AWSx (Pulumi Crosswalk for AWS) v2.12.3, Jun 22 24

AWSx (Pulumi Crosswalk for AWS) v2.12.3 published on Saturday, Jun 22, 2024 by Pulumi

awsx.cloudtrail.Trail

Explore with Pulumi AI

AWSx (Pulumi Crosswalk for AWS) v2.12.3 published on Saturday, Jun 22, 2024 by Pulumi

Create Trail Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Trail(name: string, args?: TrailArgs, opts?: CustomResourceOptions);

@overload
def Trail(resource_name: str,
          args: Optional[TrailArgs] = None,
          opts: Optional[ResourceOptions] = None)

@overload
def Trail(resource_name: str,
          opts: Optional[ResourceOptions] = None,
          advanced_event_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailAdvancedEventSelectorArgs]] = None,
          cloud_watch_logs_group: Optional[_awsx.OptionalLogGroupArgs] = None,
          enable_log_file_validation: Optional[bool] = None,
          enable_logging: Optional[bool] = None,
          event_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailEventSelectorArgs]] = None,
          include_global_service_events: Optional[bool] = None,
          insight_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailInsightSelectorArgs]] = None,
          is_multi_region_trail: Optional[bool] = None,
          is_organization_trail: Optional[bool] = None,
          kms_key_id: Optional[str] = None,
          name: Optional[str] = None,
          s3_bucket: Optional[_awsx.RequiredBucketArgs] = None,
          s3_key_prefix: Optional[str] = None,
          sns_topic_name: Optional[str] = None,
          tags: Optional[Mapping[str, str]] = None)

func NewTrail(ctx *Context, name string, args *TrailArgs, opts ...ResourceOption) (*Trail, error)

public Trail(string name, TrailArgs? args = null, CustomResourceOptions? opts = null)

public Trail(String name, TrailArgs args)
public Trail(String name, TrailArgs args, CustomResourceOptions options)

type: awsx:cloudtrail:Trail
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args TrailArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args TrailArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args TrailArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args TrailArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args TrailArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Trail Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Trail resource accepts the following input properties:

AdvancedEventSelectors List<Pulumi.Aws.CloudTrail.Inputs.TrailAdvancedEventSelector>: Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
CloudWatchLogsGroup Pulumi.Awsx.Awsx.Inputs.OptionalLogGroup: Log group to which CloudTrail logs will be delivered.
EnableLogFileValidation bool: Whether log file integrity validation is enabled. Defaults to false.
EnableLogging bool: Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
EventSelectors List<Pulumi.Aws.CloudTrail.Inputs.TrailEventSelector>: Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
IncludeGlobalServiceEvents bool: Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
InsightSelectors List<Pulumi.Aws.CloudTrail.Inputs.TrailInsightSelector>: Configuration block for identifying unusual operational activity. See details below.
IsMultiRegionTrail bool: Whether the trail is created in the current region or in all regions. Defaults to false.
IsOrganizationTrail bool: Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
KmsKeyId string: KMS key ARN to use to encrypt the logs delivered by CloudTrail.
Name string: Name of the trail.
S3Bucket Pulumi.Awsx.Awsx.Inputs.RequiredBucket: S3 bucket designated for publishing log files.
S3KeyPrefix string: S3 key prefix that follows the name of the bucket you have designated for log file delivery.
SnsTopicName string: Name of the Amazon SNS topic defined for notification of log file delivery.
Tags Dictionary<string, string>: Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

AdvancedEventSelectors TrailAdvancedEventSelectorArgs: Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
CloudWatchLogsGroup OptionalLogGroupArgs: Log group to which CloudTrail logs will be delivered.
EnableLogFileValidation bool: Whether log file integrity validation is enabled. Defaults to false.
EnableLogging bool: Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
EventSelectors TrailEventSelectorArgs: Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
IncludeGlobalServiceEvents bool: Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
InsightSelectors TrailInsightSelectorArgs: Configuration block for identifying unusual operational activity. See details below.
IsMultiRegionTrail bool: Whether the trail is created in the current region or in all regions. Defaults to false.
IsOrganizationTrail bool: Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
KmsKeyId string: KMS key ARN to use to encrypt the logs delivered by CloudTrail.
Name string: Name of the trail.
S3Bucket RequiredBucketArgs: S3 bucket designated for publishing log files.
S3KeyPrefix string: S3 key prefix that follows the name of the bucket you have designated for log file delivery.
SnsTopicName string: Name of the Amazon SNS topic defined for notification of log file delivery.
Tags map[string]string: Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

advancedEventSelectors List<TrailAdvancedEventSelector>: Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
cloudWatchLogsGroup OptionalLogGroup: Log group to which CloudTrail logs will be delivered.
enableLogFileValidation Boolean: Whether log file integrity validation is enabled. Defaults to false.
enableLogging Boolean: Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
eventSelectors List<TrailEventSelector>: Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
includeGlobalServiceEvents Boolean: Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
insightSelectors List<TrailInsightSelector>: Configuration block for identifying unusual operational activity. See details below.
isMultiRegionTrail Boolean: Whether the trail is created in the current region or in all regions. Defaults to false.
isOrganizationTrail Boolean: Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
kmsKeyId String: KMS key ARN to use to encrypt the logs delivered by CloudTrail.
name String: Name of the trail.
s3Bucket RequiredBucket: S3 bucket designated for publishing log files.
s3KeyPrefix String: S3 key prefix that follows the name of the bucket you have designated for log file delivery.
snsTopicName String: Name of the Amazon SNS topic defined for notification of log file delivery.
tags Map<String,String>: Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

advancedEventSelectors pulumiAws.types.input.TrailAdvancedEventSelector[]: Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
cloudWatchLogsGroup awsx.OptionalLogGroup: Log group to which CloudTrail logs will be delivered.
enableLogFileValidation boolean: Whether log file integrity validation is enabled. Defaults to false.
enableLogging boolean: Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
eventSelectors pulumiAws.types.input.TrailEventSelector[]: Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
includeGlobalServiceEvents boolean: Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
insightSelectors pulumiAws.types.input.TrailInsightSelector[]: Configuration block for identifying unusual operational activity. See details below.
isMultiRegionTrail boolean: Whether the trail is created in the current region or in all regions. Defaults to false.
isOrganizationTrail boolean: Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
kmsKeyId string: KMS key ARN to use to encrypt the logs delivered by CloudTrail.
name string: Name of the trail.
s3Bucket awsx.RequiredBucket: S3 bucket designated for publishing log files.
s3KeyPrefix string: S3 key prefix that follows the name of the bucket you have designated for log file delivery.
snsTopicName string: Name of the Amazon SNS topic defined for notification of log file delivery.
tags {[key: string]: string}: Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

advanced_event_selectors Sequence[pulumi_aws.cloudtrail.TrailAdvancedEventSelectorArgs]: Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
cloud_watch_logs_group awsx.OptionalLogGroupArgs: Log group to which CloudTrail logs will be delivered.
enable_log_file_validation bool: Whether log file integrity validation is enabled. Defaults to false.
enable_logging bool: Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
event_selectors Sequence[pulumi_aws.cloudtrail.TrailEventSelectorArgs]: Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
include_global_service_events bool: Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
insight_selectors Sequence[pulumi_aws.cloudtrail.TrailInsightSelectorArgs]: Configuration block for identifying unusual operational activity. See details below.
is_multi_region_trail bool: Whether the trail is created in the current region or in all regions. Defaults to false.
is_organization_trail bool: Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
kms_key_id str: KMS key ARN to use to encrypt the logs delivered by CloudTrail.
name str: Name of the trail.
s3_bucket awsx.RequiredBucketArgs: S3 bucket designated for publishing log files.
s3_key_prefix str: S3 key prefix that follows the name of the bucket you have designated for log file delivery.
sns_topic_name str: Name of the Amazon SNS topic defined for notification of log file delivery.
tags Mapping[str, str]: Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

advancedEventSelectors List<Property Map>: Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
cloudWatchLogsGroup Property Map: Log group to which CloudTrail logs will be delivered.
enableLogFileValidation Boolean: Whether log file integrity validation is enabled. Defaults to false.
enableLogging Boolean: Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
eventSelectors List<Property Map>: Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
includeGlobalServiceEvents Boolean: Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
insightSelectors List<Property Map>: Configuration block for identifying unusual operational activity. See details below.
isMultiRegionTrail Boolean: Whether the trail is created in the current region or in all regions. Defaults to false.
isOrganizationTrail Boolean: Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
kmsKeyId String: KMS key ARN to use to encrypt the logs delivered by CloudTrail.
name String: Name of the trail.
s3Bucket Property Map: S3 bucket designated for publishing log files.
s3KeyPrefix String: S3 key prefix that follows the name of the bucket you have designated for log file delivery.
snsTopicName String: Name of the Amazon SNS topic defined for notification of log file delivery.
tags Map<String>: Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Trail resource produces the following output properties:

AwsTrail Pulumi.Aws.CloudTrail.Trail: The CloudTrail Trail. This type is defined in the AWS Classic package.
Bucket Pulumi.Aws.S3.Bucket: The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
LogGroup Pulumi.Aws.CloudWatch.LogGroup: The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

Trail Trail: The CloudTrail Trail. This type is defined in the AWS Classic package.
Bucket Bucket: The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
LogGroup LogGroup: The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

trail Trail: The CloudTrail Trail. This type is defined in the AWS Classic package.
bucket Bucket: The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
logGroup LogGroup: The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

trail pulumiAws.Trail: The CloudTrail Trail. This type is defined in the AWS Classic package.
bucket pulumiAws.s3.Bucket: The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
logGroup pulumiAws.cloudwatch.LogGroup: The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

trail pulumi_aws.cloudtrail.Trail: The CloudTrail Trail. This type is defined in the AWS Classic package.
bucket pulumi_aws.s3.Bucket: The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
log_group pulumi_aws.cloudwatch.LogGroup: The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

trail aws::Trail: The CloudTrail Trail. This type is defined in the AWS Classic package.
bucket aws:s3:Bucket: The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
logGroup aws:cloudwatch:LogGroup: The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

Supporting Types

Bucket, BucketArgs

AccelerationStatus string

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

Acl string

The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.

Arn string

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

BucketName string

The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.

BucketPrefix string

Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.

CorsRules List<Pulumi.Aws.S3.Inputs.BucketCorsRule>

A rule of Cross-Origin Resource Sharing (documented below).

ForceDestroy bool

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

Grants List<Pulumi.Aws.S3.Inputs.BucketGrant>

An ACL policy grant (documented below). Conflicts with acl.

HostedZoneId string

The Route 53 Hosted Zone ID for this bucket's region.

LifecycleRules List<Pulumi.Aws.S3.Inputs.BucketLifecycleRule>

A configuration of object lifecycle management (documented below).

Loggings List<Pulumi.Aws.S3.Inputs.BucketLogging>

A settings of bucket logging (documented below).

ObjectLockConfiguration Pulumi.Aws.S3.Inputs.BucketObjectLockConfiguration

A configuration of S3 object locking (documented below)

NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

This type is defined in the AWS Classic package.

Policy string

A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.

ReplicationConfiguration Pulumi.Aws.S3.Inputs.BucketReplicationConfiguration

A configuration of replication configuration (documented below).

This type is defined in the AWS Classic package.

RequestPayer string

Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information.

ServerSideEncryptionConfiguration Pulumi.Aws.S3.Inputs.BucketServerSideEncryptionConfiguration

A configuration of server-side encryption configuration (documented below)

This type is defined in the AWS Classic package.

Tags Dictionary<string, string>

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Versioning Pulumi.Aws.S3.Inputs.BucketVersioning

A state of versioning (documented below)

This type is defined in the AWS Classic package.

Website Pulumi.Aws.S3.Inputs.BucketWebsite

A website object (documented below).

This type is defined in the AWS Classic package.

WebsiteDomain string

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

WebsiteEndpoint string

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

AccelerationStatus string

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

Acl string

Arn string

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

Bucket string

BucketPrefix string

CorsRules BucketCorsRule

A rule of Cross-Origin Resource Sharing (documented below).

ForceDestroy bool

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

Grants BucketGrant

An ACL policy grant (documented below). Conflicts with acl.

HostedZoneId string

The Route 53 Hosted Zone ID for this bucket's region.

LifecycleRules BucketLifecycleRule

A configuration of object lifecycle management (documented below).

Loggings BucketLogging

A settings of bucket logging (documented below).

ObjectLockConfiguration BucketObjectLockConfiguration

A configuration of S3 object locking (documented below)

NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

This type is defined in the AWS Classic package.

Policy string

ReplicationConfiguration BucketReplicationConfiguration

A configuration of replication configuration (documented below).

This type is defined in the AWS Classic package.

RequestPayer string

ServerSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

A configuration of server-side encryption configuration (documented below)

This type is defined in the AWS Classic package.

Tags map[string]string

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Versioning BucketVersioning

A state of versioning (documented below)

This type is defined in the AWS Classic package.

Website BucketWebsite

A website object (documented below).

This type is defined in the AWS Classic package.

WebsiteDomain string

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

WebsiteEndpoint string

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

accelerationStatus String

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

acl String

arn String

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket String

bucketPrefix String

corsRules List<BucketCorsRule>

A rule of Cross-Origin Resource Sharing (documented below).

forceDestroy Boolean

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

grants List<BucketGrant>

An ACL policy grant (documented below). Conflicts with acl.

hostedZoneId String

The Route 53 Hosted Zone ID for this bucket's region.

lifecycleRules List<BucketLifecycleRule>

A configuration of object lifecycle management (documented below).

loggings List<BucketLogging>

A settings of bucket logging (documented below).

objectLockConfiguration BucketObjectLockConfiguration

A configuration of S3 object locking (documented below)

NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

This type is defined in the AWS Classic package.

policy String

replicationConfiguration BucketReplicationConfiguration

A configuration of replication configuration (documented below).

This type is defined in the AWS Classic package.

requestPayer String

serverSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

A configuration of server-side encryption configuration (documented below)

This type is defined in the AWS Classic package.

tags Map<String,String>

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

versioning BucketVersioning

A state of versioning (documented below)

This type is defined in the AWS Classic package.

website BucketWebsite

A website object (documented below).

This type is defined in the AWS Classic package.

websiteDomain String

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

websiteEndpoint String

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

accelerationStatus string

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

acl string

arn string

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket string

bucketPrefix string

corsRules pulumiAws.types.input.s3.BucketCorsRule[]

A rule of Cross-Origin Resource Sharing (documented below).

forceDestroy boolean

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

grants pulumiAws.types.input.s3.BucketGrant[]

An ACL policy grant (documented below). Conflicts with acl.

hostedZoneId string

The Route 53 Hosted Zone ID for this bucket's region.

lifecycleRules pulumiAws.types.input.s3.BucketLifecycleRule[]

A configuration of object lifecycle management (documented below).

loggings pulumiAws.types.input.s3.BucketLogging[]

A settings of bucket logging (documented below).

objectLockConfiguration pulumiAws.types.input.s3.BucketObjectLockConfiguration

A configuration of S3 object locking (documented below)

NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

This type is defined in the AWS Classic package.

policy string

replicationConfiguration pulumiAws.types.input.s3.BucketReplicationConfiguration

A configuration of replication configuration (documented below).

This type is defined in the AWS Classic package.

requestPayer string

serverSideEncryptionConfiguration pulumiAws.types.input.s3.BucketServerSideEncryptionConfiguration

A configuration of server-side encryption configuration (documented below)

This type is defined in the AWS Classic package.

tags {[key: string]: string}

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

versioning pulumiAws.types.input.s3.BucketVersioning

A state of versioning (documented below)

This type is defined in the AWS Classic package.

website pulumiAws.types.input.s3.BucketWebsite

A website object (documented below).

This type is defined in the AWS Classic package.

websiteDomain string

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

websiteEndpoint string

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

acceleration_status str

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

acl str

arn str

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket str

bucket_prefix str

cors_rules Sequence[pulumi_aws.s3.BucketCorsRuleArgs]

A rule of Cross-Origin Resource Sharing (documented below).

force_destroy bool

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

grants Sequence[pulumi_aws.s3.BucketGrantArgs]

An ACL policy grant (documented below). Conflicts with acl.

hosted_zone_id str

The Route 53 Hosted Zone ID for this bucket's region.

lifecycle_rules Sequence[pulumi_aws.s3.BucketLifecycleRuleArgs]

A configuration of object lifecycle management (documented below).

loggings Sequence[pulumi_aws.s3.BucketLoggingArgs]

A settings of bucket logging (documented below).

object_lock_configuration pulumi_aws.s3.BucketObjectLockConfigurationArgs

A configuration of S3 object locking (documented below)

NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

This type is defined in the AWS Classic package.

policy str

replication_configuration pulumi_aws.s3.BucketReplicationConfigurationArgs

A configuration of replication configuration (documented below).

This type is defined in the AWS Classic package.

request_payer str

server_side_encryption_configuration pulumi_aws.s3.BucketServerSideEncryptionConfigurationArgs

A configuration of server-side encryption configuration (documented below)

This type is defined in the AWS Classic package.

tags Mapping[str, str]

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

versioning pulumi_aws.s3.BucketVersioningArgs

A state of versioning (documented below)

This type is defined in the AWS Classic package.

website pulumi_aws.s3.BucketWebsiteArgs

A website object (documented below).

This type is defined in the AWS Classic package.

website_domain str

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

website_endpoint str

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

accelerationStatus String

Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.

acl String

arn String

The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.

bucket String

bucketPrefix String

corsRules List<Property Map>

A rule of Cross-Origin Resource Sharing (documented below).

forceDestroy Boolean

A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.

grants List<Property Map>

An ACL policy grant (documented below). Conflicts with acl.

hostedZoneId String

The Route 53 Hosted Zone ID for this bucket's region.

lifecycleRules List<Property Map>

A configuration of object lifecycle management (documented below).

loggings List<Property Map>

A settings of bucket logging (documented below).

objectLockConfiguration Property Map

A configuration of S3 object locking (documented below)

NOTE: You cannot use acceleration_status in cn-north-1 or us-gov-west-1

This type is defined in the AWS Classic package.

policy String

replicationConfiguration Property Map

A configuration of replication configuration (documented below).

This type is defined in the AWS Classic package.

requestPayer String

serverSideEncryptionConfiguration Property Map

A configuration of server-side encryption configuration (documented below)

This type is defined in the AWS Classic package.

tags Map<String>

A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

versioning Property Map

A state of versioning (documented below)

This type is defined in the AWS Classic package.

website Property Map

A website object (documented below).

This type is defined in the AWS Classic package.

websiteDomain String

The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.

websiteEndpoint String

The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.

ExistingBucket, ExistingBucketArgs

Arn string: Arn of the bucket. Only one of [arn] or [name] can be specified.
Name string: Name of the bucket. Only one of [arn] or [name] can be specified.

Arn string: Arn of the bucket. Only one of [arn] or [name] can be specified.
Name string: Name of the bucket. Only one of [arn] or [name] can be specified.

arn String: Arn of the bucket. Only one of [arn] or [name] can be specified.
name String: Name of the bucket. Only one of [arn] or [name] can be specified.

arn string: Arn of the bucket. Only one of [arn] or [name] can be specified.
name string: Name of the bucket. Only one of [arn] or [name] can be specified.

arn str: Arn of the bucket. Only one of [arn] or [name] can be specified.
name str: Name of the bucket. Only one of [arn] or [name] can be specified.

arn String: Arn of the bucket. Only one of [arn] or [name] can be specified.
name String: Name of the bucket. Only one of [arn] or [name] can be specified.

ExistingLogGroup, ExistingLogGroupArgs

Arn string: Arn of the log group. Only one of [arn] or [name] can be specified.
Name string: Name of the log group. Only one of [arn] or [name] can be specified.
Region string: Region of the log group. If not specified, the provider region will be used.

Arn string: Arn of the log group. Only one of [arn] or [name] can be specified.
Name string: Name of the log group. Only one of [arn] or [name] can be specified.
Region string: Region of the log group. If not specified, the provider region will be used.

arn String: Arn of the log group. Only one of [arn] or [name] can be specified.
name String: Name of the log group. Only one of [arn] or [name] can be specified.
region String: Region of the log group. If not specified, the provider region will be used.

arn string: Arn of the log group. Only one of [arn] or [name] can be specified.
name string: Name of the log group. Only one of [arn] or [name] can be specified.
region string: Region of the log group. If not specified, the provider region will be used.

arn str: Arn of the log group. Only one of [arn] or [name] can be specified.
name str: Name of the log group. Only one of [arn] or [name] can be specified.
region str: Region of the log group. If not specified, the provider region will be used.

arn String: Arn of the log group. Only one of [arn] or [name] can be specified.
name String: Name of the log group. Only one of [arn] or [name] can be specified.
region String: Region of the log group. If not specified, the provider region will be used.

LogGroup, LogGroupArgs

KmsKeyId string: The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
LogGroupClass string: Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS.
Name string: The name of the log group. If omitted, this provider will assign a random, unique name.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
RetentionInDays int: Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
SkipDestroy bool: Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
Tags Dictionary<string, string>: A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

KmsKeyId string: The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
LogGroupClass string: Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS.
Name string: The name of the log group. If omitted, this provider will assign a random, unique name.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
RetentionInDays int: Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
SkipDestroy bool: Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
Tags map[string]string: A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

kmsKeyId String: The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
logGroupClass String: Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS.
name String: The name of the log group. If omitted, this provider will assign a random, unique name.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
retentionInDays Integer: Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
skipDestroy Boolean: Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
tags Map<String,String>: A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

kmsKeyId string: The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
logGroupClass string: Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS.
name string: The name of the log group. If omitted, this provider will assign a random, unique name.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
retentionInDays number: Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
skipDestroy boolean: Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
tags {[key: string]: string}: A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

kms_key_id str: The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
log_group_class str: Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS.
name str: The name of the log group. If omitted, this provider will assign a random, unique name.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
retention_in_days int: Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
skip_destroy bool: Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
tags Mapping[str, str]: A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

kmsKeyId String: The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
logGroupClass String: Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS.
name String: The name of the log group. If omitted, this provider will assign a random, unique name.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
retentionInDays Number: Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
skipDestroy Boolean: Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
tags Map<String>: A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

OptionalLogGroup, OptionalLogGroupArgs

Args Pulumi.Awsx.Awsx.Inputs.LogGroup: Arguments to use instead of the default values during creation.
Enable bool: Enable creation of the log group.
Existing Pulumi.Awsx.Awsx.Inputs.ExistingLogGroup: Identity of an existing log group to use. Cannot be used in combination with args or opts.

Args LogGroup: Arguments to use instead of the default values during creation.
Enable bool: Enable creation of the log group.
Existing ExistingLogGroup: Identity of an existing log group to use. Cannot be used in combination with args or opts.

args LogGroup: Arguments to use instead of the default values during creation.
enable Boolean: Enable creation of the log group.
existing ExistingLogGroup: Identity of an existing log group to use. Cannot be used in combination with args or opts.

args awsx.LogGroup: Arguments to use instead of the default values during creation.
enable boolean: Enable creation of the log group.
existing awsx.ExistingLogGroup: Identity of an existing log group to use. Cannot be used in combination with args or opts.

args awsx.LogGroup: Arguments to use instead of the default values during creation.
enable bool: Enable creation of the log group.
existing awsx.ExistingLogGroup: Identity of an existing log group to use. Cannot be used in combination with args or opts.

args Property Map: Arguments to use instead of the default values during creation.
enable Boolean: Enable creation of the log group.
existing Property Map: Identity of an existing log group to use. Cannot be used in combination with args or opts.

RequiredBucket, RequiredBucketArgs

Args Pulumi.Awsx.Awsx.Inputs.Bucket: Arguments to use instead of the default values during creation.
Existing Pulumi.Awsx.Awsx.Inputs.ExistingBucket: Identity of an existing bucket to use. Cannot be used in combination with args.

Args Bucket: Arguments to use instead of the default values during creation.
Existing ExistingBucket: Identity of an existing bucket to use. Cannot be used in combination with args.

args Bucket: Arguments to use instead of the default values during creation.
existing ExistingBucket: Identity of an existing bucket to use. Cannot be used in combination with args.

args awsx.Bucket: Arguments to use instead of the default values during creation.
existing awsx.ExistingBucket: Identity of an existing bucket to use. Cannot be used in combination with args.

args awsx.Bucket: Arguments to use instead of the default values during creation.
existing awsx.ExistingBucket: Identity of an existing bucket to use. Cannot be used in combination with args.

args Property Map: Arguments to use instead of the default values during creation.
existing Property Map: Identity of an existing bucket to use. Cannot be used in combination with args.

Package Details

Repository: AWSx (Pulumi Crosswalk for AWS) pulumi/pulumi-awsx
License: Apache-2.0

AWSx (Pulumi Crosswalk for AWS) v2.12.3 published on Saturday, Jun 22, 2024 by Pulumi

pulumi/pulumi-awsx

awsx.cloudtrail.Trail

On this page

On this page

Create Trail Resource

Constructor syntax

Parameters

Trail Resource Properties

Inputs

Outputs

Supporting Types

Bucket, BucketArgs

ExistingBucket, ExistingBucketArgs

ExistingLogGroup, ExistingLogGroupArgs

LogGroup, LogGroupArgs

OptionalLogGroup, OptionalLogGroupArgs

RequiredBucket, RequiredBucketArgs

Package Details

On this page

On this page