Class CfnTrail
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.cloudtrail.CfnTrail
- All Implemented Interfaces:
IInspectable,ITrailRef,IEnvironmentAware,ITaggable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.120.0 (build 192dc88)",
date="2025-12-05T22:26:32.325Z")
@Stability(Stable)
public class CfnTrail
extends CfnResource
implements IInspectable, ITrailRef, ITaggable
Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.cloudtrail.*;
CfnTrail cfnTrail = CfnTrail.Builder.create(this, "MyCfnTrail")
.isLogging(false)
.s3BucketName("s3BucketName")
// the properties below are optional
.advancedEventSelectors(List.of(AdvancedEventSelectorProperty.builder()
.fieldSelectors(List.of(AdvancedFieldSelectorProperty.builder()
.field("field")
// the properties below are optional
.endsWith(List.of("endsWith"))
.equalTo(List.of("equalTo"))
.notEndsWith(List.of("notEndsWith"))
.notEquals(List.of("notEquals"))
.notStartsWith(List.of("notStartsWith"))
.startsWith(List.of("startsWith"))
.build()))
// the properties below are optional
.name("name")
.build()))
.aggregationConfigurations(List.of(AggregationConfigurationProperty.builder()
.eventCategory("eventCategory")
.templates(List.of("templates"))
.build()))
.cloudWatchLogsLogGroupArn("cloudWatchLogsLogGroupArn")
.cloudWatchLogsRoleArn("cloudWatchLogsRoleArn")
.enableLogFileValidation(false)
.eventSelectors(List.of(EventSelectorProperty.builder()
.dataResources(List.of(DataResourceProperty.builder()
.type("type")
// the properties below are optional
.values(List.of("values"))
.build()))
.excludeManagementEventSources(List.of("excludeManagementEventSources"))
.includeManagementEvents(false)
.readWriteType("readWriteType")
.build()))
.includeGlobalServiceEvents(false)
.insightSelectors(List.of(InsightSelectorProperty.builder()
.eventCategories(List.of("eventCategories"))
.insightType("insightType")
.build()))
.isMultiRegionTrail(false)
.isOrganizationTrail(false)
.kmsKeyId("kmsKeyId")
.s3KeyPrefix("s3KeyPrefix")
.snsTopicName("snsTopicName")
.tags(List.of(CfnTag.builder()
.key("key")
.value("value")
.build()))
.trailName("trailName")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceAdvanced event selectors let you create fine-grained selectors for AWS CloudTrail management, data, and network activity events.static interfaceA single selector statement in an advanced event selector.static interfaceAn object that contains configuration settings for aggregating events.static final classA fluent builder forCfnTrail.static interfaceYou can configure theDataResourcein anEventSelectorto log data events for the following three resource types:.static interfaceUse event selectors to further specify the management and data event settings for your trail.static interfaceA JSON string that contains a list of Insights types that are logged on a trail.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable
ITaggable.Jsii$Default, ITaggable.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.interfaces.cloudtrail.ITrailRef
ITrailRef.Jsii$Default, ITrailRef.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedCfnTrail(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnTrail(software.amazon.jsii.JsiiObjectRef objRef) CfnTrail(software.constructs.Construct scope, String id, CfnTrailProps props) Create a newAWS::CloudTrail::Trail. -
Method Summary
Modifier and TypeMethodDescriptionstatic StringarnForTrail(ITrailRef resource) static ITrailReffromTrailArn(software.constructs.Construct scope, String id, String arn) Creates a new ITrailRef from an ARN.static ITrailReffromTrailName(software.constructs.Construct scope, String id, String trailName) Creates a new ITrailRef from a trailName.Specifies the settings for advanced event selectors.Specifies the aggregation configuration to aggregate CloudTrail Events.Refreturns the ARN of the CloudTrail trail, such asarn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail.Refreturns the ARN of the Amazon topic that's associated with the CloudTrail trail, such asarn:aws:sns:us-east-2:123456789012:mySNSTopic.Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered.Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.Specifies whether log file validation is enabled.Use event selectors to further specify the management and data event settings for your trail.Specifies whether the trail is publishing events from global services such as IAM to the log files.A JSON string that contains the Insights types you want to log on a trail.Whether the CloudTrail trail is currently logging AWS API calls.Specifies whether the trail applies only to the current Region or to all Regions.Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .Specifies the AWS key ID to use to encrypt the logs and digest files delivered by CloudTrail.Specifies the name of the Amazon S3 bucket designated for publishing log files.Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery.getTags()Tag Manager which manages the tags for this resource.A custom set of tags (key-value pairs) for this trail.Specifies the name of the trail.A reference to a Trail resource.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.static BooleanisCfnTrail(Object x) Checks whether the given object is a CfnTrail.renderProperties(Map<String, Object> props) voidsetAdvancedEventSelectors(List<Object> value) Specifies the settings for advanced event selectors.voidSpecifies the settings for advanced event selectors.voidsetAggregationConfigurations(List<Object> value) Specifies the aggregation configuration to aggregate CloudTrail Events.voidSpecifies the aggregation configuration to aggregate CloudTrail Events.voidSpecifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered.voidsetCloudWatchLogsRoleArn(String value) Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.voidSpecifies whether log file validation is enabled.voidSpecifies whether log file validation is enabled.voidsetEventSelectors(List<Object> value) Use event selectors to further specify the management and data event settings for your trail.voidsetEventSelectors(IResolvable value) Use event selectors to further specify the management and data event settings for your trail.voidSpecifies whether the trail is publishing events from global services such as IAM to the log files.voidSpecifies whether the trail is publishing events from global services such as IAM to the log files.voidsetInsightSelectors(List<Object> value) A JSON string that contains the Insights types you want to log on a trail.voidsetInsightSelectors(IResolvable value) A JSON string that contains the Insights types you want to log on a trail.voidsetIsLogging(Boolean value) Whether the CloudTrail trail is currently logging AWS API calls.voidsetIsLogging(IResolvable value) Whether the CloudTrail trail is currently logging AWS API calls.voidsetIsMultiRegionTrail(Boolean value) Specifies whether the trail applies only to the current Region or to all Regions.voidsetIsMultiRegionTrail(IResolvable value) Specifies whether the trail applies only to the current Region or to all Regions.voidsetIsOrganizationTrail(Boolean value) Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .voidSpecifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .voidsetKmsKeyId(String value) Specifies the AWS key ID to use to encrypt the logs and digest files delivered by CloudTrail.voidsetS3BucketName(String value) Specifies the name of the Amazon S3 bucket designated for publishing log files.voidsetS3KeyPrefix(String value) Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.voidsetSnsTopicName(String value) Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery.voidsetTagsRaw(List<CfnTag> value) A custom set of tags (key-value pairs) for this trail.voidsetTrailName(String value) Specifies the name of the trail.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getEnv, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.constructs.Construct
getNode, isConstructMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.constructs.IConstruct
getNodeMethods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware
getEnvMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnTrail
protected CfnTrail(software.amazon.jsii.JsiiObjectRef objRef) -
CfnTrail
protected CfnTrail(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnTrail
@Stability(Stable) public CfnTrail(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnTrailProps props) Create a newAWS::CloudTrail::Trail.- Parameters:
scope- Scope in which this resource is defined. This parameter is required.id- Construct identifier for this resource (unique in its scope). This parameter is required.props- Resource properties. This parameter is required.
-
-
Method Details
-
arnForTrail
- Parameters:
resource- This parameter is required.
-
fromTrailArn
@Stability(Stable) @NotNull public static ITrailRef fromTrailArn(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String arn) Creates a new ITrailRef from an ARN.- Parameters:
scope- This parameter is required.id- This parameter is required.arn- This parameter is required.
-
fromTrailName
@Stability(Stable) @NotNull public static ITrailRef fromTrailName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String trailName) Creates a new ITrailRef from a trailName.- Parameters:
scope- This parameter is required.id- This parameter is required.trailName- This parameter is required.
-
isCfnTrail
Checks whether the given object is a CfnTrail.- Parameters:
x- This parameter is required.
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrArn
Refreturns the ARN of the CloudTrail trail, such asarn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail. -
getAttrSnsTopicArn
Refreturns the ARN of the Amazon topic that's associated with the CloudTrail trail, such asarn:aws:sns:us-east-2:123456789012:mySNSTopic. -
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getTags
Tag Manager which manages the tags for this resource. -
getTrailRef
A reference to a Trail resource.- Specified by:
getTrailRefin interfaceITrailRef
-
getIsLogging
Whether the CloudTrail trail is currently logging AWS API calls.Returns union: either
BooleanorIResolvable -
setIsLogging
Whether the CloudTrail trail is currently logging AWS API calls. -
setIsLogging
Whether the CloudTrail trail is currently logging AWS API calls. -
getS3BucketName
Specifies the name of the Amazon S3 bucket designated for publishing log files. -
setS3BucketName
Specifies the name of the Amazon S3 bucket designated for publishing log files. -
getAdvancedEventSelectors
Specifies the settings for advanced event selectors.Returns union: either
IResolvableor Listinvalid input: '<'eitherIResolvableorCfnTrail.AdvancedEventSelectorProperty> -
setAdvancedEventSelectors
Specifies the settings for advanced event selectors. -
setAdvancedEventSelectors
Specifies the settings for advanced event selectors. -
getAggregationConfigurations
Specifies the aggregation configuration to aggregate CloudTrail Events.Returns union: either
IResolvableor Listinvalid input: '<'eitherIResolvableorCfnTrail.AggregationConfigurationProperty> -
setAggregationConfigurations
Specifies the aggregation configuration to aggregate CloudTrail Events. -
setAggregationConfigurations
Specifies the aggregation configuration to aggregate CloudTrail Events. -
getCloudWatchLogsLogGroupArn
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered. -
setCloudWatchLogsLogGroupArn
Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered. -
getCloudWatchLogsRoleArn
Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. -
setCloudWatchLogsRoleArn
Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. -
getEnableLogFileValidation
Specifies whether log file validation is enabled.The default is false.
Returns union: either
BooleanorIResolvable -
setEnableLogFileValidation
Specifies whether log file validation is enabled.The default is false.
-
setEnableLogFileValidation
Specifies whether log file validation is enabled.The default is false.
-
getEventSelectors
Use event selectors to further specify the management and data event settings for your trail.Returns union: either
IResolvableor Listinvalid input: '<'eitherIResolvableorCfnTrail.EventSelectorProperty> -
setEventSelectors
Use event selectors to further specify the management and data event settings for your trail. -
setEventSelectors
Use event selectors to further specify the management and data event settings for your trail. -
getIncludeGlobalServiceEvents
Specifies whether the trail is publishing events from global services such as IAM to the log files.Returns union: either
BooleanorIResolvable -
setIncludeGlobalServiceEvents
Specifies whether the trail is publishing events from global services such as IAM to the log files. -
setIncludeGlobalServiceEvents
Specifies whether the trail is publishing events from global services such as IAM to the log files. -
getInsightSelectors
A JSON string that contains the Insights types you want to log on a trail.Returns union: either
IResolvableor Listinvalid input: '<'eitherIResolvableorCfnTrail.InsightSelectorProperty> -
setInsightSelectors
A JSON string that contains the Insights types you want to log on a trail. -
setInsightSelectors
A JSON string that contains the Insights types you want to log on a trail. -
getIsMultiRegionTrail
Specifies whether the trail applies only to the current Region or to all Regions.Returns union: either
BooleanorIResolvable -
setIsMultiRegionTrail
Specifies whether the trail applies only to the current Region or to all Regions. -
setIsMultiRegionTrail
Specifies whether the trail applies only to the current Region or to all Regions. -
getIsOrganizationTrail
Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .Returns union: either
BooleanorIResolvable -
setIsOrganizationTrail
Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account . -
setIsOrganizationTrail
Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account . -
getKmsKeyId
Specifies the AWS key ID to use to encrypt the logs and digest files delivered by CloudTrail. -
setKmsKeyId
Specifies the AWS key ID to use to encrypt the logs and digest files delivered by CloudTrail. -
getS3KeyPrefix
Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. -
setS3KeyPrefix
Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. -
getSnsTopicName
Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. -
setSnsTopicName
Specifies the name or ARN of the Amazon SNS topic defined for notification of log file delivery. -
getTagsRaw
A custom set of tags (key-value pairs) for this trail. -
setTagsRaw
A custom set of tags (key-value pairs) for this trail. -
getTrailName
Specifies the name of the trail.The name must meet the following requirements:.
-
setTrailName
Specifies the name of the trail.The name must meet the following requirements:.
-