start_import

start_import(**kwargs)

Starts an import of logged trail events from a source S3 bucket to a destination event data store. By default, CloudTrail only imports events contained in the S3 bucket's CloudTrail prefix and the prefixes inside the CloudTrail prefix, and does not check prefixes for other Amazon Web Services services. If you want to import CloudTrail events contained in another prefix, you must include the prefix in the S3LocationUri . For more considerations about importing trail events, see Considerations.

When you start a new import, the Destinations and ImportSource parameters are required. Before starting a new import, disable any access control lists (ACLs) attached to the source S3 bucket. For more information about disabling ACLs, see Controlling ownership of objects and disabling ACLs for your bucket.

When you retry an import, the ImportID parameter is required.

Note

If the destination event data store is for an organization, you must use the management account to import trail events. You cannot use the delegated administrator account for the organization.

See also: AWS API Documentation

Request Syntax

response = client.start_import(
    Destinations=[
        'string',
    ],
    ImportSource={
        'S3': {
            'S3LocationUri': 'string',
            'S3BucketRegion': 'string',
            'S3BucketAccessRoleArn': 'string'
        }
    },
    StartEventTime=datetime(2015, 1, 1),
    EndEventTime=datetime(2015, 1, 1),
    ImportId='string'
)
Parameters
  • Destinations (list) --

    The ARN of the destination event data store. Use this parameter for a new import.

    • (string) --
  • ImportSource (dict) --

    The source S3 bucket for the import. Use this parameter for a new import.

    • S3 (dict) -- [REQUIRED]

      The source S3 bucket.

      • S3LocationUri (string) -- [REQUIRED]

        The URI for the source S3 bucket.

      • S3BucketRegion (string) -- [REQUIRED]

        The region associated with the source S3 bucket.

      • S3BucketAccessRoleArn (string) -- [REQUIRED]

        The IAM ARN role used to access the source S3 bucket.

  • StartEventTime (datetime) -- Use with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period. When you specify a time range, CloudTrail checks the prefix and log file names to verify the names contain a date between the specified StartEventTime and EndEventTime before attempting to import events.
  • EndEventTime (datetime) -- Use with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period. When you specify a time range, CloudTrail checks the prefix and log file names to verify the names contain a date between the specified StartEventTime and EndEventTime before attempting to import events.
  • ImportId (string) -- The ID of the import. Use this parameter when you are retrying an import.
Return type

dict

Returns

Response Syntax

{
    'ImportId': 'string',
    'Destinations': [
        'string',
    ],
    'ImportSource': {
        'S3': {
            'S3LocationUri': 'string',
            'S3BucketRegion': 'string',
            'S3BucketAccessRoleArn': 'string'
        }
    },
    'StartEventTime': datetime(2015, 1, 1),
    'EndEventTime': datetime(2015, 1, 1),
    'ImportStatus': 'INITIALIZING'|'IN_PROGRESS'|'FAILED'|'STOPPED'|'COMPLETED',
    'CreatedTimestamp': datetime(2015, 1, 1),
    'UpdatedTimestamp': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • ImportId (string) --

      The ID of the import.

    • Destinations (list) --

      The ARN of the destination event data store.

      • (string) --
    • ImportSource (dict) --

      The source S3 bucket for the import.

      • S3 (dict) --

        The source S3 bucket.

        • S3LocationUri (string) --

          The URI for the source S3 bucket.

        • S3BucketRegion (string) --

          The region associated with the source S3 bucket.

        • S3BucketAccessRoleArn (string) --

          The IAM ARN role used to access the source S3 bucket.

    • StartEventTime (datetime) --

      Used with EndEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

    • EndEventTime (datetime) --

      Used with StartEventTime to bound a StartImport request, and limit imported trail events to only those events logged within a specified time period.

    • ImportStatus (string) --

      Shows the status of the import after a StartImport request. An import finishes with a status of COMPLETED if there were no failures, or FAILED if there were failures.

    • CreatedTimestamp (datetime) --

      The timestamp for the import's creation.

    • UpdatedTimestamp (datetime) --

      The timestamp of the import's last update, if applicable.

Exceptions

  • CloudTrail.Client.exceptions.AccountHasOngoingImportException
  • CloudTrail.Client.exceptions.EventDataStoreARNInvalidException
  • CloudTrail.Client.exceptions.EventDataStoreNotFoundException
  • CloudTrail.Client.exceptions.InvalidEventDataStoreStatusException
  • CloudTrail.Client.exceptions.InvalidEventDataStoreCategoryException
  • CloudTrail.Client.exceptions.InactiveEventDataStoreException
  • CloudTrail.Client.exceptions.InvalidImportSourceException
  • CloudTrail.Client.exceptions.ImportNotFoundException
  • CloudTrail.Client.exceptions.InvalidParameterException
  • CloudTrail.Client.exceptions.InsufficientEncryptionPolicyException
  • CloudTrail.Client.exceptions.OperationNotPermittedException
  • CloudTrail.Client.exceptions.UnsupportedOperationException
  • CloudTrail.Client.exceptions.OperationNotPermittedException
  • CloudTrail.Client.exceptions.UnsupportedOperationException