aws.cloudtrail.EventDataStore
Explore with Pulumi AI
Provides a CloudTrail Event Data Store.
More information about event data stores can be found in the Event Data Store User Guide.
Tip: For an organization event data store you must create this resource in the management account.
Example Usage
Basic
The most simple event data store configuration requires us to only set the name attribute. The event data store will automatically capture all management events. To capture management events from all the regions, multi_region_enabled must be true.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cloudtrail.EventDataStore("example", {name: "example-event-data-store"});
import pulumi
import pulumi_aws as aws
example = aws.cloudtrail.EventDataStore("example", name="example-event-data-store")
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudtrail.NewEventDataStore(ctx, "example", &cloudtrail.EventDataStoreArgs{
			Name: pulumi.String("example-event-data-store"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() => 
{
    var example = new Aws.CloudTrail.EventDataStore("example", new()
    {
        Name = "example-event-data-store",
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudtrail.EventDataStore;
import com.pulumi.aws.cloudtrail.EventDataStoreArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new EventDataStore("example", EventDataStoreArgs.builder()
            .name("example-event-data-store")
            .build());
    }
}
resources:
  example:
    type: aws:cloudtrail:EventDataStore
    properties:
      name: example-event-data-store
Data Event Logging
CloudTrail can log Data Events for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:
Log all DynamoDB PutEvent actions for a specific DynamoDB table
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const table = aws.dynamodb.getTable({
    name: "not-important-dynamodb-table",
});
const example = new aws.cloudtrail.EventDataStore("example", {advancedEventSelectors: [{
    name: "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
    fieldSelectors: [
        {
            field: "eventCategory",
            equals: ["Data"],
        },
        {
            field: "resources.type",
            equals: ["AWS::DynamoDB::Table"],
        },
        {
            field: "eventName",
            equals: ["PutItem"],
        },
        {
            field: "resources.ARN",
            equals: [table.then(table => table.arn)],
        },
    ],
}]});
import pulumi
import pulumi_aws as aws
table = aws.dynamodb.get_table(name="not-important-dynamodb-table")
example = aws.cloudtrail.EventDataStore("example", advanced_event_selectors=[{
    "name": "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
    "field_selectors": [
        {
            "field": "eventCategory",
            "equals": ["Data"],
        },
        {
            "field": "resources.type",
            "equals": ["AWS::DynamoDB::Table"],
        },
        {
            "field": "eventName",
            "equals": ["PutItem"],
        },
        {
            "field": "resources.ARN",
            "equals": [table.arn],
        },
    ],
}])
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		table, err := dynamodb.LookupTable(ctx, &dynamodb.LookupTableArgs{
			Name: "not-important-dynamodb-table",
		}, nil)
		if err != nil {
			return err
		}
		_, err = cloudtrail.NewEventDataStore(ctx, "example", &cloudtrail.EventDataStoreArgs{
			AdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{
				&cloudtrail.EventDataStoreAdvancedEventSelectorArgs{
					Name: pulumi.String("Log all DynamoDB PutEvent actions for a specific DynamoDB table"),
					FieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("eventCategory"),
							Equals: pulumi.StringArray{
								pulumi.String("Data"),
							},
						},
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("resources.type"),
							Equals: pulumi.StringArray{
								pulumi.String("AWS::DynamoDB::Table"),
							},
						},
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("eventName"),
							Equals: pulumi.StringArray{
								pulumi.String("PutItem"),
							},
						},
						&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
							Field: pulumi.String("resources.ARN"),
							Equals: pulumi.StringArray{
								pulumi.String(table.Arn),
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() => 
{
    var table = Aws.DynamoDB.GetTable.Invoke(new()
    {
        Name = "not-important-dynamodb-table",
    });
    var example = new Aws.CloudTrail.EventDataStore("example", new()
    {
        AdvancedEventSelectors = new[]
        {
            new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs
            {
                Name = "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
                FieldSelectors = new[]
                {
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "eventCategory",
                        Equals = new[]
                        {
                            "Data",
                        },
                    },
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "resources.type",
                        Equals = new[]
                        {
                            "AWS::DynamoDB::Table",
                        },
                    },
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "eventName",
                        Equals = new[]
                        {
                            "PutItem",
                        },
                    },
                    new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "resources.ARN",
                        Equals = new[]
                        {
                            table.Apply(getTableResult => getTableResult.Arn),
                        },
                    },
                },
            },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.dynamodb.DynamodbFunctions;
import com.pulumi.aws.dynamodb.inputs.GetTableArgs;
import com.pulumi.aws.cloudtrail.EventDataStore;
import com.pulumi.aws.cloudtrail.EventDataStoreArgs;
import com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var table = DynamodbFunctions.getTable(GetTableArgs.builder()
            .name("not-important-dynamodb-table")
            .build());
        var example = new EventDataStore("example", EventDataStoreArgs.builder()
            .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()
                .name("Log all DynamoDB PutEvent actions for a specific DynamoDB table")
                .fieldSelectors(                
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("eventCategory")
                        .equals("Data")
                        .build(),
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("resources.type")
                        .equals("AWS::DynamoDB::Table")
                        .build(),
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("eventName")
                        .equals("PutItem")
                        .build(),
                    EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
                        .field("resources.ARN")
                        .equals(table.arn())
                        .build())
                .build())
            .build());
    }
}
resources:
  example:
    type: aws:cloudtrail:EventDataStore
    properties:
      advancedEventSelectors:
        - name: Log all DynamoDB PutEvent actions for a specific DynamoDB table
          fieldSelectors:
            - field: eventCategory
              equals:
                - Data
            - field: resources.type
              equals:
                - AWS::DynamoDB::Table
            - field: eventName
              equals:
                - PutItem
            - field: resources.ARN
              equals:
                - ${table.arn}
variables:
  table:
    fn::invoke:
      function: aws:dynamodb:getTable
      arguments:
        name: not-important-dynamodb-table
Create EventDataStore Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EventDataStore(name: string, args?: EventDataStoreArgs, opts?: CustomResourceOptions);@overload
def EventDataStore(resource_name: str,
                   args: Optional[EventDataStoreArgs] = None,
                   opts: Optional[ResourceOptions] = None)
@overload
def EventDataStore(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   advanced_event_selectors: Optional[Sequence[EventDataStoreAdvancedEventSelectorArgs]] = None,
                   billing_mode: Optional[str] = None,
                   kms_key_id: Optional[str] = None,
                   multi_region_enabled: Optional[bool] = None,
                   name: Optional[str] = None,
                   organization_enabled: Optional[bool] = None,
                   retention_period: Optional[int] = None,
                   suspend: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   termination_protection_enabled: Optional[bool] = None)func NewEventDataStore(ctx *Context, name string, args *EventDataStoreArgs, opts ...ResourceOption) (*EventDataStore, error)public EventDataStore(string name, EventDataStoreArgs? args = null, CustomResourceOptions? opts = null)
public EventDataStore(String name, EventDataStoreArgs args)
public EventDataStore(String name, EventDataStoreArgs args, CustomResourceOptions options)
type: aws:cloudtrail:EventDataStore
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var eventDataStoreResource = new Aws.CloudTrail.EventDataStore("eventDataStoreResource", new()
{
    AdvancedEventSelectors = new[]
    {
        new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs
        {
            FieldSelectors = new[]
            {
                new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
                {
                    EndsWiths = new[]
                    {
                        "string",
                    },
                    Equals = new[]
                    {
                        "string",
                    },
                    Field = "string",
                    NotEndsWiths = new[]
                    {
                        "string",
                    },
                    NotEquals = new[]
                    {
                        "string",
                    },
                    NotStartsWiths = new[]
                    {
                        "string",
                    },
                    StartsWiths = new[]
                    {
                        "string",
                    },
                },
            },
            Name = "string",
        },
    },
    BillingMode = "string",
    KmsKeyId = "string",
    MultiRegionEnabled = false,
    Name = "string",
    OrganizationEnabled = false,
    RetentionPeriod = 0,
    Suspend = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TerminationProtectionEnabled = false,
});
example, err := cloudtrail.NewEventDataStore(ctx, "eventDataStoreResource", &cloudtrail.EventDataStoreArgs{
	AdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{
		&cloudtrail.EventDataStoreAdvancedEventSelectorArgs{
			FieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{
				&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
					EndsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
					Equals: pulumi.StringArray{
						pulumi.String("string"),
					},
					Field: pulumi.String("string"),
					NotEndsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
					NotEquals: pulumi.StringArray{
						pulumi.String("string"),
					},
					NotStartsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
					StartsWiths: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Name: pulumi.String("string"),
		},
	},
	BillingMode:         pulumi.String("string"),
	KmsKeyId:            pulumi.String("string"),
	MultiRegionEnabled:  pulumi.Bool(false),
	Name:                pulumi.String("string"),
	OrganizationEnabled: pulumi.Bool(false),
	RetentionPeriod:     pulumi.Int(0),
	Suspend:             pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TerminationProtectionEnabled: pulumi.Bool(false),
})
var eventDataStoreResource = new EventDataStore("eventDataStoreResource", EventDataStoreArgs.builder()
    .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()
        .fieldSelectors(EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
            .endsWiths("string")
            .equals("string")
            .field("string")
            .notEndsWiths("string")
            .notEquals("string")
            .notStartsWiths("string")
            .startsWiths("string")
            .build())
        .name("string")
        .build())
    .billingMode("string")
    .kmsKeyId("string")
    .multiRegionEnabled(false)
    .name("string")
    .organizationEnabled(false)
    .retentionPeriod(0)
    .suspend("string")
    .tags(Map.of("string", "string"))
    .terminationProtectionEnabled(false)
    .build());
event_data_store_resource = aws.cloudtrail.EventDataStore("eventDataStoreResource",
    advanced_event_selectors=[{
        "field_selectors": [{
            "ends_withs": ["string"],
            "equals": ["string"],
            "field": "string",
            "not_ends_withs": ["string"],
            "not_equals": ["string"],
            "not_starts_withs": ["string"],
            "starts_withs": ["string"],
        }],
        "name": "string",
    }],
    billing_mode="string",
    kms_key_id="string",
    multi_region_enabled=False,
    name="string",
    organization_enabled=False,
    retention_period=0,
    suspend="string",
    tags={
        "string": "string",
    },
    termination_protection_enabled=False)
const eventDataStoreResource = new aws.cloudtrail.EventDataStore("eventDataStoreResource", {
    advancedEventSelectors: [{
        fieldSelectors: [{
            endsWiths: ["string"],
            equals: ["string"],
            field: "string",
            notEndsWiths: ["string"],
            notEquals: ["string"],
            notStartsWiths: ["string"],
            startsWiths: ["string"],
        }],
        name: "string",
    }],
    billingMode: "string",
    kmsKeyId: "string",
    multiRegionEnabled: false,
    name: "string",
    organizationEnabled: false,
    retentionPeriod: 0,
    suspend: "string",
    tags: {
        string: "string",
    },
    terminationProtectionEnabled: false,
});
type: aws:cloudtrail:EventDataStore
properties:
    advancedEventSelectors:
        - fieldSelectors:
            - endsWiths:
                - string
              equals:
                - string
              field: string
              notEndsWiths:
                - string
              notEquals:
                - string
              notStartsWiths:
                - string
              startsWiths:
                - string
          name: string
    billingMode: string
    kmsKeyId: string
    multiRegionEnabled: false
    name: string
    organizationEnabled: false
    retentionPeriod: 0
    suspend: string
    tags:
        string: string
    terminationProtectionEnabled: false
EventDataStore Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EventDataStore resource accepts the following input properties:
- AdvancedEvent List<EventSelectors Data Store Advanced Event Selector> 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- BillingMode string
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- KmsKey stringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- MultiRegion boolEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- Name string
- The name of the event data store.
- OrganizationEnabled bool
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- RetentionPeriod int
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- TerminationProtection boolEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- AdvancedEvent []EventSelectors Data Store Advanced Event Selector Args 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- BillingMode string
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- KmsKey stringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- MultiRegion boolEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- Name string
- The name of the event data store.
- OrganizationEnabled bool
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- RetentionPeriod int
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- TerminationProtection boolEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advancedEvent List<EventSelectors Data Store Advanced Event Selector> 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billingMode String
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kmsKey StringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multiRegion BooleanEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name String
- The name of the event data store.
- organizationEnabled Boolean
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retentionPeriod Integer
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- terminationProtection BooleanEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advancedEvent EventSelectors Data Store Advanced Event Selector[] 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billingMode string
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kmsKey stringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multiRegion booleanEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name string
- The name of the event data store.
- organizationEnabled boolean
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retentionPeriod number
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- terminationProtection booleanEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advanced_event_ Sequence[Eventselectors Data Store Advanced Event Selector Args] 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billing_mode str
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kms_key_ strid 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi_region_ boolenabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name str
- The name of the event data store.
- organization_enabled bool
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retention_period int
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend str
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- termination_protection_ boolenabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advancedEvent List<Property Map>Selectors 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billingMode String
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kmsKey StringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multiRegion BooleanEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name String
- The name of the event data store.
- organizationEnabled Boolean
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retentionPeriod Number
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- terminationProtection BooleanEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
Outputs
All input properties are implicitly available as output properties. Additionally, the EventDataStore resource produces the following output properties:
Look up Existing EventDataStore Resource
Get an existing EventDataStore resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EventDataStoreState, opts?: CustomResourceOptions): EventDataStore@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        advanced_event_selectors: Optional[Sequence[EventDataStoreAdvancedEventSelectorArgs]] = None,
        arn: Optional[str] = None,
        billing_mode: Optional[str] = None,
        kms_key_id: Optional[str] = None,
        multi_region_enabled: Optional[bool] = None,
        name: Optional[str] = None,
        organization_enabled: Optional[bool] = None,
        retention_period: Optional[int] = None,
        suspend: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        termination_protection_enabled: Optional[bool] = None) -> EventDataStorefunc GetEventDataStore(ctx *Context, name string, id IDInput, state *EventDataStoreState, opts ...ResourceOption) (*EventDataStore, error)public static EventDataStore Get(string name, Input<string> id, EventDataStoreState? state, CustomResourceOptions? opts = null)public static EventDataStore get(String name, Output<String> id, EventDataStoreState state, CustomResourceOptions options)resources:  _:    type: aws:cloudtrail:EventDataStore    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AdvancedEvent List<EventSelectors Data Store Advanced Event Selector> 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- Arn string
- ARN of the event data store.
- BillingMode string
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- KmsKey stringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- MultiRegion boolEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- Name string
- The name of the event data store.
- OrganizationEnabled bool
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- RetentionPeriod int
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider default_tagsconfiguration block.
- TerminationProtection boolEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- AdvancedEvent []EventSelectors Data Store Advanced Event Selector Args 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- Arn string
- ARN of the event data store.
- BillingMode string
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- KmsKey stringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- MultiRegion boolEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- Name string
- The name of the event data store.
- OrganizationEnabled bool
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- RetentionPeriod int
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider default_tagsconfiguration block.
- TerminationProtection boolEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advancedEvent List<EventSelectors Data Store Advanced Event Selector> 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn String
- ARN of the event data store.
- billingMode String
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kmsKey StringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multiRegion BooleanEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name String
- The name of the event data store.
- organizationEnabled Boolean
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retentionPeriod Integer
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider default_tagsconfiguration block.
- terminationProtection BooleanEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advancedEvent EventSelectors Data Store Advanced Event Selector[] 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn string
- ARN of the event data store.
- billingMode string
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kmsKey stringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multiRegion booleanEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name string
- The name of the event data store.
- organizationEnabled boolean
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retentionPeriod number
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider default_tagsconfiguration block.
- terminationProtection booleanEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advanced_event_ Sequence[Eventselectors Data Store Advanced Event Selector Args] 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn str
- ARN of the event data store.
- billing_mode str
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kms_key_ strid 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi_region_ boolenabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name str
- The name of the event data store.
- organization_enabled bool
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retention_period int
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend str
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider default_tagsconfiguration block.
- termination_protection_ boolenabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
- advancedEvent List<Property Map>Selectors 
- The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn String
- ARN of the event data store.
- billingMode String
- The billing mode for the event data store. The valid values are EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING.
- kmsKey StringId 
- Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multiRegion BooleanEnabled 
- Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default: true.
- name String
- The name of the event data store.
- organizationEnabled Boolean
- Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default: false.
- retentionPeriod Number
- The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default: 2555.
- suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider default_tagsconfiguration block.
- terminationProtection BooleanEnabled 
- Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default: true.
Supporting Types
EventDataStoreAdvancedEventSelector, EventDataStoreAdvancedEventSelectorArgs            
- FieldSelectors List<EventData Store Advanced Event Selector Field Selector> 
- Specifies the selector statements in an advanced event selector. Fields documented below.
- Name string
- Specifies the name of the advanced event selector.
- FieldSelectors []EventData Store Advanced Event Selector Field Selector 
- Specifies the selector statements in an advanced event selector. Fields documented below.
- Name string
- Specifies the name of the advanced event selector.
- fieldSelectors List<EventData Store Advanced Event Selector Field Selector> 
- Specifies the selector statements in an advanced event selector. Fields documented below.
- name String
- Specifies the name of the advanced event selector.
- fieldSelectors EventData Store Advanced Event Selector Field Selector[] 
- Specifies the selector statements in an advanced event selector. Fields documented below.
- name string
- Specifies the name of the advanced event selector.
- field_selectors Sequence[EventData Store Advanced Event Selector Field Selector] 
- Specifies the selector statements in an advanced event selector. Fields documented below.
- name str
- Specifies the name of the advanced event selector.
- fieldSelectors List<Property Map>
- Specifies the selector statements in an advanced event selector. Fields documented below.
- name String
- Specifies the name of the advanced event selector.
EventDataStoreAdvancedEventSelectorFieldSelector, EventDataStoreAdvancedEventSelectorFieldSelectorArgs                
- EndsWiths List<string>
- A list of values that includes events that match the last few characters of the event record field specified as the value of field.
- Equals List<string>
- A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields.
- Field string
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN.
- NotEnds List<string>Withs 
- A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
- NotEquals List<string>
- A list of values that excludes events that match the exact value of the event record field specified as the value of field.
- NotStarts List<string>Withs 
- A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
- StartsWiths List<string>
- A list of values that includes events that match the first few characters of the event record field specified as the value of field.
- EndsWiths []string
- A list of values that includes events that match the last few characters of the event record field specified as the value of field.
- Equals []string
- A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields.
- Field string
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN.
- NotEnds []stringWiths 
- A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
- NotEquals []string
- A list of values that excludes events that match the exact value of the event record field specified as the value of field.
- NotStarts []stringWiths 
- A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
- StartsWiths []string
- A list of values that includes events that match the first few characters of the event record field specified as the value of field.
- endsWiths List<String>
- A list of values that includes events that match the last few characters of the event record field specified as the value of field.
- equals_ List<String>
- A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields.
- field String
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN.
- notEnds List<String>Withs 
- A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
- notEquals List<String>
- A list of values that excludes events that match the exact value of the event record field specified as the value of field.
- notStarts List<String>Withs 
- A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
- startsWiths List<String>
- A list of values that includes events that match the first few characters of the event record field specified as the value of field.
- endsWiths string[]
- A list of values that includes events that match the last few characters of the event record field specified as the value of field.
- equals string[]
- A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields.
- field string
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN.
- notEnds string[]Withs 
- A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
- notEquals string[]
- A list of values that excludes events that match the exact value of the event record field specified as the value of field.
- notStarts string[]Withs 
- A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
- startsWiths string[]
- A list of values that includes events that match the first few characters of the event record field specified as the value of field.
- ends_withs Sequence[str]
- A list of values that includes events that match the last few characters of the event record field specified as the value of field.
- equals Sequence[str]
- A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields.
- field str
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN.
- not_ends_ Sequence[str]withs 
- A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
- not_equals Sequence[str]
- A list of values that excludes events that match the exact value of the event record field specified as the value of field.
- not_starts_ Sequence[str]withs 
- A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
- starts_withs Sequence[str]
- A list of values that includes events that match the first few characters of the event record field specified as the value of field.
- endsWiths List<String>
- A list of values that includes events that match the last few characters of the event record field specified as the value of field.
- equals List<String>
- A list of values that includes events that match the exact value of the event record field specified as the value of field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields.
- field String
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN.
- notEnds List<String>Withs 
- A list of values that excludes events that match the last few characters of the event record field specified as the value of field.
- notEquals List<String>
- A list of values that excludes events that match the exact value of the event record field specified as the value of field.
- notStarts List<String>Withs 
- A list of values that excludes events that match the first few characters of the event record field specified as the value of field.
- startsWiths List<String>
- A list of values that includes events that match the first few characters of the event record field specified as the value of field.
Import
Using pulumi import, import event data stores using their arn. For example:
$ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the awsTerraform Provider.