        list(
          Type = "string",
          Values = list(
            "string"
          )
        )
      )
    )
  )
)

Details

When an event occurs in your account, CloudTrail evaluates the event selectors in all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

Example

  1. You create an event selector for a trail and specify that you want write-only events.

  2. The EC2 GetConsoleOutput and RunInstances API operations occur in your account.

  3. CloudTrail evaluates whether the events match your event selectors.

  4. The RunInstances is a write-only event and it matches your event selector. The trail logs the event.

  5. The GetConsoleOutput is a read-only event but it doesn't match your event selector. The trail doesn't log the event.

The PutEventSelectors operation must be called from the region in which the trail was created; otherwise, an InvalidHomeRegionException is thrown.

You can configure up to five event selectors for each trail. For more information, see Logging Data and Management Events for Trails and Limits in AWS CloudTrail in the AWS CloudTrail User Guide.