This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::CloudTrail::EventDataStore AdvancedEventSelector Advanced event selectors let you create fine-grained selectors for Amazon CloudTrail management, data, and network activity events. They help you control costs by logging only those events that are important to you. For more information about configuring advanced event selectors, see the [Logging data events](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html), [Logging network activity events](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-network-events-with-cloudtrail.html), and [Logging management events](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) topics in the *Amazon CloudTrail User Guide*. You cannot apply both event selectors and advanced event selectors to a trail. **Supported CloudTrail event record fields for management events** + `eventCategory` (required) + `eventSource` + `readOnly` The following additional fields are available for event data stores: + `eventName` + `eventType` + `sessionCredentialFromConsole` + `userIdentity.arn` **Supported CloudTrail event record fields for data events** + `eventCategory` (required) + `eventName` + `eventSource` + `eventType` + `resources.ARN` + `resources.type` (required) + `readOnly` + `sessionCredentialFromConsole` + `userIdentity.arn` **Supported CloudTrail event record fields for network activity events** + `eventCategory` (required) + `eventSource` (required) + `eventName` + `errorCode` - The only valid value for `errorCode` is `VpceAccessDenied`. + `vpcEndpointId` **Note** For event data stores for CloudTrail Insights events, Amazon Config configuration items, Audit Manager evidence, or events outside of Amazon, the only supported field is `eventCategory`. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[FieldSelectors](#cfn-cloudtrail-eventdatastore-advancedeventselector-fieldselectors)" : [ AdvancedFieldSelector, ... ], "[Name](#cfn-cloudtrail-eventdatastore-advancedeventselector-name)" : String } ``` ### YAML ``` [FieldSelectors](#cfn-cloudtrail-eventdatastore-advancedeventselector-fieldselectors): - AdvancedFieldSelector [Name](#cfn-cloudtrail-eventdatastore-advancedeventselector-name): String ``` ## Properties `FieldSelectors` Contains all selector statements in an advanced event selector. *Required*: Yes *Type*: Array of [AdvancedFieldSelector](aws-properties-cloudtrail-eventdatastore-advancedfieldselector.md) *Minimum*: `1` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets". *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `1000` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)