Table of Contents

Module Members



new Trail (Constructor)

Call this constructor to create a new Fugue.Core.AWS.CloudTrail.Trail value.

Example usage:

trail: CloudTrail.Trail.new {
  name: "trail0",
  includeGlobalServiceEvents: True,
  isMultiRegionTrail: True,
  enableLogFileValidation: True,
  targetBucket: bucket0,
  targetKeyPrefix: "logs-prefix",
  notificationTopic: topic0,
  logGroup: logGroup0,
  cloudWatchLogsRole: role0,
  encryptionKey: key0,
  eventSelectors: [
    CloudTrail.EventSelector.new {
      readWriteType: CloudTrail.All,
      includeManagementEvents: True
  region: Us-east-1

Type Signature

 fun { name: String,
       includeGlobalServiceEvents: Optional<Bool>,
       isMultiRegionTrail: Optional<Bool>,
       enableLogFileValidation: Optional<Bool>,
       targetBucket: Bucket,
       targetKeyPrefix: Optional<String>,
       notificationTopic: Optional<Topic>,
       logGroup: Optional<LogGroup>,
       cloudWatchLogsRole: Optional<Role>,
       encryptionKey: Optional<Key>,
       eventSelectors: Optional<List<EventSelector>>,
       region: Region,
       enableLogging: Bool,
       tags: Optional<List<Tag>>,
       resourceId: Optional<String> } -> Trail
Argument: name

The name of the trail. The name must contain only ASCII characters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes(-). It must start and end with a letter or a nubmer and be between 3 and 128 characters with no adjacent periods, underscores or dashes.

Type: String

Argument: includeGlobalServiceEvents

Specifies whether the trail is publishing events from global services such as IAM to the log files. Defaults to False. Mutable.

Type: Optional<Bool>

Argument: isMultiRegionTrail

Specifies whether the trail is created in the current region or in all regions. Defaults to False. Mutable.

Type: Optional<Bool>

Argument: enableLogFileValidation

Specifies whether log file integrity validation is enabled. Defaults to False. Mutable.

Type: Optional<Bool>

Argument: targetBucket

Specifies the the Amazon S3 bucket designated for publishing log files. Mutable.

Type: Bucket

Argument: targetKeyPrefix

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. If this field is used, it must match the bucket policy of the bucket specified in targetBucket. Mutable

Type: Optional<String>

Argument: notificationTopic

Specifies the Amazon SNS topic defined for notification of log file delivery. Mutable.

Type: Optional<Topic>

Argument: logGroup

Specifies a log group to which CloudTrail logs will be delivered. Mutable.

Type: Optional<LogGroup>

Argument: cloudWatchLogsRole

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user’s log group. Mutable.

Type: Optional<Role>

Argument: encryptionKey

Specifies the KMS key to use to encrypt the logs delivered by CloudTrail. Mutable. Note that CloudTrail Trails require special KMS key policy additions. Refer to the Amazon documentation below for details: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-kms-key-policy-for-cloudtrail-policy-sections.html

Type: Optional<Key>

Argument: eventSelectors

Specifies custom event selectors configured for your trail. You can have a max of 5 EventSelectors. Defaults to all read/write management events. Mutable.

Type: Optional<List<EventSelector>>

Argument: region

The region in which the trail will be created.

Type: Region

Argument: enableLogging

Enables trail logging if true. Mutable.

Type: Bool

Argument: tags

Tags for the trail in the current region. Mutable.

Type: Optional<List<Tag>>

Argument: resourceId

Resource ID of the resource to import with Fugue import. This field is only honored on fugue run. The resource ID is the Trail ARN. Mutable. Example: arn:aws:cloudtrail:us-east-1:123456780:trail/trailname

Type: Optional<String>

Type: Trail