Class CfnEventDataStorePropsMixin.AdvancedFieldSelectorProperty
A single selector statement in an advanced event selector.
Inherited Members
Namespace: Amazon.CDK.Mixins.Preview.AWS.CloudTrail.Mixins
Assembly: Amazon.CDK.Mixins.Preview.dll
Syntax (csharp)
public class CfnEventDataStorePropsMixin.AdvancedFieldSelectorProperty : CfnEventDataStorePropsMixin.IAdvancedFieldSelectorPropertySyntax (vb)
Public Class CfnEventDataStorePropsMixin.AdvancedFieldSelectorProperty Implements CfnEventDataStorePropsMixin.IAdvancedFieldSelectorPropertyRemarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.Mixins.Preview.AWS.CloudTrail.Mixins;
var advancedFieldSelectorProperty = new AdvancedFieldSelectorProperty {
EndsWith = new [] { "endsWith" },
EqualTo = new [] { "equalTo" },
Field = "field",
NotEndsWith = new [] { "notEndsWith" },
NotEquals = new [] { "notEquals" },
NotStartsWith = new [] { "notStartsWith" },
StartsWith = new [] { "startsWith" }
};Synopsis
Constructors
| AdvancedFieldSelectorProperty() | A single selector statement in an advanced event selector. |
Properties
| EndsWith | An operator that includes events that match the last few characters of the event record field specified as the value of |
| EqualTo | An operator that includes events that match the exact value of the event record field specified as the value of |
| Field | A field in a CloudTrail event record on which to filter events to be logged. |
| NotEndsWith | An operator that excludes events that match the last few characters of the event record field specified as the value of |
| NotEquals | An operator that excludes events that match the exact value of the event record field specified as the value of |
| NotStartsWith | An operator that excludes events that match the first few characters of the event record field specified as the value of |
| StartsWith | An operator that includes events that match the first few characters of the event record field specified as the value of |
Constructors
AdvancedFieldSelectorProperty()
A single selector statement in an advanced event selector.
public AdvancedFieldSelectorProperty()Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.Mixins.Preview.AWS.CloudTrail.Mixins;
var advancedFieldSelectorProperty = new AdvancedFieldSelectorProperty {
EndsWith = new [] { "endsWith" },
EqualTo = new [] { "equalTo" },
Field = "field",
NotEndsWith = new [] { "notEndsWith" },
NotEquals = new [] { "notEquals" },
NotStartsWith = new [] { "notStartsWith" },
StartsWith = new [] { "startsWith" }
};Properties
EndsWith
An operator that includes events that match the last few characters of the event record field specified as the value of Field .
public string[]? EndsWith { get; set; }Property Value
string[]
Remarks
EqualTo
An operator that includes events that match the exact value of the event record field specified as the value of Field .
public string[]? EqualTo { get; set; }Property Value
string[]
Remarks
This is the only valid operator that you can use with the readOnly , eventCategory , and resources.type fields.
Field
A field in a CloudTrail event record on which to filter events to be logged.
public string? Field { get; set; }Property Value
Remarks
For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the field is used only for selecting events as filtering is not supported.
For CloudTrail management events, supported fields include eventCategory (required), eventSource , and readOnly . The following additional fields are available for event data stores: eventName , eventType , sessionCredentialFromConsole , and userIdentity.arn .
For CloudTrail data events, supported fields include eventCategory (required), eventName , eventSource , eventType , resources.type (required), readOnly , resources.ARN , sessionCredentialFromConsole , and userIdentity.arn .
For CloudTrail network activity events, supported fields include eventCategory (required), eventSource (required), eventName , errorCode , and vpcEndpointId .
For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is eventCategory .
Selectors don't support the use of wildcards like <code>*</code> . To match multiple values with a single condition, you may use <code>StartsWith</code> , <code>EndsWith</code> , <code>NotStartsWith</code> , or <code>NotEndsWith</code> to explicitly match the beginning or end of the event field.
For management events for trails, this is an optional field that can be set to NotEquals kms.amazonaws.com to exclude KMS management events, or NotEquals rdsdata.amazonaws.com to exclude RDS management events.
For data events for trails, this is an optional field that you can use to include or exclude any event source and can use any operator.
For management and data events for event data stores, this is an optional field that you can use to include or exclude any event source and can use any operator.
For network activity events, this is a required field that only uses the Equals operator. Set this field to the event source for which you want to log network activity events. If you want to log network activity events for multiple event sources, you must create a separate field selector for each event source. For a list of services supporting network activity events, see Logging network activity events in the AWS CloudTrail User Guide .
The following are used only for event data stores:
For a list of available resource types for data events, see Data events in the AWS CloudTrail User Guide .
You can have only one resources.type field per selector. To log events on more than one resource type, add another selector.
For more information about the ARN formats of data event resources, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference .
You can't use the <code>resources.ARN</code> field to filter resource types that do not have ARNs.
NotEndsWith
An operator that excludes events that match the last few characters of the event record field specified as the value of Field .
public string[]? NotEndsWith { get; set; }Property Value
string[]
Remarks
NotEquals
An operator that excludes events that match the exact value of the event record field specified as the value of Field .
public string[]? NotEquals { get; set; }Property Value
string[]
Remarks
NotStartsWith
An operator that excludes events that match the first few characters of the event record field specified as the value of Field .
public string[]? NotStartsWith { get; set; }Property Value
string[]
Remarks
StartsWith
An operator that includes events that match the first few characters of the event record field specified as the value of Field .
public string[]? StartsWith { get; set; }Property Value
string[]