AWS::CloudTrail::Trail AdvancedEventSelector
Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see Logging management events and Logging data events in the Amazon CloudTrail User Guide.
You cannot apply both event selectors and advanced event selectors to a trail.
Supported CloudTrail event record fields for management events
-
eventCategory
(required) -
eventSource
-
readOnly
Supported CloudTrail event record fields for data events
-
eventCategory
(required) -
resources.type
(required) -
readOnly
-
eventName
-
resources.ARN
Note
For event data stores for CloudTrail Insights events, Amazon Config configuration items, Audit Manager evidence, or events outside of Amazon, the only supported field is
eventCategory
.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "FieldSelectors" :
[ AdvancedFieldSelector, ... ]
, "Name" :String
}
YAML
FieldSelectors:
- AdvancedFieldSelector
Name:String
Properties
FieldSelectors
-
Contains all selector statements in an advanced event selector.
Required: Yes
Type: Array of AdvancedFieldSelector
Minimum:
1
Update requires: No interruption
Name
-
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
Required: No
Type: String
Minimum:
1
Maximum:
1000
Update requires: No interruption