CloudTrailDataService

Table of Contents

• CloudTrailDataService
  • Client
  • Paginators

Client

class CloudTrailDataService.Client

A low-level client representing AWS CloudTrail Data Service

The CloudTrail Data Service lets you ingest events into CloudTrail from any source in your hybrid environments, such as in-house or SaaS applications hosted on-premises or in the cloud, virtual machines, or containers. You can store, access, analyze, troubleshoot and take action on this data without maintaining multiple log aggregators and reporting tools. After you run PutAuditEvents to ingest your application activity into CloudTrail, you can use CloudTrail Lake to search, query, and analyze the data that is logged from your applications.

import boto3

client = boto3.client('cloudtrail-data')

These are the available methods:

• can_paginate()
• close()
• get_paginator()
• get_waiter()
• put_audit_events()

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters

operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").

Returns

True if the operation can be paginated, False otherwise.

close()

Closes underlying endpoint connections.

get_paginator(operation_name)

Create a paginator for an operation.

Parameters

operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").

Raises OperationNotPageableError

Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.

Return type

L{botocore.paginate.Paginator}

Returns

A paginator object.

get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters

waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.

Returns

The specified waiter object.

Return type

botocore.waiter.Waiter

put_audit_events(**kwargs)

Ingests your application events into CloudTrail Lake. A required parameter, auditEvents , accepts the JSON records (also called payload ) of events that you want CloudTrail to ingest. You can add up to 100 of these events (or up to 1 MB) per PutAuditEvents request.

See also: AWS API Documentation

Request Syntax

response = client.put_audit_events(
    auditEvents=[
        {
            'eventData': 'string',
            'eventDataChecksum': 'string',
            'id': 'string'
        },
    ],
    channelArn='string',
    externalId='string'
)

Parameters

• auditEvents (list) --

  [REQUIRED]

  The JSON payload of events that you want to ingest. You can also point to the JSON event payload in a file.

  • (dict) --

    An event from a source outside of Amazon Web Services that you want CloudTrail to log.

    • eventData (string) -- [REQUIRED]

      The content of an audit event that comes from the event, such as userIdentity , userAgent , and eventSource .

    • eventDataChecksum (string) --

      A checksum is a base64-SHA256 algorithm that helps you verify that CloudTrail receives the event that matches with the checksum. Calculate the checksum by running a command like the following:

      printf %s $eventdata| openssl dgst -binary -sha256 | base64

    • id (string) -- [REQUIRED]

      The original event ID from the source event.

• channelArn (string) --

  [REQUIRED]

  The ARN or ID (the ARN suffix) of a channel.

• externalId (string) -- A unique identifier that is conditionally required when the channel's resource policy includes an external ID. This value can be any string, such as a passphrase or account number.

Return type

dict

Returns

Response Syntax

{
    'failed': [
        {
            'errorCode': 'string',
            'errorMessage': 'string',
            'id': 'string'
        },
    ],
    'successful': [
        {
            'eventID': 'string',
            'id': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • failed (list) --

    Lists events in the provided event payload that could not be ingested into CloudTrail, and includes the error code and error message returned for events that could not be ingested.

    • (dict) --

      Includes the error code and error message for events that could not be ingested by CloudTrail.

      • errorCode (string) --

        The error code for events that could not be ingested by CloudTrail. Possible error codes include: FieldTooLong , FieldNotFound , InvalidChecksum , InvalidData , InvalidRecipient , InvalidEventSource , AccountNotSubscribed , Throttling , and InternalFailure .

      • errorMessage (string) --

        The message that describes the error for events that could not be ingested by CloudTrail.

      • id (string) --

        The original event ID from the source event that could not be ingested by CloudTrail.

  • successful (list) --

    Lists events in the provided event payload that were successfully ingested into CloudTrail.

    • (dict) --

      A response that includes successful and failed event results.

      • eventID (string) --

        The event ID assigned by CloudTrail.

      • id (string) --

        The original event ID from the source event.

Exceptions

• CloudTrailDataService.Client.exceptions.ChannelInsufficientPermission
• CloudTrailDataService.Client.exceptions.ChannelNotFound
• CloudTrailDataService.Client.exceptions.InvalidChannelARN
• CloudTrailDataService.Client.exceptions.ChannelUnsupportedSchema
• CloudTrailDataService.Client.exceptions.DuplicatedAuditEventId
• CloudTrailDataService.Client.exceptions.UnsupportedOperationException

Paginators

The available paginators are: