Skip to main content

CDK Constructs for AWS CloudTrail

Project description

AWS CloudTrail Construct Library


Stability: Experimental

This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.

This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.


Add a CloudTrail construct - for ease of setting up CloudTrail logging in your account

Example usage:

import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.Trail(this, 'CloudTrail');

You can instantiate the CloudTrail construct with no arguments - this will by default: * Create a new S3 Bucket and associated Policy that allows CloudTrail to write to it * Create a CloudTrail with the following configuration: * Logging Enabled * Log file validation enabled * Multi Region set to true * Global Service Events set to true * The created S3 bucket * CloudWatch Logging Disabled * No SNS configuartion * No tags * No fixed name

You can override any of these properties using the CloudTrailProps configuraiton object.

For example, to log to CloudWatch Logs

import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.Trail(this, 'CloudTrail', {
  sendToCloudWatchLogs: true
});

This creates the same setup as above - but also logs events to a created CloudWatch Log stream. By default, the created log group has a retention period of 365 Days, but this is also configurable.

For using CloudTrail event selector to log specific S3 events, you can use the CloudTrailProps configuration object. Example:

import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');

// Adds an event selector to the bucket magic-bucket.
// By default, this includes management events and all operations (Read + Write)
trail.addS3EventSelector(["arn:aws:s3:::magic-bucket/"]);

// Adds an event selector to the bucket foo, with a specific configuration
trail.addS3EventSelector(["arn:aws:s3:::foo/"], {
  includeManagementEvents: false,
  readWriteType: ReadWriteType.ALL,
});

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cdk.aws-cloudtrail-1.12.0.tar.gz (57.5 kB view hashes)

Uploaded Source

Built Distribution

aws_cdk.aws_cloudtrail-1.12.0-py3-none-any.whl (55.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page