CDK Constructs for AWS CloudTrail
Project description
AWS CloudTrail Construct Library
This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
Add a CloudTrail construct - for ease of setting up CloudTrail logging in your account
Example usage:
import cloudtrail = require('@aws-cdk/aws-cloudtrail');
const trail = new cloudtrail.Trail(this, 'CloudTrail');
You can instantiate the CloudTrail construct with no arguments - this will by default: * Create a new S3 Bucket and associated Policy that allows CloudTrail to write to it * Create a CloudTrail with the following configuration: * Logging Enabled * Log file validation enabled * Multi Region set to true * Global Service Events set to true * The created S3 bucket * CloudWatch Logging Disabled * No SNS configuartion * No tags * No fixed name
You can override any of these properties using the CloudTrailProps
configuraiton object.
For example, to log to CloudWatch Logs
import cloudtrail = require('@aws-cdk/aws-cloudtrail');
const trail = new cloudtrail.Trail(this, 'CloudTrail', {
sendToCloudWatchLogs: true
});
This creates the same setup as above - but also logs events to a created CloudWatch Log stream. By default, the created log group has a retention period of 365 Days, but this is also configurable.
For using CloudTrail event selector to log specific S3 events,
you can use the CloudTrailProps
configuration object.
Example:
import cloudtrail = require('@aws-cdk/aws-cloudtrail');
const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');
// Adds an event selector to the bucket magic-bucket.
// By default, this includes management events and all operations (Read + Write)
trail.addS3EventSelector(["arn:aws:s3:::magic-bucket/"]);
// Adds an event selector to the bucket foo, with a specific configuration
trail.addS3EventSelector(["arn:aws:s3:::foo/"], {
includeManagementEvents: false,
readWriteType: ReadWriteType.All,
});
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-cloudtrail-0.39.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4edff412b05f55e52f353a3522b6f0916989edf5ec5a82a123dc54c3a6c8a655 |
|
MD5 | f112a6675bcf931e571dcd1cc3d884a8 |
|
BLAKE2b-256 | c34b3056f88a2b3b3adddd6804f8f9a72e3480acf4f2f9e840aea0023361b866 |
Hashes for aws_cdk.aws_cloudtrail-0.39.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9532062c68dcc1f35eed17f39602795245028e26ed0e45301bd83f8a11765c01 |
|
MD5 | 2a8ed220b356990d3807c553c2c8ad52 |
|
BLAKE2b-256 | 18c6f4da4ee5678329d15b7f40549bf995a2adf75d4a548bc5ff26191dcc3717 |