Docs Home
AWS v6.75.0 published on Wednesday, Apr 2, 2025 by Pulumi
aws.cloudtrail.EventDataStore
Explore with Pulumi AI
Provides a CloudTrail Event Data Store.
More information about event data stores can be found in the Event Data Store User Guide.
Tip: For an organization event data store you must create this resource in the management account.
Example Usage
Basic
The most simple event data store configuration requires us to only set the name attribute. The event data store will automatically capture all management events. To capture management events from all the regions, multi_region_enabled must be true.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cloudtrail.EventDataStore("example", {name: "example-event-data-store"});
import pulumi
import pulumi_aws as aws
example = aws.cloudtrail.EventDataStore("example", name="example-event-data-store")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudtrail.NewEventDataStore(ctx, "example", &cloudtrail.EventDataStoreArgs{
Name: pulumi.String("example-event-data-store"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.CloudTrail.EventDataStore("example", new()
{
Name = "example-event-data-store",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudtrail.EventDataStore;
import com.pulumi.aws.cloudtrail.EventDataStoreArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new EventDataStore("example", EventDataStoreArgs.builder()
.name("example-event-data-store")
.build());
}
}
resources:
example:
type: aws:cloudtrail:EventDataStore
properties:
name: example-event-data-store
Data Event Logging
CloudTrail can log Data Events for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:
Log all DynamoDB PutEvent actions for a specific DynamoDB table
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const table = aws.dynamodb.getTable({
name: "not-important-dynamodb-table",
});
const example = new aws.cloudtrail.EventDataStore("example", {advancedEventSelectors: [{
name: "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
fieldSelectors: [
{
field: "eventCategory",
equals: ["Data"],
},
{
field: "resources.type",
equals: ["AWS::DynamoDB::Table"],
},
{
field: "eventName",
equals: ["PutItem"],
},
{
field: "resources.ARN",
equals: [table.then(table => table.arn)],
},
],
}]});
import pulumi
import pulumi_aws as aws
table = aws.dynamodb.get_table(name="not-important-dynamodb-table")
example = aws.cloudtrail.EventDataStore("example", advanced_event_selectors=[{
"name": "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
"field_selectors": [
{
"field": "eventCategory",
"equals": ["Data"],
},
{
"field": "resources.type",
"equals": ["AWS::DynamoDB::Table"],
},
{
"field": "eventName",
"equals": ["PutItem"],
},
{
"field": "resources.ARN",
"equals": [table.arn],
},
],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
table, err := dynamodb.LookupTable(ctx, &dynamodb.LookupTableArgs{
Name: "not-important-dynamodb-table",
}, nil)
if err != nil {
return err
}
_, err = cloudtrail.NewEventDataStore(ctx, "example", &cloudtrail.EventDataStoreArgs{
AdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{
&cloudtrail.EventDataStoreAdvancedEventSelectorArgs{
Name: pulumi.String("Log all DynamoDB PutEvent actions for a specific DynamoDB table"),
FieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{
&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
Field: pulumi.String("eventCategory"),
Equals: pulumi.StringArray{
pulumi.String("Data"),
},
},
&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
Field: pulumi.String("resources.type"),
Equals: pulumi.StringArray{
pulumi.String("AWS::DynamoDB::Table"),
},
},
&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
Field: pulumi.String("eventName"),
Equals: pulumi.StringArray{
pulumi.String("PutItem"),
},
},
&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
Field: pulumi.String("resources.ARN"),
Equals: pulumi.StringArray{
pulumi.String(table.Arn),
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var table = Aws.DynamoDB.GetTable.Invoke(new()
{
Name = "not-important-dynamodb-table",
});
var example = new Aws.CloudTrail.EventDataStore("example", new()
{
AdvancedEventSelectors = new[]
{
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs
{
Name = "Log all DynamoDB PutEvent actions for a specific DynamoDB table",
FieldSelectors = new[]
{
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
{
Field = "eventCategory",
Equals = new[]
{
"Data",
},
},
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
{
Field = "resources.type",
Equals = new[]
{
"AWS::DynamoDB::Table",
},
},
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
{
Field = "eventName",
Equals = new[]
{
"PutItem",
},
},
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
{
Field = "resources.ARN",
Equals = new[]
{
table.Apply(getTableResult => getTableResult.Arn),
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.dynamodb.DynamodbFunctions;
import com.pulumi.aws.dynamodb.inputs.GetTableArgs;
import com.pulumi.aws.cloudtrail.EventDataStore;
import com.pulumi.aws.cloudtrail.EventDataStoreArgs;
import com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var table = DynamodbFunctions.getTable(GetTableArgs.builder()
.name("not-important-dynamodb-table")
.build());
var example = new EventDataStore("example", EventDataStoreArgs.builder()
.advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()
.name("Log all DynamoDB PutEvent actions for a specific DynamoDB table")
.fieldSelectors(
EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
.field("eventCategory")
.equals("Data")
.build(),
EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
.field("resources.type")
.equals("AWS::DynamoDB::Table")
.build(),
EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
.field("eventName")
.equals("PutItem")
.build(),
EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
.field("resources.ARN")
.equals(table.applyValue(getTableResult -> getTableResult.arn()))
.build())
.build())
.build());
}
}
resources:
example:
type: aws:cloudtrail:EventDataStore
properties:
advancedEventSelectors:
- name: Log all DynamoDB PutEvent actions for a specific DynamoDB table
fieldSelectors:
- field: eventCategory
equals:
- Data
- field: resources.type
equals:
- AWS::DynamoDB::Table
- field: eventName
equals:
- PutItem
- field: resources.ARN
equals:
- ${table.arn}
variables:
table:
fn::invoke:
function: aws:dynamodb:getTable
arguments:
name: not-important-dynamodb-table
Create EventDataStore Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EventDataStore(name: string, args?: EventDataStoreArgs, opts?: CustomResourceOptions);@overload
def EventDataStore(resource_name: str,
args: Optional[EventDataStoreArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def EventDataStore(resource_name: str,
opts: Optional[ResourceOptions] = None,
advanced_event_selectors: Optional[Sequence[EventDataStoreAdvancedEventSelectorArgs]] = None,
billing_mode: Optional[str] = None,
kms_key_id: Optional[str] = None,
multi_region_enabled: Optional[bool] = None,
name: Optional[str] = None,
organization_enabled: Optional[bool] = None,
retention_period: Optional[int] = None,
suspend: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
termination_protection_enabled: Optional[bool] = None)func NewEventDataStore(ctx *Context, name string, args *EventDataStoreArgs, opts ...ResourceOption) (*EventDataStore, error)public EventDataStore(string name, EventDataStoreArgs? args = null, CustomResourceOptions? opts = null)public EventDataStore(String name, EventDataStoreArgs args)
public EventDataStore(String name, EventDataStoreArgs args, CustomResourceOptions options)
type: aws:cloudtrail:EventDataStore
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args EventDataStoreArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. EventDataStoreArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var eventDataStoreResource = new Aws.CloudTrail.EventDataStore("eventDataStoreResource", new()
{
AdvancedEventSelectors = new[]
{
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs
{
FieldSelectors = new[]
{
new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs
{
EndsWiths = new[]
{
"string",
},
Equals = new[]
{
"string",
},
Field = "string",
NotEndsWiths = new[]
{
"string",
},
NotEquals = new[]
{
"string",
},
NotStartsWiths = new[]
{
"string",
},
StartsWiths = new[]
{
"string",
},
},
},
Name = "string",
},
},
BillingMode = "string",
KmsKeyId = "string",
MultiRegionEnabled = false,
Name = "string",
OrganizationEnabled = false,
RetentionPeriod = 0,
Suspend = "string",
Tags =
{
{ "string", "string" },
},
TerminationProtectionEnabled = false,
});
example, err := cloudtrail.NewEventDataStore(ctx, "eventDataStoreResource", &cloudtrail.EventDataStoreArgs{
AdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{
&cloudtrail.EventDataStoreAdvancedEventSelectorArgs{
FieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{
&cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{
EndsWiths: pulumi.StringArray{
pulumi.String("string"),
},
Equals: pulumi.StringArray{
pulumi.String("string"),
},
Field: pulumi.String("string"),
NotEndsWiths: pulumi.StringArray{
pulumi.String("string"),
},
NotEquals: pulumi.StringArray{
pulumi.String("string"),
},
NotStartsWiths: pulumi.StringArray{
pulumi.String("string"),
},
StartsWiths: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
},
},
BillingMode: pulumi.String("string"),
KmsKeyId: pulumi.String("string"),
MultiRegionEnabled: pulumi.Bool(false),
Name: pulumi.String("string"),
OrganizationEnabled: pulumi.Bool(false),
RetentionPeriod: pulumi.Int(0),
Suspend: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TerminationProtectionEnabled: pulumi.Bool(false),
})
var eventDataStoreResource = new EventDataStore("eventDataStoreResource", EventDataStoreArgs.builder()
.advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()
.fieldSelectors(EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()
.endsWiths("string")
.equals("string")
.field("string")
.notEndsWiths("string")
.notEquals("string")
.notStartsWiths("string")
.startsWiths("string")
.build())
.name("string")
.build())
.billingMode("string")
.kmsKeyId("string")
.multiRegionEnabled(false)
.name("string")
.organizationEnabled(false)
.retentionPeriod(0)
.suspend("string")
.tags(Map.of("string", "string"))
.terminationProtectionEnabled(false)
.build());
event_data_store_resource = aws.cloudtrail.EventDataStore("eventDataStoreResource",
advanced_event_selectors=[{
"field_selectors": [{
"ends_withs": ["string"],
"equals": ["string"],
"field": "string",
"not_ends_withs": ["string"],
"not_equals": ["string"],
"not_starts_withs": ["string"],
"starts_withs": ["string"],
}],
"name": "string",
}],
billing_mode="string",
kms_key_id="string",
multi_region_enabled=False,
name="string",
organization_enabled=False,
retention_period=0,
suspend="string",
tags={
"string": "string",
},
termination_protection_enabled=False)
const eventDataStoreResource = new aws.cloudtrail.EventDataStore("eventDataStoreResource", {
advancedEventSelectors: [{
fieldSelectors: [{
endsWiths: ["string"],
equals: ["string"],
field: "string",
notEndsWiths: ["string"],
notEquals: ["string"],
notStartsWiths: ["string"],
startsWiths: ["string"],
}],
name: "string",
}],
billingMode: "string",
kmsKeyId: "string",
multiRegionEnabled: false,
name: "string",
organizationEnabled: false,
retentionPeriod: 0,
suspend: "string",
tags: {
string: "string",
},
terminationProtectionEnabled: false,
});
type: aws:cloudtrail:EventDataStore
properties:
advancedEventSelectors:
- fieldSelectors:
- endsWiths:
- string
equals:
- string
field: string
notEndsWiths:
- string
notEquals:
- string
notStartsWiths:
- string
startsWiths:
- string
name: string
billingMode: string
kmsKeyId: string
multiRegionEnabled: false
name: string
organizationEnabled: false
retentionPeriod: 0
suspend: string
tags:
string: string
terminationProtectionEnabled: false
EventDataStore Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EventDataStore resource accepts the following input properties:
- Advanced
Event List<EventSelectors Data Store Advanced Event Selector> - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- Billing
Mode string - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - Kms
Key Id 
Changes to this property will trigger replacement. - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- Multi
Region boolEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - Name
- The name of the event data store.
- Organization
Enabled bool - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - Retention
Period int - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Termination
Protection boolEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- Advanced
Event []EventSelectors Data Store Advanced Event Selector Args - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- Billing
Mode string - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - Kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- Multi
Region boolEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - Name
- The name of the event data store.
- Organization
Enabled bool - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - Retention
Period int - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Termination
Protection boolEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced
Event List<EventSelectors Data Store Advanced Event Selector> - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billing
Mode String - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi
Region BooleanEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization
Enabled Boolean - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention
Period Integer - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - termination
Protection BooleanEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced
Event EventSelectors Data Store Advanced Event Selector[] - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billing
Mode string - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi
Region booleanEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization
Enabled boolean - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention
Period number - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - termination
Protection booleanEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced_
event_ Sequence[Eventselectors Data Store Advanced Event Selector Args] - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billing_
mode str - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms_
key_ id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi_
region_ boolenabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization_
enabled bool - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention_
period int - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend str
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - termination_
protection_ boolenabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced
Event List<Property Map>Selectors - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- billing
Mode String - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi
Region BooleanEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization
Enabled Boolean - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention
Period Number - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - termination
Protection BooleanEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
Outputs
All input properties are implicitly available as output properties. Additionally, the EventDataStore resource produces the following output properties:
Look up Existing EventDataStore Resource
Get an existing EventDataStore resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EventDataStoreState, opts?: CustomResourceOptions): EventDataStore@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
advanced_event_selectors: Optional[Sequence[EventDataStoreAdvancedEventSelectorArgs]] = None,
arn: Optional[str] = None,
billing_mode: Optional[str] = None,
kms_key_id: Optional[str] = None,
multi_region_enabled: Optional[bool] = None,
name: Optional[str] = None,
organization_enabled: Optional[bool] = None,
retention_period: Optional[int] = None,
suspend: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
termination_protection_enabled: Optional[bool] = None) -> EventDataStorefunc GetEventDataStore(ctx *Context, name string, id IDInput, state *EventDataStoreState, opts ...ResourceOption) (*EventDataStore, error)public static EventDataStore Get(string name, Input<string> id, EventDataStoreState? state, CustomResourceOptions? opts = null)public static EventDataStore get(String name, Output<String> id, EventDataStoreState state, CustomResourceOptions options)resources: _: type: aws:cloudtrail:EventDataStore get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Advanced
Event List<EventSelectors Data Store Advanced Event Selector> - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- Arn string
- ARN of the event data store.
- Billing
Mode string - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - Kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- Multi
Region boolEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - Name
- The name of the event data store.
- Organization
Enabled bool - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - Retention
Period int - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Termination
Protection boolEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- Advanced
Event []EventSelectors Data Store Advanced Event Selector Args - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- Arn string
- ARN of the event data store.
- Billing
Mode string - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - Kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- Multi
Region boolEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - Name
- The name of the event data store.
- Organization
Enabled bool - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - Retention
Period int - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - Suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Termination
Protection boolEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced
Event List<EventSelectors Data Store Advanced Event Selector> - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn String
- ARN of the event data store.
- billing
Mode String - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi
Region BooleanEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization
Enabled Boolean - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention
Period Integer - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - termination
Protection BooleanEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced
Event EventSelectors Data Store Advanced Event Selector[] - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn string
- ARN of the event data store.
- billing
Mode string - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi
Region booleanEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization
Enabled boolean - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention
Period number - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend string
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - termination
Protection booleanEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced_
event_ Sequence[Eventselectors Data Store Advanced Event Selector Args] - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn str
- ARN of the event data store.
- billing_
mode str - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms_
key_ id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi_
region_ boolenabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization_
enabled bool - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention_
period int - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend str
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - termination_
protection_ boolenabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
- advanced
Event List<Property Map>Selectors - The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see Log events by using advanced event selectors in the CloudTrail User Guide.
- arn String
- ARN of the event data store.
- billing
Mode String - The billing mode for the event data store. The valid values are
EXTENDABLE_RETENTION_PRICINGandFIXED_RETENTION_PRICING. Defaults toEXTENDABLE_RETENTION_PRICING. - kms
Key Id - Specifies the AWS KMS key ID to use to encrypt the events delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
- multi
Region BooleanEnabled - Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created. Default:
true. - name
- The name of the event data store.
- organization
Enabled Boolean - Specifies whether an event data store collects events logged for an organization in AWS Organizations. Default:
false. - retention
Period Number - The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years. Default:
2555. - suspend String
- Specifies whether to stop ingesting new events into the event data store. If set to
true, ingestion is suspended while maintaining the ability to query existing events. If set tofalse, ingestion is active. - Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - termination
Protection BooleanEnabled - Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled. Default:
true.
Supporting Types
EventDataStoreAdvancedEventSelector, EventDataStoreAdvancedEventSelectorArgs
, EventDataStoreAdvancedEventSelectorArgs
- Field
Selectors List<EventData Store Advanced Event Selector Field Selector> - Specifies the selector statements in an advanced event selector. Fields documented below.
- Name string
- Specifies the name of the advanced event selector.
- Field
Selectors []EventData Store Advanced Event Selector Field Selector - Specifies the selector statements in an advanced event selector. Fields documented below.
- Name string
- Specifies the name of the advanced event selector.
- field
Selectors List<EventData Store Advanced Event Selector Field Selector> - Specifies the selector statements in an advanced event selector. Fields documented below.
- name String
- Specifies the name of the advanced event selector.
- field
Selectors EventData Store Advanced Event Selector Field Selector[] - Specifies the selector statements in an advanced event selector. Fields documented below.
- name string
- Specifies the name of the advanced event selector.
- field_
selectors Sequence[EventData Store Advanced Event Selector Field Selector] - Specifies the selector statements in an advanced event selector. Fields documented below.
- name str
- Specifies the name of the advanced event selector.
- field
Selectors List<Property Map> - Specifies the selector statements in an advanced event selector. Fields documented below.
- name String
- Specifies the name of the advanced event selector.
EventDataStoreAdvancedEventSelectorFieldSelector, EventDataStoreAdvancedEventSelectorFieldSelectorArgs
, EventDataStoreAdvancedEventSelectorFieldSelectorArgs
- Ends
Withs List<string> - A list of values that includes events that match the last few characters of the event record field specified as the value of
field. - Equals List<string>
- A list of values that includes events that match the exact value of the event record field specified as the value of
field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields. - Field string
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values:
readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN. - Not
Ends List<string>Withs - A list of values that excludes events that match the last few characters of the event record field specified as the value of
field. - Not
Equals List<string> - A list of values that excludes events that match the exact value of the event record field specified as the value of
field. - Not
Starts List<string>Withs - A list of values that excludes events that match the first few characters of the event record field specified as the value of
field. - Starts
Withs List<string> - A list of values that includes events that match the first few characters of the event record field specified as the value of
field.
- Ends
Withs []string - A list of values that includes events that match the last few characters of the event record field specified as the value of
field. - Equals []string
- A list of values that includes events that match the exact value of the event record field specified as the value of
field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields. - Field string
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values:
readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN. - Not
Ends []stringWiths - A list of values that excludes events that match the last few characters of the event record field specified as the value of
field. - Not
Equals []string - A list of values that excludes events that match the exact value of the event record field specified as the value of
field. - Not
Starts []stringWiths - A list of values that excludes events that match the first few characters of the event record field specified as the value of
field. - Starts
Withs []string - A list of values that includes events that match the first few characters of the event record field specified as the value of
field.
- ends
Withs List<String> - A list of values that includes events that match the last few characters of the event record field specified as the value of
field. - equals_ List<String>
- A list of values that includes events that match the exact value of the event record field specified as the value of
field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields. - field String
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values:
readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN. - not
Ends List<String>Withs - A list of values that excludes events that match the last few characters of the event record field specified as the value of
field. - not
Equals List<String> - A list of values that excludes events that match the exact value of the event record field specified as the value of
field. - not
Starts List<String>Withs - A list of values that excludes events that match the first few characters of the event record field specified as the value of
field. - starts
Withs List<String> - A list of values that includes events that match the first few characters of the event record field specified as the value of
field.
- ends
Withs string[] - A list of values that includes events that match the last few characters of the event record field specified as the value of
field. - equals string[]
- A list of values that includes events that match the exact value of the event record field specified as the value of
field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields. - field string
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values:
readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN. - not
Ends string[]Withs - A list of values that excludes events that match the last few characters of the event record field specified as the value of
field. - not
Equals string[] - A list of values that excludes events that match the exact value of the event record field specified as the value of
field. - not
Starts string[]Withs - A list of values that excludes events that match the first few characters of the event record field specified as the value of
field. - starts
Withs string[] - A list of values that includes events that match the first few characters of the event record field specified as the value of
field.
- ends_
withs Sequence[str] - A list of values that includes events that match the last few characters of the event record field specified as the value of
field. - equals Sequence[str]
- A list of values that includes events that match the exact value of the event record field specified as the value of
field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields. - field str
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values:
readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN. - not_
ends_ Sequence[str]withs - A list of values that excludes events that match the last few characters of the event record field specified as the value of
field. - not_
equals Sequence[str] - A list of values that excludes events that match the exact value of the event record field specified as the value of
field. - not_
starts_ Sequence[str]withs - A list of values that excludes events that match the first few characters of the event record field specified as the value of
field. - starts_
withs Sequence[str] - A list of values that includes events that match the first few characters of the event record field specified as the value of
field.
- ends
Withs List<String> - A list of values that includes events that match the last few characters of the event record field specified as the value of
field. - equals List<String>
- A list of values that includes events that match the exact value of the event record field specified as the value of
field. This is the only valid operator that you can use with thereadOnly,eventCategory, andresources.typefields. - field String
- Specifies a field in an event record on which to filter events to be logged. You can specify only the following values:
readOnly,eventSource,eventName,eventCategory,resources.type,resources.ARN. - not
Ends List<String>Withs - A list of values that excludes events that match the last few characters of the event record field specified as the value of
field. - not
Equals List<String> - A list of values that excludes events that match the exact value of the event record field specified as the value of
field. - not
Starts List<String>Withs - A list of values that excludes events that match the first few characters of the event record field specified as the value of
field. - starts
Withs List<String> - A list of values that includes events that match the first few characters of the event record field specified as the value of
field.
Import
Using pulumi import, import event data stores using their arn. For example:
$ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.