putEventSelectors method

Future<PutEventSelectorsResponse> putEventSelectors({
  1. required String trailName,
  2. List<AdvancedEventSelector>? advancedEventSelectors,
  3. List<EventSelector>? eventSelectors,
})

Configures event selectors (also referred to as basic event selectors) or advanced event selectors for your trail. You can use either AdvancedEventSelectors or EventSelectors, but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten.

You can use AdvancedEventSelectors to log management events, data events for all resource types, and network activity events.

You can use EventSelectors to log management events and data events for the following resource types:

  • AWS::DynamoDB::Table
  • AWS::Lambda::Function
  • AWS::S3::Object
You can't use EventSelectors to log network activity events.

If you want your trail to log Insights events, be sure the event selector or advanced event selector enables logging of the Insights event types you want configured for your trail. For more information about logging Insights events, see Working with CloudTrail Insights in the CloudTrail User Guide. By default, trails created without specific event selectors are configured to log all read and write management events, and no data events or network activity events.

When an event occurs in your account, CloudTrail evaluates the event selectors or advanced event selectors in all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

Example

  1. You create an event selector for a trail and specify that you want to log write-only events.
  2. The EC2 GetConsoleOutput and RunInstances API operations occur in your account.
  3. CloudTrail evaluates whether the events match your event selectors.
  4. The RunInstances is a write-only event and it matches your event selector. The trail logs the event.
  5. The GetConsoleOutput is a read-only event that doesn't match your event selector. The trail doesn't log the event.
The PutEventSelectors operation must be called from the Region in which the trail was created; otherwise, an InvalidHomeRegionException exception is thrown.

You can configure up to five event selectors for each trail.

You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. For more information, see Logging management events, Logging data events, Logging network activity events, and Quotas in CloudTrail in the CloudTrail User Guide.

May throw CloudTrailARNInvalidException. May throw ConflictException. May throw InsufficientDependencyServiceAccessPermissionException. May throw InvalidEventSelectorsException. May throw InvalidHomeRegionException. May throw InvalidTrailNameException. May throw NoManagementAccountSLRExistsException. May throw NotOrganizationMasterAccountException. May throw OperationNotPermittedException. May throw ThrottlingException. May throw TrailNotFoundException. May throw UnsupportedOperationException.

Parameter trailName : Specifies the name of the trail or trail ARN. If you specify a trail name, the string must meet the following requirements:

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
  • Start with a letter or number, and end with a letter or number
  • Be between 3 and 128 characters
  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.
  • Not be in IP address format (for example, 192.168.5.4)
If you specify a trail ARN, it must be in the following format.

arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail

Parameter advancedEventSelectors : Specifies the settings for advanced event selectors. You can use advanced event selectors to log management events, data events for all resource types, and network activity events.

You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors, but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events and Logging network activity events in the CloudTrail User Guide.

Parameter eventSelectors : Specifies the settings for your event selectors. You can use event selectors to log management events and data events for the following resource types:

  • AWS::DynamoDB::Table
  • AWS::Lambda::Function
  • AWS::S3::Object
You can't use event selectors to log network activity events.

You can configure up to five event selectors for a trail. You can use either EventSelectors or AdvancedEventSelectors in a PutEventSelectors request, but not both. If you apply EventSelectors to a trail, any existing AdvancedEventSelectors are overwritten.

Implementation

Future<PutEventSelectorsResponse> putEventSelectors({
  required String trailName,
  List<AdvancedEventSelector>? advancedEventSelectors,
  List<EventSelector>? eventSelectors,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'CloudTrail_20131101.PutEventSelectors'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'TrailName': trailName,
      if (advancedEventSelectors != null)
        'AdvancedEventSelectors': advancedEventSelectors,
      if (eventSelectors != null) 'EventSelectors': eventSelectors,
    },
  );

  return PutEventSelectorsResponse.fromJson(jsonResponse.body);
}