Create, update, and manage event data stores with the Amazon CLI - Amazon CloudTrail
Available commands for event data stores
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create, update, and manage event data stores with the Amazon CLI

This section describes the Amazon CLI commands you can use to create, update, and manage your CloudTrail Lake event data stores.

When using the Amazon CLI, remember that your commands run in the Amazon Web Services Region configured for your profile. If you want to run the commands in a different Region, either change the default Region for your profile, or use the --region parameter with the command.

Available commands for event data stores

Commands for creating and updating event data stores in CloudTrail Lake include:

  • create-event-data-store to create an event data store.

  • get-event-data-store to return information about the event data store including the advanced event selectors configured for the event data store.

  • update-event-data-store to change the configuration of an existing event data store.

  • list-event-data-stores to list the event data stores.

  • delete-event-data-store to delete an event data store.

  • restore-event-data-store to restore an event data store that is pending deletion.

  • start-import to start an import of trail events to an event data store, or retry a failed import.

  • get-import to return information about a specific import.

  • stop-import to stop an import of trail events to an event data store.

  • list-imports to return information on all imports, or a select set of imports by ImportStatus or Destination.

  • list-import-failures to list import failures for the specified import.

  • stop-event-data-store-ingestion to stop event ingestion on an event data store.

  • start-event-data-store-ingestion to restart event ingestion on an event data store.

  • enable-federation to enable federation on an event data store to query the event data store in Amazon Athena.

  • disable-federation to disable federation on an event data store. After you disable federation, you can no longer query against the event data store's data in Amazon Athena. You can continue to query in CloudTrail Lake.

  • put-insight-selectors to add or modify Insights event selectors for an existing event data store, and enable or disable Insights events.

  • get-insight-selectors to return information about Insights event selectors configured for an event data store.

  • add-tags to add one or more tags (key-value pairs) to an existing event data store.

  • remove-tags to remove one or more tags from a event data store.

  • list-tags to return a list of tags associated with a event data store.

For a list of available commands for CloudTrail Lake queries, see Available commands for CloudTrail Lake queries.

For a list of available commands for CloudTrail Lake integrations, see Available commands for CloudTrail Lake integrations.