CDK Constructs for AWS CloudTrail
Project description
AWS CloudTrail Construct Library
---This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
Add a CloudTrail construct - for ease of setting up CloudTrail logging in your account
Example usage:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail
trail = cloudtrail.Trail(self, "CloudTrail")
You can instantiate the CloudTrail construct with no arguments - this will by default:
- Create a new S3 Bucket and associated Policy that allows CloudTrail to write to it
- Create a CloudTrail with the following configuration:
- Logging Enabled
- Log file validation enabled
- Multi Region set to true
- Global Service Events set to true
- The created S3 bucket
- CloudWatch Logging Disabled
- No SNS configuartion
- No tags
- No fixed name
You can override any of these properties using the CloudTrailProps
configuraiton object.
For example, to log to CloudWatch Logs
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail
trail = cloudtrail.Trail(self, "CloudTrail",
send_to_cloud_watch_logs=True
)
This creates the same setup as above - but also logs events to a created CloudWatch Log stream. By default, the created log group has a retention period of 365 Days, but this is also configurable.
For using CloudTrail event selector to log specific S3 events,
you can use the CloudTrailProps
configuration object.
Example:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_cloudtrail as cloudtrail
trail = cloudtrail.Trail(self, "MyAmazingCloudTrail")
# Adds an event selector to the bucket magic-bucket.
# By default, this includes management events and all operations (Read + Write)
trail.add_s3_event_selector(["arn:aws:s3:::magic-bucket/"])
# Adds an event selector to the bucket foo, with a specific configuration
trail.add_s3_event_selector(["arn:aws:s3:::foo/"],
include_management_events=False,
read_write_type=ReadWriteType.ALL
)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-cloudtrail-1.21.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 66f27c040c87b1a62fd3b7d7821f97591a7e1b71b3aee021a25c2960178a0e1d |
|
MD5 | db9d9ce655d017fbc8756149d70c3a08 |
|
BLAKE2b-256 | 536dd9c6370dd4cf24cf941311d59dd4dc02b1a4719d1f36a8a022f2ee558411 |
Hashes for aws_cdk.aws_cloudtrail-1.21.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 278ec3f551e8287889956e87f0d33a76f08ca0cfba3aef594cd655e73199c14e |
|
MD5 | ef3d6eeb0b61a1e89e1ab5d8d49669c4 |
|
BLAKE2b-256 | 3a58803dfcd0de6ac4244bbb83a4da8e4354168a51d3a11bc018a7caa2043d64 |