Metadata-Version: 2.1
Name: aws-cdk.aws-cloudtrail
Version: 1.42.1
Summary: CDK Constructs for AWS CloudTrail
Home-page: https://github.com/aws/aws-cdk
Author: Amazon Web Services
License: Apache-2.0
Project-URL: Source, https://github.com/aws/aws-cdk.git
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: JavaScript
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Typing :: Typed
Classifier: Development Status :: 4 - Beta
Classifier: License :: OSI Approved
Requires-Python: >=3.6
Description-Content-Type: text/markdown
Requires-Dist: jsii (<2.0.0,>=1.5.0)
Requires-Dist: publication (>=0.0.3)
Requires-Dist: aws-cdk.aws-events (==1.42.1)
Requires-Dist: aws-cdk.aws-iam (==1.42.1)
Requires-Dist: aws-cdk.aws-kms (==1.42.1)
Requires-Dist: aws-cdk.aws-lambda (==1.42.1)
Requires-Dist: aws-cdk.aws-logs (==1.42.1)
Requires-Dist: aws-cdk.aws-s3 (==1.42.1)
Requires-Dist: aws-cdk.aws-sns (==1.42.1)
Requires-Dist: aws-cdk.core (==1.42.1)
Requires-Dist: constructs (<4.0.0,>=3.0.2)

## AWS CloudTrail Construct Library

<!--BEGIN STABILITY BANNER-->---


![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)

> All classes with the `Cfn` prefix in this module ([CFN Resources](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) are always stable and safe to use.

![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)

> The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

---
<!--END STABILITY BANNER-->

Add a CloudTrail construct - for ease of setting up CloudTrail logging in your account

Example usage:

```python
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail

trail = cloudtrail.Trail(self, "CloudTrail")
```

You can instantiate the CloudTrail construct with no arguments - this will by default:

* Create a new S3 Bucket and associated Policy that allows CloudTrail to write to it
* Create a CloudTrail with the following configuration:

  * Logging Enabled
  * Log file validation enabled
  * Multi Region set to true
  * Global Service Events set to true
  * The created S3 bucket
  * CloudWatch Logging Disabled
  * No SNS configuartion
  * No tags
  * No fixed name

You can override any of these properties using the `CloudTrailProps` configuraiton object.

For example, to log to CloudWatch Logs

```python
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail

trail = cloudtrail.Trail(self, "CloudTrail",
    send_to_cloud_watch_logs=True
)
```

This creates the same setup as above - but also logs events to a created CloudWatch Log stream.
By default, the created log group has a retention period of 365 Days, but this is also configurable
via the `cloudWatchLogsRetention` property. If you would like to specify the log group explicitly,
use the `cloudwatchLogGroup` property.

For using CloudTrail event selector to log specific S3 events,
you can use the `CloudTrailProps` configuration object.
Example:

```python
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail

trail = cloudtrail.Trail(self, "MyAmazingCloudTrail")

# Adds an event selector to the bucket magic-bucket.
# By default, this includes management events and all operations (Read + Write)
trail.log_all_s3_data_events()

# Adds an event selector to the bucket foo
trail.add_s3_event_selector([
    bucket=foo_bucket
])
```

For using CloudTrail event selector to log events about Lambda
functions, you can use `addLambdaEventSelector`.

```python
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail
import aws_cdk.aws_lambda as lambda

trail = cloudtrail.Trail(self, "MyAmazingCloudTrail")
lambda_function = lambda.Function(stack, "AnAmazingFunction",
    runtime=lambda.Runtime.NODEJS_10_X,
    handler="hello.handler",
    code=lambda.Code.from_asset("lambda")
)

# Add an event selector to log data events for all functions in the account.
trail.log_all_lambda_data_events()

# Add an event selector to log data events for the provided Lambda functions.
trail.add_lambda_event_selector([lambda_function.function_arn])
```

Using the `Trail.onEvent()` API, an EventBridge rule can be created that gets triggered for
every event logged in CloudTrail.
To only use the events that are of interest, either from a particular service, specific account or
time range, they can be filtered down using the APIs available in `aws-events`. The following code
filters events for S3 from a specific AWS account and triggers a lambda function. See [Events delivered via
CloudTrail](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html#events-for-services-not-listed)
to learn more about the event structure for events from CloudTrail.

```python
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail
import aws_cdk.aws_events_targets as event_targets
import aws_cdk.aws_lambda as lambda

my_function_handler = lambda.Function(self, "MyFunction",
    code=lambda.Code.from_asset("resource/myfunction"),
    runtime=lambda.Runtime.NODEJS_12_X,
    handler="index.handler"
)

event_rule = Trail.on_event(self, "MyCloudWatchEvent",
    target=event_targets.LambdaFunction(my_function_handler)
)

event_rule.add_event_pattern(
    account="123456789012",
    source="aws.s3"
)
```


