EventDataStore
cloudtrail.services.k8s.aws/v1alpha1
| Type | Link |
|---|---|
| GoDoc | cloudtrail-controller/apis/v1alpha1#EventDataStore |
Metadata
| Property | Value |
|---|---|
| Scope | Namespaced |
| Kind | EventDataStore |
| ListKind | EventDataStoreList |
| Plural | eventdatastores |
| Singular | eventdatastore |
A storage lake of event data against which you can run complex SQL-based queries. An event data store can include events that you have logged on your account. To select events for an event data store, use advanced event selectors (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-concepts.html#adv-event-selectors).
Spec
advancedEventSelectors:
fieldSelectors:
endsWith:
- string
equals:
- string
field: string
notEndsWith:
- string
notEquals:
- string
notStartsWith:
- string
startsWith:
- string
name: string
multiRegionEnabled: boolean
name: string
organizationEnabled: boolean
retentionPeriod: integer
tags:
- key: string
value: string
terminationProtectionEnabled: boolean
| Field | Description |
|---|---|
| advancedEventSelectors Optional | array The advanced event selectors to use to select the events for the data store. You can configure up to five advanced event selectors for each event data store. For more information about how to use advanced event selectors to log CloudTrail events, see Log events by using advanced event selectors (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced) in the CloudTrail User Guide. For more information about how to use advanced event selectors to include Config configuration items in your event data store, see Create an event data store for Config configuration items (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-eds-cli.html#lake-cli-create-eds-config) in the CloudTrail User Guide. For more information about how to use advanced event selectors to include events outside of Amazon Web Services events in your event data store, see Create an integration to log events from outside Amazon Web Services (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/lake-integrations-cli.html#lake-cli-create-integration) in the CloudTrail User Guide. |
| advancedEventSelectors.[] Required | object Advanced event selectors let you create fine-grained selectors for CloudTrail |
| management, data, and network activity events. They help you control costs | |
| by logging only those events that are important to you. For more information | |
| about configuring advanced event selectors, see the Logging data events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html), | |
| Logging network activity events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html), | |
| and Logging management events (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) | |
| topics in the CloudTrail User Guide. |
You cannot apply both event selectors and advanced event selectors to a trail.
Supported CloudTrail event record fields for management events
eventCategory (required)
eventSource
readOnly
The following additional fields are available for event data stores:
eventName
eventType
sessionCredentialFromConsole
userIdentity.arn
Supported CloudTrail event record fields for data events
eventCategory (required)
resources.type (required)
readOnly
eventName
resources.ARN
The following additional fields are available for event data stores:
eventSource
eventType
sessionCredentialFromConsole
userIdentity.arn
Supported CloudTrail event record fields for network activity events
Network activity events is in preview release for CloudTrail and is subject to change.
eventCategory (required)
eventSource (required)
eventName
errorCode - The only valid value for errorCode is VpceAccessDenied.
vpcEndpointId
For event data stores for CloudTrail Insights events, Config configuration
items, Audit Manager evidence, or events outside of Amazon Web Services,
the only supported field is eventCategory. || advancedEventSelectors.[].fieldSelectors
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[]
Required | object
A single selector statement in an advanced event selector. || advancedEventSelectors.[].fieldSelectors.[].endsWith
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[].endsWith.[]
Required | string
|| advancedEventSelectors.[].fieldSelectors.[].equals
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[].equals.[]
Required | string
|| advancedEventSelectors.[].fieldSelectors.[].field
Optional | string
|
| advancedEventSelectors.[].fieldSelectors.[].notEndsWith
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[].notEndsWith.[]
Required | string
|| advancedEventSelectors.[].fieldSelectors.[].notEquals
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[].notEquals.[]
Required | string
|| advancedEventSelectors.[].fieldSelectors.[].notStartsWith
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[].notStartsWith.[]
Required | string
|| advancedEventSelectors.[].fieldSelectors.[].startsWith
Optional | array
|
| advancedEventSelectors.[].fieldSelectors.[].startsWith.[]
Required | string
|| advancedEventSelectors.[].name
Optional | string
|
| multiRegionEnabled
Optional | boolean
Specifies whether the event data store includes events from all Regions,
or only from the Region in which the event data store is created. |
| name
Required | string
The name of the event data store. |
| organizationEnabled
Optional | boolean
Specifies whether an event data store collects events logged for an organization
in Organizations. |
| retentionPeriod
Optional | integer
The retention period of the event data store, in days. If BillingMode is
set to EXTENDABLE_RETENTION_PRICING, you can set a retention period of up
to 3653 days, the equivalent of 10 years. If BillingMode is set to FIXED_RETENTION_PRICING,
you can set a retention period of up to 2557 days, the equivalent of seven
years.
CloudTrail Lake determines whether to retain an event by checking if the
eventTime of the event is within the specified retention period. For example,
if you set a retention period of 90 days, CloudTrail will remove events when
the eventTime is older than 90 days.
If you plan to copy trail events to this event data store, we recommend that
you consider both the age of the events that you want to copy as well as
how long you want to keep the copied events in your event data store. For
example, if you copy trail events that are 5 years old and specify a retention
period of 7 years, the event data store will retain those events for two
years. |
| tags
Optional | array
|
| tags.[]
Required | object
A custom key-value pair associated with a resource such as a CloudTrail trail,
event data store, dashboard, or channel. || tags.[].key
Optional | string
|
| tags.[].value
Optional | string
|
| terminationProtectionEnabled
Optional | boolean
Specifies whether termination protection is enabled for the event data store.
If termination protection is enabled, you cannot delete the event data store
until termination protection is disabled. |
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
region: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createdTimestamp: string
status: string
updatedTimestamp: string
| Field | Description |
|---|---|
| ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
| ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. https://github.com/aws/aws-controllers-k8s/issues/270 |
| ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
| ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
| conditions Optional | array All CRs managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
| conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
| controllers to indicate terminal states of the CR and its backend AWS | |
| service API resource | |
| conditions.[].message Optional | string A human readable message indicating details about the transition. |
| conditions.[].reason Optional | string The reason for the condition’s last transition. |
| conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
| conditions.[].type Optional | string Type is the type of the Condition |
| createdTimestamp Optional | string The timestamp that shows when the event data store was created. |
| status Optional | string The status of event data store creation. |
| updatedTimestamp Optional | string The timestamp that shows when an event data store was updated, if applicable. UpdatedTimestamp is always either the same or newer than the time shown in CreatedTimestamp. |