Package software.amazon.awssdk.services.cloudtrail.model

Interface DataResource.Builder

    • Method Detail

      • type

        DataResource.Builder type​(String type)

        The resource type in which you want to log data events. You can specify the following basic event selector resource types:

        • AWS::DynamoDB::Table

        • AWS::Lambda::Function

        • AWS::S3::Object

        Additional resource types are available through advanced event selectors. For more information about these additional resource types, see AdvancedFieldSelector.

        Parameters:
        type - The resource type in which you want to log data events. You can specify the following basic event selector resource types:

        • AWS::DynamoDB::Table

        • AWS::Lambda::Function

        • AWS::S3::Object

        Additional resource types are available through advanced event selectors. For more information about these additional resource types, see AdvancedFieldSelector.

        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • values

        DataResource.Builder values​(Collection<String> values)

        An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.

        • To log data events for all objects in all S3 buckets in your Amazon Web Services account, specify the prefix as arn:aws:s3.

          This also enables logging of data event activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a bucket that belongs to another Amazon Web Services account.

        • To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this S3 bucket.

        • To log data events for specific objects, specify the S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in this S3 bucket that match the prefix.

        • To log data events for all Lambda functions in your Amazon Web Services account, specify the prefix as arn:aws:lambda.

          This also enables logging of Invoke activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a function that belongs to another Amazon Web Services account.

        • To log data events for a specific Lambda function, specify the function ARN.

          Lambda function ARNs are exact. For example, if you specify a function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

        • To log data events for all DynamoDB tables in your Amazon Web Services account, specify the prefix as arn:aws:dynamodb.

        Parameters:
        values - An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.

        • To log data events for all objects in all S3 buckets in your Amazon Web Services account, specify the prefix as arn:aws:s3.

          This also enables logging of data event activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a bucket that belongs to another Amazon Web Services account.

        • To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this S3 bucket.

        • To log data events for specific objects, specify the S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in this S3 bucket that match the prefix.

        • To log data events for all Lambda functions in your Amazon Web Services account, specify the prefix as arn:aws:lambda.

          This also enables logging of Invoke activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a function that belongs to another Amazon Web Services account.

        • To log data events for a specific Lambda function, specify the function ARN.

          Lambda function ARNs are exact. For example, if you specify a function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

        • To log data events for all DynamoDB tables in your Amazon Web Services account, specify the prefix as arn:aws:dynamodb.

        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • values

        DataResource.Builder values​(String... values)

        An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.

        • To log data events for all objects in all S3 buckets in your Amazon Web Services account, specify the prefix as arn:aws:s3.

          This also enables logging of data event activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a bucket that belongs to another Amazon Web Services account.

        • To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this S3 bucket.

        • To log data events for specific objects, specify the S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in this S3 bucket that match the prefix.

        • To log data events for all Lambda functions in your Amazon Web Services account, specify the prefix as arn:aws:lambda.

          This also enables logging of Invoke activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a function that belongs to another Amazon Web Services account.

        • To log data events for a specific Lambda function, specify the function ARN.

          Lambda function ARNs are exact. For example, if you specify a function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

        • To log data events for all DynamoDB tables in your Amazon Web Services account, specify the prefix as arn:aws:dynamodb.

        Parameters:
        values - An array of Amazon Resource Name (ARN) strings or partial ARN strings for the specified objects.

        • To log data events for all objects in all S3 buckets in your Amazon Web Services account, specify the prefix as arn:aws:s3.

          This also enables logging of data event activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a bucket that belongs to another Amazon Web Services account.

        • To log data events for all objects in an S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this S3 bucket.

        • To log data events for specific objects, specify the S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in this S3 bucket that match the prefix.

        • To log data events for all Lambda functions in your Amazon Web Services account, specify the prefix as arn:aws:lambda.

          This also enables logging of Invoke activity performed by any user or role in your Amazon Web Services account, even if that activity is performed on a function that belongs to another Amazon Web Services account.

        • To log data events for a specific Lambda function, specify the function ARN.

          Lambda function ARNs are exact. For example, if you specify a function ARN arn:aws:lambda:us-west-2:111111111111:function:helloworld, data events will only be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld. They will not be logged for arn:aws:lambda:us-west-2:111111111111:function:helloworld2.

        • To log data events for all DynamoDB tables in your Amazon Web Services account, specify the prefix as arn:aws:dynamodb.

        Returns:
        Returns a reference to this object so that method calls can be chained together.