/*
* Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.cloudtrail;
import org.w3c.dom.*;
import java.net.*;
import java.util.*;
import javax.annotation.Generated;
import org.apache.commons.logging.*;
import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;
import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.services.cloudtrail.AWSCloudTrailClientBuilder;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.cloudtrail.model.*;
import com.amazonaws.services.cloudtrail.model.transform.*;
/**
* Client for accessing CloudTrail. All service calls made using this client are blocking, and will not return until the
* service call completes.
* <p>
* <fullname>AWS CloudTrail</fullname>
* <p>
* This is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters, and common
* errors for CloudTrail.
* </p>
* <p>
* CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3
* bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP
* address, the request parameters, and the response elements returned by the service.
* </p>
* <note>
* <p>
* As an alternative to the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various
* programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to
* create programmatic access to AWSCloudTrail. For example, the SDKs take care of cryptographically signing requests,
* managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download
* and install them, see the <a href="http://aws.amazon.com/tools/">Tools for Amazon Web Services page</a>.
* </p>
* </note>
* <p>
* See the <a href="http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html">AWS CloudTrail
* User Guide</a> for information about the data that is included with each AWS API call listed in the log files.
* </p>
*/
@ThreadSafe
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AWSCloudTrailClient extends AmazonWebServiceClient implements AWSCloudTrail {
/** Provider for AWS credentials. */
private final AWSCredentialsProvider awsCredentialsProvider;
private static final Log log = LogFactory.getLog(AWSCloudTrail.class);
/** Default signing name for the service. */
private static final String DEFAULT_SIGNING_NAME = "cloudtrail";
/** Client configuration factory providing ClientConfigurations tailored to this client */
protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory();
private final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory(
new JsonClientMetadata()
.withProtocolVersion("1.1")
.withSupportsCbor(false)
.withSupportsIon(false)
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidTokenException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidTokenException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("CloudTrailARNInvalidException").withModeledClass(
com.amazonaws.services.cloudtrail.model.CloudTrailARNInvalidException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidCloudWatchLogsRoleArnException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidCloudWatchLogsRoleArnException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidKmsKeyIdException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidKmsKeyIdException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ResourceNotFoundException").withModeledClass(
com.amazonaws.services.cloudtrail.model.ResourceNotFoundException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidTimeRangeException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidTimeRangeException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidEventSelectorsException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidEventSelectorsException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("UnsupportedOperationException").withModeledClass(
com.amazonaws.services.cloudtrail.model.UnsupportedOperationException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TrailNotProvidedException").withModeledClass(
com.amazonaws.services.cloudtrail.model.TrailNotProvidedException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidCloudWatchLogsLogGroupArnException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidCloudWatchLogsLogGroupArnException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("KmsException").withModeledClass(
com.amazonaws.services.cloudtrail.model.KmsException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("S3BucketDoesNotExistException").withModeledClass(
com.amazonaws.services.cloudtrail.model.S3BucketDoesNotExistException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidParameterCombinationException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidParameterCombinationException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidMaxResultsException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidMaxResultsException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TagsLimitExceededException").withModeledClass(
com.amazonaws.services.cloudtrail.model.TagsLimitExceededException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidS3BucketNameException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidS3BucketNameException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("CloudWatchLogsDeliveryUnavailableException").withModeledClass(
com.amazonaws.services.cloudtrail.model.CloudWatchLogsDeliveryUnavailableException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidTrailNameException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidTrailNameException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidSnsTopicNameException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidSnsTopicNameException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InsufficientEncryptionPolicyException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InsufficientEncryptionPolicyException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidTagParameterException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidTagParameterException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("KmsKeyNotFoundException").withModeledClass(
com.amazonaws.services.cloudtrail.model.KmsKeyNotFoundException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("OperationNotPermittedException").withModeledClass(
com.amazonaws.services.cloudtrail.model.OperationNotPermittedException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TrailNotFoundException").withModeledClass(
com.amazonaws.services.cloudtrail.model.TrailNotFoundException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidLookupAttributesException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidLookupAttributesException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("MaximumNumberOfTrailsExceededException").withModeledClass(
com.amazonaws.services.cloudtrail.model.MaximumNumberOfTrailsExceededException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidS3PrefixException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidS3PrefixException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InsufficientSnsTopicPolicyException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InsufficientSnsTopicPolicyException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidNextTokenException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidNextTokenException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InsufficientS3BucketPolicyException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InsufficientS3BucketPolicyException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("InvalidHomeRegionException").withModeledClass(
com.amazonaws.services.cloudtrail.model.InvalidHomeRegionException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("ResourceTypeNotSupportedException").withModeledClass(
com.amazonaws.services.cloudtrail.model.ResourceTypeNotSupportedException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("TrailAlreadyExistsException").withModeledClass(
com.amazonaws.services.cloudtrail.model.TrailAlreadyExistsException.class))
.addErrorMetadata(
new JsonErrorShapeMetadata().withErrorCode("KmsKeyDisabledException").withModeledClass(
com.amazonaws.services.cloudtrail.model.KmsKeyDisabledException.class))
.withBaseServiceExceptionClass(com.amazonaws.services.cloudtrail.model.AWSCloudTrailException.class));
/**
* Constructs a new client to invoke service methods on CloudTrail. A credentials provider chain will be used that
* searches for credentials in this order:
* <ul>
* <li>Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY</li>
* <li>Java System Properties - aws.accessKeyId and aws.secretKey</li>
* <li>Instance profile credentials delivered through the Amazon EC2 metadata service</li>
* </ul>
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AWSCloudTrailClientBuilder#defaultClient()}
*/
@Deprecated
public AWSCloudTrailClient() {
this(DefaultAWSCredentialsProviderChain.getInstance(), configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on CloudTrail. A credentials provider chain will be used that
* searches for credentials in this order:
* <ul>
* <li>Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY</li>
* <li>Java System Properties - aws.accessKeyId and aws.secretKey</li>
* <li>Instance profile credentials delivered through the Amazon EC2 metadata service</li>
* </ul>
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientConfiguration
* The client configuration options controlling how this client connects to CloudTrail (ex: proxy settings,
* retry counts, etc.).
*
* @see DefaultAWSCredentialsProviderChain
* @deprecated use {@link AWSCloudTrailClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSCloudTrailClient(ClientConfiguration clientConfiguration) {
this(DefaultAWSCredentialsProviderChain.getInstance(), clientConfiguration);
}
/**
* Constructs a new client to invoke service methods on CloudTrail using the specified AWS account credentials.
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @deprecated use {@link AWSCloudTrailClientBuilder#withCredentials(AWSCredentialsProvider)} for example:
* {@code AWSCloudTrailClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();}
*/
@Deprecated
public AWSCloudTrailClient(AWSCredentials awsCredentials) {
this(awsCredentials, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on CloudTrail using the specified AWS account credentials and
* client configuration options.
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentials
* The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to CloudTrail (ex: proxy settings,
* retry counts, etc.).
* @deprecated use {@link AWSCloudTrailClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSCloudTrailClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSCloudTrailClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) {
super(clientConfiguration);
this.awsCredentialsProvider = new StaticCredentialsProvider(awsCredentials);
init();
}
/**
* Constructs a new client to invoke service methods on CloudTrail using the specified AWS account credentials
* provider.
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @deprecated use {@link AWSCloudTrailClientBuilder#withCredentials(AWSCredentialsProvider)}
*/
@Deprecated
public AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider) {
this(awsCredentialsProvider, configFactory.getConfig());
}
/**
* Constructs a new client to invoke service methods on CloudTrail using the specified AWS account credentials
* provider and client configuration options.
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to CloudTrail (ex: proxy settings,
* retry counts, etc.).
* @deprecated use {@link AWSCloudTrailClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSCloudTrailClientBuilder#withClientConfiguration(ClientConfiguration)}
*/
@Deprecated
public AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) {
this(awsCredentialsProvider, clientConfiguration, null);
}
/**
* Constructs a new client to invoke service methods on CloudTrail using the specified AWS account credentials
* provider, client configuration options, and request metric collector.
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param awsCredentialsProvider
* The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
* @param clientConfiguration
* The client configuration options controlling how this client connects to CloudTrail (ex: proxy settings,
* retry counts, etc.).
* @param requestMetricCollector
* optional request metric collector
* @deprecated use {@link AWSCloudTrailClientBuilder#withCredentials(AWSCredentialsProvider)} and
* {@link AWSCloudTrailClientBuilder#withClientConfiguration(ClientConfiguration)} and
* {@link AWSCloudTrailClientBuilder#withMetricsCollector(RequestMetricCollector)}
*/
@Deprecated
public AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration,
RequestMetricCollector requestMetricCollector) {
super(clientConfiguration, requestMetricCollector);
this.awsCredentialsProvider = awsCredentialsProvider;
init();
}
public static AWSCloudTrailClientBuilder builder() {
return AWSCloudTrailClientBuilder.standard();
}
/**
* Constructs a new client to invoke service methods on CloudTrail using the specified parameters.
*
* <p>
* All service calls made using this new client object are blocking, and will not return until the service call
* completes.
*
* @param clientParams
* Object providing client parameters.
*/
AWSCloudTrailClient(AwsSyncClientParams clientParams) {
super(clientParams);
this.awsCredentialsProvider = clientParams.getCredentialsProvider();
init();
}
private void init() {
setServiceNameIntern(DEFAULT_SIGNING_NAME);
setEndpointPrefix(ENDPOINT_PREFIX);
// calling this.setEndPoint(...) will also modify the signer accordingly
setEndpoint("cloudtrail.us-east-1.amazonaws.com");
HandlerChainFactory chainFactory = new HandlerChainFactory();
requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/cloudtrail/request.handlers"));
requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/cloudtrail/request.handler2s"));
requestHandler2s.addAll(chainFactory.getGlobalHandlers());
}
/**
* <p>
* Adds one or more tags to a trail, up to a limit of 50. Tags must be unique per trail. Overwrites an existing
* tag's value when a new value is specified for an existing tag key. If you specify a key without a value, the tag
* will be created with the specified key and a value of null. You can tag a trail that applies to all regions only
* from the region in which the trail was created (that is, from its home region).
* </p>
*
* @param addTagsRequest
* Specifies the tags to add to a trail.
* @return Result of the AddTags operation returned by the service.
* @throws ResourceNotFoundException
* This exception is thrown when the specified resource is not found.
* @throws CloudTrailARNInvalidException
* This exception is thrown when an operation is called with an invalid trail ARN. The format of a trail ARN
* is:</p>
* <p>
* <code>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</code>
* @throws ResourceTypeNotSupportedException
* This exception is thrown when the specified resource type is not supported by CloudTrail.
* @throws TagsLimitExceededException
* The number of tags per trail has exceeded the permitted amount. Currently, the limit is 50.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:
* </p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws InvalidTagParameterException
* This exception is thrown when the key or value specified for the tag does not match the regular
* expression <code>^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$</code>.
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.AddTags
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AddTags" target="_top">AWS API
* Documentation</a>
*/
@Override
public AddTagsResult addTags(AddTagsRequest request) {
request = beforeClientExecution(request);
return executeAddTags(request);
}
@SdkInternalApi
final AddTagsResult executeAddTags(AddTagsRequest addTagsRequest) {
ExecutionContext executionContext = createExecutionContext(addTagsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<AddTagsRequest> request = null;
Response<AddTagsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new AddTagsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(addTagsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<AddTagsResult>> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new AddTagsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. A maximum of five
* trails can exist in a region, irrespective of the region in which they were created.
* </p>
*
* @param createTrailRequest
* Specifies the settings for each trail.
* @return Result of the CreateTrail operation returned by the service.
* @throws MaximumNumberOfTrailsExceededException
* This exception is thrown when the maximum number of trails is reached.
* @throws TrailAlreadyExistsException
* This exception is thrown when the specified trail already exists.
* @throws S3BucketDoesNotExistException
* This exception is thrown when the specified S3 bucket does not exist.
* @throws InsufficientS3BucketPolicyException
* This exception is thrown when the policy on the S3 bucket is not sufficient.
* @throws InsufficientSnsTopicPolicyException
* This exception is thrown when the policy on the SNS topic is not sufficient.
* @throws InsufficientEncryptionPolicyException
* This exception is thrown when the policy on the S3 bucket or KMS key is not sufficient.
* @throws InvalidS3BucketNameException
* This exception is thrown when the provided S3 bucket name is not valid.
* @throws InvalidS3PrefixException
* This exception is thrown when the provided S3 prefix is not valid.
* @throws InvalidSnsTopicNameException
* This exception is thrown when the provided SNS topic name is not valid.
* @throws InvalidKmsKeyIdException
* This exception is thrown when the KMS key ARN is invalid.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws TrailNotProvidedException
* This exception is deprecated.
* @throws InvalidParameterCombinationException
* This exception is thrown when the combination of parameters provided is not valid.
* @throws KmsKeyNotFoundException
* This exception is thrown when the KMS key does not exist, or when the S3 bucket and the KMS key are not
* in the same region.
* @throws KmsKeyDisabledException
* This exception is deprecated.
* @throws KmsException
* This exception is thrown when there is an issue with the specified KMS key and the trail can’t be
* updated.
* @throws InvalidCloudWatchLogsLogGroupArnException
* This exception is thrown when the provided CloudWatch log group is not valid.
* @throws InvalidCloudWatchLogsRoleArnException
* This exception is thrown when the provided role is not valid.
* @throws CloudWatchLogsDeliveryUnavailableException
* Cannot set a CloudWatch Logs delivery for this region.
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.CreateTrail
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/CreateTrail" target="_top">AWS API
* Documentation</a>
*/
@Override
public CreateTrailResult createTrail(CreateTrailRequest request) {
request = beforeClientExecution(request);
return executeCreateTrail(request);
}
@SdkInternalApi
final CreateTrailResult executeCreateTrail(CreateTrailRequest createTrailRequest) {
ExecutionContext executionContext = createExecutionContext(createTrailRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<CreateTrailRequest> request = null;
Response<CreateTrailResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new CreateTrailRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createTrailRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<CreateTrailResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateTrailResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Deletes a trail. This operation must be called from the region in which the trail was created.
* <code>DeleteTrail</code> cannot be called on the shadow trails (replicated trails in other regions) of a trail
* that is enabled in all regions.
* </p>
*
* @param deleteTrailRequest
* The request that specifies the name of a trail to delete.
* @return Result of the DeleteTrail operation returned by the service.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws InvalidHomeRegionException
* This exception is thrown when an operation is called on a trail from a region other than the region in
* which the trail was created.
* @sample AWSCloudTrail.DeleteTrail
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DeleteTrail" target="_top">AWS API
* Documentation</a>
*/
@Override
public DeleteTrailResult deleteTrail(DeleteTrailRequest request) {
request = beforeClientExecution(request);
return executeDeleteTrail(request);
}
@SdkInternalApi
final DeleteTrailResult executeDeleteTrail(DeleteTrailRequest deleteTrailRequest) {
ExecutionContext executionContext = createExecutionContext(deleteTrailRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<DeleteTrailRequest> request = null;
Response<DeleteTrailResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DeleteTrailRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteTrailRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<DeleteTrailResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteTrailResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Retrieves settings for the trail associated with the current region for your account.
* </p>
*
* @param describeTrailsRequest
* Returns information about the trail.
* @return Result of the DescribeTrails operation returned by the service.
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.DescribeTrails
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DescribeTrails" target="_top">AWS API
* Documentation</a>
*/
@Override
public DescribeTrailsResult describeTrails(DescribeTrailsRequest request) {
request = beforeClientExecution(request);
return executeDescribeTrails(request);
}
@SdkInternalApi
final DescribeTrailsResult executeDescribeTrails(DescribeTrailsRequest describeTrailsRequest) {
ExecutionContext executionContext = createExecutionContext(describeTrailsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<DescribeTrailsRequest> request = null;
Response<DescribeTrailsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new DescribeTrailsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeTrailsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<DescribeTrailsResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribeTrailsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public DescribeTrailsResult describeTrails() {
return describeTrails(new DescribeTrailsRequest());
}
/**
* <p>
* Describes the settings for the event selectors that you configured for your trail. The information returned for
* your event selectors includes the following:
* </p>
* <ul>
* <li>
* <p>
* The S3 objects that you are logging for data events.
* </p>
* </li>
* <li>
* <p>
* If your event selector includes management events.
* </p>
* </li>
* <li>
* <p>
* If your event selector includes read-only events, write-only events, or all.
* </p>
* </li>
* </ul>
* <p>
* For more information, see <a href=
* "http://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html"
* >Logging Data and Management Events for Trails </a> in the <i>AWS CloudTrail User Guide</i>.
* </p>
*
* @param getEventSelectorsRequest
* @return Result of the GetEventSelectors operation returned by the service.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.GetEventSelectors
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventSelectors" target="_top">AWS
* API Documentation</a>
*/
@Override
public GetEventSelectorsResult getEventSelectors(GetEventSelectorsRequest request) {
request = beforeClientExecution(request);
return executeGetEventSelectors(request);
}
@SdkInternalApi
final GetEventSelectorsResult executeGetEventSelectors(GetEventSelectorsRequest getEventSelectorsRequest) {
ExecutionContext executionContext = createExecutionContext(getEventSelectorsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<GetEventSelectorsRequest> request = null;
Response<GetEventSelectorsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetEventSelectorsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getEventSelectorsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<GetEventSelectorsResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetEventSelectorsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery
* errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail. This operation returns
* trail status from a single region. To return trail status from all regions, you must call the operation on each
* region.
* </p>
*
* @param getTrailStatusRequest
* The name of a trail about which you want the current status.
* @return Result of the GetTrailStatus operation returned by the service.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @sample AWSCloudTrail.GetTrailStatus
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetTrailStatus" target="_top">AWS API
* Documentation</a>
*/
@Override
public GetTrailStatusResult getTrailStatus(GetTrailStatusRequest request) {
request = beforeClientExecution(request);
return executeGetTrailStatus(request);
}
@SdkInternalApi
final GetTrailStatusResult executeGetTrailStatus(GetTrailStatusRequest getTrailStatusRequest) {
ExecutionContext executionContext = createExecutionContext(getTrailStatusRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<GetTrailStatusRequest> request = null;
Response<GetTrailStatusResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new GetTrailStatusRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getTrailStatusRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<GetTrailStatusResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetTrailStatusResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Returns all public keys whose private keys were used to sign the digest files within the specified time range.
* The public key is needed to validate digest files that were signed with its corresponding private key.
* </p>
* <note>
* <p>
* CloudTrail uses different private/public key pairs per region. Each digest file is signed with a private key
* unique to its region. Therefore, when you validate a digest file from a particular region, you must look in the
* same region for its corresponding public key.
* </p>
* </note>
*
* @param listPublicKeysRequest
* Requests the public keys for a specified time range.
* @return Result of the ListPublicKeys operation returned by the service.
* @throws InvalidTimeRangeException
* Occurs if the timestamp values are invalid. Either the start time occurs after the end time or the time
* range is outside the range of possible values.
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @throws InvalidTokenException
* Reserved for future use.
* @sample AWSCloudTrail.ListPublicKeys
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListPublicKeys" target="_top">AWS API
* Documentation</a>
*/
@Override
public ListPublicKeysResult listPublicKeys(ListPublicKeysRequest request) {
request = beforeClientExecution(request);
return executeListPublicKeys(request);
}
@SdkInternalApi
final ListPublicKeysResult executeListPublicKeys(ListPublicKeysRequest listPublicKeysRequest) {
ExecutionContext executionContext = createExecutionContext(listPublicKeysRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<ListPublicKeysRequest> request = null;
Response<ListPublicKeysResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListPublicKeysRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listPublicKeysRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<ListPublicKeysResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListPublicKeysResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public ListPublicKeysResult listPublicKeys() {
return listPublicKeys(new ListPublicKeysRequest());
}
/**
* <p>
* Lists the tags for the trail in the current region.
* </p>
*
* @param listTagsRequest
* Specifies a list of trail tags to return.
* @return Result of the ListTags operation returned by the service.
* @throws ResourceNotFoundException
* This exception is thrown when the specified resource is not found.
* @throws CloudTrailARNInvalidException
* This exception is thrown when an operation is called with an invalid trail ARN. The format of a trail ARN
* is:</p>
* <p>
* <code>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</code>
* @throws ResourceTypeNotSupportedException
* This exception is thrown when the specified resource type is not supported by CloudTrail.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:
* </p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @throws InvalidTokenException
* Reserved for future use.
* @sample AWSCloudTrail.ListTags
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ListTags" target="_top">AWS API
* Documentation</a>
*/
@Override
public ListTagsResult listTags(ListTagsRequest request) {
request = beforeClientExecution(request);
return executeListTags(request);
}
@SdkInternalApi
final ListTagsResult executeListTags(ListTagsRequest listTagsRequest) {
ExecutionContext executionContext = createExecutionContext(listTagsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<ListTagsRequest> request = null;
Response<ListTagsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new ListTagsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listTagsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<ListTagsResult>> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListTagsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account.
* Events for a region can be looked up for the times in which you had CloudTrail turned on in that region during
* the last seven days. Lookup supports the following attributes:
* </p>
* <ul>
* <li>
* <p>
* Event ID
* </p>
* </li>
* <li>
* <p>
* Event name
* </p>
* </li>
* <li>
* <p>
* Event source
* </p>
* </li>
* <li>
* <p>
* Resource name
* </p>
* </li>
* <li>
* <p>
* Resource type
* </p>
* </li>
* <li>
* <p>
* User name
* </p>
* </li>
* </ul>
* <p>
* All attributes are optional. The default number of results returned is 10, with a maximum of 50 possible. The
* response includes a token that you can use to get the next page of results.
* </p>
* <important>
* <p>
* The rate of lookup requests is limited to one per second per account. If this limit is exceeded, a throttling
* error occurs.
* </p>
* </important> <important>
* <p>
* Events that occurred during the selected time range will not be available for lookup if CloudTrail logging was
* not enabled when the events occurred.
* </p>
* </important>
*
* @param lookupEventsRequest
* Contains a request for LookupEvents.
* @return Result of the LookupEvents operation returned by the service.
* @throws InvalidLookupAttributesException
* Occurs when an invalid lookup attribute is specified.
* @throws InvalidTimeRangeException
* Occurs if the timestamp values are invalid. Either the start time occurs after the end time or the time
* range is outside the range of possible values.
* @throws InvalidMaxResultsException
* This exception is thrown if the limit specified is invalid.
* @throws InvalidNextTokenException
* Invalid token or token that was previously used in a request with different parameters. This exception is
* thrown if the token is invalid.
* @sample AWSCloudTrail.LookupEvents
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/LookupEvents" target="_top">AWS API
* Documentation</a>
*/
@Override
public LookupEventsResult lookupEvents(LookupEventsRequest request) {
request = beforeClientExecution(request);
return executeLookupEvents(request);
}
@SdkInternalApi
final LookupEventsResult executeLookupEvents(LookupEventsRequest lookupEventsRequest) {
ExecutionContext executionContext = createExecutionContext(lookupEventsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<LookupEventsRequest> request = null;
Response<LookupEventsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new LookupEventsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(lookupEventsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<LookupEventsResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new LookupEventsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
@Override
public LookupEventsResult lookupEvents() {
return lookupEvents(new LookupEventsRequest());
}
/**
* <p>
* Configures an event selector for your trail. Use event selectors to specify whether you want your trail to log
* management and/or data events. When an event occurs in your account, CloudTrail evaluates the event selectors in
* all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If
* the event doesn't match any event selector, the trail doesn't log the event.
* </p>
* <p>
* Example
* </p>
* <ol>
* <li>
* <p>
* You create an event selector for a trail and specify that you want write-only events.
* </p>
* </li>
* <li>
* <p>
* The EC2 <code>GetConsoleOutput</code> and <code>RunInstances</code> API operations occur in your account.
* </p>
* </li>
* <li>
* <p>
* CloudTrail evaluates whether the events match your event selectors.
* </p>
* </li>
* <li>
* <p>
* The <code>RunInstances</code> is a write-only event and it matches your event selector. The trail logs the event.
* </p>
* </li>
* <li>
* <p>
* The <code>GetConsoleOutput</code> is a read-only event but it doesn't match your event selector. The trail
* doesn't log the event.
* </p>
* </li>
* </ol>
* <p>
* The <code>PutEventSelectors</code> operation must be called from the region in which the trail was created;
* otherwise, an <code>InvalidHomeRegionException</code> is thrown.
* </p>
* <p>
* You can configure up to five event selectors for each trail. For more information, see <a href=
* "http://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html"
* >Logging Data and Management Events for Trails </a> in the <i>AWS CloudTrail User Guide</i>.
* </p>
*
* @param putEventSelectorsRequest
* @return Result of the PutEventSelectors operation returned by the service.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws InvalidHomeRegionException
* This exception is thrown when an operation is called on a trail from a region other than the region in
* which the trail was created.
* @throws InvalidEventSelectorsException
* This exception is thrown when the <code>PutEventSelectors</code> operation is called with an invalid
* number of event selectors, data resources, or an invalid value for a parameter:</p>
* <ul>
* <li>
* <p>
* Specify a valid number of event selectors (1 to 5) for a trail.
* </p>
* </li>
* <li>
* <p>
* Specify a valid number of data resources (1 to 250) for an event selector.
* </p>
* </li>
* <li>
* <p>
* Specify a valid value for a parameter. For example, specifying the <code>ReadWriteType</code> parameter
* with a value of <code>read-only</code> is invalid.
* </p>
* </li>
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.PutEventSelectors
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/PutEventSelectors" target="_top">AWS
* API Documentation</a>
*/
@Override
public PutEventSelectorsResult putEventSelectors(PutEventSelectorsRequest request) {
request = beforeClientExecution(request);
return executePutEventSelectors(request);
}
@SdkInternalApi
final PutEventSelectorsResult executePutEventSelectors(PutEventSelectorsRequest putEventSelectorsRequest) {
ExecutionContext executionContext = createExecutionContext(putEventSelectorsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<PutEventSelectorsRequest> request = null;
Response<PutEventSelectorsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new PutEventSelectorsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putEventSelectorsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<PutEventSelectorsResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutEventSelectorsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Removes the specified tags from a trail.
* </p>
*
* @param removeTagsRequest
* Specifies the tags to remove from a trail.
* @return Result of the RemoveTags operation returned by the service.
* @throws ResourceNotFoundException
* This exception is thrown when the specified resource is not found.
* @throws CloudTrailARNInvalidException
* This exception is thrown when an operation is called with an invalid trail ARN. The format of a trail ARN
* is:</p>
* <p>
* <code>arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</code>
* @throws ResourceTypeNotSupportedException
* This exception is thrown when the specified resource type is not supported by CloudTrail.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:
* </p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws InvalidTagParameterException
* This exception is thrown when the key or value specified for the tag does not match the regular
* expression <code>^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$</code>.
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.RemoveTags
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/RemoveTags" target="_top">AWS API
* Documentation</a>
*/
@Override
public RemoveTagsResult removeTags(RemoveTagsRequest request) {
request = beforeClientExecution(request);
return executeRemoveTags(request);
}
@SdkInternalApi
final RemoveTagsResult executeRemoveTags(RemoveTagsRequest removeTagsRequest) {
ExecutionContext executionContext = createExecutionContext(removeTagsRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<RemoveTagsRequest> request = null;
Response<RemoveTagsResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new RemoveTagsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(removeTagsRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<RemoveTagsResult>> responseHandler = protocolFactory.createResponseHandler(new JsonOperationMetadata()
.withPayloadJson(true).withHasStreamingSuccessResponse(false), new RemoveTagsResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Starts the recording of AWS API calls and log file delivery for a trail. For a trail that is enabled in all
* regions, this operation must be called from the region in which the trail was created. This operation cannot be
* called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.
* </p>
*
* @param startLoggingRequest
* The request to CloudTrail to start logging AWS API calls for an account.
* @return Result of the StartLogging operation returned by the service.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws InvalidHomeRegionException
* This exception is thrown when an operation is called on a trail from a region other than the region in
* which the trail was created.
* @sample AWSCloudTrail.StartLogging
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StartLogging" target="_top">AWS API
* Documentation</a>
*/
@Override
public StartLoggingResult startLogging(StartLoggingRequest request) {
request = beforeClientExecution(request);
return executeStartLogging(request);
}
@SdkInternalApi
final StartLoggingResult executeStartLogging(StartLoggingRequest startLoggingRequest) {
ExecutionContext executionContext = createExecutionContext(startLoggingRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<StartLoggingRequest> request = null;
Response<StartLoggingResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new StartLoggingRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(startLoggingRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<StartLoggingResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new StartLoggingResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circumstances,
* there is no need to use this action. You can update a trail without stopping it first. This action is the only
* way to stop recording. For a trail enabled in all regions, this operation must be called from the region in which
* the trail was created, or an <code>InvalidHomeRegionException</code> will occur. This operation cannot be called
* on the shadow trails (replicated trails in other regions) of a trail enabled in all regions.
* </p>
*
* @param stopLoggingRequest
* Passes the request to CloudTrail to stop logging AWS API calls for the specified account.
* @return Result of the StopLogging operation returned by the service.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws InvalidHomeRegionException
* This exception is thrown when an operation is called on a trail from a region other than the region in
* which the trail was created.
* @sample AWSCloudTrail.StopLogging
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/StopLogging" target="_top">AWS API
* Documentation</a>
*/
@Override
public StopLoggingResult stopLogging(StopLoggingRequest request) {
request = beforeClientExecution(request);
return executeStopLogging(request);
}
@SdkInternalApi
final StopLoggingResult executeStopLogging(StopLoggingRequest stopLoggingRequest) {
ExecutionContext executionContext = createExecutionContext(stopLoggingRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<StopLoggingRequest> request = null;
Response<StopLoggingResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new StopLoggingRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(stopLoggingRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<StopLoggingResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new StopLoggingResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* <p>
* Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the
* CloudTrail service. Use this action to designate an existing bucket for log delivery. If the existing bucket has
* previously been a target for CloudTrail log files, an IAM policy exists for the bucket. <code>UpdateTrail</code>
* must be called from the region in which the trail was created; otherwise, an
* <code>InvalidHomeRegionException</code> is thrown.
* </p>
*
* @param updateTrailRequest
* Specifies settings to update for the trail.
* @return Result of the UpdateTrail operation returned by the service.
* @throws S3BucketDoesNotExistException
* This exception is thrown when the specified S3 bucket does not exist.
* @throws InsufficientS3BucketPolicyException
* This exception is thrown when the policy on the S3 bucket is not sufficient.
* @throws InsufficientSnsTopicPolicyException
* This exception is thrown when the policy on the SNS topic is not sufficient.
* @throws InsufficientEncryptionPolicyException
* This exception is thrown when the policy on the S3 bucket or KMS key is not sufficient.
* @throws TrailNotFoundException
* This exception is thrown when the trail with the given name is not found.
* @throws InvalidS3BucketNameException
* This exception is thrown when the provided S3 bucket name is not valid.
* @throws InvalidS3PrefixException
* This exception is thrown when the provided S3 prefix is not valid.
* @throws InvalidSnsTopicNameException
* This exception is thrown when the provided SNS topic name is not valid.
* @throws InvalidKmsKeyIdException
* This exception is thrown when the KMS key ARN is invalid.
* @throws InvalidTrailNameException
* This exception is thrown when the provided trail name is not valid. Trail names must meet the following
* requirements:</p>
* <ul>
* <li>
* <p>
* Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
* </p>
* </li>
* <li>
* <p>
* Start with a letter or number, and end with a letter or number
* </p>
* </li>
* <li>
* <p>
* Be between 3 and 128 characters
* </p>
* </li>
* <li>
* <p>
* Have no adjacent periods, underscores or dashes. Names like <code>my-_namespace</code> and
* <code>my--namespace</code> are invalid.
* </p>
* </li>
* <li>
* <p>
* Not be in IP address format (for example, 192.168.5.4)
* </p>
* </li>
* @throws TrailNotProvidedException
* This exception is deprecated.
* @throws InvalidParameterCombinationException
* This exception is thrown when the combination of parameters provided is not valid.
* @throws InvalidHomeRegionException
* This exception is thrown when an operation is called on a trail from a region other than the region in
* which the trail was created.
* @throws KmsKeyNotFoundException
* This exception is thrown when the KMS key does not exist, or when the S3 bucket and the KMS key are not
* in the same region.
* @throws KmsKeyDisabledException
* This exception is deprecated.
* @throws KmsException
* This exception is thrown when there is an issue with the specified KMS key and the trail can’t be
* updated.
* @throws InvalidCloudWatchLogsLogGroupArnException
* This exception is thrown when the provided CloudWatch log group is not valid.
* @throws InvalidCloudWatchLogsRoleArnException
* This exception is thrown when the provided role is not valid.
* @throws CloudWatchLogsDeliveryUnavailableException
* Cannot set a CloudWatch Logs delivery for this region.
* @throws UnsupportedOperationException
* This exception is thrown when the requested operation is not supported.
* @throws OperationNotPermittedException
* This exception is thrown when the requested operation is not permitted.
* @sample AWSCloudTrail.UpdateTrail
* @see <a href="http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateTrail" target="_top">AWS API
* Documentation</a>
*/
@Override
public UpdateTrailResult updateTrail(UpdateTrailRequest request) {
request = beforeClientExecution(request);
return executeUpdateTrail(request);
}
@SdkInternalApi
final UpdateTrailResult executeUpdateTrail(UpdateTrailRequest updateTrailRequest) {
ExecutionContext executionContext = createExecutionContext(updateTrailRequest);
AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics();
awsRequestMetrics.startEvent(Field.ClientExecuteTime);
Request<UpdateTrailRequest> request = null;
Response<UpdateTrailResult> response = null;
try {
awsRequestMetrics.startEvent(Field.RequestMarshallTime);
try {
request = new UpdateTrailRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updateTrailRequest));
// Binds the request metrics to the current request.
request.setAWSRequestMetrics(awsRequestMetrics);
} finally {
awsRequestMetrics.endEvent(Field.RequestMarshallTime);
}
HttpResponseHandler<AmazonWebServiceResponse<UpdateTrailResult>> responseHandler = protocolFactory.createResponseHandler(
new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateTrailResultJsonUnmarshaller());
response = invoke(request, responseHandler, executionContext);
return response.getAwsResponse();
} finally {
endClientExecution(awsRequestMetrics, request, response);
}
}
/**
* Returns additional metadata for a previously executed successful, request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
* <p>
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing the request.
*
* @param request
* The originally executed request
*
* @return The response metadata for the specified request, or null if none is available.
*/
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
return client.getResponseMetadataForRequest(request);
}
/**
* Normal invoke with authentication. Credentials are required and may be overriden at the request level.
**/
private <X, Y extends AmazonWebServiceRequest> Response<X> invoke(Request<Y> request, HttpResponseHandler<AmazonWebServiceResponse<X>> responseHandler,
ExecutionContext executionContext) {
executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider));
return doInvoke(request, responseHandler, executionContext);
}
/**
* Invoke with no authentication. Credentials are not required and any credentials set on the client or request will
* be ignored for this operation.
**/
private <X, Y extends AmazonWebServiceRequest> Response<X> anonymousInvoke(Request<Y> request,
HttpResponseHandler<AmazonWebServiceResponse<X>> responseHandler, ExecutionContext executionContext) {
return doInvoke(request, responseHandler, executionContext);
}
/**
* Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the
* ExecutionContext beforehand.
**/
private <X, Y extends AmazonWebServiceRequest> Response<X> doInvoke(Request<Y> request, HttpResponseHandler<AmazonWebServiceResponse<X>> responseHandler,
ExecutionContext executionContext) {
request.setEndpoint(endpoint);
request.setTimeOffset(timeOffset);
HttpResponseHandler<AmazonServiceException> errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata());
return client.execute(request, responseHandler, errorResponseHandler, executionContext);
}
}