daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.cloudtrail"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.CloudTrail"
},
"python": {
"module": "aws_cdk.aws_cloudtrail"
}
}
}

203
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/README.md generated vendored Normal file
View File

@@ -0,0 +1,203 @@
# AWS CloudTrail Construct Library
## Trail
AWS CloudTrail enables governance, compliance, and operational and risk auditing of your AWS account. Actions taken by
a user, role, or an AWS service are recorded as events in CloudTrail. Learn more at the [CloudTrail
documentation](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html).
The `Trail` construct enables ongoing delivery of events as log files to an Amazon S3 bucket. Learn more about [Creating
a Trail for Your AWS Account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html).
The following code creates a simple CloudTrail for your account -
```ts
const trail = new cloudtrail.Trail(this, 'CloudTrail');
```
By default, this will create a new S3 Bucket that CloudTrail will write to, and choose a few other reasonable defaults
such as turning on multi-region and global service events.
The defaults for each property and how to override them are all documented on the `TrailProps` interface.
## Log File Validation
In order to validate that the CloudTrail log file was not modified after CloudTrail delivered it, CloudTrail provides a
digital signature for each file. Learn more at [Validating CloudTrail Log File
Integrity](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html).
This is enabled on the `Trail` construct by default, but can be turned off by setting `enableFileValidation` to `false`.
```ts
const trail = new cloudtrail.Trail(this, 'CloudTrail', {
enableFileValidation: false,
});
```
## Notifications
Amazon SNS notifications can be configured upon new log files containing Trail events are delivered to S3.
Learn more at [Configuring Amazon SNS Notifications for
CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html).
The following code configures an SNS topic to be notified -
```ts
const topic = new sns.Topic(this, 'TrailTopic');
const trail = new cloudtrail.Trail(this, 'CloudTrail', {
snsTopic: topic,
});
```
## Service Integrations
Besides sending trail events to S3, they can also be configured to notify other AWS services -
### Amazon CloudWatch Logs
CloudTrail events can be delivered to a CloudWatch Logs LogGroup. By default, a new LogGroup is created with a
default retention setting. The following code enables sending CloudWatch logs but specifies a particular retention
period for the created Log Group.
```ts
import * as logs from 'aws-cdk-lib/aws-logs';
const trail = new cloudtrail.Trail(this, 'CloudTrail', {
sendToCloudWatchLogs: true,
cloudWatchLogsRetention: logs.RetentionDays.FOUR_MONTHS,
});
```
If you would like to use a specific log group instead, this can be configured via `cloudwatchLogGroup`.
### Amazon EventBridge
Amazon EventBridge rules can be configured to be triggered when CloudTrail events occur using the `Trail.onEvent()` API.
Using APIs available in `aws-events`, these events can be filtered to match to those that are of interest, either from
a specific service, account or time range. See [Events delivered via
CloudTrail](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/EventTypes.html#events-for-services-not-listed)
to learn more about the event structure for events from CloudTrail.
The following code filters events for S3 from a specific AWS account and triggers a lambda function.
```ts
const myFunctionHandler = new lambda.Function(this, 'MyFunction', {
code: lambda.Code.fromAsset('resource/myfunction'),
runtime: lambda.Runtime.NODEJS_LATEST,
handler: 'index.handler',
});
const eventRule = cloudtrail.Trail.onEvent(this, 'MyCloudWatchEvent', {
target: new targets.LambdaFunction(myFunctionHandler),
});
eventRule.addEventPattern({
account: ['123456789012'],
source: ['aws.s3'],
});
```
## Multi-Region & Global Service Events
By default, a `Trail` is configured to deliver log files from multiple regions to a single S3 bucket for a given
account. This creates shadow trails (replication of the trails) in all of the other regions. Learn more about [How
CloudTrail Behaves Regionally](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-regional-and-global-services)
and about the [`IsMultiRegion`
property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html#cfn-cloudtrail-trail-ismultiregiontrail).
For most services, events are recorded in the region where the action occurred. For global services such as AWS IAM,
AWS STS, Amazon CloudFront, Route 53, etc., events are delivered to any trail that includes global services. Learn more
[About Global Service Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events).
Events for global services are turned on by default for `Trail` constructs in the CDK.
The following code disables multi-region trail delivery and trail delivery for global services for a specific `Trail` -
```ts
const trail = new cloudtrail.Trail(this, 'CloudTrail', {
// ...
isMultiRegionTrail: false,
includeGlobalServiceEvents: false,
});
```
## Events Types
**Management events** provide information about management operations that are performed on resources in your AWS
account. These are also known as control plane operations. Learn more about [Management
Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-events).
By default, a `Trail` logs all management events. However, they can be configured to either be turned off, or to only
log 'Read' or 'Write' events.
The following code configures the `Trail` to only track management events that are of type 'Read'.
```ts
const trail = new cloudtrail.Trail(this, 'CloudTrail', {
// ...
managementEvents: cloudtrail.ReadWriteType.READ_ONLY,
});
```
**Data events** provide information about the resource operations performed on or in a resource. These are also known
as data plane operations. Learn more about [Data
Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-events).
By default, no data events are logged for a `Trail`.
AWS CloudTrail supports data event logging for Amazon S3 objects and AWS Lambda functions.
The `logAllS3DataEvents()` API configures the trail to log all S3 data events while the `addS3EventSelector()` API can
be used to configure logging of S3 data events for specific buckets and specific object prefix. The following code
configures logging of S3 data events for `fooBucket` and with object prefix `bar/`.
```ts
import * as s3 from 'aws-cdk-lib/aws-s3';
const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');
declare const bucket: s3.Bucket;
// Adds an event selector to the bucket foo
trail.addS3EventSelector([{
bucket,
objectPrefix: 'bar/',
}]);
```
Similarly, the `logAllLambdaDataEvents()` configures the trail to log all Lambda data events while the
`addLambdaEventSelector()` API can be used to configure logging for specific Lambda functions. The following code
configures logging of Lambda data events for a specific Function.
```ts
const trail = new cloudtrail.Trail(this, 'MyAmazingCloudTrail');
const amazingFunction = new lambda.Function(this, 'AnAmazingFunction', {
runtime: lambda.Runtime.NODEJS_LATEST,
handler: "hello.handler",
code: lambda.Code.fromAsset("lambda"),
});
// Add an event selector to log data events for the provided Lambda functions.
trail.addLambdaEventSelector([ amazingFunction ]);
```
## Organization Trail
It is possible to create a trail that will be applied to all accounts in an organization if the current account manages an organization.
To enable this, the property `isOrganizationTrail` must be set. If this property is set and the current account does not manage an organization, the stack will fail to deploy.
```ts
new cloudtrail.Trail(this, 'OrganizationTrail', {
isOrganizationTrail: true,
});
```
## CloudTrail Insights
Set `InsightSelector` to enable Insight.
Insights selector values can be `ApiCallRateInsight`, `ApiErrorRateInsight`, or both.
```ts
new cloudtrail.Trail(this, 'Insights', {
insightTypes: [
cloudtrail.InsightType.API_CALL_RATE,
cloudtrail.InsightType.API_ERROR_RATE,
],
});
```

68
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/SAMPLE-EVENTS.md generated vendored Normal file
View File

@@ -0,0 +1,68 @@
# Some sample CloudTrail events
For reference.
## S3
PutObject
{
"eventSource": "s3.amazonaws.com",
"resources": [
{
"ARN": "arn:aws:s3:::amzn-s3-demo-bucket/OBJECTKEY",
"type": "AWS::S3::Object"
},
{
"accountId": "123456789012",
"ARN": "arn:aws:s3:::amzn-s3-demo-bucket",
"type": "AWS::S3::Bucket"
}
],
"eventTime": "2020-05-22T08:38:05Z",
"userAgent": "[aws-cli/1.16.96 Python/2.7.12 Linux/4.4.0-146-generic botocore/1.12.86]",
"readOnly": false,
"recipientAccountId": "123456789012",
"awsRegion": "eu-west-1",
"requestID": "CF9748DFDC5FB0A4",
"additionalEventData": {
"CipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"bytesTransferredOut": 0,
"AuthenticationMethod": "AuthHeader",
"x-amz-id-2": "hRJMAs5p4ALZIabP4ATIL53npWU61+N6LYWj02gdQtR0ymKSySzVXUSZx7ydv7tRJwk+XMaPerM=",
"bytesTransferredIn": 197,
"SignatureVersion": "SigV4"
},
"eventType": "AwsApiCall",
"eventID": "3074546e-1bfa-4973-8502-b1bb4d0bda1a",
"eventVersion": "1.05",
"eventName": "PutObject",
"sourceIPAddress": "1.2.3.4",
"userIdentity": {
"accountId": "123456789012",
"type": "AssumedRole",
"principalId": "AROAJBNCAL3UTR5C42U4M:user-SomeRole",
"accessKeyId": "AZYCAIJERO6H7",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2020-05-22T08:10:21Z"
},
"sessionIssuer": {
"accountId": "123456789012",
"type": "Role",
"principalId": "AROAJBNCAL3UTR5C42U4M",
"userName": "SomeRole",
"arn": "arn:aws:iam::123456789012:role/SomeRole"
}
},
"arn": "arn:aws:sts::123456789012:assumed-role/SomeRole/user-SomeRole"
},
"responseElements": null,
"requestParameters": {
"bucketName": "amzn-s3-demo-bucket",
"Host": "amzn-s3-demo-bucket.s3.eu-west-1.amazonaws.com",
"key": "OBJECTKEY"
}
}

1
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.ReadWriteType=void 0,Object.defineProperty(exports,_noFold="ReadWriteType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").ReadWriteType;return Object.defineProperty(exports,_noFold="ReadWriteType",{enumerable:!0,configurable:!0,value}),value}}),exports.InsightType=void 0,Object.defineProperty(exports,_noFold="InsightType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").InsightType;return Object.defineProperty(exports,_noFold="InsightType",{enumerable:!0,configurable:!0,value}),value}}),exports.Trail=void 0,Object.defineProperty(exports,_noFold="Trail",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").Trail;return Object.defineProperty(exports,_noFold="Trail",{enumerable:!0,configurable:!0,value}),value}}),exports.ManagementEventSources=void 0,Object.defineProperty(exports,_noFold="ManagementEventSources",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").ManagementEventSources;return Object.defineProperty(exports,_noFold="ManagementEventSources",{enumerable:!0,configurable:!0,value}),value}}),exports.DataResourceType=void 0,Object.defineProperty(exports,_noFold="DataResourceType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").DataResourceType;return Object.defineProperty(exports,_noFold="DataResourceType",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnChannel=void 0,Object.defineProperty(exports,_noFold="CfnChannel",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").CfnChannel;return Object.defineProperty(exports,_noFold="CfnChannel",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnEventDataStore=void 0,Object.defineProperty(exports,_noFold="CfnEventDataStore",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").CfnEventDataStore;return Object.defineProperty(exports,_noFold="CfnEventDataStore",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnResourcePolicy=void 0,Object.defineProperty(exports,_noFold="CfnResourcePolicy",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").CfnResourcePolicy;return Object.defineProperty(exports,_noFold="CfnResourcePolicy",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnTrail=void 0,Object.defineProperty(exports,_noFold="CfnTrail",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").CfnTrail;return Object.defineProperty(exports,_noFold="CfnTrail",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnDashboard=void 0,Object.defineProperty(exports,_noFold="CfnDashboard",{enumerable:!0,configurable:!0,get:()=>{var value=require("./lib").CfnDashboard;return Object.defineProperty(exports,_noFold="CfnDashboard",{enumerable:!0,configurable:!0,value}),value}});

330
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.d.ts generated vendored Normal file
View File

@@ -0,0 +1,330 @@
import type { Construct } from 'constructs';
import * as events from '../../aws-events';
import type * as kms from '../../aws-kms';
import type * as lambda from '../../aws-lambda';
import * as logs from '../../aws-logs';
import * as s3 from '../../aws-s3';
import type * as sns from '../../aws-sns';
import { Resource } from '../../core';
/**
* Properties for an AWS CloudTrail trail
*/
export interface TrailProps {
/**
* For most services, events are recorded in the region where the action occurred.
* For global services such as AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53,
* events are delivered to any trail that includes global services, and are logged as occurring in US East (N. Virginia) Region.
*
* @default true
*/
readonly includeGlobalServiceEvents?: boolean;
/**
* Whether or not this trail delivers log files from multiple regions to a single S3 bucket for a single account.
*
* @default true
*/
readonly isMultiRegionTrail?: boolean;
/**
* When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
* Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
*
* This method sets the management configuration for this trail.
*
* Management events provide insight into management operations that are performed on resources in your AWS account.
* These are also known as control plane operations.
* Management events can also include non-API events that occur in your account.
* For example, when a user logs in to your account, CloudTrail logs the ConsoleLogin event.
*
* @param managementEvents the management configuration type to log
*
* @default ReadWriteType.ALL
*/
readonly managementEvents?: ReadWriteType;
/**
* To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it,
* you can use CloudTrail log file integrity validation.
* This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing.
* This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection.
* You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
*
* @default true
*/
readonly enableFileValidation?: boolean;
/**
* If CloudTrail pushes logs to CloudWatch Logs in addition to S3.
* Disabled for cost out of the box.
*
* @default false
*/
readonly sendToCloudWatchLogs?: boolean;
/**
* How long to retain logs in CloudWatchLogs.
* Ignored if sendToCloudWatchLogs is false or if cloudWatchLogGroup is set.
*
* @default logs.RetentionDays.ONE_YEAR
*/
readonly cloudWatchLogsRetention?: logs.RetentionDays;
/**
* Log Group to which CloudTrail to push logs to. Ignored if sendToCloudWatchLogs is set to false.
* @default - a new log group is created and used.
*/
readonly cloudWatchLogGroup?: logs.ILogGroupRef;
/** The AWS Key Management Service (AWS KMS) key ID that you want to use to encrypt CloudTrail logs.
*
* @default - No encryption.
*/
readonly encryptionKey?: kms.IKey;
/** SNS topic that is notified when new log files are published.
*
* @default - No notifications.
*/
readonly snsTopic?: sns.ITopic;
/**
* The name of the trail.
*
* Required when `isOrganizationTrail` is set to true to attach the necessary permissions.
*
* Otherwise, we recommend customers do not set an explicit name.
*
* @default - AWS CloudFormation generated name.
*/
readonly trailName?: string;
/** An Amazon S3 object key prefix that precedes the name of all log files.
*
* @default - No prefix.
*/
readonly s3KeyPrefix?: string;
/** The Amazon S3 bucket
*
* @default - if not supplied a bucket will be created with all the correct permissions
*/
readonly bucket?: s3.IBucket;
/**
* Specifies whether the trail is applied to all accounts in an organization in AWS Organizations, or only for the current AWS account.
*
* If this is set to true then the current account _must_ be the management account. If it is not, then CloudFormation will throw an error.
*
* If this is set to true and the current account is a management account for an organization in AWS Organizations, the trail will be created in all AWS accounts that belong to the organization.
* If this is set to false, the trail will remain in the current AWS account but be deleted from all member accounts in the organization.
*
* @default - false
*/
readonly isOrganizationTrail?: boolean;
/** The orgId.
*
* Required when `isOrganizationTrail` is set to true to attach the necessary permissions.
*
* @default - No orgId
*/
readonly orgId?: string;
/**
* A JSON string that contains the insight types you want to log on a trail.
*
* @default - No Value.
*/
readonly insightTypes?: InsightType[];
}
/**
* Types of events that CloudTrail can log
*/
export declare enum ReadWriteType {
/**
* Read-only events include API operations that read your resources,
* but don't make changes.
* For example, read-only events include the Amazon EC2 DescribeSecurityGroups
* and DescribeSubnets API operations.
*/
READ_ONLY = "ReadOnly",
/**
* Write-only events include API operations that modify (or might modify)
* your resources.
* For example, the Amazon EC2 RunInstances and TerminateInstances API
* operations modify your instances.
*/
WRITE_ONLY = "WriteOnly",
/**
* All events
*/
ALL = "All",
/**
* No events
*/
NONE = "None"
}
/**
* Util element for InsightSelector
*/
export declare class InsightType {
readonly value: string;
/**
* The type of insights to log on a trail. (API Call Rate)
*/
static readonly API_CALL_RATE: InsightType;
/**
* The type of insights to log on a trail. (API Error Rate)
*/
static readonly API_ERROR_RATE: InsightType;
protected constructor(value: string);
}
/**
* Cloud trail allows you to log events that happen in your AWS account
* For example:
*
* import { CloudTrail } from 'aws-cdk-lib/aws-cloudtrail'
*
* const cloudTrail = new CloudTrail(this, 'MyTrail');
*
*/
export declare class Trail extends Resource {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Create an event rule for when an event is recorded by any Trail in the account.
*
* Note that the event doesn't necessarily have to come from this Trail, it can
* be captured from any one.
*
* Be sure to filter the event further down using an event pattern.
*/
static onEvent(scope: Construct, id: string, options?: events.OnEventOptions): events.Rule;
/**
* ARN of the CloudTrail trail
* i.e. arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail
* @attribute
*/
get trailArn(): string;
/**
* ARN of the Amazon SNS topic that's associated with the CloudTrail trail,
* i.e. arn:aws:sns:us-east-2:123456789012:mySNSTopic
* @attribute
*/
readonly trailSnsTopicArn: string;
private readonly _logGroup?;
private readonly resource;
/**
* The CloudWatch log group to which CloudTrail events are sent.
* `undefined` if `sendToCloudWatchLogs` property is false.
*/
get logGroup(): logs.ILogGroup | undefined;
private s3bucket;
private managementEvents;
private eventSelectors;
private topic;
private insightTypeValues;
constructor(scope: Construct, id: string, props?: TrailProps);
/**
* When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
* Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
*
* This method adds an Event Selector for filtering events that match either S3 or Lambda function operations.
*
* Data events: These events provide insight into the resource operations performed on or within a resource.
* These are also known as data plane operations.
*
* @param dataResourceValues the list of data resource ARNs to include in logging (maximum 250 entries).
* @param options the options to configure logging of management and data events.
*/
addEventSelector(dataResourceType: DataResourceType, dataResourceValues: string[], options?: AddEventSelectorOptions): void;
/**
* When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
* Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
*
* This method adds a Lambda Data Event Selector for filtering events that match Lambda function operations.
*
* Data events: These events provide insight into the resource operations performed on or within a resource.
* These are also known as data plane operations.
*
* @param handlers the list of lambda function handlers whose data events should be logged (maximum 250 entries).
* @param options the options to configure logging of management and data events.
*/
addLambdaEventSelector(handlers: lambda.IFunction[], options?: AddEventSelectorOptions): void;
/**
* Log all Lambda data events for all lambda functions the account.
* @see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
* @default false
*/
logAllLambdaDataEvents(options?: AddEventSelectorOptions): void;
/**
* When an event occurs in your account, CloudTrail evaluates whether the event matches the settings for your trails.
* Only events that match your trail settings are delivered to your Amazon S3 bucket and Amazon CloudWatch Logs log group.
*
* This method adds an S3 Data Event Selector for filtering events that match S3 operations.
*
* Data events: These events provide insight into the resource operations performed on or within a resource.
* These are also known as data plane operations.
*
* @param s3Selector the list of S3 bucket with optional prefix to include in logging (maximum 250 entries).
* @param options the options to configure logging of management and data events.
*/
addS3EventSelector(s3Selector: S3EventSelector[], options?: AddEventSelectorOptions): void;
/**
* Log all S3 data events for all objects for all buckets in the account.
* @see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
* @default false
*/
logAllS3DataEvents(options?: AddEventSelectorOptions): void;
private validateEventSelectors;
}
/**
* Options for adding an event selector.
*/
export interface AddEventSelectorOptions {
/**
* Specifies whether to log read-only events, write-only events, or all events.
*
* @default ReadWriteType.All
*/
readonly readWriteType?: ReadWriteType;
/**
* Specifies whether the event selector includes management events for the trail.
*
* @default true
*/
readonly includeManagementEvents?: boolean;
/**
* An optional list of service event sources from which you do not want management events to be logged on your trail.
*
* @default []
*/
readonly excludeManagementEventSources?: ManagementEventSources[];
}
/**
* Types of management event sources that can be excluded
*/
export declare enum ManagementEventSources {
/**
* AWS Key Management Service (AWS KMS) events
*/
KMS = "kms.amazonaws.com",
/**
* Data API events
*/
RDS_DATA_API = "rdsdata.amazonaws.com"
}
/**
* Selecting an S3 bucket and an optional prefix to be logged for data events.
*/
export interface S3EventSelector {
/** S3 bucket */
readonly bucket: s3.IBucketRef;
/**
* Data events for objects whose key matches this prefix will be logged.
* @default - all objects
*/
readonly objectPrefix?: string;
}
/**
* Resource type for a data event
*/
export declare enum DataResourceType {
/**
* Data resource type for Lambda function
*/
LAMBDA_FUNCTION = "AWS::Lambda::Function",
/**
* Data resource type for S3 objects
*/
S3_OBJECT = "AWS::S3::Object"
}

1987
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.generated.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/lib/cloudtrail.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

2
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,2 @@
export * from './cloudtrail';
export * from './cloudtrail.generated';

1
cdk/node_modules/aws-cdk-lib/aws-cloudtrail/lib/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.ReadWriteType=void 0,Object.defineProperty(exports,_noFold="ReadWriteType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail").ReadWriteType;return Object.defineProperty(exports,_noFold="ReadWriteType",{enumerable:!0,configurable:!0,value}),value}}),exports.InsightType=void 0,Object.defineProperty(exports,_noFold="InsightType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail").InsightType;return Object.defineProperty(exports,_noFold="InsightType",{enumerable:!0,configurable:!0,value}),value}}),exports.Trail=void 0,Object.defineProperty(exports,_noFold="Trail",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail").Trail;return Object.defineProperty(exports,_noFold="Trail",{enumerable:!0,configurable:!0,value}),value}}),exports.ManagementEventSources=void 0,Object.defineProperty(exports,_noFold="ManagementEventSources",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail").ManagementEventSources;return Object.defineProperty(exports,_noFold="ManagementEventSources",{enumerable:!0,configurable:!0,value}),value}}),exports.DataResourceType=void 0,Object.defineProperty(exports,_noFold="DataResourceType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail").DataResourceType;return Object.defineProperty(exports,_noFold="DataResourceType",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnChannel=void 0,Object.defineProperty(exports,_noFold="CfnChannel",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail.generated").CfnChannel;return Object.defineProperty(exports,_noFold="CfnChannel",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnEventDataStore=void 0,Object.defineProperty(exports,_noFold="CfnEventDataStore",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail.generated").CfnEventDataStore;return Object.defineProperty(exports,_noFold="CfnEventDataStore",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnResourcePolicy=void 0,Object.defineProperty(exports,_noFold="CfnResourcePolicy",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail.generated").CfnResourcePolicy;return Object.defineProperty(exports,_noFold="CfnResourcePolicy",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnTrail=void 0,Object.defineProperty(exports,_noFold="CfnTrail",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail.generated").CfnTrail;return Object.defineProperty(exports,_noFold="CfnTrail",{enumerable:!0,configurable:!0,value}),value}}),exports.CfnDashboard=void 0,Object.defineProperty(exports,_noFold="CfnDashboard",{enumerable:!0,configurable:!0,get:()=>{var value=require("./cloudtrail.generated").CfnDashboard;return Object.defineProperty(exports,_noFold="CfnDashboard",{enumerable:!0,configurable:!0,value}),value}});