Create, update, and manage event data stores with the Amazon CLI
This section describes the Amazon CLI commands you can use to create, update, and manage your CloudTrail Lake event data stores.
When using the Amazon CLI, remember that your commands run in the Amazon Web Services Region configured for your profile. If you want to run the commands in a different Region, either change the default Region for your profile, or use the --region parameter with the command.
Available commands for event data stores
Commands for creating and updating event data stores in CloudTrail Lake include:
-
create-event-data-store
to create an event data store. -
get-event-data-store
to return information about the event data store including the advanced event selectors configured for the event data store. -
update-event-data-store
to change the configuration of an existing event data store. -
list-event-data-stores
to list the event data stores. -
delete-event-data-store
to delete an event data store. -
restore-event-data-store
to restore an event data store that is pending deletion. -
start-import
to start an import of trail events to an event data store, or retry a failed import. -
get-import
to return information about a specific import. -
stop-import
to stop an import of trail events to an event data store. -
list-imports
to return information on all imports, or a select set of imports byImportStatus
orDestination
. -
list-import-failures
to list import failures for the specified import. -
stop-event-data-store-ingestion
to stop event ingestion on an event data store. -
start-event-data-store-ingestion
to restart event ingestion on an event data store. -
enable-federation
to enable federation on an event data store to query the event data store in Amazon Athena. -
disable-federation
to disable federation on an event data store. After you disable federation, you can no longer query against the event data store's data in Amazon Athena. You can continue to query in CloudTrail Lake. -
put-insight-selectors
to add or modify Insights event selectors for an existing event data store, and enable or disable Insights events. -
get-insight-selectors
to return information about Insights event selectors configured for an event data store. -
add-tags
to add one or more tags (key-value pairs) to an existing event data store. -
remove-tags
to remove one or more tags from a event data store. -
list-tags
to return a list of tags associated with a event data store. -
put-resource-policy
to attach a resource-based policy to an event data store. Resource-based polices allow you to control which principals can perform actions on your event data store. For example policies, see Resource-based policy examples for event data stores. -
get-resource-policy
to get the resource-based policy attached to an event data store. -
delete-resource-policy
to delete the resource-based policy attached to an event data store.
For a list of available commands for CloudTrail Lake queries, see Available commands for CloudTrail Lake queries.
For a list of available commands for CloudTrail Lake dashboards, see Available commands for dashboards.
For a list of available commands for CloudTrail Lake integrations, see Available commands for CloudTrail Lake integrations.