2024/11/22 - AWS CloudTrail - 6 new7 updated api methods
Changes This release introduces new APIs for creating and managing CloudTrail Lake dashboards. It also adds support for resource-based policies on CloudTrail EventDataStore and Dashboard resource.
Deletes the specified dashboard. You cannot delete a dashboard that has termination protection enabled.
See also: AWS API Documentation
Request Syntax
client.delete_dashboard(
DashboardId='string'
)
string
[REQUIRED]
The name or ARN for the dashboard.
dict
Response Syntax
{}
Response Structure
(dict) --
Returns the specified dashboard.
See also: AWS API Documentation
Request Syntax
client.get_dashboard(
DashboardId='string'
)
string
[REQUIRED]
The name or ARN for the dashboard.
dict
Response Syntax
{
'DashboardArn': 'string',
'Type': 'MANAGED'|'CUSTOM',
'Status': 'CREATING'|'CREATED'|'UPDATING'|'UPDATED'|'DELETING',
'Widgets': [
{
'QueryAlias': 'string',
'QueryStatement': 'string',
'QueryParameters': [
'string',
],
'ViewProperties': {
'string': 'string'
}
},
],
'RefreshSchedule': {
'Frequency': {
'Unit': 'HOURS'|'DAYS',
'Value': 123
},
'Status': 'ENABLED'|'DISABLED',
'TimeOfDay': 'string'
},
'CreatedTimestamp': datetime(2015, 1, 1),
'UpdatedTimestamp': datetime(2015, 1, 1),
'LastRefreshId': 'string',
'LastRefreshFailureReason': 'string',
'TerminationProtectionEnabled': True|False
}
Response Structure
(dict) --
DashboardArn (string) --
The ARN for the dashboard.
Type (string) --
The type of dashboard.
Status (string) --
The status of the dashboard.
Widgets (list) --
An array of widgets for the dashboard.
(dict) --
A widget on a CloudTrail Lake dashboard.
QueryAlias (string) --
The query alias used to identify the query for the widget.
QueryStatement (string) --
The SQL query statement for the widget.
QueryParameters (list) --
The query parameters for the widget.
(string) --
ViewProperties (dict) --
The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide..
(string) --
(string) --
RefreshSchedule (dict) --
The refresh schedule for the dashboard, if configured.
Frequency (dict) --
The frequency at which you want the dashboard refreshed.
Unit (string) --
The unit to use for the refresh.
For custom dashboards, the unit can be HOURS or DAYS.
For the Highlights dashboard, the Unit must be HOURS.
Value (integer) --
The value for the refresh schedule.
For custom dashboards, the following values are valid when the unit is HOURS: 1, 6, 12, 24
For custom dashboards, the only valid value when the unit is DAYS is 1.
For the Highlights dashboard, the Value must be 6.
Status (string) --
Specifies whether the refresh schedule is enabled. Set the value to ENABLED to enable the refresh schedule, or to DISABLED to turn off the refresh schedule.
TimeOfDay (string) --
The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00.
CreatedTimestamp (datetime) --
The timestamp that shows when the dashboard was created.
UpdatedTimestamp (datetime) --
The timestamp that shows when the dashboard was last updated.
LastRefreshId (string) --
The ID of the last dashboard refresh.
LastRefreshFailureReason (string) --
Provides information about failures for the last scheduled refresh.
TerminationProtectionEnabled (boolean) --
Indicates whether termination protection is enabled for the dashboard.
Creates a custom dashboard or the Highlights dashboard.
Custom dashboards - Custom dashboards allow you to query events in any event data store type. You can add up to 10 widgets to a custom dashboard. You can manually refresh a custom dashboard, or you can set a refresh schedule.
Highlights dashboard - You can create the Highlights dashboard to see a summary of key user activities and API usage across all your event data stores. CloudTrail Lake manages the Highlights dashboard and refreshes the dashboard every 6 hours. To create the Highlights dashboard, you must set and enable a refresh schedule.
CloudTrail runs queries to populate the dashboard's widgets during a manual or scheduled refresh. CloudTrail must be granted permissions to run the StartQuery operation on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to each event data store. For more information, see Example: Allow CloudTrail to run queries to populate a dashboard in the CloudTrail User Guide.
To set a refresh schedule, CloudTrail must be granted permissions to run the StartDashboardRefresh operation to refresh the dashboard on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to the dashboard. For more information, see Resource-based policy example for a dashboard in the CloudTrail User Guide.
For more information about dashboards, see CloudTrail Lake dashboards in the CloudTrail User Guide.
See also: AWS API Documentation
Request Syntax
client.create_dashboard(
Name='string',
RefreshSchedule={
'Frequency': {
'Unit': 'HOURS'|'DAYS',
'Value': 123
},
'Status': 'ENABLED'|'DISABLED',
'TimeOfDay': 'string'
},
TagsList=[
{
'Key': 'string',
'Value': 'string'
},
],
TerminationProtectionEnabled=True|False,
Widgets=[
{
'QueryStatement': 'string',
'QueryParameters': [
'string',
],
'ViewProperties': {
'string': 'string'
}
},
]
)
string
[REQUIRED]
The name of the dashboard. The name must be unique to your account.
To create the Highlights dashboard, the name must be AWSCloudTrail-Highlights.
dict
The refresh schedule configuration for the dashboard.
To create the Highlights dashboard, you must set a refresh schedule and set the Status to ENABLED. The Unit for the refresh schedule must be HOURS and the Value must be 6.
Frequency (dict) --
The frequency at which you want the dashboard refreshed.
Unit (string) --
The unit to use for the refresh.
For custom dashboards, the unit can be HOURS or DAYS.
For the Highlights dashboard, the Unit must be HOURS.
Value (integer) --
The value for the refresh schedule.
For custom dashboards, the following values are valid when the unit is HOURS: 1, 6, 12, 24
For custom dashboards, the only valid value when the unit is DAYS is 1.
For the Highlights dashboard, the Value must be 6.
Status (string) --
Specifies whether the refresh schedule is enabled. Set the value to ENABLED to enable the refresh schedule, or to DISABLED to turn off the refresh schedule.
TimeOfDay (string) --
The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00.
list
A list of tags.
(dict) --
A custom key-value pair associated with a resource such as a CloudTrail trail, event data store, dashboard, or channel.
Key (string) -- [REQUIRED]
The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies.
Value (string) --
The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters.
boolean
Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled.
list
An array of widgets for a custom dashboard. A custom dashboard can have a maximum of ten widgets.
You do not need to specify widgets for the Highlights dashboard.
(dict) --
Contains information about a widget on a CloudTrail Lake dashboard.
QueryStatement (string) -- [REQUIRED]
The query statement for the widget. For custom dashboard widgets, you can query across multiple event data stores as long as all event data stores exist in your account.
QueryParameters (list) --
The optional query parameters. The following query parameters are valid: $StartTime$, $EndTime$, and $Period$.
(string) --
ViewProperties (dict) -- [REQUIRED]
The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide.
(string) --
(string) --
dict
Response Syntax
{
'DashboardArn': 'string',
'Name': 'string',
'Type': 'MANAGED'|'CUSTOM',
'Widgets': [
{
'QueryAlias': 'string',
'QueryStatement': 'string',
'QueryParameters': [
'string',
],
'ViewProperties': {
'string': 'string'
}
},
],
'TagsList': [
{
'Key': 'string',
'Value': 'string'
},
],
'RefreshSchedule': {
'Frequency': {
'Unit': 'HOURS'|'DAYS',
'Value': 123
},
'Status': 'ENABLED'|'DISABLED',
'TimeOfDay': 'string'
},
'TerminationProtectionEnabled': True|False
}
Response Structure
(dict) --
DashboardArn (string) --
The ARN for the dashboard.
Name (string) --
The name of the dashboard.
Type (string) --
The dashboard type.
Widgets (list) --
An array of widgets for the dashboard.
(dict) --
A widget on a CloudTrail Lake dashboard.
QueryAlias (string) --
The query alias used to identify the query for the widget.
QueryStatement (string) --
The SQL query statement for the widget.
QueryParameters (list) --
The query parameters for the widget.
(string) --
ViewProperties (dict) --
The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide..
(string) --
(string) --
TagsList (list) --
A list of tags.
(dict) --
A custom key-value pair associated with a resource such as a CloudTrail trail, event data store, dashboard, or channel.
Key (string) --
The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies.
Value (string) --
The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters.
RefreshSchedule (dict) --
The refresh schedule for the dashboard, if configured.
Frequency (dict) --
The frequency at which you want the dashboard refreshed.
Unit (string) --
The unit to use for the refresh.
For custom dashboards, the unit can be HOURS or DAYS.
For the Highlights dashboard, the Unit must be HOURS.
Value (integer) --
The value for the refresh schedule.
For custom dashboards, the following values are valid when the unit is HOURS: 1, 6, 12, 24
For custom dashboards, the only valid value when the unit is DAYS is 1.
For the Highlights dashboard, the Value must be 6.
Status (string) --
Specifies whether the refresh schedule is enabled. Set the value to ENABLED to enable the refresh schedule, or to DISABLED to turn off the refresh schedule.
TimeOfDay (string) --
The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00.
TerminationProtectionEnabled (boolean) --
Indicates whether termination protection is enabled for the dashboard.
Updates the specified dashboard.
To set a refresh schedule, CloudTrail must be granted permissions to run the StartDashboardRefresh operation to refresh the dashboard on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to the dashboard. For more information, see Resource-based policy example for a dashboard in the CloudTrail User Guide.
CloudTrail runs queries to populate the dashboard's widgets during a manual or scheduled refresh. CloudTrail must be granted permissions to run the StartQuery operation on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to each event data store. For more information, see Example: Allow CloudTrail to run queries to populate a dashboard in the CloudTrail User Guide.
See also: AWS API Documentation
Request Syntax
client.update_dashboard(
DashboardId='string',
Widgets=[
{
'QueryStatement': 'string',
'QueryParameters': [
'string',
],
'ViewProperties': {
'string': 'string'
}
},
],
RefreshSchedule={
'Frequency': {
'Unit': 'HOURS'|'DAYS',
'Value': 123
},
'Status': 'ENABLED'|'DISABLED',
'TimeOfDay': 'string'
},
TerminationProtectionEnabled=True|False
)
string
[REQUIRED]
The name or ARN of the dashboard.
list
An array of widgets for the dashboard. A custom dashboard can have a maximum of 10 widgets.
To add new widgets, pass in an array that includes the existing widgets along with any new widgets. Run the GetDashboard operation to get the list of widgets for the dashboard.
To remove widgets, pass in an array that includes the existing widgets minus the widgets you want removed.
(dict) --
Contains information about a widget on a CloudTrail Lake dashboard.
QueryStatement (string) -- [REQUIRED]
The query statement for the widget. For custom dashboard widgets, you can query across multiple event data stores as long as all event data stores exist in your account.
QueryParameters (list) --
The optional query parameters. The following query parameters are valid: $StartTime$, $EndTime$, and $Period$.
(string) --
ViewProperties (dict) -- [REQUIRED]
The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide.
(string) --
(string) --
dict
The refresh schedule configuration for the dashboard.
Frequency (dict) --
The frequency at which you want the dashboard refreshed.
Unit (string) --
The unit to use for the refresh.
For custom dashboards, the unit can be HOURS or DAYS.
For the Highlights dashboard, the Unit must be HOURS.
Value (integer) --
The value for the refresh schedule.
For custom dashboards, the following values are valid when the unit is HOURS: 1, 6, 12, 24
For custom dashboards, the only valid value when the unit is DAYS is 1.
For the Highlights dashboard, the Value must be 6.
Status (string) --
Specifies whether the refresh schedule is enabled. Set the value to ENABLED to enable the refresh schedule, or to DISABLED to turn off the refresh schedule.
TimeOfDay (string) --
The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00.
boolean
Specifies whether termination protection is enabled for the dashboard. If termination protection is enabled, you cannot delete the dashboard until termination protection is disabled.
dict
Response Syntax
{
'DashboardArn': 'string',
'Name': 'string',
'Type': 'MANAGED'|'CUSTOM',
'Widgets': [
{
'QueryAlias': 'string',
'QueryStatement': 'string',
'QueryParameters': [
'string',
],
'ViewProperties': {
'string': 'string'
}
},
],
'RefreshSchedule': {
'Frequency': {
'Unit': 'HOURS'|'DAYS',
'Value': 123
},
'Status': 'ENABLED'|'DISABLED',
'TimeOfDay': 'string'
},
'TerminationProtectionEnabled': True|False,
'CreatedTimestamp': datetime(2015, 1, 1),
'UpdatedTimestamp': datetime(2015, 1, 1)
}
Response Structure
(dict) --
DashboardArn (string) --
The ARN for the dashboard.
Name (string) --
The name for the dashboard.
Type (string) --
The type of dashboard.
Widgets (list) --
An array of widgets for the dashboard.
(dict) --
A widget on a CloudTrail Lake dashboard.
QueryAlias (string) --
The query alias used to identify the query for the widget.
QueryStatement (string) --
The SQL query statement for the widget.
QueryParameters (list) --
The query parameters for the widget.
(string) --
ViewProperties (dict) --
The view properties for the widget. For more information about view properties, see View properties for widgets in the CloudTrail User Guide..
(string) --
(string) --
RefreshSchedule (dict) --
The refresh schedule for the dashboard, if configured.
Frequency (dict) --
The frequency at which you want the dashboard refreshed.
Unit (string) --
The unit to use for the refresh.
For custom dashboards, the unit can be HOURS or DAYS.
For the Highlights dashboard, the Unit must be HOURS.
Value (integer) --
The value for the refresh schedule.
For custom dashboards, the following values are valid when the unit is HOURS: 1, 6, 12, 24
For custom dashboards, the only valid value when the unit is DAYS is 1.
For the Highlights dashboard, the Value must be 6.
Status (string) --
Specifies whether the refresh schedule is enabled. Set the value to ENABLED to enable the refresh schedule, or to DISABLED to turn off the refresh schedule.
TimeOfDay (string) --
The time of day in UTC to run the schedule; for hourly only refer to minutes; default is 00:00.
TerminationProtectionEnabled (boolean) --
Indicates whether termination protection is enabled for the dashboard.
CreatedTimestamp (datetime) --
The timestamp that shows when the dashboard was created.
UpdatedTimestamp (datetime) --
The timestamp that shows when the dashboard was updated.
Returns information about all dashboards in the account, in the current Region.
See also: AWS API Documentation
Request Syntax
client.list_dashboards(
NamePrefix='string',
Type='MANAGED'|'CUSTOM',
NextToken='string',
MaxResults=123
)
string
Specify a name prefix to filter on.
string
Specify a dashboard type to filter on: CUSTOM or MANAGED.
string
A token you can use to get the next page of dashboard results.
integer
The maximum number of dashboards to display on a single page.
dict
Response Syntax
{
'Dashboards': [
{
'DashboardArn': 'string',
'Type': 'MANAGED'|'CUSTOM'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Dashboards (list) --
Contains information about dashboards in the account, in the current Region that match the applied filters.
(dict) --
Provides information about a CloudTrail Lake dashboard.
DashboardArn (string) --
The ARN for the dashboard.
Type (string) --
The type of dashboard.
NextToken (string) --
A token you can use to get the next page of dashboard results.
Starts a refresh of the specified dashboard.
Each time a dashboard is refreshed, CloudTrail runs queries to populate the dashboard's widgets. CloudTrail must be granted permissions to run the StartQuery operation on your behalf. To provide permissions, run the PutResourcePolicy operation to attach a resource-based policy to each event data store. For more information, see Example: Allow CloudTrail to run queries to populate a dashboard in the CloudTrail User Guide.
See also: AWS API Documentation
Request Syntax
client.start_dashboard_refresh(
DashboardId='string',
QueryParameterValues={
'string': 'string'
}
)
string
[REQUIRED]
The name or ARN of the dashboard.
dict
The query parameter values for the dashboard
For custom dashboards, the following query parameters are valid: $StartTime$, $EndTime$, and $Period$.
For managed dashboards, the following query parameters are valid: $StartTime$, $EndTime$, $Period$, and $EventDataStoreId$. The $EventDataStoreId$ query parameter is required.
(string) --
(string) --
dict
Response Syntax
{
'RefreshId': 'string'
}
Response Structure
(dict) --
RefreshId (string) --
The refresh ID for the dashboard.
{'EventDataStoreOwnerAccountId': 'string'}
Cancels a query if the query is not in a terminated state, such as CANCELLED, FAILED, TIMED_OUT, or FINISHED. You must specify an ARN value for EventDataStore. The ID of the query that you want to cancel is also required. When you run CancelQuery, the query status might show as CANCELLED even if the operation is not yet finished.
See also: AWS API Documentation
Request Syntax
client.cancel_query(
EventDataStore='string',
QueryId='string',
EventDataStoreOwnerAccountId='string'
)
string
The ARN (or the ID suffix of the ARN) of an event data store on which the specified query is running.
string
[REQUIRED]
The ID of the query that you want to cancel. The QueryId comes from the response of a StartQuery operation.
string
The account ID of the event data store owner.
dict
Response Syntax
{
'QueryId': 'string',
'QueryStatus': 'QUEUED'|'RUNNING'|'FINISHED'|'FAILED'|'CANCELLED'|'TIMED_OUT',
'EventDataStoreOwnerAccountId': 'string'
}
Response Structure
(dict) --
QueryId (string) --
The ID of the canceled query.
QueryStatus (string) --
Shows the status of a query after a CancelQuery request. Typically, the values shown are either RUNNING or CANCELLED.
EventDataStoreOwnerAccountId (string) --
The account ID of the event data store owner.
{'EventDataStoreOwnerAccountId': 'string', 'RefreshId': 'string'}
Response {'EventDataStoreOwnerAccountId': 'string'}
Returns metadata about a query, including query run time in milliseconds, number of events scanned and matched, and query status. If the query results were delivered to an S3 bucket, the response also provides the S3 URI and the delivery status.
You must specify either QueryId or QueryAlias. Specifying the QueryAlias parameter returns information about the last query run for the alias. You can provide RefreshId along with QueryAlias to view the query results of a dashboard query for the specified RefreshId.
See also: AWS API Documentation
Request Syntax
client.describe_query(
EventDataStore='string',
QueryId='string',
QueryAlias='string',
RefreshId='string',
EventDataStoreOwnerAccountId='string'
)
string
The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.
string
The query ID.
string
The alias that identifies a query template.
string
The ID of the dashboard refresh.
string
The account ID of the event data store owner.
dict
Response Syntax
{
'QueryId': 'string',
'QueryString': 'string',
'QueryStatus': 'QUEUED'|'RUNNING'|'FINISHED'|'FAILED'|'CANCELLED'|'TIMED_OUT',
'QueryStatistics': {
'EventsMatched': 123,
'EventsScanned': 123,
'BytesScanned': 123,
'ExecutionTimeInMillis': 123,
'CreationTime': datetime(2015, 1, 1)
},
'ErrorMessage': 'string',
'DeliveryS3Uri': 'string',
'DeliveryStatus': 'SUCCESS'|'FAILED'|'FAILED_SIGNING_FILE'|'PENDING'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'ACCESS_DENIED_SIGNING_FILE'|'CANCELLED'|'UNKNOWN',
'Prompt': 'string',
'EventDataStoreOwnerAccountId': 'string'
}
Response Structure
(dict) --
QueryId (string) --
The ID of the query.
QueryString (string) --
The SQL code of a query.
QueryStatus (string) --
The status of a query. Values for QueryStatus include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED
QueryStatistics (dict) --
Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.
EventsMatched (integer) --
The number of events that matched a query.
EventsScanned (integer) --
The number of events that the query scanned in the event data store.
BytesScanned (integer) --
The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.
ExecutionTimeInMillis (integer) --
The query's run time, in milliseconds.
CreationTime (datetime) --
The creation time of the query.
ErrorMessage (string) --
The error message returned if a query failed.
DeliveryS3Uri (string) --
The URI for the S3 bucket where CloudTrail delivered query results, if applicable.
DeliveryStatus (string) --
The delivery status.
Prompt (string) --
The prompt used for a generated query. For information about generated queries, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.
EventDataStoreOwnerAccountId (string) --
The account ID of the event data store owner.
{'EventDataStoreOwnerAccountId': 'string'}
Generates a query from a natural language prompt. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt.
The prompt can be a question or a statement about the event data in your event data store. For example, you can enter prompts like "What are my top errors in the past month?" and “Give me a list of users that used SNS.”
The prompt must be in English. For information about limitations, permissions, and supported Regions, see Create CloudTrail Lake queries from natural language prompts in the CloudTrail user guide.
See also: AWS API Documentation
Request Syntax
client.generate_query(
EventDataStores=[
'string',
],
Prompt='string'
)
list
[REQUIRED]
The ARN (or ID suffix of the ARN) of the event data store that you want to query. You can only specify one event data store.
(string) --
string
[REQUIRED]
The prompt that you want to use to generate the query. The prompt must be in English. For example prompts, see Example prompts in the CloudTrail user guide.
dict
Response Syntax
{
'QueryStatement': 'string',
'QueryAlias': 'string',
'EventDataStoreOwnerAccountId': 'string'
}
Response Structure
(dict) --
QueryStatement (string) --
The SQL query statement generated from the prompt.
QueryAlias (string) --
An alias that identifies the prompt. When you run the StartQuery operation, you can pass in either the QueryAlias or QueryStatement parameter.
EventDataStoreOwnerAccountId (string) --
The account ID of the event data store owner.
{'EventDataStoreOwnerAccountId': 'string'}
Gets event data results of a query. You must specify the QueryID value returned by the StartQuery operation.
See also: AWS API Documentation
Request Syntax
client.get_query_results(
EventDataStore='string',
QueryId='string',
NextToken='string',
MaxQueryResults=123,
EventDataStoreOwnerAccountId='string'
)
string
The ARN (or ID suffix of the ARN) of the event data store against which the query was run.
string
[REQUIRED]
The ID of the query for which you want to get results.
string
A token you can use to get the next page of query results.
integer
The maximum number of query results to display on a single page.
string
The account ID of the event data store owner.
dict
Response Syntax
{
'QueryStatus': 'QUEUED'|'RUNNING'|'FINISHED'|'FAILED'|'CANCELLED'|'TIMED_OUT',
'QueryStatistics': {
'ResultsCount': 123,
'TotalResultsCount': 123,
'BytesScanned': 123
},
'QueryResultRows': [
[
{
'string': 'string'
},
],
],
'NextToken': 'string',
'ErrorMessage': 'string'
}
Response Structure
(dict) --
QueryStatus (string) --
The status of the query. Values include QUEUED, RUNNING, FINISHED, FAILED, TIMED_OUT, or CANCELLED.
QueryStatistics (dict) --
Shows the count of query results.
ResultsCount (integer) --
The number of results returned.
TotalResultsCount (integer) --
The total number of results returned by a query.
BytesScanned (integer) --
The total bytes that the query scanned in the event data store. This value matches the number of bytes for which your account is billed for the query, unless the query is still running.
QueryResultRows (list) --
Contains the individual event results of the query.
(list) --
(dict) --
(string) --
(string) --
NextToken (string) --
A token you can use to get the next page of query results.
ErrorMessage (string) --
The error message returned if a query failed.
{'DelegatedAdminResourcePolicy': 'string'}
Retrieves the JSON text of the resource-based policy document attached to the CloudTrail event data store, dashboard, or channel.
See also: AWS API Documentation
Request Syntax
client.get_resource_policy(
ResourceArn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
dict
Response Syntax
{
'ResourceArn': 'string',
'ResourcePolicy': 'string',
'DelegatedAdminResourcePolicy': 'string'
}
Response Structure
(dict) --
ResourceArn (string) --
The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
ResourcePolicy (string) --
A JSON-formatted string that contains the resource-based policy attached to the CloudTrail event data store, dashboard, or channel.
DelegatedAdminResourcePolicy (string) --
The default resource-based policy that is automatically generated for the delegated administrator of an Organizations organization. This policy will be evaluated in tandem with any policy you submit for the resource. For more information about this policy, see Default resource policy for delegated administrators.
{'DelegatedAdminResourcePolicy': 'string'}
Attaches a resource-based permission policy to a CloudTrail event data store, dashboard, or channel. For more information about resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.
See also: AWS API Documentation
Request Syntax
client.put_resource_policy(
ResourceArn='string',
ResourcePolicy='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
string
[REQUIRED]
A JSON-formatted string for an Amazon Web Services resource-based policy.
For example resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.
dict
Response Syntax
{
'ResourceArn': 'string',
'ResourcePolicy': 'string',
'DelegatedAdminResourcePolicy': 'string'
}
Response Structure
(dict) --
ResourceArn (string) --
The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.
Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash
Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890
ResourcePolicy (string) --
The JSON-formatted string of the Amazon Web Services resource-based policy attached to the CloudTrail event data store, dashboard, or channel.
DelegatedAdminResourcePolicy (string) --
The default resource-based policy that is automatically generated for the delegated administrator of an Organizations organization. This policy will be evaluated in tandem with any policy you submit for the resource. For more information about this policy, see Default resource policy for delegated administrators.
{'EventDataStoreOwnerAccountId': 'string'}
Starts a CloudTrail Lake query. Use the QueryStatement parameter to provide your SQL query, enclosed in single quotation marks. Use the optional DeliveryS3Uri parameter to deliver the query results to an S3 bucket.
StartQuery requires you specify either the QueryStatement parameter, or a QueryAlias and any QueryParameters. In the current release, the QueryAlias and QueryParameters parameters are used only for the queries that populate the CloudTrail Lake dashboards.
See also: AWS API Documentation
Request Syntax
client.start_query(
QueryStatement='string',
DeliveryS3Uri='string',
QueryAlias='string',
QueryParameters=[
'string',
],
EventDataStoreOwnerAccountId='string'
)
string
The SQL code of your query.
string
The URI for the S3 bucket where CloudTrail delivers the query results.
string
The alias that identifies a query template.
list
The query parameters for the specified QueryAlias.
(string) --
string
The account ID of the event data store owner.
dict
Response Syntax
{
'QueryId': 'string',
'EventDataStoreOwnerAccountId': 'string'
}
Response Structure
(dict) --
QueryId (string) --
The ID of the started query.
EventDataStoreOwnerAccountId (string) --
The account ID of the event data store owner.