Interface AWSCloudTrail

All Known Subinterfaces:
AWSCloudTrailAsync
All Known Implementing Classes:
AbstractAWSCloudTrail, AbstractAWSCloudTrailAsync, AWSCloudTrailAsyncClient, AWSCloudTrailClient

public interface AWSCloudTrail
Interface for accessing CloudTrail.

AWS CloudTrail

This is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters, and common errors for CloudTrail.

CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service.

As an alternative to the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWSCloudTrail. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

See the CloudTrail User Guide for information about the data that is included with each AWS API call listed in the log files.

  • Method Details

    • setEndpoint

      void setEndpoint(String endpoint)
      Overrides the default endpoint for this client ("cloudtrail.us-east-1.amazonaws.com"). Callers can use this method to control which AWS region they want to work with.

      Callers can pass in just the endpoint (ex: "cloudtrail.us-east-1.amazonaws.com") or a full URL, including the protocol (ex: "cloudtrail.us-east-1.amazonaws.com"). If the protocol is not specified here, the default protocol from this client's ClientConfiguration will be used, which by default is HTTPS.

      For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID= 3912

      This method is not threadsafe. An endpoint should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.

      Parameters:
      endpoint - The endpoint (ex: "cloudtrail.us-east-1.amazonaws.com") or a full URL, including the protocol (ex: "cloudtrail.us-east-1.amazonaws.com") of the region specific AWS endpoint this client will communicate with.
    • setRegion

      void setRegion(Region region)
      An alternative to setEndpoint(String), sets the regional endpoint for this client's service calls. Callers can use this method to control which AWS region they want to work with.

      By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the ClientConfiguration supplied at construction.

      This method is not threadsafe. A region should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.

      Parameters:
      region - The region this client will communicate with. See Region.getRegion(com.amazonaws.regions.Regions) for accessing a given region. Must not be null and must be a region where the service is available.
      See Also:
    • addTags

      AddTagsResult addTags(AddTagsRequest addTagsRequest)

      Adds one or more tags to a trail, up to a limit of 10. Tags must be unique per trail. Overwrites an existing tag's value when a new value is specified for an existing tag key. If you specify a key without a value, the tag will be created with the specified key and a value of null. You can tag a trail that applies to all regions only from the region in which the trail was created (that is, from its home region).

      Parameters:
      addTagsRequest - Specifies the tags to add to a trail.
      Returns:
      Result of the AddTags operation returned by the service.
    • createTrail

      CreateTrailResult createTrail(CreateTrailRequest createTrailRequest)

      Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. A maximum of five trails can exist in a region, irrespective of the region in which they were created.

      Parameters:
      createTrailRequest - Specifies the settings for each trail.
      Returns:
      Result of the CreateTrail operation returned by the service.
    • deleteTrail

      DeleteTrailResult deleteTrail(DeleteTrailRequest deleteTrailRequest)

      Deletes a trail. This operation must be called from the region in which the trail was created. DeleteTrail cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.

      Parameters:
      deleteTrailRequest - The request that specifies the name of a trail to delete.
      Returns:
      Result of the DeleteTrail operation returned by the service.
      Throws:
      TrailNotFoundException - This exception is thrown when the trail with the given name is not found.
      InvalidTrailNameException - This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

      • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

      • Start with a letter or number, and end with a letter or number

      • Be between 3 and 128 characters

      • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

      • Not be in IP address format (for example, 192.168.5.4)

      InvalidHomeRegionException - This exception is thrown when an operation is called on a trail from a region other than the region in which the trail was created.
    • describeTrails

      DescribeTrailsResult describeTrails(DescribeTrailsRequest describeTrailsRequest)

      Retrieves settings for the trail associated with the current region for your account.

      Parameters:
      describeTrailsRequest - Returns information about the trail.
      Returns:
      Result of the DescribeTrails operation returned by the service.
    • describeTrails

      DescribeTrailsResult describeTrails()
      Simplified method form for invoking the DescribeTrails operation.
      See Also:
    • getTrailStatus

      GetTrailStatusResult getTrailStatus(GetTrailStatusRequest getTrailStatusRequest)

      Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail. This operation returns trail status from a single region. To return trail status from all regions, you must call the operation on each region.

      Parameters:
      getTrailStatusRequest - The name of a trail about which you want the current status.
      Returns:
      Result of the GetTrailStatus operation returned by the service.
      Throws:
      TrailNotFoundException - This exception is thrown when the trail with the given name is not found.
      InvalidTrailNameException - This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

      • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

      • Start with a letter or number, and end with a letter or number

      • Be between 3 and 128 characters

      • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

      • Not be in IP address format (for example, 192.168.5.4)

    • listPublicKeys

      ListPublicKeysResult listPublicKeys(ListPublicKeysRequest listPublicKeysRequest)

      Returns all public keys whose private keys were used to sign the digest files within the specified time range. The public key is needed to validate digest files that were signed with its corresponding private key.

      CloudTrail uses different private/public key pairs per region. Each digest file is signed with a private key unique to its region. Therefore, when you validate a digest file from a particular region, you must look in the same region for its corresponding public key.

      Parameters:
      listPublicKeysRequest - Requests the public keys for a specified time range.
      Returns:
      Result of the ListPublicKeys operation returned by the service.
    • listPublicKeys

      ListPublicKeysResult listPublicKeys()
      Simplified method form for invoking the ListPublicKeys operation.
      See Also:
    • listTags

      ListTagsResult listTags(ListTagsRequest listTagsRequest)

      Lists the tags for the trail in the current region.

      Parameters:
      listTagsRequest - Specifies a list of trail tags to return.
      Returns:
      Result of the ListTags operation returned by the service.
    • lookupEvents

      LookupEventsResult lookupEvents(LookupEventsRequest lookupEventsRequest)

      Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account. Events for a region can be looked up for the times in which you had CloudTrail turned on in that region during the last seven days. Lookup supports five different attributes: time range (defined by a start time and end time), user name, event name, resource type, and resource name. All attributes are optional. The maximum number of attributes that can be specified in any one lookup request are time range and one other attribute. The default number of results returned is 10, with a maximum of 50 possible. The response includes a token that you can use to get the next page of results.

      The rate of lookup requests is limited to one per second per account. If this limit is exceeded, a throttling error occurs.

      Events that occurred during the selected time range will not be available for lookup if CloudTrail logging was not enabled when the events occurred.

      Parameters:
      lookupEventsRequest - Contains a request for LookupEvents.
      Returns:
      Result of the LookupEvents operation returned by the service.
      Throws:
      InvalidLookupAttributesException - Occurs when an invalid lookup attribute is specified.
      InvalidTimeRangeException - Occurs if the timestamp values are invalid. Either the start time occurs after the end time or the time range is outside the range of possible values.
      InvalidMaxResultsException - This exception is thrown if the limit specified is invalid.
      InvalidNextTokenException - Invalid token or token that was previously used in a request with different parameters. This exception is thrown if the token is invalid.
    • lookupEvents

      LookupEventsResult lookupEvents()
      Simplified method form for invoking the LookupEvents operation.
      See Also:
    • removeTags

      RemoveTagsResult removeTags(RemoveTagsRequest removeTagsRequest)

      Removes the specified tags from a trail.

      Parameters:
      removeTagsRequest - Specifies the tags to remove from a trail.
      Returns:
      Result of the RemoveTags operation returned by the service.
    • startLogging

      StartLoggingResult startLogging(StartLoggingRequest startLoggingRequest)

      Starts the recording of AWS API calls and log file delivery for a trail. For a trail that is enabled in all regions, this operation must be called from the region in which the trail was created. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.

      Parameters:
      startLoggingRequest - The request to CloudTrail to start logging AWS API calls for an account.
      Returns:
      Result of the StartLogging operation returned by the service.
      Throws:
      TrailNotFoundException - This exception is thrown when the trail with the given name is not found.
      InvalidTrailNameException - This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

      • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

      • Start with a letter or number, and end with a letter or number

      • Be between 3 and 128 characters

      • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

      • Not be in IP address format (for example, 192.168.5.4)

      InvalidHomeRegionException - This exception is thrown when an operation is called on a trail from a region other than the region in which the trail was created.
    • stopLogging

      StopLoggingResult stopLogging(StopLoggingRequest stopLoggingRequest)

      Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circumstances, there is no need to use this action. You can update a trail without stopping it first. This action is the only way to stop recording. For a trail enabled in all regions, this operation must be called from the region in which the trail was created, or an InvalidHomeRegionException will occur. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail enabled in all regions.

      Parameters:
      stopLoggingRequest - Passes the request to CloudTrail to stop logging AWS API calls for the specified account.
      Returns:
      Result of the StopLogging operation returned by the service.
      Throws:
      TrailNotFoundException - This exception is thrown when the trail with the given name is not found.
      InvalidTrailNameException - This exception is thrown when the provided trail name is not valid. Trail names must meet the following requirements:

      • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)

      • Start with a letter or number, and end with a letter or number

      • Be between 3 and 128 characters

      • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are invalid.

      • Not be in IP address format (for example, 192.168.5.4)

      InvalidHomeRegionException - This exception is thrown when an operation is called on a trail from a region other than the region in which the trail was created.
    • updateTrail

      UpdateTrailResult updateTrail(UpdateTrailRequest updateTrailRequest)

      Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the CloudTrail service. Use this action to designate an existing bucket for log delivery. If the existing bucket has previously been a target for CloudTrail log files, an IAM policy exists for the bucket. UpdateTrail must be called from the region in which the trail was created; otherwise, an InvalidHomeRegionException is thrown.

      Parameters:
      updateTrailRequest - Specifies settings to update for the trail.
      Returns:
      Result of the UpdateTrail operation returned by the service.
    • shutdown

      void shutdown()
      Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.
    • getCachedResponseMetadata

      ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
      Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

      Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.

      Parameters:
      request - The originally executed request.
      Returns:
      The response metadata for the specified request, or null if none is available.