field property

String field
final

A field in an event record on which to filter events to be logged. Supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN.

  • readOnly - Optional. Can be set to Equals a value of true or false. A value of false logs both read and write events.
  • eventSource - For filtering management events only. This can be set only to NotEquals kms.amazonaws.com.
  • eventName - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket. You can have multiple values for this field, separated by commas.
  • eventCategory - This is required. It must be set to Equals, and the value must be Management or Data.
  • resources.type - This field is required. resources.type can only use the Equals operator, and the value can be one of the following: AWS::S3::Object or AWS::Lambda::Function. You can have only one resources.type field per selector. To log data events on more than one resource type, add another selector.
  • resources.ARN - You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. The trailing slash is intentional; do not exclude it.
    • arn:partition:s3:::bucket_name/
    • arn:partition:s3:::bucket_name/object_or_file_name/
    When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
    • arn:partition:lambda:region:account_ID:function:function_name

Implementation

final String field;