-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Amazon CloudTrail SDK.
--   
--   The types from this library are intended to be used with
--   <a>amazonka</a>, which provides mechanisms for specifying AuthN/AuthZ
--   information, sending requests, and receiving responses.
--   
--   Lenses are used for constructing and manipulating types, due to the
--   depth of nesting of AWS types and transparency regarding
--   de/serialisation into more palatable Haskell values. The provided
--   lenses should be compatible with any of the major lens libraries such
--   as <a>lens</a> or <a>lens-family-core</a>.
--   
--   See <a>Network.AWS.CloudTrail</a> or <a>the AWS documentation</a> to
--   get started.
@package amazonka-cloudtrail
@version 1.6.1


module Network.AWS.CloudTrail.Types

-- | API version <tt>2013-11-01</tt> of the Amazon CloudTrail SDK
--   configuration.
cloudTrail :: Service

-- | Occurs if the timestamp values are invalid. Either the start time
--   occurs after the end time or the time range is outside the range of
--   possible values.
_InvalidTimeRangeException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the policy on the S3 bucket is not
--   sufficient.
_InsufficientS3BucketPolicyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the maximum number of trails is reached.
_MaximumNumberOfTrailsExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the requested operation is not
--   supported.
_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is deprecated.
_KMSKeyDisabledException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the policy on the S3 bucket or KMS key
--   is not sufficient.
_InsufficientEncryptionPolicyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the policy on the SNS topic is not
--   sufficient.
_InsufficientSNSTopicPolicyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided role is not valid.
_InvalidCloudWatchLogsRoleARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The number of tags per trail has exceeded the permitted amount.
--   Currently, the limit is 50.
_TagsLimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when an operation is called with an invalid
--   trail ARN. The format of a trail ARN is:
--   
--   <pre>
--   arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail
--   </pre>
_CloudTrailARNInvalidException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Occurs when an invalid lookup attribute is specified.
_InvalidLookupAttributesException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided trail name is not valid.
--   Trail names must meet the following requirements:
--   
--   <ul>
--   <li>Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
--   underscores (_), or dashes (-)</li>
--   <li>Start with a letter or number, and end with a letter or
--   number</li>
--   <li>Be between 3 and 128 characters</li>
--   <li>Have no adjacent periods, underscores or dashes. Names like
--   <tt>my-_namespace</tt> and <tt>my--namespace</tt> are invalid.</li>
--   <li>Not be in IP address format (for example, 192.168.5.4)</li>
--   </ul>
_InvalidTrailNameException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided SNS topic name is not
--   valid.
_InvalidSNSTopicNameException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified resource type is not
--   supported by CloudTrail.
_ResourceTypeNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Cannot set a CloudWatch Logs delivery for this region.
_CloudWatchLogsDeliveryUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the KMS key does not exist, or when the
--   S3 bucket and the KMS key are not in the same region.
_KMSKeyNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the trail with the given name is not
--   found.
_TrailNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the <tt>PutEventSelectors</tt> operation
--   is called with an invalid number of event selectors, data resources,
--   or an invalid value for a parameter:
--   
--   <ul>
--   <li>Specify a valid number of event selectors (1 to 5) for a
--   trail.</li>
--   <li>Specify a valid number of data resources (1 to 250) for an event
--   selector.</li>
--   <li>Specify a valid value for a parameter. For example, specifying the
--   <tt>ReadWriteType</tt> parameter with a value of <tt>read-only</tt> is
--   invalid.</li>
--   </ul>
_InvalidEventSelectorsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is deprecated.
_TrailNotProvidedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided S3 bucket name is not
--   valid.
_InvalidS3BucketNameException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided CloudWatch log group is not
--   valid.
_InvalidCloudWatchLogsLogGroupARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when there is an issue with the specified KMS
--   key and the trail can’t be updated.
_KMSException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified S3 bucket does not exist.
_S3BucketDoesNotExistException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Invalid token or token that was previously used in a request with
--   different parameters. This exception is thrown if the token is
--   invalid.
_InvalidNextTokenException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the key or value specified for the tag
--   does not match the regular expression
--   <tt>^([\p{L}\p{Z}\p{N}_.:/=+\-</tt>]*)$@ .
_InvalidTagParameterException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the requested operation is not
--   permitted.
_OperationNotPermittedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Reserved for future use.
_InvalidTokenException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown if the limit specified is invalid.
_InvalidMaxResultsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified trail already exists.
_TrailAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided S3 prefix is not valid.
_InvalidS3PrefixException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified resource is not found.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the combination of parameters provided
--   is not valid.
_InvalidParameterCombinationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the KMS key ARN is invalid.
_InvalidKMSKeyIdException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when an operation is called on a trail from a
--   region other than the region in which the trail was created.
_InvalidHomeRegionException :: AsError a => Getting (First ServiceError) a ServiceError
data LookupAttributeKey
EventId :: LookupAttributeKey
EventName :: LookupAttributeKey
EventSource :: LookupAttributeKey
ResourceName :: LookupAttributeKey
ResourceType :: LookupAttributeKey
Username :: LookupAttributeKey
data ReadWriteType
All :: ReadWriteType
ReadOnly :: ReadWriteType
WriteOnly :: ReadWriteType

-- | The Amazon S3 objects that you specify in your event selectors for
--   your trail to log data events. Data events are object-level API
--   operations that access S3 objects, such as <tt>GetObject</tt> ,
--   <tt>DeleteObject</tt> , and <tt>PutObject</tt> . You can specify up to
--   250 S3 buckets and object prefixes for a trail.
--   
--   Example
--   
--   <ul>
--   <li>You create an event selector for a trail and specify an S3 bucket
--   and an empty prefix, such as <tt>arn:aws:s3:::bucket-1/</tt> .</li>
--   <li>You upload an image file to <tt>bucket-1</tt> .</li>
--   <li>The <tt>PutObject</tt> API operation occurs on an object in the S3
--   bucket that you specified in the event selector. The trail processes
--   and logs the event.</li>
--   <li>You upload another image file to a different S3 bucket named
--   <tt>arn:aws:s3:::bucket-2</tt> .</li>
--   <li>The event occurs on an object in an S3 bucket that you didn't
--   specify in the event selector. The trail doesn’t log the event.</li>
--   </ul>
--   
--   <i>See:</i> <a>dataResource</a> smart constructor.
data DataResource

-- | Creates a value of <a>DataResource</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>drValues</a> - A list of ARN-like strings for the specified S3
--   objects. To log data events for all objects in an S3 bucket, specify
--   the bucket and an empty object prefix such as
--   <tt>arn:aws:s3:::bucket-1/</tt> . The trail logs data events for all
--   objects in this S3 bucket. To log data events for specific objects,
--   specify the S3 bucket and object prefix such as
--   <tt>arn:aws:s3:::bucket-1/example-images</tt> . The trail logs data
--   events for objects in this S3 bucket that match the prefix.</li>
--   <li><a>drType</a> - The resource type in which you want to log data
--   events. You can specify only the following value:
--   <tt>AWS::S3::Object</tt> .</li>
--   </ul>
dataResource :: DataResource

-- | A list of ARN-like strings for the specified S3 objects. To log data
--   events for all objects in an S3 bucket, specify the bucket and an
--   empty object prefix such as <tt>arn:aws:s3:::bucket-1/</tt> . The
--   trail logs data events for all objects in this S3 bucket. To log data
--   events for specific objects, specify the S3 bucket and object prefix
--   such as <tt>arn:aws:s3:::bucket-1/example-images</tt> . The trail logs
--   data events for objects in this S3 bucket that match the prefix.
drValues :: Lens' DataResource [Text]

-- | The resource type in which you want to log data events. You can
--   specify only the following value: <tt>AWS::S3::Object</tt> .
drType :: Lens' DataResource (Maybe Text)

-- | Contains information about an event that was returned by a lookup
--   request. The result includes a representation of a CloudTrail event.
--   
--   <i>See:</i> <a>event</a> smart constructor.
data Event

-- | Creates a value of <a>Event</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>eUsername</a> - A user name or role name of the requester that
--   called the API in the event returned.</li>
--   <li><a>eResources</a> - A list of resources referenced by the event
--   returned.</li>
--   <li><a>eEventTime</a> - The date and time of the event returned.</li>
--   <li><a>eCloudTrailEvent</a> - A JSON string that contains a
--   representation of the event returned.</li>
--   <li><a>eEventName</a> - The name of the event returned.</li>
--   <li><a>eEventSource</a> - The AWS service that the request was made
--   to.</li>
--   <li><a>eEventId</a> - The CloudTrail ID of the event returned.</li>
--   </ul>
event :: Event

-- | A user name or role name of the requester that called the API in the
--   event returned.
eUsername :: Lens' Event (Maybe Text)

-- | A list of resources referenced by the event returned.
eResources :: Lens' Event [Resource]

-- | The date and time of the event returned.
eEventTime :: Lens' Event (Maybe UTCTime)

-- | A JSON string that contains a representation of the event returned.
eCloudTrailEvent :: Lens' Event (Maybe Text)

-- | The name of the event returned.
eEventName :: Lens' Event (Maybe Text)

-- | The AWS service that the request was made to.
eEventSource :: Lens' Event (Maybe Text)

-- | The CloudTrail ID of the event returned.
eEventId :: Lens' Event (Maybe Text)

-- | Use event selectors to specify whether you want your trail to log
--   management and/or data events. When an event occurs in your account,
--   CloudTrail evaluates the event selector for all trails. For each
--   trail, if the event matches any event selector, the trail processes
--   and logs the event. If the event doesn't match any event selector, the
--   trail doesn't log the event.
--   
--   You can configure up to five event selectors for a trail.
--   
--   <i>See:</i> <a>eventSelector</a> smart constructor.
data EventSelector

-- | Creates a value of <a>EventSelector</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>esDataResources</a> - CloudTrail supports logging only data
--   events for S3 objects. You can specify up to 250 S3 buckets and object
--   prefixes for a trail. For more information, see <a>Data Events</a> in
--   the <i>AWS CloudTrail User Guide</i> .</li>
--   <li><a>esReadWriteType</a> - Specify if you want your trail to log
--   read-only events, write-only events, or all. For example, the EC2
--   <tt>GetConsoleOutput</tt> is a read-only API operation and
--   <tt>RunInstances</tt> is a write-only API operation. By default, the
--   value is <tt>All</tt> .</li>
--   <li><a>esIncludeManagementEvents</a> - Specify if you want your event
--   selector to include management events for your trail. For more
--   information, see <a>Management Events</a> in the <i>AWS CloudTrail
--   User Guide</i> . By default, the value is <tt>true</tt> .</li>
--   </ul>
eventSelector :: EventSelector

-- | CloudTrail supports logging only data events for S3 objects. You can
--   specify up to 250 S3 buckets and object prefixes for a trail. For more
--   information, see <a>Data Events</a> in the <i>AWS CloudTrail User
--   Guide</i> .
esDataResources :: Lens' EventSelector [DataResource]

-- | Specify if you want your trail to log read-only events, write-only
--   events, or all. For example, the EC2 <tt>GetConsoleOutput</tt> is a
--   read-only API operation and <tt>RunInstances</tt> is a write-only API
--   operation. By default, the value is <tt>All</tt> .
esReadWriteType :: Lens' EventSelector (Maybe ReadWriteType)

-- | Specify if you want your event selector to include management events
--   for your trail. For more information, see <a>Management Events</a> in
--   the <i>AWS CloudTrail User Guide</i> . By default, the value is
--   <tt>true</tt> .
esIncludeManagementEvents :: Lens' EventSelector (Maybe Bool)

-- | Specifies an attribute and value that filter the events returned.
--   
--   <i>See:</i> <a>lookupAttribute</a> smart constructor.
data LookupAttribute

-- | Creates a value of <a>LookupAttribute</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>laAttributeKey</a> - Specifies an attribute on which to filter
--   the events returned.</li>
--   <li><a>laAttributeValue</a> - Specifies a value for the specified
--   AttributeKey.</li>
--   </ul>
lookupAttribute :: LookupAttributeKey -> Text -> LookupAttribute

-- | Specifies an attribute on which to filter the events returned.
laAttributeKey :: Lens' LookupAttribute LookupAttributeKey

-- | Specifies a value for the specified AttributeKey.
laAttributeValue :: Lens' LookupAttribute Text

-- | Contains information about a returned public key.
--   
--   <i>See:</i> <a>publicKey</a> smart constructor.
data PublicKey

-- | Creates a value of <a>PublicKey</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pkFingerprint</a> - The fingerprint of the public key.</li>
--   <li><a>pkValidityEndTime</a> - The ending time of validity of the
--   public key.</li>
--   <li><a>pkValue</a> - The DER encoded public key value in PKCS#1
--   format.-- <i>Note:</i> This <tt>Lens</tt> automatically encodes and
--   decodes Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>pkValidityStartTime</a> - The starting time of validity of the
--   public key.</li>
--   </ul>
publicKey :: PublicKey

-- | The fingerprint of the public key.
pkFingerprint :: Lens' PublicKey (Maybe Text)

-- | The ending time of validity of the public key.
pkValidityEndTime :: Lens' PublicKey (Maybe UTCTime)

-- | The DER encoded public key value in PKCS#1 format.-- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.
pkValue :: Lens' PublicKey (Maybe ByteString)

-- | The starting time of validity of the public key.
pkValidityStartTime :: Lens' PublicKey (Maybe UTCTime)

-- | Specifies the type and name of a resource referenced by an event.
--   
--   <i>See:</i> <a>resource</a> smart constructor.
data Resource

-- | Creates a value of <a>Resource</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rResourceType</a> - The type of a resource referenced by the
--   event returned. When the resource type cannot be determined, null is
--   returned. Some examples of resource types are: <b>Instance</b> for
--   EC2, <b>Trail</b> for CloudTrail, <b>DBInstance</b> for RDS, and
--   <b>AccessKey</b> for IAM. For a list of resource types supported for
--   event lookup, see <a>Resource Types Supported for Event Lookup</a>
--   .</li>
--   <li><a>rResourceName</a> - The name of the resource referenced by the
--   event returned. These are user-created names whose values will depend
--   on the environment. For example, the resource name might be
--   "auto-scaling-test-group" for an Auto Scaling Group or "i-1234567" for
--   an EC2 Instance.</li>
--   </ul>
resource :: Resource

-- | The type of a resource referenced by the event returned. When the
--   resource type cannot be determined, null is returned. Some examples of
--   resource types are: <b>Instance</b> for EC2, <b>Trail</b> for
--   CloudTrail, <b>DBInstance</b> for RDS, and <b>AccessKey</b> for IAM.
--   For a list of resource types supported for event lookup, see
--   <a>Resource Types Supported for Event Lookup</a> .
rResourceType :: Lens' Resource (Maybe Text)

-- | The name of the resource referenced by the event returned. These are
--   user-created names whose values will depend on the environment. For
--   example, the resource name might be "auto-scaling-test-group" for an
--   Auto Scaling Group or "i-1234567" for an EC2 Instance.
rResourceName :: Lens' Resource (Maybe Text)

-- | A resource tag.
--   
--   <i>See:</i> <a>resourceTag</a> smart constructor.
data ResourceTag

-- | Creates a value of <a>ResourceTag</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rResourceId</a> - Specifies the ARN of the resource.</li>
--   <li><a>rTagsList</a> - A list of tags.</li>
--   </ul>
resourceTag :: ResourceTag

-- | Specifies the ARN of the resource.
rResourceId :: Lens' ResourceTag (Maybe Text)

-- | A list of tags.
rTagsList :: Lens' ResourceTag [Tag]

-- | A custom key-value pair associated with a resource such as a
--   CloudTrail trail.
--   
--   <i>See:</i> <a>tag</a> smart constructor.
data Tag

-- | Creates a value of <a>Tag</a> with the minimum fields required to make
--   a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tagValue</a> - The value in a key-value pair of a tag. The
--   value must be no longer than 256 Unicode characters.</li>
--   <li><a>tagKey</a> - The key in a key-value pair. The key must be must
--   be no longer than 128 Unicode characters. The key must be unique for
--   the resource to which it applies.</li>
--   </ul>
tag :: Text -> Tag

-- | The value in a key-value pair of a tag. The value must be no longer
--   than 256 Unicode characters.
tagValue :: Lens' Tag (Maybe Text)

-- | The key in a key-value pair. The key must be must be no longer than
--   128 Unicode characters. The key must be unique for the resource to
--   which it applies.
tagKey :: Lens' Tag Text

-- | The settings for a trail.
--   
--   <i>See:</i> <a>trail</a> smart constructor.
data Trail

-- | Creates a value of <a>Trail</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tLogFileValidationEnabled</a> - Specifies whether log file
--   validation is enabled.</li>
--   <li><a>tTrailARN</a> - Specifies the ARN of the trail. The format of a
--   trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   <li><a>tS3KeyPrefix</a> - Specifies the Amazon S3 key prefix that
--   comes after the name of the bucket you have designated for log file
--   delivery. For more information, see <a>Finding Your CloudTrail Log
--   Files</a> .The maximum length is 200 characters.</li>
--   <li><a>tSNSTopicARN</a> - Specifies the ARN of the Amazon SNS topic
--   that CloudTrail uses to send notifications when log files are
--   delivered. The format of a topic ARN is:
--   <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt></li>
--   <li><a>tSNSTopicName</a> - This field is deprecated. Use
--   SnsTopicARN.</li>
--   <li><a>tCloudWatchLogsLogGroupARN</a> - Specifies an Amazon Resource
--   Name (ARN), a unique identifier that represents the log group to which
--   CloudTrail logs will be delivered.</li>
--   <li><a>tKMSKeyId</a> - Specifies the KMS key ID that encrypts the logs
--   delivered by CloudTrail. The value is a fully specified ARN to a KMS
--   key in the format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>tHomeRegion</a> - The region in which the trail was
--   created.</li>
--   <li><a>tName</a> - Name of the trail set by calling
--   <tt>CreateTrail</tt> . The maximum length is 128 characters.</li>
--   <li><a>tIncludeGlobalServiceEvents</a> - Set to <b>True</b> to include
--   AWS API calls from AWS global services such as IAM. Otherwise,
--   <b>False</b> .</li>
--   <li><a>tHasCustomEventSelectors</a> - Specifies if the trail has
--   custom event selectors.</li>
--   <li><a>tCloudWatchLogsRoleARN</a> - Specifies the role for the
--   CloudWatch Logs endpoint to assume to write to a user's log
--   group.</li>
--   <li><a>tS3BucketName</a> - Name of the Amazon S3 bucket into which
--   CloudTrail delivers your trail files. See <a>Amazon S3 Bucket Naming
--   Requirements</a> .</li>
--   <li><a>tIsMultiRegionTrail</a> - Specifies whether the trail belongs
--   only to one region or exists in all regions.</li>
--   </ul>
trail :: Trail

-- | Specifies whether log file validation is enabled.
tLogFileValidationEnabled :: Lens' Trail (Maybe Bool)

-- | Specifies the ARN of the trail. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
tTrailARN :: Lens' Trail (Maybe Text)

-- | Specifies the Amazon S3 key prefix that comes after the name of the
--   bucket you have designated for log file delivery. For more
--   information, see <a>Finding Your CloudTrail Log Files</a> .The maximum
--   length is 200 characters.
tS3KeyPrefix :: Lens' Trail (Maybe Text)

-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
--   notifications when log files are delivered. The format of a topic ARN
--   is: <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt>
tSNSTopicARN :: Lens' Trail (Maybe Text)

-- | This field is deprecated. Use SnsTopicARN.
tSNSTopicName :: Lens' Trail (Maybe Text)

-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
--   represents the log group to which CloudTrail logs will be delivered.
tCloudWatchLogsLogGroupARN :: Lens' Trail (Maybe Text)

-- | Specifies the KMS key ID that encrypts the logs delivered by
--   CloudTrail. The value is a fully specified ARN to a KMS key in the
--   format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt>
tKMSKeyId :: Lens' Trail (Maybe Text)

-- | The region in which the trail was created.
tHomeRegion :: Lens' Trail (Maybe Text)

-- | Name of the trail set by calling <tt>CreateTrail</tt> . The maximum
--   length is 128 characters.
tName :: Lens' Trail (Maybe Text)

-- | Set to <b>True</b> to include AWS API calls from AWS global services
--   such as IAM. Otherwise, <b>False</b> .
tIncludeGlobalServiceEvents :: Lens' Trail (Maybe Bool)

-- | Specifies if the trail has custom event selectors.
tHasCustomEventSelectors :: Lens' Trail (Maybe Bool)

-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
--   to a user's log group.
tCloudWatchLogsRoleARN :: Lens' Trail (Maybe Text)

-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
--   files. See <a>Amazon S3 Bucket Naming Requirements</a> .
tS3BucketName :: Lens' Trail (Maybe Text)

-- | Specifies whether the trail belongs only to one region or exists in
--   all regions.
tIsMultiRegionTrail :: Lens' Trail (Maybe Bool)


-- | Suspends the recording of AWS API calls and log file delivery for the
--   specified trail. Under most circumstances, there is no need to use
--   this action. You can update a trail without stopping it first. This
--   action is the only way to stop recording. For a trail enabled in all
--   regions, this operation must be called from the region in which the
--   trail was created, or an <tt>InvalidHomeRegionException</tt> will
--   occur. This operation cannot be called on the shadow trails
--   (replicated trails in other regions) of a trail enabled in all
--   regions.
module Network.AWS.CloudTrail.StopLogging

-- | Creates a value of <a>StopLogging</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>slName</a> - Specifies the name or the CloudTrail ARN of the
--   trail for which CloudTrail will stop logging AWS API calls. The format
--   of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
stopLogging :: Text -> StopLogging

-- | Passes the request to CloudTrail to stop logging AWS API calls for the
--   specified account.
--   
--   <i>See:</i> <a>stopLogging</a> smart constructor.
data StopLogging

-- | Specifies the name or the CloudTrail ARN of the trail for which
--   CloudTrail will stop logging AWS API calls. The format of a trail ARN
--   is: <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
slName :: Lens' StopLogging Text

-- | Creates a value of <a>StopLoggingResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>slrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
stopLoggingResponse :: Int -> StopLoggingResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>stopLoggingResponse</a> smart constructor.
data StopLoggingResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
slrsResponseStatus :: Lens' StopLoggingResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.StopLogging.StopLoggingResponse
instance Data.Data.Data Network.AWS.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Show.Show Network.AWS.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Read.Read Network.AWS.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.StopLogging.StopLogging
instance Data.Data.Data Network.AWS.CloudTrail.StopLogging.StopLogging
instance GHC.Show.Show Network.AWS.CloudTrail.StopLogging.StopLogging
instance GHC.Read.Read Network.AWS.CloudTrail.StopLogging.StopLogging
instance GHC.Classes.Eq Network.AWS.CloudTrail.StopLogging.StopLogging
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.StopLogging.StopLogging
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.StopLogging.StopLoggingResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.StopLogging.StopLogging
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.StopLogging.StopLogging
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.StopLogging.StopLogging
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.StopLogging.StopLogging
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.StopLogging.StopLogging
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.StopLogging.StopLogging


-- | Starts the recording of AWS API calls and log file delivery for a
--   trail. For a trail that is enabled in all regions, this operation must
--   be called from the region in which the trail was created. This
--   operation cannot be called on the shadow trails (replicated trails in
--   other regions) of a trail that is enabled in all regions.
module Network.AWS.CloudTrail.StartLogging

-- | Creates a value of <a>StartLogging</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>sName</a> - Specifies the name or the CloudTrail ARN of the
--   trail for which CloudTrail logs AWS API calls. The format of a trail
--   ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
startLogging :: Text -> StartLogging

-- | The request to CloudTrail to start logging AWS API calls for an
--   account.
--   
--   <i>See:</i> <a>startLogging</a> smart constructor.
data StartLogging

-- | Specifies the name or the CloudTrail ARN of the trail for which
--   CloudTrail logs AWS API calls. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
sName :: Lens' StartLogging Text

-- | Creates a value of <a>StartLoggingResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>srsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
startLoggingResponse :: Int -> StartLoggingResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>startLoggingResponse</a> smart constructor.
data StartLoggingResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
srsResponseStatus :: Lens' StartLoggingResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.StartLogging.StartLoggingResponse
instance Data.Data.Data Network.AWS.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Show.Show Network.AWS.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Read.Read Network.AWS.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.StartLogging.StartLogging
instance Data.Data.Data Network.AWS.CloudTrail.StartLogging.StartLogging
instance GHC.Show.Show Network.AWS.CloudTrail.StartLogging.StartLogging
instance GHC.Read.Read Network.AWS.CloudTrail.StartLogging.StartLogging
instance GHC.Classes.Eq Network.AWS.CloudTrail.StartLogging.StartLogging
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.StartLogging.StartLogging
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.StartLogging.StartLoggingResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.StartLogging.StartLogging
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.StartLogging.StartLogging
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.StartLogging.StartLogging
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.StartLogging.StartLogging
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.StartLogging.StartLogging
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.StartLogging.StartLogging


-- | Removes the specified tags from a trail.
module Network.AWS.CloudTrail.RemoveTags

-- | Creates a value of <a>RemoveTags</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rtTagsList</a> - Specifies a list of tags to be removed.</li>
--   <li><a>rtResourceId</a> - Specifies the ARN of the trail from which
--   tags should be removed. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
removeTags :: Text -> RemoveTags

-- | Specifies the tags to remove from a trail.
--   
--   <i>See:</i> <a>removeTags</a> smart constructor.
data RemoveTags

-- | Specifies a list of tags to be removed.
rtTagsList :: Lens' RemoveTags [Tag]

-- | Specifies the ARN of the trail from which tags should be removed. The
--   format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
rtResourceId :: Lens' RemoveTags Text

-- | Creates a value of <a>RemoveTagsResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rtrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
removeTagsResponse :: Int -> RemoveTagsResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>removeTagsResponse</a> smart constructor.
data RemoveTagsResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
rtrsResponseStatus :: Lens' RemoveTagsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.RemoveTags.RemoveTagsResponse
instance Data.Data.Data Network.AWS.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Data.Data.Data Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance GHC.Show.Show Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance GHC.Read.Read Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance GHC.Classes.Eq Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.RemoveTags.RemoveTagsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.RemoveTags.RemoveTags
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.RemoveTags.RemoveTags


-- | Configures an event selector for your trail. Use event selectors to
--   specify whether you want your trail to log management and/or data
--   events. When an event occurs in your account, CloudTrail evaluates the
--   event selectors in all trails. For each trail, if the event matches
--   any event selector, the trail processes and logs the event. If the
--   event doesn't match any event selector, the trail doesn't log the
--   event.
--   
--   Example
--   
--   <ul>
--   <li>You create an event selector for a trail and specify that you want
--   write-only events.</li>
--   <li>The EC2 <tt>GetConsoleOutput</tt> and <tt>RunInstances</tt> API
--   operations occur in your account.</li>
--   <li>CloudTrail evaluates whether the events match your event
--   selectors.</li>
--   <li>The <tt>RunInstances</tt> is a write-only event and it matches
--   your event selector. The trail logs the event.</li>
--   <li>The <tt>GetConsoleOutput</tt> is a read-only event but it doesn't
--   match your event selector. The trail doesn't log the event.</li>
--   </ul>
--   
--   The <tt>PutEventSelectors</tt> operation must be called from the
--   region in which the trail was created; otherwise, an
--   <tt>InvalidHomeRegionException</tt> is thrown.
--   
--   You can configure up to five event selectors for each trail. For more
--   information, see <a>Logging Data and Management Events for Trails</a>
--   in the <i>AWS CloudTrail User Guide</i> .
module Network.AWS.CloudTrail.PutEventSelectors

-- | Creates a value of <a>PutEventSelectors</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pesTrailName</a> - Specifies the name of the trail or trail
--   ARN. If you specify a trail name, the string must meet the following
--   requirements: * Contain only ASCII letters (a-z, A-Z), numbers (0-9),
--   periods (.), underscores (_), or dashes (-) * Start with a letter or
--   number, and end with a letter or number * Be between 3 and 128
--   characters * Have no adjacent periods, underscores or dashes. Names
--   like <tt>my-_namespace</tt> and <tt>my--namespace</tt> are invalid. *
--   Not be in IP address format (for example, 192.168.5.4) If you specify
--   a trail ARN, it must be in the format:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   <li><a>pesEventSelectors</a> - Specifies the settings for your event
--   selectors. You can configure up to five event selectors for a
--   trail.</li>
--   </ul>
putEventSelectors :: Text -> PutEventSelectors

-- | <i>See:</i> <a>putEventSelectors</a> smart constructor.
data PutEventSelectors

-- | Specifies the name of the trail or trail ARN. If you specify a trail
--   name, the string must meet the following requirements: * Contain only
--   ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_),
--   or dashes (-) * Start with a letter or number, and end with a letter
--   or number * Be between 3 and 128 characters * Have no adjacent
--   periods, underscores or dashes. Names like <tt>my-_namespace</tt> and
--   <tt>my--namespace</tt> are invalid. * Not be in IP address format (for
--   example, 192.168.5.4) If you specify a trail ARN, it must be in the
--   format:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
pesTrailName :: Lens' PutEventSelectors Text

-- | Specifies the settings for your event selectors. You can configure up
--   to five event selectors for a trail.
pesEventSelectors :: Lens' PutEventSelectors [EventSelector]

-- | Creates a value of <a>PutEventSelectorsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pesrsTrailARN</a> - Specifies the ARN of the trail that was
--   updated with event selectors. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   <li><a>pesrsEventSelectors</a> - Specifies the event selectors
--   configured for your trail.</li>
--   <li><a>pesrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
putEventSelectorsResponse :: Int -> PutEventSelectorsResponse

-- | <i>See:</i> <a>putEventSelectorsResponse</a> smart constructor.
data PutEventSelectorsResponse

-- | Specifies the ARN of the trail that was updated with event selectors.
--   The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
pesrsTrailARN :: Lens' PutEventSelectorsResponse (Maybe Text)

-- | Specifies the event selectors configured for your trail.
pesrsEventSelectors :: Lens' PutEventSelectorsResponse [EventSelector]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
pesrsResponseStatus :: Lens' PutEventSelectorsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance Data.Data.Data Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Data.Data.Data Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Show.Show Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Read.Read Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Classes.Eq Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.PutEventSelectors.PutEventSelectors


-- | Looks up API activity events captured by CloudTrail that create,
--   update, or delete resources in your account. Events for a region can
--   be looked up for the times in which you had CloudTrail turned on in
--   that region during the last seven days. Lookup supports the following
--   attributes:
--   
--   <ul>
--   <li>Event ID</li>
--   <li>Event name</li>
--   <li>Event source</li>
--   <li>Resource name</li>
--   <li>Resource type</li>
--   <li>User name</li>
--   </ul>
--   
--   All attributes are optional. The default number of results returned is
--   10, with a maximum of 50 possible. The response includes a token that
--   you can use to get the next page of results.
--   
--   <i>Important:</i> The rate of lookup requests is limited to one per
--   second per account. If this limit is exceeded, a throttling error
--   occurs.
--   
--   <i>Important:</i> Events that occurred during the selected time range
--   will not be available for lookup if CloudTrail logging was not enabled
--   when the events occurred.
--   
--   This operation returns paginated results.
module Network.AWS.CloudTrail.LookupEvents

-- | Creates a value of <a>LookupEvents</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>leStartTime</a> - Specifies that only events that occur after
--   or at the specified time are returned. If the specified start time is
--   after the specified end time, an error is returned.</li>
--   <li><a>leLookupAttributes</a> - Contains a list of lookup attributes.
--   Currently the list can contain only one item.</li>
--   <li><a>leNextToken</a> - The token to use to get the next page of
--   results after a previous API call. This token must be passed in with
--   the same parameters that were specified in the the original call. For
--   example, if the original call specified an AttributeKey of
--   <a>Username</a> with a value of <tt>root</tt>, the call with NextToken
--   should include those same parameters.</li>
--   <li><a>leEndTime</a> - Specifies that only events that occur before or
--   at the specified time are returned. If the specified end time is
--   before the specified start time, an error is returned.</li>
--   <li><a>leMaxResults</a> - The number of events to return. Possible
--   values are 1 through 50. The default is 10.</li>
--   </ul>
lookupEvents :: LookupEvents

-- | Contains a request for LookupEvents.
--   
--   <i>See:</i> <a>lookupEvents</a> smart constructor.
data LookupEvents

-- | Specifies that only events that occur after or at the specified time
--   are returned. If the specified start time is after the specified end
--   time, an error is returned.
leStartTime :: Lens' LookupEvents (Maybe UTCTime)

-- | Contains a list of lookup attributes. Currently the list can contain
--   only one item.
leLookupAttributes :: Lens' LookupEvents [LookupAttribute]

-- | The token to use to get the next page of results after a previous API
--   call. This token must be passed in with the same parameters that were
--   specified in the the original call. For example, if the original call
--   specified an AttributeKey of <a>Username</a> with a value of
--   <tt>root</tt>, the call with NextToken should include those same
--   parameters.
leNextToken :: Lens' LookupEvents (Maybe Text)

-- | Specifies that only events that occur before or at the specified time
--   are returned. If the specified end time is before the specified start
--   time, an error is returned.
leEndTime :: Lens' LookupEvents (Maybe UTCTime)

-- | The number of events to return. Possible values are 1 through 50. The
--   default is 10.
leMaxResults :: Lens' LookupEvents (Maybe Natural)

-- | Creates a value of <a>LookupEventsResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lersNextToken</a> - The token to use to get the next page of
--   results after a previous API call. If the token does not appear, there
--   are no more results to return. The token must be passed in with the
--   same parameters as the previous call. For example, if the original
--   call specified an AttributeKey of <a>Username</a> with a value of
--   <tt>root</tt>, the call with NextToken should include those same
--   parameters.</li>
--   <li><a>lersEvents</a> - A list of events returned based on the lookup
--   attributes specified and the CloudTrail event. The events list is
--   sorted by time. The most recent event is listed first.</li>
--   <li><a>lersResponseStatus</a> - -- | The response status code.</li>
--   </ul>
lookupEventsResponse :: Int -> LookupEventsResponse

-- | Contains a response to a LookupEvents action.
--   
--   <i>See:</i> <a>lookupEventsResponse</a> smart constructor.
data LookupEventsResponse

-- | The token to use to get the next page of results after a previous API
--   call. If the token does not appear, there are no more results to
--   return. The token must be passed in with the same parameters as the
--   previous call. For example, if the original call specified an
--   AttributeKey of <a>Username</a> with a value of <tt>root</tt>, the
--   call with NextToken should include those same parameters.
lersNextToken :: Lens' LookupEventsResponse (Maybe Text)

-- | A list of events returned based on the lookup attributes specified and
--   the CloudTrail event. The events list is sorted by time. The most
--   recent event is listed first.
lersEvents :: Lens' LookupEventsResponse [Event]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lersResponseStatus :: Lens' LookupEventsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.LookupEvents.LookupEventsResponse
instance Data.Data.Data Network.AWS.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Data.Data.Data Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance GHC.Show.Show Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance GHC.Read.Read Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance GHC.Classes.Eq Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.LookupEvents.LookupEventsResponse
instance Network.AWS.Pager.AWSPager Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.LookupEvents.LookupEvents
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.LookupEvents.LookupEvents


-- | Lists the tags for the trail in the current region.
module Network.AWS.CloudTrail.ListTags

-- | Creates a value of <a>ListTags</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ltNextToken</a> - Reserved for future use.</li>
--   <li><a>ltResourceIdList</a> - Specifies a list of trail ARNs whose
--   tags will be listed. The list has a limit of 20 ARNs. The format of a
--   trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
listTags :: ListTags

-- | Specifies a list of trail tags to return.
--   
--   <i>See:</i> <a>listTags</a> smart constructor.
data ListTags

-- | Reserved for future use.
ltNextToken :: Lens' ListTags (Maybe Text)

-- | Specifies a list of trail ARNs whose tags will be listed. The list has
--   a limit of 20 ARNs. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
ltResourceIdList :: Lens' ListTags [Text]

-- | Creates a value of <a>ListTagsResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ltrsNextToken</a> - Reserved for future use.</li>
--   <li><a>ltrsResourceTagList</a> - A list of resource tags.</li>
--   <li><a>ltrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listTagsResponse :: Int -> ListTagsResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>listTagsResponse</a> smart constructor.
data ListTagsResponse

-- | Reserved for future use.
ltrsNextToken :: Lens' ListTagsResponse (Maybe Text)

-- | A list of resource tags.
ltrsResourceTagList :: Lens' ListTagsResponse [ResourceTag]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ltrsResponseStatus :: Lens' ListTagsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.ListTags.ListTagsResponse
instance Data.Data.Data Network.AWS.CloudTrail.ListTags.ListTagsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.ListTags.ListTagsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.ListTags.ListTagsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.ListTags.ListTagsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.ListTags.ListTags
instance Data.Data.Data Network.AWS.CloudTrail.ListTags.ListTags
instance GHC.Show.Show Network.AWS.CloudTrail.ListTags.ListTags
instance GHC.Read.Read Network.AWS.CloudTrail.ListTags.ListTags
instance GHC.Classes.Eq Network.AWS.CloudTrail.ListTags.ListTags
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.ListTags.ListTags
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.ListTags.ListTagsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.ListTags.ListTags
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.ListTags.ListTags
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.ListTags.ListTags
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.ListTags.ListTags
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.ListTags.ListTags
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.ListTags.ListTags


-- | Returns all public keys whose private keys were used to sign the
--   digest files within the specified time range. The public key is needed
--   to validate digest files that were signed with its corresponding
--   private key.
module Network.AWS.CloudTrail.ListPublicKeys

-- | Creates a value of <a>ListPublicKeys</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpkStartTime</a> - Optionally specifies, in UTC, the start of
--   the time range to look up public keys for CloudTrail digest files. If
--   not specified, the current time is used, and the current public key is
--   returned.</li>
--   <li><a>lpkNextToken</a> - Reserved for future use.</li>
--   <li><a>lpkEndTime</a> - Optionally specifies, in UTC, the end of the
--   time range to look up public keys for CloudTrail digest files. If not
--   specified, the current time is used.</li>
--   </ul>
listPublicKeys :: ListPublicKeys

-- | Requests the public keys for a specified time range.
--   
--   <i>See:</i> <a>listPublicKeys</a> smart constructor.
data ListPublicKeys

-- | Optionally specifies, in UTC, the start of the time range to look up
--   public keys for CloudTrail digest files. If not specified, the current
--   time is used, and the current public key is returned.
lpkStartTime :: Lens' ListPublicKeys (Maybe UTCTime)

-- | Reserved for future use.
lpkNextToken :: Lens' ListPublicKeys (Maybe Text)

-- | Optionally specifies, in UTC, the end of the time range to look up
--   public keys for CloudTrail digest files. If not specified, the current
--   time is used.
lpkEndTime :: Lens' ListPublicKeys (Maybe UTCTime)

-- | Creates a value of <a>ListPublicKeysResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lpkrsPublicKeyList</a> - Contains an array of PublicKey
--   objects.</li>
--   <li><a>lpkrsNextToken</a> - Reserved for future use.</li>
--   <li><a>lpkrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listPublicKeysResponse :: Int -> ListPublicKeysResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>listPublicKeysResponse</a> smart constructor.
data ListPublicKeysResponse

-- | Contains an array of PublicKey objects.
lpkrsPublicKeyList :: Lens' ListPublicKeysResponse [PublicKey]

-- | Reserved for future use.
lpkrsNextToken :: Lens' ListPublicKeysResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lpkrsResponseStatus :: Lens' ListPublicKeysResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance Data.Data.Data Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Show.Show Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Read.Read Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Data.Data.Data Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Show.Show Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Read.Read Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Classes.Eq Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.ListPublicKeys.ListPublicKeys


-- | Returns a JSON-formatted list of information about the specified
--   trail. Fields include information on delivery errors, Amazon SNS and
--   Amazon S3 errors, and start and stop logging times for each trail.
--   This operation returns trail status from a single region. To return
--   trail status from all regions, you must call the operation on each
--   region.
module Network.AWS.CloudTrail.GetTrailStatus

-- | Creates a value of <a>GetTrailStatus</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gtsName</a> - Specifies the name or the CloudTrail ARN of the
--   trail for which you are requesting status. To get the status of a
--   shadow trail (a replication of the trail in another region), you must
--   specify its ARN. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
getTrailStatus :: Text -> GetTrailStatus

-- | The name of a trail about which you want the current status.
--   
--   <i>See:</i> <a>getTrailStatus</a> smart constructor.
data GetTrailStatus

-- | Specifies the name or the CloudTrail ARN of the trail for which you
--   are requesting status. To get the status of a shadow trail (a
--   replication of the trail in another region), you must specify its ARN.
--   The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
gtsName :: Lens' GetTrailStatus Text

-- | Creates a value of <a>GetTrailStatusResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gtsrsTimeLoggingStopped</a> - This field is deprecated.</li>
--   <li><a>gtsrsLatestDeliveryError</a> - Displays any Amazon S3 error
--   that CloudTrail encountered when attempting to deliver log files to
--   the designated bucket. For more information see the topic <a>Error
--   Responses</a> in the Amazon S3 API Reference.</li>
--   <li><a>gtsrsLatestDigestDeliveryTime</a> - Specifies the date and time
--   that CloudTrail last delivered a digest file to an account's Amazon S3
--   bucket.</li>
--   <li><a>gtsrsLatestNotificationAttemptSucceeded</a> - This field is
--   deprecated.</li>
--   <li><a>gtsrsStartLoggingTime</a> - Specifies the most recent date and
--   time when CloudTrail started recording API calls for an AWS
--   account.</li>
--   <li><a>gtsrsLatestNotificationError</a> - Displays any Amazon SNS
--   error that CloudTrail encountered when attempting to send a
--   notification. For more information about Amazon SNS errors, see the
--   <a>Amazon SNS Developer Guide</a> .</li>
--   <li><a>gtsrsLatestDeliveryAttemptSucceeded</a> - This field is
--   deprecated.</li>
--   <li><a>gtsrsIsLogging</a> - Whether the CloudTrail is currently
--   logging AWS API calls.</li>
--   <li><a>gtsrsTimeLoggingStarted</a> - This field is deprecated.</li>
--   <li><a>gtsrsLatestDigestDeliveryError</a> - Displays any Amazon S3
--   error that CloudTrail encountered when attempting to deliver a digest
--   file to the designated bucket. For more information see the topic
--   <a>Error Responses</a> in the Amazon S3 API Reference.</li>
--   <li><a>gtsrsLatestDeliveryAttemptTime</a> - This field is
--   deprecated.</li>
--   <li><a>gtsrsLatestDeliveryTime</a> - Specifies the date and time that
--   CloudTrail last delivered log files to an account's Amazon S3
--   bucket.</li>
--   <li><a>gtsrsLatestCloudWatchLogsDeliveryTime</a> - Displays the most
--   recent date and time when CloudTrail delivered logs to CloudWatch
--   Logs.</li>
--   <li><a>gtsrsLatestCloudWatchLogsDeliveryError</a> - Displays any
--   CloudWatch Logs error that CloudTrail encountered when attempting to
--   deliver logs to CloudWatch Logs.</li>
--   <li><a>gtsrsLatestNotificationTime</a> - Specifies the date and time
--   of the most recent Amazon SNS notification that CloudTrail has written
--   a new log file to an account's Amazon S3 bucket.</li>
--   <li><a>gtsrsLatestNotificationAttemptTime</a> - This field is
--   deprecated.</li>
--   <li><a>gtsrsStopLoggingTime</a> - Specifies the most recent date and
--   time when CloudTrail stopped recording API calls for an AWS
--   account.</li>
--   <li><a>gtsrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getTrailStatusResponse :: Int -> GetTrailStatusResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>getTrailStatusResponse</a> smart constructor.
data GetTrailStatusResponse

-- | This field is deprecated.
gtsrsTimeLoggingStopped :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Displays any Amazon S3 error that CloudTrail encountered when
--   attempting to deliver log files to the designated bucket. For more
--   information see the topic <a>Error Responses</a> in the Amazon S3 API
--   Reference.
gtsrsLatestDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Specifies the date and time that CloudTrail last delivered a digest
--   file to an account's Amazon S3 bucket.
gtsrsLatestDigestDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)

-- | This field is deprecated.
gtsrsLatestNotificationAttemptSucceeded :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Specifies the most recent date and time when CloudTrail started
--   recording API calls for an AWS account.
gtsrsStartLoggingTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)

-- | Displays any Amazon SNS error that CloudTrail encountered when
--   attempting to send a notification. For more information about Amazon
--   SNS errors, see the <a>Amazon SNS Developer Guide</a> .
gtsrsLatestNotificationError :: Lens' GetTrailStatusResponse (Maybe Text)

-- | This field is deprecated.
gtsrsLatestDeliveryAttemptSucceeded :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Whether the CloudTrail is currently logging AWS API calls.
gtsrsIsLogging :: Lens' GetTrailStatusResponse (Maybe Bool)

-- | This field is deprecated.
gtsrsTimeLoggingStarted :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Displays any Amazon S3 error that CloudTrail encountered when
--   attempting to deliver a digest file to the designated bucket. For more
--   information see the topic <a>Error Responses</a> in the Amazon S3 API
--   Reference.
gtsrsLatestDigestDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)

-- | This field is deprecated.
gtsrsLatestDeliveryAttemptTime :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Specifies the date and time that CloudTrail last delivered log files
--   to an account's Amazon S3 bucket.
gtsrsLatestDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)

-- | Displays the most recent date and time when CloudTrail delivered logs
--   to CloudWatch Logs.
gtsrsLatestCloudWatchLogsDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)

-- | Displays any CloudWatch Logs error that CloudTrail encountered when
--   attempting to deliver logs to CloudWatch Logs.
gtsrsLatestCloudWatchLogsDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Specifies the date and time of the most recent Amazon SNS notification
--   that CloudTrail has written a new log file to an account's Amazon S3
--   bucket.
gtsrsLatestNotificationTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)

-- | This field is deprecated.
gtsrsLatestNotificationAttemptTime :: Lens' GetTrailStatusResponse (Maybe Text)

-- | Specifies the most recent date and time when CloudTrail stopped
--   recording API calls for an AWS account.
gtsrsStopLoggingTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gtsrsResponseStatus :: Lens' GetTrailStatusResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance Data.Data.Data Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Show.Show Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Read.Read Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Data.Data.Data Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Show.Show Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Read.Read Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Classes.Eq Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.GetTrailStatus.GetTrailStatus


-- | Describes the settings for the event selectors that you configured for
--   your trail. The information returned for your event selectors includes
--   the following:
--   
--   <ul>
--   <li>The S3 objects that you are logging for data events.</li>
--   <li>If your event selector includes management events.</li>
--   <li>If your event selector includes read-only events, write-only
--   events, or all.</li>
--   </ul>
--   
--   For more information, see <a>Logging Data and Management Events for
--   Trails</a> in the <i>AWS CloudTrail User Guide</i> .
module Network.AWS.CloudTrail.GetEventSelectors

-- | Creates a value of <a>GetEventSelectors</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gesTrailName</a> - Specifies the name of the trail or trail
--   ARN. If you specify a trail name, the string must meet the following
--   requirements: * Contain only ASCII letters (a-z, A-Z), numbers (0-9),
--   periods (.), underscores (_), or dashes (-) * Start with a letter or
--   number, and end with a letter or number * Be between 3 and 128
--   characters * Have no adjacent periods, underscores or dashes. Names
--   like <tt>my-_namespace</tt> and <tt>my--namespace</tt> are invalid. *
--   Not be in IP address format (for example, 192.168.5.4) If you specify
--   a trail ARN, it must be in the format:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
getEventSelectors :: Text -> GetEventSelectors

-- | <i>See:</i> <a>getEventSelectors</a> smart constructor.
data GetEventSelectors

-- | Specifies the name of the trail or trail ARN. If you specify a trail
--   name, the string must meet the following requirements: * Contain only
--   ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_),
--   or dashes (-) * Start with a letter or number, and end with a letter
--   or number * Be between 3 and 128 characters * Have no adjacent
--   periods, underscores or dashes. Names like <tt>my-_namespace</tt> and
--   <tt>my--namespace</tt> are invalid. * Not be in IP address format (for
--   example, 192.168.5.4) If you specify a trail ARN, it must be in the
--   format:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
gesTrailName :: Lens' GetEventSelectors Text

-- | Creates a value of <a>GetEventSelectorsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gesrsTrailARN</a> - The specified trail ARN that has the event
--   selectors.</li>
--   <li><a>gesrsEventSelectors</a> - The event selectors that are
--   configured for the trail.</li>
--   <li><a>gesrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getEventSelectorsResponse :: Int -> GetEventSelectorsResponse

-- | <i>See:</i> <a>getEventSelectorsResponse</a> smart constructor.
data GetEventSelectorsResponse

-- | The specified trail ARN that has the event selectors.
gesrsTrailARN :: Lens' GetEventSelectorsResponse (Maybe Text)

-- | The event selectors that are configured for the trail.
gesrsEventSelectors :: Lens' GetEventSelectorsResponse [EventSelector]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gesrsResponseStatus :: Lens' GetEventSelectorsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance Data.Data.Data Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Data.Data.Data Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Show.Show Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Read.Read Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Classes.Eq Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.GetEventSelectors.GetEventSelectors


-- | Retrieves settings for the trail associated with the current region
--   for your account.
module Network.AWS.CloudTrail.DescribeTrails

-- | Creates a value of <a>DescribeTrails</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dtIncludeShadowTrails</a> - Specifies whether to include shadow
--   trails in the response. A shadow trail is the replication in a region
--   of a trail that was created in a different region. The default is
--   true.</li>
--   <li><a>dtTrailNameList</a> - Specifies a list of trail names, trail
--   ARNs, or both, of the trails to describe. The format of a trail ARN
--   is: <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
--   If an empty list is specified, information for the trail in the
--   current region is returned. * If an empty list is specified and
--   <tt>IncludeShadowTrails</tt> is false, then information for all trails
--   in the current region is returned. * If an empty list is specified and
--   IncludeShadowTrails is null or true, then information for all trails
--   in the current region and any associated shadow trails in other
--   regions is returned.</li>
--   </ul>
describeTrails :: DescribeTrails

-- | Returns information about the trail.
--   
--   <i>See:</i> <a>describeTrails</a> smart constructor.
data DescribeTrails

-- | Specifies whether to include shadow trails in the response. A shadow
--   trail is the replication in a region of a trail that was created in a
--   different region. The default is true.
dtIncludeShadowTrails :: Lens' DescribeTrails (Maybe Bool)

-- | Specifies a list of trail names, trail ARNs, or both, of the trails to
--   describe. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt> If an
--   empty list is specified, information for the trail in the current
--   region is returned. * If an empty list is specified and
--   <tt>IncludeShadowTrails</tt> is false, then information for all trails
--   in the current region is returned. * If an empty list is specified and
--   IncludeShadowTrails is null or true, then information for all trails
--   in the current region and any associated shadow trails in other
--   regions is returned.
dtTrailNameList :: Lens' DescribeTrails [Text]

-- | Creates a value of <a>DescribeTrailsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dtrsTrailList</a> - The list of trail objects.</li>
--   <li><a>dtrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
describeTrailsResponse :: Int -> DescribeTrailsResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>describeTrailsResponse</a> smart constructor.
data DescribeTrailsResponse

-- | The list of trail objects.
dtrsTrailList :: Lens' DescribeTrailsResponse [Trail]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
dtrsResponseStatus :: Lens' DescribeTrailsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance Data.Data.Data Network.AWS.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Data.Data.Data Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Show.Show Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Read.Read Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Classes.Eq Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.DescribeTrails.DescribeTrails
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.DescribeTrails.DescribeTrails


-- | Deletes a trail. This operation must be called from the region in
--   which the trail was created. <tt>DeleteTrail</tt> cannot be called on
--   the shadow trails (replicated trails in other regions) of a trail that
--   is enabled in all regions.
module Network.AWS.CloudTrail.DeleteTrail

-- | Creates a value of <a>DeleteTrail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dtName</a> - Specifies the name or the CloudTrail ARN of the
--   trail to be deleted. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
deleteTrail :: Text -> DeleteTrail

-- | The request that specifies the name of a trail to delete.
--   
--   <i>See:</i> <a>deleteTrail</a> smart constructor.
data DeleteTrail

-- | Specifies the name or the CloudTrail ARN of the trail to be deleted.
--   The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
dtName :: Lens' DeleteTrail Text

-- | Creates a value of <a>DeleteTrailResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>drsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
deleteTrailResponse :: Int -> DeleteTrailResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>deleteTrailResponse</a> smart constructor.
data DeleteTrailResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
drsResponseStatus :: Lens' DeleteTrailResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.DeleteTrail.DeleteTrailResponse
instance Data.Data.Data Network.AWS.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Show.Show Network.AWS.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Read.Read Network.AWS.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Data.Data.Data Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Show.Show Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Read.Read Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Classes.Eq Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.DeleteTrail.DeleteTrailResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.DeleteTrail.DeleteTrail
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.DeleteTrail.DeleteTrail


-- | Creates a trail that specifies the settings for delivery of log data
--   to an Amazon S3 bucket. A maximum of five trails can exist in a
--   region, irrespective of the region in which they were created.
module Network.AWS.CloudTrail.CreateTrail

-- | Creates a value of <a>CreateTrail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ctS3KeyPrefix</a> - Specifies the Amazon S3 key prefix that
--   comes after the name of the bucket you have designated for log file
--   delivery. For more information, see <a>Finding Your CloudTrail Log
--   Files</a> . The maximum length is 200 characters.</li>
--   <li><a>ctSNSTopicName</a> - Specifies the name of the Amazon SNS topic
--   defined for notification of log file delivery. The maximum length is
--   256 characters.</li>
--   <li><a>ctEnableLogFileValidation</a> - Specifies whether log file
--   integrity validation is enabled. The default is false.</li>
--   <li><a>ctCloudWatchLogsLogGroupARN</a> - Specifies a log group name
--   using an Amazon Resource Name (ARN), a unique identifier that
--   represents the log group to which CloudTrail logs will be delivered.
--   Not required unless you specify CloudWatchLogsRoleArn.</li>
--   <li><a>ctKMSKeyId</a> - Specifies the KMS key ID to use to encrypt the
--   logs delivered by CloudTrail. The value can be an alias name prefixed
--   by "alias<i>", a fully specified ARN to an alias, a fully specified
--   ARN to a key, or a globally unique identifier. Examples: *
--   alias</i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:alias<i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:key</i>12345678-1234-1234-1234-123456789012
--   * 12345678-1234-1234-1234-123456789012</li>
--   <li><a>ctIncludeGlobalServiceEvents</a> - Specifies whether the trail
--   is publishing events from global services such as IAM to the log
--   files.</li>
--   <li><a>ctCloudWatchLogsRoleARN</a> - Specifies the role for the
--   CloudWatch Logs endpoint to assume to write to a user's log
--   group.</li>
--   <li><a>ctIsMultiRegionTrail</a> - Specifies whether the trail is
--   created in the current region or in all regions. The default is
--   false.</li>
--   <li><a>ctName</a> - Specifies the name of the trail. The name must
--   meet the following requirements: * Contain only ASCII letters (a-z,
--   A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-) *
--   Start with a letter or number, and end with a letter or number * Be
--   between 3 and 128 characters * Have no adjacent periods, underscores
--   or dashes. Names like <tt>my-_namespace</tt> and
--   <tt>my--namespace</tt> are invalid. * Not be in IP address format (for
--   example, 192.168.5.4)</li>
--   <li><a>ctS3BucketName</a> - Specifies the name of the Amazon S3 bucket
--   designated for publishing log files. See <a>Amazon S3 Bucket Naming
--   Requirements</a> .</li>
--   </ul>
createTrail :: Text -> Text -> CreateTrail

-- | Specifies the settings for each trail.
--   
--   <i>See:</i> <a>createTrail</a> smart constructor.
data CreateTrail

-- | Specifies the Amazon S3 key prefix that comes after the name of the
--   bucket you have designated for log file delivery. For more
--   information, see <a>Finding Your CloudTrail Log Files</a> . The
--   maximum length is 200 characters.
ctS3KeyPrefix :: Lens' CreateTrail (Maybe Text)

-- | Specifies the name of the Amazon SNS topic defined for notification of
--   log file delivery. The maximum length is 256 characters.
ctSNSTopicName :: Lens' CreateTrail (Maybe Text)

-- | Specifies whether log file integrity validation is enabled. The
--   default is false.
ctEnableLogFileValidation :: Lens' CreateTrail (Maybe Bool)

-- | Specifies a log group name using an Amazon Resource Name (ARN), a
--   unique identifier that represents the log group to which CloudTrail
--   logs will be delivered. Not required unless you specify
--   CloudWatchLogsRoleArn.
ctCloudWatchLogsLogGroupARN :: Lens' CreateTrail (Maybe Text)

-- | Specifies the KMS key ID to use to encrypt the logs delivered by
--   CloudTrail. The value can be an alias name prefixed by "alias<i>", a
--   fully specified ARN to an alias, a fully specified ARN to a key, or a
--   globally unique identifier. Examples: * alias</i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:alias<i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:key</i>12345678-1234-1234-1234-123456789012
--   * 12345678-1234-1234-1234-123456789012
ctKMSKeyId :: Lens' CreateTrail (Maybe Text)

-- | Specifies whether the trail is publishing events from global services
--   such as IAM to the log files.
ctIncludeGlobalServiceEvents :: Lens' CreateTrail (Maybe Bool)

-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
--   to a user's log group.
ctCloudWatchLogsRoleARN :: Lens' CreateTrail (Maybe Text)

-- | Specifies whether the trail is created in the current region or in all
--   regions. The default is false.
ctIsMultiRegionTrail :: Lens' CreateTrail (Maybe Bool)

-- | Specifies the name of the trail. The name must meet the following
--   requirements: * Contain only ASCII letters (a-z, A-Z), numbers (0-9),
--   periods (.), underscores (_), or dashes (-) * Start with a letter or
--   number, and end with a letter or number * Be between 3 and 128
--   characters * Have no adjacent periods, underscores or dashes. Names
--   like <tt>my-_namespace</tt> and <tt>my--namespace</tt> are invalid. *
--   Not be in IP address format (for example, 192.168.5.4)
ctName :: Lens' CreateTrail Text

-- | Specifies the name of the Amazon S3 bucket designated for publishing
--   log files. See <a>Amazon S3 Bucket Naming Requirements</a> .
ctS3BucketName :: Lens' CreateTrail Text

-- | Creates a value of <a>CreateTrailResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ctrsLogFileValidationEnabled</a> - Specifies whether log file
--   integrity validation is enabled.</li>
--   <li><a>ctrsTrailARN</a> - Specifies the ARN of the trail that was
--   created. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   <li><a>ctrsS3KeyPrefix</a> - Specifies the Amazon S3 key prefix that
--   comes after the name of the bucket you have designated for log file
--   delivery. For more information, see <a>Finding Your CloudTrail Log
--   Files</a> .</li>
--   <li><a>ctrsSNSTopicARN</a> - Specifies the ARN of the Amazon SNS topic
--   that CloudTrail uses to send notifications when log files are
--   delivered. The format of a topic ARN is:
--   <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt></li>
--   <li><a>ctrsSNSTopicName</a> - This field is deprecated. Use
--   SnsTopicARN.</li>
--   <li><a>ctrsCloudWatchLogsLogGroupARN</a> - Specifies the Amazon
--   Resource Name (ARN) of the log group to which CloudTrail logs will be
--   delivered.</li>
--   <li><a>ctrsKMSKeyId</a> - Specifies the KMS key ID that encrypts the
--   logs delivered by CloudTrail. The value is a fully specified ARN to a
--   KMS key in the format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>ctrsName</a> - Specifies the name of the trail.</li>
--   <li><a>ctrsIncludeGlobalServiceEvents</a> - Specifies whether the
--   trail is publishing events from global services such as IAM to the log
--   files.</li>
--   <li><a>ctrsCloudWatchLogsRoleARN</a> - Specifies the role for the
--   CloudWatch Logs endpoint to assume to write to a user's log
--   group.</li>
--   <li><a>ctrsS3BucketName</a> - Specifies the name of the Amazon S3
--   bucket designated for publishing log files.</li>
--   <li><a>ctrsIsMultiRegionTrail</a> - Specifies whether the trail exists
--   in one region or in all regions.</li>
--   <li><a>ctrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
createTrailResponse :: Int -> CreateTrailResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>createTrailResponse</a> smart constructor.
data CreateTrailResponse

-- | Specifies whether log file integrity validation is enabled.
ctrsLogFileValidationEnabled :: Lens' CreateTrailResponse (Maybe Bool)

-- | Specifies the ARN of the trail that was created. The format of a trail
--   ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
ctrsTrailARN :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies the Amazon S3 key prefix that comes after the name of the
--   bucket you have designated for log file delivery. For more
--   information, see <a>Finding Your CloudTrail Log Files</a> .
ctrsS3KeyPrefix :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
--   notifications when log files are delivered. The format of a topic ARN
--   is: <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt>
ctrsSNSTopicARN :: Lens' CreateTrailResponse (Maybe Text)

-- | This field is deprecated. Use SnsTopicARN.
ctrsSNSTopicName :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies the Amazon Resource Name (ARN) of the log group to which
--   CloudTrail logs will be delivered.
ctrsCloudWatchLogsLogGroupARN :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies the KMS key ID that encrypts the logs delivered by
--   CloudTrail. The value is a fully specified ARN to a KMS key in the
--   format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt>
ctrsKMSKeyId :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies the name of the trail.
ctrsName :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies whether the trail is publishing events from global services
--   such as IAM to the log files.
ctrsIncludeGlobalServiceEvents :: Lens' CreateTrailResponse (Maybe Bool)

-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
--   to a user's log group.
ctrsCloudWatchLogsRoleARN :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies the name of the Amazon S3 bucket designated for publishing
--   log files.
ctrsS3BucketName :: Lens' CreateTrailResponse (Maybe Text)

-- | Specifies whether the trail exists in one region or in all regions.
ctrsIsMultiRegionTrail :: Lens' CreateTrailResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ctrsResponseStatus :: Lens' CreateTrailResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.CreateTrail.CreateTrailResponse
instance Data.Data.Data Network.AWS.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Show.Show Network.AWS.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Read.Read Network.AWS.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Data.Data.Data Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance GHC.Show.Show Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance GHC.Read.Read Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance GHC.Classes.Eq Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.CreateTrail.CreateTrailResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.CreateTrail.CreateTrail
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.CreateTrail.CreateTrail


-- | Adds one or more tags to a trail, up to a limit of 50. Tags must be
--   unique per trail. Overwrites an existing tag's value when a new value
--   is specified for an existing tag key. If you specify a key without a
--   value, the tag will be created with the specified key and a value of
--   null. You can tag a trail that applies to all regions only from the
--   region in which the trail was created (that is, from its home region).
module Network.AWS.CloudTrail.AddTags

-- | Creates a value of <a>AddTags</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>atTagsList</a> - Contains a list of CloudTrail tags, up to a
--   limit of 50</li>
--   <li><a>atResourceId</a> - Specifies the ARN of the trail to which one
--   or more tags will be added. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
addTags :: Text -> AddTags

-- | Specifies the tags to add to a trail.
--   
--   <i>See:</i> <a>addTags</a> smart constructor.
data AddTags

-- | Contains a list of CloudTrail tags, up to a limit of 50
atTagsList :: Lens' AddTags [Tag]

-- | Specifies the ARN of the trail to which one or more tags will be
--   added. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
atResourceId :: Lens' AddTags Text

-- | Creates a value of <a>AddTagsResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>atrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
addTagsResponse :: Int -> AddTagsResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>addTagsResponse</a> smart constructor.
data AddTagsResponse

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
atrsResponseStatus :: Lens' AddTagsResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.AddTags.AddTagsResponse
instance Data.Data.Data Network.AWS.CloudTrail.AddTags.AddTagsResponse
instance GHC.Show.Show Network.AWS.CloudTrail.AddTags.AddTagsResponse
instance GHC.Read.Read Network.AWS.CloudTrail.AddTags.AddTagsResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.AddTags.AddTagsResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.AddTags.AddTags
instance Data.Data.Data Network.AWS.CloudTrail.AddTags.AddTags
instance GHC.Show.Show Network.AWS.CloudTrail.AddTags.AddTags
instance GHC.Read.Read Network.AWS.CloudTrail.AddTags.AddTags
instance GHC.Classes.Eq Network.AWS.CloudTrail.AddTags.AddTags
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.AddTags.AddTags
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.AddTags.AddTagsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.AddTags.AddTags
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.AddTags.AddTags
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.AddTags.AddTags
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.AddTags.AddTags
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.AddTags.AddTags
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.AddTags.AddTags


-- | Updates the settings that specify delivery of log files. Changes to a
--   trail do not require stopping the CloudTrail service. Use this action
--   to designate an existing bucket for log delivery. If the existing
--   bucket has previously been a target for CloudTrail log files, an IAM
--   policy exists for the bucket. <tt>UpdateTrail</tt> must be called from
--   the region in which the trail was created; otherwise, an
--   <tt>InvalidHomeRegionException</tt> is thrown.
module Network.AWS.CloudTrail.UpdateTrail

-- | Creates a value of <a>UpdateTrail</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>utS3KeyPrefix</a> - Specifies the Amazon S3 key prefix that
--   comes after the name of the bucket you have designated for log file
--   delivery. For more information, see <a>Finding Your CloudTrail Log
--   Files</a> . The maximum length is 200 characters.</li>
--   <li><a>utSNSTopicName</a> - Specifies the name of the Amazon SNS topic
--   defined for notification of log file delivery. The maximum length is
--   256 characters.</li>
--   <li><a>utEnableLogFileValidation</a> - Specifies whether log file
--   validation is enabled. The default is false.</li>
--   <li><a>utCloudWatchLogsLogGroupARN</a> - Specifies a log group name
--   using an Amazon Resource Name (ARN), a unique identifier that
--   represents the log group to which CloudTrail logs will be delivered.
--   Not required unless you specify CloudWatchLogsRoleArn.</li>
--   <li><a>utKMSKeyId</a> - Specifies the KMS key ID to use to encrypt the
--   logs delivered by CloudTrail. The value can be an alias name prefixed
--   by "alias<i>", a fully specified ARN to an alias, a fully specified
--   ARN to a key, or a globally unique identifier. Examples: *
--   alias</i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:alias<i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:key</i>12345678-1234-1234-1234-123456789012
--   * 12345678-1234-1234-1234-123456789012</li>
--   <li><a>utIncludeGlobalServiceEvents</a> - Specifies whether the trail
--   is publishing events from global services such as IAM to the log
--   files.</li>
--   <li><a>utCloudWatchLogsRoleARN</a> - Specifies the role for the
--   CloudWatch Logs endpoint to assume to write to a user's log
--   group.</li>
--   <li><a>utS3BucketName</a> - Specifies the name of the Amazon S3 bucket
--   designated for publishing log files. See <a>Amazon S3 Bucket Naming
--   Requirements</a> .</li>
--   <li><a>utIsMultiRegionTrail</a> - Specifies whether the trail applies
--   only to the current region or to all regions. The default is false. If
--   the trail exists only in the current region and this value is set to
--   true, shadow trails (replications of the trail) will be created in the
--   other regions. If the trail exists in all regions and this value is
--   set to false, the trail will remain in the region where it was
--   created, and its shadow trails in other regions will be deleted.</li>
--   <li><a>utName</a> - Specifies the name of the trail or trail ARN. If
--   <tt>Name</tt> is a trail name, the string must meet the following
--   requirements: * Contain only ASCII letters (a-z, A-Z), numbers (0-9),
--   periods (.), underscores (_), or dashes (-) * Start with a letter or
--   number, and end with a letter or number * Be between 3 and 128
--   characters * Have no adjacent periods, underscores or dashes. Names
--   like <tt>my-_namespace</tt> and <tt>my--namespace</tt> are invalid. *
--   Not be in IP address format (for example, 192.168.5.4) If
--   <tt>Name</tt> is a trail ARN, it must be in the format:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   </ul>
updateTrail :: Text -> UpdateTrail

-- | Specifies settings to update for the trail.
--   
--   <i>See:</i> <a>updateTrail</a> smart constructor.
data UpdateTrail

-- | Specifies the Amazon S3 key prefix that comes after the name of the
--   bucket you have designated for log file delivery. For more
--   information, see <a>Finding Your CloudTrail Log Files</a> . The
--   maximum length is 200 characters.
utS3KeyPrefix :: Lens' UpdateTrail (Maybe Text)

-- | Specifies the name of the Amazon SNS topic defined for notification of
--   log file delivery. The maximum length is 256 characters.
utSNSTopicName :: Lens' UpdateTrail (Maybe Text)

-- | Specifies whether log file validation is enabled. The default is
--   false.
utEnableLogFileValidation :: Lens' UpdateTrail (Maybe Bool)

-- | Specifies a log group name using an Amazon Resource Name (ARN), a
--   unique identifier that represents the log group to which CloudTrail
--   logs will be delivered. Not required unless you specify
--   CloudWatchLogsRoleArn.
utCloudWatchLogsLogGroupARN :: Lens' UpdateTrail (Maybe Text)

-- | Specifies the KMS key ID to use to encrypt the logs delivered by
--   CloudTrail. The value can be an alias name prefixed by "alias<i>", a
--   fully specified ARN to an alias, a fully specified ARN to a key, or a
--   globally unique identifier. Examples: * alias</i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:alias<i>MyAliasName *
--   arn:aws:kms:us-east-1:123456789012:key</i>12345678-1234-1234-1234-123456789012
--   * 12345678-1234-1234-1234-123456789012
utKMSKeyId :: Lens' UpdateTrail (Maybe Text)

-- | Specifies whether the trail is publishing events from global services
--   such as IAM to the log files.
utIncludeGlobalServiceEvents :: Lens' UpdateTrail (Maybe Bool)

-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
--   to a user's log group.
utCloudWatchLogsRoleARN :: Lens' UpdateTrail (Maybe Text)

-- | Specifies the name of the Amazon S3 bucket designated for publishing
--   log files. See <a>Amazon S3 Bucket Naming Requirements</a> .
utS3BucketName :: Lens' UpdateTrail (Maybe Text)

-- | Specifies whether the trail applies only to the current region or to
--   all regions. The default is false. If the trail exists only in the
--   current region and this value is set to true, shadow trails
--   (replications of the trail) will be created in the other regions. If
--   the trail exists in all regions and this value is set to false, the
--   trail will remain in the region where it was created, and its shadow
--   trails in other regions will be deleted.
utIsMultiRegionTrail :: Lens' UpdateTrail (Maybe Bool)

-- | Specifies the name of the trail or trail ARN. If <tt>Name</tt> is a
--   trail name, the string must meet the following requirements: * Contain
--   only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores
--   (_), or dashes (-) * Start with a letter or number, and end with a
--   letter or number * Be between 3 and 128 characters * Have no adjacent
--   periods, underscores or dashes. Names like <tt>my-_namespace</tt> and
--   <tt>my--namespace</tt> are invalid. * Not be in IP address format (for
--   example, 192.168.5.4) If <tt>Name</tt> is a trail ARN, it must be in
--   the format:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
utName :: Lens' UpdateTrail Text

-- | Creates a value of <a>UpdateTrailResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>utrsLogFileValidationEnabled</a> - Specifies whether log file
--   integrity validation is enabled.</li>
--   <li><a>utrsTrailARN</a> - Specifies the ARN of the trail that was
--   updated. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   <li><a>utrsS3KeyPrefix</a> - Specifies the Amazon S3 key prefix that
--   comes after the name of the bucket you have designated for log file
--   delivery. For more information, see <a>Finding Your CloudTrail Log
--   Files</a> .</li>
--   <li><a>utrsSNSTopicARN</a> - Specifies the ARN of the Amazon SNS topic
--   that CloudTrail uses to send notifications when log files are
--   delivered. The format of a topic ARN is:
--   <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt></li>
--   <li><a>utrsSNSTopicName</a> - This field is deprecated. Use
--   SnsTopicARN.</li>
--   <li><a>utrsCloudWatchLogsLogGroupARN</a> - Specifies the Amazon
--   Resource Name (ARN) of the log group to which CloudTrail logs will be
--   delivered.</li>
--   <li><a>utrsKMSKeyId</a> - Specifies the KMS key ID that encrypts the
--   logs delivered by CloudTrail. The value is a fully specified ARN to a
--   KMS key in the format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>utrsName</a> - Specifies the name of the trail.</li>
--   <li><a>utrsIncludeGlobalServiceEvents</a> - Specifies whether the
--   trail is publishing events from global services such as IAM to the log
--   files.</li>
--   <li><a>utrsCloudWatchLogsRoleARN</a> - Specifies the role for the
--   CloudWatch Logs endpoint to assume to write to a user's log
--   group.</li>
--   <li><a>utrsS3BucketName</a> - Specifies the name of the Amazon S3
--   bucket designated for publishing log files.</li>
--   <li><a>utrsIsMultiRegionTrail</a> - Specifies whether the trail exists
--   in one region or in all regions.</li>
--   <li><a>utrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
updateTrailResponse :: Int -> UpdateTrailResponse

-- | Returns the objects or data listed below if successful. Otherwise,
--   returns an error.
--   
--   <i>See:</i> <a>updateTrailResponse</a> smart constructor.
data UpdateTrailResponse

-- | Specifies whether log file integrity validation is enabled.
utrsLogFileValidationEnabled :: Lens' UpdateTrailResponse (Maybe Bool)

-- | Specifies the ARN of the trail that was updated. The format of a trail
--   ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
utrsTrailARN :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies the Amazon S3 key prefix that comes after the name of the
--   bucket you have designated for log file delivery. For more
--   information, see <a>Finding Your CloudTrail Log Files</a> .
utrsS3KeyPrefix :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
--   notifications when log files are delivered. The format of a topic ARN
--   is: <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt>
utrsSNSTopicARN :: Lens' UpdateTrailResponse (Maybe Text)

-- | This field is deprecated. Use SnsTopicARN.
utrsSNSTopicName :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies the Amazon Resource Name (ARN) of the log group to which
--   CloudTrail logs will be delivered.
utrsCloudWatchLogsLogGroupARN :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies the KMS key ID that encrypts the logs delivered by
--   CloudTrail. The value is a fully specified ARN to a KMS key in the
--   format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt>
utrsKMSKeyId :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies the name of the trail.
utrsName :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies whether the trail is publishing events from global services
--   such as IAM to the log files.
utrsIncludeGlobalServiceEvents :: Lens' UpdateTrailResponse (Maybe Bool)

-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
--   to a user's log group.
utrsCloudWatchLogsRoleARN :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies the name of the Amazon S3 bucket designated for publishing
--   log files.
utrsS3BucketName :: Lens' UpdateTrailResponse (Maybe Text)

-- | Specifies whether the trail exists in one region or in all regions.
utrsIsMultiRegionTrail :: Lens' UpdateTrailResponse (Maybe Bool)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
utrsResponseStatus :: Lens' UpdateTrailResponse Int
instance GHC.Generics.Generic Network.AWS.CloudTrail.UpdateTrail.UpdateTrailResponse
instance Data.Data.Data Network.AWS.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Show.Show Network.AWS.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Read.Read Network.AWS.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Classes.Eq Network.AWS.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Generics.Generic Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Data.Data.Data Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Show.Show Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Read.Read Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Classes.Eq Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Network.AWS.Types.AWSRequest Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.UpdateTrail.UpdateTrailResponse
instance Data.Hashable.Class.Hashable Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Control.DeepSeq.NFData Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Network.AWS.Data.Path.ToPath Network.AWS.CloudTrail.UpdateTrail.UpdateTrail
instance Network.AWS.Data.Query.ToQuery Network.AWS.CloudTrail.UpdateTrail.UpdateTrail


module Network.AWS.CloudTrail.Waiters


-- | <b>AWS CloudTrail</b>
--   
--   This is the CloudTrail API Reference. It provides descriptions of
--   actions, data types, common parameters, and common errors for
--   CloudTrail.
--   
--   CloudTrail is a web service that records AWS API calls for your AWS
--   account and delivers log files to an Amazon S3 bucket. The recorded
--   information includes the identity of the user, the start time of the
--   AWS API call, the source IP address, the request parameters, and the
--   response elements returned by the service.
--   
--   See the <a>AWS CloudTrail User Guide</a> for information about the
--   data that is included with each AWS API call listed in the log files.
module Network.AWS.CloudTrail

-- | API version <tt>2013-11-01</tt> of the Amazon CloudTrail SDK
--   configuration.
cloudTrail :: Service

-- | Occurs if the timestamp values are invalid. Either the start time
--   occurs after the end time or the time range is outside the range of
--   possible values.
_InvalidTimeRangeException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the policy on the S3 bucket is not
--   sufficient.
_InsufficientS3BucketPolicyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the maximum number of trails is reached.
_MaximumNumberOfTrailsExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the requested operation is not
--   supported.
_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is deprecated.
_KMSKeyDisabledException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the policy on the S3 bucket or KMS key
--   is not sufficient.
_InsufficientEncryptionPolicyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the policy on the SNS topic is not
--   sufficient.
_InsufficientSNSTopicPolicyException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided role is not valid.
_InvalidCloudWatchLogsRoleARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The number of tags per trail has exceeded the permitted amount.
--   Currently, the limit is 50.
_TagsLimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when an operation is called with an invalid
--   trail ARN. The format of a trail ARN is:
--   
--   <pre>
--   arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail
--   </pre>
_CloudTrailARNInvalidException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Occurs when an invalid lookup attribute is specified.
_InvalidLookupAttributesException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided trail name is not valid.
--   Trail names must meet the following requirements:
--   
--   <ul>
--   <li>Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
--   underscores (_), or dashes (-)</li>
--   <li>Start with a letter or number, and end with a letter or
--   number</li>
--   <li>Be between 3 and 128 characters</li>
--   <li>Have no adjacent periods, underscores or dashes. Names like
--   <tt>my-_namespace</tt> and <tt>my--namespace</tt> are invalid.</li>
--   <li>Not be in IP address format (for example, 192.168.5.4)</li>
--   </ul>
_InvalidTrailNameException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided SNS topic name is not
--   valid.
_InvalidSNSTopicNameException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified resource type is not
--   supported by CloudTrail.
_ResourceTypeNotSupportedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Cannot set a CloudWatch Logs delivery for this region.
_CloudWatchLogsDeliveryUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the KMS key does not exist, or when the
--   S3 bucket and the KMS key are not in the same region.
_KMSKeyNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the trail with the given name is not
--   found.
_TrailNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the <tt>PutEventSelectors</tt> operation
--   is called with an invalid number of event selectors, data resources,
--   or an invalid value for a parameter:
--   
--   <ul>
--   <li>Specify a valid number of event selectors (1 to 5) for a
--   trail.</li>
--   <li>Specify a valid number of data resources (1 to 250) for an event
--   selector.</li>
--   <li>Specify a valid value for a parameter. For example, specifying the
--   <tt>ReadWriteType</tt> parameter with a value of <tt>read-only</tt> is
--   invalid.</li>
--   </ul>
_InvalidEventSelectorsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is deprecated.
_TrailNotProvidedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided S3 bucket name is not
--   valid.
_InvalidS3BucketNameException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided CloudWatch log group is not
--   valid.
_InvalidCloudWatchLogsLogGroupARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when there is an issue with the specified KMS
--   key and the trail can’t be updated.
_KMSException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified S3 bucket does not exist.
_S3BucketDoesNotExistException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Invalid token or token that was previously used in a request with
--   different parameters. This exception is thrown if the token is
--   invalid.
_InvalidNextTokenException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the key or value specified for the tag
--   does not match the regular expression
--   <tt>^([\p{L}\p{Z}\p{N}_.:/=+\-</tt>]*)$@ .
_InvalidTagParameterException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the requested operation is not
--   permitted.
_OperationNotPermittedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Reserved for future use.
_InvalidTokenException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown if the limit specified is invalid.
_InvalidMaxResultsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified trail already exists.
_TrailAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the provided S3 prefix is not valid.
_InvalidS3PrefixException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the specified resource is not found.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the combination of parameters provided
--   is not valid.
_InvalidParameterCombinationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when the KMS key ARN is invalid.
_InvalidKMSKeyIdException :: AsError a => Getting (First ServiceError) a ServiceError

-- | This exception is thrown when an operation is called on a trail from a
--   region other than the region in which the trail was created.
_InvalidHomeRegionException :: AsError a => Getting (First ServiceError) a ServiceError
data LookupAttributeKey
EventId :: LookupAttributeKey
EventName :: LookupAttributeKey
EventSource :: LookupAttributeKey
ResourceName :: LookupAttributeKey
ResourceType :: LookupAttributeKey
Username :: LookupAttributeKey
data ReadWriteType
All :: ReadWriteType
ReadOnly :: ReadWriteType
WriteOnly :: ReadWriteType

-- | The Amazon S3 objects that you specify in your event selectors for
--   your trail to log data events. Data events are object-level API
--   operations that access S3 objects, such as <tt>GetObject</tt> ,
--   <tt>DeleteObject</tt> , and <tt>PutObject</tt> . You can specify up to
--   250 S3 buckets and object prefixes for a trail.
--   
--   Example
--   
--   <ul>
--   <li>You create an event selector for a trail and specify an S3 bucket
--   and an empty prefix, such as <tt>arn:aws:s3:::bucket-1/</tt> .</li>
--   <li>You upload an image file to <tt>bucket-1</tt> .</li>
--   <li>The <tt>PutObject</tt> API operation occurs on an object in the S3
--   bucket that you specified in the event selector. The trail processes
--   and logs the event.</li>
--   <li>You upload another image file to a different S3 bucket named
--   <tt>arn:aws:s3:::bucket-2</tt> .</li>
--   <li>The event occurs on an object in an S3 bucket that you didn't
--   specify in the event selector. The trail doesn’t log the event.</li>
--   </ul>
--   
--   <i>See:</i> <a>dataResource</a> smart constructor.
data DataResource

-- | Creates a value of <a>DataResource</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>drValues</a> - A list of ARN-like strings for the specified S3
--   objects. To log data events for all objects in an S3 bucket, specify
--   the bucket and an empty object prefix such as
--   <tt>arn:aws:s3:::bucket-1/</tt> . The trail logs data events for all
--   objects in this S3 bucket. To log data events for specific objects,
--   specify the S3 bucket and object prefix such as
--   <tt>arn:aws:s3:::bucket-1/example-images</tt> . The trail logs data
--   events for objects in this S3 bucket that match the prefix.</li>
--   <li><a>drType</a> - The resource type in which you want to log data
--   events. You can specify only the following value:
--   <tt>AWS::S3::Object</tt> .</li>
--   </ul>
dataResource :: DataResource

-- | A list of ARN-like strings for the specified S3 objects. To log data
--   events for all objects in an S3 bucket, specify the bucket and an
--   empty object prefix such as <tt>arn:aws:s3:::bucket-1/</tt> . The
--   trail logs data events for all objects in this S3 bucket. To log data
--   events for specific objects, specify the S3 bucket and object prefix
--   such as <tt>arn:aws:s3:::bucket-1/example-images</tt> . The trail logs
--   data events for objects in this S3 bucket that match the prefix.
drValues :: Lens' DataResource [Text]

-- | The resource type in which you want to log data events. You can
--   specify only the following value: <tt>AWS::S3::Object</tt> .
drType :: Lens' DataResource (Maybe Text)

-- | Contains information about an event that was returned by a lookup
--   request. The result includes a representation of a CloudTrail event.
--   
--   <i>See:</i> <a>event</a> smart constructor.
data Event

-- | Creates a value of <a>Event</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>eUsername</a> - A user name or role name of the requester that
--   called the API in the event returned.</li>
--   <li><a>eResources</a> - A list of resources referenced by the event
--   returned.</li>
--   <li><a>eEventTime</a> - The date and time of the event returned.</li>
--   <li><a>eCloudTrailEvent</a> - A JSON string that contains a
--   representation of the event returned.</li>
--   <li><a>eEventName</a> - The name of the event returned.</li>
--   <li><a>eEventSource</a> - The AWS service that the request was made
--   to.</li>
--   <li><a>eEventId</a> - The CloudTrail ID of the event returned.</li>
--   </ul>
event :: Event

-- | A user name or role name of the requester that called the API in the
--   event returned.
eUsername :: Lens' Event (Maybe Text)

-- | A list of resources referenced by the event returned.
eResources :: Lens' Event [Resource]

-- | The date and time of the event returned.
eEventTime :: Lens' Event (Maybe UTCTime)

-- | A JSON string that contains a representation of the event returned.
eCloudTrailEvent :: Lens' Event (Maybe Text)

-- | The name of the event returned.
eEventName :: Lens' Event (Maybe Text)

-- | The AWS service that the request was made to.
eEventSource :: Lens' Event (Maybe Text)

-- | The CloudTrail ID of the event returned.
eEventId :: Lens' Event (Maybe Text)

-- | Use event selectors to specify whether you want your trail to log
--   management and/or data events. When an event occurs in your account,
--   CloudTrail evaluates the event selector for all trails. For each
--   trail, if the event matches any event selector, the trail processes
--   and logs the event. If the event doesn't match any event selector, the
--   trail doesn't log the event.
--   
--   You can configure up to five event selectors for a trail.
--   
--   <i>See:</i> <a>eventSelector</a> smart constructor.
data EventSelector

-- | Creates a value of <a>EventSelector</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>esDataResources</a> - CloudTrail supports logging only data
--   events for S3 objects. You can specify up to 250 S3 buckets and object
--   prefixes for a trail. For more information, see <a>Data Events</a> in
--   the <i>AWS CloudTrail User Guide</i> .</li>
--   <li><a>esReadWriteType</a> - Specify if you want your trail to log
--   read-only events, write-only events, or all. For example, the EC2
--   <tt>GetConsoleOutput</tt> is a read-only API operation and
--   <tt>RunInstances</tt> is a write-only API operation. By default, the
--   value is <tt>All</tt> .</li>
--   <li><a>esIncludeManagementEvents</a> - Specify if you want your event
--   selector to include management events for your trail. For more
--   information, see <a>Management Events</a> in the <i>AWS CloudTrail
--   User Guide</i> . By default, the value is <tt>true</tt> .</li>
--   </ul>
eventSelector :: EventSelector

-- | CloudTrail supports logging only data events for S3 objects. You can
--   specify up to 250 S3 buckets and object prefixes for a trail. For more
--   information, see <a>Data Events</a> in the <i>AWS CloudTrail User
--   Guide</i> .
esDataResources :: Lens' EventSelector [DataResource]

-- | Specify if you want your trail to log read-only events, write-only
--   events, or all. For example, the EC2 <tt>GetConsoleOutput</tt> is a
--   read-only API operation and <tt>RunInstances</tt> is a write-only API
--   operation. By default, the value is <tt>All</tt> .
esReadWriteType :: Lens' EventSelector (Maybe ReadWriteType)

-- | Specify if you want your event selector to include management events
--   for your trail. For more information, see <a>Management Events</a> in
--   the <i>AWS CloudTrail User Guide</i> . By default, the value is
--   <tt>true</tt> .
esIncludeManagementEvents :: Lens' EventSelector (Maybe Bool)

-- | Specifies an attribute and value that filter the events returned.
--   
--   <i>See:</i> <a>lookupAttribute</a> smart constructor.
data LookupAttribute

-- | Creates a value of <a>LookupAttribute</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>laAttributeKey</a> - Specifies an attribute on which to filter
--   the events returned.</li>
--   <li><a>laAttributeValue</a> - Specifies a value for the specified
--   AttributeKey.</li>
--   </ul>
lookupAttribute :: LookupAttributeKey -> Text -> LookupAttribute

-- | Specifies an attribute on which to filter the events returned.
laAttributeKey :: Lens' LookupAttribute LookupAttributeKey

-- | Specifies a value for the specified AttributeKey.
laAttributeValue :: Lens' LookupAttribute Text

-- | Contains information about a returned public key.
--   
--   <i>See:</i> <a>publicKey</a> smart constructor.
data PublicKey

-- | Creates a value of <a>PublicKey</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>pkFingerprint</a> - The fingerprint of the public key.</li>
--   <li><a>pkValidityEndTime</a> - The ending time of validity of the
--   public key.</li>
--   <li><a>pkValue</a> - The DER encoded public key value in PKCS#1
--   format.-- <i>Note:</i> This <tt>Lens</tt> automatically encodes and
--   decodes Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>pkValidityStartTime</a> - The starting time of validity of the
--   public key.</li>
--   </ul>
publicKey :: PublicKey

-- | The fingerprint of the public key.
pkFingerprint :: Lens' PublicKey (Maybe Text)

-- | The ending time of validity of the public key.
pkValidityEndTime :: Lens' PublicKey (Maybe UTCTime)

-- | The DER encoded public key value in PKCS#1 format.-- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.
pkValue :: Lens' PublicKey (Maybe ByteString)

-- | The starting time of validity of the public key.
pkValidityStartTime :: Lens' PublicKey (Maybe UTCTime)

-- | Specifies the type and name of a resource referenced by an event.
--   
--   <i>See:</i> <a>resource</a> smart constructor.
data Resource

-- | Creates a value of <a>Resource</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rResourceType</a> - The type of a resource referenced by the
--   event returned. When the resource type cannot be determined, null is
--   returned. Some examples of resource types are: <b>Instance</b> for
--   EC2, <b>Trail</b> for CloudTrail, <b>DBInstance</b> for RDS, and
--   <b>AccessKey</b> for IAM. For a list of resource types supported for
--   event lookup, see <a>Resource Types Supported for Event Lookup</a>
--   .</li>
--   <li><a>rResourceName</a> - The name of the resource referenced by the
--   event returned. These are user-created names whose values will depend
--   on the environment. For example, the resource name might be
--   "auto-scaling-test-group" for an Auto Scaling Group or "i-1234567" for
--   an EC2 Instance.</li>
--   </ul>
resource :: Resource

-- | The type of a resource referenced by the event returned. When the
--   resource type cannot be determined, null is returned. Some examples of
--   resource types are: <b>Instance</b> for EC2, <b>Trail</b> for
--   CloudTrail, <b>DBInstance</b> for RDS, and <b>AccessKey</b> for IAM.
--   For a list of resource types supported for event lookup, see
--   <a>Resource Types Supported for Event Lookup</a> .
rResourceType :: Lens' Resource (Maybe Text)

-- | The name of the resource referenced by the event returned. These are
--   user-created names whose values will depend on the environment. For
--   example, the resource name might be "auto-scaling-test-group" for an
--   Auto Scaling Group or "i-1234567" for an EC2 Instance.
rResourceName :: Lens' Resource (Maybe Text)

-- | A resource tag.
--   
--   <i>See:</i> <a>resourceTag</a> smart constructor.
data ResourceTag

-- | Creates a value of <a>ResourceTag</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rResourceId</a> - Specifies the ARN of the resource.</li>
--   <li><a>rTagsList</a> - A list of tags.</li>
--   </ul>
resourceTag :: ResourceTag

-- | Specifies the ARN of the resource.
rResourceId :: Lens' ResourceTag (Maybe Text)

-- | A list of tags.
rTagsList :: Lens' ResourceTag [Tag]

-- | A custom key-value pair associated with a resource such as a
--   CloudTrail trail.
--   
--   <i>See:</i> <a>tag</a> smart constructor.
data Tag

-- | Creates a value of <a>Tag</a> with the minimum fields required to make
--   a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tagValue</a> - The value in a key-value pair of a tag. The
--   value must be no longer than 256 Unicode characters.</li>
--   <li><a>tagKey</a> - The key in a key-value pair. The key must be must
--   be no longer than 128 Unicode characters. The key must be unique for
--   the resource to which it applies.</li>
--   </ul>
tag :: Text -> Tag

-- | The value in a key-value pair of a tag. The value must be no longer
--   than 256 Unicode characters.
tagValue :: Lens' Tag (Maybe Text)

-- | The key in a key-value pair. The key must be must be no longer than
--   128 Unicode characters. The key must be unique for the resource to
--   which it applies.
tagKey :: Lens' Tag Text

-- | The settings for a trail.
--   
--   <i>See:</i> <a>trail</a> smart constructor.
data Trail

-- | Creates a value of <a>Trail</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tLogFileValidationEnabled</a> - Specifies whether log file
--   validation is enabled.</li>
--   <li><a>tTrailARN</a> - Specifies the ARN of the trail. The format of a
--   trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt></li>
--   <li><a>tS3KeyPrefix</a> - Specifies the Amazon S3 key prefix that
--   comes after the name of the bucket you have designated for log file
--   delivery. For more information, see <a>Finding Your CloudTrail Log
--   Files</a> .The maximum length is 200 characters.</li>
--   <li><a>tSNSTopicARN</a> - Specifies the ARN of the Amazon SNS topic
--   that CloudTrail uses to send notifications when log files are
--   delivered. The format of a topic ARN is:
--   <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt></li>
--   <li><a>tSNSTopicName</a> - This field is deprecated. Use
--   SnsTopicARN.</li>
--   <li><a>tCloudWatchLogsLogGroupARN</a> - Specifies an Amazon Resource
--   Name (ARN), a unique identifier that represents the log group to which
--   CloudTrail logs will be delivered.</li>
--   <li><a>tKMSKeyId</a> - Specifies the KMS key ID that encrypts the logs
--   delivered by CloudTrail. The value is a fully specified ARN to a KMS
--   key in the format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>tHomeRegion</a> - The region in which the trail was
--   created.</li>
--   <li><a>tName</a> - Name of the trail set by calling
--   <tt>CreateTrail</tt> . The maximum length is 128 characters.</li>
--   <li><a>tIncludeGlobalServiceEvents</a> - Set to <b>True</b> to include
--   AWS API calls from AWS global services such as IAM. Otherwise,
--   <b>False</b> .</li>
--   <li><a>tHasCustomEventSelectors</a> - Specifies if the trail has
--   custom event selectors.</li>
--   <li><a>tCloudWatchLogsRoleARN</a> - Specifies the role for the
--   CloudWatch Logs endpoint to assume to write to a user's log
--   group.</li>
--   <li><a>tS3BucketName</a> - Name of the Amazon S3 bucket into which
--   CloudTrail delivers your trail files. See <a>Amazon S3 Bucket Naming
--   Requirements</a> .</li>
--   <li><a>tIsMultiRegionTrail</a> - Specifies whether the trail belongs
--   only to one region or exists in all regions.</li>
--   </ul>
trail :: Trail

-- | Specifies whether log file validation is enabled.
tLogFileValidationEnabled :: Lens' Trail (Maybe Bool)

-- | Specifies the ARN of the trail. The format of a trail ARN is:
--   <tt>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</tt>
tTrailARN :: Lens' Trail (Maybe Text)

-- | Specifies the Amazon S3 key prefix that comes after the name of the
--   bucket you have designated for log file delivery. For more
--   information, see <a>Finding Your CloudTrail Log Files</a> .The maximum
--   length is 200 characters.
tS3KeyPrefix :: Lens' Trail (Maybe Text)

-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
--   notifications when log files are delivered. The format of a topic ARN
--   is: <tt>arn:aws:sns:us-east-1:123456789012:MyTopic</tt>
tSNSTopicARN :: Lens' Trail (Maybe Text)

-- | This field is deprecated. Use SnsTopicARN.
tSNSTopicName :: Lens' Trail (Maybe Text)

-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
--   represents the log group to which CloudTrail logs will be delivered.
tCloudWatchLogsLogGroupARN :: Lens' Trail (Maybe Text)

-- | Specifies the KMS key ID that encrypts the logs delivered by
--   CloudTrail. The value is a fully specified ARN to a KMS key in the
--   format:
--   <tt>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</tt>
tKMSKeyId :: Lens' Trail (Maybe Text)

-- | The region in which the trail was created.
tHomeRegion :: Lens' Trail (Maybe Text)

-- | Name of the trail set by calling <tt>CreateTrail</tt> . The maximum
--   length is 128 characters.
tName :: Lens' Trail (Maybe Text)

-- | Set to <b>True</b> to include AWS API calls from AWS global services
--   such as IAM. Otherwise, <b>False</b> .
tIncludeGlobalServiceEvents :: Lens' Trail (Maybe Bool)

-- | Specifies if the trail has custom event selectors.
tHasCustomEventSelectors :: Lens' Trail (Maybe Bool)

-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
--   to a user's log group.
tCloudWatchLogsRoleARN :: Lens' Trail (Maybe Text)

-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
--   files. See <a>Amazon S3 Bucket Naming Requirements</a> .
tS3BucketName :: Lens' Trail (Maybe Text)

-- | Specifies whether the trail belongs only to one region or exists in
--   all regions.
tIsMultiRegionTrail :: Lens' Trail (Maybe Bool)
