WindowsAuditLogCreateConfiguration
The Windows file access auditing configuration used when creating or updating an Amazon FSx for Windows File Server file system.
Contents
- FileAccessAuditLogLevel
-
Sets which attempt type is logged by Amazon FSx for file and folder accesses.
-
SUCCESS_ONLY
- only successful attempts to access files or folders are logged. -
FAILURE_ONLY
- only failed attempts to access files or folders are logged. -
SUCCESS_AND_FAILURE
- both successful attempts and failed attempts to access files or folders are logged. -
DISABLED
- access auditing of files and folders is turned off.
Type: String
Valid Values:
DISABLED | SUCCESS_ONLY | FAILURE_ONLY | SUCCESS_AND_FAILURE
Required: Yes
-
-
Sets which attempt type is logged by Amazon FSx for file share accesses.
-
SUCCESS_ONLY
- only successful attempts to access file shares are logged. -
FAILURE_ONLY
- only failed attempts to access file shares are logged. -
SUCCESS_AND_FAILURE
- both successful attempts and failed attempts to access file shares are logged. -
DISABLED
- access auditing of file shares is turned off.
Type: String
Valid Values:
DISABLED | SUCCESS_ONLY | FAILURE_ONLY | SUCCESS_AND_FAILURE
Required: Yes
-
- AuditLogDestination
-
The Amazon Resource Name (ARN) that specifies the destination of the audit logs.
The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN, with the following requirements:
-
The destination ARN that you provide (either CloudWatch Logs log group or Kinesis Data Firehose delivery stream) must be in the same Amazon partition, Amazon Web Services Region, and Amazon Web Services account as your Amazon FSx file system.
-
The name of the Amazon CloudWatch Logs log group must begin with the
/aws/fsx
prefix. The name of the Amazon Kinesis Data Firehose delivery stream must begin with theaws-fsx
prefix. -
If you do not provide a destination in
AuditLogDestination
, Amazon FSx will create and use a log stream in the CloudWatch Logs/aws/fsx/windows
log group. -
If
AuditLogDestination
is provided and the resource does not exist, the request will fail with aBadRequest
error. -
If
FileAccessAuditLogLevel
andFileShareAccessAuditLogLevel
are both set toDISABLED
, you cannot specify a destination inAuditLogDestination
.
Type: String
Length Constraints: Minimum length of 8. Maximum length of 1024.
Pattern:
^arn:[^:]{1,63}:[^:]{0,63}:[^:]{0,63}:(?:|\d{12}):[^/].{0,1023}$
Required: No
-
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: