AWS CloudTrail Trail DataResource

The DataResource property type specifies Amazon S3 objects for event selectors in a CloudTrail trail. Data events are object-level API operations that access Amazon S3 objects, such as GetObject, DeleteObject, and PutObject. You can specify up to 250 Amazon S3 buckets and object prefixes for a trail. For more information, see DataResource in the AWS CloudTrail API Reference.

DataResource is a property of the EventSelector property type.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : String,
  "Values" : [ String, ... ]
}

YAML


Type: String
Values: 
  - String

Properties

Type

The resource type to log data events for. You can specify the following values: AWS::S3::Object or AWS::Lambda::Function.

Required: Yes

Type: String

Update requires: No interruption

Values

A list of ARN-like strings for the specified Amazon S3 objects.

To log data events for all objects in all Amazon S3 buckets in your AWS account, specify the prefix as arn:aws:s3:::.

To log data events for all objects in an Amazon S3 bucket, specify the bucket and an empty object prefix such as arn:aws:s3:::bucket-1/. The trail logs data events for all objects in this Amazon S3 bucket.

To log data events for specific objects, specify the Amazon S3 bucket and object prefix such as arn:aws:s3:::bucket-1/example-images. The trail logs data events for objects in the bucket that match the prefix.

Required: No

Type: List of String values

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »