put_audit_events

put_audit_events(**kwargs)

Ingests your application events into CloudTrail Lake. A required parameter, auditEvents , accepts the JSON records (also called payload ) of events that you want CloudTrail to ingest. You can add up to 100 of these events (or up to 1 MB) per PutAuditEvents request.

See also: AWS API Documentation

Request Syntax

response = client.put_audit_events(
    auditEvents=[
        {
            'eventData': 'string',
            'eventDataChecksum': 'string',
            'id': 'string'
        },
    ],
    channelArn='string',
    externalId='string'
)
Parameters
  • auditEvents (list) --

    [REQUIRED]

    The JSON payload of events that you want to ingest. You can also point to the JSON event payload in a file.

    • (dict) --

      An event from a source outside of Amazon Web Services that you want CloudTrail to log.

      • eventData (string) -- [REQUIRED]

        The content of an audit event that comes from the event, such as userIdentity , userAgent , and eventSource .

      • eventDataChecksum (string) --

        A checksum is a base64-SHA256 algorithm that helps you verify that CloudTrail receives the event that matches with the checksum. Calculate the checksum by running a command like the following:

        printf %s $eventdata| openssl dgst -binary -sha256 | base64
      • id (string) -- [REQUIRED]

        The original event ID from the source event.

  • channelArn (string) --

    [REQUIRED]

    The ARN or ID (the ARN suffix) of a channel.

  • externalId (string) -- A unique identifier that is conditionally required when the channel's resource policy includes an external ID. This value can be any string, such as a passphrase or account number.
Return type

dict

Returns

Response Syntax

{
    'failed': [
        {
            'errorCode': 'string',
            'errorMessage': 'string',
            'id': 'string'
        },
    ],
    'successful': [
        {
            'eventID': 'string',
            'id': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • failed (list) --

      Lists events in the provided event payload that could not be ingested into CloudTrail, and includes the error code and error message returned for events that could not be ingested.

      • (dict) --

        Includes the error code and error message for events that could not be ingested by CloudTrail.

        • errorCode (string) --

          The error code for events that could not be ingested by CloudTrail. Possible error codes include: FieldTooLong , FieldNotFound , InvalidChecksum , InvalidData , InvalidRecipient , InvalidEventSource , AccountNotSubscribed , Throttling , and InternalFailure .

        • errorMessage (string) --

          The message that describes the error for events that could not be ingested by CloudTrail.

        • id (string) --

          The original event ID from the source event that could not be ingested by CloudTrail.

    • successful (list) --

      Lists events in the provided event payload that were successfully ingested into CloudTrail.

      • (dict) --

        A response that includes successful and failed event results.

        • eventID (string) --

          The event ID assigned by CloudTrail.

        • id (string) --

          The original event ID from the source event.

Exceptions

  • CloudTrailDataService.Client.exceptions.ChannelInsufficientPermission
  • CloudTrailDataService.Client.exceptions.ChannelNotFound
  • CloudTrailDataService.Client.exceptions.InvalidChannelARN
  • CloudTrailDataService.Client.exceptions.ChannelUnsupportedSchema
  • CloudTrailDataService.Client.exceptions.DuplicatedAuditEventId
  • CloudTrailDataService.Client.exceptions.UnsupportedOperationException