Class CfnEventDataStoreProps
Properties for defining a CfnEventDataStore.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.CloudTrail
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnEventDataStoreProps : ICfnEventDataStorePropsSyntax (vb)
Public Class CfnEventDataStoreProps Implements ICfnEventDataStorePropsRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CloudTrail;
var cfnEventDataStoreProps = new CfnEventDataStoreProps {
AdvancedEventSelectors = new [] { new AdvancedEventSelectorProperty {
FieldSelectors = new [] { new AdvancedFieldSelectorProperty {
Field = "field",
// the properties below are optional
EndsWith = new [] { "endsWith" },
EqualTo = new [] { "equalTo" },
NotEndsWith = new [] { "notEndsWith" },
NotEquals = new [] { "notEquals" },
NotStartsWith = new [] { "notStartsWith" },
StartsWith = new [] { "startsWith" }
} },
// the properties below are optional
Name = "name"
} },
BillingMode = "billingMode",
ContextKeySelectors = new [] { new ContextKeySelectorProperty {
EqualTo = new [] { "equalTo" },
Type = "type"
} },
FederationEnabled = false,
FederationRoleArn = "federationRoleArn",
IngestionEnabled = false,
InsightsDestination = "insightsDestination",
InsightSelectors = new [] { new InsightSelectorProperty {
InsightType = "insightType"
} },
KmsKeyId = "kmsKeyId",
MaxEventSize = "maxEventSize",
MultiRegionEnabled = false,
Name = "name",
OrganizationEnabled = false,
RetentionPeriod = 123,
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} },
TerminationProtectionEnabled = false
};Synopsis
Constructors
| CfnEventDataStoreProps() | Properties for defining a |
Properties
| AdvancedEventSelectors | The advanced event selectors to use to select the events for the data store. |
| BillingMode | The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store. |
| ContextKeySelectors | The list of context key selectors that are configured for the event data store. |
| FederationEnabled | Indicates if Lake query federation is enabled. By default, Lake query federation is disabled. You cannot delete an event data store if Lake query federation is enabled. |
| FederationRoleArn | If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store. |
| IngestionEnabled | Specifies whether the event data store should start ingesting live events. |
| InsightSelectors | A JSON string that contains the Insights types you want to log on an event data store. |
| InsightsDestination | The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events. |
| KmsKeyId | Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. |
| MaxEventSize | The maximum allowed size for events to be stored in the specified event data store. |
| MultiRegionEnabled | Specifies whether the event data store includes events from all Regions, or only from the Region in which the event data store is created. |
| Name | The name of the event data store. |
| OrganizationEnabled | Specifies whether an event data store collects events logged for an organization in AWS Organizations . |
| RetentionPeriod | The retention period of the event data store, in days. |
| Tags | A list of tags. |
| TerminationProtectionEnabled | Specifies whether termination protection is enabled for the event data store. |
Constructors
CfnEventDataStoreProps()
Properties for defining a CfnEventDataStore.
public CfnEventDataStoreProps()Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.CloudTrail;
var cfnEventDataStoreProps = new CfnEventDataStoreProps {
AdvancedEventSelectors = new [] { new AdvancedEventSelectorProperty {
FieldSelectors = new [] { new AdvancedFieldSelectorProperty {
Field = "field",
// the properties below are optional
EndsWith = new [] { "endsWith" },
EqualTo = new [] { "equalTo" },
NotEndsWith = new [] { "notEndsWith" },
NotEquals = new [] { "notEquals" },
NotStartsWith = new [] { "notStartsWith" },
StartsWith = new [] { "startsWith" }
} },
// the properties below are optional
Name = "name"
} },
BillingMode = "billingMode",
ContextKeySelectors = new [] { new ContextKeySelectorProperty {
EqualTo = new [] { "equalTo" },
Type = "type"
} },
FederationEnabled = false,
FederationRoleArn = "federationRoleArn",
IngestionEnabled = false,
InsightsDestination = "insightsDestination",
InsightSelectors = new [] { new InsightSelectorProperty {
InsightType = "insightType"
} },
KmsKeyId = "kmsKeyId",
MaxEventSize = "maxEventSize",
MultiRegionEnabled = false,
Name = "name",
OrganizationEnabled = false,
RetentionPeriod = 123,
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} },
TerminationProtectionEnabled = false
};Properties
AdvancedEventSelectors
The advanced event selectors to use to select the events for the data store.
public object? AdvancedEventSelectors { get; set; }Property Value
Remarks
You can configure up to five advanced event selectors for each event data store.
For more information about how to use advanced event selectors to log CloudTrail events, see Log events by using advanced event selectors in the CloudTrail User Guide.
For more information about how to use advanced event selectors to include AWS Config configuration items in your event data store, see Create an event data store for AWS Config configuration items in the CloudTrail User Guide.
For more information about how to use advanced event selectors to include events outside of AWS events in your event data store, see Create an integration to log events from outside AWS in the CloudTrail User Guide.
BillingMode
The billing mode for the event data store determines the cost for ingesting events and the default and maximum retention period for the event data store.
public string? BillingMode { get; set; }Property Value
Remarks
The following are the possible values:
The default value is EXTENDABLE_RETENTION_PRICING .
For more information about CloudTrail pricing, see AWS CloudTrail Pricing and Managing CloudTrail Lake costs .
ContextKeySelectors
The list of context key selectors that are configured for the event data store.
public object? ContextKeySelectors { get; set; }Property Value
Remarks
FederationEnabled
Indicates if Lake query federation is enabled. By default, Lake query federation is disabled. You cannot delete an event data store if Lake query federation is enabled.
public object? FederationEnabled { get; set; }Property Value
Remarks
FederationRoleArn
If Lake query federation is enabled, provides the ARN of the federation role used to access the resources for the federated event data store.
public string? FederationRoleArn { get; set; }Property Value
Remarks
The federation role must exist in your account and provide the required minimum permissions .
IngestionEnabled
Specifies whether the event data store should start ingesting live events.
public object? IngestionEnabled { get; set; }Property Value
Remarks
InsightSelectors
A JSON string that contains the Insights types you want to log on an event data store.
public object? InsightSelectors { get; set; }Property Value
Remarks
ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
InsightsDestination
The ARN (or ID suffix of the ARN) of the destination event data store that logs Insights events.
public string? InsightsDestination { get; set; }Property Value
Remarks
KmsKeyId
Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail.
public string? KmsKeyId { get; set; }Property Value
Remarks
The value can be an alias name prefixed by alias/ , a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
Disabling or deleting the KMS key, or removing CloudTrail permissions on the key, prevents CloudTrail from logging events to the event data store, and prevents users from querying the data in the event data store that was encrypted with the key. After you associate an event data store with a KMS key, the KMS key cannot be removed or changed. Before you disable or delete a KMS key that you are using with an event data store, delete or back up your event data store.
CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the AWS Key Management Service Developer Guide .
Examples:
MaxEventSize
The maximum allowed size for events to be stored in the specified event data store.
public string? MaxEventSize { get; set; }Property Value
Remarks
If you are using context key selectors, MaxEventSize must be set to Large.
MultiRegionEnabled
Specifies whether the event data store includes events from all Regions, or only from the Region in which the event data store is created.
public object? MultiRegionEnabled { get; set; }Property Value
Remarks
Name
The name of the event data store.
public string? Name { get; set; }Property Value
Remarks
OrganizationEnabled
Specifies whether an event data store collects events logged for an organization in AWS Organizations .
public object? OrganizationEnabled { get; set; }Property Value
Remarks
RetentionPeriod
The retention period of the event data store, in days.
public double? RetentionPeriod { get; set; }Property Value
Remarks
If BillingMode is set to EXTENDABLE_RETENTION_PRICING , you can set a retention period of up to 3653 days, the equivalent of 10 years. If BillingMode is set to FIXED_RETENTION_PRICING , you can set a retention period of up to 2557 days, the equivalent of seven years.
CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you plan to copy trail events to this event data store, we recommend that you consider both the age of the events that you want to copy as well as how long you want to keep the copied events in your event data store. For example, if you copy trail events that are 5 years old and specify a retention period of 7 years, the event data store will retain those events for two years.
Tags
TerminationProtectionEnabled
Specifies whether termination protection is enabled for the event data store.
public object? TerminationProtectionEnabled { get; set; }Property Value
Remarks
If termination protection is enabled, you cannot delete the event data store until termination protection is disabled.