-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Amazon CloudTrail SDK.
--
-- Derived from API version 2013-11-01 of the AWS service
-- descriptions, licensed under Apache 2.0.
--
-- The types from this library are intended to be used with
-- amazonka, which provides mechanisms for specifying AuthN/AuthZ
-- information, sending requests, and receiving responses.
--
-- It is recommended to use generic lenses or optics from packages such
-- as generic-lens or optics to modify optional fields and
-- deconstruct responses.
--
-- Generated lenses can be found in Amazonka.CloudTrail.Lens and
-- are suitable for use with a lens package such as lens or
-- lens-family-core.
--
-- See Amazonka.CloudTrail and the AWS documentation to get
-- started.
@package amazonka-cloudtrail
@version 2.0
module Amazonka.CloudTrail.Types.AdvancedFieldSelector
-- | A single selector statement in an advanced event selector.
--
-- See: newAdvancedFieldSelector smart constructor.
data AdvancedFieldSelector
AdvancedFieldSelector' :: Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Text -> AdvancedFieldSelector
-- | An operator that includes events that match the last few characters of
-- the event record field specified as the value of Field.
[$sel:endsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that includes events that match the exact value of the
-- event record field specified as the value of Field. This is
-- the only valid operator that you can use with the readOnly,
-- eventCategory, and resources.type fields.
[$sel:equals:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that excludes events that match the last few characters of
-- the event record field specified as the value of Field.
[$sel:notEndsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that excludes events that match the exact value of the
-- event record field specified as the value of Field.
[$sel:notEquals:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that excludes events that match the first few characters
-- of the event record field specified as the value of Field.
[$sel:notStartsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that includes events that match the first few characters
-- of the event record field specified as the value of Field.
[$sel:startsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | A field in an event record on which to filter events to be logged.
-- Supported fields include readOnly, eventCategory,
-- eventSource (for management events), eventName,
-- resources.type, and resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
[$sel:field:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Text
-- | Create a value of AdvancedFieldSelector with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endsWith:AdvancedFieldSelector',
-- advancedFieldSelector_endsWith - An operator that includes
-- events that match the last few characters of the event record field
-- specified as the value of Field.
--
-- $sel:equals:AdvancedFieldSelector',
-- advancedFieldSelector_equals - An operator that includes events
-- that match the exact value of the event record field specified as the
-- value of Field. This is the only valid operator that you can
-- use with the readOnly, eventCategory, and
-- resources.type fields.
--
-- $sel:notEndsWith:AdvancedFieldSelector',
-- advancedFieldSelector_notEndsWith - An operator that excludes
-- events that match the last few characters of the event record field
-- specified as the value of Field.
--
-- $sel:notEquals:AdvancedFieldSelector',
-- advancedFieldSelector_notEquals - An operator that excludes
-- events that match the exact value of the event record field specified
-- as the value of Field.
--
-- $sel:notStartsWith:AdvancedFieldSelector',
-- advancedFieldSelector_notStartsWith - An operator that excludes
-- events that match the first few characters of the event record field
-- specified as the value of Field.
--
-- $sel:startsWith:AdvancedFieldSelector',
-- advancedFieldSelector_startsWith - An operator that includes
-- events that match the first few characters of the event record field
-- specified as the value of Field.
--
-- $sel:field:AdvancedFieldSelector',
-- advancedFieldSelector_field - A field in an event record on
-- which to filter events to be logged. Supported fields include
-- readOnly, eventCategory, eventSource (for
-- management events), eventName, resources.type, and
-- resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
newAdvancedFieldSelector :: Text -> AdvancedFieldSelector
-- | An operator that includes events that match the last few characters of
-- the event record field specified as the value of Field.
advancedFieldSelector_endsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that includes events that match the exact value of the
-- event record field specified as the value of Field. This is
-- the only valid operator that you can use with the readOnly,
-- eventCategory, and resources.type fields.
advancedFieldSelector_equals :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the last few characters of
-- the event record field specified as the value of Field.
advancedFieldSelector_notEndsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the exact value of the
-- event record field specified as the value of Field.
advancedFieldSelector_notEquals :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the first few characters
-- of the event record field specified as the value of Field.
advancedFieldSelector_notStartsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that includes events that match the first few characters
-- of the event record field specified as the value of Field.
advancedFieldSelector_startsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | A field in an event record on which to filter events to be logged.
-- Supported fields include readOnly, eventCategory,
-- eventSource (for management events), eventName,
-- resources.type, and resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
advancedFieldSelector_field :: Lens' AdvancedFieldSelector Text
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance GHC.Show.Show Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance GHC.Read.Read Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.AdvancedFieldSelector.AdvancedFieldSelector
module Amazonka.CloudTrail.Types.AdvancedEventSelector
-- | Advanced event selectors let you create fine-grained selectors for the
-- following CloudTrail event record fields. They help you control costs
-- by logging only those events that are important to you. For more
-- information about advanced event selectors, see Logging data events
-- for trails in the CloudTrail User Guide.
--
--
-- readOnly
eventSource
eventName
eventCategory
resources.type
resources.ARN
--
-- You cannot apply both event selectors and advanced event selectors to
-- a trail.
--
-- See: newAdvancedEventSelector smart constructor.
data AdvancedEventSelector
AdvancedEventSelector' :: Maybe Text -> NonEmpty AdvancedFieldSelector -> AdvancedEventSelector
-- | An optional, descriptive name for an advanced event selector, such as
-- "Log data events for only two S3 buckets".
[$sel:name:AdvancedEventSelector'] :: AdvancedEventSelector -> Maybe Text
-- | Contains all selector statements in an advanced event selector.
[$sel:fieldSelectors:AdvancedEventSelector'] :: AdvancedEventSelector -> NonEmpty AdvancedFieldSelector
-- | Create a value of AdvancedEventSelector with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:name:AdvancedEventSelector',
-- advancedEventSelector_name - An optional, descriptive name for
-- an advanced event selector, such as "Log data events for only two S3
-- buckets".
--
-- $sel:fieldSelectors:AdvancedEventSelector',
-- advancedEventSelector_fieldSelectors - Contains all selector
-- statements in an advanced event selector.
newAdvancedEventSelector :: NonEmpty AdvancedFieldSelector -> AdvancedEventSelector
-- | An optional, descriptive name for an advanced event selector, such as
-- "Log data events for only two S3 buckets".
advancedEventSelector_name :: Lens' AdvancedEventSelector (Maybe Text)
-- | Contains all selector statements in an advanced event selector.
advancedEventSelector_fieldSelectors :: Lens' AdvancedEventSelector (NonEmpty AdvancedFieldSelector)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance GHC.Show.Show Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance GHC.Read.Read Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.AdvancedEventSelector.AdvancedEventSelector
module Amazonka.CloudTrail.Types.Channel
-- | Contains information about a returned CloudTrail channel.
--
-- See: newChannel smart constructor.
data Channel
Channel' :: Maybe Text -> Maybe Text -> Channel
-- | The Amazon Resource Name (ARN) of a channel.
[$sel:channelArn:Channel'] :: Channel -> Maybe Text
-- | The name of the CloudTrail channel. For service-linked channels, the
-- name is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
[$sel:name:Channel'] :: Channel -> Maybe Text
-- | Create a value of Channel with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channelArn:Channel', channel_channelArn - The
-- Amazon Resource Name (ARN) of a channel.
--
-- $sel:name:Channel', channel_name - The name of the
-- CloudTrail channel. For service-linked channels, the name is
-- aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
newChannel :: Channel
-- | The Amazon Resource Name (ARN) of a channel.
channel_channelArn :: Lens' Channel (Maybe Text)
-- | The name of the CloudTrail channel. For service-linked channels, the
-- name is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
channel_name :: Lens' Channel (Maybe Text)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Channel.Channel
instance GHC.Show.Show Amazonka.CloudTrail.Types.Channel.Channel
instance GHC.Read.Read Amazonka.CloudTrail.Types.Channel.Channel
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Channel.Channel
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Channel.Channel
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Channel.Channel
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Channel.Channel
module Amazonka.CloudTrail.Types.DataResource
-- | The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables
-- that you specify in your event selectors for your trail to log data
-- events. Data events provide information about the resource operations
-- performed on or within a resource itself. These are also known as data
-- plane operations. You can specify up to 250 data resources for a
-- trail.
--
-- The total number of allowed data resources is 250. This number can be
-- distributed between 1 and 5 event selectors, but the total cannot
-- exceed 250 across all selectors.
--
-- If you are using advanced event selectors, the maximum total number of
-- values for all conditions, across all advanced event selectors for the
-- trail, is 500.
--
-- The following example demonstrates how logging works when you
-- configure logging of all data events for an S3 bucket named
-- bucket-1. In this example, the CloudTrail user specified an
-- empty prefix, and the option to log both Read and
-- Write data events.
--
--
-- - A user uploads an image file to bucket-1.
-- - The PutObject API operation is an Amazon S3 object-level
-- API. It is recorded as a data event in CloudTrail. Because the
-- CloudTrail user specified an S3 bucket with an empty prefix, events
-- that occur on any object in that bucket are logged. The trail
-- processes and logs the event.
-- - A user uploads an object to an Amazon S3 bucket named
-- arn:aws:s3:::bucket-2.
-- - The PutObject API operation occurred for an object in an
-- S3 bucket that the CloudTrail user didn't specify for the trail. The
-- trail doesn’t log the event.
--
--
-- The following example demonstrates how logging works when you
-- configure logging of Lambda data events for a Lambda function named
-- MyLambdaFunction, but not for all Lambda functions.
--
--
-- - A user runs a script that includes a call to the
-- MyLambdaFunction function and the MyOtherLambdaFunction
-- function.
-- - The Invoke API operation on MyLambdaFunction is an
-- Lambda API. It is recorded as a data event in CloudTrail. Because the
-- CloudTrail user specified logging data events for
-- MyLambdaFunction, any invocations of that function are logged.
-- The trail processes and logs the event.
-- - The Invoke API operation on MyOtherLambdaFunction
-- is an Lambda API. Because the CloudTrail user did not specify logging
-- data events for all Lambda functions, the Invoke operation
-- for MyOtherLambdaFunction does not match the function specified
-- for the trail. The trail doesn’t log the event.
--
--
-- See: newDataResource smart constructor.
data DataResource
DataResource' :: Maybe Text -> Maybe [Text] -> DataResource
-- | The resource type in which you want to log data events. You can
-- specify the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
[$sel:type':DataResource'] :: DataResource -> Maybe Text
-- | An array of Amazon Resource Name (ARN) strings or partial ARN strings
-- for the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
[$sel:values:DataResource'] :: DataResource -> Maybe [Text]
-- | Create a value of DataResource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:type':DataResource', dataResource_type - The
-- resource type in which you want to log data events. You can specify
-- the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
--
-- $sel:values:DataResource', dataResource_values - An
-- array of Amazon Resource Name (ARN) strings or partial ARN strings for
-- the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
newDataResource :: DataResource
-- | The resource type in which you want to log data events. You can
-- specify the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
dataResource_type :: Lens' DataResource (Maybe Text)
-- | An array of Amazon Resource Name (ARN) strings or partial ARN strings
-- for the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
dataResource_values :: Lens' DataResource (Maybe [Text])
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.DataResource.DataResource
instance GHC.Show.Show Amazonka.CloudTrail.Types.DataResource.DataResource
instance GHC.Read.Read Amazonka.CloudTrail.Types.DataResource.DataResource
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.DataResource.DataResource
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.DataResource.DataResource
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.DataResource.DataResource
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.DataResource.DataResource
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.DataResource.DataResource
module Amazonka.CloudTrail.Types.DeliveryStatus
newtype DeliveryStatus
DeliveryStatus' :: Text -> DeliveryStatus
[fromDeliveryStatus] :: DeliveryStatus -> Text
pattern DeliveryStatus_ACCESS_DENIED :: DeliveryStatus
pattern DeliveryStatus_ACCESS_DENIED_SIGNING_FILE :: DeliveryStatus
pattern DeliveryStatus_CANCELLED :: DeliveryStatus
pattern DeliveryStatus_FAILED :: DeliveryStatus
pattern DeliveryStatus_FAILED_SIGNING_FILE :: DeliveryStatus
pattern DeliveryStatus_PENDING :: DeliveryStatus
pattern DeliveryStatus_RESOURCE_NOT_FOUND :: DeliveryStatus
pattern DeliveryStatus_SUCCESS :: DeliveryStatus
pattern DeliveryStatus_UNKNOWN :: DeliveryStatus
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance GHC.Read.Read Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
instance GHC.Show.Show Amazonka.CloudTrail.Types.DeliveryStatus.DeliveryStatus
module Amazonka.CloudTrail.Types.DestinationType
newtype DestinationType
DestinationType' :: Text -> DestinationType
[fromDestinationType] :: DestinationType -> Text
pattern DestinationType_AWS_SERVICE :: DestinationType
pattern DestinationType_EVENT_DATA_STORE :: DestinationType
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance GHC.Read.Read Amazonka.CloudTrail.Types.DestinationType.DestinationType
instance GHC.Show.Show Amazonka.CloudTrail.Types.DestinationType.DestinationType
module Amazonka.CloudTrail.Types.Destination
-- | Contains information about the service where CloudTrail delivers
-- events.
--
-- See: newDestination smart constructor.
data Destination
Destination' :: DestinationType -> Text -> Destination
-- | The type of destination for events arriving from a channel. For
-- service-linked channels, the value is AWS_SERVICE.
[$sel:type':Destination'] :: Destination -> DestinationType
-- | For service-linked channels, the value is the name of the Amazon Web
-- Services service.
[$sel:location:Destination'] :: Destination -> Text
-- | Create a value of Destination with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:type':Destination', destination_type - The type of
-- destination for events arriving from a channel. For service-linked
-- channels, the value is AWS_SERVICE.
--
-- $sel:location:Destination', destination_location - For
-- service-linked channels, the value is the name of the Amazon Web
-- Services service.
newDestination :: DestinationType -> Text -> Destination
-- | The type of destination for events arriving from a channel. For
-- service-linked channels, the value is AWS_SERVICE.
destination_type :: Lens' Destination DestinationType
-- | For service-linked channels, the value is the name of the Amazon Web
-- Services service.
destination_location :: Lens' Destination Text
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Destination.Destination
instance GHC.Show.Show Amazonka.CloudTrail.Types.Destination.Destination
instance GHC.Read.Read Amazonka.CloudTrail.Types.Destination.Destination
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Destination.Destination
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Destination.Destination
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Destination.Destination
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Destination.Destination
module Amazonka.CloudTrail.Types.EventCategory
newtype EventCategory
EventCategory' :: Text -> EventCategory
[fromEventCategory] :: EventCategory -> Text
pattern EventCategory_Insight :: EventCategory
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance GHC.Read.Read Amazonka.CloudTrail.Types.EventCategory.EventCategory
instance GHC.Show.Show Amazonka.CloudTrail.Types.EventCategory.EventCategory
module Amazonka.CloudTrail.Types.EventDataStoreStatus
newtype EventDataStoreStatus
EventDataStoreStatus' :: Text -> EventDataStoreStatus
[fromEventDataStoreStatus] :: EventDataStoreStatus -> Text
pattern EventDataStoreStatus_CREATED :: EventDataStoreStatus
pattern EventDataStoreStatus_ENABLED :: EventDataStoreStatus
pattern EventDataStoreStatus_PENDING_DELETION :: EventDataStoreStatus
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance GHC.Read.Read Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
instance GHC.Show.Show Amazonka.CloudTrail.Types.EventDataStoreStatus.EventDataStoreStatus
module Amazonka.CloudTrail.Types.EventDataStore
-- | A storage lake of event data against which you can run complex
-- SQL-based queries. An event data store can include events that you
-- have logged on your account from the last 90 to 2557 days (about three
-- months to up to seven years). To select events for an event data
-- store, use advanced event selectors.
--
-- See: newEventDataStore smart constructor.
data EventDataStore
EventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> EventDataStore
-- | This field is being deprecated. The advanced event selectors that were
-- used to select events for the data store.
[$sel:advancedEventSelectors:EventDataStore'] :: EventDataStore -> Maybe [AdvancedEventSelector]
-- | This field is being deprecated. The timestamp of the event data
-- store's creation.
[$sel:createdTimestamp:EventDataStore'] :: EventDataStore -> Maybe POSIX
-- | The ARN of the event data store.
[$sel:eventDataStoreArn:EventDataStore'] :: EventDataStore -> Maybe Text
-- | This field is being deprecated. Indicates whether the event data store
-- includes events from all regions, or only from the region in which it
-- was created.
[$sel:multiRegionEnabled:EventDataStore'] :: EventDataStore -> Maybe Bool
-- | The name of the event data store.
[$sel:name:EventDataStore'] :: EventDataStore -> Maybe Text
-- | This field is being deprecated. Indicates that an event data store is
-- collecting logged events for an organization.
[$sel:organizationEnabled:EventDataStore'] :: EventDataStore -> Maybe Bool
-- | This field is being deprecated. The retention period, in days.
[$sel:retentionPeriod:EventDataStore'] :: EventDataStore -> Maybe Natural
-- | This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
[$sel:status:EventDataStore'] :: EventDataStore -> Maybe EventDataStoreStatus
-- | This field is being deprecated. Indicates whether the event data store
-- is protected from termination.
[$sel:terminationProtectionEnabled:EventDataStore'] :: EventDataStore -> Maybe Bool
-- | This field is being deprecated. The timestamp showing when an event
-- data store was updated, if applicable. UpdatedTimestamp is
-- always either the same or newer than the time shown in
-- CreatedTimestamp.
[$sel:updatedTimestamp:EventDataStore'] :: EventDataStore -> Maybe POSIX
-- | Create a value of EventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:advancedEventSelectors:EventDataStore',
-- eventDataStore_advancedEventSelectors - This field is being
-- deprecated. The advanced event selectors that were used to select
-- events for the data store.
--
-- $sel:createdTimestamp:EventDataStore',
-- eventDataStore_createdTimestamp - This field is being
-- deprecated. The timestamp of the event data store's creation.
--
-- $sel:eventDataStoreArn:EventDataStore',
-- eventDataStore_eventDataStoreArn - The ARN of the event data
-- store.
--
-- $sel:multiRegionEnabled:EventDataStore',
-- eventDataStore_multiRegionEnabled - This field is being
-- deprecated. Indicates whether the event data store includes events
-- from all regions, or only from the region in which it was created.
--
-- EventDataStore, eventDataStore_name - The name of the
-- event data store.
--
-- $sel:organizationEnabled:EventDataStore',
-- eventDataStore_organizationEnabled - This field is being
-- deprecated. Indicates that an event data store is collecting logged
-- events for an organization.
--
-- $sel:retentionPeriod:EventDataStore',
-- eventDataStore_retentionPeriod - This field is being
-- deprecated. The retention period, in days.
--
-- $sel:status:EventDataStore', eventDataStore_status -
-- This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
--
-- $sel:terminationProtectionEnabled:EventDataStore',
-- eventDataStore_terminationProtectionEnabled - This field is
-- being deprecated. Indicates whether the event data store is protected
-- from termination.
--
-- $sel:updatedTimestamp:EventDataStore',
-- eventDataStore_updatedTimestamp - This field is being
-- deprecated. The timestamp showing when an event data store was
-- updated, if applicable. UpdatedTimestamp is always either the
-- same or newer than the time shown in CreatedTimestamp.
newEventDataStore :: EventDataStore
-- | This field is being deprecated. The advanced event selectors that were
-- used to select events for the data store.
eventDataStore_advancedEventSelectors :: Lens' EventDataStore (Maybe [AdvancedEventSelector])
-- | This field is being deprecated. The timestamp of the event data
-- store's creation.
eventDataStore_createdTimestamp :: Lens' EventDataStore (Maybe UTCTime)
-- | The ARN of the event data store.
eventDataStore_eventDataStoreArn :: Lens' EventDataStore (Maybe Text)
-- | This field is being deprecated. Indicates whether the event data store
-- includes events from all regions, or only from the region in which it
-- was created.
eventDataStore_multiRegionEnabled :: Lens' EventDataStore (Maybe Bool)
-- | The name of the event data store.
eventDataStore_name :: Lens' EventDataStore (Maybe Text)
-- | This field is being deprecated. Indicates that an event data store is
-- collecting logged events for an organization.
eventDataStore_organizationEnabled :: Lens' EventDataStore (Maybe Bool)
-- | This field is being deprecated. The retention period, in days.
eventDataStore_retentionPeriod :: Lens' EventDataStore (Maybe Natural)
-- | This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
eventDataStore_status :: Lens' EventDataStore (Maybe EventDataStoreStatus)
-- | This field is being deprecated. Indicates whether the event data store
-- is protected from termination.
eventDataStore_terminationProtectionEnabled :: Lens' EventDataStore (Maybe Bool)
-- | This field is being deprecated. The timestamp showing when an event
-- data store was updated, if applicable. UpdatedTimestamp is
-- always either the same or newer than the time shown in
-- CreatedTimestamp.
eventDataStore_updatedTimestamp :: Lens' EventDataStore (Maybe UTCTime)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
instance GHC.Show.Show Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
instance GHC.Read.Read Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.EventDataStore.EventDataStore
module Amazonka.CloudTrail.Types.ImportFailureStatus
newtype ImportFailureStatus
ImportFailureStatus' :: Text -> ImportFailureStatus
[fromImportFailureStatus] :: ImportFailureStatus -> Text
pattern ImportFailureStatus_FAILED :: ImportFailureStatus
pattern ImportFailureStatus_RETRY :: ImportFailureStatus
pattern ImportFailureStatus_SUCCEEDED :: ImportFailureStatus
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance GHC.Read.Read Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
instance GHC.Show.Show Amazonka.CloudTrail.Types.ImportFailureStatus.ImportFailureStatus
module Amazonka.CloudTrail.Types.ImportFailureListItem
-- | Provides information about an import failure.
--
-- See: newImportFailureListItem smart constructor.
data ImportFailureListItem
ImportFailureListItem' :: Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe ImportFailureStatus -> ImportFailureListItem
-- | Provides the reason the import failed.
[$sel:errorMessage:ImportFailureListItem'] :: ImportFailureListItem -> Maybe Text
-- | The type of import error.
[$sel:errorType:ImportFailureListItem'] :: ImportFailureListItem -> Maybe Text
-- | When the import was last updated.
[$sel:lastUpdatedTime:ImportFailureListItem'] :: ImportFailureListItem -> Maybe POSIX
-- | The location of the failure in the S3 bucket.
[$sel:location:ImportFailureListItem'] :: ImportFailureListItem -> Maybe Text
-- | The status of the import.
[$sel:status:ImportFailureListItem'] :: ImportFailureListItem -> Maybe ImportFailureStatus
-- | Create a value of ImportFailureListItem with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:errorMessage:ImportFailureListItem',
-- importFailureListItem_errorMessage - Provides the reason the
-- import failed.
--
-- $sel:errorType:ImportFailureListItem',
-- importFailureListItem_errorType - The type of import error.
--
-- $sel:lastUpdatedTime:ImportFailureListItem',
-- importFailureListItem_lastUpdatedTime - When the import was
-- last updated.
--
-- $sel:location:ImportFailureListItem',
-- importFailureListItem_location - The location of the failure in
-- the S3 bucket.
--
-- $sel:status:ImportFailureListItem',
-- importFailureListItem_status - The status of the import.
newImportFailureListItem :: ImportFailureListItem
-- | Provides the reason the import failed.
importFailureListItem_errorMessage :: Lens' ImportFailureListItem (Maybe Text)
-- | The type of import error.
importFailureListItem_errorType :: Lens' ImportFailureListItem (Maybe Text)
-- | When the import was last updated.
importFailureListItem_lastUpdatedTime :: Lens' ImportFailureListItem (Maybe UTCTime)
-- | The location of the failure in the S3 bucket.
importFailureListItem_location :: Lens' ImportFailureListItem (Maybe Text)
-- | The status of the import.
importFailureListItem_status :: Lens' ImportFailureListItem (Maybe ImportFailureStatus)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
instance GHC.Show.Show Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
instance GHC.Read.Read Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ImportFailureListItem.ImportFailureListItem
module Amazonka.CloudTrail.Types.ImportStatistics
-- | Provides statistics for the specified ImportID. CloudTrail
-- does not update import statistics in real-time. Returned values for
-- parameters such as EventsCompleted may be lower than the
-- actual value, because CloudTrail updates statistics incrementally over
-- the course of the import.
--
-- See: newImportStatistics smart constructor.
data ImportStatistics
ImportStatistics' :: Maybe Integer -> Maybe Integer -> Maybe Integer -> Maybe Integer -> Maybe Integer -> ImportStatistics
-- | The number of trail events imported into the event data store.
[$sel:eventsCompleted:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of failed entries.
[$sel:failedEntries:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of log files that completed import.
[$sel:filesCompleted:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of S3 prefixes that completed import.
[$sel:prefixesCompleted:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of S3 prefixes found for the import.
[$sel:prefixesFound:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | Create a value of ImportStatistics with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventsCompleted:ImportStatistics',
-- importStatistics_eventsCompleted - The number of trail events
-- imported into the event data store.
--
-- $sel:failedEntries:ImportStatistics',
-- importStatistics_failedEntries - The number of failed entries.
--
-- $sel:filesCompleted:ImportStatistics',
-- importStatistics_filesCompleted - The number of log files that
-- completed import.
--
-- $sel:prefixesCompleted:ImportStatistics',
-- importStatistics_prefixesCompleted - The number of S3 prefixes
-- that completed import.
--
-- $sel:prefixesFound:ImportStatistics',
-- importStatistics_prefixesFound - The number of S3 prefixes
-- found for the import.
newImportStatistics :: ImportStatistics
-- | The number of trail events imported into the event data store.
importStatistics_eventsCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of failed entries.
importStatistics_failedEntries :: Lens' ImportStatistics (Maybe Integer)
-- | The number of log files that completed import.
importStatistics_filesCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of S3 prefixes that completed import.
importStatistics_prefixesCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of S3 prefixes found for the import.
importStatistics_prefixesFound :: Lens' ImportStatistics (Maybe Integer)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
instance GHC.Show.Show Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
instance GHC.Read.Read Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ImportStatistics.ImportStatistics
module Amazonka.CloudTrail.Types.ImportStatus
newtype ImportStatus
ImportStatus' :: Text -> ImportStatus
[fromImportStatus] :: ImportStatus -> Text
pattern ImportStatus_COMPLETED :: ImportStatus
pattern ImportStatus_FAILED :: ImportStatus
pattern ImportStatus_INITIALIZING :: ImportStatus
pattern ImportStatus_IN_PROGRESS :: ImportStatus
pattern ImportStatus_STOPPED :: ImportStatus
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance GHC.Read.Read Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
instance GHC.Show.Show Amazonka.CloudTrail.Types.ImportStatus.ImportStatus
module Amazonka.CloudTrail.Types.ImportsListItem
-- | Contains information about an import that was returned by a lookup
-- request.
--
-- See: newImportsListItem smart constructor.
data ImportsListItem
ImportsListItem' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe Text -> Maybe ImportStatus -> Maybe POSIX -> ImportsListItem
-- | The timestamp of the import's creation.
[$sel:createdTimestamp:ImportsListItem'] :: ImportsListItem -> Maybe POSIX
-- | The ARN of the destination event data store.
[$sel:destinations:ImportsListItem'] :: ImportsListItem -> Maybe (NonEmpty Text)
-- | The ID of the import.
[$sel:importId:ImportsListItem'] :: ImportsListItem -> Maybe Text
-- | The status of the import.
[$sel:importStatus:ImportsListItem'] :: ImportsListItem -> Maybe ImportStatus
-- | The timestamp of the import's last update.
[$sel:updatedTimestamp:ImportsListItem'] :: ImportsListItem -> Maybe POSIX
-- | Create a value of ImportsListItem with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:createdTimestamp:ImportsListItem',
-- importsListItem_createdTimestamp - The timestamp of the
-- import's creation.
--
-- $sel:destinations:ImportsListItem',
-- importsListItem_destinations - The ARN of the destination event
-- data store.
--
-- $sel:importId:ImportsListItem', importsListItem_importId
-- - The ID of the import.
--
-- $sel:importStatus:ImportsListItem',
-- importsListItem_importStatus - The status of the import.
--
-- $sel:updatedTimestamp:ImportsListItem',
-- importsListItem_updatedTimestamp - The timestamp of the
-- import's last update.
newImportsListItem :: ImportsListItem
-- | The timestamp of the import's creation.
importsListItem_createdTimestamp :: Lens' ImportsListItem (Maybe UTCTime)
-- | The ARN of the destination event data store.
importsListItem_destinations :: Lens' ImportsListItem (Maybe (NonEmpty Text))
-- | The ID of the import.
importsListItem_importId :: Lens' ImportsListItem (Maybe Text)
-- | The status of the import.
importsListItem_importStatus :: Lens' ImportsListItem (Maybe ImportStatus)
-- | The timestamp of the import's last update.
importsListItem_updatedTimestamp :: Lens' ImportsListItem (Maybe UTCTime)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
instance GHC.Show.Show Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
instance GHC.Read.Read Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ImportsListItem.ImportsListItem
module Amazonka.CloudTrail.Types.InsightType
newtype InsightType
InsightType' :: Text -> InsightType
[fromInsightType] :: InsightType -> Text
pattern InsightType_ApiCallRateInsight :: InsightType
pattern InsightType_ApiErrorRateInsight :: InsightType
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.InsightType.InsightType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.InsightType.InsightType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.InsightType.InsightType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.InsightType.InsightType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.InsightType.InsightType
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.InsightType.InsightType
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.InsightType.InsightType
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.InsightType.InsightType
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.InsightType.InsightType
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.InsightType.InsightType
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.InsightType.InsightType
instance GHC.Read.Read Amazonka.CloudTrail.Types.InsightType.InsightType
instance GHC.Show.Show Amazonka.CloudTrail.Types.InsightType.InsightType
module Amazonka.CloudTrail.Types.InsightSelector
-- | A JSON string that contains a list of insight types that are logged on
-- a trail.
--
-- See: newInsightSelector smart constructor.
data InsightSelector
InsightSelector' :: Maybe InsightType -> InsightSelector
-- | The type of insights to log on a trail. ApiCallRateInsight
-- and ApiErrorRateInsight are valid insight types.
[$sel:insightType:InsightSelector'] :: InsightSelector -> Maybe InsightType
-- | Create a value of InsightSelector with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:insightType:InsightSelector',
-- insightSelector_insightType - The type of insights to log on a
-- trail. ApiCallRateInsight and ApiErrorRateInsight
-- are valid insight types.
newInsightSelector :: InsightSelector
-- | The type of insights to log on a trail. ApiCallRateInsight
-- and ApiErrorRateInsight are valid insight types.
insightSelector_insightType :: Lens' InsightSelector (Maybe InsightType)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance GHC.Show.Show Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance GHC.Read.Read Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.InsightSelector.InsightSelector
module Amazonka.CloudTrail.Types.LookupAttributeKey
newtype LookupAttributeKey
LookupAttributeKey' :: Text -> LookupAttributeKey
[fromLookupAttributeKey] :: LookupAttributeKey -> Text
pattern LookupAttributeKey_AccessKeyId :: LookupAttributeKey
pattern LookupAttributeKey_EventId :: LookupAttributeKey
pattern LookupAttributeKey_EventName :: LookupAttributeKey
pattern LookupAttributeKey_EventSource :: LookupAttributeKey
pattern LookupAttributeKey_ReadOnly :: LookupAttributeKey
pattern LookupAttributeKey_ResourceName :: LookupAttributeKey
pattern LookupAttributeKey_ResourceType :: LookupAttributeKey
pattern LookupAttributeKey_Username :: LookupAttributeKey
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance GHC.Read.Read Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
instance GHC.Show.Show Amazonka.CloudTrail.Types.LookupAttributeKey.LookupAttributeKey
module Amazonka.CloudTrail.Types.LookupAttribute
-- | Specifies an attribute and value that filter the events returned.
--
-- See: newLookupAttribute smart constructor.
data LookupAttribute
LookupAttribute' :: LookupAttributeKey -> Text -> LookupAttribute
-- | Specifies an attribute on which to filter the events returned.
[$sel:attributeKey:LookupAttribute'] :: LookupAttribute -> LookupAttributeKey
-- | Specifies a value for the specified AttributeKey.
[$sel:attributeValue:LookupAttribute'] :: LookupAttribute -> Text
-- | Create a value of LookupAttribute with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:attributeKey:LookupAttribute',
-- lookupAttribute_attributeKey - Specifies an attribute on which
-- to filter the events returned.
--
-- $sel:attributeValue:LookupAttribute',
-- lookupAttribute_attributeValue - Specifies a value for the
-- specified AttributeKey.
newLookupAttribute :: LookupAttributeKey -> Text -> LookupAttribute
-- | Specifies an attribute on which to filter the events returned.
lookupAttribute_attributeKey :: Lens' LookupAttribute LookupAttributeKey
-- | Specifies a value for the specified AttributeKey.
lookupAttribute_attributeValue :: Lens' LookupAttribute Text
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
instance GHC.Show.Show Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
instance GHC.Read.Read Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.LookupAttribute.LookupAttribute
module Amazonka.CloudTrail.Types.PublicKey
-- | Contains information about a returned public key.
--
-- See: newPublicKey smart constructor.
data PublicKey
PublicKey' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Base64 -> PublicKey
-- | The fingerprint of the public key.
[$sel:fingerprint:PublicKey'] :: PublicKey -> Maybe Text
-- | The ending time of validity of the public key.
[$sel:validityEndTime:PublicKey'] :: PublicKey -> Maybe POSIX
-- | The starting time of validity of the public key.
[$sel:validityStartTime:PublicKey'] :: PublicKey -> Maybe POSIX
-- | The DER encoded public key value in PKCS#1 format.
[$sel:value:PublicKey'] :: PublicKey -> Maybe Base64
-- | Create a value of PublicKey with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:fingerprint:PublicKey', publicKey_fingerprint - The
-- fingerprint of the public key.
--
-- $sel:validityEndTime:PublicKey',
-- publicKey_validityEndTime - The ending time of validity of the
-- public key.
--
-- $sel:validityStartTime:PublicKey',
-- publicKey_validityStartTime - The starting time of validity of
-- the public key.
--
-- $sel:value:PublicKey', publicKey_value - The DER encoded
-- public key value in PKCS#1 format.-- -- Note: This
-- Lens automatically encodes and decodes Base64 data. -- The
-- underlying isomorphism will encode to Base64 representation during --
-- serialisation, and decode from Base64 representation during
-- deserialisation. -- This Lens accepts and returns only raw
-- unencoded data.
newPublicKey :: PublicKey
-- | The fingerprint of the public key.
publicKey_fingerprint :: Lens' PublicKey (Maybe Text)
-- | The ending time of validity of the public key.
publicKey_validityEndTime :: Lens' PublicKey (Maybe UTCTime)
-- | The starting time of validity of the public key.
publicKey_validityStartTime :: Lens' PublicKey (Maybe UTCTime)
-- | The DER encoded public key value in PKCS#1 format.-- -- Note:
-- This Lens automatically encodes and decodes Base64 data. --
-- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during
-- deserialisation. -- This Lens accepts and returns only raw
-- unencoded data.
publicKey_value :: Lens' PublicKey (Maybe ByteString)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.PublicKey.PublicKey
instance GHC.Show.Show Amazonka.CloudTrail.Types.PublicKey.PublicKey
instance GHC.Read.Read Amazonka.CloudTrail.Types.PublicKey.PublicKey
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.PublicKey.PublicKey
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.PublicKey.PublicKey
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.PublicKey.PublicKey
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.PublicKey.PublicKey
module Amazonka.CloudTrail.Types.QueryStatistics
-- | Metadata about a query, such as the number of results.
--
-- See: newQueryStatistics smart constructor.
data QueryStatistics
QueryStatistics' :: Maybe Integer -> Maybe Int -> Maybe Int -> QueryStatistics
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
[$sel:bytesScanned:QueryStatistics'] :: QueryStatistics -> Maybe Integer
-- | The number of results returned.
[$sel:resultsCount:QueryStatistics'] :: QueryStatistics -> Maybe Int
-- | The total number of results returned by a query.
[$sel:totalResultsCount:QueryStatistics'] :: QueryStatistics -> Maybe Int
-- | Create a value of QueryStatistics with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:bytesScanned:QueryStatistics',
-- queryStatistics_bytesScanned - The total bytes that the query
-- scanned in the event data store. This value matches the number of
-- bytes for which your account is billed for the query, unless the query
-- is still running.
--
-- $sel:resultsCount:QueryStatistics',
-- queryStatistics_resultsCount - The number of results returned.
--
-- $sel:totalResultsCount:QueryStatistics',
-- queryStatistics_totalResultsCount - The total number of results
-- returned by a query.
newQueryStatistics :: QueryStatistics
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
queryStatistics_bytesScanned :: Lens' QueryStatistics (Maybe Integer)
-- | The number of results returned.
queryStatistics_resultsCount :: Lens' QueryStatistics (Maybe Int)
-- | The total number of results returned by a query.
queryStatistics_totalResultsCount :: Lens' QueryStatistics (Maybe Int)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
instance GHC.Show.Show Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
instance GHC.Read.Read Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.QueryStatistics.QueryStatistics
module Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery
-- | Gets metadata about a query, including the number of events that were
-- matched, the total number of events scanned, the query run time in
-- milliseconds, and the query's creation time.
--
-- See: newQueryStatisticsForDescribeQuery smart
-- constructor.
data QueryStatisticsForDescribeQuery
QueryStatisticsForDescribeQuery' :: Maybe Integer -> Maybe POSIX -> Maybe Integer -> Maybe Integer -> Maybe Int -> QueryStatisticsForDescribeQuery
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
[$sel:bytesScanned:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Integer
-- | The creation time of the query.
[$sel:creationTime:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe POSIX
-- | The number of events that matched a query.
[$sel:eventsMatched:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Integer
-- | The number of events that the query scanned in the event data store.
[$sel:eventsScanned:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Integer
-- | The query's run time, in milliseconds.
[$sel:executionTimeInMillis:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Int
-- | Create a value of QueryStatisticsForDescribeQuery with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:bytesScanned:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_bytesScanned - The total bytes
-- that the query scanned in the event data store. This value matches the
-- number of bytes for which your account is billed for the query, unless
-- the query is still running.
--
-- $sel:creationTime:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_creationTime - The creation
-- time of the query.
--
-- $sel:eventsMatched:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_eventsMatched - The number of
-- events that matched a query.
--
-- $sel:eventsScanned:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_eventsScanned - The number of
-- events that the query scanned in the event data store.
--
-- $sel:executionTimeInMillis:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_executionTimeInMillis - The
-- query's run time, in milliseconds.
newQueryStatisticsForDescribeQuery :: QueryStatisticsForDescribeQuery
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
queryStatisticsForDescribeQuery_bytesScanned :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The creation time of the query.
queryStatisticsForDescribeQuery_creationTime :: Lens' QueryStatisticsForDescribeQuery (Maybe UTCTime)
-- | The number of events that matched a query.
queryStatisticsForDescribeQuery_eventsMatched :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The number of events that the query scanned in the event data store.
queryStatisticsForDescribeQuery_eventsScanned :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The query's run time, in milliseconds.
queryStatisticsForDescribeQuery_executionTimeInMillis :: Lens' QueryStatisticsForDescribeQuery (Maybe Int)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
instance GHC.Show.Show Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
instance GHC.Read.Read Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.QueryStatisticsForDescribeQuery.QueryStatisticsForDescribeQuery
module Amazonka.CloudTrail.Types.QueryStatus
newtype QueryStatus
QueryStatus' :: Text -> QueryStatus
[fromQueryStatus] :: QueryStatus -> Text
pattern QueryStatus_CANCELLED :: QueryStatus
pattern QueryStatus_FAILED :: QueryStatus
pattern QueryStatus_FINISHED :: QueryStatus
pattern QueryStatus_QUEUED :: QueryStatus
pattern QueryStatus_RUNNING :: QueryStatus
pattern QueryStatus_TIMED_OUT :: QueryStatus
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance GHC.Read.Read Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
instance GHC.Show.Show Amazonka.CloudTrail.Types.QueryStatus.QueryStatus
module Amazonka.CloudTrail.Types.Query
-- | A SQL string of criteria about events that you want to collect in an
-- event data store.
--
-- See: newQuery smart constructor.
data Query
Query' :: Maybe POSIX -> Maybe Text -> Maybe QueryStatus -> Query
-- | The creation time of a query.
[$sel:creationTime:Query'] :: Query -> Maybe POSIX
-- | The ID of a query.
[$sel:queryId:Query'] :: Query -> Maybe Text
-- | The status of the query. This can be QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
[$sel:queryStatus:Query'] :: Query -> Maybe QueryStatus
-- | Create a value of Query with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:creationTime:Query', query_creationTime - The
-- creation time of a query.
--
-- $sel:queryId:Query', query_queryId - The ID of a query.
--
-- $sel:queryStatus:Query', query_queryStatus - The status
-- of the query. This can be QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
newQuery :: Query
-- | The creation time of a query.
query_creationTime :: Lens' Query (Maybe UTCTime)
-- | The ID of a query.
query_queryId :: Lens' Query (Maybe Text)
-- | The status of the query. This can be QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
query_queryStatus :: Lens' Query (Maybe QueryStatus)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Query.Query
instance GHC.Show.Show Amazonka.CloudTrail.Types.Query.Query
instance GHC.Read.Read Amazonka.CloudTrail.Types.Query.Query
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Query.Query
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Query.Query
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Query.Query
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Query.Query
module Amazonka.CloudTrail.Types.ReadWriteType
newtype ReadWriteType
ReadWriteType' :: Text -> ReadWriteType
[fromReadWriteType] :: ReadWriteType -> Text
pattern ReadWriteType_All :: ReadWriteType
pattern ReadWriteType_ReadOnly :: ReadWriteType
pattern ReadWriteType_WriteOnly :: ReadWriteType
instance Amazonka.Data.XML.ToXML Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.XML.FromXML Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.Headers.ToHeader Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.Log.ToLog Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.ByteString.ToByteString Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.Text.ToText Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Amazonka.Data.Text.FromText Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance GHC.Classes.Ord Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance GHC.Read.Read Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
instance GHC.Show.Show Amazonka.CloudTrail.Types.ReadWriteType.ReadWriteType
module Amazonka.CloudTrail.Types.EventSelector
-- | Use event selectors to further specify the management and data event
-- settings for your trail. By default, trails created without specific
-- event selectors will be configured to log all read and write
-- management events, and no data events. When an event occurs in your
-- account, CloudTrail evaluates the event selector for all trails. For
-- each trail, if the event matches any event selector, the trail
-- processes and logs the event. If the event doesn't match any event
-- selector, the trail doesn't log the event.
--
-- You can configure up to five event selectors for a trail.
--
-- You cannot apply both event selectors and advanced event selectors to
-- a trail.
--
-- See: newEventSelector smart constructor.
data EventSelector
EventSelector' :: Maybe [DataResource] -> Maybe [Text] -> Maybe Bool -> Maybe ReadWriteType -> EventSelector
-- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
[$sel:dataResources:EventSelector'] :: EventSelector -> Maybe [DataResource]
-- | An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the
-- list can be empty (disables the filter), or it can filter out Key
-- Management Service or Amazon RDS Data API events by containing
-- kms.amazonaws.com or rdsdata.amazonaws.com. By
-- default, ExcludeManagementEventSources is empty, and KMS and
-- Amazon RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
[$sel:excludeManagementEventSources:EventSelector'] :: EventSelector -> Maybe [Text]
-- | Specify if you want your event selector to include management events
-- for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
[$sel:includeManagementEvents:EventSelector'] :: EventSelector -> Maybe Bool
-- | Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 GetConsoleOutput is a
-- read-only API operation and RunInstances is a write-only API
-- operation.
--
-- By default, the value is All.
[$sel:readWriteType:EventSelector'] :: EventSelector -> Maybe ReadWriteType
-- | Create a value of EventSelector with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:dataResources:EventSelector',
-- eventSelector_dataResources - CloudTrail supports data event
-- logging for Amazon S3 objects, Lambda functions, and Amazon DynamoDB
-- tables with basic event selectors. You can specify up to 250 resources
-- for an individual event selector, but the total number of data
-- resources cannot exceed 250 across all event selectors in a trail.
-- This limit does not apply if you configure resource logging for all
-- data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
--
-- $sel:excludeManagementEventSources:EventSelector',
-- eventSelector_excludeManagementEventSources - An optional list
-- of service event sources from which you do not want management events
-- to be logged on your trail. In this release, the list can be empty
-- (disables the filter), or it can filter out Key Management Service or
-- Amazon RDS Data API events by containing kms.amazonaws.com or
-- rdsdata.amazonaws.com. By default,
-- ExcludeManagementEventSources is empty, and KMS and Amazon
-- RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
--
-- $sel:includeManagementEvents:EventSelector',
-- eventSelector_includeManagementEvents - Specify if you want
-- your event selector to include management events for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
--
-- $sel:readWriteType:EventSelector',
-- eventSelector_readWriteType - Specify if you want your trail to
-- log read-only events, write-only events, or all. For example, the EC2
-- GetConsoleOutput is a read-only API operation and
-- RunInstances is a write-only API operation.
--
-- By default, the value is All.
newEventSelector :: EventSelector
-- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
eventSelector_dataResources :: Lens' EventSelector (Maybe [DataResource])
-- | An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the
-- list can be empty (disables the filter), or it can filter out Key
-- Management Service or Amazon RDS Data API events by containing
-- kms.amazonaws.com or rdsdata.amazonaws.com. By
-- default, ExcludeManagementEventSources is empty, and KMS and
-- Amazon RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
eventSelector_excludeManagementEventSources :: Lens' EventSelector (Maybe [Text])
-- | Specify if you want your event selector to include management events
-- for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
eventSelector_includeManagementEvents :: Lens' EventSelector (Maybe Bool)
-- | Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 GetConsoleOutput is a
-- read-only API operation and RunInstances is a write-only API
-- operation.
--
-- By default, the value is All.
eventSelector_readWriteType :: Lens' EventSelector (Maybe ReadWriteType)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance GHC.Show.Show Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance GHC.Read.Read Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.EventSelector.EventSelector
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.EventSelector.EventSelector
module Amazonka.CloudTrail.Types.Resource
-- | Specifies the type and name of a resource referenced by an event.
--
-- See: newResource smart constructor.
data Resource
Resource' :: Maybe Text -> Maybe Text -> Resource
-- | The name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
[$sel:resourceName:Resource'] :: Resource -> Maybe Text
-- | The type of a resource referenced by the event returned. When the
-- resource type cannot be determined, null is returned. Some examples of
-- resource types are: Instance for EC2, Trail for
-- CloudTrail, DBInstance for Amazon RDS, and AccessKey for
-- IAM. To learn more about how to look up and filter events by the
-- resource types supported for a service, see Filtering CloudTrail
-- Events.
[$sel:resourceType:Resource'] :: Resource -> Maybe Text
-- | Create a value of Resource with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:resourceName:Resource', resource_resourceName - The
-- name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
--
-- $sel:resourceType:Resource', resource_resourceType - The
-- type of a resource referenced by the event returned. When the resource
-- type cannot be determined, null is returned. Some examples of resource
-- types are: Instance for EC2, Trail for CloudTrail,
-- DBInstance for Amazon RDS, and AccessKey for IAM. To
-- learn more about how to look up and filter events by the resource
-- types supported for a service, see Filtering CloudTrail Events.
newResource :: Resource
-- | The name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
resource_resourceName :: Lens' Resource (Maybe Text)
-- | The type of a resource referenced by the event returned. When the
-- resource type cannot be determined, null is returned. Some examples of
-- resource types are: Instance for EC2, Trail for
-- CloudTrail, DBInstance for Amazon RDS, and AccessKey for
-- IAM. To learn more about how to look up and filter events by the
-- resource types supported for a service, see Filtering CloudTrail
-- Events.
resource_resourceType :: Lens' Resource (Maybe Text)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Resource.Resource
instance GHC.Show.Show Amazonka.CloudTrail.Types.Resource.Resource
instance GHC.Read.Read Amazonka.CloudTrail.Types.Resource.Resource
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Resource.Resource
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Resource.Resource
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Resource.Resource
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Resource.Resource
module Amazonka.CloudTrail.Types.Event
-- | Contains information about an event that was returned by a lookup
-- request. The result includes a representation of a CloudTrail event.
--
-- See: newEvent smart constructor.
data Event
Event' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe [Resource] -> Maybe Text -> Event
-- | The Amazon Web Services access key ID that was used to sign the
-- request. If the request was made with temporary security credentials,
-- this is the access key ID of the temporary credentials.
[$sel:accessKeyId:Event'] :: Event -> Maybe Text
-- | A JSON string that contains a representation of the event returned.
[$sel:cloudTrailEvent:Event'] :: Event -> Maybe Text
-- | The CloudTrail ID of the event returned.
[$sel:eventId:Event'] :: Event -> Maybe Text
-- | The name of the event returned.
[$sel:eventName:Event'] :: Event -> Maybe Text
-- | The Amazon Web Services service to which the request was made.
[$sel:eventSource:Event'] :: Event -> Maybe Text
-- | The date and time of the event returned.
[$sel:eventTime:Event'] :: Event -> Maybe POSIX
-- | Information about whether the event is a write event or a read event.
[$sel:readOnly:Event'] :: Event -> Maybe Text
-- | A list of resources referenced by the event returned.
[$sel:resources:Event'] :: Event -> Maybe [Resource]
-- | A user name or role name of the requester that called the API in the
-- event returned.
[$sel:username:Event'] :: Event -> Maybe Text
-- | Create a value of Event with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:accessKeyId:Event', event_accessKeyId - The Amazon
-- Web Services access key ID that was used to sign the request. If the
-- request was made with temporary security credentials, this is the
-- access key ID of the temporary credentials.
--
-- $sel:cloudTrailEvent:Event', event_cloudTrailEvent - A
-- JSON string that contains a representation of the event returned.
--
-- $sel:eventId:Event', event_eventId - The CloudTrail ID
-- of the event returned.
--
-- $sel:eventName:Event', event_eventName - The name of the
-- event returned.
--
-- $sel:eventSource:Event', event_eventSource - The Amazon
-- Web Services service to which the request was made.
--
-- $sel:eventTime:Event', event_eventTime - The date and
-- time of the event returned.
--
-- $sel:readOnly:Event', event_readOnly - Information about
-- whether the event is a write event or a read event.
--
-- $sel:resources:Event', event_resources - A list of
-- resources referenced by the event returned.
--
-- $sel:username:Event', event_username - A user name or
-- role name of the requester that called the API in the event returned.
newEvent :: Event
-- | The Amazon Web Services access key ID that was used to sign the
-- request. If the request was made with temporary security credentials,
-- this is the access key ID of the temporary credentials.
event_accessKeyId :: Lens' Event (Maybe Text)
-- | A JSON string that contains a representation of the event returned.
event_cloudTrailEvent :: Lens' Event (Maybe Text)
-- | The CloudTrail ID of the event returned.
event_eventId :: Lens' Event (Maybe Text)
-- | The name of the event returned.
event_eventName :: Lens' Event (Maybe Text)
-- | The Amazon Web Services service to which the request was made.
event_eventSource :: Lens' Event (Maybe Text)
-- | The date and time of the event returned.
event_eventTime :: Lens' Event (Maybe UTCTime)
-- | Information about whether the event is a write event or a read event.
event_readOnly :: Lens' Event (Maybe Text)
-- | A list of resources referenced by the event returned.
event_resources :: Lens' Event (Maybe [Resource])
-- | A user name or role name of the requester that called the API in the
-- event returned.
event_username :: Lens' Event (Maybe Text)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Event.Event
instance GHC.Show.Show Amazonka.CloudTrail.Types.Event.Event
instance GHC.Read.Read Amazonka.CloudTrail.Types.Event.Event
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Event.Event
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Event.Event
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Event.Event
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Event.Event
module Amazonka.CloudTrail.Types.S3ImportSource
-- | The settings for the source S3 bucket.
--
-- See: newS3ImportSource smart constructor.
data S3ImportSource
S3ImportSource' :: Text -> Text -> Text -> S3ImportSource
-- | The URI for the source S3 bucket.
[$sel:s3LocationUri:S3ImportSource'] :: S3ImportSource -> Text
-- | The region associated with the source S3 bucket.
[$sel:s3BucketRegion:S3ImportSource'] :: S3ImportSource -> Text
-- | The IAM ARN role used to access the source S3 bucket.
[$sel:s3BucketAccessRoleArn:S3ImportSource'] :: S3ImportSource -> Text
-- | Create a value of S3ImportSource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:s3LocationUri:S3ImportSource',
-- s3ImportSource_s3LocationUri - The URI for the source S3
-- bucket.
--
-- $sel:s3BucketRegion:S3ImportSource',
-- s3ImportSource_s3BucketRegion - The region associated with the
-- source S3 bucket.
--
-- $sel:s3BucketAccessRoleArn:S3ImportSource',
-- s3ImportSource_s3BucketAccessRoleArn - The IAM ARN role used to
-- access the source S3 bucket.
newS3ImportSource :: Text -> Text -> Text -> S3ImportSource
-- | The URI for the source S3 bucket.
s3ImportSource_s3LocationUri :: Lens' S3ImportSource Text
-- | The region associated with the source S3 bucket.
s3ImportSource_s3BucketRegion :: Lens' S3ImportSource Text
-- | The IAM ARN role used to access the source S3 bucket.
s3ImportSource_s3BucketAccessRoleArn :: Lens' S3ImportSource Text
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance GHC.Show.Show Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance GHC.Read.Read Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.S3ImportSource.S3ImportSource
module Amazonka.CloudTrail.Types.ImportSource
-- | The import source.
--
-- See: newImportSource smart constructor.
data ImportSource
ImportSource' :: S3ImportSource -> ImportSource
-- | The source S3 bucket.
[$sel:s3:ImportSource'] :: ImportSource -> S3ImportSource
-- | Create a value of ImportSource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:s3:ImportSource', importSource_s3 - The source S3
-- bucket.
newImportSource :: S3ImportSource -> ImportSource
-- | The source S3 bucket.
importSource_s3 :: Lens' ImportSource S3ImportSource
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance GHC.Show.Show Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance GHC.Read.Read Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ImportSource.ImportSource
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.ImportSource.ImportSource
module Amazonka.CloudTrail.Types.SourceConfig
-- | Contains configuration information about the channel.
--
-- See: newSourceConfig smart constructor.
data SourceConfig
SourceConfig' :: Maybe [AdvancedEventSelector] -> Maybe Bool -> SourceConfig
-- | The advanced event selectors that are configured for the channel.
[$sel:advancedEventSelectors:SourceConfig'] :: SourceConfig -> Maybe [AdvancedEventSelector]
-- | Specifies whether the channel applies to a single region or to all
-- regions.
[$sel:applyToAllRegions:SourceConfig'] :: SourceConfig -> Maybe Bool
-- | Create a value of SourceConfig with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:advancedEventSelectors:SourceConfig',
-- sourceConfig_advancedEventSelectors - The advanced event
-- selectors that are configured for the channel.
--
-- $sel:applyToAllRegions:SourceConfig',
-- sourceConfig_applyToAllRegions - Specifies whether the channel
-- applies to a single region or to all regions.
newSourceConfig :: SourceConfig
-- | The advanced event selectors that are configured for the channel.
sourceConfig_advancedEventSelectors :: Lens' SourceConfig (Maybe [AdvancedEventSelector])
-- | Specifies whether the channel applies to a single region or to all
-- regions.
sourceConfig_applyToAllRegions :: Lens' SourceConfig (Maybe Bool)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
instance GHC.Show.Show Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
instance GHC.Read.Read Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.SourceConfig.SourceConfig
module Amazonka.CloudTrail.Types.Tag
-- | A custom key-value pair associated with a resource such as a
-- CloudTrail trail.
--
-- See: newTag smart constructor.
data Tag
Tag' :: Maybe Text -> Text -> Tag
-- | The value in a key-value pair of a tag. The value must be no longer
-- than 256 Unicode characters.
[$sel:value:Tag'] :: Tag -> Maybe Text
-- | The key in a key-value pair. The key must be must be no longer than
-- 128 Unicode characters. The key must be unique for the resource to
-- which it applies.
[$sel:key:Tag'] :: Tag -> Text
-- | Create a value of Tag with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:value:Tag', tag_value - The value in a key-value
-- pair of a tag. The value must be no longer than 256 Unicode
-- characters.
--
-- $sel:key:Tag', tag_key - The key in a key-value pair.
-- The key must be must be no longer than 128 Unicode characters. The key
-- must be unique for the resource to which it applies.
newTag :: Text -> Tag
-- | The value in a key-value pair of a tag. The value must be no longer
-- than 256 Unicode characters.
tag_value :: Lens' Tag (Maybe Text)
-- | The key in a key-value pair. The key must be must be no longer than
-- 128 Unicode characters. The key must be unique for the resource to
-- which it applies.
tag_key :: Lens' Tag Text
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Tag.Tag
instance GHC.Show.Show Amazonka.CloudTrail.Types.Tag.Tag
instance GHC.Read.Read Amazonka.CloudTrail.Types.Tag.Tag
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Tag.Tag
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Tag.Tag
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Tag.Tag
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Tag.Tag
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.Types.Tag.Tag
module Amazonka.CloudTrail.Types.ResourceTag
-- | A resource tag.
--
-- See: newResourceTag smart constructor.
data ResourceTag
ResourceTag' :: Maybe Text -> Maybe [Tag] -> ResourceTag
-- | Specifies the ARN of the resource.
[$sel:resourceId:ResourceTag'] :: ResourceTag -> Maybe Text
-- | A list of tags.
[$sel:tagsList:ResourceTag'] :: ResourceTag -> Maybe [Tag]
-- | Create a value of ResourceTag with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:resourceId:ResourceTag', resourceTag_resourceId -
-- Specifies the ARN of the resource.
--
-- $sel:tagsList:ResourceTag', resourceTag_tagsList - A
-- list of tags.
newResourceTag :: ResourceTag
-- | Specifies the ARN of the resource.
resourceTag_resourceId :: Lens' ResourceTag (Maybe Text)
-- | A list of tags.
resourceTag_tagsList :: Lens' ResourceTag (Maybe [Tag])
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
instance GHC.Show.Show Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
instance GHC.Read.Read Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.ResourceTag.ResourceTag
module Amazonka.CloudTrail.Types.Trail
-- | The settings for a trail.
--
-- See: newTrail smart constructor.
data Trail
Trail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Trail
-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
-- represents the log group to which CloudTrail logs will be delivered.
[$sel:cloudWatchLogsLogGroupArn:Trail'] :: Trail -> Maybe Text
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
[$sel:cloudWatchLogsRoleArn:Trail'] :: Trail -> Maybe Text
-- | Specifies if the trail has custom event selectors.
[$sel:hasCustomEventSelectors:Trail'] :: Trail -> Maybe Bool
-- | Specifies whether a trail has insight types specified in an
-- InsightSelector list.
[$sel:hasInsightSelectors:Trail'] :: Trail -> Maybe Bool
-- | The region in which the trail was created.
[$sel:homeRegion:Trail'] :: Trail -> Maybe Text
-- | Set to True to include Amazon Web Services API calls from
-- Amazon Web Services global services such as IAM. Otherwise,
-- False.
[$sel:includeGlobalServiceEvents:Trail'] :: Trail -> Maybe Bool
-- | Specifies whether the trail exists only in one region or exists in all
-- regions.
[$sel:isMultiRegionTrail:Trail'] :: Trail -> Maybe Bool
-- | Specifies whether the trail is an organization trail.
[$sel:isOrganizationTrail:Trail'] :: Trail -> Maybe Bool
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:Trail'] :: Trail -> Maybe Text
-- | Specifies whether log file validation is enabled.
[$sel:logFileValidationEnabled:Trail'] :: Trail -> Maybe Bool
-- | Name of the trail set by calling CreateTrail. The maximum length is
-- 128 characters.
[$sel:name:Trail'] :: Trail -> Maybe Text
-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
-- files. See Amazon S3 Bucket Naming Requirements.
[$sel:s3BucketName:Trail'] :: Trail -> Maybe Text
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
[$sel:s3KeyPrefix:Trail'] :: Trail -> Maybe Text
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
[$sel:snsTopicARN:Trail'] :: Trail -> Maybe Text
-- | This field is no longer in use. Use SnsTopicARN.
[$sel:snsTopicName:Trail'] :: Trail -> Maybe Text
-- | Specifies the ARN of the trail. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailARN:Trail'] :: Trail -> Maybe Text
-- | Create a value of Trail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:cloudWatchLogsLogGroupArn:Trail',
-- trail_cloudWatchLogsLogGroupArn - Specifies an Amazon Resource
-- Name (ARN), a unique identifier that represents the log group to which
-- CloudTrail logs will be delivered.
--
-- $sel:cloudWatchLogsRoleArn:Trail',
-- trail_cloudWatchLogsRoleArn - Specifies the role for the
-- CloudWatch Logs endpoint to assume to write to a user's log group.
--
-- $sel:hasCustomEventSelectors:Trail',
-- trail_hasCustomEventSelectors - Specifies if the trail has
-- custom event selectors.
--
-- $sel:hasInsightSelectors:Trail',
-- trail_hasInsightSelectors - Specifies whether a trail has
-- insight types specified in an InsightSelector list.
--
-- $sel:homeRegion:Trail', trail_homeRegion - The region in
-- which the trail was created.
--
-- $sel:includeGlobalServiceEvents:Trail',
-- trail_includeGlobalServiceEvents - Set to True to
-- include Amazon Web Services API calls from Amazon Web Services global
-- services such as IAM. Otherwise, False.
--
-- $sel:isMultiRegionTrail:Trail', trail_isMultiRegionTrail
-- - Specifies whether the trail exists only in one region or exists in
-- all regions.
--
-- $sel:isOrganizationTrail:Trail',
-- trail_isOrganizationTrail - Specifies whether the trail is an
-- organization trail.
--
-- $sel:kmsKeyId:Trail', trail_kmsKeyId - Specifies the KMS
-- key ID that encrypts the logs delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- $sel:logFileValidationEnabled:Trail',
-- trail_logFileValidationEnabled - Specifies whether log file
-- validation is enabled.
--
-- $sel:name:Trail', trail_name - Name of the trail set by
-- calling CreateTrail. The maximum length is 128 characters.
--
-- $sel:s3BucketName:Trail', trail_s3BucketName - Name of
-- the Amazon S3 bucket into which CloudTrail delivers your trail files.
-- See Amazon S3 Bucket Naming Requirements.
--
-- $sel:s3KeyPrefix:Trail', trail_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your CloudTrail Log Files. The maximum length is 200
-- characters.
--
-- $sel:snsTopicARN:Trail', trail_snsTopicARN - Specifies
-- the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- $sel:snsTopicName:Trail', trail_snsTopicName - This
-- field is no longer in use. Use SnsTopicARN.
--
-- $sel:trailARN:Trail', trail_trailARN - Specifies the ARN
-- of the trail. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newTrail :: Trail
-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
-- represents the log group to which CloudTrail logs will be delivered.
trail_cloudWatchLogsLogGroupArn :: Lens' Trail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
trail_cloudWatchLogsRoleArn :: Lens' Trail (Maybe Text)
-- | Specifies if the trail has custom event selectors.
trail_hasCustomEventSelectors :: Lens' Trail (Maybe Bool)
-- | Specifies whether a trail has insight types specified in an
-- InsightSelector list.
trail_hasInsightSelectors :: Lens' Trail (Maybe Bool)
-- | The region in which the trail was created.
trail_homeRegion :: Lens' Trail (Maybe Text)
-- | Set to True to include Amazon Web Services API calls from
-- Amazon Web Services global services such as IAM. Otherwise,
-- False.
trail_includeGlobalServiceEvents :: Lens' Trail (Maybe Bool)
-- | Specifies whether the trail exists only in one region or exists in all
-- regions.
trail_isMultiRegionTrail :: Lens' Trail (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
trail_isOrganizationTrail :: Lens' Trail (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
trail_kmsKeyId :: Lens' Trail (Maybe Text)
-- | Specifies whether log file validation is enabled.
trail_logFileValidationEnabled :: Lens' Trail (Maybe Bool)
-- | Name of the trail set by calling CreateTrail. The maximum length is
-- 128 characters.
trail_name :: Lens' Trail (Maybe Text)
-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
-- files. See Amazon S3 Bucket Naming Requirements.
trail_s3BucketName :: Lens' Trail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
trail_s3KeyPrefix :: Lens' Trail (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
trail_snsTopicARN :: Lens' Trail (Maybe Text)
-- | This field is no longer in use. Use SnsTopicARN.
trail_snsTopicName :: Lens' Trail (Maybe Text)
-- | Specifies the ARN of the trail. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
trail_trailARN :: Lens' Trail (Maybe Text)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.Trail.Trail
instance GHC.Show.Show Amazonka.CloudTrail.Types.Trail.Trail
instance GHC.Read.Read Amazonka.CloudTrail.Types.Trail.Trail
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.Trail.Trail
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.Trail.Trail
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.Trail.Trail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.Trail.Trail
module Amazonka.CloudTrail.Types.TrailInfo
-- | Information about a CloudTrail trail, including the trail's name, home
-- region, and Amazon Resource Name (ARN).
--
-- See: newTrailInfo smart constructor.
data TrailInfo
TrailInfo' :: Maybe Text -> Maybe Text -> Maybe Text -> TrailInfo
-- | The Amazon Web Services Region in which a trail was created.
[$sel:homeRegion:TrailInfo'] :: TrailInfo -> Maybe Text
-- | The name of a trail.
[$sel:name:TrailInfo'] :: TrailInfo -> Maybe Text
-- | The ARN of a trail.
[$sel:trailARN:TrailInfo'] :: TrailInfo -> Maybe Text
-- | Create a value of TrailInfo with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:homeRegion:TrailInfo', trailInfo_homeRegion - The
-- Amazon Web Services Region in which a trail was created.
--
-- $sel:name:TrailInfo', trailInfo_name - The name of a
-- trail.
--
-- $sel:trailARN:TrailInfo', trailInfo_trailARN - The ARN
-- of a trail.
newTrailInfo :: TrailInfo
-- | The Amazon Web Services Region in which a trail was created.
trailInfo_homeRegion :: Lens' TrailInfo (Maybe Text)
-- | The name of a trail.
trailInfo_name :: Lens' TrailInfo (Maybe Text)
-- | The ARN of a trail.
trailInfo_trailARN :: Lens' TrailInfo (Maybe Text)
instance GHC.Generics.Generic Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
instance GHC.Show.Show Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
instance GHC.Read.Read Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
instance GHC.Classes.Eq Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
instance Control.DeepSeq.NFData Amazonka.CloudTrail.Types.TrailInfo.TrailInfo
module Amazonka.CloudTrail.Types
-- | API version 2013-11-01 of the Amazon CloudTrail SDK
-- configuration.
defaultService :: Service
-- | This exception is thrown when you start a new import and a previous
-- import is still in progress.
_AccountHasOngoingImportException :: AsError a => Fold a ServiceError
-- | This exception is thrown when when the specified account is not found
-- or not part of an organization.
_AccountNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified account is not registered
-- as the CloudTrail delegated administrator.
_AccountNotRegisteredException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the account is already registered as the
-- CloudTrail delegated administrator.
_AccountRegisteredException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the management account of an
-- organization is registered as the CloudTrail delegated administrator.
_CannotDelegateManagementAccountException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified value of
-- ChannelARN is not valid.
_ChannelARNInvalidException :: AsError a => Fold a ServiceError
-- | The specified channel was not found.
_ChannelNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when an operation is called with a trail ARN
-- that is not valid. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
_CloudTrailARNInvalidException :: AsError a => Fold a ServiceError
-- | This exception is thrown when trusted access has not been enabled
-- between CloudTrail and Organizations. For more information, see
-- Enabling Trusted Access with Other Amazon Web Services Services
-- and Prepare For Creating a Trail For Your Organization.
_CloudTrailAccessNotEnabledException :: AsError a => Fold a ServiceError
-- | This exception is thrown when a call results in the
-- InvalidClientTokenId error code. This can occur when you are
-- creating or updating a trail to send notifications to an Amazon SNS
-- topic that is in a suspended Amazon Web Services account.
_CloudTrailInvalidClientTokenIdException :: AsError a => Fold a ServiceError
-- | Cannot set a CloudWatch Logs delivery for this region.
_CloudWatchLogsDeliveryUnavailableException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified resource is not ready for
-- an operation. This can occur when you try to run an operation on a
-- resource before CloudTrail has time to fully load the resource. If
-- this exception occurs, wait a few minutes, and then try the operation
-- again.
_ConflictException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the maximum number of CloudTrail
-- delegated administrators is reached.
_DelegatedAdminAccountLimitExceededException :: AsError a => Fold a ServiceError
-- | The specified event data store ARN is not valid or does not map to an
-- event data store in your account.
_EventDataStoreARNInvalidException :: AsError a => Fold a ServiceError
-- | An event data store with that name already exists.
_EventDataStoreAlreadyExistsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when you try to update or delete an event
-- data store that currently has an import in progress.
_EventDataStoreHasOngoingImportException :: AsError a => Fold a ServiceError
-- | Your account has used the maximum number of event data stores.
_EventDataStoreMaxLimitExceededException :: AsError a => Fold a ServiceError
-- | The specified event data store was not found.
_EventDataStoreNotFoundException :: AsError a => Fold a ServiceError
-- | The event data store cannot be deleted because termination protection
-- is enabled for it.
_EventDataStoreTerminationProtectedException :: AsError a => Fold a ServiceError
-- | The specified import was not found.
_ImportNotFoundException :: AsError a => Fold a ServiceError
-- | The event data store is inactive.
_InactiveEventDataStoreException :: AsError a => Fold a ServiceError
-- | The specified query cannot be canceled because it is in the
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED state.
_InactiveQueryException :: AsError a => Fold a ServiceError
-- | If you run GetInsightSelectors on a trail that does not have
-- Insights events enabled, the operation throws the exception
-- InsightNotEnabledException.
_InsightNotEnabledException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the IAM user or role that is used to
-- create the organization resource lacks one or more required
-- permissions for creating an organization resource in a required
-- service.
_InsufficientDependencyServiceAccessPermissionException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the policy on the S3 bucket or KMS key
-- does not have sufficient permissions for the operation.
_InsufficientEncryptionPolicyException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the policy on the S3 bucket is not
-- sufficient.
_InsufficientS3BucketPolicyException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the policy on the Amazon SNS topic is
-- not sufficient.
_InsufficientSnsTopicPolicyException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided CloudWatch Logs log group
-- is not valid.
_InvalidCloudWatchLogsLogGroupArnException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided role is not valid.
_InvalidCloudWatchLogsRoleArnException :: AsError a => Fold a ServiceError
-- | A date range for the query was specified that is not valid. Be sure
-- that the start time is chronologically before the end time. For more
-- information about writing a query, see Create or edit a query
-- in the CloudTrail User Guide.
_InvalidDateRangeException :: AsError a => Fold a ServiceError
-- | Occurs if an event category that is not valid is specified as a value
-- of EventCategory.
_InvalidEventCategoryException :: AsError a => Fold a ServiceError
-- | This exception is thrown when event categories of specified event data
-- stores are not valid.
_InvalidEventDataStoreCategoryException :: AsError a => Fold a ServiceError
-- | The event data store is not in a status that supports the operation.
_InvalidEventDataStoreStatusException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the PutEventSelectors operation
-- is called with a number of event selectors, advanced event selectors,
-- or data resources that is not valid. The combination of event
-- selectors or advanced event selectors and data resources is not valid.
-- A trail can have up to 5 event selectors. If a trail uses advanced
-- event selectors, a maximum of 500 total values for all conditions in
-- all advanced event selectors is allowed. A trail is limited to 250
-- data resources. These data resources can be distributed across event
-- selectors, but the overall total cannot exceed 250.
--
-- You can:
--
--
-- - Specify a valid number of event selectors (1 to 5) for a
-- trail.
-- - Specify a valid number of data resources (1 to 250) for an event
-- selector. The limit of number of resources on an individual event
-- selector is configurable up to 250. However, this upper limit is
-- allowed only if the total number of data resources does not exceed 250
-- across all event selectors for a trail.
-- - Specify up to 500 values for all conditions in all advanced event
-- selectors for a trail.
-- - Specify a valid value for a parameter. For example, specifying the
-- ReadWriteType parameter with a value of read-only is
-- not valid.
--
_InvalidEventSelectorsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when an operation is called on a trail from a
-- region other than the region in which the trail was created.
_InvalidHomeRegionException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided source S3 bucket is not
-- valid for import.
_InvalidImportSourceException :: AsError a => Fold a ServiceError
-- | The formatting or syntax of the InsightSelectors JSON
-- statement in your PutInsightSelectors or
-- GetInsightSelectors request is not valid, or the specified
-- insight type in the InsightSelectors statement is not a valid
-- insight type.
_InvalidInsightSelectorsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the KMS key ARN is not valid.
_InvalidKmsKeyIdException :: AsError a => Fold a ServiceError
-- | Occurs when a lookup attribute is specified that is not valid.
_InvalidLookupAttributesException :: AsError a => Fold a ServiceError
-- | This exception is thrown if the limit specified is not valid.
_InvalidMaxResultsException :: AsError a => Fold a ServiceError
-- | A token that is not valid, or a token that was previously used in a
-- request with different parameters. This exception is thrown if the
-- token is not valid.
_InvalidNextTokenException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the combination of parameters provided
-- is not valid.
_InvalidParameterCombinationException :: AsError a => Fold a ServiceError
-- | The request includes a parameter that is not valid.
_InvalidParameterException :: AsError a => Fold a ServiceError
-- | The query that was submitted has validation errors, or uses incorrect
-- syntax or unsupported keywords. For more information about writing a
-- query, see Create or edit a query in the CloudTrail User
-- Guide.
_InvalidQueryStatementException :: AsError a => Fold a ServiceError
-- | The query status is not valid for the operation.
_InvalidQueryStatusException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided S3 bucket name is not
-- valid.
_InvalidS3BucketNameException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided S3 prefix is not valid.
_InvalidS3PrefixException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided SNS topic name is not
-- valid.
_InvalidSnsTopicNameException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified tag key or values are not
-- valid. It can also occur if there are duplicate tags or too many tags
-- on the resource.
_InvalidTagParameterException :: AsError a => Fold a ServiceError
-- | Occurs if the timestamp values are not valid. Either the start time
-- occurs after the end time, or the time range is outside the range of
-- possible values.
_InvalidTimeRangeException :: AsError a => Fold a ServiceError
-- | Reserved for future use.
_InvalidTokenException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided trail name is not valid.
-- Trail names must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
_InvalidTrailNameException :: AsError a => Fold a ServiceError
-- | This exception is thrown when there is an issue with the specified KMS
-- key and the trail or event data store can't be updated.
_KmsException :: AsError a => Fold a ServiceError
-- | This exception is no longer in use.
_KmsKeyDisabledException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the KMS key does not exist, when the S3
-- bucket and the KMS key are not in the same region, or when the KMS key
-- associated with the Amazon SNS topic either does not exist or is not
-- in the same region.
_KmsKeyNotFoundException :: AsError a => Fold a ServiceError
-- | You are already running the maximum number of concurrent queries. Wait
-- a minute for some queries to finish, and then run the query again.
_MaxConcurrentQueriesException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the maximum number of trails is reached.
_MaximumNumberOfTrailsExceededException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the management account does not have a
-- service-linked role.
_NoManagementAccountSLRExistsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the account making the request is not
-- the organization's management account.
_NotOrganizationManagementAccountException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the Amazon Web Services account making
-- the request to create or update an organization trail or event data
-- store is not the management account for an organization in
-- Organizations. For more information, see Prepare For Creating a
-- Trail For Your Organization or Create an event data store.
_NotOrganizationMasterAccountException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the requested operation is not
-- permitted.
_OperationNotPermittedException :: AsError a => Fold a ServiceError
-- | This exception is thrown when Organizations is not configured to
-- support all features. All features must be enabled in Organizations to
-- support creating an organization trail or event data store.
_OrganizationNotInAllFeaturesModeException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the request is made from an Amazon Web
-- Services account that is not a member of an organization. To make this
-- request, sign in using the credentials of an account that belongs to
-- an organization.
_OrganizationsNotInUseException :: AsError a => Fold a ServiceError
-- | The query ID does not exist or does not map to a query.
_QueryIdNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified resource is not found.
_ResourceNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified resource type is not
-- supported by CloudTrail.
_ResourceTypeNotSupportedException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified S3 bucket does not exist.
_S3BucketDoesNotExistException :: AsError a => Fold a ServiceError
-- | The number of tags per trail has exceeded the permitted amount.
-- Currently, the limit is 50.
_TagsLimitExceededException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified trail already exists.
_TrailAlreadyExistsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the trail with the given name is not
-- found.
_TrailNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is no longer in use.
_TrailNotProvidedException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the requested operation is not
-- supported.
_UnsupportedOperationException :: AsError a => Fold a ServiceError
newtype DeliveryStatus
DeliveryStatus' :: Text -> DeliveryStatus
[fromDeliveryStatus] :: DeliveryStatus -> Text
pattern DeliveryStatus_ACCESS_DENIED :: DeliveryStatus
pattern DeliveryStatus_ACCESS_DENIED_SIGNING_FILE :: DeliveryStatus
pattern DeliveryStatus_CANCELLED :: DeliveryStatus
pattern DeliveryStatus_FAILED :: DeliveryStatus
pattern DeliveryStatus_FAILED_SIGNING_FILE :: DeliveryStatus
pattern DeliveryStatus_PENDING :: DeliveryStatus
pattern DeliveryStatus_RESOURCE_NOT_FOUND :: DeliveryStatus
pattern DeliveryStatus_SUCCESS :: DeliveryStatus
pattern DeliveryStatus_UNKNOWN :: DeliveryStatus
newtype DestinationType
DestinationType' :: Text -> DestinationType
[fromDestinationType] :: DestinationType -> Text
pattern DestinationType_AWS_SERVICE :: DestinationType
pattern DestinationType_EVENT_DATA_STORE :: DestinationType
newtype EventCategory
EventCategory' :: Text -> EventCategory
[fromEventCategory] :: EventCategory -> Text
pattern EventCategory_Insight :: EventCategory
newtype EventDataStoreStatus
EventDataStoreStatus' :: Text -> EventDataStoreStatus
[fromEventDataStoreStatus] :: EventDataStoreStatus -> Text
pattern EventDataStoreStatus_CREATED :: EventDataStoreStatus
pattern EventDataStoreStatus_ENABLED :: EventDataStoreStatus
pattern EventDataStoreStatus_PENDING_DELETION :: EventDataStoreStatus
newtype ImportFailureStatus
ImportFailureStatus' :: Text -> ImportFailureStatus
[fromImportFailureStatus] :: ImportFailureStatus -> Text
pattern ImportFailureStatus_FAILED :: ImportFailureStatus
pattern ImportFailureStatus_RETRY :: ImportFailureStatus
pattern ImportFailureStatus_SUCCEEDED :: ImportFailureStatus
newtype ImportStatus
ImportStatus' :: Text -> ImportStatus
[fromImportStatus] :: ImportStatus -> Text
pattern ImportStatus_COMPLETED :: ImportStatus
pattern ImportStatus_FAILED :: ImportStatus
pattern ImportStatus_INITIALIZING :: ImportStatus
pattern ImportStatus_IN_PROGRESS :: ImportStatus
pattern ImportStatus_STOPPED :: ImportStatus
newtype InsightType
InsightType' :: Text -> InsightType
[fromInsightType] :: InsightType -> Text
pattern InsightType_ApiCallRateInsight :: InsightType
pattern InsightType_ApiErrorRateInsight :: InsightType
newtype LookupAttributeKey
LookupAttributeKey' :: Text -> LookupAttributeKey
[fromLookupAttributeKey] :: LookupAttributeKey -> Text
pattern LookupAttributeKey_AccessKeyId :: LookupAttributeKey
pattern LookupAttributeKey_EventId :: LookupAttributeKey
pattern LookupAttributeKey_EventName :: LookupAttributeKey
pattern LookupAttributeKey_EventSource :: LookupAttributeKey
pattern LookupAttributeKey_ReadOnly :: LookupAttributeKey
pattern LookupAttributeKey_ResourceName :: LookupAttributeKey
pattern LookupAttributeKey_ResourceType :: LookupAttributeKey
pattern LookupAttributeKey_Username :: LookupAttributeKey
newtype QueryStatus
QueryStatus' :: Text -> QueryStatus
[fromQueryStatus] :: QueryStatus -> Text
pattern QueryStatus_CANCELLED :: QueryStatus
pattern QueryStatus_FAILED :: QueryStatus
pattern QueryStatus_FINISHED :: QueryStatus
pattern QueryStatus_QUEUED :: QueryStatus
pattern QueryStatus_RUNNING :: QueryStatus
pattern QueryStatus_TIMED_OUT :: QueryStatus
newtype ReadWriteType
ReadWriteType' :: Text -> ReadWriteType
[fromReadWriteType] :: ReadWriteType -> Text
pattern ReadWriteType_All :: ReadWriteType
pattern ReadWriteType_ReadOnly :: ReadWriteType
pattern ReadWriteType_WriteOnly :: ReadWriteType
-- | Advanced event selectors let you create fine-grained selectors for the
-- following CloudTrail event record fields. They help you control costs
-- by logging only those events that are important to you. For more
-- information about advanced event selectors, see Logging data events
-- for trails in the CloudTrail User Guide.
--
--
-- readOnly
eventSource
eventName
eventCategory
resources.type
resources.ARN
--
-- You cannot apply both event selectors and advanced event selectors to
-- a trail.
--
-- See: newAdvancedEventSelector smart constructor.
data AdvancedEventSelector
AdvancedEventSelector' :: Maybe Text -> NonEmpty AdvancedFieldSelector -> AdvancedEventSelector
-- | An optional, descriptive name for an advanced event selector, such as
-- "Log data events for only two S3 buckets".
[$sel:name:AdvancedEventSelector'] :: AdvancedEventSelector -> Maybe Text
-- | Contains all selector statements in an advanced event selector.
[$sel:fieldSelectors:AdvancedEventSelector'] :: AdvancedEventSelector -> NonEmpty AdvancedFieldSelector
-- | Create a value of AdvancedEventSelector with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:name:AdvancedEventSelector',
-- advancedEventSelector_name - An optional, descriptive name for
-- an advanced event selector, such as "Log data events for only two S3
-- buckets".
--
-- $sel:fieldSelectors:AdvancedEventSelector',
-- advancedEventSelector_fieldSelectors - Contains all selector
-- statements in an advanced event selector.
newAdvancedEventSelector :: NonEmpty AdvancedFieldSelector -> AdvancedEventSelector
-- | An optional, descriptive name for an advanced event selector, such as
-- "Log data events for only two S3 buckets".
advancedEventSelector_name :: Lens' AdvancedEventSelector (Maybe Text)
-- | Contains all selector statements in an advanced event selector.
advancedEventSelector_fieldSelectors :: Lens' AdvancedEventSelector (NonEmpty AdvancedFieldSelector)
-- | A single selector statement in an advanced event selector.
--
-- See: newAdvancedFieldSelector smart constructor.
data AdvancedFieldSelector
AdvancedFieldSelector' :: Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Text -> AdvancedFieldSelector
-- | An operator that includes events that match the last few characters of
-- the event record field specified as the value of Field.
[$sel:endsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that includes events that match the exact value of the
-- event record field specified as the value of Field. This is
-- the only valid operator that you can use with the readOnly,
-- eventCategory, and resources.type fields.
[$sel:equals:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that excludes events that match the last few characters of
-- the event record field specified as the value of Field.
[$sel:notEndsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that excludes events that match the exact value of the
-- event record field specified as the value of Field.
[$sel:notEquals:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that excludes events that match the first few characters
-- of the event record field specified as the value of Field.
[$sel:notStartsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | An operator that includes events that match the first few characters
-- of the event record field specified as the value of Field.
[$sel:startsWith:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Maybe (NonEmpty Text)
-- | A field in an event record on which to filter events to be logged.
-- Supported fields include readOnly, eventCategory,
-- eventSource (for management events), eventName,
-- resources.type, and resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
[$sel:field:AdvancedFieldSelector'] :: AdvancedFieldSelector -> Text
-- | Create a value of AdvancedFieldSelector with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endsWith:AdvancedFieldSelector',
-- advancedFieldSelector_endsWith - An operator that includes
-- events that match the last few characters of the event record field
-- specified as the value of Field.
--
-- $sel:equals:AdvancedFieldSelector',
-- advancedFieldSelector_equals - An operator that includes events
-- that match the exact value of the event record field specified as the
-- value of Field. This is the only valid operator that you can
-- use with the readOnly, eventCategory, and
-- resources.type fields.
--
-- $sel:notEndsWith:AdvancedFieldSelector',
-- advancedFieldSelector_notEndsWith - An operator that excludes
-- events that match the last few characters of the event record field
-- specified as the value of Field.
--
-- $sel:notEquals:AdvancedFieldSelector',
-- advancedFieldSelector_notEquals - An operator that excludes
-- events that match the exact value of the event record field specified
-- as the value of Field.
--
-- $sel:notStartsWith:AdvancedFieldSelector',
-- advancedFieldSelector_notStartsWith - An operator that excludes
-- events that match the first few characters of the event record field
-- specified as the value of Field.
--
-- $sel:startsWith:AdvancedFieldSelector',
-- advancedFieldSelector_startsWith - An operator that includes
-- events that match the first few characters of the event record field
-- specified as the value of Field.
--
-- $sel:field:AdvancedFieldSelector',
-- advancedFieldSelector_field - A field in an event record on
-- which to filter events to be logged. Supported fields include
-- readOnly, eventCategory, eventSource (for
-- management events), eventName, resources.type, and
-- resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
newAdvancedFieldSelector :: Text -> AdvancedFieldSelector
-- | An operator that includes events that match the last few characters of
-- the event record field specified as the value of Field.
advancedFieldSelector_endsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that includes events that match the exact value of the
-- event record field specified as the value of Field. This is
-- the only valid operator that you can use with the readOnly,
-- eventCategory, and resources.type fields.
advancedFieldSelector_equals :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the last few characters of
-- the event record field specified as the value of Field.
advancedFieldSelector_notEndsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the exact value of the
-- event record field specified as the value of Field.
advancedFieldSelector_notEquals :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the first few characters
-- of the event record field specified as the value of Field.
advancedFieldSelector_notStartsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that includes events that match the first few characters
-- of the event record field specified as the value of Field.
advancedFieldSelector_startsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | A field in an event record on which to filter events to be logged.
-- Supported fields include readOnly, eventCategory,
-- eventSource (for management events), eventName,
-- resources.type, and resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
advancedFieldSelector_field :: Lens' AdvancedFieldSelector Text
-- | Contains information about a returned CloudTrail channel.
--
-- See: newChannel smart constructor.
data Channel
Channel' :: Maybe Text -> Maybe Text -> Channel
-- | The Amazon Resource Name (ARN) of a channel.
[$sel:channelArn:Channel'] :: Channel -> Maybe Text
-- | The name of the CloudTrail channel. For service-linked channels, the
-- name is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
[$sel:name:Channel'] :: Channel -> Maybe Text
-- | Create a value of Channel with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channelArn:Channel', channel_channelArn - The
-- Amazon Resource Name (ARN) of a channel.
--
-- $sel:name:Channel', channel_name - The name of the
-- CloudTrail channel. For service-linked channels, the name is
-- aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
newChannel :: Channel
-- | The Amazon Resource Name (ARN) of a channel.
channel_channelArn :: Lens' Channel (Maybe Text)
-- | The name of the CloudTrail channel. For service-linked channels, the
-- name is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
channel_name :: Lens' Channel (Maybe Text)
-- | The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables
-- that you specify in your event selectors for your trail to log data
-- events. Data events provide information about the resource operations
-- performed on or within a resource itself. These are also known as data
-- plane operations. You can specify up to 250 data resources for a
-- trail.
--
-- The total number of allowed data resources is 250. This number can be
-- distributed between 1 and 5 event selectors, but the total cannot
-- exceed 250 across all selectors.
--
-- If you are using advanced event selectors, the maximum total number of
-- values for all conditions, across all advanced event selectors for the
-- trail, is 500.
--
-- The following example demonstrates how logging works when you
-- configure logging of all data events for an S3 bucket named
-- bucket-1. In this example, the CloudTrail user specified an
-- empty prefix, and the option to log both Read and
-- Write data events.
--
--
-- - A user uploads an image file to bucket-1.
-- - The PutObject API operation is an Amazon S3 object-level
-- API. It is recorded as a data event in CloudTrail. Because the
-- CloudTrail user specified an S3 bucket with an empty prefix, events
-- that occur on any object in that bucket are logged. The trail
-- processes and logs the event.
-- - A user uploads an object to an Amazon S3 bucket named
-- arn:aws:s3:::bucket-2.
-- - The PutObject API operation occurred for an object in an
-- S3 bucket that the CloudTrail user didn't specify for the trail. The
-- trail doesn’t log the event.
--
--
-- The following example demonstrates how logging works when you
-- configure logging of Lambda data events for a Lambda function named
-- MyLambdaFunction, but not for all Lambda functions.
--
--
-- - A user runs a script that includes a call to the
-- MyLambdaFunction function and the MyOtherLambdaFunction
-- function.
-- - The Invoke API operation on MyLambdaFunction is an
-- Lambda API. It is recorded as a data event in CloudTrail. Because the
-- CloudTrail user specified logging data events for
-- MyLambdaFunction, any invocations of that function are logged.
-- The trail processes and logs the event.
-- - The Invoke API operation on MyOtherLambdaFunction
-- is an Lambda API. Because the CloudTrail user did not specify logging
-- data events for all Lambda functions, the Invoke operation
-- for MyOtherLambdaFunction does not match the function specified
-- for the trail. The trail doesn’t log the event.
--
--
-- See: newDataResource smart constructor.
data DataResource
DataResource' :: Maybe Text -> Maybe [Text] -> DataResource
-- | The resource type in which you want to log data events. You can
-- specify the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
[$sel:type':DataResource'] :: DataResource -> Maybe Text
-- | An array of Amazon Resource Name (ARN) strings or partial ARN strings
-- for the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
[$sel:values:DataResource'] :: DataResource -> Maybe [Text]
-- | Create a value of DataResource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:type':DataResource', dataResource_type - The
-- resource type in which you want to log data events. You can specify
-- the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
--
-- $sel:values:DataResource', dataResource_values - An
-- array of Amazon Resource Name (ARN) strings or partial ARN strings for
-- the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
newDataResource :: DataResource
-- | The resource type in which you want to log data events. You can
-- specify the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
dataResource_type :: Lens' DataResource (Maybe Text)
-- | An array of Amazon Resource Name (ARN) strings or partial ARN strings
-- for the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
dataResource_values :: Lens' DataResource (Maybe [Text])
-- | Contains information about the service where CloudTrail delivers
-- events.
--
-- See: newDestination smart constructor.
data Destination
Destination' :: DestinationType -> Text -> Destination
-- | The type of destination for events arriving from a channel. For
-- service-linked channels, the value is AWS_SERVICE.
[$sel:type':Destination'] :: Destination -> DestinationType
-- | For service-linked channels, the value is the name of the Amazon Web
-- Services service.
[$sel:location:Destination'] :: Destination -> Text
-- | Create a value of Destination with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:type':Destination', destination_type - The type of
-- destination for events arriving from a channel. For service-linked
-- channels, the value is AWS_SERVICE.
--
-- $sel:location:Destination', destination_location - For
-- service-linked channels, the value is the name of the Amazon Web
-- Services service.
newDestination :: DestinationType -> Text -> Destination
-- | The type of destination for events arriving from a channel. For
-- service-linked channels, the value is AWS_SERVICE.
destination_type :: Lens' Destination DestinationType
-- | For service-linked channels, the value is the name of the Amazon Web
-- Services service.
destination_location :: Lens' Destination Text
-- | Contains information about an event that was returned by a lookup
-- request. The result includes a representation of a CloudTrail event.
--
-- See: newEvent smart constructor.
data Event
Event' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe [Resource] -> Maybe Text -> Event
-- | The Amazon Web Services access key ID that was used to sign the
-- request. If the request was made with temporary security credentials,
-- this is the access key ID of the temporary credentials.
[$sel:accessKeyId:Event'] :: Event -> Maybe Text
-- | A JSON string that contains a representation of the event returned.
[$sel:cloudTrailEvent:Event'] :: Event -> Maybe Text
-- | The CloudTrail ID of the event returned.
[$sel:eventId:Event'] :: Event -> Maybe Text
-- | The name of the event returned.
[$sel:eventName:Event'] :: Event -> Maybe Text
-- | The Amazon Web Services service to which the request was made.
[$sel:eventSource:Event'] :: Event -> Maybe Text
-- | The date and time of the event returned.
[$sel:eventTime:Event'] :: Event -> Maybe POSIX
-- | Information about whether the event is a write event or a read event.
[$sel:readOnly:Event'] :: Event -> Maybe Text
-- | A list of resources referenced by the event returned.
[$sel:resources:Event'] :: Event -> Maybe [Resource]
-- | A user name or role name of the requester that called the API in the
-- event returned.
[$sel:username:Event'] :: Event -> Maybe Text
-- | Create a value of Event with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:accessKeyId:Event', event_accessKeyId - The Amazon
-- Web Services access key ID that was used to sign the request. If the
-- request was made with temporary security credentials, this is the
-- access key ID of the temporary credentials.
--
-- $sel:cloudTrailEvent:Event', event_cloudTrailEvent - A
-- JSON string that contains a representation of the event returned.
--
-- $sel:eventId:Event', event_eventId - The CloudTrail ID
-- of the event returned.
--
-- $sel:eventName:Event', event_eventName - The name of the
-- event returned.
--
-- $sel:eventSource:Event', event_eventSource - The Amazon
-- Web Services service to which the request was made.
--
-- $sel:eventTime:Event', event_eventTime - The date and
-- time of the event returned.
--
-- $sel:readOnly:Event', event_readOnly - Information about
-- whether the event is a write event or a read event.
--
-- $sel:resources:Event', event_resources - A list of
-- resources referenced by the event returned.
--
-- $sel:username:Event', event_username - A user name or
-- role name of the requester that called the API in the event returned.
newEvent :: Event
-- | The Amazon Web Services access key ID that was used to sign the
-- request. If the request was made with temporary security credentials,
-- this is the access key ID of the temporary credentials.
event_accessKeyId :: Lens' Event (Maybe Text)
-- | A JSON string that contains a representation of the event returned.
event_cloudTrailEvent :: Lens' Event (Maybe Text)
-- | The CloudTrail ID of the event returned.
event_eventId :: Lens' Event (Maybe Text)
-- | The name of the event returned.
event_eventName :: Lens' Event (Maybe Text)
-- | The Amazon Web Services service to which the request was made.
event_eventSource :: Lens' Event (Maybe Text)
-- | The date and time of the event returned.
event_eventTime :: Lens' Event (Maybe UTCTime)
-- | Information about whether the event is a write event or a read event.
event_readOnly :: Lens' Event (Maybe Text)
-- | A list of resources referenced by the event returned.
event_resources :: Lens' Event (Maybe [Resource])
-- | A user name or role name of the requester that called the API in the
-- event returned.
event_username :: Lens' Event (Maybe Text)
-- | A storage lake of event data against which you can run complex
-- SQL-based queries. An event data store can include events that you
-- have logged on your account from the last 90 to 2557 days (about three
-- months to up to seven years). To select events for an event data
-- store, use advanced event selectors.
--
-- See: newEventDataStore smart constructor.
data EventDataStore
EventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> EventDataStore
-- | This field is being deprecated. The advanced event selectors that were
-- used to select events for the data store.
[$sel:advancedEventSelectors:EventDataStore'] :: EventDataStore -> Maybe [AdvancedEventSelector]
-- | This field is being deprecated. The timestamp of the event data
-- store's creation.
[$sel:createdTimestamp:EventDataStore'] :: EventDataStore -> Maybe POSIX
-- | The ARN of the event data store.
[$sel:eventDataStoreArn:EventDataStore'] :: EventDataStore -> Maybe Text
-- | This field is being deprecated. Indicates whether the event data store
-- includes events from all regions, or only from the region in which it
-- was created.
[$sel:multiRegionEnabled:EventDataStore'] :: EventDataStore -> Maybe Bool
-- | The name of the event data store.
[$sel:name:EventDataStore'] :: EventDataStore -> Maybe Text
-- | This field is being deprecated. Indicates that an event data store is
-- collecting logged events for an organization.
[$sel:organizationEnabled:EventDataStore'] :: EventDataStore -> Maybe Bool
-- | This field is being deprecated. The retention period, in days.
[$sel:retentionPeriod:EventDataStore'] :: EventDataStore -> Maybe Natural
-- | This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
[$sel:status:EventDataStore'] :: EventDataStore -> Maybe EventDataStoreStatus
-- | This field is being deprecated. Indicates whether the event data store
-- is protected from termination.
[$sel:terminationProtectionEnabled:EventDataStore'] :: EventDataStore -> Maybe Bool
-- | This field is being deprecated. The timestamp showing when an event
-- data store was updated, if applicable. UpdatedTimestamp is
-- always either the same or newer than the time shown in
-- CreatedTimestamp.
[$sel:updatedTimestamp:EventDataStore'] :: EventDataStore -> Maybe POSIX
-- | Create a value of EventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:advancedEventSelectors:EventDataStore',
-- eventDataStore_advancedEventSelectors - This field is being
-- deprecated. The advanced event selectors that were used to select
-- events for the data store.
--
-- $sel:createdTimestamp:EventDataStore',
-- eventDataStore_createdTimestamp - This field is being
-- deprecated. The timestamp of the event data store's creation.
--
-- $sel:eventDataStoreArn:EventDataStore',
-- eventDataStore_eventDataStoreArn - The ARN of the event data
-- store.
--
-- $sel:multiRegionEnabled:EventDataStore',
-- eventDataStore_multiRegionEnabled - This field is being
-- deprecated. Indicates whether the event data store includes events
-- from all regions, or only from the region in which it was created.
--
-- EventDataStore, eventDataStore_name - The name of the
-- event data store.
--
-- $sel:organizationEnabled:EventDataStore',
-- eventDataStore_organizationEnabled - This field is being
-- deprecated. Indicates that an event data store is collecting logged
-- events for an organization.
--
-- $sel:retentionPeriod:EventDataStore',
-- eventDataStore_retentionPeriod - This field is being
-- deprecated. The retention period, in days.
--
-- $sel:status:EventDataStore', eventDataStore_status -
-- This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
--
-- $sel:terminationProtectionEnabled:EventDataStore',
-- eventDataStore_terminationProtectionEnabled - This field is
-- being deprecated. Indicates whether the event data store is protected
-- from termination.
--
-- $sel:updatedTimestamp:EventDataStore',
-- eventDataStore_updatedTimestamp - This field is being
-- deprecated. The timestamp showing when an event data store was
-- updated, if applicable. UpdatedTimestamp is always either the
-- same or newer than the time shown in CreatedTimestamp.
newEventDataStore :: EventDataStore
-- | This field is being deprecated. The advanced event selectors that were
-- used to select events for the data store.
eventDataStore_advancedEventSelectors :: Lens' EventDataStore (Maybe [AdvancedEventSelector])
-- | This field is being deprecated. The timestamp of the event data
-- store's creation.
eventDataStore_createdTimestamp :: Lens' EventDataStore (Maybe UTCTime)
-- | The ARN of the event data store.
eventDataStore_eventDataStoreArn :: Lens' EventDataStore (Maybe Text)
-- | This field is being deprecated. Indicates whether the event data store
-- includes events from all regions, or only from the region in which it
-- was created.
eventDataStore_multiRegionEnabled :: Lens' EventDataStore (Maybe Bool)
-- | The name of the event data store.
eventDataStore_name :: Lens' EventDataStore (Maybe Text)
-- | This field is being deprecated. Indicates that an event data store is
-- collecting logged events for an organization.
eventDataStore_organizationEnabled :: Lens' EventDataStore (Maybe Bool)
-- | This field is being deprecated. The retention period, in days.
eventDataStore_retentionPeriod :: Lens' EventDataStore (Maybe Natural)
-- | This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
eventDataStore_status :: Lens' EventDataStore (Maybe EventDataStoreStatus)
-- | This field is being deprecated. Indicates whether the event data store
-- is protected from termination.
eventDataStore_terminationProtectionEnabled :: Lens' EventDataStore (Maybe Bool)
-- | This field is being deprecated. The timestamp showing when an event
-- data store was updated, if applicable. UpdatedTimestamp is
-- always either the same or newer than the time shown in
-- CreatedTimestamp.
eventDataStore_updatedTimestamp :: Lens' EventDataStore (Maybe UTCTime)
-- | Use event selectors to further specify the management and data event
-- settings for your trail. By default, trails created without specific
-- event selectors will be configured to log all read and write
-- management events, and no data events. When an event occurs in your
-- account, CloudTrail evaluates the event selector for all trails. For
-- each trail, if the event matches any event selector, the trail
-- processes and logs the event. If the event doesn't match any event
-- selector, the trail doesn't log the event.
--
-- You can configure up to five event selectors for a trail.
--
-- You cannot apply both event selectors and advanced event selectors to
-- a trail.
--
-- See: newEventSelector smart constructor.
data EventSelector
EventSelector' :: Maybe [DataResource] -> Maybe [Text] -> Maybe Bool -> Maybe ReadWriteType -> EventSelector
-- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
[$sel:dataResources:EventSelector'] :: EventSelector -> Maybe [DataResource]
-- | An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the
-- list can be empty (disables the filter), or it can filter out Key
-- Management Service or Amazon RDS Data API events by containing
-- kms.amazonaws.com or rdsdata.amazonaws.com. By
-- default, ExcludeManagementEventSources is empty, and KMS and
-- Amazon RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
[$sel:excludeManagementEventSources:EventSelector'] :: EventSelector -> Maybe [Text]
-- | Specify if you want your event selector to include management events
-- for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
[$sel:includeManagementEvents:EventSelector'] :: EventSelector -> Maybe Bool
-- | Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 GetConsoleOutput is a
-- read-only API operation and RunInstances is a write-only API
-- operation.
--
-- By default, the value is All.
[$sel:readWriteType:EventSelector'] :: EventSelector -> Maybe ReadWriteType
-- | Create a value of EventSelector with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:dataResources:EventSelector',
-- eventSelector_dataResources - CloudTrail supports data event
-- logging for Amazon S3 objects, Lambda functions, and Amazon DynamoDB
-- tables with basic event selectors. You can specify up to 250 resources
-- for an individual event selector, but the total number of data
-- resources cannot exceed 250 across all event selectors in a trail.
-- This limit does not apply if you configure resource logging for all
-- data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
--
-- $sel:excludeManagementEventSources:EventSelector',
-- eventSelector_excludeManagementEventSources - An optional list
-- of service event sources from which you do not want management events
-- to be logged on your trail. In this release, the list can be empty
-- (disables the filter), or it can filter out Key Management Service or
-- Amazon RDS Data API events by containing kms.amazonaws.com or
-- rdsdata.amazonaws.com. By default,
-- ExcludeManagementEventSources is empty, and KMS and Amazon
-- RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
--
-- $sel:includeManagementEvents:EventSelector',
-- eventSelector_includeManagementEvents - Specify if you want
-- your event selector to include management events for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
--
-- $sel:readWriteType:EventSelector',
-- eventSelector_readWriteType - Specify if you want your trail to
-- log read-only events, write-only events, or all. For example, the EC2
-- GetConsoleOutput is a read-only API operation and
-- RunInstances is a write-only API operation.
--
-- By default, the value is All.
newEventSelector :: EventSelector
-- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
eventSelector_dataResources :: Lens' EventSelector (Maybe [DataResource])
-- | An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the
-- list can be empty (disables the filter), or it can filter out Key
-- Management Service or Amazon RDS Data API events by containing
-- kms.amazonaws.com or rdsdata.amazonaws.com. By
-- default, ExcludeManagementEventSources is empty, and KMS and
-- Amazon RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
eventSelector_excludeManagementEventSources :: Lens' EventSelector (Maybe [Text])
-- | Specify if you want your event selector to include management events
-- for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
eventSelector_includeManagementEvents :: Lens' EventSelector (Maybe Bool)
-- | Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 GetConsoleOutput is a
-- read-only API operation and RunInstances is a write-only API
-- operation.
--
-- By default, the value is All.
eventSelector_readWriteType :: Lens' EventSelector (Maybe ReadWriteType)
-- | Provides information about an import failure.
--
-- See: newImportFailureListItem smart constructor.
data ImportFailureListItem
ImportFailureListItem' :: Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe ImportFailureStatus -> ImportFailureListItem
-- | Provides the reason the import failed.
[$sel:errorMessage:ImportFailureListItem'] :: ImportFailureListItem -> Maybe Text
-- | The type of import error.
[$sel:errorType:ImportFailureListItem'] :: ImportFailureListItem -> Maybe Text
-- | When the import was last updated.
[$sel:lastUpdatedTime:ImportFailureListItem'] :: ImportFailureListItem -> Maybe POSIX
-- | The location of the failure in the S3 bucket.
[$sel:location:ImportFailureListItem'] :: ImportFailureListItem -> Maybe Text
-- | The status of the import.
[$sel:status:ImportFailureListItem'] :: ImportFailureListItem -> Maybe ImportFailureStatus
-- | Create a value of ImportFailureListItem with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:errorMessage:ImportFailureListItem',
-- importFailureListItem_errorMessage - Provides the reason the
-- import failed.
--
-- $sel:errorType:ImportFailureListItem',
-- importFailureListItem_errorType - The type of import error.
--
-- $sel:lastUpdatedTime:ImportFailureListItem',
-- importFailureListItem_lastUpdatedTime - When the import was
-- last updated.
--
-- $sel:location:ImportFailureListItem',
-- importFailureListItem_location - The location of the failure in
-- the S3 bucket.
--
-- $sel:status:ImportFailureListItem',
-- importFailureListItem_status - The status of the import.
newImportFailureListItem :: ImportFailureListItem
-- | Provides the reason the import failed.
importFailureListItem_errorMessage :: Lens' ImportFailureListItem (Maybe Text)
-- | The type of import error.
importFailureListItem_errorType :: Lens' ImportFailureListItem (Maybe Text)
-- | When the import was last updated.
importFailureListItem_lastUpdatedTime :: Lens' ImportFailureListItem (Maybe UTCTime)
-- | The location of the failure in the S3 bucket.
importFailureListItem_location :: Lens' ImportFailureListItem (Maybe Text)
-- | The status of the import.
importFailureListItem_status :: Lens' ImportFailureListItem (Maybe ImportFailureStatus)
-- | The import source.
--
-- See: newImportSource smart constructor.
data ImportSource
ImportSource' :: S3ImportSource -> ImportSource
-- | The source S3 bucket.
[$sel:s3:ImportSource'] :: ImportSource -> S3ImportSource
-- | Create a value of ImportSource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:s3:ImportSource', importSource_s3 - The source S3
-- bucket.
newImportSource :: S3ImportSource -> ImportSource
-- | The source S3 bucket.
importSource_s3 :: Lens' ImportSource S3ImportSource
-- | Provides statistics for the specified ImportID. CloudTrail
-- does not update import statistics in real-time. Returned values for
-- parameters such as EventsCompleted may be lower than the
-- actual value, because CloudTrail updates statistics incrementally over
-- the course of the import.
--
-- See: newImportStatistics smart constructor.
data ImportStatistics
ImportStatistics' :: Maybe Integer -> Maybe Integer -> Maybe Integer -> Maybe Integer -> Maybe Integer -> ImportStatistics
-- | The number of trail events imported into the event data store.
[$sel:eventsCompleted:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of failed entries.
[$sel:failedEntries:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of log files that completed import.
[$sel:filesCompleted:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of S3 prefixes that completed import.
[$sel:prefixesCompleted:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | The number of S3 prefixes found for the import.
[$sel:prefixesFound:ImportStatistics'] :: ImportStatistics -> Maybe Integer
-- | Create a value of ImportStatistics with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventsCompleted:ImportStatistics',
-- importStatistics_eventsCompleted - The number of trail events
-- imported into the event data store.
--
-- $sel:failedEntries:ImportStatistics',
-- importStatistics_failedEntries - The number of failed entries.
--
-- $sel:filesCompleted:ImportStatistics',
-- importStatistics_filesCompleted - The number of log files that
-- completed import.
--
-- $sel:prefixesCompleted:ImportStatistics',
-- importStatistics_prefixesCompleted - The number of S3 prefixes
-- that completed import.
--
-- $sel:prefixesFound:ImportStatistics',
-- importStatistics_prefixesFound - The number of S3 prefixes
-- found for the import.
newImportStatistics :: ImportStatistics
-- | The number of trail events imported into the event data store.
importStatistics_eventsCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of failed entries.
importStatistics_failedEntries :: Lens' ImportStatistics (Maybe Integer)
-- | The number of log files that completed import.
importStatistics_filesCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of S3 prefixes that completed import.
importStatistics_prefixesCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of S3 prefixes found for the import.
importStatistics_prefixesFound :: Lens' ImportStatistics (Maybe Integer)
-- | Contains information about an import that was returned by a lookup
-- request.
--
-- See: newImportsListItem smart constructor.
data ImportsListItem
ImportsListItem' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe Text -> Maybe ImportStatus -> Maybe POSIX -> ImportsListItem
-- | The timestamp of the import's creation.
[$sel:createdTimestamp:ImportsListItem'] :: ImportsListItem -> Maybe POSIX
-- | The ARN of the destination event data store.
[$sel:destinations:ImportsListItem'] :: ImportsListItem -> Maybe (NonEmpty Text)
-- | The ID of the import.
[$sel:importId:ImportsListItem'] :: ImportsListItem -> Maybe Text
-- | The status of the import.
[$sel:importStatus:ImportsListItem'] :: ImportsListItem -> Maybe ImportStatus
-- | The timestamp of the import's last update.
[$sel:updatedTimestamp:ImportsListItem'] :: ImportsListItem -> Maybe POSIX
-- | Create a value of ImportsListItem with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:createdTimestamp:ImportsListItem',
-- importsListItem_createdTimestamp - The timestamp of the
-- import's creation.
--
-- $sel:destinations:ImportsListItem',
-- importsListItem_destinations - The ARN of the destination event
-- data store.
--
-- $sel:importId:ImportsListItem', importsListItem_importId
-- - The ID of the import.
--
-- $sel:importStatus:ImportsListItem',
-- importsListItem_importStatus - The status of the import.
--
-- $sel:updatedTimestamp:ImportsListItem',
-- importsListItem_updatedTimestamp - The timestamp of the
-- import's last update.
newImportsListItem :: ImportsListItem
-- | The timestamp of the import's creation.
importsListItem_createdTimestamp :: Lens' ImportsListItem (Maybe UTCTime)
-- | The ARN of the destination event data store.
importsListItem_destinations :: Lens' ImportsListItem (Maybe (NonEmpty Text))
-- | The ID of the import.
importsListItem_importId :: Lens' ImportsListItem (Maybe Text)
-- | The status of the import.
importsListItem_importStatus :: Lens' ImportsListItem (Maybe ImportStatus)
-- | The timestamp of the import's last update.
importsListItem_updatedTimestamp :: Lens' ImportsListItem (Maybe UTCTime)
-- | A JSON string that contains a list of insight types that are logged on
-- a trail.
--
-- See: newInsightSelector smart constructor.
data InsightSelector
InsightSelector' :: Maybe InsightType -> InsightSelector
-- | The type of insights to log on a trail. ApiCallRateInsight
-- and ApiErrorRateInsight are valid insight types.
[$sel:insightType:InsightSelector'] :: InsightSelector -> Maybe InsightType
-- | Create a value of InsightSelector with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:insightType:InsightSelector',
-- insightSelector_insightType - The type of insights to log on a
-- trail. ApiCallRateInsight and ApiErrorRateInsight
-- are valid insight types.
newInsightSelector :: InsightSelector
-- | The type of insights to log on a trail. ApiCallRateInsight
-- and ApiErrorRateInsight are valid insight types.
insightSelector_insightType :: Lens' InsightSelector (Maybe InsightType)
-- | Specifies an attribute and value that filter the events returned.
--
-- See: newLookupAttribute smart constructor.
data LookupAttribute
LookupAttribute' :: LookupAttributeKey -> Text -> LookupAttribute
-- | Specifies an attribute on which to filter the events returned.
[$sel:attributeKey:LookupAttribute'] :: LookupAttribute -> LookupAttributeKey
-- | Specifies a value for the specified AttributeKey.
[$sel:attributeValue:LookupAttribute'] :: LookupAttribute -> Text
-- | Create a value of LookupAttribute with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:attributeKey:LookupAttribute',
-- lookupAttribute_attributeKey - Specifies an attribute on which
-- to filter the events returned.
--
-- $sel:attributeValue:LookupAttribute',
-- lookupAttribute_attributeValue - Specifies a value for the
-- specified AttributeKey.
newLookupAttribute :: LookupAttributeKey -> Text -> LookupAttribute
-- | Specifies an attribute on which to filter the events returned.
lookupAttribute_attributeKey :: Lens' LookupAttribute LookupAttributeKey
-- | Specifies a value for the specified AttributeKey.
lookupAttribute_attributeValue :: Lens' LookupAttribute Text
-- | Contains information about a returned public key.
--
-- See: newPublicKey smart constructor.
data PublicKey
PublicKey' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Base64 -> PublicKey
-- | The fingerprint of the public key.
[$sel:fingerprint:PublicKey'] :: PublicKey -> Maybe Text
-- | The ending time of validity of the public key.
[$sel:validityEndTime:PublicKey'] :: PublicKey -> Maybe POSIX
-- | The starting time of validity of the public key.
[$sel:validityStartTime:PublicKey'] :: PublicKey -> Maybe POSIX
-- | The DER encoded public key value in PKCS#1 format.
[$sel:value:PublicKey'] :: PublicKey -> Maybe Base64
-- | Create a value of PublicKey with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:fingerprint:PublicKey', publicKey_fingerprint - The
-- fingerprint of the public key.
--
-- $sel:validityEndTime:PublicKey',
-- publicKey_validityEndTime - The ending time of validity of the
-- public key.
--
-- $sel:validityStartTime:PublicKey',
-- publicKey_validityStartTime - The starting time of validity of
-- the public key.
--
-- $sel:value:PublicKey', publicKey_value - The DER encoded
-- public key value in PKCS#1 format.-- -- Note: This
-- Lens automatically encodes and decodes Base64 data. -- The
-- underlying isomorphism will encode to Base64 representation during --
-- serialisation, and decode from Base64 representation during
-- deserialisation. -- This Lens accepts and returns only raw
-- unencoded data.
newPublicKey :: PublicKey
-- | The fingerprint of the public key.
publicKey_fingerprint :: Lens' PublicKey (Maybe Text)
-- | The ending time of validity of the public key.
publicKey_validityEndTime :: Lens' PublicKey (Maybe UTCTime)
-- | The starting time of validity of the public key.
publicKey_validityStartTime :: Lens' PublicKey (Maybe UTCTime)
-- | The DER encoded public key value in PKCS#1 format.-- -- Note:
-- This Lens automatically encodes and decodes Base64 data. --
-- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during
-- deserialisation. -- This Lens accepts and returns only raw
-- unencoded data.
publicKey_value :: Lens' PublicKey (Maybe ByteString)
-- | A SQL string of criteria about events that you want to collect in an
-- event data store.
--
-- See: newQuery smart constructor.
data Query
Query' :: Maybe POSIX -> Maybe Text -> Maybe QueryStatus -> Query
-- | The creation time of a query.
[$sel:creationTime:Query'] :: Query -> Maybe POSIX
-- | The ID of a query.
[$sel:queryId:Query'] :: Query -> Maybe Text
-- | The status of the query. This can be QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
[$sel:queryStatus:Query'] :: Query -> Maybe QueryStatus
-- | Create a value of Query with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:creationTime:Query', query_creationTime - The
-- creation time of a query.
--
-- $sel:queryId:Query', query_queryId - The ID of a query.
--
-- $sel:queryStatus:Query', query_queryStatus - The status
-- of the query. This can be QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
newQuery :: Query
-- | The creation time of a query.
query_creationTime :: Lens' Query (Maybe UTCTime)
-- | The ID of a query.
query_queryId :: Lens' Query (Maybe Text)
-- | The status of the query. This can be QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
query_queryStatus :: Lens' Query (Maybe QueryStatus)
-- | Metadata about a query, such as the number of results.
--
-- See: newQueryStatistics smart constructor.
data QueryStatistics
QueryStatistics' :: Maybe Integer -> Maybe Int -> Maybe Int -> QueryStatistics
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
[$sel:bytesScanned:QueryStatistics'] :: QueryStatistics -> Maybe Integer
-- | The number of results returned.
[$sel:resultsCount:QueryStatistics'] :: QueryStatistics -> Maybe Int
-- | The total number of results returned by a query.
[$sel:totalResultsCount:QueryStatistics'] :: QueryStatistics -> Maybe Int
-- | Create a value of QueryStatistics with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:bytesScanned:QueryStatistics',
-- queryStatistics_bytesScanned - The total bytes that the query
-- scanned in the event data store. This value matches the number of
-- bytes for which your account is billed for the query, unless the query
-- is still running.
--
-- $sel:resultsCount:QueryStatistics',
-- queryStatistics_resultsCount - The number of results returned.
--
-- $sel:totalResultsCount:QueryStatistics',
-- queryStatistics_totalResultsCount - The total number of results
-- returned by a query.
newQueryStatistics :: QueryStatistics
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
queryStatistics_bytesScanned :: Lens' QueryStatistics (Maybe Integer)
-- | The number of results returned.
queryStatistics_resultsCount :: Lens' QueryStatistics (Maybe Int)
-- | The total number of results returned by a query.
queryStatistics_totalResultsCount :: Lens' QueryStatistics (Maybe Int)
-- | Gets metadata about a query, including the number of events that were
-- matched, the total number of events scanned, the query run time in
-- milliseconds, and the query's creation time.
--
-- See: newQueryStatisticsForDescribeQuery smart
-- constructor.
data QueryStatisticsForDescribeQuery
QueryStatisticsForDescribeQuery' :: Maybe Integer -> Maybe POSIX -> Maybe Integer -> Maybe Integer -> Maybe Int -> QueryStatisticsForDescribeQuery
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
[$sel:bytesScanned:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Integer
-- | The creation time of the query.
[$sel:creationTime:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe POSIX
-- | The number of events that matched a query.
[$sel:eventsMatched:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Integer
-- | The number of events that the query scanned in the event data store.
[$sel:eventsScanned:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Integer
-- | The query's run time, in milliseconds.
[$sel:executionTimeInMillis:QueryStatisticsForDescribeQuery'] :: QueryStatisticsForDescribeQuery -> Maybe Int
-- | Create a value of QueryStatisticsForDescribeQuery with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:bytesScanned:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_bytesScanned - The total bytes
-- that the query scanned in the event data store. This value matches the
-- number of bytes for which your account is billed for the query, unless
-- the query is still running.
--
-- $sel:creationTime:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_creationTime - The creation
-- time of the query.
--
-- $sel:eventsMatched:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_eventsMatched - The number of
-- events that matched a query.
--
-- $sel:eventsScanned:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_eventsScanned - The number of
-- events that the query scanned in the event data store.
--
-- $sel:executionTimeInMillis:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_executionTimeInMillis - The
-- query's run time, in milliseconds.
newQueryStatisticsForDescribeQuery :: QueryStatisticsForDescribeQuery
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
queryStatisticsForDescribeQuery_bytesScanned :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The creation time of the query.
queryStatisticsForDescribeQuery_creationTime :: Lens' QueryStatisticsForDescribeQuery (Maybe UTCTime)
-- | The number of events that matched a query.
queryStatisticsForDescribeQuery_eventsMatched :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The number of events that the query scanned in the event data store.
queryStatisticsForDescribeQuery_eventsScanned :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The query's run time, in milliseconds.
queryStatisticsForDescribeQuery_executionTimeInMillis :: Lens' QueryStatisticsForDescribeQuery (Maybe Int)
-- | Specifies the type and name of a resource referenced by an event.
--
-- See: newResource smart constructor.
data Resource
Resource' :: Maybe Text -> Maybe Text -> Resource
-- | The name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
[$sel:resourceName:Resource'] :: Resource -> Maybe Text
-- | The type of a resource referenced by the event returned. When the
-- resource type cannot be determined, null is returned. Some examples of
-- resource types are: Instance for EC2, Trail for
-- CloudTrail, DBInstance for Amazon RDS, and AccessKey for
-- IAM. To learn more about how to look up and filter events by the
-- resource types supported for a service, see Filtering CloudTrail
-- Events.
[$sel:resourceType:Resource'] :: Resource -> Maybe Text
-- | Create a value of Resource with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:resourceName:Resource', resource_resourceName - The
-- name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
--
-- $sel:resourceType:Resource', resource_resourceType - The
-- type of a resource referenced by the event returned. When the resource
-- type cannot be determined, null is returned. Some examples of resource
-- types are: Instance for EC2, Trail for CloudTrail,
-- DBInstance for Amazon RDS, and AccessKey for IAM. To
-- learn more about how to look up and filter events by the resource
-- types supported for a service, see Filtering CloudTrail Events.
newResource :: Resource
-- | The name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
resource_resourceName :: Lens' Resource (Maybe Text)
-- | The type of a resource referenced by the event returned. When the
-- resource type cannot be determined, null is returned. Some examples of
-- resource types are: Instance for EC2, Trail for
-- CloudTrail, DBInstance for Amazon RDS, and AccessKey for
-- IAM. To learn more about how to look up and filter events by the
-- resource types supported for a service, see Filtering CloudTrail
-- Events.
resource_resourceType :: Lens' Resource (Maybe Text)
-- | A resource tag.
--
-- See: newResourceTag smart constructor.
data ResourceTag
ResourceTag' :: Maybe Text -> Maybe [Tag] -> ResourceTag
-- | Specifies the ARN of the resource.
[$sel:resourceId:ResourceTag'] :: ResourceTag -> Maybe Text
-- | A list of tags.
[$sel:tagsList:ResourceTag'] :: ResourceTag -> Maybe [Tag]
-- | Create a value of ResourceTag with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:resourceId:ResourceTag', resourceTag_resourceId -
-- Specifies the ARN of the resource.
--
-- $sel:tagsList:ResourceTag', resourceTag_tagsList - A
-- list of tags.
newResourceTag :: ResourceTag
-- | Specifies the ARN of the resource.
resourceTag_resourceId :: Lens' ResourceTag (Maybe Text)
-- | A list of tags.
resourceTag_tagsList :: Lens' ResourceTag (Maybe [Tag])
-- | The settings for the source S3 bucket.
--
-- See: newS3ImportSource smart constructor.
data S3ImportSource
S3ImportSource' :: Text -> Text -> Text -> S3ImportSource
-- | The URI for the source S3 bucket.
[$sel:s3LocationUri:S3ImportSource'] :: S3ImportSource -> Text
-- | The region associated with the source S3 bucket.
[$sel:s3BucketRegion:S3ImportSource'] :: S3ImportSource -> Text
-- | The IAM ARN role used to access the source S3 bucket.
[$sel:s3BucketAccessRoleArn:S3ImportSource'] :: S3ImportSource -> Text
-- | Create a value of S3ImportSource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:s3LocationUri:S3ImportSource',
-- s3ImportSource_s3LocationUri - The URI for the source S3
-- bucket.
--
-- $sel:s3BucketRegion:S3ImportSource',
-- s3ImportSource_s3BucketRegion - The region associated with the
-- source S3 bucket.
--
-- $sel:s3BucketAccessRoleArn:S3ImportSource',
-- s3ImportSource_s3BucketAccessRoleArn - The IAM ARN role used to
-- access the source S3 bucket.
newS3ImportSource :: Text -> Text -> Text -> S3ImportSource
-- | The URI for the source S3 bucket.
s3ImportSource_s3LocationUri :: Lens' S3ImportSource Text
-- | The region associated with the source S3 bucket.
s3ImportSource_s3BucketRegion :: Lens' S3ImportSource Text
-- | The IAM ARN role used to access the source S3 bucket.
s3ImportSource_s3BucketAccessRoleArn :: Lens' S3ImportSource Text
-- | Contains configuration information about the channel.
--
-- See: newSourceConfig smart constructor.
data SourceConfig
SourceConfig' :: Maybe [AdvancedEventSelector] -> Maybe Bool -> SourceConfig
-- | The advanced event selectors that are configured for the channel.
[$sel:advancedEventSelectors:SourceConfig'] :: SourceConfig -> Maybe [AdvancedEventSelector]
-- | Specifies whether the channel applies to a single region or to all
-- regions.
[$sel:applyToAllRegions:SourceConfig'] :: SourceConfig -> Maybe Bool
-- | Create a value of SourceConfig with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:advancedEventSelectors:SourceConfig',
-- sourceConfig_advancedEventSelectors - The advanced event
-- selectors that are configured for the channel.
--
-- $sel:applyToAllRegions:SourceConfig',
-- sourceConfig_applyToAllRegions - Specifies whether the channel
-- applies to a single region or to all regions.
newSourceConfig :: SourceConfig
-- | The advanced event selectors that are configured for the channel.
sourceConfig_advancedEventSelectors :: Lens' SourceConfig (Maybe [AdvancedEventSelector])
-- | Specifies whether the channel applies to a single region or to all
-- regions.
sourceConfig_applyToAllRegions :: Lens' SourceConfig (Maybe Bool)
-- | A custom key-value pair associated with a resource such as a
-- CloudTrail trail.
--
-- See: newTag smart constructor.
data Tag
Tag' :: Maybe Text -> Text -> Tag
-- | The value in a key-value pair of a tag. The value must be no longer
-- than 256 Unicode characters.
[$sel:value:Tag'] :: Tag -> Maybe Text
-- | The key in a key-value pair. The key must be must be no longer than
-- 128 Unicode characters. The key must be unique for the resource to
-- which it applies.
[$sel:key:Tag'] :: Tag -> Text
-- | Create a value of Tag with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:value:Tag', tag_value - The value in a key-value
-- pair of a tag. The value must be no longer than 256 Unicode
-- characters.
--
-- $sel:key:Tag', tag_key - The key in a key-value pair.
-- The key must be must be no longer than 128 Unicode characters. The key
-- must be unique for the resource to which it applies.
newTag :: Text -> Tag
-- | The value in a key-value pair of a tag. The value must be no longer
-- than 256 Unicode characters.
tag_value :: Lens' Tag (Maybe Text)
-- | The key in a key-value pair. The key must be must be no longer than
-- 128 Unicode characters. The key must be unique for the resource to
-- which it applies.
tag_key :: Lens' Tag Text
-- | The settings for a trail.
--
-- See: newTrail smart constructor.
data Trail
Trail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Trail
-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
-- represents the log group to which CloudTrail logs will be delivered.
[$sel:cloudWatchLogsLogGroupArn:Trail'] :: Trail -> Maybe Text
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
[$sel:cloudWatchLogsRoleArn:Trail'] :: Trail -> Maybe Text
-- | Specifies if the trail has custom event selectors.
[$sel:hasCustomEventSelectors:Trail'] :: Trail -> Maybe Bool
-- | Specifies whether a trail has insight types specified in an
-- InsightSelector list.
[$sel:hasInsightSelectors:Trail'] :: Trail -> Maybe Bool
-- | The region in which the trail was created.
[$sel:homeRegion:Trail'] :: Trail -> Maybe Text
-- | Set to True to include Amazon Web Services API calls from
-- Amazon Web Services global services such as IAM. Otherwise,
-- False.
[$sel:includeGlobalServiceEvents:Trail'] :: Trail -> Maybe Bool
-- | Specifies whether the trail exists only in one region or exists in all
-- regions.
[$sel:isMultiRegionTrail:Trail'] :: Trail -> Maybe Bool
-- | Specifies whether the trail is an organization trail.
[$sel:isOrganizationTrail:Trail'] :: Trail -> Maybe Bool
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:Trail'] :: Trail -> Maybe Text
-- | Specifies whether log file validation is enabled.
[$sel:logFileValidationEnabled:Trail'] :: Trail -> Maybe Bool
-- | Name of the trail set by calling CreateTrail. The maximum length is
-- 128 characters.
[$sel:name:Trail'] :: Trail -> Maybe Text
-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
-- files. See Amazon S3 Bucket Naming Requirements.
[$sel:s3BucketName:Trail'] :: Trail -> Maybe Text
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
[$sel:s3KeyPrefix:Trail'] :: Trail -> Maybe Text
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
[$sel:snsTopicARN:Trail'] :: Trail -> Maybe Text
-- | This field is no longer in use. Use SnsTopicARN.
[$sel:snsTopicName:Trail'] :: Trail -> Maybe Text
-- | Specifies the ARN of the trail. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailARN:Trail'] :: Trail -> Maybe Text
-- | Create a value of Trail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:cloudWatchLogsLogGroupArn:Trail',
-- trail_cloudWatchLogsLogGroupArn - Specifies an Amazon Resource
-- Name (ARN), a unique identifier that represents the log group to which
-- CloudTrail logs will be delivered.
--
-- $sel:cloudWatchLogsRoleArn:Trail',
-- trail_cloudWatchLogsRoleArn - Specifies the role for the
-- CloudWatch Logs endpoint to assume to write to a user's log group.
--
-- $sel:hasCustomEventSelectors:Trail',
-- trail_hasCustomEventSelectors - Specifies if the trail has
-- custom event selectors.
--
-- $sel:hasInsightSelectors:Trail',
-- trail_hasInsightSelectors - Specifies whether a trail has
-- insight types specified in an InsightSelector list.
--
-- $sel:homeRegion:Trail', trail_homeRegion - The region in
-- which the trail was created.
--
-- $sel:includeGlobalServiceEvents:Trail',
-- trail_includeGlobalServiceEvents - Set to True to
-- include Amazon Web Services API calls from Amazon Web Services global
-- services such as IAM. Otherwise, False.
--
-- $sel:isMultiRegionTrail:Trail', trail_isMultiRegionTrail
-- - Specifies whether the trail exists only in one region or exists in
-- all regions.
--
-- $sel:isOrganizationTrail:Trail',
-- trail_isOrganizationTrail - Specifies whether the trail is an
-- organization trail.
--
-- $sel:kmsKeyId:Trail', trail_kmsKeyId - Specifies the KMS
-- key ID that encrypts the logs delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- $sel:logFileValidationEnabled:Trail',
-- trail_logFileValidationEnabled - Specifies whether log file
-- validation is enabled.
--
-- $sel:name:Trail', trail_name - Name of the trail set by
-- calling CreateTrail. The maximum length is 128 characters.
--
-- $sel:s3BucketName:Trail', trail_s3BucketName - Name of
-- the Amazon S3 bucket into which CloudTrail delivers your trail files.
-- See Amazon S3 Bucket Naming Requirements.
--
-- $sel:s3KeyPrefix:Trail', trail_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your CloudTrail Log Files. The maximum length is 200
-- characters.
--
-- $sel:snsTopicARN:Trail', trail_snsTopicARN - Specifies
-- the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- $sel:snsTopicName:Trail', trail_snsTopicName - This
-- field is no longer in use. Use SnsTopicARN.
--
-- $sel:trailARN:Trail', trail_trailARN - Specifies the ARN
-- of the trail. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newTrail :: Trail
-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
-- represents the log group to which CloudTrail logs will be delivered.
trail_cloudWatchLogsLogGroupArn :: Lens' Trail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
trail_cloudWatchLogsRoleArn :: Lens' Trail (Maybe Text)
-- | Specifies if the trail has custom event selectors.
trail_hasCustomEventSelectors :: Lens' Trail (Maybe Bool)
-- | Specifies whether a trail has insight types specified in an
-- InsightSelector list.
trail_hasInsightSelectors :: Lens' Trail (Maybe Bool)
-- | The region in which the trail was created.
trail_homeRegion :: Lens' Trail (Maybe Text)
-- | Set to True to include Amazon Web Services API calls from
-- Amazon Web Services global services such as IAM. Otherwise,
-- False.
trail_includeGlobalServiceEvents :: Lens' Trail (Maybe Bool)
-- | Specifies whether the trail exists only in one region or exists in all
-- regions.
trail_isMultiRegionTrail :: Lens' Trail (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
trail_isOrganizationTrail :: Lens' Trail (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
trail_kmsKeyId :: Lens' Trail (Maybe Text)
-- | Specifies whether log file validation is enabled.
trail_logFileValidationEnabled :: Lens' Trail (Maybe Bool)
-- | Name of the trail set by calling CreateTrail. The maximum length is
-- 128 characters.
trail_name :: Lens' Trail (Maybe Text)
-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
-- files. See Amazon S3 Bucket Naming Requirements.
trail_s3BucketName :: Lens' Trail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
trail_s3KeyPrefix :: Lens' Trail (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
trail_snsTopicARN :: Lens' Trail (Maybe Text)
-- | This field is no longer in use. Use SnsTopicARN.
trail_snsTopicName :: Lens' Trail (Maybe Text)
-- | Specifies the ARN of the trail. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
trail_trailARN :: Lens' Trail (Maybe Text)
-- | Information about a CloudTrail trail, including the trail's name, home
-- region, and Amazon Resource Name (ARN).
--
-- See: newTrailInfo smart constructor.
data TrailInfo
TrailInfo' :: Maybe Text -> Maybe Text -> Maybe Text -> TrailInfo
-- | The Amazon Web Services Region in which a trail was created.
[$sel:homeRegion:TrailInfo'] :: TrailInfo -> Maybe Text
-- | The name of a trail.
[$sel:name:TrailInfo'] :: TrailInfo -> Maybe Text
-- | The ARN of a trail.
[$sel:trailARN:TrailInfo'] :: TrailInfo -> Maybe Text
-- | Create a value of TrailInfo with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:homeRegion:TrailInfo', trailInfo_homeRegion - The
-- Amazon Web Services Region in which a trail was created.
--
-- $sel:name:TrailInfo', trailInfo_name - The name of a
-- trail.
--
-- $sel:trailARN:TrailInfo', trailInfo_trailARN - The ARN
-- of a trail.
newTrailInfo :: TrailInfo
-- | The Amazon Web Services Region in which a trail was created.
trailInfo_homeRegion :: Lens' TrailInfo (Maybe Text)
-- | The name of a trail.
trailInfo_name :: Lens' TrailInfo (Maybe Text)
-- | The ARN of a trail.
trailInfo_trailARN :: Lens' TrailInfo (Maybe Text)
-- | Suspends the recording of Amazon Web Services API calls and log file
-- delivery for the specified trail. Under most circumstances, there is
-- no need to use this action. You can update a trail without stopping it
-- first. This action is the only way to stop recording. For a trail
-- enabled in all regions, this operation must be called from the region
-- in which the trail was created, or an
-- InvalidHomeRegionException will occur. This operation cannot
-- be called on the shadow trails (replicated trails in other regions) of
-- a trail enabled in all regions.
module Amazonka.CloudTrail.StopLogging
-- | Passes the request to CloudTrail to stop logging Amazon Web Services
-- API calls for the specified account.
--
-- See: newStopLogging smart constructor.
data StopLogging
StopLogging' :: Text -> StopLogging
-- | Specifies the name or the CloudTrail ARN of the trail for which
-- CloudTrail will stop logging Amazon Web Services API calls. The
-- following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:name:StopLogging'] :: StopLogging -> Text
-- | Create a value of StopLogging with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StopLogging, stopLogging_name - Specifies the name or
-- the CloudTrail ARN of the trail for which CloudTrail will stop logging
-- Amazon Web Services API calls. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newStopLogging :: Text -> StopLogging
-- | Specifies the name or the CloudTrail ARN of the trail for which
-- CloudTrail will stop logging Amazon Web Services API calls. The
-- following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
stopLogging_name :: Lens' StopLogging Text
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newStopLoggingResponse smart constructor.
data StopLoggingResponse
StopLoggingResponse' :: Int -> StopLoggingResponse
-- | The response's http status code.
[$sel:httpStatus:StopLoggingResponse'] :: StopLoggingResponse -> Int
-- | Create a value of StopLoggingResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:StopLoggingResponse',
-- stopLoggingResponse_httpStatus - The response's http status
-- code.
newStopLoggingResponse :: Int -> StopLoggingResponse
-- | The response's http status code.
stopLoggingResponse_httpStatus :: Lens' StopLoggingResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.StopLogging.StopLogging
instance GHC.Show.Show Amazonka.CloudTrail.StopLogging.StopLogging
instance GHC.Read.Read Amazonka.CloudTrail.StopLogging.StopLogging
instance GHC.Classes.Eq Amazonka.CloudTrail.StopLogging.StopLogging
instance GHC.Generics.Generic Amazonka.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Show.Show Amazonka.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Read.Read Amazonka.CloudTrail.StopLogging.StopLoggingResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.StopLogging.StopLoggingResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.StopLogging.StopLogging
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StopLogging.StopLoggingResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.StopLogging.StopLogging
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StopLogging.StopLogging
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.StopLogging.StopLogging
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.StopLogging.StopLogging
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.StopLogging.StopLogging
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.StopLogging.StopLogging
-- | Stops a specified import.
module Amazonka.CloudTrail.StopImport
-- | See: newStopImport smart constructor.
data StopImport
StopImport' :: Text -> StopImport
-- | The ID of the import.
[$sel:importId:StopImport'] :: StopImport -> Text
-- | Create a value of StopImport with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StopImport, stopImport_importId - The ID of the import.
newStopImport :: Text -> StopImport
-- | The ID of the import.
stopImport_importId :: Lens' StopImport Text
-- | See: newStopImportResponse smart constructor.
data StopImportResponse
StopImportResponse' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe ImportStatistics -> Maybe ImportStatus -> Maybe POSIX -> Maybe POSIX -> Int -> StopImportResponse
-- | The timestamp of the import's creation.
[$sel:createdTimestamp:StopImportResponse'] :: StopImportResponse -> Maybe POSIX
-- | The ARN of the destination event data store.
[$sel:destinations:StopImportResponse'] :: StopImportResponse -> Maybe (NonEmpty Text)
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
[$sel:endEventTime:StopImportResponse'] :: StopImportResponse -> Maybe POSIX
-- | The ID for the import.
[$sel:importId:StopImportResponse'] :: StopImportResponse -> Maybe Text
-- | The source S3 bucket for the import.
[$sel:importSource:StopImportResponse'] :: StopImportResponse -> Maybe ImportSource
-- | Returns information on the stopped import.
[$sel:importStatistics:StopImportResponse'] :: StopImportResponse -> Maybe ImportStatistics
-- | The status of the import.
[$sel:importStatus:StopImportResponse'] :: StopImportResponse -> Maybe ImportStatus
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
[$sel:startEventTime:StopImportResponse'] :: StopImportResponse -> Maybe POSIX
-- | The timestamp of the import's last update.
[$sel:updatedTimestamp:StopImportResponse'] :: StopImportResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:StopImportResponse'] :: StopImportResponse -> Int
-- | Create a value of StopImportResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StopImportResponse, stopImportResponse_createdTimestamp
-- - The timestamp of the import's creation.
--
-- StopImportResponse, stopImportResponse_destinations -
-- The ARN of the destination event data store.
--
-- $sel:endEventTime:StopImportResponse',
-- stopImportResponse_endEventTime - Used with
-- StartEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- StopImport, stopImportResponse_importId - The ID for the
-- import.
--
-- $sel:importSource:StopImportResponse',
-- stopImportResponse_importSource - The source S3 bucket for the
-- import.
--
-- $sel:importStatistics:StopImportResponse',
-- stopImportResponse_importStatistics - Returns information on
-- the stopped import.
--
-- StopImportResponse, stopImportResponse_importStatus -
-- The status of the import.
--
-- $sel:startEventTime:StopImportResponse',
-- stopImportResponse_startEventTime - Used with
-- EndEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- StopImportResponse, stopImportResponse_updatedTimestamp
-- - The timestamp of the import's last update.
--
-- $sel:httpStatus:StopImportResponse',
-- stopImportResponse_httpStatus - The response's http status
-- code.
newStopImportResponse :: Int -> StopImportResponse
-- | The timestamp of the import's creation.
stopImportResponse_createdTimestamp :: Lens' StopImportResponse (Maybe UTCTime)
-- | The ARN of the destination event data store.
stopImportResponse_destinations :: Lens' StopImportResponse (Maybe (NonEmpty Text))
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
stopImportResponse_endEventTime :: Lens' StopImportResponse (Maybe UTCTime)
-- | The ID for the import.
stopImportResponse_importId :: Lens' StopImportResponse (Maybe Text)
-- | The source S3 bucket for the import.
stopImportResponse_importSource :: Lens' StopImportResponse (Maybe ImportSource)
-- | Returns information on the stopped import.
stopImportResponse_importStatistics :: Lens' StopImportResponse (Maybe ImportStatistics)
-- | The status of the import.
stopImportResponse_importStatus :: Lens' StopImportResponse (Maybe ImportStatus)
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
stopImportResponse_startEventTime :: Lens' StopImportResponse (Maybe UTCTime)
-- | The timestamp of the import's last update.
stopImportResponse_updatedTimestamp :: Lens' StopImportResponse (Maybe UTCTime)
-- | The response's http status code.
stopImportResponse_httpStatus :: Lens' StopImportResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.StopImport.StopImport
instance GHC.Show.Show Amazonka.CloudTrail.StopImport.StopImport
instance GHC.Read.Read Amazonka.CloudTrail.StopImport.StopImport
instance GHC.Classes.Eq Amazonka.CloudTrail.StopImport.StopImport
instance GHC.Generics.Generic Amazonka.CloudTrail.StopImport.StopImportResponse
instance GHC.Show.Show Amazonka.CloudTrail.StopImport.StopImportResponse
instance GHC.Read.Read Amazonka.CloudTrail.StopImport.StopImportResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.StopImport.StopImportResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.StopImport.StopImport
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StopImport.StopImportResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.StopImport.StopImport
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StopImport.StopImport
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.StopImport.StopImport
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.StopImport.StopImport
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.StopImport.StopImport
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.StopImport.StopImport
-- | Starts a CloudTrail Lake query. The required QueryStatement
-- parameter provides your SQL query, enclosed in single quotation marks.
-- Use the optional DeliveryS3Uri parameter to deliver the query
-- results to an S3 bucket.
module Amazonka.CloudTrail.StartQuery
-- | See: newStartQuery smart constructor.
data StartQuery
StartQuery' :: Maybe Text -> Text -> StartQuery
-- | The URI for the S3 bucket where CloudTrail delivers the query results.
[$sel:deliveryS3Uri:StartQuery'] :: StartQuery -> Maybe Text
-- | The SQL code of your query.
[$sel:queryStatement:StartQuery'] :: StartQuery -> Text
-- | Create a value of StartQuery with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:deliveryS3Uri:StartQuery', startQuery_deliveryS3Uri
-- - The URI for the S3 bucket where CloudTrail delivers the query
-- results.
--
-- $sel:queryStatement:StartQuery',
-- startQuery_queryStatement - The SQL code of your query.
newStartQuery :: Text -> StartQuery
-- | The URI for the S3 bucket where CloudTrail delivers the query results.
startQuery_deliveryS3Uri :: Lens' StartQuery (Maybe Text)
-- | The SQL code of your query.
startQuery_queryStatement :: Lens' StartQuery Text
-- | See: newStartQueryResponse smart constructor.
data StartQueryResponse
StartQueryResponse' :: Maybe Text -> Int -> StartQueryResponse
-- | The ID of the started query.
[$sel:queryId:StartQueryResponse'] :: StartQueryResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:StartQueryResponse'] :: StartQueryResponse -> Int
-- | Create a value of StartQueryResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartQueryResponse, startQueryResponse_queryId - The ID
-- of the started query.
--
-- $sel:httpStatus:StartQueryResponse',
-- startQueryResponse_httpStatus - The response's http status
-- code.
newStartQueryResponse :: Int -> StartQueryResponse
-- | The ID of the started query.
startQueryResponse_queryId :: Lens' StartQueryResponse (Maybe Text)
-- | The response's http status code.
startQueryResponse_httpStatus :: Lens' StartQueryResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.StartQuery.StartQuery
instance GHC.Show.Show Amazonka.CloudTrail.StartQuery.StartQuery
instance GHC.Read.Read Amazonka.CloudTrail.StartQuery.StartQuery
instance GHC.Classes.Eq Amazonka.CloudTrail.StartQuery.StartQuery
instance GHC.Generics.Generic Amazonka.CloudTrail.StartQuery.StartQueryResponse
instance GHC.Show.Show Amazonka.CloudTrail.StartQuery.StartQueryResponse
instance GHC.Read.Read Amazonka.CloudTrail.StartQuery.StartQueryResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.StartQuery.StartQueryResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.StartQuery.StartQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StartQuery.StartQueryResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.StartQuery.StartQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StartQuery.StartQuery
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.StartQuery.StartQuery
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.StartQuery.StartQuery
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.StartQuery.StartQuery
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.StartQuery.StartQuery
-- | Starts the recording of Amazon Web Services API calls and log file
-- delivery for a trail. For a trail that is enabled in all regions, this
-- operation must be called from the region in which the trail was
-- created. This operation cannot be called on the shadow trails
-- (replicated trails in other regions) of a trail that is enabled in all
-- regions.
module Amazonka.CloudTrail.StartLogging
-- | The request to CloudTrail to start logging Amazon Web Services API
-- calls for an account.
--
-- See: newStartLogging smart constructor.
data StartLogging
StartLogging' :: Text -> StartLogging
-- | Specifies the name or the CloudTrail ARN of the trail for which
-- CloudTrail logs Amazon Web Services API calls. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:name:StartLogging'] :: StartLogging -> Text
-- | Create a value of StartLogging with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartLogging, startLogging_name - Specifies the name or
-- the CloudTrail ARN of the trail for which CloudTrail logs Amazon Web
-- Services API calls. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newStartLogging :: Text -> StartLogging
-- | Specifies the name or the CloudTrail ARN of the trail for which
-- CloudTrail logs Amazon Web Services API calls. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
startLogging_name :: Lens' StartLogging Text
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newStartLoggingResponse smart constructor.
data StartLoggingResponse
StartLoggingResponse' :: Int -> StartLoggingResponse
-- | The response's http status code.
[$sel:httpStatus:StartLoggingResponse'] :: StartLoggingResponse -> Int
-- | Create a value of StartLoggingResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:StartLoggingResponse',
-- startLoggingResponse_httpStatus - The response's http status
-- code.
newStartLoggingResponse :: Int -> StartLoggingResponse
-- | The response's http status code.
startLoggingResponse_httpStatus :: Lens' StartLoggingResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.StartLogging.StartLogging
instance GHC.Show.Show Amazonka.CloudTrail.StartLogging.StartLogging
instance GHC.Read.Read Amazonka.CloudTrail.StartLogging.StartLogging
instance GHC.Classes.Eq Amazonka.CloudTrail.StartLogging.StartLogging
instance GHC.Generics.Generic Amazonka.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Show.Show Amazonka.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Read.Read Amazonka.CloudTrail.StartLogging.StartLoggingResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.StartLogging.StartLoggingResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.StartLogging.StartLogging
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StartLogging.StartLoggingResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.StartLogging.StartLogging
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StartLogging.StartLogging
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.StartLogging.StartLogging
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.StartLogging.StartLogging
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.StartLogging.StartLogging
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.StartLogging.StartLogging
-- | Starts an import of logged trail events from a source S3 bucket to a
-- destination event data store. By default, CloudTrail only imports
-- events contained in the S3 bucket's CloudTrail prefix and the
-- prefixes inside the CloudTrail prefix, and does not check
-- prefixes for other Amazon Web Services services. If you want to import
-- CloudTrail events contained in another prefix, you must include the
-- prefix in the S3LocationUri. For more considerations about
-- importing trail events, see Considerations.
--
-- When you start a new import, the Destinations and
-- ImportSource parameters are required. Before starting a new
-- import, disable any access control lists (ACLs) attached to the source
-- S3 bucket. For more information about disabling ACLs, see
-- Controlling ownership of objects and disabling ACLs for your
-- bucket.
--
-- When you retry an import, the ImportID parameter is required.
module Amazonka.CloudTrail.StartImport
-- | See: newStartImport smart constructor.
data StartImport
StartImport' :: Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe POSIX -> StartImport
-- | The ARN of the destination event data store. Use this parameter for a
-- new import.
[$sel:destinations:StartImport'] :: StartImport -> Maybe (NonEmpty Text)
-- | Use with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period. When you specify a time range,
-- CloudTrail checks the prefix and log file names to verify the names
-- contain a date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
[$sel:endEventTime:StartImport'] :: StartImport -> Maybe POSIX
-- | The ID of the import. Use this parameter when you are retrying an
-- import.
[$sel:importId:StartImport'] :: StartImport -> Maybe Text
-- | The source S3 bucket for the import. Use this parameter for a new
-- import.
[$sel:importSource:StartImport'] :: StartImport -> Maybe ImportSource
-- | Use with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period. When you specify a time range,
-- CloudTrail checks the prefix and log file names to verify the names
-- contain a date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
[$sel:startEventTime:StartImport'] :: StartImport -> Maybe POSIX
-- | Create a value of StartImport with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartImport, startImport_destinations - The ARN of the
-- destination event data store. Use this parameter for a new import.
--
-- StartImport, startImport_endEventTime - Use with
-- StartEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period. When you specify a time range, CloudTrail
-- checks the prefix and log file names to verify the names contain a
-- date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
--
-- StartImport, startImport_importId - The ID of the
-- import. Use this parameter when you are retrying an import.
--
-- StartImport, startImport_importSource - The source S3
-- bucket for the import. Use this parameter for a new import.
--
-- StartImport, startImport_startEventTime - Use with
-- EndEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period. When you specify a time range, CloudTrail
-- checks the prefix and log file names to verify the names contain a
-- date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
newStartImport :: StartImport
-- | The ARN of the destination event data store. Use this parameter for a
-- new import.
startImport_destinations :: Lens' StartImport (Maybe (NonEmpty Text))
-- | Use with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period. When you specify a time range,
-- CloudTrail checks the prefix and log file names to verify the names
-- contain a date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
startImport_endEventTime :: Lens' StartImport (Maybe UTCTime)
-- | The ID of the import. Use this parameter when you are retrying an
-- import.
startImport_importId :: Lens' StartImport (Maybe Text)
-- | The source S3 bucket for the import. Use this parameter for a new
-- import.
startImport_importSource :: Lens' StartImport (Maybe ImportSource)
-- | Use with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period. When you specify a time range,
-- CloudTrail checks the prefix and log file names to verify the names
-- contain a date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
startImport_startEventTime :: Lens' StartImport (Maybe UTCTime)
-- | See: newStartImportResponse smart constructor.
data StartImportResponse
StartImportResponse' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe ImportStatus -> Maybe POSIX -> Maybe POSIX -> Int -> StartImportResponse
-- | The timestamp for the import's creation.
[$sel:createdTimestamp:StartImportResponse'] :: StartImportResponse -> Maybe POSIX
-- | The ARN of the destination event data store.
[$sel:destinations:StartImportResponse'] :: StartImportResponse -> Maybe (NonEmpty Text)
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
[$sel:endEventTime:StartImportResponse'] :: StartImportResponse -> Maybe POSIX
-- | The ID of the import.
[$sel:importId:StartImportResponse'] :: StartImportResponse -> Maybe Text
-- | The source S3 bucket for the import.
[$sel:importSource:StartImportResponse'] :: StartImportResponse -> Maybe ImportSource
-- | Shows the status of the import after a StartImport request.
-- An import finishes with a status of COMPLETED if there were
-- no failures, or FAILED if there were failures.
[$sel:importStatus:StartImportResponse'] :: StartImportResponse -> Maybe ImportStatus
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
[$sel:startEventTime:StartImportResponse'] :: StartImportResponse -> Maybe POSIX
-- | The timestamp of the import's last update, if applicable.
[$sel:updatedTimestamp:StartImportResponse'] :: StartImportResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:StartImportResponse'] :: StartImportResponse -> Int
-- | Create a value of StartImportResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartImportResponse,
-- startImportResponse_createdTimestamp - The timestamp for the
-- import's creation.
--
-- StartImport, startImportResponse_destinations - The ARN
-- of the destination event data store.
--
-- StartImport, startImportResponse_endEventTime - Used
-- with StartEventTime to bound a StartImport request,
-- and limit imported trail events to only those events logged within a
-- specified time period.
--
-- StartImport, startImportResponse_importId - The ID of
-- the import.
--
-- StartImport, startImportResponse_importSource - The
-- source S3 bucket for the import.
--
-- StartImportResponse, startImportResponse_importStatus -
-- Shows the status of the import after a StartImport request.
-- An import finishes with a status of COMPLETED if there were
-- no failures, or FAILED if there were failures.
--
-- StartImport, startImportResponse_startEventTime - Used
-- with EndEventTime to bound a StartImport request,
-- and limit imported trail events to only those events logged within a
-- specified time period.
--
-- StartImportResponse,
-- startImportResponse_updatedTimestamp - The timestamp of the
-- import's last update, if applicable.
--
-- $sel:httpStatus:StartImportResponse',
-- startImportResponse_httpStatus - The response's http status
-- code.
newStartImportResponse :: Int -> StartImportResponse
-- | The timestamp for the import's creation.
startImportResponse_createdTimestamp :: Lens' StartImportResponse (Maybe UTCTime)
-- | The ARN of the destination event data store.
startImportResponse_destinations :: Lens' StartImportResponse (Maybe (NonEmpty Text))
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
startImportResponse_endEventTime :: Lens' StartImportResponse (Maybe UTCTime)
-- | The ID of the import.
startImportResponse_importId :: Lens' StartImportResponse (Maybe Text)
-- | The source S3 bucket for the import.
startImportResponse_importSource :: Lens' StartImportResponse (Maybe ImportSource)
-- | Shows the status of the import after a StartImport request.
-- An import finishes with a status of COMPLETED if there were
-- no failures, or FAILED if there were failures.
startImportResponse_importStatus :: Lens' StartImportResponse (Maybe ImportStatus)
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
startImportResponse_startEventTime :: Lens' StartImportResponse (Maybe UTCTime)
-- | The timestamp of the import's last update, if applicable.
startImportResponse_updatedTimestamp :: Lens' StartImportResponse (Maybe UTCTime)
-- | The response's http status code.
startImportResponse_httpStatus :: Lens' StartImportResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.StartImport.StartImport
instance GHC.Show.Show Amazonka.CloudTrail.StartImport.StartImport
instance GHC.Read.Read Amazonka.CloudTrail.StartImport.StartImport
instance GHC.Classes.Eq Amazonka.CloudTrail.StartImport.StartImport
instance GHC.Generics.Generic Amazonka.CloudTrail.StartImport.StartImportResponse
instance GHC.Show.Show Amazonka.CloudTrail.StartImport.StartImportResponse
instance GHC.Read.Read Amazonka.CloudTrail.StartImport.StartImportResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.StartImport.StartImportResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.StartImport.StartImport
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StartImport.StartImportResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.StartImport.StartImport
instance Control.DeepSeq.NFData Amazonka.CloudTrail.StartImport.StartImport
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.StartImport.StartImport
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.StartImport.StartImport
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.StartImport.StartImport
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.StartImport.StartImport
-- | Restores a deleted event data store specified by
-- EventDataStore, which accepts an event data store ARN. You
-- can only restore a deleted event data store within the seven-day wait
-- period after deletion. Restoring an event data store can take several
-- minutes, depending on the size of the event data store.
module Amazonka.CloudTrail.RestoreEventDataStore
-- | See: newRestoreEventDataStore smart constructor.
data RestoreEventDataStore
RestoreEventDataStore' :: Text -> RestoreEventDataStore
-- | The ARN (or the ID suffix of the ARN) of the event data store that you
-- want to restore.
[$sel:eventDataStore:RestoreEventDataStore'] :: RestoreEventDataStore -> Text
-- | Create a value of RestoreEventDataStore with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:RestoreEventDataStore',
-- restoreEventDataStore_eventDataStore - The ARN (or the ID
-- suffix of the ARN) of the event data store that you want to restore.
newRestoreEventDataStore :: Text -> RestoreEventDataStore
-- | The ARN (or the ID suffix of the ARN) of the event data store that you
-- want to restore.
restoreEventDataStore_eventDataStore :: Lens' RestoreEventDataStore Text
-- | See: newRestoreEventDataStoreResponse smart constructor.
data RestoreEventDataStoreResponse
RestoreEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> Int -> RestoreEventDataStoreResponse
-- | The advanced event selectors that were used to select events.
[$sel:advancedEventSelectors:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe [AdvancedEventSelector]
-- | The timestamp of an event data store's creation.
[$sel:createdTimestamp:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe POSIX
-- | The event data store ARN.
[$sel:eventDataStoreArn:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Text
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Text
-- | Indicates whether the event data store is collecting events from all
-- regions, or only from the region in which the event data store was
-- created.
[$sel:multiRegionEnabled:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Bool
-- | The name of the event data store.
[$sel:name:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Text
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
[$sel:organizationEnabled:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Bool
-- | The retention period, in days.
[$sel:retentionPeriod:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Natural
-- | The status of the event data store.
[$sel:status:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe EventDataStoreStatus
-- | Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
[$sel:terminationProtectionEnabled:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe Bool
-- | The timestamp that shows when an event data store was updated, if
-- applicable. UpdatedTimestamp is always either the same or
-- newer than the time shown in CreatedTimestamp.
[$sel:updatedTimestamp:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:RestoreEventDataStoreResponse'] :: RestoreEventDataStoreResponse -> Int
-- | Create a value of RestoreEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_advancedEventSelectors - The
-- advanced event selectors that were used to select events.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_createdTimestamp - The timestamp
-- of an event data store's creation.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_eventDataStoreArn - The event
-- data store ARN.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_kmsKeyId - Specifies the KMS key
-- ID that encrypts the events delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store is collecting events from all regions, or
-- only from the region in which the event data store was created.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_name - The name of the event data
-- store.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_retentionPeriod - The retention
-- period, in days.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_status - The status of the event
-- data store.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_updatedTimestamp - The timestamp
-- that shows when an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:RestoreEventDataStoreResponse',
-- restoreEventDataStoreResponse_httpStatus - The response's http
-- status code.
newRestoreEventDataStoreResponse :: Int -> RestoreEventDataStoreResponse
-- | The advanced event selectors that were used to select events.
restoreEventDataStoreResponse_advancedEventSelectors :: Lens' RestoreEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp of an event data store's creation.
restoreEventDataStoreResponse_createdTimestamp :: Lens' RestoreEventDataStoreResponse (Maybe UTCTime)
-- | The event data store ARN.
restoreEventDataStoreResponse_eventDataStoreArn :: Lens' RestoreEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
restoreEventDataStoreResponse_kmsKeyId :: Lens' RestoreEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store is collecting events from all
-- regions, or only from the region in which the event data store was
-- created.
restoreEventDataStoreResponse_multiRegionEnabled :: Lens' RestoreEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
restoreEventDataStoreResponse_name :: Lens' RestoreEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
restoreEventDataStoreResponse_organizationEnabled :: Lens' RestoreEventDataStoreResponse (Maybe Bool)
-- | The retention period, in days.
restoreEventDataStoreResponse_retentionPeriod :: Lens' RestoreEventDataStoreResponse (Maybe Natural)
-- | The status of the event data store.
restoreEventDataStoreResponse_status :: Lens' RestoreEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
restoreEventDataStoreResponse_terminationProtectionEnabled :: Lens' RestoreEventDataStoreResponse (Maybe Bool)
-- | The timestamp that shows when an event data store was updated, if
-- applicable. UpdatedTimestamp is always either the same or
-- newer than the time shown in CreatedTimestamp.
restoreEventDataStoreResponse_updatedTimestamp :: Lens' RestoreEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
restoreEventDataStoreResponse_httpStatus :: Lens' RestoreEventDataStoreResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance GHC.Show.Show Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance GHC.Read.Read Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance GHC.Classes.Eq Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance GHC.Generics.Generic Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStoreResponse
instance GHC.Show.Show Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStoreResponse
instance GHC.Read.Read Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStoreResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStoreResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStoreResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.RestoreEventDataStore.RestoreEventDataStore
-- | Removes the specified tags from a trail or event data store.
module Amazonka.CloudTrail.RemoveTags
-- | Specifies the tags to remove from a trail or event data store.
--
-- See: newRemoveTags smart constructor.
data RemoveTags
RemoveTags' :: Text -> [Tag] -> RemoveTags
-- | Specifies the ARN of the trail or event data store from which tags
-- should be removed.
--
-- Example trail ARN format:
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
-- Example event data store ARN format:
-- arn:aws:cloudtrail:us-east-2:12345678910:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
[$sel:resourceId:RemoveTags'] :: RemoveTags -> Text
-- | Specifies a list of tags to be removed.
[$sel:tagsList:RemoveTags'] :: RemoveTags -> [Tag]
-- | Create a value of RemoveTags with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- RemoveTags, removeTags_resourceId - Specifies the ARN of
-- the trail or event data store from which tags should be removed.
--
-- Example trail ARN format:
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
-- Example event data store ARN format:
-- arn:aws:cloudtrail:us-east-2:12345678910:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
--
-- RemoveTags, removeTags_tagsList - Specifies a list of
-- tags to be removed.
newRemoveTags :: Text -> RemoveTags
-- | Specifies the ARN of the trail or event data store from which tags
-- should be removed.
--
-- Example trail ARN format:
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
-- Example event data store ARN format:
-- arn:aws:cloudtrail:us-east-2:12345678910:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
removeTags_resourceId :: Lens' RemoveTags Text
-- | Specifies a list of tags to be removed.
removeTags_tagsList :: Lens' RemoveTags [Tag]
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newRemoveTagsResponse smart constructor.
data RemoveTagsResponse
RemoveTagsResponse' :: Int -> RemoveTagsResponse
-- | The response's http status code.
[$sel:httpStatus:RemoveTagsResponse'] :: RemoveTagsResponse -> Int
-- | Create a value of RemoveTagsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:RemoveTagsResponse',
-- removeTagsResponse_httpStatus - The response's http status
-- code.
newRemoveTagsResponse :: Int -> RemoveTagsResponse
-- | The response's http status code.
removeTagsResponse_httpStatus :: Lens' RemoveTagsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.RemoveTags.RemoveTags
instance GHC.Show.Show Amazonka.CloudTrail.RemoveTags.RemoveTags
instance GHC.Read.Read Amazonka.CloudTrail.RemoveTags.RemoveTags
instance GHC.Classes.Eq Amazonka.CloudTrail.RemoveTags.RemoveTags
instance GHC.Generics.Generic Amazonka.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Show.Show Amazonka.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Read.Read Amazonka.CloudTrail.RemoveTags.RemoveTagsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.RemoveTags.RemoveTagsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.RemoveTags.RemoveTags
instance Control.DeepSeq.NFData Amazonka.CloudTrail.RemoveTags.RemoveTagsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.RemoveTags.RemoveTags
instance Control.DeepSeq.NFData Amazonka.CloudTrail.RemoveTags.RemoveTags
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.RemoveTags.RemoveTags
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.RemoveTags.RemoveTags
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.RemoveTags.RemoveTags
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.RemoveTags.RemoveTags
-- | Registers an organization’s member account as the CloudTrail delegated
-- administrator.
module Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin
-- | Specifies an organization member account ID as a CloudTrail delegated
-- administrator.
--
-- See: newRegisterOrganizationDelegatedAdmin smart
-- constructor.
data RegisterOrganizationDelegatedAdmin
RegisterOrganizationDelegatedAdmin' :: Text -> RegisterOrganizationDelegatedAdmin
-- | An organization member account ID that you want to designate as a
-- delegated administrator.
[$sel:memberAccountId:RegisterOrganizationDelegatedAdmin'] :: RegisterOrganizationDelegatedAdmin -> Text
-- | Create a value of RegisterOrganizationDelegatedAdmin with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:memberAccountId:RegisterOrganizationDelegatedAdmin',
-- registerOrganizationDelegatedAdmin_memberAccountId - An
-- organization member account ID that you want to designate as a
-- delegated administrator.
newRegisterOrganizationDelegatedAdmin :: Text -> RegisterOrganizationDelegatedAdmin
-- | An organization member account ID that you want to designate as a
-- delegated administrator.
registerOrganizationDelegatedAdmin_memberAccountId :: Lens' RegisterOrganizationDelegatedAdmin Text
-- | Returns the following response if successful. Otherwise, returns an
-- error.
--
-- See: newRegisterOrganizationDelegatedAdminResponse smart
-- constructor.
data RegisterOrganizationDelegatedAdminResponse
RegisterOrganizationDelegatedAdminResponse' :: Int -> RegisterOrganizationDelegatedAdminResponse
-- | The response's http status code.
[$sel:httpStatus:RegisterOrganizationDelegatedAdminResponse'] :: RegisterOrganizationDelegatedAdminResponse -> Int
-- | Create a value of RegisterOrganizationDelegatedAdminResponse
-- with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:RegisterOrganizationDelegatedAdminResponse',
-- registerOrganizationDelegatedAdminResponse_httpStatus - The
-- response's http status code.
newRegisterOrganizationDelegatedAdminResponse :: Int -> RegisterOrganizationDelegatedAdminResponse
-- | The response's http status code.
registerOrganizationDelegatedAdminResponse_httpStatus :: Lens' RegisterOrganizationDelegatedAdminResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance GHC.Show.Show Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance GHC.Read.Read Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance GHC.Classes.Eq Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance GHC.Generics.Generic Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdminResponse
instance GHC.Show.Show Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdminResponse
instance GHC.Read.Read Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdminResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdminResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance Control.DeepSeq.NFData Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdminResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance Control.DeepSeq.NFData Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.RegisterOrganizationDelegatedAdmin.RegisterOrganizationDelegatedAdmin
-- | Lets you enable Insights event logging by specifying the Insights
-- selectors that you want to enable on an existing trail. You also use
-- PutInsightSelectors to turn off Insights event logging, by
-- passing an empty list of insight types. The valid Insights event types
-- in this release are ApiErrorRateInsight and
-- ApiCallRateInsight.
module Amazonka.CloudTrail.PutInsightSelectors
-- | See: newPutInsightSelectors smart constructor.
data PutInsightSelectors
PutInsightSelectors' :: Text -> [InsightSelector] -> PutInsightSelectors
-- | The name of the CloudTrail trail for which you want to change or add
-- Insights selectors.
[$sel:trailName:PutInsightSelectors'] :: PutInsightSelectors -> Text
-- | A JSON string that contains the insight types you want to log on a
-- trail. ApiCallRateInsight and ApiErrorRateInsight
-- are valid insight types.
[$sel:insightSelectors:PutInsightSelectors'] :: PutInsightSelectors -> [InsightSelector]
-- | Create a value of PutInsightSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailName:PutInsightSelectors',
-- putInsightSelectors_trailName - The name of the CloudTrail
-- trail for which you want to change or add Insights selectors.
--
-- PutInsightSelectors,
-- putInsightSelectors_insightSelectors - A JSON string that
-- contains the insight types you want to log on a trail.
-- ApiCallRateInsight and ApiErrorRateInsight are valid
-- insight types.
newPutInsightSelectors :: Text -> PutInsightSelectors
-- | The name of the CloudTrail trail for which you want to change or add
-- Insights selectors.
putInsightSelectors_trailName :: Lens' PutInsightSelectors Text
-- | A JSON string that contains the insight types you want to log on a
-- trail. ApiCallRateInsight and ApiErrorRateInsight
-- are valid insight types.
putInsightSelectors_insightSelectors :: Lens' PutInsightSelectors [InsightSelector]
-- | See: newPutInsightSelectorsResponse smart constructor.
data PutInsightSelectorsResponse
PutInsightSelectorsResponse' :: Maybe [InsightSelector] -> Maybe Text -> Int -> PutInsightSelectorsResponse
-- | A JSON string that contains the Insights event types that you want to
-- log on a trail. The valid Insights types in this release are
-- ApiErrorRateInsight and ApiCallRateInsight.
[$sel:insightSelectors:PutInsightSelectorsResponse'] :: PutInsightSelectorsResponse -> Maybe [InsightSelector]
-- | The Amazon Resource Name (ARN) of a trail for which you want to change
-- or add Insights selectors.
[$sel:trailARN:PutInsightSelectorsResponse'] :: PutInsightSelectorsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:PutInsightSelectorsResponse'] :: PutInsightSelectorsResponse -> Int
-- | Create a value of PutInsightSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- PutInsightSelectors,
-- putInsightSelectorsResponse_insightSelectors - A JSON string
-- that contains the Insights event types that you want to log on a
-- trail. The valid Insights types in this release are
-- ApiErrorRateInsight and ApiCallRateInsight.
--
-- PutInsightSelectorsResponse,
-- putInsightSelectorsResponse_trailARN - The Amazon Resource Name
-- (ARN) of a trail for which you want to change or add Insights
-- selectors.
--
-- $sel:httpStatus:PutInsightSelectorsResponse',
-- putInsightSelectorsResponse_httpStatus - The response's http
-- status code.
newPutInsightSelectorsResponse :: Int -> PutInsightSelectorsResponse
-- | A JSON string that contains the Insights event types that you want to
-- log on a trail. The valid Insights types in this release are
-- ApiErrorRateInsight and ApiCallRateInsight.
putInsightSelectorsResponse_insightSelectors :: Lens' PutInsightSelectorsResponse (Maybe [InsightSelector])
-- | The Amazon Resource Name (ARN) of a trail for which you want to change
-- or add Insights selectors.
putInsightSelectorsResponse_trailARN :: Lens' PutInsightSelectorsResponse (Maybe Text)
-- | The response's http status code.
putInsightSelectorsResponse_httpStatus :: Lens' PutInsightSelectorsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance GHC.Show.Show Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance GHC.Read.Read Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance GHC.Classes.Eq Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance GHC.Generics.Generic Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectorsResponse
instance GHC.Show.Show Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectorsResponse
instance GHC.Read.Read Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectorsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectorsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectorsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.PutInsightSelectors.PutInsightSelectors
-- | Configures an event selector or advanced event selectors for your
-- trail. Use event selectors or advanced event selectors to specify
-- management and data event settings for your trail. By default, trails
-- created without specific event selectors are configured to log all
-- read and write management events, and no data events.
--
-- When an event occurs in your account, CloudTrail evaluates the event
-- selectors or advanced event selectors in all trails. For each trail,
-- if the event matches any event selector, the trail processes and logs
-- the event. If the event doesn't match any event selector, the trail
-- doesn't log the event.
--
-- Example
--
--
-- - You create an event selector for a trail and specify that you want
-- write-only events.
-- - The EC2 GetConsoleOutput and RunInstances API
-- operations occur in your account.
-- - CloudTrail evaluates whether the events match your event
-- selectors.
-- - The RunInstances is a write-only event and it matches
-- your event selector. The trail logs the event.
-- - The GetConsoleOutput is a read-only event that doesn't
-- match your event selector. The trail doesn't log the event.
--
--
-- The PutEventSelectors operation must be called from the
-- region in which the trail was created; otherwise, an
-- InvalidHomeRegionException exception is thrown.
--
-- You can configure up to five event selectors for each trail. For more
-- information, see Logging management events for trails ,
-- Logging data events for trails , and Quotas in
-- CloudTrail in the CloudTrail User Guide.
--
-- You can add advanced event selectors, and conditions for your advanced
-- event selectors, up to a maximum of 500 values for all conditions and
-- selectors on a trail. You can use either
-- AdvancedEventSelectors or EventSelectors, but not
-- both. If you apply AdvancedEventSelectors to a trail, any
-- existing EventSelectors are overwritten. For more information
-- about advanced event selectors, see Logging data events for
-- trails in the CloudTrail User Guide.
module Amazonka.CloudTrail.PutEventSelectors
-- | See: newPutEventSelectors smart constructor.
data PutEventSelectors
PutEventSelectors' :: Maybe [AdvancedEventSelector] -> Maybe [EventSelector] -> Text -> PutEventSelectors
-- | Specifies the settings for advanced event selectors. You can add
-- advanced event selectors, and conditions for your advanced event
-- selectors, up to a maximum of 500 values for all conditions and
-- selectors on a trail. You can use either
-- AdvancedEventSelectors or EventSelectors, but not
-- both. If you apply AdvancedEventSelectors to a trail, any
-- existing EventSelectors are overwritten. For more information
-- about advanced event selectors, see Logging data events for
-- trails in the CloudTrail User Guide.
[$sel:advancedEventSelectors:PutEventSelectors'] :: PutEventSelectors -> Maybe [AdvancedEventSelector]
-- | Specifies the settings for your event selectors. You can configure up
-- to five event selectors for a trail. You can use either
-- EventSelectors or AdvancedEventSelectors in a
-- PutEventSelectors request, but not both. If you apply
-- EventSelectors to a trail, any existing
-- AdvancedEventSelectors are overwritten.
[$sel:eventSelectors:PutEventSelectors'] :: PutEventSelectors -> Maybe [EventSelector]
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailName:PutEventSelectors'] :: PutEventSelectors -> Text
-- | Create a value of PutEventSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- PutEventSelectors,
-- putEventSelectors_advancedEventSelectors - Specifies the
-- settings for advanced event selectors. You can add advanced event
-- selectors, and conditions for your advanced event selectors, up to a
-- maximum of 500 values for all conditions and selectors on a trail. You
-- can use either AdvancedEventSelectors or
-- EventSelectors, but not both. If you apply
-- AdvancedEventSelectors to a trail, any existing
-- EventSelectors are overwritten. For more information about
-- advanced event selectors, see Logging data events for trails in
-- the CloudTrail User Guide.
--
-- PutEventSelectors, putEventSelectors_eventSelectors -
-- Specifies the settings for your event selectors. You can configure up
-- to five event selectors for a trail. You can use either
-- EventSelectors or AdvancedEventSelectors in a
-- PutEventSelectors request, but not both. If you apply
-- EventSelectors to a trail, any existing
-- AdvancedEventSelectors are overwritten.
--
-- $sel:trailName:PutEventSelectors',
-- putEventSelectors_trailName - Specifies the name of the trail
-- or trail ARN. If you specify a trail name, the string must meet the
-- following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newPutEventSelectors :: Text -> PutEventSelectors
-- | Specifies the settings for advanced event selectors. You can add
-- advanced event selectors, and conditions for your advanced event
-- selectors, up to a maximum of 500 values for all conditions and
-- selectors on a trail. You can use either
-- AdvancedEventSelectors or EventSelectors, but not
-- both. If you apply AdvancedEventSelectors to a trail, any
-- existing EventSelectors are overwritten. For more information
-- about advanced event selectors, see Logging data events for
-- trails in the CloudTrail User Guide.
putEventSelectors_advancedEventSelectors :: Lens' PutEventSelectors (Maybe [AdvancedEventSelector])
-- | Specifies the settings for your event selectors. You can configure up
-- to five event selectors for a trail. You can use either
-- EventSelectors or AdvancedEventSelectors in a
-- PutEventSelectors request, but not both. If you apply
-- EventSelectors to a trail, any existing
-- AdvancedEventSelectors are overwritten.
putEventSelectors_eventSelectors :: Lens' PutEventSelectors (Maybe [EventSelector])
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
putEventSelectors_trailName :: Lens' PutEventSelectors Text
-- | See: newPutEventSelectorsResponse smart constructor.
data PutEventSelectorsResponse
PutEventSelectorsResponse' :: Maybe [AdvancedEventSelector] -> Maybe [EventSelector] -> Maybe Text -> Int -> PutEventSelectorsResponse
-- | Specifies the advanced event selectors configured for your trail.
[$sel:advancedEventSelectors:PutEventSelectorsResponse'] :: PutEventSelectorsResponse -> Maybe [AdvancedEventSelector]
-- | Specifies the event selectors configured for your trail.
[$sel:eventSelectors:PutEventSelectorsResponse'] :: PutEventSelectorsResponse -> Maybe [EventSelector]
-- | Specifies the ARN of the trail that was updated with event selectors.
-- The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailARN:PutEventSelectorsResponse'] :: PutEventSelectorsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:PutEventSelectorsResponse'] :: PutEventSelectorsResponse -> Int
-- | Create a value of PutEventSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- PutEventSelectors,
-- putEventSelectorsResponse_advancedEventSelectors - Specifies
-- the advanced event selectors configured for your trail.
--
-- PutEventSelectors,
-- putEventSelectorsResponse_eventSelectors - Specifies the event
-- selectors configured for your trail.
--
-- PutEventSelectorsResponse,
-- putEventSelectorsResponse_trailARN - Specifies the ARN of the
-- trail that was updated with event selectors. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- $sel:httpStatus:PutEventSelectorsResponse',
-- putEventSelectorsResponse_httpStatus - The response's http
-- status code.
newPutEventSelectorsResponse :: Int -> PutEventSelectorsResponse
-- | Specifies the advanced event selectors configured for your trail.
putEventSelectorsResponse_advancedEventSelectors :: Lens' PutEventSelectorsResponse (Maybe [AdvancedEventSelector])
-- | Specifies the event selectors configured for your trail.
putEventSelectorsResponse_eventSelectors :: Lens' PutEventSelectorsResponse (Maybe [EventSelector])
-- | Specifies the ARN of the trail that was updated with event selectors.
-- The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
putEventSelectorsResponse_trailARN :: Lens' PutEventSelectorsResponse (Maybe Text)
-- | The response's http status code.
putEventSelectorsResponse_httpStatus :: Lens' PutEventSelectorsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Show.Show Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Read.Read Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Classes.Eq Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance GHC.Generics.Generic Amazonka.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Show.Show Amazonka.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Read.Read Amazonka.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.PutEventSelectors.PutEventSelectorsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.PutEventSelectors.PutEventSelectors
-- | Looks up management events or CloudTrail Insights events
-- that are captured by CloudTrail. You can look up events that occurred
-- in a region within the last 90 days. Lookup supports the following
-- attributes for management events:
--
--
-- - Amazon Web Services access key
-- - Event ID
-- - Event name
-- - Event source
-- - Read only
-- - Resource name
-- - Resource type
-- - User name
--
--
-- Lookup supports the following attributes for Insights events:
--
--
-- - Event ID
-- - Event name
-- - Event source
--
--
-- All attributes are optional. The default number of results returned is
-- 50, with a maximum of 50 possible. The response includes a token that
-- you can use to get the next page of results.
--
-- The rate of lookup requests is limited to two per second, per account,
-- per region. If this limit is exceeded, a throttling error occurs.
--
-- This operation returns paginated results.
module Amazonka.CloudTrail.LookupEvents
-- | Contains a request for LookupEvents.
--
-- See: newLookupEvents smart constructor.
data LookupEvents
LookupEvents' :: Maybe POSIX -> Maybe EventCategory -> Maybe [LookupAttribute] -> Maybe Natural -> Maybe Text -> Maybe POSIX -> LookupEvents
-- | Specifies that only events that occur before or at the specified time
-- are returned. If the specified end time is before the specified start
-- time, an error is returned.
[$sel:endTime:LookupEvents'] :: LookupEvents -> Maybe POSIX
-- | Specifies the event category. If you do not specify an event category,
-- events of the category are not returned in the response. For example,
-- if you do not specify insight as the value of
-- EventCategory, no Insights events are returned.
[$sel:eventCategory:LookupEvents'] :: LookupEvents -> Maybe EventCategory
-- | Contains a list of lookup attributes. Currently the list can contain
-- only one item.
[$sel:lookupAttributes:LookupEvents'] :: LookupEvents -> Maybe [LookupAttribute]
-- | The number of events to return. Possible values are 1 through 50. The
-- default is 50.
[$sel:maxResults:LookupEvents'] :: LookupEvents -> Maybe Natural
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
[$sel:nextToken:LookupEvents'] :: LookupEvents -> Maybe Text
-- | Specifies that only events that occur after or at the specified time
-- are returned. If the specified start time is after the specified end
-- time, an error is returned.
[$sel:startTime:LookupEvents'] :: LookupEvents -> Maybe POSIX
-- | Create a value of LookupEvents with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endTime:LookupEvents', lookupEvents_endTime -
-- Specifies that only events that occur before or at the specified time
-- are returned. If the specified end time is before the specified start
-- time, an error is returned.
--
-- $sel:eventCategory:LookupEvents',
-- lookupEvents_eventCategory - Specifies the event category. If
-- you do not specify an event category, events of the category are not
-- returned in the response. For example, if you do not specify
-- insight as the value of EventCategory, no Insights
-- events are returned.
--
-- $sel:lookupAttributes:LookupEvents',
-- lookupEvents_lookupAttributes - Contains a list of lookup
-- attributes. Currently the list can contain only one item.
--
-- $sel:maxResults:LookupEvents', lookupEvents_maxResults -
-- The number of events to return. Possible values are 1 through 50. The
-- default is 50.
--
-- LookupEvents, lookupEvents_nextToken - The token to use
-- to get the next page of results after a previous API call. This token
-- must be passed in with the same parameters that were specified in the
-- original call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
--
-- $sel:startTime:LookupEvents', lookupEvents_startTime -
-- Specifies that only events that occur after or at the specified time
-- are returned. If the specified start time is after the specified end
-- time, an error is returned.
newLookupEvents :: LookupEvents
-- | Specifies that only events that occur before or at the specified time
-- are returned. If the specified end time is before the specified start
-- time, an error is returned.
lookupEvents_endTime :: Lens' LookupEvents (Maybe UTCTime)
-- | Specifies the event category. If you do not specify an event category,
-- events of the category are not returned in the response. For example,
-- if you do not specify insight as the value of
-- EventCategory, no Insights events are returned.
lookupEvents_eventCategory :: Lens' LookupEvents (Maybe EventCategory)
-- | Contains a list of lookup attributes. Currently the list can contain
-- only one item.
lookupEvents_lookupAttributes :: Lens' LookupEvents (Maybe [LookupAttribute])
-- | The number of events to return. Possible values are 1 through 50. The
-- default is 50.
lookupEvents_maxResults :: Lens' LookupEvents (Maybe Natural)
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
lookupEvents_nextToken :: Lens' LookupEvents (Maybe Text)
-- | Specifies that only events that occur after or at the specified time
-- are returned. If the specified start time is after the specified end
-- time, an error is returned.
lookupEvents_startTime :: Lens' LookupEvents (Maybe UTCTime)
-- | Contains a response to a LookupEvents action.
--
-- See: newLookupEventsResponse smart constructor.
data LookupEventsResponse
LookupEventsResponse' :: Maybe [Event] -> Maybe Text -> Int -> LookupEventsResponse
-- | A list of events returned based on the lookup attributes specified and
-- the CloudTrail event. The events list is sorted by time. The most
-- recent event is listed first.
[$sel:events:LookupEventsResponse'] :: LookupEventsResponse -> Maybe [Event]
-- | The token to use to get the next page of results after a previous API
-- call. If the token does not appear, there are no more results to
-- return. The token must be passed in with the same parameters as the
-- previous call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
[$sel:nextToken:LookupEventsResponse'] :: LookupEventsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:LookupEventsResponse'] :: LookupEventsResponse -> Int
-- | Create a value of LookupEventsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:events:LookupEventsResponse',
-- lookupEventsResponse_events - A list of events returned based
-- on the lookup attributes specified and the CloudTrail event. The
-- events list is sorted by time. The most recent event is listed first.
--
-- LookupEvents, lookupEventsResponse_nextToken - The token
-- to use to get the next page of results after a previous API call. If
-- the token does not appear, there are no more results to return. The
-- token must be passed in with the same parameters as the previous call.
-- For example, if the original call specified an AttributeKey of
-- 'Username' with a value of 'root', the call with NextToken should
-- include those same parameters.
--
-- $sel:httpStatus:LookupEventsResponse',
-- lookupEventsResponse_httpStatus - The response's http status
-- code.
newLookupEventsResponse :: Int -> LookupEventsResponse
-- | A list of events returned based on the lookup attributes specified and
-- the CloudTrail event. The events list is sorted by time. The most
-- recent event is listed first.
lookupEventsResponse_events :: Lens' LookupEventsResponse (Maybe [Event])
-- | The token to use to get the next page of results after a previous API
-- call. If the token does not appear, there are no more results to
-- return. The token must be passed in with the same parameters as the
-- previous call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
lookupEventsResponse_nextToken :: Lens' LookupEventsResponse (Maybe Text)
-- | The response's http status code.
lookupEventsResponse_httpStatus :: Lens' LookupEventsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.LookupEvents.LookupEvents
instance GHC.Show.Show Amazonka.CloudTrail.LookupEvents.LookupEvents
instance GHC.Read.Read Amazonka.CloudTrail.LookupEvents.LookupEvents
instance GHC.Classes.Eq Amazonka.CloudTrail.LookupEvents.LookupEvents
instance GHC.Generics.Generic Amazonka.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Show.Show Amazonka.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Read.Read Amazonka.CloudTrail.LookupEvents.LookupEventsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.LookupEvents.LookupEventsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Control.DeepSeq.NFData Amazonka.CloudTrail.LookupEvents.LookupEventsResponse
instance Amazonka.Pager.AWSPager Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Control.DeepSeq.NFData Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.LookupEvents.LookupEvents
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.LookupEvents.LookupEvents
-- | Lists trails that are in the current account.
--
-- This operation returns paginated results.
module Amazonka.CloudTrail.ListTrails
-- | See: newListTrails smart constructor.
data ListTrails
ListTrails' :: Maybe Text -> ListTrails
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
[$sel:nextToken:ListTrails'] :: ListTrails -> Maybe Text
-- | Create a value of ListTrails with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTrails, listTrails_nextToken - The token to use to
-- get the next page of results after a previous API call. This token
-- must be passed in with the same parameters that were specified in the
-- original call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
newListTrails :: ListTrails
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
listTrails_nextToken :: Lens' ListTrails (Maybe Text)
-- | See: newListTrailsResponse smart constructor.
data ListTrailsResponse
ListTrailsResponse' :: Maybe Text -> Maybe [TrailInfo] -> Int -> ListTrailsResponse
-- | The token to use to get the next page of results after a previous API
-- call. If the token does not appear, there are no more results to
-- return. The token must be passed in with the same parameters as the
-- previous call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
[$sel:nextToken:ListTrailsResponse'] :: ListTrailsResponse -> Maybe Text
-- | Returns the name, ARN, and home region of trails in the current
-- account.
[$sel:trails:ListTrailsResponse'] :: ListTrailsResponse -> Maybe [TrailInfo]
-- | The response's http status code.
[$sel:httpStatus:ListTrailsResponse'] :: ListTrailsResponse -> Int
-- | Create a value of ListTrailsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTrails, listTrailsResponse_nextToken - The token to
-- use to get the next page of results after a previous API call. If the
-- token does not appear, there are no more results to return. The token
-- must be passed in with the same parameters as the previous call. For
-- example, if the original call specified an AttributeKey of 'Username'
-- with a value of 'root', the call with NextToken should include those
-- same parameters.
--
-- $sel:trails:ListTrailsResponse',
-- listTrailsResponse_trails - Returns the name, ARN, and home
-- region of trails in the current account.
--
-- $sel:httpStatus:ListTrailsResponse',
-- listTrailsResponse_httpStatus - The response's http status
-- code.
newListTrailsResponse :: Int -> ListTrailsResponse
-- | The token to use to get the next page of results after a previous API
-- call. If the token does not appear, there are no more results to
-- return. The token must be passed in with the same parameters as the
-- previous call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
listTrailsResponse_nextToken :: Lens' ListTrailsResponse (Maybe Text)
-- | Returns the name, ARN, and home region of trails in the current
-- account.
listTrailsResponse_trails :: Lens' ListTrailsResponse (Maybe [TrailInfo])
-- | The response's http status code.
listTrailsResponse_httpStatus :: Lens' ListTrailsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListTrails.ListTrails
instance GHC.Show.Show Amazonka.CloudTrail.ListTrails.ListTrails
instance GHC.Read.Read Amazonka.CloudTrail.ListTrails.ListTrails
instance GHC.Classes.Eq Amazonka.CloudTrail.ListTrails.ListTrails
instance GHC.Generics.Generic Amazonka.CloudTrail.ListTrails.ListTrailsResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListTrails.ListTrailsResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListTrails.ListTrailsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListTrails.ListTrailsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListTrails.ListTrails
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListTrails.ListTrailsResponse
instance Amazonka.Pager.AWSPager Amazonka.CloudTrail.ListTrails.ListTrails
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListTrails.ListTrails
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListTrails.ListTrails
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListTrails.ListTrails
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListTrails.ListTrails
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListTrails.ListTrails
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListTrails.ListTrails
-- | Lists the tags for the trail or event data store in the current
-- region.
--
-- This operation returns paginated results.
module Amazonka.CloudTrail.ListTags
-- | Specifies a list of tags to return.
--
-- See: newListTags smart constructor.
data ListTags
ListTags' :: Maybe Text -> [Text] -> ListTags
-- | Reserved for future use.
[$sel:nextToken:ListTags'] :: ListTags -> Maybe Text
-- | Specifies a list of trail and event data store ARNs whose tags will be
-- listed. The list has a limit of 20 ARNs.
[$sel:resourceIdList:ListTags'] :: ListTags -> [Text]
-- | Create a value of ListTags with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTags, listTags_nextToken - Reserved for future use.
--
-- $sel:resourceIdList:ListTags', listTags_resourceIdList -
-- Specifies a list of trail and event data store ARNs whose tags will be
-- listed. The list has a limit of 20 ARNs.
newListTags :: ListTags
-- | Reserved for future use.
listTags_nextToken :: Lens' ListTags (Maybe Text)
-- | Specifies a list of trail and event data store ARNs whose tags will be
-- listed. The list has a limit of 20 ARNs.
listTags_resourceIdList :: Lens' ListTags [Text]
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newListTagsResponse smart constructor.
data ListTagsResponse
ListTagsResponse' :: Maybe Text -> Maybe [ResourceTag] -> Int -> ListTagsResponse
-- | Reserved for future use.
[$sel:nextToken:ListTagsResponse'] :: ListTagsResponse -> Maybe Text
-- | A list of resource tags.
[$sel:resourceTagList:ListTagsResponse'] :: ListTagsResponse -> Maybe [ResourceTag]
-- | The response's http status code.
[$sel:httpStatus:ListTagsResponse'] :: ListTagsResponse -> Int
-- | Create a value of ListTagsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTags, listTagsResponse_nextToken - Reserved for
-- future use.
--
-- $sel:resourceTagList:ListTagsResponse',
-- listTagsResponse_resourceTagList - A list of resource tags.
--
-- $sel:httpStatus:ListTagsResponse',
-- listTagsResponse_httpStatus - The response's http status code.
newListTagsResponse :: Int -> ListTagsResponse
-- | Reserved for future use.
listTagsResponse_nextToken :: Lens' ListTagsResponse (Maybe Text)
-- | A list of resource tags.
listTagsResponse_resourceTagList :: Lens' ListTagsResponse (Maybe [ResourceTag])
-- | The response's http status code.
listTagsResponse_httpStatus :: Lens' ListTagsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListTags.ListTags
instance GHC.Show.Show Amazonka.CloudTrail.ListTags.ListTags
instance GHC.Read.Read Amazonka.CloudTrail.ListTags.ListTags
instance GHC.Classes.Eq Amazonka.CloudTrail.ListTags.ListTags
instance GHC.Generics.Generic Amazonka.CloudTrail.ListTags.ListTagsResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListTags.ListTagsResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListTags.ListTagsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListTags.ListTagsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListTags.ListTags
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListTags.ListTagsResponse
instance Amazonka.Pager.AWSPager Amazonka.CloudTrail.ListTags.ListTags
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListTags.ListTags
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListTags.ListTags
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListTags.ListTags
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListTags.ListTags
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListTags.ListTags
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListTags.ListTags
-- | Returns a list of queries and query statuses for the past seven days.
-- You must specify an ARN value for EventDataStore. Optionally,
-- to shorten the list of results, you can specify a time range,
-- formatted as timestamps, by adding StartTime and
-- EndTime parameters, and a QueryStatus value. Valid
-- values for QueryStatus include QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
module Amazonka.CloudTrail.ListQueries
-- | See: newListQueries smart constructor.
data ListQueries
ListQueries' :: Maybe POSIX -> Maybe Natural -> Maybe Text -> Maybe QueryStatus -> Maybe POSIX -> Text -> ListQueries
-- | Use with StartTime to bound a ListQueries request,
-- and limit its results to only those queries run within a specified
-- time period.
[$sel:endTime:ListQueries'] :: ListQueries -> Maybe POSIX
-- | The maximum number of queries to show on a page.
[$sel:maxResults:ListQueries'] :: ListQueries -> Maybe Natural
-- | A token you can use to get the next page of results.
[$sel:nextToken:ListQueries'] :: ListQueries -> Maybe Text
-- | The status of queries that you want to return in results. Valid values
-- for QueryStatus include QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
[$sel:queryStatus:ListQueries'] :: ListQueries -> Maybe QueryStatus
-- | Use with EndTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
[$sel:startTime:ListQueries'] :: ListQueries -> Maybe POSIX
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- queries were run.
[$sel:eventDataStore:ListQueries'] :: ListQueries -> Text
-- | Create a value of ListQueries with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endTime:ListQueries', listQueries_endTime - Use
-- with StartTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
--
-- $sel:maxResults:ListQueries', listQueries_maxResults -
-- The maximum number of queries to show on a page.
--
-- ListQueries, listQueries_nextToken - A token you can use
-- to get the next page of results.
--
-- ListQueries, listQueries_queryStatus - The status of
-- queries that you want to return in results. Valid values for
-- QueryStatus include QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
--
-- $sel:startTime:ListQueries', listQueries_startTime - Use
-- with EndTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
--
-- $sel:eventDataStore:ListQueries',
-- listQueries_eventDataStore - The ARN (or the ID suffix of the
-- ARN) of an event data store on which queries were run.
newListQueries :: Text -> ListQueries
-- | Use with StartTime to bound a ListQueries request,
-- and limit its results to only those queries run within a specified
-- time period.
listQueries_endTime :: Lens' ListQueries (Maybe UTCTime)
-- | The maximum number of queries to show on a page.
listQueries_maxResults :: Lens' ListQueries (Maybe Natural)
-- | A token you can use to get the next page of results.
listQueries_nextToken :: Lens' ListQueries (Maybe Text)
-- | The status of queries that you want to return in results. Valid values
-- for QueryStatus include QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
listQueries_queryStatus :: Lens' ListQueries (Maybe QueryStatus)
-- | Use with EndTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
listQueries_startTime :: Lens' ListQueries (Maybe UTCTime)
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- queries were run.
listQueries_eventDataStore :: Lens' ListQueries Text
-- | See: newListQueriesResponse smart constructor.
data ListQueriesResponse
ListQueriesResponse' :: Maybe Text -> Maybe [Query] -> Int -> ListQueriesResponse
-- | A token you can use to get the next page of results.
[$sel:nextToken:ListQueriesResponse'] :: ListQueriesResponse -> Maybe Text
-- | Lists matching query results, and shows query ID, status, and creation
-- time of each query.
[$sel:queries:ListQueriesResponse'] :: ListQueriesResponse -> Maybe [Query]
-- | The response's http status code.
[$sel:httpStatus:ListQueriesResponse'] :: ListQueriesResponse -> Int
-- | Create a value of ListQueriesResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListQueries, listQueriesResponse_nextToken - A token you
-- can use to get the next page of results.
--
-- $sel:queries:ListQueriesResponse',
-- listQueriesResponse_queries - Lists matching query results, and
-- shows query ID, status, and creation time of each query.
--
-- $sel:httpStatus:ListQueriesResponse',
-- listQueriesResponse_httpStatus - The response's http status
-- code.
newListQueriesResponse :: Int -> ListQueriesResponse
-- | A token you can use to get the next page of results.
listQueriesResponse_nextToken :: Lens' ListQueriesResponse (Maybe Text)
-- | Lists matching query results, and shows query ID, status, and creation
-- time of each query.
listQueriesResponse_queries :: Lens' ListQueriesResponse (Maybe [Query])
-- | The response's http status code.
listQueriesResponse_httpStatus :: Lens' ListQueriesResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListQueries.ListQueries
instance GHC.Show.Show Amazonka.CloudTrail.ListQueries.ListQueries
instance GHC.Read.Read Amazonka.CloudTrail.ListQueries.ListQueries
instance GHC.Classes.Eq Amazonka.CloudTrail.ListQueries.ListQueries
instance GHC.Generics.Generic Amazonka.CloudTrail.ListQueries.ListQueriesResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListQueries.ListQueriesResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListQueries.ListQueriesResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListQueries.ListQueriesResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListQueries.ListQueries
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListQueries.ListQueriesResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListQueries.ListQueries
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListQueries.ListQueries
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListQueries.ListQueries
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListQueries.ListQueries
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListQueries.ListQueries
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListQueries.ListQueries
-- | Returns all public keys whose private keys were used to sign the
-- digest files within the specified time range. The public key is needed
-- to validate digest files that were signed with its corresponding
-- private key.
--
-- CloudTrail uses different private and public key pairs per region.
-- Each digest file is signed with a private key unique to its region.
-- When you validate a digest file from a specific region, you must look
-- in the same region for its corresponding public key.
--
-- This operation returns paginated results.
module Amazonka.CloudTrail.ListPublicKeys
-- | Requests the public keys for a specified time range.
--
-- See: newListPublicKeys smart constructor.
data ListPublicKeys
ListPublicKeys' :: Maybe POSIX -> Maybe Text -> Maybe POSIX -> ListPublicKeys
-- | Optionally specifies, in UTC, the end of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used.
[$sel:endTime:ListPublicKeys'] :: ListPublicKeys -> Maybe POSIX
-- | Reserved for future use.
[$sel:nextToken:ListPublicKeys'] :: ListPublicKeys -> Maybe Text
-- | Optionally specifies, in UTC, the start of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used, and the current public key is returned.
[$sel:startTime:ListPublicKeys'] :: ListPublicKeys -> Maybe POSIX
-- | Create a value of ListPublicKeys with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endTime:ListPublicKeys', listPublicKeys_endTime -
-- Optionally specifies, in UTC, the end of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used.
--
-- ListPublicKeys, listPublicKeys_nextToken - Reserved for
-- future use.
--
-- $sel:startTime:ListPublicKeys', listPublicKeys_startTime
-- - Optionally specifies, in UTC, the start of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used, and the current public key is returned.
newListPublicKeys :: ListPublicKeys
-- | Optionally specifies, in UTC, the end of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used.
listPublicKeys_endTime :: Lens' ListPublicKeys (Maybe UTCTime)
-- | Reserved for future use.
listPublicKeys_nextToken :: Lens' ListPublicKeys (Maybe Text)
-- | Optionally specifies, in UTC, the start of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used, and the current public key is returned.
listPublicKeys_startTime :: Lens' ListPublicKeys (Maybe UTCTime)
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newListPublicKeysResponse smart constructor.
data ListPublicKeysResponse
ListPublicKeysResponse' :: Maybe Text -> Maybe [PublicKey] -> Int -> ListPublicKeysResponse
-- | Reserved for future use.
[$sel:nextToken:ListPublicKeysResponse'] :: ListPublicKeysResponse -> Maybe Text
-- | Contains an array of PublicKey objects.
--
-- The returned public keys may have validity time ranges that overlap.
[$sel:publicKeyList:ListPublicKeysResponse'] :: ListPublicKeysResponse -> Maybe [PublicKey]
-- | The response's http status code.
[$sel:httpStatus:ListPublicKeysResponse'] :: ListPublicKeysResponse -> Int
-- | Create a value of ListPublicKeysResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListPublicKeys, listPublicKeysResponse_nextToken -
-- Reserved for future use.
--
-- $sel:publicKeyList:ListPublicKeysResponse',
-- listPublicKeysResponse_publicKeyList - Contains an array of
-- PublicKey objects.
--
-- The returned public keys may have validity time ranges that overlap.
--
-- $sel:httpStatus:ListPublicKeysResponse',
-- listPublicKeysResponse_httpStatus - The response's http status
-- code.
newListPublicKeysResponse :: Int -> ListPublicKeysResponse
-- | Reserved for future use.
listPublicKeysResponse_nextToken :: Lens' ListPublicKeysResponse (Maybe Text)
-- | Contains an array of PublicKey objects.
--
-- The returned public keys may have validity time ranges that overlap.
listPublicKeysResponse_publicKeyList :: Lens' ListPublicKeysResponse (Maybe [PublicKey])
-- | The response's http status code.
listPublicKeysResponse_httpStatus :: Lens' ListPublicKeysResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Show.Show Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Read.Read Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Classes.Eq Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance GHC.Generics.Generic Amazonka.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListPublicKeys.ListPublicKeysResponse
instance Amazonka.Pager.AWSPager Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListPublicKeys.ListPublicKeys
-- | Returns information on all imports, or a select set of imports by
-- ImportStatus or Destination.
--
-- This operation returns paginated results.
module Amazonka.CloudTrail.ListImports
-- | See: newListImports smart constructor.
data ListImports
ListImports' :: Maybe Text -> Maybe ImportStatus -> Maybe Natural -> Maybe Text -> ListImports
-- | The ARN of the destination event data store.
[$sel:destination:ListImports'] :: ListImports -> Maybe Text
-- | The status of the import.
[$sel:importStatus:ListImports'] :: ListImports -> Maybe ImportStatus
-- | The maximum number of imports to display on a single page.
[$sel:maxResults:ListImports'] :: ListImports -> Maybe Natural
-- | A token you can use to get the next page of import results.
[$sel:nextToken:ListImports'] :: ListImports -> Maybe Text
-- | Create a value of ListImports with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:destination:ListImports', listImports_destination -
-- The ARN of the destination event data store.
--
-- ListImports, listImports_importStatus - The status of
-- the import.
--
-- $sel:maxResults:ListImports', listImports_maxResults -
-- The maximum number of imports to display on a single page.
--
-- ListImports, listImports_nextToken - A token you can use
-- to get the next page of import results.
newListImports :: ListImports
-- | The ARN of the destination event data store.
listImports_destination :: Lens' ListImports (Maybe Text)
-- | The status of the import.
listImports_importStatus :: Lens' ListImports (Maybe ImportStatus)
-- | The maximum number of imports to display on a single page.
listImports_maxResults :: Lens' ListImports (Maybe Natural)
-- | A token you can use to get the next page of import results.
listImports_nextToken :: Lens' ListImports (Maybe Text)
-- | See: newListImportsResponse smart constructor.
data ListImportsResponse
ListImportsResponse' :: Maybe [ImportsListItem] -> Maybe Text -> Int -> ListImportsResponse
-- | The list of returned imports.
[$sel:imports:ListImportsResponse'] :: ListImportsResponse -> Maybe [ImportsListItem]
-- | A token you can use to get the next page of import results.
[$sel:nextToken:ListImportsResponse'] :: ListImportsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:ListImportsResponse'] :: ListImportsResponse -> Int
-- | Create a value of ListImportsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:imports:ListImportsResponse',
-- listImportsResponse_imports - The list of returned imports.
--
-- ListImports, listImportsResponse_nextToken - A token you
-- can use to get the next page of import results.
--
-- $sel:httpStatus:ListImportsResponse',
-- listImportsResponse_httpStatus - The response's http status
-- code.
newListImportsResponse :: Int -> ListImportsResponse
-- | The list of returned imports.
listImportsResponse_imports :: Lens' ListImportsResponse (Maybe [ImportsListItem])
-- | A token you can use to get the next page of import results.
listImportsResponse_nextToken :: Lens' ListImportsResponse (Maybe Text)
-- | The response's http status code.
listImportsResponse_httpStatus :: Lens' ListImportsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListImports.ListImports
instance GHC.Show.Show Amazonka.CloudTrail.ListImports.ListImports
instance GHC.Read.Read Amazonka.CloudTrail.ListImports.ListImports
instance GHC.Classes.Eq Amazonka.CloudTrail.ListImports.ListImports
instance GHC.Generics.Generic Amazonka.CloudTrail.ListImports.ListImportsResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListImports.ListImportsResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListImports.ListImportsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListImports.ListImportsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListImports.ListImports
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListImports.ListImportsResponse
instance Amazonka.Pager.AWSPager Amazonka.CloudTrail.ListImports.ListImports
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListImports.ListImports
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListImports.ListImports
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListImports.ListImports
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListImports.ListImports
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListImports.ListImports
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListImports.ListImports
-- | Returns a list of failures for the specified import.
--
-- This operation returns paginated results.
module Amazonka.CloudTrail.ListImportFailures
-- | See: newListImportFailures smart constructor.
data ListImportFailures
ListImportFailures' :: Maybe Natural -> Maybe Text -> Text -> ListImportFailures
-- | The maximum number of failures to display on a single page.
[$sel:maxResults:ListImportFailures'] :: ListImportFailures -> Maybe Natural
-- | A token you can use to get the next page of import failures.
[$sel:nextToken:ListImportFailures'] :: ListImportFailures -> Maybe Text
-- | The ID of the import.
[$sel:importId:ListImportFailures'] :: ListImportFailures -> Text
-- | Create a value of ListImportFailures with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:maxResults:ListImportFailures',
-- listImportFailures_maxResults - The maximum number of failures
-- to display on a single page.
--
-- ListImportFailures, listImportFailures_nextToken - A
-- token you can use to get the next page of import failures.
--
-- ListImportFailures, listImportFailures_importId - The ID
-- of the import.
newListImportFailures :: Text -> ListImportFailures
-- | The maximum number of failures to display on a single page.
listImportFailures_maxResults :: Lens' ListImportFailures (Maybe Natural)
-- | A token you can use to get the next page of import failures.
listImportFailures_nextToken :: Lens' ListImportFailures (Maybe Text)
-- | The ID of the import.
listImportFailures_importId :: Lens' ListImportFailures Text
-- | See: newListImportFailuresResponse smart constructor.
data ListImportFailuresResponse
ListImportFailuresResponse' :: Maybe [ImportFailureListItem] -> Maybe Text -> Int -> ListImportFailuresResponse
-- | Contains information about the import failures.
[$sel:failures:ListImportFailuresResponse'] :: ListImportFailuresResponse -> Maybe [ImportFailureListItem]
-- | A token you can use to get the next page of results.
[$sel:nextToken:ListImportFailuresResponse'] :: ListImportFailuresResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:ListImportFailuresResponse'] :: ListImportFailuresResponse -> Int
-- | Create a value of ListImportFailuresResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:failures:ListImportFailuresResponse',
-- listImportFailuresResponse_failures - Contains information
-- about the import failures.
--
-- ListImportFailures, listImportFailuresResponse_nextToken
-- - A token you can use to get the next page of results.
--
-- $sel:httpStatus:ListImportFailuresResponse',
-- listImportFailuresResponse_httpStatus - The response's http
-- status code.
newListImportFailuresResponse :: Int -> ListImportFailuresResponse
-- | Contains information about the import failures.
listImportFailuresResponse_failures :: Lens' ListImportFailuresResponse (Maybe [ImportFailureListItem])
-- | A token you can use to get the next page of results.
listImportFailuresResponse_nextToken :: Lens' ListImportFailuresResponse (Maybe Text)
-- | The response's http status code.
listImportFailuresResponse_httpStatus :: Lens' ListImportFailuresResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance GHC.Show.Show Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance GHC.Read.Read Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance GHC.Classes.Eq Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance GHC.Generics.Generic Amazonka.CloudTrail.ListImportFailures.ListImportFailuresResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListImportFailures.ListImportFailuresResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListImportFailures.ListImportFailuresResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListImportFailures.ListImportFailuresResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListImportFailures.ListImportFailuresResponse
instance Amazonka.Pager.AWSPager Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListImportFailures.ListImportFailures
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListImportFailures.ListImportFailures
-- | Returns information about all event data stores in the account, in the
-- current region.
module Amazonka.CloudTrail.ListEventDataStores
-- | See: newListEventDataStores smart constructor.
data ListEventDataStores
ListEventDataStores' :: Maybe Natural -> Maybe Text -> ListEventDataStores
-- | The maximum number of event data stores to display on a single page.
[$sel:maxResults:ListEventDataStores'] :: ListEventDataStores -> Maybe Natural
-- | A token you can use to get the next page of event data store results.
[$sel:nextToken:ListEventDataStores'] :: ListEventDataStores -> Maybe Text
-- | Create a value of ListEventDataStores with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:maxResults:ListEventDataStores',
-- listEventDataStores_maxResults - The maximum number of event
-- data stores to display on a single page.
--
-- ListEventDataStores, listEventDataStores_nextToken - A
-- token you can use to get the next page of event data store results.
newListEventDataStores :: ListEventDataStores
-- | The maximum number of event data stores to display on a single page.
listEventDataStores_maxResults :: Lens' ListEventDataStores (Maybe Natural)
-- | A token you can use to get the next page of event data store results.
listEventDataStores_nextToken :: Lens' ListEventDataStores (Maybe Text)
-- | See: newListEventDataStoresResponse smart constructor.
data ListEventDataStoresResponse
ListEventDataStoresResponse' :: Maybe [EventDataStore] -> Maybe Text -> Int -> ListEventDataStoresResponse
-- | Contains information about event data stores in the account, in the
-- current region.
[$sel:eventDataStores:ListEventDataStoresResponse'] :: ListEventDataStoresResponse -> Maybe [EventDataStore]
-- | A token you can use to get the next page of results.
[$sel:nextToken:ListEventDataStoresResponse'] :: ListEventDataStoresResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:ListEventDataStoresResponse'] :: ListEventDataStoresResponse -> Int
-- | Create a value of ListEventDataStoresResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStores:ListEventDataStoresResponse',
-- listEventDataStoresResponse_eventDataStores - Contains
-- information about event data stores in the account, in the current
-- region.
--
-- ListEventDataStores,
-- listEventDataStoresResponse_nextToken - A token you can use to
-- get the next page of results.
--
-- $sel:httpStatus:ListEventDataStoresResponse',
-- listEventDataStoresResponse_httpStatus - The response's http
-- status code.
newListEventDataStoresResponse :: Int -> ListEventDataStoresResponse
-- | Contains information about event data stores in the account, in the
-- current region.
listEventDataStoresResponse_eventDataStores :: Lens' ListEventDataStoresResponse (Maybe [EventDataStore])
-- | A token you can use to get the next page of results.
listEventDataStoresResponse_nextToken :: Lens' ListEventDataStoresResponse (Maybe Text)
-- | The response's http status code.
listEventDataStoresResponse_httpStatus :: Lens' ListEventDataStoresResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance GHC.Show.Show Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance GHC.Read.Read Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance GHC.Classes.Eq Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance GHC.Generics.Generic Amazonka.CloudTrail.ListEventDataStores.ListEventDataStoresResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListEventDataStores.ListEventDataStoresResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListEventDataStores.ListEventDataStoresResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListEventDataStores.ListEventDataStoresResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListEventDataStores.ListEventDataStoresResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListEventDataStores.ListEventDataStores
-- | Lists the channels in the current account, and their source names.
-- Amazon Web Services services create service-linked channels get
-- information about CloudTrail events on your behalf. For more
-- information about service-linked channels, see Viewing
-- service-linked channels for CloudTrail by using the CLI.
module Amazonka.CloudTrail.ListChannels
-- | See: newListChannels smart constructor.
data ListChannels
ListChannels' :: Maybe Natural -> Maybe Text -> ListChannels
-- | The maximum number of CloudTrail channels to display on a single page.
[$sel:maxResults:ListChannels'] :: ListChannels -> Maybe Natural
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
[$sel:nextToken:ListChannels'] :: ListChannels -> Maybe Text
-- | Create a value of ListChannels with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:maxResults:ListChannels', listChannels_maxResults -
-- The maximum number of CloudTrail channels to display on a single page.
--
-- ListChannels, listChannels_nextToken - The token to use
-- to get the next page of results after a previous API call. This token
-- must be passed in with the same parameters that were specified in the
-- original call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
newListChannels :: ListChannels
-- | The maximum number of CloudTrail channels to display on a single page.
listChannels_maxResults :: Lens' ListChannels (Maybe Natural)
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
listChannels_nextToken :: Lens' ListChannels (Maybe Text)
-- | See: newListChannelsResponse smart constructor.
data ListChannelsResponse
ListChannelsResponse' :: Maybe [Channel] -> Maybe Text -> Int -> ListChannelsResponse
-- | The list of channels in the account.
[$sel:channels:ListChannelsResponse'] :: ListChannelsResponse -> Maybe [Channel]
-- | The token to use to get the next page of results after a previous API
-- call.
[$sel:nextToken:ListChannelsResponse'] :: ListChannelsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:ListChannelsResponse'] :: ListChannelsResponse -> Int
-- | Create a value of ListChannelsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channels:ListChannelsResponse',
-- listChannelsResponse_channels - The list of channels in the
-- account.
--
-- ListChannels, listChannelsResponse_nextToken - The token
-- to use to get the next page of results after a previous API call.
--
-- $sel:httpStatus:ListChannelsResponse',
-- listChannelsResponse_httpStatus - The response's http status
-- code.
newListChannelsResponse :: Int -> ListChannelsResponse
-- | The list of channels in the account.
listChannelsResponse_channels :: Lens' ListChannelsResponse (Maybe [Channel])
-- | The token to use to get the next page of results after a previous API
-- call.
listChannelsResponse_nextToken :: Lens' ListChannelsResponse (Maybe Text)
-- | The response's http status code.
listChannelsResponse_httpStatus :: Lens' ListChannelsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.ListChannels.ListChannels
instance GHC.Show.Show Amazonka.CloudTrail.ListChannels.ListChannels
instance GHC.Read.Read Amazonka.CloudTrail.ListChannels.ListChannels
instance GHC.Classes.Eq Amazonka.CloudTrail.ListChannels.ListChannels
instance GHC.Generics.Generic Amazonka.CloudTrail.ListChannels.ListChannelsResponse
instance GHC.Show.Show Amazonka.CloudTrail.ListChannels.ListChannelsResponse
instance GHC.Read.Read Amazonka.CloudTrail.ListChannels.ListChannelsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.ListChannels.ListChannelsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.ListChannels.ListChannels
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListChannels.ListChannelsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.ListChannels.ListChannels
instance Control.DeepSeq.NFData Amazonka.CloudTrail.ListChannels.ListChannels
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.ListChannels.ListChannels
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.ListChannels.ListChannels
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.ListChannels.ListChannels
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.ListChannels.ListChannels
-- | Returns a JSON-formatted list of information about the specified
-- trail. Fields include information on delivery errors, Amazon SNS and
-- Amazon S3 errors, and start and stop logging times for each trail.
-- This operation returns trail status from a single region. To return
-- trail status from all regions, you must call the operation on each
-- region.
module Amazonka.CloudTrail.GetTrailStatus
-- | The name of a trail about which you want the current status.
--
-- See: newGetTrailStatus smart constructor.
data GetTrailStatus
GetTrailStatus' :: Text -> GetTrailStatus
-- | Specifies the name or the CloudTrail ARN of the trail for which you
-- are requesting status. To get the status of a shadow trail (a
-- replication of the trail in another region), you must specify its ARN.
-- The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:name:GetTrailStatus'] :: GetTrailStatus -> Text
-- | Create a value of GetTrailStatus with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetTrailStatus, getTrailStatus_name - Specifies the name
-- or the CloudTrail ARN of the trail for which you are requesting
-- status. To get the status of a shadow trail (a replication of the
-- trail in another region), you must specify its ARN. The following is
-- the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newGetTrailStatus :: Text -> GetTrailStatus
-- | Specifies the name or the CloudTrail ARN of the trail for which you
-- are requesting status. To get the status of a shadow trail (a
-- replication of the trail in another region), you must specify its ARN.
-- The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
getTrailStatus_name :: Lens' GetTrailStatus Text
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newGetTrailStatusResponse smart constructor.
data GetTrailStatusResponse
GetTrailStatusResponse' :: Maybe Bool -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Int -> GetTrailStatusResponse
-- | Whether the CloudTrail trail is currently logging Amazon Web Services
-- API calls.
[$sel:isLogging:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Bool
-- | Displays any CloudWatch Logs error that CloudTrail encountered when
-- attempting to deliver logs to CloudWatch Logs.
[$sel:latestCloudWatchLogsDeliveryError:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | Displays the most recent date and time when CloudTrail delivered logs
-- to CloudWatch Logs.
[$sel:latestCloudWatchLogsDeliveryTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe POSIX
-- | This field is no longer in use.
[$sel:latestDeliveryAttemptSucceeded:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | This field is no longer in use.
[$sel:latestDeliveryAttemptTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | Displays any Amazon S3 error that CloudTrail encountered when
-- attempting to deliver log files to the designated bucket. For more
-- information, see Error Responses in the Amazon S3 API
-- Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
[$sel:latestDeliveryError:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | Specifies the date and time that CloudTrail last delivered log files
-- to an account's Amazon S3 bucket.
[$sel:latestDeliveryTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe POSIX
-- | Displays any Amazon S3 error that CloudTrail encountered when
-- attempting to deliver a digest file to the designated bucket. For more
-- information, see Error Responses in the Amazon S3 API
-- Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
[$sel:latestDigestDeliveryError:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | Specifies the date and time that CloudTrail last delivered a digest
-- file to an account's Amazon S3 bucket.
[$sel:latestDigestDeliveryTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe POSIX
-- | This field is no longer in use.
[$sel:latestNotificationAttemptSucceeded:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | This field is no longer in use.
[$sel:latestNotificationAttemptTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | Displays any Amazon SNS error that CloudTrail encountered when
-- attempting to send a notification. For more information about Amazon
-- SNS errors, see the Amazon SNS Developer Guide.
[$sel:latestNotificationError:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | Specifies the date and time of the most recent Amazon SNS notification
-- that CloudTrail has written a new log file to an account's Amazon S3
-- bucket.
[$sel:latestNotificationTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe POSIX
-- | Specifies the most recent date and time when CloudTrail started
-- recording API calls for an Amazon Web Services account.
[$sel:startLoggingTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe POSIX
-- | Specifies the most recent date and time when CloudTrail stopped
-- recording API calls for an Amazon Web Services account.
[$sel:stopLoggingTime:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe POSIX
-- | This field is no longer in use.
[$sel:timeLoggingStarted:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | This field is no longer in use.
[$sel:timeLoggingStopped:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:GetTrailStatusResponse'] :: GetTrailStatusResponse -> Int
-- | Create a value of GetTrailStatusResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:isLogging:GetTrailStatusResponse',
-- getTrailStatusResponse_isLogging - Whether the CloudTrail trail
-- is currently logging Amazon Web Services API calls.
--
-- $sel:latestCloudWatchLogsDeliveryError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestCloudWatchLogsDeliveryError -
-- Displays any CloudWatch Logs error that CloudTrail encountered when
-- attempting to deliver logs to CloudWatch Logs.
--
-- $sel:latestCloudWatchLogsDeliveryTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestCloudWatchLogsDeliveryTime -
-- Displays the most recent date and time when CloudTrail delivered logs
-- to CloudWatch Logs.
--
-- $sel:latestDeliveryAttemptSucceeded:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryAttemptSucceeded - This
-- field is no longer in use.
--
-- $sel:latestDeliveryAttemptTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryAttemptTime - This field
-- is no longer in use.
--
-- $sel:latestDeliveryError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryError - Displays any
-- Amazon S3 error that CloudTrail encountered when attempting to deliver
-- log files to the designated bucket. For more information, see Error
-- Responses in the Amazon S3 API Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
--
-- $sel:latestDeliveryTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryTime - Specifies the date
-- and time that CloudTrail last delivered log files to an account's
-- Amazon S3 bucket.
--
-- $sel:latestDigestDeliveryError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDigestDeliveryError - Displays any
-- Amazon S3 error that CloudTrail encountered when attempting to deliver
-- a digest file to the designated bucket. For more information, see
-- Error Responses in the Amazon S3 API Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
--
-- $sel:latestDigestDeliveryTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDigestDeliveryTime - Specifies the
-- date and time that CloudTrail last delivered a digest file to an
-- account's Amazon S3 bucket.
--
--
-- $sel:latestNotificationAttemptSucceeded:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationAttemptSucceeded -
-- This field is no longer in use.
--
-- $sel:latestNotificationAttemptTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationAttemptTime - This
-- field is no longer in use.
--
-- $sel:latestNotificationError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationError - Displays any
-- Amazon SNS error that CloudTrail encountered when attempting to send a
-- notification. For more information about Amazon SNS errors, see the
-- Amazon SNS Developer Guide.
--
-- $sel:latestNotificationTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationTime - Specifies the
-- date and time of the most recent Amazon SNS notification that
-- CloudTrail has written a new log file to an account's Amazon S3
-- bucket.
--
-- $sel:startLoggingTime:GetTrailStatusResponse',
-- getTrailStatusResponse_startLoggingTime - Specifies the most
-- recent date and time when CloudTrail started recording API calls for
-- an Amazon Web Services account.
--
-- $sel:stopLoggingTime:GetTrailStatusResponse',
-- getTrailStatusResponse_stopLoggingTime - Specifies the most
-- recent date and time when CloudTrail stopped recording API calls for
-- an Amazon Web Services account.
--
-- $sel:timeLoggingStarted:GetTrailStatusResponse',
-- getTrailStatusResponse_timeLoggingStarted - This field is no
-- longer in use.
--
-- $sel:timeLoggingStopped:GetTrailStatusResponse',
-- getTrailStatusResponse_timeLoggingStopped - This field is no
-- longer in use.
--
-- $sel:httpStatus:GetTrailStatusResponse',
-- getTrailStatusResponse_httpStatus - The response's http status
-- code.
newGetTrailStatusResponse :: Int -> GetTrailStatusResponse
-- | Whether the CloudTrail trail is currently logging Amazon Web Services
-- API calls.
getTrailStatusResponse_isLogging :: Lens' GetTrailStatusResponse (Maybe Bool)
-- | Displays any CloudWatch Logs error that CloudTrail encountered when
-- attempting to deliver logs to CloudWatch Logs.
getTrailStatusResponse_latestCloudWatchLogsDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Displays the most recent date and time when CloudTrail delivered logs
-- to CloudWatch Logs.
getTrailStatusResponse_latestCloudWatchLogsDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | This field is no longer in use.
getTrailStatusResponse_latestDeliveryAttemptSucceeded :: Lens' GetTrailStatusResponse (Maybe Text)
-- | This field is no longer in use.
getTrailStatusResponse_latestDeliveryAttemptTime :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Displays any Amazon S3 error that CloudTrail encountered when
-- attempting to deliver log files to the designated bucket. For more
-- information, see Error Responses in the Amazon S3 API
-- Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
getTrailStatusResponse_latestDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Specifies the date and time that CloudTrail last delivered log files
-- to an account's Amazon S3 bucket.
getTrailStatusResponse_latestDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | Displays any Amazon S3 error that CloudTrail encountered when
-- attempting to deliver a digest file to the designated bucket. For more
-- information, see Error Responses in the Amazon S3 API
-- Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
getTrailStatusResponse_latestDigestDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Specifies the date and time that CloudTrail last delivered a digest
-- file to an account's Amazon S3 bucket.
getTrailStatusResponse_latestDigestDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | This field is no longer in use.
getTrailStatusResponse_latestNotificationAttemptSucceeded :: Lens' GetTrailStatusResponse (Maybe Text)
-- | This field is no longer in use.
getTrailStatusResponse_latestNotificationAttemptTime :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Displays any Amazon SNS error that CloudTrail encountered when
-- attempting to send a notification. For more information about Amazon
-- SNS errors, see the Amazon SNS Developer Guide.
getTrailStatusResponse_latestNotificationError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Specifies the date and time of the most recent Amazon SNS notification
-- that CloudTrail has written a new log file to an account's Amazon S3
-- bucket.
getTrailStatusResponse_latestNotificationTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | Specifies the most recent date and time when CloudTrail started
-- recording API calls for an Amazon Web Services account.
getTrailStatusResponse_startLoggingTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | Specifies the most recent date and time when CloudTrail stopped
-- recording API calls for an Amazon Web Services account.
getTrailStatusResponse_stopLoggingTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | This field is no longer in use.
getTrailStatusResponse_timeLoggingStarted :: Lens' GetTrailStatusResponse (Maybe Text)
-- | This field is no longer in use.
getTrailStatusResponse_timeLoggingStopped :: Lens' GetTrailStatusResponse (Maybe Text)
-- | The response's http status code.
getTrailStatusResponse_httpStatus :: Lens' GetTrailStatusResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Show.Show Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Read.Read Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Classes.Eq Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetTrailStatus.GetTrailStatusResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetTrailStatus.GetTrailStatus
-- | Returns settings information for a specified trail.
module Amazonka.CloudTrail.GetTrail
-- | See: newGetTrail smart constructor.
data GetTrail
GetTrail' :: Text -> GetTrail
-- | The name or the Amazon Resource Name (ARN) of the trail for which you
-- want to retrieve settings information.
[$sel:name:GetTrail'] :: GetTrail -> Text
-- | Create a value of GetTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetTrail, getTrail_name - The name or the Amazon
-- Resource Name (ARN) of the trail for which you want to retrieve
-- settings information.
newGetTrail :: Text -> GetTrail
-- | The name or the Amazon Resource Name (ARN) of the trail for which you
-- want to retrieve settings information.
getTrail_name :: Lens' GetTrail Text
-- | See: newGetTrailResponse smart constructor.
data GetTrailResponse
GetTrailResponse' :: Maybe Trail -> Int -> GetTrailResponse
[$sel:trail:GetTrailResponse'] :: GetTrailResponse -> Maybe Trail
-- | The response's http status code.
[$sel:httpStatus:GetTrailResponse'] :: GetTrailResponse -> Int
-- | Create a value of GetTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trail:GetTrailResponse', getTrailResponse_trail -
-- Undocumented member.
--
-- $sel:httpStatus:GetTrailResponse',
-- getTrailResponse_httpStatus - The response's http status code.
newGetTrailResponse :: Int -> GetTrailResponse
-- | Undocumented member.
getTrailResponse_trail :: Lens' GetTrailResponse (Maybe Trail)
-- | The response's http status code.
getTrailResponse_httpStatus :: Lens' GetTrailResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetTrail.GetTrail
instance GHC.Show.Show Amazonka.CloudTrail.GetTrail.GetTrail
instance GHC.Read.Read Amazonka.CloudTrail.GetTrail.GetTrail
instance GHC.Classes.Eq Amazonka.CloudTrail.GetTrail.GetTrail
instance GHC.Generics.Generic Amazonka.CloudTrail.GetTrail.GetTrailResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetTrail.GetTrailResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetTrail.GetTrailResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetTrail.GetTrailResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetTrail.GetTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetTrail.GetTrailResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetTrail.GetTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetTrail.GetTrail
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetTrail.GetTrail
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetTrail.GetTrail
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetTrail.GetTrail
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetTrail.GetTrail
-- | Gets event data results of a query. You must specify the
-- QueryID value returned by the StartQuery operation,
-- and an ARN for EventDataStore.
module Amazonka.CloudTrail.GetQueryResults
-- | See: newGetQueryResults smart constructor.
data GetQueryResults
GetQueryResults' :: Maybe Text -> Maybe Natural -> Maybe Text -> Text -> GetQueryResults
-- | The ARN (or ID suffix of the ARN) of the event data store against
-- which the query was run.
[$sel:eventDataStore:GetQueryResults'] :: GetQueryResults -> Maybe Text
-- | The maximum number of query results to display on a single page.
[$sel:maxQueryResults:GetQueryResults'] :: GetQueryResults -> Maybe Natural
-- | A token you can use to get the next page of query results.
[$sel:nextToken:GetQueryResults'] :: GetQueryResults -> Maybe Text
-- | The ID of the query for which you want to get results.
[$sel:queryId:GetQueryResults'] :: GetQueryResults -> Text
-- | Create a value of GetQueryResults with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:GetQueryResults',
-- getQueryResults_eventDataStore - The ARN (or ID suffix of the
-- ARN) of the event data store against which the query was run.
--
-- $sel:maxQueryResults:GetQueryResults',
-- getQueryResults_maxQueryResults - The maximum number of query
-- results to display on a single page.
--
-- GetQueryResults, getQueryResults_nextToken - A token you
-- can use to get the next page of query results.
--
-- GetQueryResults, getQueryResults_queryId - The ID of the
-- query for which you want to get results.
newGetQueryResults :: Text -> GetQueryResults
-- | The ARN (or ID suffix of the ARN) of the event data store against
-- which the query was run.
getQueryResults_eventDataStore :: Lens' GetQueryResults (Maybe Text)
-- | The maximum number of query results to display on a single page.
getQueryResults_maxQueryResults :: Lens' GetQueryResults (Maybe Natural)
-- | A token you can use to get the next page of query results.
getQueryResults_nextToken :: Lens' GetQueryResults (Maybe Text)
-- | The ID of the query for which you want to get results.
getQueryResults_queryId :: Lens' GetQueryResults Text
-- | See: newGetQueryResultsResponse smart constructor.
data GetQueryResultsResponse
GetQueryResultsResponse' :: Maybe Text -> Maybe Text -> Maybe [[HashMap Text Text]] -> Maybe QueryStatistics -> Maybe QueryStatus -> Int -> GetQueryResultsResponse
-- | The error message returned if a query failed.
[$sel:errorMessage:GetQueryResultsResponse'] :: GetQueryResultsResponse -> Maybe Text
-- | A token you can use to get the next page of query results.
[$sel:nextToken:GetQueryResultsResponse'] :: GetQueryResultsResponse -> Maybe Text
-- | Contains the individual event results of the query.
[$sel:queryResultRows:GetQueryResultsResponse'] :: GetQueryResultsResponse -> Maybe [[HashMap Text Text]]
-- | Shows the count of query results.
[$sel:queryStatistics:GetQueryResultsResponse'] :: GetQueryResultsResponse -> Maybe QueryStatistics
-- | The status of the query. Values include QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
[$sel:queryStatus:GetQueryResultsResponse'] :: GetQueryResultsResponse -> Maybe QueryStatus
-- | The response's http status code.
[$sel:httpStatus:GetQueryResultsResponse'] :: GetQueryResultsResponse -> Int
-- | Create a value of GetQueryResultsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetQueryResultsResponse,
-- getQueryResultsResponse_errorMessage - The error message
-- returned if a query failed.
--
-- GetQueryResults, getQueryResultsResponse_nextToken - A
-- token you can use to get the next page of query results.
--
-- $sel:queryResultRows:GetQueryResultsResponse',
-- getQueryResultsResponse_queryResultRows - Contains the
-- individual event results of the query.
--
-- $sel:queryStatistics:GetQueryResultsResponse',
-- getQueryResultsResponse_queryStatistics - Shows the count of
-- query results.
--
-- GetQueryResultsResponse,
-- getQueryResultsResponse_queryStatus - The status of the query.
-- Values include QUEUED, RUNNING, FINISHED,
-- FAILED, TIMED_OUT, or CANCELLED.
--
-- $sel:httpStatus:GetQueryResultsResponse',
-- getQueryResultsResponse_httpStatus - The response's http status
-- code.
newGetQueryResultsResponse :: Int -> GetQueryResultsResponse
-- | The error message returned if a query failed.
getQueryResultsResponse_errorMessage :: Lens' GetQueryResultsResponse (Maybe Text)
-- | A token you can use to get the next page of query results.
getQueryResultsResponse_nextToken :: Lens' GetQueryResultsResponse (Maybe Text)
-- | Contains the individual event results of the query.
getQueryResultsResponse_queryResultRows :: Lens' GetQueryResultsResponse (Maybe [[HashMap Text Text]])
-- | Shows the count of query results.
getQueryResultsResponse_queryStatistics :: Lens' GetQueryResultsResponse (Maybe QueryStatistics)
-- | The status of the query. Values include QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
getQueryResultsResponse_queryStatus :: Lens' GetQueryResultsResponse (Maybe QueryStatus)
-- | The response's http status code.
getQueryResultsResponse_httpStatus :: Lens' GetQueryResultsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance GHC.Show.Show Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance GHC.Read.Read Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance GHC.Classes.Eq Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance GHC.Generics.Generic Amazonka.CloudTrail.GetQueryResults.GetQueryResultsResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetQueryResults.GetQueryResultsResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetQueryResults.GetQueryResultsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetQueryResults.GetQueryResultsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetQueryResults.GetQueryResultsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetQueryResults.GetQueryResults
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetQueryResults.GetQueryResults
-- | Describes the settings for the Insights event selectors that you
-- configured for your trail. GetInsightSelectors shows if
-- CloudTrail Insights event logging is enabled on the trail, and if it
-- is, which insight types are enabled. If you run
-- GetInsightSelectors on a trail that does not have Insights
-- events enabled, the operation throws the exception
-- InsightNotEnabledException
--
-- For more information, see Logging CloudTrail Insights Events for
-- Trails in the CloudTrail User Guide.
module Amazonka.CloudTrail.GetInsightSelectors
-- | See: newGetInsightSelectors smart constructor.
data GetInsightSelectors
GetInsightSelectors' :: Text -> GetInsightSelectors
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailName:GetInsightSelectors'] :: GetInsightSelectors -> Text
-- | Create a value of GetInsightSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailName:GetInsightSelectors',
-- getInsightSelectors_trailName - Specifies the name of the trail
-- or trail ARN. If you specify a trail name, the string must meet the
-- following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newGetInsightSelectors :: Text -> GetInsightSelectors
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
getInsightSelectors_trailName :: Lens' GetInsightSelectors Text
-- | See: newGetInsightSelectorsResponse smart constructor.
data GetInsightSelectorsResponse
GetInsightSelectorsResponse' :: Maybe [InsightSelector] -> Maybe Text -> Int -> GetInsightSelectorsResponse
-- | A JSON string that contains the insight types you want to log on a
-- trail. In this release, ApiErrorRateInsight and
-- ApiCallRateInsight are supported as insight types.
[$sel:insightSelectors:GetInsightSelectorsResponse'] :: GetInsightSelectorsResponse -> Maybe [InsightSelector]
-- | The Amazon Resource Name (ARN) of a trail for which you want to get
-- Insights selectors.
[$sel:trailARN:GetInsightSelectorsResponse'] :: GetInsightSelectorsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:GetInsightSelectorsResponse'] :: GetInsightSelectorsResponse -> Int
-- | Create a value of GetInsightSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:insightSelectors:GetInsightSelectorsResponse',
-- getInsightSelectorsResponse_insightSelectors - A JSON string
-- that contains the insight types you want to log on a trail. In this
-- release, ApiErrorRateInsight and ApiCallRateInsight
-- are supported as insight types.
--
-- GetInsightSelectorsResponse,
-- getInsightSelectorsResponse_trailARN - The Amazon Resource Name
-- (ARN) of a trail for which you want to get Insights selectors.
--
-- $sel:httpStatus:GetInsightSelectorsResponse',
-- getInsightSelectorsResponse_httpStatus - The response's http
-- status code.
newGetInsightSelectorsResponse :: Int -> GetInsightSelectorsResponse
-- | A JSON string that contains the insight types you want to log on a
-- trail. In this release, ApiErrorRateInsight and
-- ApiCallRateInsight are supported as insight types.
getInsightSelectorsResponse_insightSelectors :: Lens' GetInsightSelectorsResponse (Maybe [InsightSelector])
-- | The Amazon Resource Name (ARN) of a trail for which you want to get
-- Insights selectors.
getInsightSelectorsResponse_trailARN :: Lens' GetInsightSelectorsResponse (Maybe Text)
-- | The response's http status code.
getInsightSelectorsResponse_httpStatus :: Lens' GetInsightSelectorsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance GHC.Show.Show Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance GHC.Read.Read Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance GHC.Classes.Eq Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance GHC.Generics.Generic Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectorsResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectorsResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectorsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectorsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectorsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetInsightSelectors.GetInsightSelectors
-- | Returns information about a specific import.
module Amazonka.CloudTrail.GetImport
-- | See: newGetImport smart constructor.
data GetImport
GetImport' :: Text -> GetImport
-- | The ID for the import.
[$sel:importId:GetImport'] :: GetImport -> Text
-- | Create a value of GetImport with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetImport, getImport_importId - The ID for the import.
newGetImport :: Text -> GetImport
-- | The ID for the import.
getImport_importId :: Lens' GetImport Text
-- | See: newGetImportResponse smart constructor.
data GetImportResponse
GetImportResponse' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe ImportStatistics -> Maybe ImportStatus -> Maybe POSIX -> Maybe POSIX -> Int -> GetImportResponse
-- | The timestamp of the import's creation.
[$sel:createdTimestamp:GetImportResponse'] :: GetImportResponse -> Maybe POSIX
-- | The ARN of the destination event data store.
[$sel:destinations:GetImportResponse'] :: GetImportResponse -> Maybe (NonEmpty Text)
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
[$sel:endEventTime:GetImportResponse'] :: GetImportResponse -> Maybe POSIX
-- | The ID of the import.
[$sel:importId:GetImportResponse'] :: GetImportResponse -> Maybe Text
-- | The source S3 bucket.
[$sel:importSource:GetImportResponse'] :: GetImportResponse -> Maybe ImportSource
-- | Provides statistics for the import. CloudTrail does not update import
-- statistics in real-time. Returned values for parameters such as
-- EventsCompleted may be lower than the actual value, because
-- CloudTrail updates statistics incrementally over the course of the
-- import.
[$sel:importStatistics:GetImportResponse'] :: GetImportResponse -> Maybe ImportStatistics
-- | The status of the import.
[$sel:importStatus:GetImportResponse'] :: GetImportResponse -> Maybe ImportStatus
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
[$sel:startEventTime:GetImportResponse'] :: GetImportResponse -> Maybe POSIX
-- | The timestamp of when the import was updated.
[$sel:updatedTimestamp:GetImportResponse'] :: GetImportResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:GetImportResponse'] :: GetImportResponse -> Int
-- | Create a value of GetImportResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetImportResponse, getImportResponse_createdTimestamp -
-- The timestamp of the import's creation.
--
-- GetImportResponse, getImportResponse_destinations - The
-- ARN of the destination event data store.
--
-- $sel:endEventTime:GetImportResponse',
-- getImportResponse_endEventTime - Used with
-- StartEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- GetImport, getImportResponse_importId - The ID of the
-- import.
--
-- $sel:importSource:GetImportResponse',
-- getImportResponse_importSource - The source S3 bucket.
--
-- $sel:importStatistics:GetImportResponse',
-- getImportResponse_importStatistics - Provides statistics for
-- the import. CloudTrail does not update import statistics in real-time.
-- Returned values for parameters such as EventsCompleted may be
-- lower than the actual value, because CloudTrail updates statistics
-- incrementally over the course of the import.
--
-- GetImportResponse, getImportResponse_importStatus - The
-- status of the import.
--
-- $sel:startEventTime:GetImportResponse',
-- getImportResponse_startEventTime - Used with
-- EndEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- GetImportResponse, getImportResponse_updatedTimestamp -
-- The timestamp of when the import was updated.
--
-- $sel:httpStatus:GetImportResponse',
-- getImportResponse_httpStatus - The response's http status code.
newGetImportResponse :: Int -> GetImportResponse
-- | The timestamp of the import's creation.
getImportResponse_createdTimestamp :: Lens' GetImportResponse (Maybe UTCTime)
-- | The ARN of the destination event data store.
getImportResponse_destinations :: Lens' GetImportResponse (Maybe (NonEmpty Text))
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
getImportResponse_endEventTime :: Lens' GetImportResponse (Maybe UTCTime)
-- | The ID of the import.
getImportResponse_importId :: Lens' GetImportResponse (Maybe Text)
-- | The source S3 bucket.
getImportResponse_importSource :: Lens' GetImportResponse (Maybe ImportSource)
-- | Provides statistics for the import. CloudTrail does not update import
-- statistics in real-time. Returned values for parameters such as
-- EventsCompleted may be lower than the actual value, because
-- CloudTrail updates statistics incrementally over the course of the
-- import.
getImportResponse_importStatistics :: Lens' GetImportResponse (Maybe ImportStatistics)
-- | The status of the import.
getImportResponse_importStatus :: Lens' GetImportResponse (Maybe ImportStatus)
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
getImportResponse_startEventTime :: Lens' GetImportResponse (Maybe UTCTime)
-- | The timestamp of when the import was updated.
getImportResponse_updatedTimestamp :: Lens' GetImportResponse (Maybe UTCTime)
-- | The response's http status code.
getImportResponse_httpStatus :: Lens' GetImportResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetImport.GetImport
instance GHC.Show.Show Amazonka.CloudTrail.GetImport.GetImport
instance GHC.Read.Read Amazonka.CloudTrail.GetImport.GetImport
instance GHC.Classes.Eq Amazonka.CloudTrail.GetImport.GetImport
instance GHC.Generics.Generic Amazonka.CloudTrail.GetImport.GetImportResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetImport.GetImportResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetImport.GetImportResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetImport.GetImportResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetImport.GetImport
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetImport.GetImportResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetImport.GetImport
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetImport.GetImport
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetImport.GetImport
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetImport.GetImport
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetImport.GetImport
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetImport.GetImport
-- | Describes the settings for the event selectors that you configured for
-- your trail. The information returned for your event selectors includes
-- the following:
--
--
-- - If your event selector includes read-only events, write-only
-- events, or all events. This applies to both management events and data
-- events.
-- - If your event selector includes management events.
-- - If your event selector includes data events, the resources on
-- which you are logging data events.
--
--
-- For more information about logging management and data events, see the
-- following topics in the CloudTrail User Guide:
--
--
module Amazonka.CloudTrail.GetEventSelectors
-- | See: newGetEventSelectors smart constructor.
data GetEventSelectors
GetEventSelectors' :: Text -> GetEventSelectors
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailName:GetEventSelectors'] :: GetEventSelectors -> Text
-- | Create a value of GetEventSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailName:GetEventSelectors',
-- getEventSelectors_trailName - Specifies the name of the trail
-- or trail ARN. If you specify a trail name, the string must meet the
-- following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newGetEventSelectors :: Text -> GetEventSelectors
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
getEventSelectors_trailName :: Lens' GetEventSelectors Text
-- | See: newGetEventSelectorsResponse smart constructor.
data GetEventSelectorsResponse
GetEventSelectorsResponse' :: Maybe [AdvancedEventSelector] -> Maybe [EventSelector] -> Maybe Text -> Int -> GetEventSelectorsResponse
-- | The advanced event selectors that are configured for the trail.
[$sel:advancedEventSelectors:GetEventSelectorsResponse'] :: GetEventSelectorsResponse -> Maybe [AdvancedEventSelector]
-- | The event selectors that are configured for the trail.
[$sel:eventSelectors:GetEventSelectorsResponse'] :: GetEventSelectorsResponse -> Maybe [EventSelector]
-- | The specified trail ARN that has the event selectors.
[$sel:trailARN:GetEventSelectorsResponse'] :: GetEventSelectorsResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:GetEventSelectorsResponse'] :: GetEventSelectorsResponse -> Int
-- | Create a value of GetEventSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetEventSelectorsResponse,
-- getEventSelectorsResponse_advancedEventSelectors - The advanced
-- event selectors that are configured for the trail.
--
-- $sel:eventSelectors:GetEventSelectorsResponse',
-- getEventSelectorsResponse_eventSelectors - The event selectors
-- that are configured for the trail.
--
-- GetEventSelectorsResponse,
-- getEventSelectorsResponse_trailARN - The specified trail ARN
-- that has the event selectors.
--
-- $sel:httpStatus:GetEventSelectorsResponse',
-- getEventSelectorsResponse_httpStatus - The response's http
-- status code.
newGetEventSelectorsResponse :: Int -> GetEventSelectorsResponse
-- | The advanced event selectors that are configured for the trail.
getEventSelectorsResponse_advancedEventSelectors :: Lens' GetEventSelectorsResponse (Maybe [AdvancedEventSelector])
-- | The event selectors that are configured for the trail.
getEventSelectorsResponse_eventSelectors :: Lens' GetEventSelectorsResponse (Maybe [EventSelector])
-- | The specified trail ARN that has the event selectors.
getEventSelectorsResponse_trailARN :: Lens' GetEventSelectorsResponse (Maybe Text)
-- | The response's http status code.
getEventSelectorsResponse_httpStatus :: Lens' GetEventSelectorsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Show.Show Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Read.Read Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Classes.Eq Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance GHC.Generics.Generic Amazonka.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetEventSelectors.GetEventSelectorsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetEventSelectors.GetEventSelectors
-- | Returns information about an event data store specified as either an
-- ARN or the ID portion of the ARN.
module Amazonka.CloudTrail.GetEventDataStore
-- | See: newGetEventDataStore smart constructor.
data GetEventDataStore
GetEventDataStore' :: Text -> GetEventDataStore
-- | The ARN (or ID suffix of the ARN) of the event data store about which
-- you want information.
[$sel:eventDataStore:GetEventDataStore'] :: GetEventDataStore -> Text
-- | Create a value of GetEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:GetEventDataStore',
-- getEventDataStore_eventDataStore - The ARN (or ID suffix of the
-- ARN) of the event data store about which you want information.
newGetEventDataStore :: Text -> GetEventDataStore
-- | The ARN (or ID suffix of the ARN) of the event data store about which
-- you want information.
getEventDataStore_eventDataStore :: Lens' GetEventDataStore Text
-- | See: newGetEventDataStoreResponse smart constructor.
data GetEventDataStoreResponse
GetEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> Int -> GetEventDataStoreResponse
-- | The advanced event selectors used to select events for the data store.
[$sel:advancedEventSelectors:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe [AdvancedEventSelector]
-- | The timestamp of the event data store's creation.
[$sel:createdTimestamp:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe POSIX
-- | The event data store Amazon Resource Number (ARN).
[$sel:eventDataStoreArn:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Text
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Text
-- | Indicates whether the event data store includes events from all
-- regions, or only from the region in which it was created.
[$sel:multiRegionEnabled:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Bool
-- | The name of the event data store.
[$sel:name:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Text
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
[$sel:organizationEnabled:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Bool
-- | The retention period of the event data store, in days.
[$sel:retentionPeriod:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Natural
-- | The status of an event data store. Values can be ENABLED and
-- PENDING_DELETION.
[$sel:status:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe EventDataStoreStatus
-- | Indicates that termination protection is enabled.
[$sel:terminationProtectionEnabled:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe Bool
-- | Shows the time that an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
[$sel:updatedTimestamp:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:GetEventDataStoreResponse'] :: GetEventDataStoreResponse -> Int
-- | Create a value of GetEventDataStoreResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_advancedEventSelectors - The advanced
-- event selectors used to select events for the data store.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_createdTimestamp - The timestamp of
-- the event data store's creation.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_eventDataStoreArn - The event data
-- store Amazon Resource Number (ARN).
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_kmsKeyId - Specifies the KMS key ID
-- that encrypts the events delivered by CloudTrail. The value is a fully
-- specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store includes events from all regions, or only
-- from the region in which it was created.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_name - The name of the event data
-- store.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_retentionPeriod - The retention
-- period of the event data store, in days.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_status - The status of an event data
-- store. Values can be ENABLED and PENDING_DELETION.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates that termination protection is enabled.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_updatedTimestamp - Shows the time
-- that an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:GetEventDataStoreResponse',
-- getEventDataStoreResponse_httpStatus - The response's http
-- status code.
newGetEventDataStoreResponse :: Int -> GetEventDataStoreResponse
-- | The advanced event selectors used to select events for the data store.
getEventDataStoreResponse_advancedEventSelectors :: Lens' GetEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp of the event data store's creation.
getEventDataStoreResponse_createdTimestamp :: Lens' GetEventDataStoreResponse (Maybe UTCTime)
-- | The event data store Amazon Resource Number (ARN).
getEventDataStoreResponse_eventDataStoreArn :: Lens' GetEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
getEventDataStoreResponse_kmsKeyId :: Lens' GetEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store includes events from all
-- regions, or only from the region in which it was created.
getEventDataStoreResponse_multiRegionEnabled :: Lens' GetEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
getEventDataStoreResponse_name :: Lens' GetEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
getEventDataStoreResponse_organizationEnabled :: Lens' GetEventDataStoreResponse (Maybe Bool)
-- | The retention period of the event data store, in days.
getEventDataStoreResponse_retentionPeriod :: Lens' GetEventDataStoreResponse (Maybe Natural)
-- | The status of an event data store. Values can be ENABLED and
-- PENDING_DELETION.
getEventDataStoreResponse_status :: Lens' GetEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Indicates that termination protection is enabled.
getEventDataStoreResponse_terminationProtectionEnabled :: Lens' GetEventDataStoreResponse (Maybe Bool)
-- | Shows the time that an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
getEventDataStoreResponse_updatedTimestamp :: Lens' GetEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
getEventDataStoreResponse_httpStatus :: Lens' GetEventDataStoreResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance GHC.Show.Show Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance GHC.Read.Read Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance GHC.Classes.Eq Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance GHC.Generics.Generic Amazonka.CloudTrail.GetEventDataStore.GetEventDataStoreResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetEventDataStore.GetEventDataStoreResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetEventDataStore.GetEventDataStoreResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetEventDataStore.GetEventDataStoreResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetEventDataStore.GetEventDataStoreResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetEventDataStore.GetEventDataStore
-- | Returns information about a specific channel. Amazon Web Services
-- services create service-linked channels to get information about
-- CloudTrail events on your behalf. For more information about
-- service-linked channels, see Viewing service-linked channels for
-- CloudTrail by using the CLI.
module Amazonka.CloudTrail.GetChannel
-- | See: newGetChannel smart constructor.
data GetChannel
GetChannel' :: Text -> GetChannel
-- | The ARN or UUID of a channel.
[$sel:channel:GetChannel'] :: GetChannel -> Text
-- | Create a value of GetChannel with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channel:GetChannel', getChannel_channel - The ARN
-- or UUID of a channel.
newGetChannel :: Text -> GetChannel
-- | The ARN or UUID of a channel.
getChannel_channel :: Lens' GetChannel Text
-- | See: newGetChannelResponse smart constructor.
data GetChannelResponse
GetChannelResponse' :: Maybe Text -> Maybe (NonEmpty Destination) -> Maybe Text -> Maybe Text -> Maybe SourceConfig -> Int -> GetChannelResponse
-- | The ARN of an channel returned by a GetChannel request.
[$sel:channelArn:GetChannelResponse'] :: GetChannelResponse -> Maybe Text
-- | The Amazon Web Services service that created the service-linked
-- channel.
[$sel:destinations:GetChannelResponse'] :: GetChannelResponse -> Maybe (NonEmpty Destination)
-- | The name of the CloudTrail channel. For service-linked channels, the
-- value is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix generated by the Amazon Web Services service.
[$sel:name:GetChannelResponse'] :: GetChannelResponse -> Maybe Text
-- | The event source for the CloudTrail channel.
[$sel:source:GetChannelResponse'] :: GetChannelResponse -> Maybe Text
-- | Provides information about the advanced event selectors configured for
-- the channel, and whether the channel applies to all regions or a
-- single region.
[$sel:sourceConfig:GetChannelResponse'] :: GetChannelResponse -> Maybe SourceConfig
-- | The response's http status code.
[$sel:httpStatus:GetChannelResponse'] :: GetChannelResponse -> Int
-- | Create a value of GetChannelResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetChannelResponse, getChannelResponse_channelArn - The
-- ARN of an channel returned by a GetChannel request.
--
-- GetChannelResponse, getChannelResponse_destinations -
-- The Amazon Web Services service that created the service-linked
-- channel.
--
-- GetChannelResponse, getChannelResponse_name - The name
-- of the CloudTrail channel. For service-linked channels, the value is
-- aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix generated by the Amazon Web Services service.
--
-- $sel:source:GetChannelResponse',
-- getChannelResponse_source - The event source for the CloudTrail
-- channel.
--
-- $sel:sourceConfig:GetChannelResponse',
-- getChannelResponse_sourceConfig - Provides information about
-- the advanced event selectors configured for the channel, and whether
-- the channel applies to all regions or a single region.
--
-- $sel:httpStatus:GetChannelResponse',
-- getChannelResponse_httpStatus - The response's http status
-- code.
newGetChannelResponse :: Int -> GetChannelResponse
-- | The ARN of an channel returned by a GetChannel request.
getChannelResponse_channelArn :: Lens' GetChannelResponse (Maybe Text)
-- | The Amazon Web Services service that created the service-linked
-- channel.
getChannelResponse_destinations :: Lens' GetChannelResponse (Maybe (NonEmpty Destination))
-- | The name of the CloudTrail channel. For service-linked channels, the
-- value is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix generated by the Amazon Web Services service.
getChannelResponse_name :: Lens' GetChannelResponse (Maybe Text)
-- | The event source for the CloudTrail channel.
getChannelResponse_source :: Lens' GetChannelResponse (Maybe Text)
-- | Provides information about the advanced event selectors configured for
-- the channel, and whether the channel applies to all regions or a
-- single region.
getChannelResponse_sourceConfig :: Lens' GetChannelResponse (Maybe SourceConfig)
-- | The response's http status code.
getChannelResponse_httpStatus :: Lens' GetChannelResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.GetChannel.GetChannel
instance GHC.Show.Show Amazonka.CloudTrail.GetChannel.GetChannel
instance GHC.Read.Read Amazonka.CloudTrail.GetChannel.GetChannel
instance GHC.Classes.Eq Amazonka.CloudTrail.GetChannel.GetChannel
instance GHC.Generics.Generic Amazonka.CloudTrail.GetChannel.GetChannelResponse
instance GHC.Show.Show Amazonka.CloudTrail.GetChannel.GetChannelResponse
instance GHC.Read.Read Amazonka.CloudTrail.GetChannel.GetChannelResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.GetChannel.GetChannelResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.GetChannel.GetChannel
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetChannel.GetChannelResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.GetChannel.GetChannel
instance Control.DeepSeq.NFData Amazonka.CloudTrail.GetChannel.GetChannel
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.GetChannel.GetChannel
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.GetChannel.GetChannel
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.GetChannel.GetChannel
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.GetChannel.GetChannel
-- | Retrieves settings for one or more trails associated with the current
-- region for your account.
module Amazonka.CloudTrail.DescribeTrails
-- | Returns information about the trail.
--
-- See: newDescribeTrails smart constructor.
data DescribeTrails
DescribeTrails' :: Maybe Bool -> Maybe [Text] -> DescribeTrails
-- | Specifies whether to include shadow trails in the response. A shadow
-- trail is the replication in a region of a trail that was created in a
-- different region, or in the case of an organization trail, the
-- replication of an organization trail in member accounts. If you do not
-- include shadow trails, organization trails in a member account and
-- region replication trails will not be returned. The default is true.
[$sel:includeShadowTrails:DescribeTrails'] :: DescribeTrails -> Maybe Bool
-- | Specifies a list of trail names, trail ARNs, or both, of the trails to
-- describe. The format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- If an empty list is specified, information for the trail in the
-- current region is returned.
--
--
-- - If an empty list is specified and IncludeShadowTrails is
-- false, then information for all trails in the current region is
-- returned.
-- - If an empty list is specified and IncludeShadowTrails is null or
-- true, then information for all trails in the current region and any
-- associated shadow trails in other regions is returned.
--
--
-- If one or more trail names are specified, information is returned only
-- if the names match the names of trails belonging only to the current
-- region. To return information about a trail in another region, you
-- must specify its trail ARN.
[$sel:trailNameList:DescribeTrails'] :: DescribeTrails -> Maybe [Text]
-- | Create a value of DescribeTrails with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:includeShadowTrails:DescribeTrails',
-- describeTrails_includeShadowTrails - Specifies whether to
-- include shadow trails in the response. A shadow trail is the
-- replication in a region of a trail that was created in a different
-- region, or in the case of an organization trail, the replication of an
-- organization trail in member accounts. If you do not include shadow
-- trails, organization trails in a member account and region replication
-- trails will not be returned. The default is true.
--
-- $sel:trailNameList:DescribeTrails',
-- describeTrails_trailNameList - Specifies a list of trail names,
-- trail ARNs, or both, of the trails to describe. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- If an empty list is specified, information for the trail in the
-- current region is returned.
--
--
-- - If an empty list is specified and IncludeShadowTrails is
-- false, then information for all trails in the current region is
-- returned.
-- - If an empty list is specified and IncludeShadowTrails is null or
-- true, then information for all trails in the current region and any
-- associated shadow trails in other regions is returned.
--
--
-- If one or more trail names are specified, information is returned only
-- if the names match the names of trails belonging only to the current
-- region. To return information about a trail in another region, you
-- must specify its trail ARN.
newDescribeTrails :: DescribeTrails
-- | Specifies whether to include shadow trails in the response. A shadow
-- trail is the replication in a region of a trail that was created in a
-- different region, or in the case of an organization trail, the
-- replication of an organization trail in member accounts. If you do not
-- include shadow trails, organization trails in a member account and
-- region replication trails will not be returned. The default is true.
describeTrails_includeShadowTrails :: Lens' DescribeTrails (Maybe Bool)
-- | Specifies a list of trail names, trail ARNs, or both, of the trails to
-- describe. The format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- If an empty list is specified, information for the trail in the
-- current region is returned.
--
--
-- - If an empty list is specified and IncludeShadowTrails is
-- false, then information for all trails in the current region is
-- returned.
-- - If an empty list is specified and IncludeShadowTrails is null or
-- true, then information for all trails in the current region and any
-- associated shadow trails in other regions is returned.
--
--
-- If one or more trail names are specified, information is returned only
-- if the names match the names of trails belonging only to the current
-- region. To return information about a trail in another region, you
-- must specify its trail ARN.
describeTrails_trailNameList :: Lens' DescribeTrails (Maybe [Text])
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newDescribeTrailsResponse smart constructor.
data DescribeTrailsResponse
DescribeTrailsResponse' :: Maybe [Trail] -> Int -> DescribeTrailsResponse
-- | The list of trail objects. Trail objects with string values are only
-- returned if values for the objects exist in a trail's configuration.
-- For example, SNSTopicName and SNSTopicARN are only
-- returned in results if a trail is configured to send SNS
-- notifications. Similarly, KMSKeyId only appears in results if
-- a trail's log files are encrypted with KMS customer managed keys.
[$sel:trailList:DescribeTrailsResponse'] :: DescribeTrailsResponse -> Maybe [Trail]
-- | The response's http status code.
[$sel:httpStatus:DescribeTrailsResponse'] :: DescribeTrailsResponse -> Int
-- | Create a value of DescribeTrailsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailList:DescribeTrailsResponse',
-- describeTrailsResponse_trailList - The list of trail objects.
-- Trail objects with string values are only returned if values for the
-- objects exist in a trail's configuration. For example,
-- SNSTopicName and SNSTopicARN are only returned in
-- results if a trail is configured to send SNS notifications. Similarly,
-- KMSKeyId only appears in results if a trail's log files are
-- encrypted with KMS customer managed keys.
--
-- $sel:httpStatus:DescribeTrailsResponse',
-- describeTrailsResponse_httpStatus - The response's http status
-- code.
newDescribeTrailsResponse :: Int -> DescribeTrailsResponse
-- | The list of trail objects. Trail objects with string values are only
-- returned if values for the objects exist in a trail's configuration.
-- For example, SNSTopicName and SNSTopicARN are only
-- returned in results if a trail is configured to send SNS
-- notifications. Similarly, KMSKeyId only appears in results if
-- a trail's log files are encrypted with KMS customer managed keys.
describeTrailsResponse_trailList :: Lens' DescribeTrailsResponse (Maybe [Trail])
-- | The response's http status code.
describeTrailsResponse_httpStatus :: Lens' DescribeTrailsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Show.Show Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Read.Read Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Classes.Eq Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance GHC.Generics.Generic Amazonka.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Show.Show Amazonka.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Read.Read Amazonka.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DescribeTrails.DescribeTrailsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.DescribeTrails.DescribeTrails
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.DescribeTrails.DescribeTrails
-- | Returns metadata about a query, including query run time in
-- milliseconds, number of events scanned and matched, and query status.
-- You must specify an ARN for EventDataStore, and a value for
-- QueryID.
module Amazonka.CloudTrail.DescribeQuery
-- | See: newDescribeQuery smart constructor.
data DescribeQuery
DescribeQuery' :: Maybe Text -> Text -> DescribeQuery
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- the specified query was run.
[$sel:eventDataStore:DescribeQuery'] :: DescribeQuery -> Maybe Text
-- | The query ID.
[$sel:queryId:DescribeQuery'] :: DescribeQuery -> Text
-- | Create a value of DescribeQuery with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:DescribeQuery',
-- describeQuery_eventDataStore - The ARN (or the ID suffix of the
-- ARN) of an event data store on which the specified query was run.
--
-- DescribeQuery, describeQuery_queryId - The query ID.
newDescribeQuery :: Text -> DescribeQuery
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- the specified query was run.
describeQuery_eventDataStore :: Lens' DescribeQuery (Maybe Text)
-- | The query ID.
describeQuery_queryId :: Lens' DescribeQuery Text
-- | See: newDescribeQueryResponse smart constructor.
data DescribeQueryResponse
DescribeQueryResponse' :: Maybe Text -> Maybe DeliveryStatus -> Maybe Text -> Maybe Text -> Maybe QueryStatisticsForDescribeQuery -> Maybe QueryStatus -> Maybe Text -> Int -> DescribeQueryResponse
-- | The URI for the S3 bucket where CloudTrail delivered query results, if
-- applicable.
[$sel:deliveryS3Uri:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe Text
-- | The delivery status.
[$sel:deliveryStatus:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe DeliveryStatus
-- | The error message returned if a query failed.
[$sel:errorMessage:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe Text
-- | The ID of the query.
[$sel:queryId:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe Text
-- | Metadata about a query, including the number of events that were
-- matched, the total number of events scanned, the query run time in
-- milliseconds, and the query's creation time.
[$sel:queryStatistics:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe QueryStatisticsForDescribeQuery
-- | The status of a query. Values for QueryStatus include
-- QUEUED, RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED
[$sel:queryStatus:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe QueryStatus
-- | The SQL code of a query.
[$sel:queryString:DescribeQueryResponse'] :: DescribeQueryResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:DescribeQueryResponse'] :: DescribeQueryResponse -> Int
-- | Create a value of DescribeQueryResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:deliveryS3Uri:DescribeQueryResponse',
-- describeQueryResponse_deliveryS3Uri - The URI for the S3 bucket
-- where CloudTrail delivered query results, if applicable.
--
-- $sel:deliveryStatus:DescribeQueryResponse',
-- describeQueryResponse_deliveryStatus - The delivery status.
--
-- DescribeQueryResponse,
-- describeQueryResponse_errorMessage - The error message returned
-- if a query failed.
--
-- DescribeQuery, describeQueryResponse_queryId - The ID of
-- the query.
--
-- $sel:queryStatistics:DescribeQueryResponse',
-- describeQueryResponse_queryStatistics - Metadata about a query,
-- including the number of events that were matched, the total number of
-- events scanned, the query run time in milliseconds, and the query's
-- creation time.
--
-- DescribeQueryResponse, describeQueryResponse_queryStatus
-- - The status of a query. Values for QueryStatus include
-- QUEUED, RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED
--
-- $sel:queryString:DescribeQueryResponse',
-- describeQueryResponse_queryString - The SQL code of a query.
--
-- $sel:httpStatus:DescribeQueryResponse',
-- describeQueryResponse_httpStatus - The response's http status
-- code.
newDescribeQueryResponse :: Int -> DescribeQueryResponse
-- | The URI for the S3 bucket where CloudTrail delivered query results, if
-- applicable.
describeQueryResponse_deliveryS3Uri :: Lens' DescribeQueryResponse (Maybe Text)
-- | The delivery status.
describeQueryResponse_deliveryStatus :: Lens' DescribeQueryResponse (Maybe DeliveryStatus)
-- | The error message returned if a query failed.
describeQueryResponse_errorMessage :: Lens' DescribeQueryResponse (Maybe Text)
-- | The ID of the query.
describeQueryResponse_queryId :: Lens' DescribeQueryResponse (Maybe Text)
-- | Metadata about a query, including the number of events that were
-- matched, the total number of events scanned, the query run time in
-- milliseconds, and the query's creation time.
describeQueryResponse_queryStatistics :: Lens' DescribeQueryResponse (Maybe QueryStatisticsForDescribeQuery)
-- | The status of a query. Values for QueryStatus include
-- QUEUED, RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED
describeQueryResponse_queryStatus :: Lens' DescribeQueryResponse (Maybe QueryStatus)
-- | The SQL code of a query.
describeQueryResponse_queryString :: Lens' DescribeQueryResponse (Maybe Text)
-- | The response's http status code.
describeQueryResponse_httpStatus :: Lens' DescribeQueryResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance GHC.Show.Show Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance GHC.Read.Read Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance GHC.Classes.Eq Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance GHC.Generics.Generic Amazonka.CloudTrail.DescribeQuery.DescribeQueryResponse
instance GHC.Show.Show Amazonka.CloudTrail.DescribeQuery.DescribeQueryResponse
instance GHC.Read.Read Amazonka.CloudTrail.DescribeQuery.DescribeQueryResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.DescribeQuery.DescribeQueryResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DescribeQuery.DescribeQueryResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.DescribeQuery.DescribeQuery
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.DescribeQuery.DescribeQuery
-- | Removes CloudTrail delegated administrator permissions from a member
-- account in an organization.
module Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin
-- | Removes CloudTrail delegated administrator permissions from a
-- specified member account in an organization that is currently
-- designated as a delegated administrator.
--
-- See: newDeregisterOrganizationDelegatedAdmin smart
-- constructor.
data DeregisterOrganizationDelegatedAdmin
DeregisterOrganizationDelegatedAdmin' :: Text -> DeregisterOrganizationDelegatedAdmin
-- | A delegated administrator account ID. This is a member account in an
-- organization that is currently designated as a delegated
-- administrator.
[$sel:delegatedAdminAccountId:DeregisterOrganizationDelegatedAdmin'] :: DeregisterOrganizationDelegatedAdmin -> Text
-- | Create a value of DeregisterOrganizationDelegatedAdmin with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
--
-- $sel:delegatedAdminAccountId:DeregisterOrganizationDelegatedAdmin',
-- deregisterOrganizationDelegatedAdmin_delegatedAdminAccountId -
-- A delegated administrator account ID. This is a member account in an
-- organization that is currently designated as a delegated
-- administrator.
newDeregisterOrganizationDelegatedAdmin :: Text -> DeregisterOrganizationDelegatedAdmin
-- | A delegated administrator account ID. This is a member account in an
-- organization that is currently designated as a delegated
-- administrator.
deregisterOrganizationDelegatedAdmin_delegatedAdminAccountId :: Lens' DeregisterOrganizationDelegatedAdmin Text
-- | Returns the following response if successful. Otherwise, returns an
-- error.
--
-- See: newDeregisterOrganizationDelegatedAdminResponse
-- smart constructor.
data DeregisterOrganizationDelegatedAdminResponse
DeregisterOrganizationDelegatedAdminResponse' :: Int -> DeregisterOrganizationDelegatedAdminResponse
-- | The response's http status code.
[$sel:httpStatus:DeregisterOrganizationDelegatedAdminResponse'] :: DeregisterOrganizationDelegatedAdminResponse -> Int
-- | Create a value of DeregisterOrganizationDelegatedAdminResponse
-- with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:DeregisterOrganizationDelegatedAdminResponse',
-- deregisterOrganizationDelegatedAdminResponse_httpStatus - The
-- response's http status code.
newDeregisterOrganizationDelegatedAdminResponse :: Int -> DeregisterOrganizationDelegatedAdminResponse
-- | The response's http status code.
deregisterOrganizationDelegatedAdminResponse_httpStatus :: Lens' DeregisterOrganizationDelegatedAdminResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance GHC.Show.Show Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance GHC.Read.Read Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance GHC.Classes.Eq Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance GHC.Generics.Generic Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdminResponse
instance GHC.Show.Show Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdminResponse
instance GHC.Read.Read Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdminResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdminResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdminResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.DeregisterOrganizationDelegatedAdmin.DeregisterOrganizationDelegatedAdmin
-- | Deletes a trail. This operation must be called from the region in
-- which the trail was created. DeleteTrail cannot be called on
-- the shadow trails (replicated trails in other regions) of a trail that
-- is enabled in all regions.
module Amazonka.CloudTrail.DeleteTrail
-- | The request that specifies the name of a trail to delete.
--
-- See: newDeleteTrail smart constructor.
data DeleteTrail
DeleteTrail' :: Text -> DeleteTrail
-- | Specifies the name or the CloudTrail ARN of the trail to be deleted.
-- The following is the format of a trail ARN.
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
[$sel:name:DeleteTrail'] :: DeleteTrail -> Text
-- | Create a value of DeleteTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- DeleteTrail, deleteTrail_name - Specifies the name or
-- the CloudTrail ARN of the trail to be deleted. The following is the
-- format of a trail ARN.
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
newDeleteTrail :: Text -> DeleteTrail
-- | Specifies the name or the CloudTrail ARN of the trail to be deleted.
-- The following is the format of a trail ARN.
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
deleteTrail_name :: Lens' DeleteTrail Text
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newDeleteTrailResponse smart constructor.
data DeleteTrailResponse
DeleteTrailResponse' :: Int -> DeleteTrailResponse
-- | The response's http status code.
[$sel:httpStatus:DeleteTrailResponse'] :: DeleteTrailResponse -> Int
-- | Create a value of DeleteTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:DeleteTrailResponse',
-- deleteTrailResponse_httpStatus - The response's http status
-- code.
newDeleteTrailResponse :: Int -> DeleteTrailResponse
-- | The response's http status code.
deleteTrailResponse_httpStatus :: Lens' DeleteTrailResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Show.Show Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Read.Read Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Classes.Eq Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance GHC.Generics.Generic Amazonka.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Show.Show Amazonka.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Read.Read Amazonka.CloudTrail.DeleteTrail.DeleteTrailResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.DeleteTrail.DeleteTrailResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DeleteTrail.DeleteTrailResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.DeleteTrail.DeleteTrail
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.DeleteTrail.DeleteTrail
-- | Disables the event data store specified by EventDataStore,
-- which accepts an event data store ARN. After you run
-- DeleteEventDataStore, the event data store enters a
-- PENDING_DELETION state, and is automatically deleted after a
-- wait period of seven days. TerminationProtectionEnabled must
-- be set to False on the event data store; this operation
-- cannot work if TerminationProtectionEnabled is True.
--
-- After you run DeleteEventDataStore on an event data store,
-- you cannot run ListQueries, DescribeQuery, or
-- GetQueryResults on queries that are using an event data store
-- in a PENDING_DELETION state. An event data store in the
-- PENDING_DELETION state does not incur costs.
module Amazonka.CloudTrail.DeleteEventDataStore
-- | See: newDeleteEventDataStore smart constructor.
data DeleteEventDataStore
DeleteEventDataStore' :: Text -> DeleteEventDataStore
-- | The ARN (or the ID suffix of the ARN) of the event data store to
-- delete.
[$sel:eventDataStore:DeleteEventDataStore'] :: DeleteEventDataStore -> Text
-- | Create a value of DeleteEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:DeleteEventDataStore',
-- deleteEventDataStore_eventDataStore - The ARN (or the ID suffix
-- of the ARN) of the event data store to delete.
newDeleteEventDataStore :: Text -> DeleteEventDataStore
-- | The ARN (or the ID suffix of the ARN) of the event data store to
-- delete.
deleteEventDataStore_eventDataStore :: Lens' DeleteEventDataStore Text
-- | See: newDeleteEventDataStoreResponse smart constructor.
data DeleteEventDataStoreResponse
DeleteEventDataStoreResponse' :: Int -> DeleteEventDataStoreResponse
-- | The response's http status code.
[$sel:httpStatus:DeleteEventDataStoreResponse'] :: DeleteEventDataStoreResponse -> Int
-- | Create a value of DeleteEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:DeleteEventDataStoreResponse',
-- deleteEventDataStoreResponse_httpStatus - The response's http
-- status code.
newDeleteEventDataStoreResponse :: Int -> DeleteEventDataStoreResponse
-- | The response's http status code.
deleteEventDataStoreResponse_httpStatus :: Lens' DeleteEventDataStoreResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance GHC.Show.Show Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance GHC.Read.Read Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance GHC.Classes.Eq Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance GHC.Generics.Generic Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStoreResponse
instance GHC.Show.Show Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStoreResponse
instance GHC.Read.Read Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStoreResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStoreResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStoreResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.DeleteEventDataStore.DeleteEventDataStore
-- | Creates a trail that specifies the settings for delivery of log data
-- to an Amazon S3 bucket.
module Amazonka.CloudTrail.CreateTrail
-- | Specifies the settings for each trail.
--
-- See: newCreateTrail smart constructor.
data CreateTrail
CreateTrail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe [Tag] -> Text -> Text -> CreateTrail
-- | Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs will be delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
[$sel:cloudWatchLogsLogGroupArn:CreateTrail'] :: CreateTrail -> Maybe Text
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
[$sel:cloudWatchLogsRoleArn:CreateTrail'] :: CreateTrail -> Maybe Text
-- | Specifies whether log file integrity validation is enabled. The
-- default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
[$sel:enableLogFileValidation:CreateTrail'] :: CreateTrail -> Maybe Bool
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
[$sel:includeGlobalServiceEvents:CreateTrail'] :: CreateTrail -> Maybe Bool
-- | Specifies whether the trail is created in the current region or in all
-- regions. The default is false, which creates a trail only in the
-- region where you are signed in. As a best practice, consider creating
-- trails that log events in all regions.
[$sel:isMultiRegionTrail:CreateTrail'] :: CreateTrail -> Maybe Bool
-- | Specifies whether the trail is created for all accounts in an
-- organization in Organizations, or only for the current Amazon Web
-- Services account. The default is false, and cannot be true unless the
-- call is made on behalf of an Amazon Web Services account that is the
-- management account for an organization in Organizations.
[$sel:isOrganizationTrail:CreateTrail'] :: CreateTrail -> Maybe Bool
-- | Specifies the KMS key ID to use to encrypt the logs delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
[$sel:kmsKeyId:CreateTrail'] :: CreateTrail -> Maybe Text
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
[$sel:s3KeyPrefix:CreateTrail'] :: CreateTrail -> Maybe Text
-- | Specifies the name of the Amazon SNS topic defined for notification of
-- log file delivery. The maximum length is 256 characters.
[$sel:snsTopicName:CreateTrail'] :: CreateTrail -> Maybe Text
[$sel:tagsList:CreateTrail'] :: CreateTrail -> Maybe [Tag]
-- | Specifies the name of the trail. The name must meet the following
-- requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
[$sel:name:CreateTrail'] :: CreateTrail -> Text
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files. See Amazon S3 Bucket Naming Requirements.
[$sel:s3BucketName:CreateTrail'] :: CreateTrail -> Text
-- | Create a value of CreateTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateTrail, createTrail_cloudWatchLogsLogGroupArn -
-- Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs will be delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
--
-- CreateTrail, createTrail_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- $sel:enableLogFileValidation:CreateTrail',
-- createTrail_enableLogFileValidation - Specifies whether log
-- file integrity validation is enabled. The default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
--
-- CreateTrail, createTrail_includeGlobalServiceEvents -
-- Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
--
-- CreateTrail, createTrail_isMultiRegionTrail - Specifies
-- whether the trail is created in the current region or in all regions.
-- The default is false, which creates a trail only in the region where
-- you are signed in. As a best practice, consider creating trails that
-- log events in all regions.
--
-- CreateTrail, createTrail_isOrganizationTrail - Specifies
-- whether the trail is created for all accounts in an organization in
-- Organizations, or only for the current Amazon Web Services account.
-- The default is false, and cannot be true unless the call is made on
-- behalf of an Amazon Web Services account that is the management
-- account for an organization in Organizations.
--
-- CreateTrail, createTrail_kmsKeyId - Specifies the KMS
-- key ID to use to encrypt the logs delivered by CloudTrail. The value
-- can be an alias name prefixed by alias/, a fully specified
-- ARN to an alias, a fully specified ARN to a key, or a globally unique
-- identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
--
-- CreateTrail, createTrail_s3KeyPrefix - Specifies the
-- Amazon S3 key prefix that comes after the name of the bucket you have
-- designated for log file delivery. For more information, see Finding
-- Your CloudTrail Log Files. The maximum length is 200 characters.
--
-- CreateTrail, createTrail_snsTopicName - Specifies the
-- name of the Amazon SNS topic defined for notification of log file
-- delivery. The maximum length is 256 characters.
--
-- CreateTrail, createTrail_tagsList - Undocumented member.
--
-- CreateTrail, createTrail_name - Specifies the name of
-- the trail. The name must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- CreateTrail, createTrail_s3BucketName - Specifies the
-- name of the Amazon S3 bucket designated for publishing log files. See
-- Amazon S3 Bucket Naming Requirements.
newCreateTrail :: Text -> Text -> CreateTrail
-- | Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs will be delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
createTrail_cloudWatchLogsLogGroupArn :: Lens' CreateTrail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
createTrail_cloudWatchLogsRoleArn :: Lens' CreateTrail (Maybe Text)
-- | Specifies whether log file integrity validation is enabled. The
-- default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
createTrail_enableLogFileValidation :: Lens' CreateTrail (Maybe Bool)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
createTrail_includeGlobalServiceEvents :: Lens' CreateTrail (Maybe Bool)
-- | Specifies whether the trail is created in the current region or in all
-- regions. The default is false, which creates a trail only in the
-- region where you are signed in. As a best practice, consider creating
-- trails that log events in all regions.
createTrail_isMultiRegionTrail :: Lens' CreateTrail (Maybe Bool)
-- | Specifies whether the trail is created for all accounts in an
-- organization in Organizations, or only for the current Amazon Web
-- Services account. The default is false, and cannot be true unless the
-- call is made on behalf of an Amazon Web Services account that is the
-- management account for an organization in Organizations.
createTrail_isOrganizationTrail :: Lens' CreateTrail (Maybe Bool)
-- | Specifies the KMS key ID to use to encrypt the logs delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
createTrail_kmsKeyId :: Lens' CreateTrail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
createTrail_s3KeyPrefix :: Lens' CreateTrail (Maybe Text)
-- | Specifies the name of the Amazon SNS topic defined for notification of
-- log file delivery. The maximum length is 256 characters.
createTrail_snsTopicName :: Lens' CreateTrail (Maybe Text)
-- | Undocumented member.
createTrail_tagsList :: Lens' CreateTrail (Maybe [Tag])
-- | Specifies the name of the trail. The name must meet the following
-- requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
createTrail_name :: Lens' CreateTrail Text
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files. See Amazon S3 Bucket Naming Requirements.
createTrail_s3BucketName :: Lens' CreateTrail Text
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newCreateTrailResponse smart constructor.
data CreateTrailResponse
CreateTrailResponse' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Int -> CreateTrailResponse
-- | Specifies the Amazon Resource Name (ARN) of the log group to which
-- CloudTrail logs will be delivered.
[$sel:cloudWatchLogsLogGroupArn:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
[$sel:cloudWatchLogsRoleArn:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
[$sel:includeGlobalServiceEvents:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Bool
-- | Specifies whether the trail exists in one region or in all regions.
[$sel:isMultiRegionTrail:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Bool
-- | Specifies whether the trail is an organization trail.
[$sel:isOrganizationTrail:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Bool
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies whether log file integrity validation is enabled.
[$sel:logFileValidationEnabled:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Bool
-- | Specifies the name of the trail.
[$sel:name:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
[$sel:s3BucketName:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files.
[$sel:s3KeyPrefix:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The format of a topic ARN
-- is:
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
[$sel:snsTopicARN:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | This field is no longer in use. Use SnsTopicARN.
[$sel:snsTopicName:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | Specifies the ARN of the trail that was created. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailARN:CreateTrailResponse'] :: CreateTrailResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:CreateTrailResponse'] :: CreateTrailResponse -> Int
-- | Create a value of CreateTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateTrail,
-- createTrailResponse_cloudWatchLogsLogGroupArn - Specifies the
-- Amazon Resource Name (ARN) of the log group to which CloudTrail logs
-- will be delivered.
--
-- CreateTrail, createTrailResponse_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- CreateTrail,
-- createTrailResponse_includeGlobalServiceEvents - Specifies
-- whether the trail is publishing events from global services such as
-- IAM to the log files.
--
-- CreateTrail, createTrailResponse_isMultiRegionTrail -
-- Specifies whether the trail exists in one region or in all regions.
--
-- CreateTrail, createTrailResponse_isOrganizationTrail -
-- Specifies whether the trail is an organization trail.
--
-- CreateTrail, createTrailResponse_kmsKeyId - Specifies
-- the KMS key ID that encrypts the events delivered by CloudTrail. The
-- value is a fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- CreateTrailResponse,
-- createTrailResponse_logFileValidationEnabled - Specifies
-- whether log file integrity validation is enabled.
--
-- CreateTrail, createTrailResponse_name - Specifies the
-- name of the trail.
--
-- CreateTrail, createTrailResponse_s3BucketName -
-- Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
--
-- CreateTrail, createTrailResponse_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your CloudTrail Log Files.
--
-- CreateTrailResponse, createTrailResponse_snsTopicARN -
-- Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The format of a topic ARN
-- is:
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- CreateTrail, createTrailResponse_snsTopicName - This
-- field is no longer in use. Use SnsTopicARN.
--
-- CreateTrailResponse, createTrailResponse_trailARN -
-- Specifies the ARN of the trail that was created. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- $sel:httpStatus:CreateTrailResponse',
-- createTrailResponse_httpStatus - The response's http status
-- code.
newCreateTrailResponse :: Int -> CreateTrailResponse
-- | Specifies the Amazon Resource Name (ARN) of the log group to which
-- CloudTrail logs will be delivered.
createTrailResponse_cloudWatchLogsLogGroupArn :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
createTrailResponse_cloudWatchLogsRoleArn :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
createTrailResponse_includeGlobalServiceEvents :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies whether the trail exists in one region or in all regions.
createTrailResponse_isMultiRegionTrail :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
createTrailResponse_isOrganizationTrail :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
createTrailResponse_kmsKeyId :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies whether log file integrity validation is enabled.
createTrailResponse_logFileValidationEnabled :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies the name of the trail.
createTrailResponse_name :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
createTrailResponse_s3BucketName :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files.
createTrailResponse_s3KeyPrefix :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The format of a topic ARN
-- is:
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
createTrailResponse_snsTopicARN :: Lens' CreateTrailResponse (Maybe Text)
-- | This field is no longer in use. Use SnsTopicARN.
createTrailResponse_snsTopicName :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the ARN of the trail that was created. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
createTrailResponse_trailARN :: Lens' CreateTrailResponse (Maybe Text)
-- | The response's http status code.
createTrailResponse_httpStatus :: Lens' CreateTrailResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.CreateTrail.CreateTrail
instance GHC.Show.Show Amazonka.CloudTrail.CreateTrail.CreateTrail
instance GHC.Read.Read Amazonka.CloudTrail.CreateTrail.CreateTrail
instance GHC.Classes.Eq Amazonka.CloudTrail.CreateTrail.CreateTrail
instance GHC.Generics.Generic Amazonka.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Show.Show Amazonka.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Read.Read Amazonka.CloudTrail.CreateTrail.CreateTrailResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.CreateTrail.CreateTrailResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.CreateTrail.CreateTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.CreateTrail.CreateTrailResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.CreateTrail.CreateTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.CreateTrail.CreateTrail
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.CreateTrail.CreateTrail
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.CreateTrail.CreateTrail
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.CreateTrail.CreateTrail
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.CreateTrail.CreateTrail
-- | Creates a new event data store.
module Amazonka.CloudTrail.CreateEventDataStore
-- | See: newCreateEventDataStore smart constructor.
data CreateEventDataStore
CreateEventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Natural -> Maybe [Tag] -> Maybe Bool -> Text -> CreateEventDataStore
-- | The advanced event selectors to use to select the events for the data
-- store. For more information about how to use advanced event selectors,
-- see Log events by using advanced event selectors in the
-- CloudTrail User Guide.
[$sel:advancedEventSelectors:CreateEventDataStore'] :: CreateEventDataStore -> Maybe [AdvancedEventSelector]
-- | Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
[$sel:kmsKeyId:CreateEventDataStore'] :: CreateEventDataStore -> Maybe Text
-- | Specifies whether the event data store includes events from all
-- regions, or only from the region in which the event data store is
-- created.
[$sel:multiRegionEnabled:CreateEventDataStore'] :: CreateEventDataStore -> Maybe Bool
-- | Specifies whether an event data store collects events logged for an
-- organization in Organizations.
[$sel:organizationEnabled:CreateEventDataStore'] :: CreateEventDataStore -> Maybe Bool
-- | The retention period of the event data store, in days. You can set a
-- retention period of up to 2557 days, the equivalent of seven years.
[$sel:retentionPeriod:CreateEventDataStore'] :: CreateEventDataStore -> Maybe Natural
[$sel:tagsList:CreateEventDataStore'] :: CreateEventDataStore -> Maybe [Tag]
-- | Specifies whether termination protection is enabled for the event data
-- store. If termination protection is enabled, you cannot delete the
-- event data store until termination protection is disabled.
[$sel:terminationProtectionEnabled:CreateEventDataStore'] :: CreateEventDataStore -> Maybe Bool
-- | The name of the event data store.
[$sel:name:CreateEventDataStore'] :: CreateEventDataStore -> Text
-- | Create a value of CreateEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateEventDataStore,
-- createEventDataStore_advancedEventSelectors - The advanced
-- event selectors to use to select the events for the data store. For
-- more information about how to use advanced event selectors, see Log
-- events by using advanced event selectors in the CloudTrail User
-- Guide.
--
-- CreateEventDataStore, createEventDataStore_kmsKeyId -
-- Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
--
-- CreateEventDataStore,
-- createEventDataStore_multiRegionEnabled - Specifies whether the
-- event data store includes events from all regions, or only from the
-- region in which the event data store is created.
--
-- CreateEventDataStore,
-- createEventDataStore_organizationEnabled - Specifies whether an
-- event data store collects events logged for an organization in
-- Organizations.
--
-- CreateEventDataStore,
-- createEventDataStore_retentionPeriod - The retention period of
-- the event data store, in days. You can set a retention period of up to
-- 2557 days, the equivalent of seven years.
--
-- CreateEventDataStore, createEventDataStore_tagsList -
-- Undocumented member.
--
-- CreateEventDataStore,
-- createEventDataStore_terminationProtectionEnabled - Specifies
-- whether termination protection is enabled for the event data store. If
-- termination protection is enabled, you cannot delete the event data
-- store until termination protection is disabled.
--
-- CreateEventDataStore, createEventDataStore_name - The
-- name of the event data store.
newCreateEventDataStore :: Text -> CreateEventDataStore
-- | The advanced event selectors to use to select the events for the data
-- store. For more information about how to use advanced event selectors,
-- see Log events by using advanced event selectors in the
-- CloudTrail User Guide.
createEventDataStore_advancedEventSelectors :: Lens' CreateEventDataStore (Maybe [AdvancedEventSelector])
-- | Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
createEventDataStore_kmsKeyId :: Lens' CreateEventDataStore (Maybe Text)
-- | Specifies whether the event data store includes events from all
-- regions, or only from the region in which the event data store is
-- created.
createEventDataStore_multiRegionEnabled :: Lens' CreateEventDataStore (Maybe Bool)
-- | Specifies whether an event data store collects events logged for an
-- organization in Organizations.
createEventDataStore_organizationEnabled :: Lens' CreateEventDataStore (Maybe Bool)
-- | The retention period of the event data store, in days. You can set a
-- retention period of up to 2557 days, the equivalent of seven years.
createEventDataStore_retentionPeriod :: Lens' CreateEventDataStore (Maybe Natural)
-- | Undocumented member.
createEventDataStore_tagsList :: Lens' CreateEventDataStore (Maybe [Tag])
-- | Specifies whether termination protection is enabled for the event data
-- store. If termination protection is enabled, you cannot delete the
-- event data store until termination protection is disabled.
createEventDataStore_terminationProtectionEnabled :: Lens' CreateEventDataStore (Maybe Bool)
-- | The name of the event data store.
createEventDataStore_name :: Lens' CreateEventDataStore Text
-- | See: newCreateEventDataStoreResponse smart constructor.
data CreateEventDataStoreResponse
CreateEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe [Tag] -> Maybe Bool -> Maybe POSIX -> Int -> CreateEventDataStoreResponse
-- | The advanced event selectors that were used to select the events for
-- the data store.
[$sel:advancedEventSelectors:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe [AdvancedEventSelector]
-- | The timestamp that shows when the event data store was created.
[$sel:createdTimestamp:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe POSIX
-- | The ARN of the event data store.
[$sel:eventDataStoreArn:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Text
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Text
-- | Indicates whether the event data store collects events from all
-- regions, or only from the region in which it was created.
[$sel:multiRegionEnabled:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Bool
-- | The name of the event data store.
[$sel:name:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Text
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
[$sel:organizationEnabled:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Bool
-- | The retention period of an event data store, in days.
[$sel:retentionPeriod:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Natural
-- | The status of event data store creation.
[$sel:status:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe EventDataStoreStatus
[$sel:tagsList:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe [Tag]
-- | Indicates whether termination protection is enabled for the event data
-- store.
[$sel:terminationProtectionEnabled:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe Bool
-- | The timestamp that shows when an event data store was updated, if
-- applicable. UpdatedTimestamp is always either the same or
-- newer than the time shown in CreatedTimestamp.
[$sel:updatedTimestamp:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:CreateEventDataStoreResponse'] :: CreateEventDataStoreResponse -> Int
-- | Create a value of CreateEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_advancedEventSelectors - The
-- advanced event selectors that were used to select the events for the
-- data store.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_createdTimestamp - The timestamp
-- that shows when the event data store was created.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_eventDataStoreArn - The ARN of the
-- event data store.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_kmsKeyId - Specifies the KMS key
-- ID that encrypts the events delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store collects events from all regions, or only
-- from the region in which it was created.
--
-- CreateEventDataStore, createEventDataStoreResponse_name
-- - The name of the event data store.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_retentionPeriod - The retention
-- period of an event data store, in days.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_status - The status of event data
-- store creation.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_tagsList - Undocumented member.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates whether termination protection is enabled for the event data
-- store.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_updatedTimestamp - The timestamp
-- that shows when an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:CreateEventDataStoreResponse',
-- createEventDataStoreResponse_httpStatus - The response's http
-- status code.
newCreateEventDataStoreResponse :: Int -> CreateEventDataStoreResponse
-- | The advanced event selectors that were used to select the events for
-- the data store.
createEventDataStoreResponse_advancedEventSelectors :: Lens' CreateEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp that shows when the event data store was created.
createEventDataStoreResponse_createdTimestamp :: Lens' CreateEventDataStoreResponse (Maybe UTCTime)
-- | The ARN of the event data store.
createEventDataStoreResponse_eventDataStoreArn :: Lens' CreateEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
createEventDataStoreResponse_kmsKeyId :: Lens' CreateEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store collects events from all
-- regions, or only from the region in which it was created.
createEventDataStoreResponse_multiRegionEnabled :: Lens' CreateEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
createEventDataStoreResponse_name :: Lens' CreateEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
createEventDataStoreResponse_organizationEnabled :: Lens' CreateEventDataStoreResponse (Maybe Bool)
-- | The retention period of an event data store, in days.
createEventDataStoreResponse_retentionPeriod :: Lens' CreateEventDataStoreResponse (Maybe Natural)
-- | The status of event data store creation.
createEventDataStoreResponse_status :: Lens' CreateEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Undocumented member.
createEventDataStoreResponse_tagsList :: Lens' CreateEventDataStoreResponse (Maybe [Tag])
-- | Indicates whether termination protection is enabled for the event data
-- store.
createEventDataStoreResponse_terminationProtectionEnabled :: Lens' CreateEventDataStoreResponse (Maybe Bool)
-- | The timestamp that shows when an event data store was updated, if
-- applicable. UpdatedTimestamp is always either the same or
-- newer than the time shown in CreatedTimestamp.
createEventDataStoreResponse_updatedTimestamp :: Lens' CreateEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
createEventDataStoreResponse_httpStatus :: Lens' CreateEventDataStoreResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance GHC.Show.Show Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance GHC.Read.Read Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance GHC.Classes.Eq Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance GHC.Generics.Generic Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStoreResponse
instance GHC.Show.Show Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStoreResponse
instance GHC.Read.Read Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStoreResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStoreResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStoreResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.CreateEventDataStore.CreateEventDataStore
-- | Cancels a query if the query is not in a terminated state, such as
-- CANCELLED, FAILED, TIMED_OUT, or
-- FINISHED. You must specify an ARN value for
-- EventDataStore. The ID of the query that you want to cancel
-- is also required. When you run CancelQuery, the query status
-- might show as CANCELLED even if the operation is not yet
-- finished.
module Amazonka.CloudTrail.CancelQuery
-- | See: newCancelQuery smart constructor.
data CancelQuery
CancelQuery' :: Maybe Text -> Text -> CancelQuery
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- the specified query is running.
[$sel:eventDataStore:CancelQuery'] :: CancelQuery -> Maybe Text
-- | The ID of the query that you want to cancel. The QueryId
-- comes from the response of a StartQuery operation.
[$sel:queryId:CancelQuery'] :: CancelQuery -> Text
-- | Create a value of CancelQuery with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:CancelQuery',
-- cancelQuery_eventDataStore - The ARN (or the ID suffix of the
-- ARN) of an event data store on which the specified query is running.
--
-- CancelQuery, cancelQuery_queryId - The ID of the query
-- that you want to cancel. The QueryId comes from the response
-- of a StartQuery operation.
newCancelQuery :: Text -> CancelQuery
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- the specified query is running.
cancelQuery_eventDataStore :: Lens' CancelQuery (Maybe Text)
-- | The ID of the query that you want to cancel. The QueryId
-- comes from the response of a StartQuery operation.
cancelQuery_queryId :: Lens' CancelQuery Text
-- | See: newCancelQueryResponse smart constructor.
data CancelQueryResponse
CancelQueryResponse' :: Int -> Text -> QueryStatus -> CancelQueryResponse
-- | The response's http status code.
[$sel:httpStatus:CancelQueryResponse'] :: CancelQueryResponse -> Int
-- | The ID of the canceled query.
[$sel:queryId:CancelQueryResponse'] :: CancelQueryResponse -> Text
-- | Shows the status of a query after a CancelQuery request.
-- Typically, the values shown are either RUNNING or
-- CANCELLED.
[$sel:queryStatus:CancelQueryResponse'] :: CancelQueryResponse -> QueryStatus
-- | Create a value of CancelQueryResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:CancelQueryResponse',
-- cancelQueryResponse_httpStatus - The response's http status
-- code.
--
-- CancelQuery, cancelQueryResponse_queryId - The ID of the
-- canceled query.
--
-- CancelQueryResponse, cancelQueryResponse_queryStatus -
-- Shows the status of a query after a CancelQuery request.
-- Typically, the values shown are either RUNNING or
-- CANCELLED.
newCancelQueryResponse :: Int -> Text -> QueryStatus -> CancelQueryResponse
-- | The response's http status code.
cancelQueryResponse_httpStatus :: Lens' CancelQueryResponse Int
-- | The ID of the canceled query.
cancelQueryResponse_queryId :: Lens' CancelQueryResponse Text
-- | Shows the status of a query after a CancelQuery request.
-- Typically, the values shown are either RUNNING or
-- CANCELLED.
cancelQueryResponse_queryStatus :: Lens' CancelQueryResponse QueryStatus
instance GHC.Generics.Generic Amazonka.CloudTrail.CancelQuery.CancelQuery
instance GHC.Show.Show Amazonka.CloudTrail.CancelQuery.CancelQuery
instance GHC.Read.Read Amazonka.CloudTrail.CancelQuery.CancelQuery
instance GHC.Classes.Eq Amazonka.CloudTrail.CancelQuery.CancelQuery
instance GHC.Generics.Generic Amazonka.CloudTrail.CancelQuery.CancelQueryResponse
instance GHC.Show.Show Amazonka.CloudTrail.CancelQuery.CancelQueryResponse
instance GHC.Read.Read Amazonka.CloudTrail.CancelQuery.CancelQueryResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.CancelQuery.CancelQueryResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.CancelQuery.CancelQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.CancelQuery.CancelQueryResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.CancelQuery.CancelQuery
instance Control.DeepSeq.NFData Amazonka.CloudTrail.CancelQuery.CancelQuery
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.CancelQuery.CancelQuery
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.CancelQuery.CancelQuery
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.CancelQuery.CancelQuery
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.CancelQuery.CancelQuery
-- | Adds one or more tags to a trail or event data store, up to a limit of
-- 50. Overwrites an existing tag's value when a new value is specified
-- for an existing tag key. Tag key names must be unique for a trail; you
-- cannot have two keys with the same name but different values. If you
-- specify a key without a value, the tag will be created with the
-- specified key and a value of null. You can tag a trail or event data
-- store that applies to all Amazon Web Services Regions only from the
-- Region in which the trail or event data store was created (also known
-- as its home region).
module Amazonka.CloudTrail.AddTags
-- | Specifies the tags to add to a trail or event data store.
--
-- See: newAddTags smart constructor.
data AddTags
AddTags' :: Text -> [Tag] -> AddTags
-- | Specifies the ARN of the trail or event data store to which one or
-- more tags will be added. The format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:resourceId:AddTags'] :: AddTags -> Text
-- | Contains a list of tags, up to a limit of 50
[$sel:tagsList:AddTags'] :: AddTags -> [Tag]
-- | Create a value of AddTags with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- AddTags, addTags_resourceId - Specifies the ARN of the
-- trail or event data store to which one or more tags will be added. The
-- format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- AddTags, addTags_tagsList - Contains a list of tags, up
-- to a limit of 50
newAddTags :: Text -> AddTags
-- | Specifies the ARN of the trail or event data store to which one or
-- more tags will be added. The format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
addTags_resourceId :: Lens' AddTags Text
-- | Contains a list of tags, up to a limit of 50
addTags_tagsList :: Lens' AddTags [Tag]
-- | Returns the objects or data if successful. Otherwise, returns an
-- error.
--
-- See: newAddTagsResponse smart constructor.
data AddTagsResponse
AddTagsResponse' :: Int -> AddTagsResponse
-- | The response's http status code.
[$sel:httpStatus:AddTagsResponse'] :: AddTagsResponse -> Int
-- | Create a value of AddTagsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:AddTagsResponse',
-- addTagsResponse_httpStatus - The response's http status code.
newAddTagsResponse :: Int -> AddTagsResponse
-- | The response's http status code.
addTagsResponse_httpStatus :: Lens' AddTagsResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.AddTags.AddTags
instance GHC.Show.Show Amazonka.CloudTrail.AddTags.AddTags
instance GHC.Read.Read Amazonka.CloudTrail.AddTags.AddTags
instance GHC.Classes.Eq Amazonka.CloudTrail.AddTags.AddTags
instance GHC.Generics.Generic Amazonka.CloudTrail.AddTags.AddTagsResponse
instance GHC.Show.Show Amazonka.CloudTrail.AddTags.AddTagsResponse
instance GHC.Read.Read Amazonka.CloudTrail.AddTags.AddTagsResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.AddTags.AddTagsResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.AddTags.AddTags
instance Control.DeepSeq.NFData Amazonka.CloudTrail.AddTags.AddTagsResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.AddTags.AddTags
instance Control.DeepSeq.NFData Amazonka.CloudTrail.AddTags.AddTags
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.AddTags.AddTags
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.AddTags.AddTags
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.AddTags.AddTags
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.AddTags.AddTags
-- | Updates an event data store. The required EventDataStore
-- value is an ARN or the ID portion of the ARN. Other parameters are
-- optional, but at least one optional parameter must be specified, or
-- CloudTrail throws an error. RetentionPeriod is in days, and
-- valid values are integers between 90 and 2557. By default,
-- TerminationProtection is enabled.
-- AdvancedEventSelectors includes or excludes management and
-- data events in your event data store; for more information about
-- AdvancedEventSelectors, see
-- PutEventSelectorsRequest$AdvancedEventSelectors.
module Amazonka.CloudTrail.UpdateEventDataStore
-- | See: newUpdateEventDataStore smart constructor.
data UpdateEventDataStore
UpdateEventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe Bool -> Text -> UpdateEventDataStore
-- | The advanced event selectors used to select events for the event data
-- store. You can configure up to five advanced event selectors for each
-- event data store.
[$sel:advancedEventSelectors:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe [AdvancedEventSelector]
-- | Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
[$sel:kmsKeyId:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe Text
-- | Specifies whether an event data store collects events from all
-- regions, or only from the region in which it was created.
[$sel:multiRegionEnabled:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe Bool
-- | The event data store name.
[$sel:name:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe Text
-- | Specifies whether an event data store collects events logged for an
-- organization in Organizations.
[$sel:organizationEnabled:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe Bool
-- | The retention period, in days.
[$sel:retentionPeriod:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe Natural
-- | Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
[$sel:terminationProtectionEnabled:UpdateEventDataStore'] :: UpdateEventDataStore -> Maybe Bool
-- | The ARN (or the ID suffix of the ARN) of the event data store that you
-- want to update.
[$sel:eventDataStore:UpdateEventDataStore'] :: UpdateEventDataStore -> Text
-- | Create a value of UpdateEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateEventDataStore,
-- updateEventDataStore_advancedEventSelectors - The advanced
-- event selectors used to select events for the event data store. You
-- can configure up to five advanced event selectors for each event data
-- store.
--
-- UpdateEventDataStore, updateEventDataStore_kmsKeyId -
-- Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
--
-- UpdateEventDataStore,
-- updateEventDataStore_multiRegionEnabled - Specifies whether an
-- event data store collects events from all regions, or only from the
-- region in which it was created.
--
-- UpdateEventDataStore, updateEventDataStore_name - The
-- event data store name.
--
-- UpdateEventDataStore,
-- updateEventDataStore_organizationEnabled - Specifies whether an
-- event data store collects events logged for an organization in
-- Organizations.
--
-- UpdateEventDataStore,
-- updateEventDataStore_retentionPeriod - The retention period, in
-- days.
--
-- UpdateEventDataStore,
-- updateEventDataStore_terminationProtectionEnabled - Indicates
-- that termination protection is enabled and the event data store cannot
-- be automatically deleted.
--
-- $sel:eventDataStore:UpdateEventDataStore',
-- updateEventDataStore_eventDataStore - The ARN (or the ID suffix
-- of the ARN) of the event data store that you want to update.
newUpdateEventDataStore :: Text -> UpdateEventDataStore
-- | The advanced event selectors used to select events for the event data
-- store. You can configure up to five advanced event selectors for each
-- event data store.
updateEventDataStore_advancedEventSelectors :: Lens' UpdateEventDataStore (Maybe [AdvancedEventSelector])
-- | Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
updateEventDataStore_kmsKeyId :: Lens' UpdateEventDataStore (Maybe Text)
-- | Specifies whether an event data store collects events from all
-- regions, or only from the region in which it was created.
updateEventDataStore_multiRegionEnabled :: Lens' UpdateEventDataStore (Maybe Bool)
-- | The event data store name.
updateEventDataStore_name :: Lens' UpdateEventDataStore (Maybe Text)
-- | Specifies whether an event data store collects events logged for an
-- organization in Organizations.
updateEventDataStore_organizationEnabled :: Lens' UpdateEventDataStore (Maybe Bool)
-- | The retention period, in days.
updateEventDataStore_retentionPeriod :: Lens' UpdateEventDataStore (Maybe Natural)
-- | Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
updateEventDataStore_terminationProtectionEnabled :: Lens' UpdateEventDataStore (Maybe Bool)
-- | The ARN (or the ID suffix of the ARN) of the event data store that you
-- want to update.
updateEventDataStore_eventDataStore :: Lens' UpdateEventDataStore Text
-- | See: newUpdateEventDataStoreResponse smart constructor.
data UpdateEventDataStoreResponse
UpdateEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> Int -> UpdateEventDataStoreResponse
-- | The advanced event selectors that are applied to the event data store.
[$sel:advancedEventSelectors:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe [AdvancedEventSelector]
-- | The timestamp that shows when an event data store was first created.
[$sel:createdTimestamp:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe POSIX
-- | The ARN of the event data store.
[$sel:eventDataStoreArn:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Text
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Text
-- | Indicates whether the event data store includes events from all
-- regions, or only from the region in which it was created.
[$sel:multiRegionEnabled:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Bool
-- | The name of the event data store.
[$sel:name:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Text
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
[$sel:organizationEnabled:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Bool
-- | The retention period, in days.
[$sel:retentionPeriod:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Natural
-- | The status of an event data store. Values can be ENABLED and
-- PENDING_DELETION.
[$sel:status:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe EventDataStoreStatus
-- | Indicates whether termination protection is enabled for the event data
-- store.
[$sel:terminationProtectionEnabled:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe Bool
-- | The timestamp that shows when the event data store was last updated.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
[$sel:updatedTimestamp:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Maybe POSIX
-- | The response's http status code.
[$sel:httpStatus:UpdateEventDataStoreResponse'] :: UpdateEventDataStoreResponse -> Int
-- | Create a value of UpdateEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_advancedEventSelectors - The
-- advanced event selectors that are applied to the event data store.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_createdTimestamp - The timestamp
-- that shows when an event data store was first created.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_eventDataStoreArn - The ARN of the
-- event data store.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_kmsKeyId - Specifies the KMS key
-- ID that encrypts the events delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store includes events from all regions, or only
-- from the region in which it was created.
--
-- UpdateEventDataStore, updateEventDataStoreResponse_name
-- - The name of the event data store.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_retentionPeriod - The retention
-- period, in days.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_status - The status of an event
-- data store. Values can be ENABLED and
-- PENDING_DELETION.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates whether termination protection is enabled for the event data
-- store.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_updatedTimestamp - The timestamp
-- that shows when the event data store was last updated.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:UpdateEventDataStoreResponse',
-- updateEventDataStoreResponse_httpStatus - The response's http
-- status code.
newUpdateEventDataStoreResponse :: Int -> UpdateEventDataStoreResponse
-- | The advanced event selectors that are applied to the event data store.
updateEventDataStoreResponse_advancedEventSelectors :: Lens' UpdateEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp that shows when an event data store was first created.
updateEventDataStoreResponse_createdTimestamp :: Lens' UpdateEventDataStoreResponse (Maybe UTCTime)
-- | The ARN of the event data store.
updateEventDataStoreResponse_eventDataStoreArn :: Lens' UpdateEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
updateEventDataStoreResponse_kmsKeyId :: Lens' UpdateEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store includes events from all
-- regions, or only from the region in which it was created.
updateEventDataStoreResponse_multiRegionEnabled :: Lens' UpdateEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
updateEventDataStoreResponse_name :: Lens' UpdateEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
updateEventDataStoreResponse_organizationEnabled :: Lens' UpdateEventDataStoreResponse (Maybe Bool)
-- | The retention period, in days.
updateEventDataStoreResponse_retentionPeriod :: Lens' UpdateEventDataStoreResponse (Maybe Natural)
-- | The status of an event data store. Values can be ENABLED and
-- PENDING_DELETION.
updateEventDataStoreResponse_status :: Lens' UpdateEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Indicates whether termination protection is enabled for the event data
-- store.
updateEventDataStoreResponse_terminationProtectionEnabled :: Lens' UpdateEventDataStoreResponse (Maybe Bool)
-- | The timestamp that shows when the event data store was last updated.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
updateEventDataStoreResponse_updatedTimestamp :: Lens' UpdateEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
updateEventDataStoreResponse_httpStatus :: Lens' UpdateEventDataStoreResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance GHC.Show.Show Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance GHC.Read.Read Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance GHC.Classes.Eq Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance GHC.Generics.Generic Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStoreResponse
instance GHC.Show.Show Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStoreResponse
instance GHC.Read.Read Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStoreResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStoreResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStoreResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance Control.DeepSeq.NFData Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.UpdateEventDataStore.UpdateEventDataStore
-- | Updates trail settings that control what events you are logging, and
-- how to handle log files. Changes to a trail do not require stopping
-- the CloudTrail service. Use this action to designate an existing
-- bucket for log delivery. If the existing bucket has previously been a
-- target for CloudTrail log files, an IAM policy exists for the bucket.
-- UpdateTrail must be called from the region in which the trail
-- was created; otherwise, an InvalidHomeRegionException is
-- thrown.
module Amazonka.CloudTrail.UpdateTrail
-- | Specifies settings to update for the trail.
--
-- See: newUpdateTrail smart constructor.
data UpdateTrail
UpdateTrail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Text -> UpdateTrail
-- | Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs are delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
[$sel:cloudWatchLogsLogGroupArn:UpdateTrail'] :: UpdateTrail -> Maybe Text
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
[$sel:cloudWatchLogsRoleArn:UpdateTrail'] :: UpdateTrail -> Maybe Text
-- | Specifies whether log file validation is enabled. The default is
-- false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
[$sel:enableLogFileValidation:UpdateTrail'] :: UpdateTrail -> Maybe Bool
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
[$sel:includeGlobalServiceEvents:UpdateTrail'] :: UpdateTrail -> Maybe Bool
-- | Specifies whether the trail applies only to the current region or to
-- all regions. The default is false. If the trail exists only in the
-- current region and this value is set to true, shadow trails
-- (replications of the trail) will be created in the other regions. If
-- the trail exists in all regions and this value is set to false, the
-- trail will remain in the region where it was created, and its shadow
-- trails in other regions will be deleted. As a best practice, consider
-- using trails that log events in all regions.
[$sel:isMultiRegionTrail:UpdateTrail'] :: UpdateTrail -> Maybe Bool
-- | Specifies whether the trail is applied to all accounts in an
-- organization in Organizations, or only for the current Amazon Web
-- Services account. The default is false, and cannot be true unless the
-- call is made on behalf of an Amazon Web Services account that is the
-- management account for an organization in Organizations. If the trail
-- is not an organization trail and this is set to true, the
-- trail will be created in all Amazon Web Services accounts that belong
-- to the organization. If the trail is an organization trail and this is
-- set to false, the trail will remain in the current Amazon Web
-- Services account but be deleted from all member accounts in the
-- organization.
[$sel:isOrganizationTrail:UpdateTrail'] :: UpdateTrail -> Maybe Bool
-- | Specifies the KMS key ID to use to encrypt the logs delivered by
-- CloudTrail. The value can be an alias name prefixed by "alias/", a
-- fully specified ARN to an alias, a fully specified ARN to a key, or a
-- globally unique identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- - alias/MyAliasName
-- - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
--
-- - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
-- - 12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:UpdateTrail'] :: UpdateTrail -> Maybe Text
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files. See Amazon S3 Bucket Naming Requirements.
[$sel:s3BucketName:UpdateTrail'] :: UpdateTrail -> Maybe Text
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
[$sel:s3KeyPrefix:UpdateTrail'] :: UpdateTrail -> Maybe Text
-- | Specifies the name of the Amazon SNS topic defined for notification of
-- log file delivery. The maximum length is 256 characters.
[$sel:snsTopicName:UpdateTrail'] :: UpdateTrail -> Maybe Text
-- | Specifies the name of the trail or trail ARN. If Name is a
-- trail name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If Name is a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:name:UpdateTrail'] :: UpdateTrail -> Text
-- | Create a value of UpdateTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateTrail, updateTrail_cloudWatchLogsLogGroupArn -
-- Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs are delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
--
-- UpdateTrail, updateTrail_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- $sel:enableLogFileValidation:UpdateTrail',
-- updateTrail_enableLogFileValidation - Specifies whether log
-- file validation is enabled. The default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
--
-- UpdateTrail, updateTrail_includeGlobalServiceEvents -
-- Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
--
-- UpdateTrail, updateTrail_isMultiRegionTrail - Specifies
-- whether the trail applies only to the current region or to all
-- regions. The default is false. If the trail exists only in the current
-- region and this value is set to true, shadow trails (replications of
-- the trail) will be created in the other regions. If the trail exists
-- in all regions and this value is set to false, the trail will remain
-- in the region where it was created, and its shadow trails in other
-- regions will be deleted. As a best practice, consider using trails
-- that log events in all regions.
--
-- UpdateTrail, updateTrail_isOrganizationTrail - Specifies
-- whether the trail is applied to all accounts in an organization in
-- Organizations, or only for the current Amazon Web Services account.
-- The default is false, and cannot be true unless the call is made on
-- behalf of an Amazon Web Services account that is the management
-- account for an organization in Organizations. If the trail is not an
-- organization trail and this is set to true, the trail will be
-- created in all Amazon Web Services accounts that belong to the
-- organization. If the trail is an organization trail and this is set to
-- false, the trail will remain in the current Amazon Web
-- Services account but be deleted from all member accounts in the
-- organization.
--
-- UpdateTrail, updateTrail_kmsKeyId - Specifies the KMS
-- key ID to use to encrypt the logs delivered by CloudTrail. The value
-- can be an alias name prefixed by "alias/", a fully specified ARN to an
-- alias, a fully specified ARN to a key, or a globally unique
-- identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- - alias/MyAliasName
-- - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
--
-- - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
-- - 12345678-1234-1234-1234-123456789012
--
--
-- UpdateTrail, updateTrail_s3BucketName - Specifies the
-- name of the Amazon S3 bucket designated for publishing log files. See
-- Amazon S3 Bucket Naming Requirements.
--
-- UpdateTrail, updateTrail_s3KeyPrefix - Specifies the
-- Amazon S3 key prefix that comes after the name of the bucket you have
-- designated for log file delivery. For more information, see Finding
-- Your CloudTrail Log Files. The maximum length is 200 characters.
--
-- UpdateTrail, updateTrail_snsTopicName - Specifies the
-- name of the Amazon SNS topic defined for notification of log file
-- delivery. The maximum length is 256 characters.
--
-- UpdateTrail, updateTrail_name - Specifies the name of
-- the trail or trail ARN. If Name is a trail name, the string
-- must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If Name is a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newUpdateTrail :: Text -> UpdateTrail
-- | Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs are delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
updateTrail_cloudWatchLogsLogGroupArn :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
updateTrail_cloudWatchLogsRoleArn :: Lens' UpdateTrail (Maybe Text)
-- | Specifies whether log file validation is enabled. The default is
-- false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
updateTrail_enableLogFileValidation :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
updateTrail_includeGlobalServiceEvents :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies whether the trail applies only to the current region or to
-- all regions. The default is false. If the trail exists only in the
-- current region and this value is set to true, shadow trails
-- (replications of the trail) will be created in the other regions. If
-- the trail exists in all regions and this value is set to false, the
-- trail will remain in the region where it was created, and its shadow
-- trails in other regions will be deleted. As a best practice, consider
-- using trails that log events in all regions.
updateTrail_isMultiRegionTrail :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies whether the trail is applied to all accounts in an
-- organization in Organizations, or only for the current Amazon Web
-- Services account. The default is false, and cannot be true unless the
-- call is made on behalf of an Amazon Web Services account that is the
-- management account for an organization in Organizations. If the trail
-- is not an organization trail and this is set to true, the
-- trail will be created in all Amazon Web Services accounts that belong
-- to the organization. If the trail is an organization trail and this is
-- set to false, the trail will remain in the current Amazon Web
-- Services account but be deleted from all member accounts in the
-- organization.
updateTrail_isOrganizationTrail :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies the KMS key ID to use to encrypt the logs delivered by
-- CloudTrail. The value can be an alias name prefixed by "alias/", a
-- fully specified ARN to an alias, a fully specified ARN to a key, or a
-- globally unique identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- - alias/MyAliasName
-- - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
--
-- - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
-- - 12345678-1234-1234-1234-123456789012
--
updateTrail_kmsKeyId :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files. See Amazon S3 Bucket Naming Requirements.
updateTrail_s3BucketName :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
updateTrail_s3KeyPrefix :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the name of the Amazon SNS topic defined for notification of
-- log file delivery. The maximum length is 256 characters.
updateTrail_snsTopicName :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the name of the trail or trail ARN. If Name is a
-- trail name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If Name is a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
updateTrail_name :: Lens' UpdateTrail Text
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newUpdateTrailResponse smart constructor.
data UpdateTrailResponse
UpdateTrailResponse' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Int -> UpdateTrailResponse
-- | Specifies the Amazon Resource Name (ARN) of the log group to which
-- CloudTrail logs are delivered.
[$sel:cloudWatchLogsLogGroupArn:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
[$sel:cloudWatchLogsRoleArn:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
[$sel:includeGlobalServiceEvents:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Bool
-- | Specifies whether the trail exists in one region or in all regions.
[$sel:isMultiRegionTrail:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Bool
-- | Specifies whether the trail is an organization trail.
[$sel:isOrganizationTrail:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Bool
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
[$sel:kmsKeyId:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies whether log file integrity validation is enabled.
[$sel:logFileValidationEnabled:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Bool
-- | Specifies the name of the trail.
[$sel:name:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
[$sel:s3BucketName:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your IAM Log Files.
[$sel:s3KeyPrefix:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
[$sel:snsTopicARN:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | This field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
[$sel:snsTopicName:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | Specifies the ARN of the trail that was updated. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
[$sel:trailARN:UpdateTrailResponse'] :: UpdateTrailResponse -> Maybe Text
-- | The response's http status code.
[$sel:httpStatus:UpdateTrailResponse'] :: UpdateTrailResponse -> Int
-- | Create a value of UpdateTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateTrail,
-- updateTrailResponse_cloudWatchLogsLogGroupArn - Specifies the
-- Amazon Resource Name (ARN) of the log group to which CloudTrail logs
-- are delivered.
--
-- UpdateTrail, updateTrailResponse_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- UpdateTrail,
-- updateTrailResponse_includeGlobalServiceEvents - Specifies
-- whether the trail is publishing events from global services such as
-- IAM to the log files.
--
-- UpdateTrail, updateTrailResponse_isMultiRegionTrail -
-- Specifies whether the trail exists in one region or in all regions.
--
-- UpdateTrail, updateTrailResponse_isOrganizationTrail -
-- Specifies whether the trail is an organization trail.
--
-- UpdateTrail, updateTrailResponse_kmsKeyId - Specifies
-- the KMS key ID that encrypts the logs delivered by CloudTrail. The
-- value is a fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- UpdateTrailResponse,
-- updateTrailResponse_logFileValidationEnabled - Specifies
-- whether log file integrity validation is enabled.
--
-- UpdateTrail, updateTrailResponse_name - Specifies the
-- name of the trail.
--
-- UpdateTrail, updateTrailResponse_s3BucketName -
-- Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
--
-- UpdateTrail, updateTrailResponse_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your IAM Log Files.
--
-- UpdateTrailResponse, updateTrailResponse_snsTopicARN -
-- Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- UpdateTrail, updateTrailResponse_snsTopicName - This
-- field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
--
-- UpdateTrailResponse, updateTrailResponse_trailARN -
-- Specifies the ARN of the trail that was updated. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- $sel:httpStatus:UpdateTrailResponse',
-- updateTrailResponse_httpStatus - The response's http status
-- code.
newUpdateTrailResponse :: Int -> UpdateTrailResponse
-- | Specifies the Amazon Resource Name (ARN) of the log group to which
-- CloudTrail logs are delivered.
updateTrailResponse_cloudWatchLogsLogGroupArn :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
updateTrailResponse_cloudWatchLogsRoleArn :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
updateTrailResponse_includeGlobalServiceEvents :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies whether the trail exists in one region or in all regions.
updateTrailResponse_isMultiRegionTrail :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
updateTrailResponse_isOrganizationTrail :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
updateTrailResponse_kmsKeyId :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies whether log file integrity validation is enabled.
updateTrailResponse_logFileValidationEnabled :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies the name of the trail.
updateTrailResponse_name :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
updateTrailResponse_s3BucketName :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your IAM Log Files.
updateTrailResponse_s3KeyPrefix :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
updateTrailResponse_snsTopicARN :: Lens' UpdateTrailResponse (Maybe Text)
-- | This field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
updateTrailResponse_snsTopicName :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the ARN of the trail that was updated. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
updateTrailResponse_trailARN :: Lens' UpdateTrailResponse (Maybe Text)
-- | The response's http status code.
updateTrailResponse_httpStatus :: Lens' UpdateTrailResponse Int
instance GHC.Generics.Generic Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Show.Show Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Read.Read Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Classes.Eq Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance GHC.Generics.Generic Amazonka.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Show.Show Amazonka.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Read.Read Amazonka.CloudTrail.UpdateTrail.UpdateTrailResponse
instance GHC.Classes.Eq Amazonka.CloudTrail.UpdateTrail.UpdateTrailResponse
instance Amazonka.Types.AWSRequest Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.UpdateTrail.UpdateTrailResponse
instance Data.Hashable.Class.Hashable Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance Control.DeepSeq.NFData Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance Amazonka.Data.Headers.ToHeaders Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance Amazonka.Data.Path.ToPath Amazonka.CloudTrail.UpdateTrail.UpdateTrail
instance Amazonka.Data.Query.ToQuery Amazonka.CloudTrail.UpdateTrail.UpdateTrail
module Amazonka.CloudTrail.Lens
-- | Specifies the ARN of the trail or event data store to which one or
-- more tags will be added. The format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
addTags_resourceId :: Lens' AddTags Text
-- | Contains a list of tags, up to a limit of 50
addTags_tagsList :: Lens' AddTags [Tag]
-- | The response's http status code.
addTagsResponse_httpStatus :: Lens' AddTagsResponse Int
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- the specified query is running.
cancelQuery_eventDataStore :: Lens' CancelQuery (Maybe Text)
-- | The ID of the query that you want to cancel. The QueryId
-- comes from the response of a StartQuery operation.
cancelQuery_queryId :: Lens' CancelQuery Text
-- | The response's http status code.
cancelQueryResponse_httpStatus :: Lens' CancelQueryResponse Int
-- | The ID of the canceled query.
cancelQueryResponse_queryId :: Lens' CancelQueryResponse Text
-- | Shows the status of a query after a CancelQuery request.
-- Typically, the values shown are either RUNNING or
-- CANCELLED.
cancelQueryResponse_queryStatus :: Lens' CancelQueryResponse QueryStatus
-- | The advanced event selectors to use to select the events for the data
-- store. For more information about how to use advanced event selectors,
-- see Log events by using advanced event selectors in the
-- CloudTrail User Guide.
createEventDataStore_advancedEventSelectors :: Lens' CreateEventDataStore (Maybe [AdvancedEventSelector])
-- | Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
createEventDataStore_kmsKeyId :: Lens' CreateEventDataStore (Maybe Text)
-- | Specifies whether the event data store includes events from all
-- regions, or only from the region in which the event data store is
-- created.
createEventDataStore_multiRegionEnabled :: Lens' CreateEventDataStore (Maybe Bool)
-- | Specifies whether an event data store collects events logged for an
-- organization in Organizations.
createEventDataStore_organizationEnabled :: Lens' CreateEventDataStore (Maybe Bool)
-- | The retention period of the event data store, in days. You can set a
-- retention period of up to 2557 days, the equivalent of seven years.
createEventDataStore_retentionPeriod :: Lens' CreateEventDataStore (Maybe Natural)
-- | Undocumented member.
createEventDataStore_tagsList :: Lens' CreateEventDataStore (Maybe [Tag])
-- | Specifies whether termination protection is enabled for the event data
-- store. If termination protection is enabled, you cannot delete the
-- event data store until termination protection is disabled.
createEventDataStore_terminationProtectionEnabled :: Lens' CreateEventDataStore (Maybe Bool)
-- | The name of the event data store.
createEventDataStore_name :: Lens' CreateEventDataStore Text
-- | The advanced event selectors that were used to select the events for
-- the data store.
createEventDataStoreResponse_advancedEventSelectors :: Lens' CreateEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp that shows when the event data store was created.
createEventDataStoreResponse_createdTimestamp :: Lens' CreateEventDataStoreResponse (Maybe UTCTime)
-- | The ARN of the event data store.
createEventDataStoreResponse_eventDataStoreArn :: Lens' CreateEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
createEventDataStoreResponse_kmsKeyId :: Lens' CreateEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store collects events from all
-- regions, or only from the region in which it was created.
createEventDataStoreResponse_multiRegionEnabled :: Lens' CreateEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
createEventDataStoreResponse_name :: Lens' CreateEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
createEventDataStoreResponse_organizationEnabled :: Lens' CreateEventDataStoreResponse (Maybe Bool)
-- | The retention period of an event data store, in days.
createEventDataStoreResponse_retentionPeriod :: Lens' CreateEventDataStoreResponse (Maybe Natural)
-- | The status of event data store creation.
createEventDataStoreResponse_status :: Lens' CreateEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Undocumented member.
createEventDataStoreResponse_tagsList :: Lens' CreateEventDataStoreResponse (Maybe [Tag])
-- | Indicates whether termination protection is enabled for the event data
-- store.
createEventDataStoreResponse_terminationProtectionEnabled :: Lens' CreateEventDataStoreResponse (Maybe Bool)
-- | The timestamp that shows when an event data store was updated, if
-- applicable. UpdatedTimestamp is always either the same or
-- newer than the time shown in CreatedTimestamp.
createEventDataStoreResponse_updatedTimestamp :: Lens' CreateEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
createEventDataStoreResponse_httpStatus :: Lens' CreateEventDataStoreResponse Int
-- | Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs will be delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
createTrail_cloudWatchLogsLogGroupArn :: Lens' CreateTrail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
createTrail_cloudWatchLogsRoleArn :: Lens' CreateTrail (Maybe Text)
-- | Specifies whether log file integrity validation is enabled. The
-- default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
createTrail_enableLogFileValidation :: Lens' CreateTrail (Maybe Bool)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
createTrail_includeGlobalServiceEvents :: Lens' CreateTrail (Maybe Bool)
-- | Specifies whether the trail is created in the current region or in all
-- regions. The default is false, which creates a trail only in the
-- region where you are signed in. As a best practice, consider creating
-- trails that log events in all regions.
createTrail_isMultiRegionTrail :: Lens' CreateTrail (Maybe Bool)
-- | Specifies whether the trail is created for all accounts in an
-- organization in Organizations, or only for the current Amazon Web
-- Services account. The default is false, and cannot be true unless the
-- call is made on behalf of an Amazon Web Services account that is the
-- management account for an organization in Organizations.
createTrail_isOrganizationTrail :: Lens' CreateTrail (Maybe Bool)
-- | Specifies the KMS key ID to use to encrypt the logs delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
createTrail_kmsKeyId :: Lens' CreateTrail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
createTrail_s3KeyPrefix :: Lens' CreateTrail (Maybe Text)
-- | Specifies the name of the Amazon SNS topic defined for notification of
-- log file delivery. The maximum length is 256 characters.
createTrail_snsTopicName :: Lens' CreateTrail (Maybe Text)
-- | Undocumented member.
createTrail_tagsList :: Lens' CreateTrail (Maybe [Tag])
-- | Specifies the name of the trail. The name must meet the following
-- requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
createTrail_name :: Lens' CreateTrail Text
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files. See Amazon S3 Bucket Naming Requirements.
createTrail_s3BucketName :: Lens' CreateTrail Text
-- | Specifies the Amazon Resource Name (ARN) of the log group to which
-- CloudTrail logs will be delivered.
createTrailResponse_cloudWatchLogsLogGroupArn :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
createTrailResponse_cloudWatchLogsRoleArn :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
createTrailResponse_includeGlobalServiceEvents :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies whether the trail exists in one region or in all regions.
createTrailResponse_isMultiRegionTrail :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
createTrailResponse_isOrganizationTrail :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
createTrailResponse_kmsKeyId :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies whether log file integrity validation is enabled.
createTrailResponse_logFileValidationEnabled :: Lens' CreateTrailResponse (Maybe Bool)
-- | Specifies the name of the trail.
createTrailResponse_name :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
createTrailResponse_s3BucketName :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files.
createTrailResponse_s3KeyPrefix :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The format of a topic ARN
-- is:
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
createTrailResponse_snsTopicARN :: Lens' CreateTrailResponse (Maybe Text)
-- | This field is no longer in use. Use SnsTopicARN.
createTrailResponse_snsTopicName :: Lens' CreateTrailResponse (Maybe Text)
-- | Specifies the ARN of the trail that was created. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
createTrailResponse_trailARN :: Lens' CreateTrailResponse (Maybe Text)
-- | The response's http status code.
createTrailResponse_httpStatus :: Lens' CreateTrailResponse Int
-- | The ARN (or the ID suffix of the ARN) of the event data store to
-- delete.
deleteEventDataStore_eventDataStore :: Lens' DeleteEventDataStore Text
-- | The response's http status code.
deleteEventDataStoreResponse_httpStatus :: Lens' DeleteEventDataStoreResponse Int
-- | Specifies the name or the CloudTrail ARN of the trail to be deleted.
-- The following is the format of a trail ARN.
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
deleteTrail_name :: Lens' DeleteTrail Text
-- | The response's http status code.
deleteTrailResponse_httpStatus :: Lens' DeleteTrailResponse Int
-- | A delegated administrator account ID. This is a member account in an
-- organization that is currently designated as a delegated
-- administrator.
deregisterOrganizationDelegatedAdmin_delegatedAdminAccountId :: Lens' DeregisterOrganizationDelegatedAdmin Text
-- | The response's http status code.
deregisterOrganizationDelegatedAdminResponse_httpStatus :: Lens' DeregisterOrganizationDelegatedAdminResponse Int
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- the specified query was run.
describeQuery_eventDataStore :: Lens' DescribeQuery (Maybe Text)
-- | The query ID.
describeQuery_queryId :: Lens' DescribeQuery Text
-- | The URI for the S3 bucket where CloudTrail delivered query results, if
-- applicable.
describeQueryResponse_deliveryS3Uri :: Lens' DescribeQueryResponse (Maybe Text)
-- | The delivery status.
describeQueryResponse_deliveryStatus :: Lens' DescribeQueryResponse (Maybe DeliveryStatus)
-- | The error message returned if a query failed.
describeQueryResponse_errorMessage :: Lens' DescribeQueryResponse (Maybe Text)
-- | The ID of the query.
describeQueryResponse_queryId :: Lens' DescribeQueryResponse (Maybe Text)
-- | Metadata about a query, including the number of events that were
-- matched, the total number of events scanned, the query run time in
-- milliseconds, and the query's creation time.
describeQueryResponse_queryStatistics :: Lens' DescribeQueryResponse (Maybe QueryStatisticsForDescribeQuery)
-- | The status of a query. Values for QueryStatus include
-- QUEUED, RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED
describeQueryResponse_queryStatus :: Lens' DescribeQueryResponse (Maybe QueryStatus)
-- | The SQL code of a query.
describeQueryResponse_queryString :: Lens' DescribeQueryResponse (Maybe Text)
-- | The response's http status code.
describeQueryResponse_httpStatus :: Lens' DescribeQueryResponse Int
-- | Specifies whether to include shadow trails in the response. A shadow
-- trail is the replication in a region of a trail that was created in a
-- different region, or in the case of an organization trail, the
-- replication of an organization trail in member accounts. If you do not
-- include shadow trails, organization trails in a member account and
-- region replication trails will not be returned. The default is true.
describeTrails_includeShadowTrails :: Lens' DescribeTrails (Maybe Bool)
-- | Specifies a list of trail names, trail ARNs, or both, of the trails to
-- describe. The format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- If an empty list is specified, information for the trail in the
-- current region is returned.
--
--
-- - If an empty list is specified and IncludeShadowTrails is
-- false, then information for all trails in the current region is
-- returned.
-- - If an empty list is specified and IncludeShadowTrails is null or
-- true, then information for all trails in the current region and any
-- associated shadow trails in other regions is returned.
--
--
-- If one or more trail names are specified, information is returned only
-- if the names match the names of trails belonging only to the current
-- region. To return information about a trail in another region, you
-- must specify its trail ARN.
describeTrails_trailNameList :: Lens' DescribeTrails (Maybe [Text])
-- | The list of trail objects. Trail objects with string values are only
-- returned if values for the objects exist in a trail's configuration.
-- For example, SNSTopicName and SNSTopicARN are only
-- returned in results if a trail is configured to send SNS
-- notifications. Similarly, KMSKeyId only appears in results if
-- a trail's log files are encrypted with KMS customer managed keys.
describeTrailsResponse_trailList :: Lens' DescribeTrailsResponse (Maybe [Trail])
-- | The response's http status code.
describeTrailsResponse_httpStatus :: Lens' DescribeTrailsResponse Int
-- | The ARN or UUID of a channel.
getChannel_channel :: Lens' GetChannel Text
-- | The ARN of an channel returned by a GetChannel request.
getChannelResponse_channelArn :: Lens' GetChannelResponse (Maybe Text)
-- | The Amazon Web Services service that created the service-linked
-- channel.
getChannelResponse_destinations :: Lens' GetChannelResponse (Maybe (NonEmpty Destination))
-- | The name of the CloudTrail channel. For service-linked channels, the
-- value is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix generated by the Amazon Web Services service.
getChannelResponse_name :: Lens' GetChannelResponse (Maybe Text)
-- | The event source for the CloudTrail channel.
getChannelResponse_source :: Lens' GetChannelResponse (Maybe Text)
-- | Provides information about the advanced event selectors configured for
-- the channel, and whether the channel applies to all regions or a
-- single region.
getChannelResponse_sourceConfig :: Lens' GetChannelResponse (Maybe SourceConfig)
-- | The response's http status code.
getChannelResponse_httpStatus :: Lens' GetChannelResponse Int
-- | The ARN (or ID suffix of the ARN) of the event data store about which
-- you want information.
getEventDataStore_eventDataStore :: Lens' GetEventDataStore Text
-- | The advanced event selectors used to select events for the data store.
getEventDataStoreResponse_advancedEventSelectors :: Lens' GetEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp of the event data store's creation.
getEventDataStoreResponse_createdTimestamp :: Lens' GetEventDataStoreResponse (Maybe UTCTime)
-- | The event data store Amazon Resource Number (ARN).
getEventDataStoreResponse_eventDataStoreArn :: Lens' GetEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
getEventDataStoreResponse_kmsKeyId :: Lens' GetEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store includes events from all
-- regions, or only from the region in which it was created.
getEventDataStoreResponse_multiRegionEnabled :: Lens' GetEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
getEventDataStoreResponse_name :: Lens' GetEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
getEventDataStoreResponse_organizationEnabled :: Lens' GetEventDataStoreResponse (Maybe Bool)
-- | The retention period of the event data store, in days.
getEventDataStoreResponse_retentionPeriod :: Lens' GetEventDataStoreResponse (Maybe Natural)
-- | The status of an event data store. Values can be ENABLED and
-- PENDING_DELETION.
getEventDataStoreResponse_status :: Lens' GetEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Indicates that termination protection is enabled.
getEventDataStoreResponse_terminationProtectionEnabled :: Lens' GetEventDataStoreResponse (Maybe Bool)
-- | Shows the time that an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
getEventDataStoreResponse_updatedTimestamp :: Lens' GetEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
getEventDataStoreResponse_httpStatus :: Lens' GetEventDataStoreResponse Int
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
getEventSelectors_trailName :: Lens' GetEventSelectors Text
-- | The advanced event selectors that are configured for the trail.
getEventSelectorsResponse_advancedEventSelectors :: Lens' GetEventSelectorsResponse (Maybe [AdvancedEventSelector])
-- | The event selectors that are configured for the trail.
getEventSelectorsResponse_eventSelectors :: Lens' GetEventSelectorsResponse (Maybe [EventSelector])
-- | The specified trail ARN that has the event selectors.
getEventSelectorsResponse_trailARN :: Lens' GetEventSelectorsResponse (Maybe Text)
-- | The response's http status code.
getEventSelectorsResponse_httpStatus :: Lens' GetEventSelectorsResponse Int
-- | The ID for the import.
getImport_importId :: Lens' GetImport Text
-- | The timestamp of the import's creation.
getImportResponse_createdTimestamp :: Lens' GetImportResponse (Maybe UTCTime)
-- | The ARN of the destination event data store.
getImportResponse_destinations :: Lens' GetImportResponse (Maybe (NonEmpty Text))
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
getImportResponse_endEventTime :: Lens' GetImportResponse (Maybe UTCTime)
-- | The ID of the import.
getImportResponse_importId :: Lens' GetImportResponse (Maybe Text)
-- | The source S3 bucket.
getImportResponse_importSource :: Lens' GetImportResponse (Maybe ImportSource)
-- | Provides statistics for the import. CloudTrail does not update import
-- statistics in real-time. Returned values for parameters such as
-- EventsCompleted may be lower than the actual value, because
-- CloudTrail updates statistics incrementally over the course of the
-- import.
getImportResponse_importStatistics :: Lens' GetImportResponse (Maybe ImportStatistics)
-- | The status of the import.
getImportResponse_importStatus :: Lens' GetImportResponse (Maybe ImportStatus)
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
getImportResponse_startEventTime :: Lens' GetImportResponse (Maybe UTCTime)
-- | The timestamp of when the import was updated.
getImportResponse_updatedTimestamp :: Lens' GetImportResponse (Maybe UTCTime)
-- | The response's http status code.
getImportResponse_httpStatus :: Lens' GetImportResponse Int
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
getInsightSelectors_trailName :: Lens' GetInsightSelectors Text
-- | A JSON string that contains the insight types you want to log on a
-- trail. In this release, ApiErrorRateInsight and
-- ApiCallRateInsight are supported as insight types.
getInsightSelectorsResponse_insightSelectors :: Lens' GetInsightSelectorsResponse (Maybe [InsightSelector])
-- | The Amazon Resource Name (ARN) of a trail for which you want to get
-- Insights selectors.
getInsightSelectorsResponse_trailARN :: Lens' GetInsightSelectorsResponse (Maybe Text)
-- | The response's http status code.
getInsightSelectorsResponse_httpStatus :: Lens' GetInsightSelectorsResponse Int
-- | The ARN (or ID suffix of the ARN) of the event data store against
-- which the query was run.
getQueryResults_eventDataStore :: Lens' GetQueryResults (Maybe Text)
-- | The maximum number of query results to display on a single page.
getQueryResults_maxQueryResults :: Lens' GetQueryResults (Maybe Natural)
-- | A token you can use to get the next page of query results.
getQueryResults_nextToken :: Lens' GetQueryResults (Maybe Text)
-- | The ID of the query for which you want to get results.
getQueryResults_queryId :: Lens' GetQueryResults Text
-- | The error message returned if a query failed.
getQueryResultsResponse_errorMessage :: Lens' GetQueryResultsResponse (Maybe Text)
-- | A token you can use to get the next page of query results.
getQueryResultsResponse_nextToken :: Lens' GetQueryResultsResponse (Maybe Text)
-- | Contains the individual event results of the query.
getQueryResultsResponse_queryResultRows :: Lens' GetQueryResultsResponse (Maybe [[HashMap Text Text]])
-- | Shows the count of query results.
getQueryResultsResponse_queryStatistics :: Lens' GetQueryResultsResponse (Maybe QueryStatistics)
-- | The status of the query. Values include QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
getQueryResultsResponse_queryStatus :: Lens' GetQueryResultsResponse (Maybe QueryStatus)
-- | The response's http status code.
getQueryResultsResponse_httpStatus :: Lens' GetQueryResultsResponse Int
-- | The name or the Amazon Resource Name (ARN) of the trail for which you
-- want to retrieve settings information.
getTrail_name :: Lens' GetTrail Text
-- | Undocumented member.
getTrailResponse_trail :: Lens' GetTrailResponse (Maybe Trail)
-- | The response's http status code.
getTrailResponse_httpStatus :: Lens' GetTrailResponse Int
-- | Specifies the name or the CloudTrail ARN of the trail for which you
-- are requesting status. To get the status of a shadow trail (a
-- replication of the trail in another region), you must specify its ARN.
-- The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
getTrailStatus_name :: Lens' GetTrailStatus Text
-- | Whether the CloudTrail trail is currently logging Amazon Web Services
-- API calls.
getTrailStatusResponse_isLogging :: Lens' GetTrailStatusResponse (Maybe Bool)
-- | Displays any CloudWatch Logs error that CloudTrail encountered when
-- attempting to deliver logs to CloudWatch Logs.
getTrailStatusResponse_latestCloudWatchLogsDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Displays the most recent date and time when CloudTrail delivered logs
-- to CloudWatch Logs.
getTrailStatusResponse_latestCloudWatchLogsDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | This field is no longer in use.
getTrailStatusResponse_latestDeliveryAttemptSucceeded :: Lens' GetTrailStatusResponse (Maybe Text)
-- | This field is no longer in use.
getTrailStatusResponse_latestDeliveryAttemptTime :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Displays any Amazon S3 error that CloudTrail encountered when
-- attempting to deliver log files to the designated bucket. For more
-- information, see Error Responses in the Amazon S3 API
-- Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
getTrailStatusResponse_latestDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Specifies the date and time that CloudTrail last delivered log files
-- to an account's Amazon S3 bucket.
getTrailStatusResponse_latestDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | Displays any Amazon S3 error that CloudTrail encountered when
-- attempting to deliver a digest file to the designated bucket. For more
-- information, see Error Responses in the Amazon S3 API
-- Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
getTrailStatusResponse_latestDigestDeliveryError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Specifies the date and time that CloudTrail last delivered a digest
-- file to an account's Amazon S3 bucket.
getTrailStatusResponse_latestDigestDeliveryTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | This field is no longer in use.
getTrailStatusResponse_latestNotificationAttemptSucceeded :: Lens' GetTrailStatusResponse (Maybe Text)
-- | This field is no longer in use.
getTrailStatusResponse_latestNotificationAttemptTime :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Displays any Amazon SNS error that CloudTrail encountered when
-- attempting to send a notification. For more information about Amazon
-- SNS errors, see the Amazon SNS Developer Guide.
getTrailStatusResponse_latestNotificationError :: Lens' GetTrailStatusResponse (Maybe Text)
-- | Specifies the date and time of the most recent Amazon SNS notification
-- that CloudTrail has written a new log file to an account's Amazon S3
-- bucket.
getTrailStatusResponse_latestNotificationTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | Specifies the most recent date and time when CloudTrail started
-- recording API calls for an Amazon Web Services account.
getTrailStatusResponse_startLoggingTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | Specifies the most recent date and time when CloudTrail stopped
-- recording API calls for an Amazon Web Services account.
getTrailStatusResponse_stopLoggingTime :: Lens' GetTrailStatusResponse (Maybe UTCTime)
-- | This field is no longer in use.
getTrailStatusResponse_timeLoggingStarted :: Lens' GetTrailStatusResponse (Maybe Text)
-- | This field is no longer in use.
getTrailStatusResponse_timeLoggingStopped :: Lens' GetTrailStatusResponse (Maybe Text)
-- | The response's http status code.
getTrailStatusResponse_httpStatus :: Lens' GetTrailStatusResponse Int
-- | The maximum number of CloudTrail channels to display on a single page.
listChannels_maxResults :: Lens' ListChannels (Maybe Natural)
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
listChannels_nextToken :: Lens' ListChannels (Maybe Text)
-- | The list of channels in the account.
listChannelsResponse_channels :: Lens' ListChannelsResponse (Maybe [Channel])
-- | The token to use to get the next page of results after a previous API
-- call.
listChannelsResponse_nextToken :: Lens' ListChannelsResponse (Maybe Text)
-- | The response's http status code.
listChannelsResponse_httpStatus :: Lens' ListChannelsResponse Int
-- | The maximum number of event data stores to display on a single page.
listEventDataStores_maxResults :: Lens' ListEventDataStores (Maybe Natural)
-- | A token you can use to get the next page of event data store results.
listEventDataStores_nextToken :: Lens' ListEventDataStores (Maybe Text)
-- | Contains information about event data stores in the account, in the
-- current region.
listEventDataStoresResponse_eventDataStores :: Lens' ListEventDataStoresResponse (Maybe [EventDataStore])
-- | A token you can use to get the next page of results.
listEventDataStoresResponse_nextToken :: Lens' ListEventDataStoresResponse (Maybe Text)
-- | The response's http status code.
listEventDataStoresResponse_httpStatus :: Lens' ListEventDataStoresResponse Int
-- | The maximum number of failures to display on a single page.
listImportFailures_maxResults :: Lens' ListImportFailures (Maybe Natural)
-- | A token you can use to get the next page of import failures.
listImportFailures_nextToken :: Lens' ListImportFailures (Maybe Text)
-- | The ID of the import.
listImportFailures_importId :: Lens' ListImportFailures Text
-- | Contains information about the import failures.
listImportFailuresResponse_failures :: Lens' ListImportFailuresResponse (Maybe [ImportFailureListItem])
-- | A token you can use to get the next page of results.
listImportFailuresResponse_nextToken :: Lens' ListImportFailuresResponse (Maybe Text)
-- | The response's http status code.
listImportFailuresResponse_httpStatus :: Lens' ListImportFailuresResponse Int
-- | The ARN of the destination event data store.
listImports_destination :: Lens' ListImports (Maybe Text)
-- | The status of the import.
listImports_importStatus :: Lens' ListImports (Maybe ImportStatus)
-- | The maximum number of imports to display on a single page.
listImports_maxResults :: Lens' ListImports (Maybe Natural)
-- | A token you can use to get the next page of import results.
listImports_nextToken :: Lens' ListImports (Maybe Text)
-- | The list of returned imports.
listImportsResponse_imports :: Lens' ListImportsResponse (Maybe [ImportsListItem])
-- | A token you can use to get the next page of import results.
listImportsResponse_nextToken :: Lens' ListImportsResponse (Maybe Text)
-- | The response's http status code.
listImportsResponse_httpStatus :: Lens' ListImportsResponse Int
-- | Optionally specifies, in UTC, the end of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used.
listPublicKeys_endTime :: Lens' ListPublicKeys (Maybe UTCTime)
-- | Reserved for future use.
listPublicKeys_nextToken :: Lens' ListPublicKeys (Maybe Text)
-- | Optionally specifies, in UTC, the start of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used, and the current public key is returned.
listPublicKeys_startTime :: Lens' ListPublicKeys (Maybe UTCTime)
-- | Reserved for future use.
listPublicKeysResponse_nextToken :: Lens' ListPublicKeysResponse (Maybe Text)
-- | Contains an array of PublicKey objects.
--
-- The returned public keys may have validity time ranges that overlap.
listPublicKeysResponse_publicKeyList :: Lens' ListPublicKeysResponse (Maybe [PublicKey])
-- | The response's http status code.
listPublicKeysResponse_httpStatus :: Lens' ListPublicKeysResponse Int
-- | Use with StartTime to bound a ListQueries request,
-- and limit its results to only those queries run within a specified
-- time period.
listQueries_endTime :: Lens' ListQueries (Maybe UTCTime)
-- | The maximum number of queries to show on a page.
listQueries_maxResults :: Lens' ListQueries (Maybe Natural)
-- | A token you can use to get the next page of results.
listQueries_nextToken :: Lens' ListQueries (Maybe Text)
-- | The status of queries that you want to return in results. Valid values
-- for QueryStatus include QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
listQueries_queryStatus :: Lens' ListQueries (Maybe QueryStatus)
-- | Use with EndTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
listQueries_startTime :: Lens' ListQueries (Maybe UTCTime)
-- | The ARN (or the ID suffix of the ARN) of an event data store on which
-- queries were run.
listQueries_eventDataStore :: Lens' ListQueries Text
-- | A token you can use to get the next page of results.
listQueriesResponse_nextToken :: Lens' ListQueriesResponse (Maybe Text)
-- | Lists matching query results, and shows query ID, status, and creation
-- time of each query.
listQueriesResponse_queries :: Lens' ListQueriesResponse (Maybe [Query])
-- | The response's http status code.
listQueriesResponse_httpStatus :: Lens' ListQueriesResponse Int
-- | Reserved for future use.
listTags_nextToken :: Lens' ListTags (Maybe Text)
-- | Specifies a list of trail and event data store ARNs whose tags will be
-- listed. The list has a limit of 20 ARNs.
listTags_resourceIdList :: Lens' ListTags [Text]
-- | Reserved for future use.
listTagsResponse_nextToken :: Lens' ListTagsResponse (Maybe Text)
-- | A list of resource tags.
listTagsResponse_resourceTagList :: Lens' ListTagsResponse (Maybe [ResourceTag])
-- | The response's http status code.
listTagsResponse_httpStatus :: Lens' ListTagsResponse Int
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
listTrails_nextToken :: Lens' ListTrails (Maybe Text)
-- | The token to use to get the next page of results after a previous API
-- call. If the token does not appear, there are no more results to
-- return. The token must be passed in with the same parameters as the
-- previous call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
listTrailsResponse_nextToken :: Lens' ListTrailsResponse (Maybe Text)
-- | Returns the name, ARN, and home region of trails in the current
-- account.
listTrailsResponse_trails :: Lens' ListTrailsResponse (Maybe [TrailInfo])
-- | The response's http status code.
listTrailsResponse_httpStatus :: Lens' ListTrailsResponse Int
-- | Specifies that only events that occur before or at the specified time
-- are returned. If the specified end time is before the specified start
-- time, an error is returned.
lookupEvents_endTime :: Lens' LookupEvents (Maybe UTCTime)
-- | Specifies the event category. If you do not specify an event category,
-- events of the category are not returned in the response. For example,
-- if you do not specify insight as the value of
-- EventCategory, no Insights events are returned.
lookupEvents_eventCategory :: Lens' LookupEvents (Maybe EventCategory)
-- | Contains a list of lookup attributes. Currently the list can contain
-- only one item.
lookupEvents_lookupAttributes :: Lens' LookupEvents (Maybe [LookupAttribute])
-- | The number of events to return. Possible values are 1 through 50. The
-- default is 50.
lookupEvents_maxResults :: Lens' LookupEvents (Maybe Natural)
-- | The token to use to get the next page of results after a previous API
-- call. This token must be passed in with the same parameters that were
-- specified in the original call. For example, if the original call
-- specified an AttributeKey of 'Username' with a value of 'root', the
-- call with NextToken should include those same parameters.
lookupEvents_nextToken :: Lens' LookupEvents (Maybe Text)
-- | Specifies that only events that occur after or at the specified time
-- are returned. If the specified start time is after the specified end
-- time, an error is returned.
lookupEvents_startTime :: Lens' LookupEvents (Maybe UTCTime)
-- | A list of events returned based on the lookup attributes specified and
-- the CloudTrail event. The events list is sorted by time. The most
-- recent event is listed first.
lookupEventsResponse_events :: Lens' LookupEventsResponse (Maybe [Event])
-- | The token to use to get the next page of results after a previous API
-- call. If the token does not appear, there are no more results to
-- return. The token must be passed in with the same parameters as the
-- previous call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
lookupEventsResponse_nextToken :: Lens' LookupEventsResponse (Maybe Text)
-- | The response's http status code.
lookupEventsResponse_httpStatus :: Lens' LookupEventsResponse Int
-- | Specifies the settings for advanced event selectors. You can add
-- advanced event selectors, and conditions for your advanced event
-- selectors, up to a maximum of 500 values for all conditions and
-- selectors on a trail. You can use either
-- AdvancedEventSelectors or EventSelectors, but not
-- both. If you apply AdvancedEventSelectors to a trail, any
-- existing EventSelectors are overwritten. For more information
-- about advanced event selectors, see Logging data events for
-- trails in the CloudTrail User Guide.
putEventSelectors_advancedEventSelectors :: Lens' PutEventSelectors (Maybe [AdvancedEventSelector])
-- | Specifies the settings for your event selectors. You can configure up
-- to five event selectors for a trail. You can use either
-- EventSelectors or AdvancedEventSelectors in a
-- PutEventSelectors request, but not both. If you apply
-- EventSelectors to a trail, any existing
-- AdvancedEventSelectors are overwritten.
putEventSelectors_eventSelectors :: Lens' PutEventSelectors (Maybe [EventSelector])
-- | Specifies the name of the trail or trail ARN. If you specify a trail
-- name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
putEventSelectors_trailName :: Lens' PutEventSelectors Text
-- | Specifies the advanced event selectors configured for your trail.
putEventSelectorsResponse_advancedEventSelectors :: Lens' PutEventSelectorsResponse (Maybe [AdvancedEventSelector])
-- | Specifies the event selectors configured for your trail.
putEventSelectorsResponse_eventSelectors :: Lens' PutEventSelectorsResponse (Maybe [EventSelector])
-- | Specifies the ARN of the trail that was updated with event selectors.
-- The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
putEventSelectorsResponse_trailARN :: Lens' PutEventSelectorsResponse (Maybe Text)
-- | The response's http status code.
putEventSelectorsResponse_httpStatus :: Lens' PutEventSelectorsResponse Int
-- | The name of the CloudTrail trail for which you want to change or add
-- Insights selectors.
putInsightSelectors_trailName :: Lens' PutInsightSelectors Text
-- | A JSON string that contains the insight types you want to log on a
-- trail. ApiCallRateInsight and ApiErrorRateInsight
-- are valid insight types.
putInsightSelectors_insightSelectors :: Lens' PutInsightSelectors [InsightSelector]
-- | A JSON string that contains the Insights event types that you want to
-- log on a trail. The valid Insights types in this release are
-- ApiErrorRateInsight and ApiCallRateInsight.
putInsightSelectorsResponse_insightSelectors :: Lens' PutInsightSelectorsResponse (Maybe [InsightSelector])
-- | The Amazon Resource Name (ARN) of a trail for which you want to change
-- or add Insights selectors.
putInsightSelectorsResponse_trailARN :: Lens' PutInsightSelectorsResponse (Maybe Text)
-- | The response's http status code.
putInsightSelectorsResponse_httpStatus :: Lens' PutInsightSelectorsResponse Int
-- | An organization member account ID that you want to designate as a
-- delegated administrator.
registerOrganizationDelegatedAdmin_memberAccountId :: Lens' RegisterOrganizationDelegatedAdmin Text
-- | The response's http status code.
registerOrganizationDelegatedAdminResponse_httpStatus :: Lens' RegisterOrganizationDelegatedAdminResponse Int
-- | Specifies the ARN of the trail or event data store from which tags
-- should be removed.
--
-- Example trail ARN format:
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
-- Example event data store ARN format:
-- arn:aws:cloudtrail:us-east-2:12345678910:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
removeTags_resourceId :: Lens' RemoveTags Text
-- | Specifies a list of tags to be removed.
removeTags_tagsList :: Lens' RemoveTags [Tag]
-- | The response's http status code.
removeTagsResponse_httpStatus :: Lens' RemoveTagsResponse Int
-- | The ARN (or the ID suffix of the ARN) of the event data store that you
-- want to restore.
restoreEventDataStore_eventDataStore :: Lens' RestoreEventDataStore Text
-- | The advanced event selectors that were used to select events.
restoreEventDataStoreResponse_advancedEventSelectors :: Lens' RestoreEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp of an event data store's creation.
restoreEventDataStoreResponse_createdTimestamp :: Lens' RestoreEventDataStoreResponse (Maybe UTCTime)
-- | The event data store ARN.
restoreEventDataStoreResponse_eventDataStoreArn :: Lens' RestoreEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
restoreEventDataStoreResponse_kmsKeyId :: Lens' RestoreEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store is collecting events from all
-- regions, or only from the region in which the event data store was
-- created.
restoreEventDataStoreResponse_multiRegionEnabled :: Lens' RestoreEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
restoreEventDataStoreResponse_name :: Lens' RestoreEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
restoreEventDataStoreResponse_organizationEnabled :: Lens' RestoreEventDataStoreResponse (Maybe Bool)
-- | The retention period, in days.
restoreEventDataStoreResponse_retentionPeriod :: Lens' RestoreEventDataStoreResponse (Maybe Natural)
-- | The status of the event data store.
restoreEventDataStoreResponse_status :: Lens' RestoreEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
restoreEventDataStoreResponse_terminationProtectionEnabled :: Lens' RestoreEventDataStoreResponse (Maybe Bool)
-- | The timestamp that shows when an event data store was updated, if
-- applicable. UpdatedTimestamp is always either the same or
-- newer than the time shown in CreatedTimestamp.
restoreEventDataStoreResponse_updatedTimestamp :: Lens' RestoreEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
restoreEventDataStoreResponse_httpStatus :: Lens' RestoreEventDataStoreResponse Int
-- | The ARN of the destination event data store. Use this parameter for a
-- new import.
startImport_destinations :: Lens' StartImport (Maybe (NonEmpty Text))
-- | Use with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period. When you specify a time range,
-- CloudTrail checks the prefix and log file names to verify the names
-- contain a date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
startImport_endEventTime :: Lens' StartImport (Maybe UTCTime)
-- | The ID of the import. Use this parameter when you are retrying an
-- import.
startImport_importId :: Lens' StartImport (Maybe Text)
-- | The source S3 bucket for the import. Use this parameter for a new
-- import.
startImport_importSource :: Lens' StartImport (Maybe ImportSource)
-- | Use with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period. When you specify a time range,
-- CloudTrail checks the prefix and log file names to verify the names
-- contain a date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
startImport_startEventTime :: Lens' StartImport (Maybe UTCTime)
-- | The timestamp for the import's creation.
startImportResponse_createdTimestamp :: Lens' StartImportResponse (Maybe UTCTime)
-- | The ARN of the destination event data store.
startImportResponse_destinations :: Lens' StartImportResponse (Maybe (NonEmpty Text))
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
startImportResponse_endEventTime :: Lens' StartImportResponse (Maybe UTCTime)
-- | The ID of the import.
startImportResponse_importId :: Lens' StartImportResponse (Maybe Text)
-- | The source S3 bucket for the import.
startImportResponse_importSource :: Lens' StartImportResponse (Maybe ImportSource)
-- | Shows the status of the import after a StartImport request.
-- An import finishes with a status of COMPLETED if there were
-- no failures, or FAILED if there were failures.
startImportResponse_importStatus :: Lens' StartImportResponse (Maybe ImportStatus)
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
startImportResponse_startEventTime :: Lens' StartImportResponse (Maybe UTCTime)
-- | The timestamp of the import's last update, if applicable.
startImportResponse_updatedTimestamp :: Lens' StartImportResponse (Maybe UTCTime)
-- | The response's http status code.
startImportResponse_httpStatus :: Lens' StartImportResponse Int
-- | Specifies the name or the CloudTrail ARN of the trail for which
-- CloudTrail logs Amazon Web Services API calls. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
startLogging_name :: Lens' StartLogging Text
-- | The response's http status code.
startLoggingResponse_httpStatus :: Lens' StartLoggingResponse Int
-- | The URI for the S3 bucket where CloudTrail delivers the query results.
startQuery_deliveryS3Uri :: Lens' StartQuery (Maybe Text)
-- | The SQL code of your query.
startQuery_queryStatement :: Lens' StartQuery Text
-- | The ID of the started query.
startQueryResponse_queryId :: Lens' StartQueryResponse (Maybe Text)
-- | The response's http status code.
startQueryResponse_httpStatus :: Lens' StartQueryResponse Int
-- | The ID of the import.
stopImport_importId :: Lens' StopImport Text
-- | The timestamp of the import's creation.
stopImportResponse_createdTimestamp :: Lens' StopImportResponse (Maybe UTCTime)
-- | The ARN of the destination event data store.
stopImportResponse_destinations :: Lens' StopImportResponse (Maybe (NonEmpty Text))
-- | Used with StartEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
stopImportResponse_endEventTime :: Lens' StopImportResponse (Maybe UTCTime)
-- | The ID for the import.
stopImportResponse_importId :: Lens' StopImportResponse (Maybe Text)
-- | The source S3 bucket for the import.
stopImportResponse_importSource :: Lens' StopImportResponse (Maybe ImportSource)
-- | Returns information on the stopped import.
stopImportResponse_importStatistics :: Lens' StopImportResponse (Maybe ImportStatistics)
-- | The status of the import.
stopImportResponse_importStatus :: Lens' StopImportResponse (Maybe ImportStatus)
-- | Used with EndEventTime to bound a StartImport
-- request, and limit imported trail events to only those events logged
-- within a specified time period.
stopImportResponse_startEventTime :: Lens' StopImportResponse (Maybe UTCTime)
-- | The timestamp of the import's last update.
stopImportResponse_updatedTimestamp :: Lens' StopImportResponse (Maybe UTCTime)
-- | The response's http status code.
stopImportResponse_httpStatus :: Lens' StopImportResponse Int
-- | Specifies the name or the CloudTrail ARN of the trail for which
-- CloudTrail will stop logging Amazon Web Services API calls. The
-- following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
stopLogging_name :: Lens' StopLogging Text
-- | The response's http status code.
stopLoggingResponse_httpStatus :: Lens' StopLoggingResponse Int
-- | The advanced event selectors used to select events for the event data
-- store. You can configure up to five advanced event selectors for each
-- event data store.
updateEventDataStore_advancedEventSelectors :: Lens' UpdateEventDataStore (Maybe [AdvancedEventSelector])
-- | Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
updateEventDataStore_kmsKeyId :: Lens' UpdateEventDataStore (Maybe Text)
-- | Specifies whether an event data store collects events from all
-- regions, or only from the region in which it was created.
updateEventDataStore_multiRegionEnabled :: Lens' UpdateEventDataStore (Maybe Bool)
-- | The event data store name.
updateEventDataStore_name :: Lens' UpdateEventDataStore (Maybe Text)
-- | Specifies whether an event data store collects events logged for an
-- organization in Organizations.
updateEventDataStore_organizationEnabled :: Lens' UpdateEventDataStore (Maybe Bool)
-- | The retention period, in days.
updateEventDataStore_retentionPeriod :: Lens' UpdateEventDataStore (Maybe Natural)
-- | Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
updateEventDataStore_terminationProtectionEnabled :: Lens' UpdateEventDataStore (Maybe Bool)
-- | The ARN (or the ID suffix of the ARN) of the event data store that you
-- want to update.
updateEventDataStore_eventDataStore :: Lens' UpdateEventDataStore Text
-- | The advanced event selectors that are applied to the event data store.
updateEventDataStoreResponse_advancedEventSelectors :: Lens' UpdateEventDataStoreResponse (Maybe [AdvancedEventSelector])
-- | The timestamp that shows when an event data store was first created.
updateEventDataStoreResponse_createdTimestamp :: Lens' UpdateEventDataStoreResponse (Maybe UTCTime)
-- | The ARN of the event data store.
updateEventDataStoreResponse_eventDataStoreArn :: Lens' UpdateEventDataStoreResponse (Maybe Text)
-- | Specifies the KMS key ID that encrypts the events delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
updateEventDataStoreResponse_kmsKeyId :: Lens' UpdateEventDataStoreResponse (Maybe Text)
-- | Indicates whether the event data store includes events from all
-- regions, or only from the region in which it was created.
updateEventDataStoreResponse_multiRegionEnabled :: Lens' UpdateEventDataStoreResponse (Maybe Bool)
-- | The name of the event data store.
updateEventDataStoreResponse_name :: Lens' UpdateEventDataStoreResponse (Maybe Text)
-- | Indicates whether an event data store is collecting logged events for
-- an organization in Organizations.
updateEventDataStoreResponse_organizationEnabled :: Lens' UpdateEventDataStoreResponse (Maybe Bool)
-- | The retention period, in days.
updateEventDataStoreResponse_retentionPeriod :: Lens' UpdateEventDataStoreResponse (Maybe Natural)
-- | The status of an event data store. Values can be ENABLED and
-- PENDING_DELETION.
updateEventDataStoreResponse_status :: Lens' UpdateEventDataStoreResponse (Maybe EventDataStoreStatus)
-- | Indicates whether termination protection is enabled for the event data
-- store.
updateEventDataStoreResponse_terminationProtectionEnabled :: Lens' UpdateEventDataStoreResponse (Maybe Bool)
-- | The timestamp that shows when the event data store was last updated.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
updateEventDataStoreResponse_updatedTimestamp :: Lens' UpdateEventDataStoreResponse (Maybe UTCTime)
-- | The response's http status code.
updateEventDataStoreResponse_httpStatus :: Lens' UpdateEventDataStoreResponse Int
-- | Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs are delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
updateTrail_cloudWatchLogsLogGroupArn :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
updateTrail_cloudWatchLogsRoleArn :: Lens' UpdateTrail (Maybe Text)
-- | Specifies whether log file validation is enabled. The default is
-- false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
updateTrail_enableLogFileValidation :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
updateTrail_includeGlobalServiceEvents :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies whether the trail applies only to the current region or to
-- all regions. The default is false. If the trail exists only in the
-- current region and this value is set to true, shadow trails
-- (replications of the trail) will be created in the other regions. If
-- the trail exists in all regions and this value is set to false, the
-- trail will remain in the region where it was created, and its shadow
-- trails in other regions will be deleted. As a best practice, consider
-- using trails that log events in all regions.
updateTrail_isMultiRegionTrail :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies whether the trail is applied to all accounts in an
-- organization in Organizations, or only for the current Amazon Web
-- Services account. The default is false, and cannot be true unless the
-- call is made on behalf of an Amazon Web Services account that is the
-- management account for an organization in Organizations. If the trail
-- is not an organization trail and this is set to true, the
-- trail will be created in all Amazon Web Services accounts that belong
-- to the organization. If the trail is an organization trail and this is
-- set to false, the trail will remain in the current Amazon Web
-- Services account but be deleted from all member accounts in the
-- organization.
updateTrail_isOrganizationTrail :: Lens' UpdateTrail (Maybe Bool)
-- | Specifies the KMS key ID to use to encrypt the logs delivered by
-- CloudTrail. The value can be an alias name prefixed by "alias/", a
-- fully specified ARN to an alias, a fully specified ARN to a key, or a
-- globally unique identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- - alias/MyAliasName
-- - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
--
-- - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
-- - 12345678-1234-1234-1234-123456789012
--
updateTrail_kmsKeyId :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files. See Amazon S3 Bucket Naming Requirements.
updateTrail_s3BucketName :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
updateTrail_s3KeyPrefix :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the name of the Amazon SNS topic defined for notification of
-- log file delivery. The maximum length is 256 characters.
updateTrail_snsTopicName :: Lens' UpdateTrail (Maybe Text)
-- | Specifies the name of the trail or trail ARN. If Name is a
-- trail name, the string must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If Name is a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
updateTrail_name :: Lens' UpdateTrail Text
-- | Specifies the Amazon Resource Name (ARN) of the log group to which
-- CloudTrail logs are delivered.
updateTrailResponse_cloudWatchLogsLogGroupArn :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
updateTrailResponse_cloudWatchLogsRoleArn :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
updateTrailResponse_includeGlobalServiceEvents :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies whether the trail exists in one region or in all regions.
updateTrailResponse_isMultiRegionTrail :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
updateTrailResponse_isOrganizationTrail :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
updateTrailResponse_kmsKeyId :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies whether log file integrity validation is enabled.
updateTrailResponse_logFileValidationEnabled :: Lens' UpdateTrailResponse (Maybe Bool)
-- | Specifies the name of the trail.
updateTrailResponse_name :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
updateTrailResponse_s3BucketName :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your IAM Log Files.
updateTrailResponse_s3KeyPrefix :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
updateTrailResponse_snsTopicARN :: Lens' UpdateTrailResponse (Maybe Text)
-- | This field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
updateTrailResponse_snsTopicName :: Lens' UpdateTrailResponse (Maybe Text)
-- | Specifies the ARN of the trail that was updated. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
updateTrailResponse_trailARN :: Lens' UpdateTrailResponse (Maybe Text)
-- | The response's http status code.
updateTrailResponse_httpStatus :: Lens' UpdateTrailResponse Int
-- | An optional, descriptive name for an advanced event selector, such as
-- "Log data events for only two S3 buckets".
advancedEventSelector_name :: Lens' AdvancedEventSelector (Maybe Text)
-- | Contains all selector statements in an advanced event selector.
advancedEventSelector_fieldSelectors :: Lens' AdvancedEventSelector (NonEmpty AdvancedFieldSelector)
-- | An operator that includes events that match the last few characters of
-- the event record field specified as the value of Field.
advancedFieldSelector_endsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that includes events that match the exact value of the
-- event record field specified as the value of Field. This is
-- the only valid operator that you can use with the readOnly,
-- eventCategory, and resources.type fields.
advancedFieldSelector_equals :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the last few characters of
-- the event record field specified as the value of Field.
advancedFieldSelector_notEndsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the exact value of the
-- event record field specified as the value of Field.
advancedFieldSelector_notEquals :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that excludes events that match the first few characters
-- of the event record field specified as the value of Field.
advancedFieldSelector_notStartsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | An operator that includes events that match the first few characters
-- of the event record field specified as the value of Field.
advancedFieldSelector_startsWith :: Lens' AdvancedFieldSelector (Maybe (NonEmpty Text))
-- | A field in an event record on which to filter events to be logged.
-- Supported fields include readOnly, eventCategory,
-- eventSource (for management events), eventName,
-- resources.type, and resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
advancedFieldSelector_field :: Lens' AdvancedFieldSelector Text
-- | The Amazon Resource Name (ARN) of a channel.
channel_channelArn :: Lens' Channel (Maybe Text)
-- | The name of the CloudTrail channel. For service-linked channels, the
-- name is aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
channel_name :: Lens' Channel (Maybe Text)
-- | The resource type in which you want to log data events. You can
-- specify the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
dataResource_type :: Lens' DataResource (Maybe Text)
-- | An array of Amazon Resource Name (ARN) strings or partial ARN strings
-- for the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
dataResource_values :: Lens' DataResource (Maybe [Text])
-- | The type of destination for events arriving from a channel. For
-- service-linked channels, the value is AWS_SERVICE.
destination_type :: Lens' Destination DestinationType
-- | For service-linked channels, the value is the name of the Amazon Web
-- Services service.
destination_location :: Lens' Destination Text
-- | The Amazon Web Services access key ID that was used to sign the
-- request. If the request was made with temporary security credentials,
-- this is the access key ID of the temporary credentials.
event_accessKeyId :: Lens' Event (Maybe Text)
-- | A JSON string that contains a representation of the event returned.
event_cloudTrailEvent :: Lens' Event (Maybe Text)
-- | The CloudTrail ID of the event returned.
event_eventId :: Lens' Event (Maybe Text)
-- | The name of the event returned.
event_eventName :: Lens' Event (Maybe Text)
-- | The Amazon Web Services service to which the request was made.
event_eventSource :: Lens' Event (Maybe Text)
-- | The date and time of the event returned.
event_eventTime :: Lens' Event (Maybe UTCTime)
-- | Information about whether the event is a write event or a read event.
event_readOnly :: Lens' Event (Maybe Text)
-- | A list of resources referenced by the event returned.
event_resources :: Lens' Event (Maybe [Resource])
-- | A user name or role name of the requester that called the API in the
-- event returned.
event_username :: Lens' Event (Maybe Text)
-- | This field is being deprecated. The advanced event selectors that were
-- used to select events for the data store.
eventDataStore_advancedEventSelectors :: Lens' EventDataStore (Maybe [AdvancedEventSelector])
-- | This field is being deprecated. The timestamp of the event data
-- store's creation.
eventDataStore_createdTimestamp :: Lens' EventDataStore (Maybe UTCTime)
-- | The ARN of the event data store.
eventDataStore_eventDataStoreArn :: Lens' EventDataStore (Maybe Text)
-- | This field is being deprecated. Indicates whether the event data store
-- includes events from all regions, or only from the region in which it
-- was created.
eventDataStore_multiRegionEnabled :: Lens' EventDataStore (Maybe Bool)
-- | The name of the event data store.
eventDataStore_name :: Lens' EventDataStore (Maybe Text)
-- | This field is being deprecated. Indicates that an event data store is
-- collecting logged events for an organization.
eventDataStore_organizationEnabled :: Lens' EventDataStore (Maybe Bool)
-- | This field is being deprecated. The retention period, in days.
eventDataStore_retentionPeriod :: Lens' EventDataStore (Maybe Natural)
-- | This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
eventDataStore_status :: Lens' EventDataStore (Maybe EventDataStoreStatus)
-- | This field is being deprecated. Indicates whether the event data store
-- is protected from termination.
eventDataStore_terminationProtectionEnabled :: Lens' EventDataStore (Maybe Bool)
-- | This field is being deprecated. The timestamp showing when an event
-- data store was updated, if applicable. UpdatedTimestamp is
-- always either the same or newer than the time shown in
-- CreatedTimestamp.
eventDataStore_updatedTimestamp :: Lens' EventDataStore (Maybe UTCTime)
-- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
eventSelector_dataResources :: Lens' EventSelector (Maybe [DataResource])
-- | An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the
-- list can be empty (disables the filter), or it can filter out Key
-- Management Service or Amazon RDS Data API events by containing
-- kms.amazonaws.com or rdsdata.amazonaws.com. By
-- default, ExcludeManagementEventSources is empty, and KMS and
-- Amazon RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
eventSelector_excludeManagementEventSources :: Lens' EventSelector (Maybe [Text])
-- | Specify if you want your event selector to include management events
-- for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
eventSelector_includeManagementEvents :: Lens' EventSelector (Maybe Bool)
-- | Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 GetConsoleOutput is a
-- read-only API operation and RunInstances is a write-only API
-- operation.
--
-- By default, the value is All.
eventSelector_readWriteType :: Lens' EventSelector (Maybe ReadWriteType)
-- | Provides the reason the import failed.
importFailureListItem_errorMessage :: Lens' ImportFailureListItem (Maybe Text)
-- | The type of import error.
importFailureListItem_errorType :: Lens' ImportFailureListItem (Maybe Text)
-- | When the import was last updated.
importFailureListItem_lastUpdatedTime :: Lens' ImportFailureListItem (Maybe UTCTime)
-- | The location of the failure in the S3 bucket.
importFailureListItem_location :: Lens' ImportFailureListItem (Maybe Text)
-- | The status of the import.
importFailureListItem_status :: Lens' ImportFailureListItem (Maybe ImportFailureStatus)
-- | The source S3 bucket.
importSource_s3 :: Lens' ImportSource S3ImportSource
-- | The number of trail events imported into the event data store.
importStatistics_eventsCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of failed entries.
importStatistics_failedEntries :: Lens' ImportStatistics (Maybe Integer)
-- | The number of log files that completed import.
importStatistics_filesCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of S3 prefixes that completed import.
importStatistics_prefixesCompleted :: Lens' ImportStatistics (Maybe Integer)
-- | The number of S3 prefixes found for the import.
importStatistics_prefixesFound :: Lens' ImportStatistics (Maybe Integer)
-- | The timestamp of the import's creation.
importsListItem_createdTimestamp :: Lens' ImportsListItem (Maybe UTCTime)
-- | The ARN of the destination event data store.
importsListItem_destinations :: Lens' ImportsListItem (Maybe (NonEmpty Text))
-- | The ID of the import.
importsListItem_importId :: Lens' ImportsListItem (Maybe Text)
-- | The status of the import.
importsListItem_importStatus :: Lens' ImportsListItem (Maybe ImportStatus)
-- | The timestamp of the import's last update.
importsListItem_updatedTimestamp :: Lens' ImportsListItem (Maybe UTCTime)
-- | The type of insights to log on a trail. ApiCallRateInsight
-- and ApiErrorRateInsight are valid insight types.
insightSelector_insightType :: Lens' InsightSelector (Maybe InsightType)
-- | Specifies an attribute on which to filter the events returned.
lookupAttribute_attributeKey :: Lens' LookupAttribute LookupAttributeKey
-- | Specifies a value for the specified AttributeKey.
lookupAttribute_attributeValue :: Lens' LookupAttribute Text
-- | The fingerprint of the public key.
publicKey_fingerprint :: Lens' PublicKey (Maybe Text)
-- | The ending time of validity of the public key.
publicKey_validityEndTime :: Lens' PublicKey (Maybe UTCTime)
-- | The starting time of validity of the public key.
publicKey_validityStartTime :: Lens' PublicKey (Maybe UTCTime)
-- | The DER encoded public key value in PKCS#1 format.-- -- Note:
-- This Lens automatically encodes and decodes Base64 data. --
-- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during
-- deserialisation. -- This Lens accepts and returns only raw
-- unencoded data.
publicKey_value :: Lens' PublicKey (Maybe ByteString)
-- | The creation time of a query.
query_creationTime :: Lens' Query (Maybe UTCTime)
-- | The ID of a query.
query_queryId :: Lens' Query (Maybe Text)
-- | The status of the query. This can be QUEUED,
-- RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED.
query_queryStatus :: Lens' Query (Maybe QueryStatus)
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
queryStatistics_bytesScanned :: Lens' QueryStatistics (Maybe Integer)
-- | The number of results returned.
queryStatistics_resultsCount :: Lens' QueryStatistics (Maybe Int)
-- | The total number of results returned by a query.
queryStatistics_totalResultsCount :: Lens' QueryStatistics (Maybe Int)
-- | The total bytes that the query scanned in the event data store. This
-- value matches the number of bytes for which your account is billed for
-- the query, unless the query is still running.
queryStatisticsForDescribeQuery_bytesScanned :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The creation time of the query.
queryStatisticsForDescribeQuery_creationTime :: Lens' QueryStatisticsForDescribeQuery (Maybe UTCTime)
-- | The number of events that matched a query.
queryStatisticsForDescribeQuery_eventsMatched :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The number of events that the query scanned in the event data store.
queryStatisticsForDescribeQuery_eventsScanned :: Lens' QueryStatisticsForDescribeQuery (Maybe Integer)
-- | The query's run time, in milliseconds.
queryStatisticsForDescribeQuery_executionTimeInMillis :: Lens' QueryStatisticsForDescribeQuery (Maybe Int)
-- | The name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
resource_resourceName :: Lens' Resource (Maybe Text)
-- | The type of a resource referenced by the event returned. When the
-- resource type cannot be determined, null is returned. Some examples of
-- resource types are: Instance for EC2, Trail for
-- CloudTrail, DBInstance for Amazon RDS, and AccessKey for
-- IAM. To learn more about how to look up and filter events by the
-- resource types supported for a service, see Filtering CloudTrail
-- Events.
resource_resourceType :: Lens' Resource (Maybe Text)
-- | Specifies the ARN of the resource.
resourceTag_resourceId :: Lens' ResourceTag (Maybe Text)
-- | A list of tags.
resourceTag_tagsList :: Lens' ResourceTag (Maybe [Tag])
-- | The URI for the source S3 bucket.
s3ImportSource_s3LocationUri :: Lens' S3ImportSource Text
-- | The region associated with the source S3 bucket.
s3ImportSource_s3BucketRegion :: Lens' S3ImportSource Text
-- | The IAM ARN role used to access the source S3 bucket.
s3ImportSource_s3BucketAccessRoleArn :: Lens' S3ImportSource Text
-- | The advanced event selectors that are configured for the channel.
sourceConfig_advancedEventSelectors :: Lens' SourceConfig (Maybe [AdvancedEventSelector])
-- | Specifies whether the channel applies to a single region or to all
-- regions.
sourceConfig_applyToAllRegions :: Lens' SourceConfig (Maybe Bool)
-- | The value in a key-value pair of a tag. The value must be no longer
-- than 256 Unicode characters.
tag_value :: Lens' Tag (Maybe Text)
-- | The key in a key-value pair. The key must be must be no longer than
-- 128 Unicode characters. The key must be unique for the resource to
-- which it applies.
tag_key :: Lens' Tag Text
-- | Specifies an Amazon Resource Name (ARN), a unique identifier that
-- represents the log group to which CloudTrail logs will be delivered.
trail_cloudWatchLogsLogGroupArn :: Lens' Trail (Maybe Text)
-- | Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
trail_cloudWatchLogsRoleArn :: Lens' Trail (Maybe Text)
-- | Specifies if the trail has custom event selectors.
trail_hasCustomEventSelectors :: Lens' Trail (Maybe Bool)
-- | Specifies whether a trail has insight types specified in an
-- InsightSelector list.
trail_hasInsightSelectors :: Lens' Trail (Maybe Bool)
-- | The region in which the trail was created.
trail_homeRegion :: Lens' Trail (Maybe Text)
-- | Set to True to include Amazon Web Services API calls from
-- Amazon Web Services global services such as IAM. Otherwise,
-- False.
trail_includeGlobalServiceEvents :: Lens' Trail (Maybe Bool)
-- | Specifies whether the trail exists only in one region or exists in all
-- regions.
trail_isMultiRegionTrail :: Lens' Trail (Maybe Bool)
-- | Specifies whether the trail is an organization trail.
trail_isOrganizationTrail :: Lens' Trail (Maybe Bool)
-- | Specifies the KMS key ID that encrypts the logs delivered by
-- CloudTrail. The value is a fully specified ARN to a KMS key in the
-- following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
trail_kmsKeyId :: Lens' Trail (Maybe Text)
-- | Specifies whether log file validation is enabled.
trail_logFileValidationEnabled :: Lens' Trail (Maybe Bool)
-- | Name of the trail set by calling CreateTrail. The maximum length is
-- 128 characters.
trail_name :: Lens' Trail (Maybe Text)
-- | Name of the Amazon S3 bucket into which CloudTrail delivers your trail
-- files. See Amazon S3 Bucket Naming Requirements.
trail_s3BucketName :: Lens' Trail (Maybe Text)
-- | Specifies the Amazon S3 key prefix that comes after the name of the
-- bucket you have designated for log file delivery. For more
-- information, see Finding Your CloudTrail Log Files. The maximum
-- length is 200 characters.
trail_s3KeyPrefix :: Lens' Trail (Maybe Text)
-- | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
trail_snsTopicARN :: Lens' Trail (Maybe Text)
-- | This field is no longer in use. Use SnsTopicARN.
trail_snsTopicName :: Lens' Trail (Maybe Text)
-- | Specifies the ARN of the trail. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
trail_trailARN :: Lens' Trail (Maybe Text)
-- | The Amazon Web Services Region in which a trail was created.
trailInfo_homeRegion :: Lens' TrailInfo (Maybe Text)
-- | The name of a trail.
trailInfo_name :: Lens' TrailInfo (Maybe Text)
-- | The ARN of a trail.
trailInfo_trailARN :: Lens' TrailInfo (Maybe Text)
module Amazonka.CloudTrail.Waiters
-- | Derived from API version 2013-11-01 of the AWS service
-- descriptions, licensed under Apache 2.0.
--
-- CloudTrail
--
-- This is the CloudTrail API Reference. It provides descriptions of
-- actions, data types, common parameters, and common errors for
-- CloudTrail.
--
-- CloudTrail is a web service that records Amazon Web Services API calls
-- for your Amazon Web Services account and delivers log files to an
-- Amazon S3 bucket. The recorded information includes the identity of
-- the user, the start time of the Amazon Web Services API call, the
-- source IP address, the request parameters, and the response elements
-- returned by the service.
--
-- As an alternative to the API, you can use one of the Amazon Web
-- Services SDKs, which consist of libraries and sample code for various
-- programming languages and platforms (Java, Ruby, .NET, iOS, Android,
-- etc.). The SDKs provide programmatic access to CloudTrail. For
-- example, the SDKs handle cryptographically signing requests, managing
-- errors, and retrying requests automatically. For more information
-- about the Amazon Web Services SDKs, including how to download and
-- install them, see Tools to Build on Amazon Web Services.
--
-- See the CloudTrail User Guide for information about the data
-- that is included with each Amazon Web Services API call listed in the
-- log files.
module Amazonka.CloudTrail
-- | API version 2013-11-01 of the Amazon CloudTrail SDK
-- configuration.
defaultService :: Service
-- | This exception is thrown when you start a new import and a previous
-- import is still in progress.
_AccountHasOngoingImportException :: AsError a => Fold a ServiceError
-- | This exception is thrown when when the specified account is not found
-- or not part of an organization.
_AccountNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified account is not registered
-- as the CloudTrail delegated administrator.
_AccountNotRegisteredException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the account is already registered as the
-- CloudTrail delegated administrator.
_AccountRegisteredException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the management account of an
-- organization is registered as the CloudTrail delegated administrator.
_CannotDelegateManagementAccountException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified value of
-- ChannelARN is not valid.
_ChannelARNInvalidException :: AsError a => Fold a ServiceError
-- | The specified channel was not found.
_ChannelNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when an operation is called with a trail ARN
-- that is not valid. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
_CloudTrailARNInvalidException :: AsError a => Fold a ServiceError
-- | This exception is thrown when trusted access has not been enabled
-- between CloudTrail and Organizations. For more information, see
-- Enabling Trusted Access with Other Amazon Web Services Services
-- and Prepare For Creating a Trail For Your Organization.
_CloudTrailAccessNotEnabledException :: AsError a => Fold a ServiceError
-- | This exception is thrown when a call results in the
-- InvalidClientTokenId error code. This can occur when you are
-- creating or updating a trail to send notifications to an Amazon SNS
-- topic that is in a suspended Amazon Web Services account.
_CloudTrailInvalidClientTokenIdException :: AsError a => Fold a ServiceError
-- | Cannot set a CloudWatch Logs delivery for this region.
_CloudWatchLogsDeliveryUnavailableException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified resource is not ready for
-- an operation. This can occur when you try to run an operation on a
-- resource before CloudTrail has time to fully load the resource. If
-- this exception occurs, wait a few minutes, and then try the operation
-- again.
_ConflictException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the maximum number of CloudTrail
-- delegated administrators is reached.
_DelegatedAdminAccountLimitExceededException :: AsError a => Fold a ServiceError
-- | The specified event data store ARN is not valid or does not map to an
-- event data store in your account.
_EventDataStoreARNInvalidException :: AsError a => Fold a ServiceError
-- | An event data store with that name already exists.
_EventDataStoreAlreadyExistsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when you try to update or delete an event
-- data store that currently has an import in progress.
_EventDataStoreHasOngoingImportException :: AsError a => Fold a ServiceError
-- | Your account has used the maximum number of event data stores.
_EventDataStoreMaxLimitExceededException :: AsError a => Fold a ServiceError
-- | The specified event data store was not found.
_EventDataStoreNotFoundException :: AsError a => Fold a ServiceError
-- | The event data store cannot be deleted because termination protection
-- is enabled for it.
_EventDataStoreTerminationProtectedException :: AsError a => Fold a ServiceError
-- | The specified import was not found.
_ImportNotFoundException :: AsError a => Fold a ServiceError
-- | The event data store is inactive.
_InactiveEventDataStoreException :: AsError a => Fold a ServiceError
-- | The specified query cannot be canceled because it is in the
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED state.
_InactiveQueryException :: AsError a => Fold a ServiceError
-- | If you run GetInsightSelectors on a trail that does not have
-- Insights events enabled, the operation throws the exception
-- InsightNotEnabledException.
_InsightNotEnabledException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the IAM user or role that is used to
-- create the organization resource lacks one or more required
-- permissions for creating an organization resource in a required
-- service.
_InsufficientDependencyServiceAccessPermissionException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the policy on the S3 bucket or KMS key
-- does not have sufficient permissions for the operation.
_InsufficientEncryptionPolicyException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the policy on the S3 bucket is not
-- sufficient.
_InsufficientS3BucketPolicyException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the policy on the Amazon SNS topic is
-- not sufficient.
_InsufficientSnsTopicPolicyException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided CloudWatch Logs log group
-- is not valid.
_InvalidCloudWatchLogsLogGroupArnException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided role is not valid.
_InvalidCloudWatchLogsRoleArnException :: AsError a => Fold a ServiceError
-- | A date range for the query was specified that is not valid. Be sure
-- that the start time is chronologically before the end time. For more
-- information about writing a query, see Create or edit a query
-- in the CloudTrail User Guide.
_InvalidDateRangeException :: AsError a => Fold a ServiceError
-- | Occurs if an event category that is not valid is specified as a value
-- of EventCategory.
_InvalidEventCategoryException :: AsError a => Fold a ServiceError
-- | This exception is thrown when event categories of specified event data
-- stores are not valid.
_InvalidEventDataStoreCategoryException :: AsError a => Fold a ServiceError
-- | The event data store is not in a status that supports the operation.
_InvalidEventDataStoreStatusException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the PutEventSelectors operation
-- is called with a number of event selectors, advanced event selectors,
-- or data resources that is not valid. The combination of event
-- selectors or advanced event selectors and data resources is not valid.
-- A trail can have up to 5 event selectors. If a trail uses advanced
-- event selectors, a maximum of 500 total values for all conditions in
-- all advanced event selectors is allowed. A trail is limited to 250
-- data resources. These data resources can be distributed across event
-- selectors, but the overall total cannot exceed 250.
--
-- You can:
--
--
-- - Specify a valid number of event selectors (1 to 5) for a
-- trail.
-- - Specify a valid number of data resources (1 to 250) for an event
-- selector. The limit of number of resources on an individual event
-- selector is configurable up to 250. However, this upper limit is
-- allowed only if the total number of data resources does not exceed 250
-- across all event selectors for a trail.
-- - Specify up to 500 values for all conditions in all advanced event
-- selectors for a trail.
-- - Specify a valid value for a parameter. For example, specifying the
-- ReadWriteType parameter with a value of read-only is
-- not valid.
--
_InvalidEventSelectorsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when an operation is called on a trail from a
-- region other than the region in which the trail was created.
_InvalidHomeRegionException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided source S3 bucket is not
-- valid for import.
_InvalidImportSourceException :: AsError a => Fold a ServiceError
-- | The formatting or syntax of the InsightSelectors JSON
-- statement in your PutInsightSelectors or
-- GetInsightSelectors request is not valid, or the specified
-- insight type in the InsightSelectors statement is not a valid
-- insight type.
_InvalidInsightSelectorsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the KMS key ARN is not valid.
_InvalidKmsKeyIdException :: AsError a => Fold a ServiceError
-- | Occurs when a lookup attribute is specified that is not valid.
_InvalidLookupAttributesException :: AsError a => Fold a ServiceError
-- | This exception is thrown if the limit specified is not valid.
_InvalidMaxResultsException :: AsError a => Fold a ServiceError
-- | A token that is not valid, or a token that was previously used in a
-- request with different parameters. This exception is thrown if the
-- token is not valid.
_InvalidNextTokenException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the combination of parameters provided
-- is not valid.
_InvalidParameterCombinationException :: AsError a => Fold a ServiceError
-- | The request includes a parameter that is not valid.
_InvalidParameterException :: AsError a => Fold a ServiceError
-- | The query that was submitted has validation errors, or uses incorrect
-- syntax or unsupported keywords. For more information about writing a
-- query, see Create or edit a query in the CloudTrail User
-- Guide.
_InvalidQueryStatementException :: AsError a => Fold a ServiceError
-- | The query status is not valid for the operation.
_InvalidQueryStatusException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided S3 bucket name is not
-- valid.
_InvalidS3BucketNameException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided S3 prefix is not valid.
_InvalidS3PrefixException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided SNS topic name is not
-- valid.
_InvalidSnsTopicNameException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified tag key or values are not
-- valid. It can also occur if there are duplicate tags or too many tags
-- on the resource.
_InvalidTagParameterException :: AsError a => Fold a ServiceError
-- | Occurs if the timestamp values are not valid. Either the start time
-- occurs after the end time, or the time range is outside the range of
-- possible values.
_InvalidTimeRangeException :: AsError a => Fold a ServiceError
-- | Reserved for future use.
_InvalidTokenException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the provided trail name is not valid.
-- Trail names must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
_InvalidTrailNameException :: AsError a => Fold a ServiceError
-- | This exception is thrown when there is an issue with the specified KMS
-- key and the trail or event data store can't be updated.
_KmsException :: AsError a => Fold a ServiceError
-- | This exception is no longer in use.
_KmsKeyDisabledException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the KMS key does not exist, when the S3
-- bucket and the KMS key are not in the same region, or when the KMS key
-- associated with the Amazon SNS topic either does not exist or is not
-- in the same region.
_KmsKeyNotFoundException :: AsError a => Fold a ServiceError
-- | You are already running the maximum number of concurrent queries. Wait
-- a minute for some queries to finish, and then run the query again.
_MaxConcurrentQueriesException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the maximum number of trails is reached.
_MaximumNumberOfTrailsExceededException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the management account does not have a
-- service-linked role.
_NoManagementAccountSLRExistsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the account making the request is not
-- the organization's management account.
_NotOrganizationManagementAccountException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the Amazon Web Services account making
-- the request to create or update an organization trail or event data
-- store is not the management account for an organization in
-- Organizations. For more information, see Prepare For Creating a
-- Trail For Your Organization or Create an event data store.
_NotOrganizationMasterAccountException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the requested operation is not
-- permitted.
_OperationNotPermittedException :: AsError a => Fold a ServiceError
-- | This exception is thrown when Organizations is not configured to
-- support all features. All features must be enabled in Organizations to
-- support creating an organization trail or event data store.
_OrganizationNotInAllFeaturesModeException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the request is made from an Amazon Web
-- Services account that is not a member of an organization. To make this
-- request, sign in using the credentials of an account that belongs to
-- an organization.
_OrganizationsNotInUseException :: AsError a => Fold a ServiceError
-- | The query ID does not exist or does not map to a query.
_QueryIdNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified resource is not found.
_ResourceNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified resource type is not
-- supported by CloudTrail.
_ResourceTypeNotSupportedException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified S3 bucket does not exist.
_S3BucketDoesNotExistException :: AsError a => Fold a ServiceError
-- | The number of tags per trail has exceeded the permitted amount.
-- Currently, the limit is 50.
_TagsLimitExceededException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the specified trail already exists.
_TrailAlreadyExistsException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the trail with the given name is not
-- found.
_TrailNotFoundException :: AsError a => Fold a ServiceError
-- | This exception is no longer in use.
_TrailNotProvidedException :: AsError a => Fold a ServiceError
-- | This exception is thrown when the requested operation is not
-- supported.
_UnsupportedOperationException :: AsError a => Fold a ServiceError
-- | Specifies the tags to add to a trail or event data store.
--
-- See: newAddTags smart constructor.
data AddTags
AddTags' :: Text -> [Tag] -> AddTags
-- | Create a value of AddTags with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- AddTags, addTags_resourceId - Specifies the ARN of the
-- trail or event data store to which one or more tags will be added. The
-- format of a trail ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- AddTags, addTags_tagsList - Contains a list of tags, up
-- to a limit of 50
newAddTags :: Text -> AddTags
-- | Returns the objects or data if successful. Otherwise, returns an
-- error.
--
-- See: newAddTagsResponse smart constructor.
data AddTagsResponse
AddTagsResponse' :: Int -> AddTagsResponse
-- | Create a value of AddTagsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:AddTagsResponse',
-- addTagsResponse_httpStatus - The response's http status code.
newAddTagsResponse :: Int -> AddTagsResponse
-- | See: newCancelQuery smart constructor.
data CancelQuery
CancelQuery' :: Maybe Text -> Text -> CancelQuery
-- | Create a value of CancelQuery with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:CancelQuery',
-- cancelQuery_eventDataStore - The ARN (or the ID suffix of the
-- ARN) of an event data store on which the specified query is running.
--
-- CancelQuery, cancelQuery_queryId - The ID of the query
-- that you want to cancel. The QueryId comes from the response
-- of a StartQuery operation.
newCancelQuery :: Text -> CancelQuery
-- | See: newCancelQueryResponse smart constructor.
data CancelQueryResponse
CancelQueryResponse' :: Int -> Text -> QueryStatus -> CancelQueryResponse
-- | Create a value of CancelQueryResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:CancelQueryResponse',
-- cancelQueryResponse_httpStatus - The response's http status
-- code.
--
-- CancelQuery, cancelQueryResponse_queryId - The ID of the
-- canceled query.
--
-- CancelQueryResponse, cancelQueryResponse_queryStatus -
-- Shows the status of a query after a CancelQuery request.
-- Typically, the values shown are either RUNNING or
-- CANCELLED.
newCancelQueryResponse :: Int -> Text -> QueryStatus -> CancelQueryResponse
-- | See: newCreateEventDataStore smart constructor.
data CreateEventDataStore
CreateEventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Natural -> Maybe [Tag] -> Maybe Bool -> Text -> CreateEventDataStore
-- | Create a value of CreateEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateEventDataStore,
-- createEventDataStore_advancedEventSelectors - The advanced
-- event selectors to use to select the events for the data store. For
-- more information about how to use advanced event selectors, see Log
-- events by using advanced event selectors in the CloudTrail User
-- Guide.
--
-- CreateEventDataStore, createEventDataStore_kmsKeyId -
-- Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
--
-- CreateEventDataStore,
-- createEventDataStore_multiRegionEnabled - Specifies whether the
-- event data store includes events from all regions, or only from the
-- region in which the event data store is created.
--
-- CreateEventDataStore,
-- createEventDataStore_organizationEnabled - Specifies whether an
-- event data store collects events logged for an organization in
-- Organizations.
--
-- CreateEventDataStore,
-- createEventDataStore_retentionPeriod - The retention period of
-- the event data store, in days. You can set a retention period of up to
-- 2557 days, the equivalent of seven years.
--
-- CreateEventDataStore, createEventDataStore_tagsList -
-- Undocumented member.
--
-- CreateEventDataStore,
-- createEventDataStore_terminationProtectionEnabled - Specifies
-- whether termination protection is enabled for the event data store. If
-- termination protection is enabled, you cannot delete the event data
-- store until termination protection is disabled.
--
-- CreateEventDataStore, createEventDataStore_name - The
-- name of the event data store.
newCreateEventDataStore :: Text -> CreateEventDataStore
-- | See: newCreateEventDataStoreResponse smart constructor.
data CreateEventDataStoreResponse
CreateEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe [Tag] -> Maybe Bool -> Maybe POSIX -> Int -> CreateEventDataStoreResponse
-- | Create a value of CreateEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_advancedEventSelectors - The
-- advanced event selectors that were used to select the events for the
-- data store.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_createdTimestamp - The timestamp
-- that shows when the event data store was created.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_eventDataStoreArn - The ARN of the
-- event data store.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_kmsKeyId - Specifies the KMS key
-- ID that encrypts the events delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store collects events from all regions, or only
-- from the region in which it was created.
--
-- CreateEventDataStore, createEventDataStoreResponse_name
-- - The name of the event data store.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_retentionPeriod - The retention
-- period of an event data store, in days.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_status - The status of event data
-- store creation.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_tagsList - Undocumented member.
--
-- CreateEventDataStore,
-- createEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates whether termination protection is enabled for the event data
-- store.
--
-- CreateEventDataStoreResponse,
-- createEventDataStoreResponse_updatedTimestamp - The timestamp
-- that shows when an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:CreateEventDataStoreResponse',
-- createEventDataStoreResponse_httpStatus - The response's http
-- status code.
newCreateEventDataStoreResponse :: Int -> CreateEventDataStoreResponse
-- | Specifies the settings for each trail.
--
-- See: newCreateTrail smart constructor.
data CreateTrail
CreateTrail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe [Tag] -> Text -> Text -> CreateTrail
-- | Create a value of CreateTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateTrail, createTrail_cloudWatchLogsLogGroupArn -
-- Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs will be delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
--
-- CreateTrail, createTrail_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- $sel:enableLogFileValidation:CreateTrail',
-- createTrail_enableLogFileValidation - Specifies whether log
-- file integrity validation is enabled. The default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
--
-- CreateTrail, createTrail_includeGlobalServiceEvents -
-- Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
--
-- CreateTrail, createTrail_isMultiRegionTrail - Specifies
-- whether the trail is created in the current region or in all regions.
-- The default is false, which creates a trail only in the region where
-- you are signed in. As a best practice, consider creating trails that
-- log events in all regions.
--
-- CreateTrail, createTrail_isOrganizationTrail - Specifies
-- whether the trail is created for all accounts in an organization in
-- Organizations, or only for the current Amazon Web Services account.
-- The default is false, and cannot be true unless the call is made on
-- behalf of an Amazon Web Services account that is the management
-- account for an organization in Organizations.
--
-- CreateTrail, createTrail_kmsKeyId - Specifies the KMS
-- key ID to use to encrypt the logs delivered by CloudTrail. The value
-- can be an alias name prefixed by alias/, a fully specified
-- ARN to an alias, a fully specified ARN to a key, or a globally unique
-- identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
--
-- CreateTrail, createTrail_s3KeyPrefix - Specifies the
-- Amazon S3 key prefix that comes after the name of the bucket you have
-- designated for log file delivery. For more information, see Finding
-- Your CloudTrail Log Files. The maximum length is 200 characters.
--
-- CreateTrail, createTrail_snsTopicName - Specifies the
-- name of the Amazon SNS topic defined for notification of log file
-- delivery. The maximum length is 256 characters.
--
-- CreateTrail, createTrail_tagsList - Undocumented member.
--
-- CreateTrail, createTrail_name - Specifies the name of
-- the trail. The name must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- CreateTrail, createTrail_s3BucketName - Specifies the
-- name of the Amazon S3 bucket designated for publishing log files. See
-- Amazon S3 Bucket Naming Requirements.
newCreateTrail :: Text -> Text -> CreateTrail
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newCreateTrailResponse smart constructor.
data CreateTrailResponse
CreateTrailResponse' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Int -> CreateTrailResponse
-- | Create a value of CreateTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- CreateTrail,
-- createTrailResponse_cloudWatchLogsLogGroupArn - Specifies the
-- Amazon Resource Name (ARN) of the log group to which CloudTrail logs
-- will be delivered.
--
-- CreateTrail, createTrailResponse_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- CreateTrail,
-- createTrailResponse_includeGlobalServiceEvents - Specifies
-- whether the trail is publishing events from global services such as
-- IAM to the log files.
--
-- CreateTrail, createTrailResponse_isMultiRegionTrail -
-- Specifies whether the trail exists in one region or in all regions.
--
-- CreateTrail, createTrailResponse_isOrganizationTrail -
-- Specifies whether the trail is an organization trail.
--
-- CreateTrail, createTrailResponse_kmsKeyId - Specifies
-- the KMS key ID that encrypts the events delivered by CloudTrail. The
-- value is a fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- CreateTrailResponse,
-- createTrailResponse_logFileValidationEnabled - Specifies
-- whether log file integrity validation is enabled.
--
-- CreateTrail, createTrailResponse_name - Specifies the
-- name of the trail.
--
-- CreateTrail, createTrailResponse_s3BucketName -
-- Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
--
-- CreateTrail, createTrailResponse_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your CloudTrail Log Files.
--
-- CreateTrailResponse, createTrailResponse_snsTopicARN -
-- Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The format of a topic ARN
-- is:
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- CreateTrail, createTrailResponse_snsTopicName - This
-- field is no longer in use. Use SnsTopicARN.
--
-- CreateTrailResponse, createTrailResponse_trailARN -
-- Specifies the ARN of the trail that was created. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- $sel:httpStatus:CreateTrailResponse',
-- createTrailResponse_httpStatus - The response's http status
-- code.
newCreateTrailResponse :: Int -> CreateTrailResponse
-- | See: newDeleteEventDataStore smart constructor.
data DeleteEventDataStore
DeleteEventDataStore' :: Text -> DeleteEventDataStore
-- | Create a value of DeleteEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:DeleteEventDataStore',
-- deleteEventDataStore_eventDataStore - The ARN (or the ID suffix
-- of the ARN) of the event data store to delete.
newDeleteEventDataStore :: Text -> DeleteEventDataStore
-- | See: newDeleteEventDataStoreResponse smart constructor.
data DeleteEventDataStoreResponse
DeleteEventDataStoreResponse' :: Int -> DeleteEventDataStoreResponse
-- | Create a value of DeleteEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:DeleteEventDataStoreResponse',
-- deleteEventDataStoreResponse_httpStatus - The response's http
-- status code.
newDeleteEventDataStoreResponse :: Int -> DeleteEventDataStoreResponse
-- | The request that specifies the name of a trail to delete.
--
-- See: newDeleteTrail smart constructor.
data DeleteTrail
DeleteTrail' :: Text -> DeleteTrail
-- | Create a value of DeleteTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- DeleteTrail, deleteTrail_name - Specifies the name or
-- the CloudTrail ARN of the trail to be deleted. The following is the
-- format of a trail ARN.
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
newDeleteTrail :: Text -> DeleteTrail
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newDeleteTrailResponse smart constructor.
data DeleteTrailResponse
DeleteTrailResponse' :: Int -> DeleteTrailResponse
-- | Create a value of DeleteTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:DeleteTrailResponse',
-- deleteTrailResponse_httpStatus - The response's http status
-- code.
newDeleteTrailResponse :: Int -> DeleteTrailResponse
-- | Removes CloudTrail delegated administrator permissions from a
-- specified member account in an organization that is currently
-- designated as a delegated administrator.
--
-- See: newDeregisterOrganizationDelegatedAdmin smart
-- constructor.
data DeregisterOrganizationDelegatedAdmin
DeregisterOrganizationDelegatedAdmin' :: Text -> DeregisterOrganizationDelegatedAdmin
-- | Create a value of DeregisterOrganizationDelegatedAdmin with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
--
-- $sel:delegatedAdminAccountId:DeregisterOrganizationDelegatedAdmin',
-- deregisterOrganizationDelegatedAdmin_delegatedAdminAccountId -
-- A delegated administrator account ID. This is a member account in an
-- organization that is currently designated as a delegated
-- administrator.
newDeregisterOrganizationDelegatedAdmin :: Text -> DeregisterOrganizationDelegatedAdmin
-- | Returns the following response if successful. Otherwise, returns an
-- error.
--
-- See: newDeregisterOrganizationDelegatedAdminResponse
-- smart constructor.
data DeregisterOrganizationDelegatedAdminResponse
DeregisterOrganizationDelegatedAdminResponse' :: Int -> DeregisterOrganizationDelegatedAdminResponse
-- | Create a value of DeregisterOrganizationDelegatedAdminResponse
-- with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:DeregisterOrganizationDelegatedAdminResponse',
-- deregisterOrganizationDelegatedAdminResponse_httpStatus - The
-- response's http status code.
newDeregisterOrganizationDelegatedAdminResponse :: Int -> DeregisterOrganizationDelegatedAdminResponse
-- | See: newDescribeQuery smart constructor.
data DescribeQuery
DescribeQuery' :: Maybe Text -> Text -> DescribeQuery
-- | Create a value of DescribeQuery with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:DescribeQuery',
-- describeQuery_eventDataStore - The ARN (or the ID suffix of the
-- ARN) of an event data store on which the specified query was run.
--
-- DescribeQuery, describeQuery_queryId - The query ID.
newDescribeQuery :: Text -> DescribeQuery
-- | See: newDescribeQueryResponse smart constructor.
data DescribeQueryResponse
DescribeQueryResponse' :: Maybe Text -> Maybe DeliveryStatus -> Maybe Text -> Maybe Text -> Maybe QueryStatisticsForDescribeQuery -> Maybe QueryStatus -> Maybe Text -> Int -> DescribeQueryResponse
-- | Create a value of DescribeQueryResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:deliveryS3Uri:DescribeQueryResponse',
-- describeQueryResponse_deliveryS3Uri - The URI for the S3 bucket
-- where CloudTrail delivered query results, if applicable.
--
-- $sel:deliveryStatus:DescribeQueryResponse',
-- describeQueryResponse_deliveryStatus - The delivery status.
--
-- DescribeQueryResponse,
-- describeQueryResponse_errorMessage - The error message returned
-- if a query failed.
--
-- DescribeQuery, describeQueryResponse_queryId - The ID of
-- the query.
--
-- $sel:queryStatistics:DescribeQueryResponse',
-- describeQueryResponse_queryStatistics - Metadata about a query,
-- including the number of events that were matched, the total number of
-- events scanned, the query run time in milliseconds, and the query's
-- creation time.
--
-- DescribeQueryResponse, describeQueryResponse_queryStatus
-- - The status of a query. Values for QueryStatus include
-- QUEUED, RUNNING, FINISHED, FAILED,
-- TIMED_OUT, or CANCELLED
--
-- $sel:queryString:DescribeQueryResponse',
-- describeQueryResponse_queryString - The SQL code of a query.
--
-- $sel:httpStatus:DescribeQueryResponse',
-- describeQueryResponse_httpStatus - The response's http status
-- code.
newDescribeQueryResponse :: Int -> DescribeQueryResponse
-- | Returns information about the trail.
--
-- See: newDescribeTrails smart constructor.
data DescribeTrails
DescribeTrails' :: Maybe Bool -> Maybe [Text] -> DescribeTrails
-- | Create a value of DescribeTrails with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:includeShadowTrails:DescribeTrails',
-- describeTrails_includeShadowTrails - Specifies whether to
-- include shadow trails in the response. A shadow trail is the
-- replication in a region of a trail that was created in a different
-- region, or in the case of an organization trail, the replication of an
-- organization trail in member accounts. If you do not include shadow
-- trails, organization trails in a member account and region replication
-- trails will not be returned. The default is true.
--
-- $sel:trailNameList:DescribeTrails',
-- describeTrails_trailNameList - Specifies a list of trail names,
-- trail ARNs, or both, of the trails to describe. The format of a trail
-- ARN is:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- If an empty list is specified, information for the trail in the
-- current region is returned.
--
--
-- - If an empty list is specified and IncludeShadowTrails is
-- false, then information for all trails in the current region is
-- returned.
-- - If an empty list is specified and IncludeShadowTrails is null or
-- true, then information for all trails in the current region and any
-- associated shadow trails in other regions is returned.
--
--
-- If one or more trail names are specified, information is returned only
-- if the names match the names of trails belonging only to the current
-- region. To return information about a trail in another region, you
-- must specify its trail ARN.
newDescribeTrails :: DescribeTrails
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newDescribeTrailsResponse smart constructor.
data DescribeTrailsResponse
DescribeTrailsResponse' :: Maybe [Trail] -> Int -> DescribeTrailsResponse
-- | Create a value of DescribeTrailsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailList:DescribeTrailsResponse',
-- describeTrailsResponse_trailList - The list of trail objects.
-- Trail objects with string values are only returned if values for the
-- objects exist in a trail's configuration. For example,
-- SNSTopicName and SNSTopicARN are only returned in
-- results if a trail is configured to send SNS notifications. Similarly,
-- KMSKeyId only appears in results if a trail's log files are
-- encrypted with KMS customer managed keys.
--
-- $sel:httpStatus:DescribeTrailsResponse',
-- describeTrailsResponse_httpStatus - The response's http status
-- code.
newDescribeTrailsResponse :: Int -> DescribeTrailsResponse
-- | See: newGetChannel smart constructor.
data GetChannel
GetChannel' :: Text -> GetChannel
-- | Create a value of GetChannel with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channel:GetChannel', getChannel_channel - The ARN
-- or UUID of a channel.
newGetChannel :: Text -> GetChannel
-- | See: newGetChannelResponse smart constructor.
data GetChannelResponse
GetChannelResponse' :: Maybe Text -> Maybe (NonEmpty Destination) -> Maybe Text -> Maybe Text -> Maybe SourceConfig -> Int -> GetChannelResponse
-- | Create a value of GetChannelResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetChannelResponse, getChannelResponse_channelArn - The
-- ARN of an channel returned by a GetChannel request.
--
-- GetChannelResponse, getChannelResponse_destinations -
-- The Amazon Web Services service that created the service-linked
-- channel.
--
-- GetChannelResponse, getChannelResponse_name - The name
-- of the CloudTrail channel. For service-linked channels, the value is
-- aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix generated by the Amazon Web Services service.
--
-- $sel:source:GetChannelResponse',
-- getChannelResponse_source - The event source for the CloudTrail
-- channel.
--
-- $sel:sourceConfig:GetChannelResponse',
-- getChannelResponse_sourceConfig - Provides information about
-- the advanced event selectors configured for the channel, and whether
-- the channel applies to all regions or a single region.
--
-- $sel:httpStatus:GetChannelResponse',
-- getChannelResponse_httpStatus - The response's http status
-- code.
newGetChannelResponse :: Int -> GetChannelResponse
-- | See: newGetEventDataStore smart constructor.
data GetEventDataStore
GetEventDataStore' :: Text -> GetEventDataStore
-- | Create a value of GetEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:GetEventDataStore',
-- getEventDataStore_eventDataStore - The ARN (or ID suffix of the
-- ARN) of the event data store about which you want information.
newGetEventDataStore :: Text -> GetEventDataStore
-- | See: newGetEventDataStoreResponse smart constructor.
data GetEventDataStoreResponse
GetEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> Int -> GetEventDataStoreResponse
-- | Create a value of GetEventDataStoreResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_advancedEventSelectors - The advanced
-- event selectors used to select events for the data store.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_createdTimestamp - The timestamp of
-- the event data store's creation.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_eventDataStoreArn - The event data
-- store Amazon Resource Number (ARN).
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_kmsKeyId - Specifies the KMS key ID
-- that encrypts the events delivered by CloudTrail. The value is a fully
-- specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store includes events from all regions, or only
-- from the region in which it was created.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_name - The name of the event data
-- store.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_retentionPeriod - The retention
-- period of the event data store, in days.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_status - The status of an event data
-- store. Values can be ENABLED and PENDING_DELETION.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates that termination protection is enabled.
--
-- GetEventDataStoreResponse,
-- getEventDataStoreResponse_updatedTimestamp - Shows the time
-- that an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:GetEventDataStoreResponse',
-- getEventDataStoreResponse_httpStatus - The response's http
-- status code.
newGetEventDataStoreResponse :: Int -> GetEventDataStoreResponse
-- | See: newGetEventSelectors smart constructor.
data GetEventSelectors
GetEventSelectors' :: Text -> GetEventSelectors
-- | Create a value of GetEventSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailName:GetEventSelectors',
-- getEventSelectors_trailName - Specifies the name of the trail
-- or trail ARN. If you specify a trail name, the string must meet the
-- following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newGetEventSelectors :: Text -> GetEventSelectors
-- | See: newGetEventSelectorsResponse smart constructor.
data GetEventSelectorsResponse
GetEventSelectorsResponse' :: Maybe [AdvancedEventSelector] -> Maybe [EventSelector] -> Maybe Text -> Int -> GetEventSelectorsResponse
-- | Create a value of GetEventSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetEventSelectorsResponse,
-- getEventSelectorsResponse_advancedEventSelectors - The advanced
-- event selectors that are configured for the trail.
--
-- $sel:eventSelectors:GetEventSelectorsResponse',
-- getEventSelectorsResponse_eventSelectors - The event selectors
-- that are configured for the trail.
--
-- GetEventSelectorsResponse,
-- getEventSelectorsResponse_trailARN - The specified trail ARN
-- that has the event selectors.
--
-- $sel:httpStatus:GetEventSelectorsResponse',
-- getEventSelectorsResponse_httpStatus - The response's http
-- status code.
newGetEventSelectorsResponse :: Int -> GetEventSelectorsResponse
-- | See: newGetImport smart constructor.
data GetImport
GetImport' :: Text -> GetImport
-- | Create a value of GetImport with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetImport, getImport_importId - The ID for the import.
newGetImport :: Text -> GetImport
-- | See: newGetImportResponse smart constructor.
data GetImportResponse
GetImportResponse' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe ImportStatistics -> Maybe ImportStatus -> Maybe POSIX -> Maybe POSIX -> Int -> GetImportResponse
-- | Create a value of GetImportResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetImportResponse, getImportResponse_createdTimestamp -
-- The timestamp of the import's creation.
--
-- GetImportResponse, getImportResponse_destinations - The
-- ARN of the destination event data store.
--
-- $sel:endEventTime:GetImportResponse',
-- getImportResponse_endEventTime - Used with
-- StartEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- GetImport, getImportResponse_importId - The ID of the
-- import.
--
-- $sel:importSource:GetImportResponse',
-- getImportResponse_importSource - The source S3 bucket.
--
-- $sel:importStatistics:GetImportResponse',
-- getImportResponse_importStatistics - Provides statistics for
-- the import. CloudTrail does not update import statistics in real-time.
-- Returned values for parameters such as EventsCompleted may be
-- lower than the actual value, because CloudTrail updates statistics
-- incrementally over the course of the import.
--
-- GetImportResponse, getImportResponse_importStatus - The
-- status of the import.
--
-- $sel:startEventTime:GetImportResponse',
-- getImportResponse_startEventTime - Used with
-- EndEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- GetImportResponse, getImportResponse_updatedTimestamp -
-- The timestamp of when the import was updated.
--
-- $sel:httpStatus:GetImportResponse',
-- getImportResponse_httpStatus - The response's http status code.
newGetImportResponse :: Int -> GetImportResponse
-- | See: newGetInsightSelectors smart constructor.
data GetInsightSelectors
GetInsightSelectors' :: Text -> GetInsightSelectors
-- | Create a value of GetInsightSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailName:GetInsightSelectors',
-- getInsightSelectors_trailName - Specifies the name of the trail
-- or trail ARN. If you specify a trail name, the string must meet the
-- following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the format:
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newGetInsightSelectors :: Text -> GetInsightSelectors
-- | See: newGetInsightSelectorsResponse smart constructor.
data GetInsightSelectorsResponse
GetInsightSelectorsResponse' :: Maybe [InsightSelector] -> Maybe Text -> Int -> GetInsightSelectorsResponse
-- | Create a value of GetInsightSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:insightSelectors:GetInsightSelectorsResponse',
-- getInsightSelectorsResponse_insightSelectors - A JSON string
-- that contains the insight types you want to log on a trail. In this
-- release, ApiErrorRateInsight and ApiCallRateInsight
-- are supported as insight types.
--
-- GetInsightSelectorsResponse,
-- getInsightSelectorsResponse_trailARN - The Amazon Resource Name
-- (ARN) of a trail for which you want to get Insights selectors.
--
-- $sel:httpStatus:GetInsightSelectorsResponse',
-- getInsightSelectorsResponse_httpStatus - The response's http
-- status code.
newGetInsightSelectorsResponse :: Int -> GetInsightSelectorsResponse
-- | See: newGetQueryResults smart constructor.
data GetQueryResults
GetQueryResults' :: Maybe Text -> Maybe Natural -> Maybe Text -> Text -> GetQueryResults
-- | Create a value of GetQueryResults with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:GetQueryResults',
-- getQueryResults_eventDataStore - The ARN (or ID suffix of the
-- ARN) of the event data store against which the query was run.
--
-- $sel:maxQueryResults:GetQueryResults',
-- getQueryResults_maxQueryResults - The maximum number of query
-- results to display on a single page.
--
-- GetQueryResults, getQueryResults_nextToken - A token you
-- can use to get the next page of query results.
--
-- GetQueryResults, getQueryResults_queryId - The ID of the
-- query for which you want to get results.
newGetQueryResults :: Text -> GetQueryResults
-- | See: newGetQueryResultsResponse smart constructor.
data GetQueryResultsResponse
GetQueryResultsResponse' :: Maybe Text -> Maybe Text -> Maybe [[HashMap Text Text]] -> Maybe QueryStatistics -> Maybe QueryStatus -> Int -> GetQueryResultsResponse
-- | Create a value of GetQueryResultsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetQueryResultsResponse,
-- getQueryResultsResponse_errorMessage - The error message
-- returned if a query failed.
--
-- GetQueryResults, getQueryResultsResponse_nextToken - A
-- token you can use to get the next page of query results.
--
-- $sel:queryResultRows:GetQueryResultsResponse',
-- getQueryResultsResponse_queryResultRows - Contains the
-- individual event results of the query.
--
-- $sel:queryStatistics:GetQueryResultsResponse',
-- getQueryResultsResponse_queryStatistics - Shows the count of
-- query results.
--
-- GetQueryResultsResponse,
-- getQueryResultsResponse_queryStatus - The status of the query.
-- Values include QUEUED, RUNNING, FINISHED,
-- FAILED, TIMED_OUT, or CANCELLED.
--
-- $sel:httpStatus:GetQueryResultsResponse',
-- getQueryResultsResponse_httpStatus - The response's http status
-- code.
newGetQueryResultsResponse :: Int -> GetQueryResultsResponse
-- | See: newGetTrail smart constructor.
data GetTrail
GetTrail' :: Text -> GetTrail
-- | Create a value of GetTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetTrail, getTrail_name - The name or the Amazon
-- Resource Name (ARN) of the trail for which you want to retrieve
-- settings information.
newGetTrail :: Text -> GetTrail
-- | See: newGetTrailResponse smart constructor.
data GetTrailResponse
GetTrailResponse' :: Maybe Trail -> Int -> GetTrailResponse
-- | Create a value of GetTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trail:GetTrailResponse', getTrailResponse_trail -
-- Undocumented member.
--
-- $sel:httpStatus:GetTrailResponse',
-- getTrailResponse_httpStatus - The response's http status code.
newGetTrailResponse :: Int -> GetTrailResponse
-- | The name of a trail about which you want the current status.
--
-- See: newGetTrailStatus smart constructor.
data GetTrailStatus
GetTrailStatus' :: Text -> GetTrailStatus
-- | Create a value of GetTrailStatus with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- GetTrailStatus, getTrailStatus_name - Specifies the name
-- or the CloudTrail ARN of the trail for which you are requesting
-- status. To get the status of a shadow trail (a replication of the
-- trail in another region), you must specify its ARN. The following is
-- the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newGetTrailStatus :: Text -> GetTrailStatus
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newGetTrailStatusResponse smart constructor.
data GetTrailStatusResponse
GetTrailStatusResponse' :: Maybe Bool -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Int -> GetTrailStatusResponse
-- | Create a value of GetTrailStatusResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:isLogging:GetTrailStatusResponse',
-- getTrailStatusResponse_isLogging - Whether the CloudTrail trail
-- is currently logging Amazon Web Services API calls.
--
-- $sel:latestCloudWatchLogsDeliveryError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestCloudWatchLogsDeliveryError -
-- Displays any CloudWatch Logs error that CloudTrail encountered when
-- attempting to deliver logs to CloudWatch Logs.
--
-- $sel:latestCloudWatchLogsDeliveryTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestCloudWatchLogsDeliveryTime -
-- Displays the most recent date and time when CloudTrail delivered logs
-- to CloudWatch Logs.
--
-- $sel:latestDeliveryAttemptSucceeded:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryAttemptSucceeded - This
-- field is no longer in use.
--
-- $sel:latestDeliveryAttemptTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryAttemptTime - This field
-- is no longer in use.
--
-- $sel:latestDeliveryError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryError - Displays any
-- Amazon S3 error that CloudTrail encountered when attempting to deliver
-- log files to the designated bucket. For more information, see Error
-- Responses in the Amazon S3 API Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
--
-- $sel:latestDeliveryTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDeliveryTime - Specifies the date
-- and time that CloudTrail last delivered log files to an account's
-- Amazon S3 bucket.
--
-- $sel:latestDigestDeliveryError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDigestDeliveryError - Displays any
-- Amazon S3 error that CloudTrail encountered when attempting to deliver
-- a digest file to the designated bucket. For more information, see
-- Error Responses in the Amazon S3 API Reference.
--
-- This error occurs only when there is a problem with the destination S3
-- bucket, and does not occur for requests that time out. To resolve the
-- issue, create a new bucket, and then call UpdateTrail to
-- specify the new bucket; or fix the existing objects so that CloudTrail
-- can again write to the bucket.
--
-- $sel:latestDigestDeliveryTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestDigestDeliveryTime - Specifies the
-- date and time that CloudTrail last delivered a digest file to an
-- account's Amazon S3 bucket.
--
--
-- $sel:latestNotificationAttemptSucceeded:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationAttemptSucceeded -
-- This field is no longer in use.
--
-- $sel:latestNotificationAttemptTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationAttemptTime - This
-- field is no longer in use.
--
-- $sel:latestNotificationError:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationError - Displays any
-- Amazon SNS error that CloudTrail encountered when attempting to send a
-- notification. For more information about Amazon SNS errors, see the
-- Amazon SNS Developer Guide.
--
-- $sel:latestNotificationTime:GetTrailStatusResponse',
-- getTrailStatusResponse_latestNotificationTime - Specifies the
-- date and time of the most recent Amazon SNS notification that
-- CloudTrail has written a new log file to an account's Amazon S3
-- bucket.
--
-- $sel:startLoggingTime:GetTrailStatusResponse',
-- getTrailStatusResponse_startLoggingTime - Specifies the most
-- recent date and time when CloudTrail started recording API calls for
-- an Amazon Web Services account.
--
-- $sel:stopLoggingTime:GetTrailStatusResponse',
-- getTrailStatusResponse_stopLoggingTime - Specifies the most
-- recent date and time when CloudTrail stopped recording API calls for
-- an Amazon Web Services account.
--
-- $sel:timeLoggingStarted:GetTrailStatusResponse',
-- getTrailStatusResponse_timeLoggingStarted - This field is no
-- longer in use.
--
-- $sel:timeLoggingStopped:GetTrailStatusResponse',
-- getTrailStatusResponse_timeLoggingStopped - This field is no
-- longer in use.
--
-- $sel:httpStatus:GetTrailStatusResponse',
-- getTrailStatusResponse_httpStatus - The response's http status
-- code.
newGetTrailStatusResponse :: Int -> GetTrailStatusResponse
-- | See: newListChannels smart constructor.
data ListChannels
ListChannels' :: Maybe Natural -> Maybe Text -> ListChannels
-- | Create a value of ListChannels with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:maxResults:ListChannels', listChannels_maxResults -
-- The maximum number of CloudTrail channels to display on a single page.
--
-- ListChannels, listChannels_nextToken - The token to use
-- to get the next page of results after a previous API call. This token
-- must be passed in with the same parameters that were specified in the
-- original call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
newListChannels :: ListChannels
-- | See: newListChannelsResponse smart constructor.
data ListChannelsResponse
ListChannelsResponse' :: Maybe [Channel] -> Maybe Text -> Int -> ListChannelsResponse
-- | Create a value of ListChannelsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channels:ListChannelsResponse',
-- listChannelsResponse_channels - The list of channels in the
-- account.
--
-- ListChannels, listChannelsResponse_nextToken - The token
-- to use to get the next page of results after a previous API call.
--
-- $sel:httpStatus:ListChannelsResponse',
-- listChannelsResponse_httpStatus - The response's http status
-- code.
newListChannelsResponse :: Int -> ListChannelsResponse
-- | See: newListEventDataStores smart constructor.
data ListEventDataStores
ListEventDataStores' :: Maybe Natural -> Maybe Text -> ListEventDataStores
-- | Create a value of ListEventDataStores with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:maxResults:ListEventDataStores',
-- listEventDataStores_maxResults - The maximum number of event
-- data stores to display on a single page.
--
-- ListEventDataStores, listEventDataStores_nextToken - A
-- token you can use to get the next page of event data store results.
newListEventDataStores :: ListEventDataStores
-- | See: newListEventDataStoresResponse smart constructor.
data ListEventDataStoresResponse
ListEventDataStoresResponse' :: Maybe [EventDataStore] -> Maybe Text -> Int -> ListEventDataStoresResponse
-- | Create a value of ListEventDataStoresResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStores:ListEventDataStoresResponse',
-- listEventDataStoresResponse_eventDataStores - Contains
-- information about event data stores in the account, in the current
-- region.
--
-- ListEventDataStores,
-- listEventDataStoresResponse_nextToken - A token you can use to
-- get the next page of results.
--
-- $sel:httpStatus:ListEventDataStoresResponse',
-- listEventDataStoresResponse_httpStatus - The response's http
-- status code.
newListEventDataStoresResponse :: Int -> ListEventDataStoresResponse
-- | See: newListImportFailures smart constructor.
data ListImportFailures
ListImportFailures' :: Maybe Natural -> Maybe Text -> Text -> ListImportFailures
-- | Create a value of ListImportFailures with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:maxResults:ListImportFailures',
-- listImportFailures_maxResults - The maximum number of failures
-- to display on a single page.
--
-- ListImportFailures, listImportFailures_nextToken - A
-- token you can use to get the next page of import failures.
--
-- ListImportFailures, listImportFailures_importId - The ID
-- of the import.
newListImportFailures :: Text -> ListImportFailures
-- | See: newListImportFailuresResponse smart constructor.
data ListImportFailuresResponse
ListImportFailuresResponse' :: Maybe [ImportFailureListItem] -> Maybe Text -> Int -> ListImportFailuresResponse
-- | Create a value of ListImportFailuresResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:failures:ListImportFailuresResponse',
-- listImportFailuresResponse_failures - Contains information
-- about the import failures.
--
-- ListImportFailures, listImportFailuresResponse_nextToken
-- - A token you can use to get the next page of results.
--
-- $sel:httpStatus:ListImportFailuresResponse',
-- listImportFailuresResponse_httpStatus - The response's http
-- status code.
newListImportFailuresResponse :: Int -> ListImportFailuresResponse
-- | See: newListImports smart constructor.
data ListImports
ListImports' :: Maybe Text -> Maybe ImportStatus -> Maybe Natural -> Maybe Text -> ListImports
-- | Create a value of ListImports with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:destination:ListImports', listImports_destination -
-- The ARN of the destination event data store.
--
-- ListImports, listImports_importStatus - The status of
-- the import.
--
-- $sel:maxResults:ListImports', listImports_maxResults -
-- The maximum number of imports to display on a single page.
--
-- ListImports, listImports_nextToken - A token you can use
-- to get the next page of import results.
newListImports :: ListImports
-- | See: newListImportsResponse smart constructor.
data ListImportsResponse
ListImportsResponse' :: Maybe [ImportsListItem] -> Maybe Text -> Int -> ListImportsResponse
-- | Create a value of ListImportsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:imports:ListImportsResponse',
-- listImportsResponse_imports - The list of returned imports.
--
-- ListImports, listImportsResponse_nextToken - A token you
-- can use to get the next page of import results.
--
-- $sel:httpStatus:ListImportsResponse',
-- listImportsResponse_httpStatus - The response's http status
-- code.
newListImportsResponse :: Int -> ListImportsResponse
-- | Requests the public keys for a specified time range.
--
-- See: newListPublicKeys smart constructor.
data ListPublicKeys
ListPublicKeys' :: Maybe POSIX -> Maybe Text -> Maybe POSIX -> ListPublicKeys
-- | Create a value of ListPublicKeys with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endTime:ListPublicKeys', listPublicKeys_endTime -
-- Optionally specifies, in UTC, the end of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used.
--
-- ListPublicKeys, listPublicKeys_nextToken - Reserved for
-- future use.
--
-- $sel:startTime:ListPublicKeys', listPublicKeys_startTime
-- - Optionally specifies, in UTC, the start of the time range to look up
-- public keys for CloudTrail digest files. If not specified, the current
-- time is used, and the current public key is returned.
newListPublicKeys :: ListPublicKeys
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newListPublicKeysResponse smart constructor.
data ListPublicKeysResponse
ListPublicKeysResponse' :: Maybe Text -> Maybe [PublicKey] -> Int -> ListPublicKeysResponse
-- | Create a value of ListPublicKeysResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListPublicKeys, listPublicKeysResponse_nextToken -
-- Reserved for future use.
--
-- $sel:publicKeyList:ListPublicKeysResponse',
-- listPublicKeysResponse_publicKeyList - Contains an array of
-- PublicKey objects.
--
-- The returned public keys may have validity time ranges that overlap.
--
-- $sel:httpStatus:ListPublicKeysResponse',
-- listPublicKeysResponse_httpStatus - The response's http status
-- code.
newListPublicKeysResponse :: Int -> ListPublicKeysResponse
-- | See: newListQueries smart constructor.
data ListQueries
ListQueries' :: Maybe POSIX -> Maybe Natural -> Maybe Text -> Maybe QueryStatus -> Maybe POSIX -> Text -> ListQueries
-- | Create a value of ListQueries with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endTime:ListQueries', listQueries_endTime - Use
-- with StartTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
--
-- $sel:maxResults:ListQueries', listQueries_maxResults -
-- The maximum number of queries to show on a page.
--
-- ListQueries, listQueries_nextToken - A token you can use
-- to get the next page of results.
--
-- ListQueries, listQueries_queryStatus - The status of
-- queries that you want to return in results. Valid values for
-- QueryStatus include QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
--
-- $sel:startTime:ListQueries', listQueries_startTime - Use
-- with EndTime to bound a ListQueries request, and
-- limit its results to only those queries run within a specified time
-- period.
--
-- $sel:eventDataStore:ListQueries',
-- listQueries_eventDataStore - The ARN (or the ID suffix of the
-- ARN) of an event data store on which queries were run.
newListQueries :: Text -> ListQueries
-- | See: newListQueriesResponse smart constructor.
data ListQueriesResponse
ListQueriesResponse' :: Maybe Text -> Maybe [Query] -> Int -> ListQueriesResponse
-- | Create a value of ListQueriesResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListQueries, listQueriesResponse_nextToken - A token you
-- can use to get the next page of results.
--
-- $sel:queries:ListQueriesResponse',
-- listQueriesResponse_queries - Lists matching query results, and
-- shows query ID, status, and creation time of each query.
--
-- $sel:httpStatus:ListQueriesResponse',
-- listQueriesResponse_httpStatus - The response's http status
-- code.
newListQueriesResponse :: Int -> ListQueriesResponse
-- | Specifies a list of tags to return.
--
-- See: newListTags smart constructor.
data ListTags
ListTags' :: Maybe Text -> [Text] -> ListTags
-- | Create a value of ListTags with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTags, listTags_nextToken - Reserved for future use.
--
-- $sel:resourceIdList:ListTags', listTags_resourceIdList -
-- Specifies a list of trail and event data store ARNs whose tags will be
-- listed. The list has a limit of 20 ARNs.
newListTags :: ListTags
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newListTagsResponse smart constructor.
data ListTagsResponse
ListTagsResponse' :: Maybe Text -> Maybe [ResourceTag] -> Int -> ListTagsResponse
-- | Create a value of ListTagsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTags, listTagsResponse_nextToken - Reserved for
-- future use.
--
-- $sel:resourceTagList:ListTagsResponse',
-- listTagsResponse_resourceTagList - A list of resource tags.
--
-- $sel:httpStatus:ListTagsResponse',
-- listTagsResponse_httpStatus - The response's http status code.
newListTagsResponse :: Int -> ListTagsResponse
-- | See: newListTrails smart constructor.
data ListTrails
ListTrails' :: Maybe Text -> ListTrails
-- | Create a value of ListTrails with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTrails, listTrails_nextToken - The token to use to
-- get the next page of results after a previous API call. This token
-- must be passed in with the same parameters that were specified in the
-- original call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
newListTrails :: ListTrails
-- | See: newListTrailsResponse smart constructor.
data ListTrailsResponse
ListTrailsResponse' :: Maybe Text -> Maybe [TrailInfo] -> Int -> ListTrailsResponse
-- | Create a value of ListTrailsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- ListTrails, listTrailsResponse_nextToken - The token to
-- use to get the next page of results after a previous API call. If the
-- token does not appear, there are no more results to return. The token
-- must be passed in with the same parameters as the previous call. For
-- example, if the original call specified an AttributeKey of 'Username'
-- with a value of 'root', the call with NextToken should include those
-- same parameters.
--
-- $sel:trails:ListTrailsResponse',
-- listTrailsResponse_trails - Returns the name, ARN, and home
-- region of trails in the current account.
--
-- $sel:httpStatus:ListTrailsResponse',
-- listTrailsResponse_httpStatus - The response's http status
-- code.
newListTrailsResponse :: Int -> ListTrailsResponse
-- | Contains a request for LookupEvents.
--
-- See: newLookupEvents smart constructor.
data LookupEvents
LookupEvents' :: Maybe POSIX -> Maybe EventCategory -> Maybe [LookupAttribute] -> Maybe Natural -> Maybe Text -> Maybe POSIX -> LookupEvents
-- | Create a value of LookupEvents with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endTime:LookupEvents', lookupEvents_endTime -
-- Specifies that only events that occur before or at the specified time
-- are returned. If the specified end time is before the specified start
-- time, an error is returned.
--
-- $sel:eventCategory:LookupEvents',
-- lookupEvents_eventCategory - Specifies the event category. If
-- you do not specify an event category, events of the category are not
-- returned in the response. For example, if you do not specify
-- insight as the value of EventCategory, no Insights
-- events are returned.
--
-- $sel:lookupAttributes:LookupEvents',
-- lookupEvents_lookupAttributes - Contains a list of lookup
-- attributes. Currently the list can contain only one item.
--
-- $sel:maxResults:LookupEvents', lookupEvents_maxResults -
-- The number of events to return. Possible values are 1 through 50. The
-- default is 50.
--
-- LookupEvents, lookupEvents_nextToken - The token to use
-- to get the next page of results after a previous API call. This token
-- must be passed in with the same parameters that were specified in the
-- original call. For example, if the original call specified an
-- AttributeKey of 'Username' with a value of 'root', the call with
-- NextToken should include those same parameters.
--
-- $sel:startTime:LookupEvents', lookupEvents_startTime -
-- Specifies that only events that occur after or at the specified time
-- are returned. If the specified start time is after the specified end
-- time, an error is returned.
newLookupEvents :: LookupEvents
-- | Contains a response to a LookupEvents action.
--
-- See: newLookupEventsResponse smart constructor.
data LookupEventsResponse
LookupEventsResponse' :: Maybe [Event] -> Maybe Text -> Int -> LookupEventsResponse
-- | Create a value of LookupEventsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:events:LookupEventsResponse',
-- lookupEventsResponse_events - A list of events returned based
-- on the lookup attributes specified and the CloudTrail event. The
-- events list is sorted by time. The most recent event is listed first.
--
-- LookupEvents, lookupEventsResponse_nextToken - The token
-- to use to get the next page of results after a previous API call. If
-- the token does not appear, there are no more results to return. The
-- token must be passed in with the same parameters as the previous call.
-- For example, if the original call specified an AttributeKey of
-- 'Username' with a value of 'root', the call with NextToken should
-- include those same parameters.
--
-- $sel:httpStatus:LookupEventsResponse',
-- lookupEventsResponse_httpStatus - The response's http status
-- code.
newLookupEventsResponse :: Int -> LookupEventsResponse
-- | See: newPutEventSelectors smart constructor.
data PutEventSelectors
PutEventSelectors' :: Maybe [AdvancedEventSelector] -> Maybe [EventSelector] -> Text -> PutEventSelectors
-- | Create a value of PutEventSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- PutEventSelectors,
-- putEventSelectors_advancedEventSelectors - Specifies the
-- settings for advanced event selectors. You can add advanced event
-- selectors, and conditions for your advanced event selectors, up to a
-- maximum of 500 values for all conditions and selectors on a trail. You
-- can use either AdvancedEventSelectors or
-- EventSelectors, but not both. If you apply
-- AdvancedEventSelectors to a trail, any existing
-- EventSelectors are overwritten. For more information about
-- advanced event selectors, see Logging data events for trails in
-- the CloudTrail User Guide.
--
-- PutEventSelectors, putEventSelectors_eventSelectors -
-- Specifies the settings for your event selectors. You can configure up
-- to five event selectors for a trail. You can use either
-- EventSelectors or AdvancedEventSelectors in a
-- PutEventSelectors request, but not both. If you apply
-- EventSelectors to a trail, any existing
-- AdvancedEventSelectors are overwritten.
--
-- $sel:trailName:PutEventSelectors',
-- putEventSelectors_trailName - Specifies the name of the trail
-- or trail ARN. If you specify a trail name, the string must meet the
-- following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If you specify a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newPutEventSelectors :: Text -> PutEventSelectors
-- | See: newPutEventSelectorsResponse smart constructor.
data PutEventSelectorsResponse
PutEventSelectorsResponse' :: Maybe [AdvancedEventSelector] -> Maybe [EventSelector] -> Maybe Text -> Int -> PutEventSelectorsResponse
-- | Create a value of PutEventSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- PutEventSelectors,
-- putEventSelectorsResponse_advancedEventSelectors - Specifies
-- the advanced event selectors configured for your trail.
--
-- PutEventSelectors,
-- putEventSelectorsResponse_eventSelectors - Specifies the event
-- selectors configured for your trail.
--
-- PutEventSelectorsResponse,
-- putEventSelectorsResponse_trailARN - Specifies the ARN of the
-- trail that was updated with event selectors. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- $sel:httpStatus:PutEventSelectorsResponse',
-- putEventSelectorsResponse_httpStatus - The response's http
-- status code.
newPutEventSelectorsResponse :: Int -> PutEventSelectorsResponse
-- | See: newPutInsightSelectors smart constructor.
data PutInsightSelectors
PutInsightSelectors' :: Text -> [InsightSelector] -> PutInsightSelectors
-- | Create a value of PutInsightSelectors with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:trailName:PutInsightSelectors',
-- putInsightSelectors_trailName - The name of the CloudTrail
-- trail for which you want to change or add Insights selectors.
--
-- PutInsightSelectors,
-- putInsightSelectors_insightSelectors - A JSON string that
-- contains the insight types you want to log on a trail.
-- ApiCallRateInsight and ApiErrorRateInsight are valid
-- insight types.
newPutInsightSelectors :: Text -> PutInsightSelectors
-- | See: newPutInsightSelectorsResponse smart constructor.
data PutInsightSelectorsResponse
PutInsightSelectorsResponse' :: Maybe [InsightSelector] -> Maybe Text -> Int -> PutInsightSelectorsResponse
-- | Create a value of PutInsightSelectorsResponse with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- PutInsightSelectors,
-- putInsightSelectorsResponse_insightSelectors - A JSON string
-- that contains the Insights event types that you want to log on a
-- trail. The valid Insights types in this release are
-- ApiErrorRateInsight and ApiCallRateInsight.
--
-- PutInsightSelectorsResponse,
-- putInsightSelectorsResponse_trailARN - The Amazon Resource Name
-- (ARN) of a trail for which you want to change or add Insights
-- selectors.
--
-- $sel:httpStatus:PutInsightSelectorsResponse',
-- putInsightSelectorsResponse_httpStatus - The response's http
-- status code.
newPutInsightSelectorsResponse :: Int -> PutInsightSelectorsResponse
-- | Specifies an organization member account ID as a CloudTrail delegated
-- administrator.
--
-- See: newRegisterOrganizationDelegatedAdmin smart
-- constructor.
data RegisterOrganizationDelegatedAdmin
RegisterOrganizationDelegatedAdmin' :: Text -> RegisterOrganizationDelegatedAdmin
-- | Create a value of RegisterOrganizationDelegatedAdmin with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:memberAccountId:RegisterOrganizationDelegatedAdmin',
-- registerOrganizationDelegatedAdmin_memberAccountId - An
-- organization member account ID that you want to designate as a
-- delegated administrator.
newRegisterOrganizationDelegatedAdmin :: Text -> RegisterOrganizationDelegatedAdmin
-- | Returns the following response if successful. Otherwise, returns an
-- error.
--
-- See: newRegisterOrganizationDelegatedAdminResponse smart
-- constructor.
data RegisterOrganizationDelegatedAdminResponse
RegisterOrganizationDelegatedAdminResponse' :: Int -> RegisterOrganizationDelegatedAdminResponse
-- | Create a value of RegisterOrganizationDelegatedAdminResponse
-- with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:RegisterOrganizationDelegatedAdminResponse',
-- registerOrganizationDelegatedAdminResponse_httpStatus - The
-- response's http status code.
newRegisterOrganizationDelegatedAdminResponse :: Int -> RegisterOrganizationDelegatedAdminResponse
-- | Specifies the tags to remove from a trail or event data store.
--
-- See: newRemoveTags smart constructor.
data RemoveTags
RemoveTags' :: Text -> [Tag] -> RemoveTags
-- | Create a value of RemoveTags with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- RemoveTags, removeTags_resourceId - Specifies the ARN of
-- the trail or event data store from which tags should be removed.
--
-- Example trail ARN format:
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
-- Example event data store ARN format:
-- arn:aws:cloudtrail:us-east-2:12345678910:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE
--
-- RemoveTags, removeTags_tagsList - Specifies a list of
-- tags to be removed.
newRemoveTags :: Text -> RemoveTags
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newRemoveTagsResponse smart constructor.
data RemoveTagsResponse
RemoveTagsResponse' :: Int -> RemoveTagsResponse
-- | Create a value of RemoveTagsResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:RemoveTagsResponse',
-- removeTagsResponse_httpStatus - The response's http status
-- code.
newRemoveTagsResponse :: Int -> RemoveTagsResponse
-- | See: newRestoreEventDataStore smart constructor.
data RestoreEventDataStore
RestoreEventDataStore' :: Text -> RestoreEventDataStore
-- | Create a value of RestoreEventDataStore with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventDataStore:RestoreEventDataStore',
-- restoreEventDataStore_eventDataStore - The ARN (or the ID
-- suffix of the ARN) of the event data store that you want to restore.
newRestoreEventDataStore :: Text -> RestoreEventDataStore
-- | See: newRestoreEventDataStoreResponse smart constructor.
data RestoreEventDataStoreResponse
RestoreEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> Int -> RestoreEventDataStoreResponse
-- | Create a value of RestoreEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_advancedEventSelectors - The
-- advanced event selectors that were used to select events.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_createdTimestamp - The timestamp
-- of an event data store's creation.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_eventDataStoreArn - The event
-- data store ARN.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_kmsKeyId - Specifies the KMS key
-- ID that encrypts the events delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store is collecting events from all regions, or
-- only from the region in which the event data store was created.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_name - The name of the event data
-- store.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_retentionPeriod - The retention
-- period, in days.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_status - The status of the event
-- data store.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates that termination protection is enabled and the event data
-- store cannot be automatically deleted.
--
-- RestoreEventDataStoreResponse,
-- restoreEventDataStoreResponse_updatedTimestamp - The timestamp
-- that shows when an event data store was updated, if applicable.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:RestoreEventDataStoreResponse',
-- restoreEventDataStoreResponse_httpStatus - The response's http
-- status code.
newRestoreEventDataStoreResponse :: Int -> RestoreEventDataStoreResponse
-- | See: newStartImport smart constructor.
data StartImport
StartImport' :: Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe POSIX -> StartImport
-- | Create a value of StartImport with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartImport, startImport_destinations - The ARN of the
-- destination event data store. Use this parameter for a new import.
--
-- StartImport, startImport_endEventTime - Use with
-- StartEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period. When you specify a time range, CloudTrail
-- checks the prefix and log file names to verify the names contain a
-- date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
--
-- StartImport, startImport_importId - The ID of the
-- import. Use this parameter when you are retrying an import.
--
-- StartImport, startImport_importSource - The source S3
-- bucket for the import. Use this parameter for a new import.
--
-- StartImport, startImport_startEventTime - Use with
-- EndEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period. When you specify a time range, CloudTrail
-- checks the prefix and log file names to verify the names contain a
-- date between the specified StartEventTime and
-- EndEventTime before attempting to import events.
newStartImport :: StartImport
-- | See: newStartImportResponse smart constructor.
data StartImportResponse
StartImportResponse' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe ImportStatus -> Maybe POSIX -> Maybe POSIX -> Int -> StartImportResponse
-- | Create a value of StartImportResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartImportResponse,
-- startImportResponse_createdTimestamp - The timestamp for the
-- import's creation.
--
-- StartImport, startImportResponse_destinations - The ARN
-- of the destination event data store.
--
-- StartImport, startImportResponse_endEventTime - Used
-- with StartEventTime to bound a StartImport request,
-- and limit imported trail events to only those events logged within a
-- specified time period.
--
-- StartImport, startImportResponse_importId - The ID of
-- the import.
--
-- StartImport, startImportResponse_importSource - The
-- source S3 bucket for the import.
--
-- StartImportResponse, startImportResponse_importStatus -
-- Shows the status of the import after a StartImport request.
-- An import finishes with a status of COMPLETED if there were
-- no failures, or FAILED if there were failures.
--
-- StartImport, startImportResponse_startEventTime - Used
-- with EndEventTime to bound a StartImport request,
-- and limit imported trail events to only those events logged within a
-- specified time period.
--
-- StartImportResponse,
-- startImportResponse_updatedTimestamp - The timestamp of the
-- import's last update, if applicable.
--
-- $sel:httpStatus:StartImportResponse',
-- startImportResponse_httpStatus - The response's http status
-- code.
newStartImportResponse :: Int -> StartImportResponse
-- | The request to CloudTrail to start logging Amazon Web Services API
-- calls for an account.
--
-- See: newStartLogging smart constructor.
data StartLogging
StartLogging' :: Text -> StartLogging
-- | Create a value of StartLogging with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartLogging, startLogging_name - Specifies the name or
-- the CloudTrail ARN of the trail for which CloudTrail logs Amazon Web
-- Services API calls. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newStartLogging :: Text -> StartLogging
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newStartLoggingResponse smart constructor.
data StartLoggingResponse
StartLoggingResponse' :: Int -> StartLoggingResponse
-- | Create a value of StartLoggingResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:StartLoggingResponse',
-- startLoggingResponse_httpStatus - The response's http status
-- code.
newStartLoggingResponse :: Int -> StartLoggingResponse
-- | See: newStartQuery smart constructor.
data StartQuery
StartQuery' :: Maybe Text -> Text -> StartQuery
-- | Create a value of StartQuery with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:deliveryS3Uri:StartQuery', startQuery_deliveryS3Uri
-- - The URI for the S3 bucket where CloudTrail delivers the query
-- results.
--
-- $sel:queryStatement:StartQuery',
-- startQuery_queryStatement - The SQL code of your query.
newStartQuery :: Text -> StartQuery
-- | See: newStartQueryResponse smart constructor.
data StartQueryResponse
StartQueryResponse' :: Maybe Text -> Int -> StartQueryResponse
-- | Create a value of StartQueryResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StartQueryResponse, startQueryResponse_queryId - The ID
-- of the started query.
--
-- $sel:httpStatus:StartQueryResponse',
-- startQueryResponse_httpStatus - The response's http status
-- code.
newStartQueryResponse :: Int -> StartQueryResponse
-- | See: newStopImport smart constructor.
data StopImport
StopImport' :: Text -> StopImport
-- | Create a value of StopImport with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StopImport, stopImport_importId - The ID of the import.
newStopImport :: Text -> StopImport
-- | See: newStopImportResponse smart constructor.
data StopImportResponse
StopImportResponse' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe POSIX -> Maybe Text -> Maybe ImportSource -> Maybe ImportStatistics -> Maybe ImportStatus -> Maybe POSIX -> Maybe POSIX -> Int -> StopImportResponse
-- | Create a value of StopImportResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StopImportResponse, stopImportResponse_createdTimestamp
-- - The timestamp of the import's creation.
--
-- StopImportResponse, stopImportResponse_destinations -
-- The ARN of the destination event data store.
--
-- $sel:endEventTime:StopImportResponse',
-- stopImportResponse_endEventTime - Used with
-- StartEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- StopImport, stopImportResponse_importId - The ID for the
-- import.
--
-- $sel:importSource:StopImportResponse',
-- stopImportResponse_importSource - The source S3 bucket for the
-- import.
--
-- $sel:importStatistics:StopImportResponse',
-- stopImportResponse_importStatistics - Returns information on
-- the stopped import.
--
-- StopImportResponse, stopImportResponse_importStatus -
-- The status of the import.
--
-- $sel:startEventTime:StopImportResponse',
-- stopImportResponse_startEventTime - Used with
-- EndEventTime to bound a StartImport request, and
-- limit imported trail events to only those events logged within a
-- specified time period.
--
-- StopImportResponse, stopImportResponse_updatedTimestamp
-- - The timestamp of the import's last update.
--
-- $sel:httpStatus:StopImportResponse',
-- stopImportResponse_httpStatus - The response's http status
-- code.
newStopImportResponse :: Int -> StopImportResponse
-- | Passes the request to CloudTrail to stop logging Amazon Web Services
-- API calls for the specified account.
--
-- See: newStopLogging smart constructor.
data StopLogging
StopLogging' :: Text -> StopLogging
-- | Create a value of StopLogging with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- StopLogging, stopLogging_name - Specifies the name or
-- the CloudTrail ARN of the trail for which CloudTrail will stop logging
-- Amazon Web Services API calls. The following is the format of a trail
-- ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newStopLogging :: Text -> StopLogging
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newStopLoggingResponse smart constructor.
data StopLoggingResponse
StopLoggingResponse' :: Int -> StopLoggingResponse
-- | Create a value of StopLoggingResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:httpStatus:StopLoggingResponse',
-- stopLoggingResponse_httpStatus - The response's http status
-- code.
newStopLoggingResponse :: Int -> StopLoggingResponse
-- | See: newUpdateEventDataStore smart constructor.
data UpdateEventDataStore
UpdateEventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe Bool -> Text -> UpdateEventDataStore
-- | Create a value of UpdateEventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateEventDataStore,
-- updateEventDataStore_advancedEventSelectors - The advanced
-- event selectors used to select events for the event data store. You
-- can configure up to five advanced event selectors for each event data
-- store.
--
-- UpdateEventDataStore, updateEventDataStore_kmsKeyId -
-- Specifies the KMS key ID to use to encrypt the events delivered by
-- CloudTrail. The value can be an alias name prefixed by
-- alias/, a fully specified ARN to an alias, a fully specified
-- ARN to a key, or a globally unique identifier.
--
-- Disabling or deleting the KMS key, or removing CloudTrail permissions
-- on the key, prevents CloudTrail from logging events to the event data
-- store, and prevents users from querying the data in the event data
-- store that was encrypted with the key. After you associate an event
-- data store with a KMS key, the KMS key cannot be removed or changed.
-- Before you disable or delete a KMS key that you are using with an
-- event data store, delete or back up your event data store.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
--
-- UpdateEventDataStore,
-- updateEventDataStore_multiRegionEnabled - Specifies whether an
-- event data store collects events from all regions, or only from the
-- region in which it was created.
--
-- UpdateEventDataStore, updateEventDataStore_name - The
-- event data store name.
--
-- UpdateEventDataStore,
-- updateEventDataStore_organizationEnabled - Specifies whether an
-- event data store collects events logged for an organization in
-- Organizations.
--
-- UpdateEventDataStore,
-- updateEventDataStore_retentionPeriod - The retention period, in
-- days.
--
-- UpdateEventDataStore,
-- updateEventDataStore_terminationProtectionEnabled - Indicates
-- that termination protection is enabled and the event data store cannot
-- be automatically deleted.
--
-- $sel:eventDataStore:UpdateEventDataStore',
-- updateEventDataStore_eventDataStore - The ARN (or the ID suffix
-- of the ARN) of the event data store that you want to update.
newUpdateEventDataStore :: Text -> UpdateEventDataStore
-- | See: newUpdateEventDataStoreResponse smart constructor.
data UpdateEventDataStoreResponse
UpdateEventDataStoreResponse' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> Int -> UpdateEventDataStoreResponse
-- | Create a value of UpdateEventDataStoreResponse with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_advancedEventSelectors - The
-- advanced event selectors that are applied to the event data store.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_createdTimestamp - The timestamp
-- that shows when an event data store was first created.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_eventDataStoreArn - The ARN of the
-- event data store.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_kmsKeyId - Specifies the KMS key
-- ID that encrypts the events delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_multiRegionEnabled - Indicates
-- whether the event data store includes events from all regions, or only
-- from the region in which it was created.
--
-- UpdateEventDataStore, updateEventDataStoreResponse_name
-- - The name of the event data store.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_organizationEnabled - Indicates
-- whether an event data store is collecting logged events for an
-- organization in Organizations.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_retentionPeriod - The retention
-- period, in days.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_status - The status of an event
-- data store. Values can be ENABLED and
-- PENDING_DELETION.
--
-- UpdateEventDataStore,
-- updateEventDataStoreResponse_terminationProtectionEnabled -
-- Indicates whether termination protection is enabled for the event data
-- store.
--
-- UpdateEventDataStoreResponse,
-- updateEventDataStoreResponse_updatedTimestamp - The timestamp
-- that shows when the event data store was last updated.
-- UpdatedTimestamp is always either the same or newer than the
-- time shown in CreatedTimestamp.
--
-- $sel:httpStatus:UpdateEventDataStoreResponse',
-- updateEventDataStoreResponse_httpStatus - The response's http
-- status code.
newUpdateEventDataStoreResponse :: Int -> UpdateEventDataStoreResponse
-- | Specifies settings to update for the trail.
--
-- See: newUpdateTrail smart constructor.
data UpdateTrail
UpdateTrail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Text -> UpdateTrail
-- | Create a value of UpdateTrail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateTrail, updateTrail_cloudWatchLogsLogGroupArn -
-- Specifies a log group name using an Amazon Resource Name (ARN), a
-- unique identifier that represents the log group to which CloudTrail
-- logs are delivered. Not required unless you specify
-- CloudWatchLogsRoleArn.
--
-- UpdateTrail, updateTrail_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- $sel:enableLogFileValidation:UpdateTrail',
-- updateTrail_enableLogFileValidation - Specifies whether log
-- file validation is enabled. The default is false.
--
-- When you disable log file integrity validation, the chain of digest
-- files is broken after one hour. CloudTrail does not create digest
-- files for log files that were delivered during a period in which log
-- file integrity validation was disabled. For example, if you enable log
-- file integrity validation at noon on January 1, disable it at noon on
-- January 2, and re-enable it at noon on January 10, digest files will
-- not be created for the log files delivered from noon on January 2 to
-- noon on January 10. The same applies whenever you stop CloudTrail
-- logging or delete a trail.
--
-- UpdateTrail, updateTrail_includeGlobalServiceEvents -
-- Specifies whether the trail is publishing events from global services
-- such as IAM to the log files.
--
-- UpdateTrail, updateTrail_isMultiRegionTrail - Specifies
-- whether the trail applies only to the current region or to all
-- regions. The default is false. If the trail exists only in the current
-- region and this value is set to true, shadow trails (replications of
-- the trail) will be created in the other regions. If the trail exists
-- in all regions and this value is set to false, the trail will remain
-- in the region where it was created, and its shadow trails in other
-- regions will be deleted. As a best practice, consider using trails
-- that log events in all regions.
--
-- UpdateTrail, updateTrail_isOrganizationTrail - Specifies
-- whether the trail is applied to all accounts in an organization in
-- Organizations, or only for the current Amazon Web Services account.
-- The default is false, and cannot be true unless the call is made on
-- behalf of an Amazon Web Services account that is the management
-- account for an organization in Organizations. If the trail is not an
-- organization trail and this is set to true, the trail will be
-- created in all Amazon Web Services accounts that belong to the
-- organization. If the trail is an organization trail and this is set to
-- false, the trail will remain in the current Amazon Web
-- Services account but be deleted from all member accounts in the
-- organization.
--
-- UpdateTrail, updateTrail_kmsKeyId - Specifies the KMS
-- key ID to use to encrypt the logs delivered by CloudTrail. The value
-- can be an alias name prefixed by "alias/", a fully specified ARN to an
-- alias, a fully specified ARN to a key, or a globally unique
-- identifier.
--
-- CloudTrail also supports KMS multi-Region keys. For more information
-- about multi-Region keys, see Using multi-Region keys in the
-- Key Management Service Developer Guide.
--
-- Examples:
--
--
-- - alias/MyAliasName
-- - arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
--
-- - arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
-- - 12345678-1234-1234-1234-123456789012
--
--
-- UpdateTrail, updateTrail_s3BucketName - Specifies the
-- name of the Amazon S3 bucket designated for publishing log files. See
-- Amazon S3 Bucket Naming Requirements.
--
-- UpdateTrail, updateTrail_s3KeyPrefix - Specifies the
-- Amazon S3 key prefix that comes after the name of the bucket you have
-- designated for log file delivery. For more information, see Finding
-- Your CloudTrail Log Files. The maximum length is 200 characters.
--
-- UpdateTrail, updateTrail_snsTopicName - Specifies the
-- name of the Amazon SNS topic defined for notification of log file
-- delivery. The maximum length is 256 characters.
--
-- UpdateTrail, updateTrail_name - Specifies the name of
-- the trail or trail ARN. If Name is a trail name, the string
-- must meet the following requirements:
--
--
-- - Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.),
-- underscores (_), or dashes (-)
-- - Start with a letter or number, and end with a letter or
-- number
-- - Be between 3 and 128 characters
-- - Have no adjacent periods, underscores or dashes. Names like
-- my-_namespace and my--namespace are not valid.
-- - Not be in IP address format (for example, 192.168.5.4)
--
--
-- If Name is a trail ARN, it must be in the following format.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newUpdateTrail :: Text -> UpdateTrail
-- | Returns the objects or data listed below if successful. Otherwise,
-- returns an error.
--
-- See: newUpdateTrailResponse smart constructor.
data UpdateTrailResponse
UpdateTrailResponse' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Int -> UpdateTrailResponse
-- | Create a value of UpdateTrailResponse with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- UpdateTrail,
-- updateTrailResponse_cloudWatchLogsLogGroupArn - Specifies the
-- Amazon Resource Name (ARN) of the log group to which CloudTrail logs
-- are delivered.
--
-- UpdateTrail, updateTrailResponse_cloudWatchLogsRoleArn -
-- Specifies the role for the CloudWatch Logs endpoint to assume to write
-- to a user's log group.
--
-- UpdateTrail,
-- updateTrailResponse_includeGlobalServiceEvents - Specifies
-- whether the trail is publishing events from global services such as
-- IAM to the log files.
--
-- UpdateTrail, updateTrailResponse_isMultiRegionTrail -
-- Specifies whether the trail exists in one region or in all regions.
--
-- UpdateTrail, updateTrailResponse_isOrganizationTrail -
-- Specifies whether the trail is an organization trail.
--
-- UpdateTrail, updateTrailResponse_kmsKeyId - Specifies
-- the KMS key ID that encrypts the logs delivered by CloudTrail. The
-- value is a fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- UpdateTrailResponse,
-- updateTrailResponse_logFileValidationEnabled - Specifies
-- whether log file integrity validation is enabled.
--
-- UpdateTrail, updateTrailResponse_name - Specifies the
-- name of the trail.
--
-- UpdateTrail, updateTrailResponse_s3BucketName -
-- Specifies the name of the Amazon S3 bucket designated for publishing
-- log files.
--
-- UpdateTrail, updateTrailResponse_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your IAM Log Files.
--
-- UpdateTrailResponse, updateTrailResponse_snsTopicARN -
-- Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- UpdateTrail, updateTrailResponse_snsTopicName - This
-- field is no longer in use. Use UpdateTrailResponse$SnsTopicARN.
--
-- UpdateTrailResponse, updateTrailResponse_trailARN -
-- Specifies the ARN of the trail that was updated. The following is the
-- format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
--
-- $sel:httpStatus:UpdateTrailResponse',
-- updateTrailResponse_httpStatus - The response's http status
-- code.
newUpdateTrailResponse :: Int -> UpdateTrailResponse
newtype DeliveryStatus
DeliveryStatus' :: Text -> DeliveryStatus
[fromDeliveryStatus] :: DeliveryStatus -> Text
pattern DeliveryStatus_ACCESS_DENIED :: DeliveryStatus
pattern DeliveryStatus_ACCESS_DENIED_SIGNING_FILE :: DeliveryStatus
pattern DeliveryStatus_CANCELLED :: DeliveryStatus
pattern DeliveryStatus_FAILED :: DeliveryStatus
pattern DeliveryStatus_FAILED_SIGNING_FILE :: DeliveryStatus
pattern DeliveryStatus_PENDING :: DeliveryStatus
pattern DeliveryStatus_RESOURCE_NOT_FOUND :: DeliveryStatus
pattern DeliveryStatus_SUCCESS :: DeliveryStatus
pattern DeliveryStatus_UNKNOWN :: DeliveryStatus
newtype DestinationType
DestinationType' :: Text -> DestinationType
[fromDestinationType] :: DestinationType -> Text
pattern DestinationType_AWS_SERVICE :: DestinationType
pattern DestinationType_EVENT_DATA_STORE :: DestinationType
newtype EventCategory
EventCategory' :: Text -> EventCategory
[fromEventCategory] :: EventCategory -> Text
pattern EventCategory_Insight :: EventCategory
newtype EventDataStoreStatus
EventDataStoreStatus' :: Text -> EventDataStoreStatus
[fromEventDataStoreStatus] :: EventDataStoreStatus -> Text
pattern EventDataStoreStatus_CREATED :: EventDataStoreStatus
pattern EventDataStoreStatus_ENABLED :: EventDataStoreStatus
pattern EventDataStoreStatus_PENDING_DELETION :: EventDataStoreStatus
newtype ImportFailureStatus
ImportFailureStatus' :: Text -> ImportFailureStatus
[fromImportFailureStatus] :: ImportFailureStatus -> Text
pattern ImportFailureStatus_FAILED :: ImportFailureStatus
pattern ImportFailureStatus_RETRY :: ImportFailureStatus
pattern ImportFailureStatus_SUCCEEDED :: ImportFailureStatus
newtype ImportStatus
ImportStatus' :: Text -> ImportStatus
[fromImportStatus] :: ImportStatus -> Text
pattern ImportStatus_COMPLETED :: ImportStatus
pattern ImportStatus_FAILED :: ImportStatus
pattern ImportStatus_INITIALIZING :: ImportStatus
pattern ImportStatus_IN_PROGRESS :: ImportStatus
pattern ImportStatus_STOPPED :: ImportStatus
newtype InsightType
InsightType' :: Text -> InsightType
[fromInsightType] :: InsightType -> Text
pattern InsightType_ApiCallRateInsight :: InsightType
pattern InsightType_ApiErrorRateInsight :: InsightType
newtype LookupAttributeKey
LookupAttributeKey' :: Text -> LookupAttributeKey
[fromLookupAttributeKey] :: LookupAttributeKey -> Text
pattern LookupAttributeKey_AccessKeyId :: LookupAttributeKey
pattern LookupAttributeKey_EventId :: LookupAttributeKey
pattern LookupAttributeKey_EventName :: LookupAttributeKey
pattern LookupAttributeKey_EventSource :: LookupAttributeKey
pattern LookupAttributeKey_ReadOnly :: LookupAttributeKey
pattern LookupAttributeKey_ResourceName :: LookupAttributeKey
pattern LookupAttributeKey_ResourceType :: LookupAttributeKey
pattern LookupAttributeKey_Username :: LookupAttributeKey
newtype QueryStatus
QueryStatus' :: Text -> QueryStatus
[fromQueryStatus] :: QueryStatus -> Text
pattern QueryStatus_CANCELLED :: QueryStatus
pattern QueryStatus_FAILED :: QueryStatus
pattern QueryStatus_FINISHED :: QueryStatus
pattern QueryStatus_QUEUED :: QueryStatus
pattern QueryStatus_RUNNING :: QueryStatus
pattern QueryStatus_TIMED_OUT :: QueryStatus
newtype ReadWriteType
ReadWriteType' :: Text -> ReadWriteType
[fromReadWriteType] :: ReadWriteType -> Text
pattern ReadWriteType_All :: ReadWriteType
pattern ReadWriteType_ReadOnly :: ReadWriteType
pattern ReadWriteType_WriteOnly :: ReadWriteType
-- | Advanced event selectors let you create fine-grained selectors for the
-- following CloudTrail event record fields. They help you control costs
-- by logging only those events that are important to you. For more
-- information about advanced event selectors, see Logging data events
-- for trails in the CloudTrail User Guide.
--
--
-- readOnly
eventSource
eventName
eventCategory
resources.type
resources.ARN
--
-- You cannot apply both event selectors and advanced event selectors to
-- a trail.
--
-- See: newAdvancedEventSelector smart constructor.
data AdvancedEventSelector
AdvancedEventSelector' :: Maybe Text -> NonEmpty AdvancedFieldSelector -> AdvancedEventSelector
-- | Create a value of AdvancedEventSelector with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:name:AdvancedEventSelector',
-- advancedEventSelector_name - An optional, descriptive name for
-- an advanced event selector, such as "Log data events for only two S3
-- buckets".
--
-- $sel:fieldSelectors:AdvancedEventSelector',
-- advancedEventSelector_fieldSelectors - Contains all selector
-- statements in an advanced event selector.
newAdvancedEventSelector :: NonEmpty AdvancedFieldSelector -> AdvancedEventSelector
-- | A single selector statement in an advanced event selector.
--
-- See: newAdvancedFieldSelector smart constructor.
data AdvancedFieldSelector
AdvancedFieldSelector' :: Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Maybe (NonEmpty Text) -> Text -> AdvancedFieldSelector
-- | Create a value of AdvancedFieldSelector with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:endsWith:AdvancedFieldSelector',
-- advancedFieldSelector_endsWith - An operator that includes
-- events that match the last few characters of the event record field
-- specified as the value of Field.
--
-- $sel:equals:AdvancedFieldSelector',
-- advancedFieldSelector_equals - An operator that includes events
-- that match the exact value of the event record field specified as the
-- value of Field. This is the only valid operator that you can
-- use with the readOnly, eventCategory, and
-- resources.type fields.
--
-- $sel:notEndsWith:AdvancedFieldSelector',
-- advancedFieldSelector_notEndsWith - An operator that excludes
-- events that match the last few characters of the event record field
-- specified as the value of Field.
--
-- $sel:notEquals:AdvancedFieldSelector',
-- advancedFieldSelector_notEquals - An operator that excludes
-- events that match the exact value of the event record field specified
-- as the value of Field.
--
-- $sel:notStartsWith:AdvancedFieldSelector',
-- advancedFieldSelector_notStartsWith - An operator that excludes
-- events that match the first few characters of the event record field
-- specified as the value of Field.
--
-- $sel:startsWith:AdvancedFieldSelector',
-- advancedFieldSelector_startsWith - An operator that includes
-- events that match the first few characters of the event record field
-- specified as the value of Field.
--
-- $sel:field:AdvancedFieldSelector',
-- advancedFieldSelector_field - A field in an event record on
-- which to filter events to be logged. Supported fields include
-- readOnly, eventCategory, eventSource (for
-- management events), eventName, resources.type, and
-- resources.ARN.
--
--
-- - readOnly - Optional. Can be set to Equals
-- a value of true or false. If you do not add this
-- field, CloudTrail logs both read and write events. A
-- value of true logs only read events. A value of
-- false logs only write events.
-- - eventSource - For filtering management events
-- only. This can be set only to NotEquals
-- kms.amazonaws.com.
-- - eventName - Can use any operator. You can use it
-- to filter in or filter out any data event logged to CloudTrail, such as
-- PutBucket or GetSnapshotBlock. You can have multiple
-- values for this field, separated by commas.
-- - eventCategory - This is required. It must be set
-- to Equals, and the value must be Management or
-- Data.
-- - resources.type - This field is required.
-- resources.type can only use the Equals operator, and
-- the value can be one of the
-- following:You
-- can have only one resources.type field per selector. To log
-- data events on more than one resource type, add another selector.
-- - resources.ARN - You can use any operator with
-- resources.ARN, but if you use Equals or
-- NotEquals, the value must exactly match the ARN of a valid
-- resource of the type you've specified in the template as the value of
-- resources.type. For example, if resources.type equals
-- AWS::S3::Object, the ARN must be in one of the following
-- formats. To log all data events for all objects in a specific S3
-- bucket, use the StartsWith operator, and include only the
-- bucket ARN as the matching value.The trailing slash is intentional; do
-- not exclude it. Replace the text between less than and greater than
-- symbols (<>) with resource-specific
-- information.When
-- resources.type equals AWS::S3::AccessPoint, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in one of the following formats. To log events on all objects in an
-- S3 access point, we recommend that you use only the access point ARN,
-- don’t include the object path, and use the StartsWith or
-- NotStartsWith
-- operators.When
-- resources.type equals AWS::Lambda::Function, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::DynamoDB::Table, and the operator
-- is set to Equals or NotEquals, the ARN must be in
-- the following
-- format:When
-- resources.type equals AWS::S3Outposts::Object, and
-- the operator is set to Equals or NotEquals, the ARN
-- must be in the following
-- format:When
-- resources.type equals AWS::ManagedBlockchain::Node,
-- and the operator is set to Equals or NotEquals, the
-- ARN must be in the following
-- format:When
-- resources.type equals
-- AWS::S3ObjectLambda::AccessPoint, and the operator is set to
-- Equals or NotEquals, the ARN must be in the
-- following
-- format:When
-- resources.type equals AWS::EC2::Snapshot, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::DynamoDB::Stream, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:When
-- resources.type equals AWS::Glue::Table, and the
-- operator is set to Equals or NotEquals, the ARN must
-- be in the following
-- format:
--
newAdvancedFieldSelector :: Text -> AdvancedFieldSelector
-- | Contains information about a returned CloudTrail channel.
--
-- See: newChannel smart constructor.
data Channel
Channel' :: Maybe Text -> Maybe Text -> Channel
-- | Create a value of Channel with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:channelArn:Channel', channel_channelArn - The
-- Amazon Resource Name (ARN) of a channel.
--
-- $sel:name:Channel', channel_name - The name of the
-- CloudTrail channel. For service-linked channels, the name is
-- aws-service-channel/service-name/custom-suffix where
-- service-name represents the name of the Amazon Web Services
-- service that created the channel and custom-suffix represents
-- the suffix created by the Amazon Web Services service.
newChannel :: Channel
-- | The Amazon S3 buckets, Lambda functions, or Amazon DynamoDB tables
-- that you specify in your event selectors for your trail to log data
-- events. Data events provide information about the resource operations
-- performed on or within a resource itself. These are also known as data
-- plane operations. You can specify up to 250 data resources for a
-- trail.
--
-- The total number of allowed data resources is 250. This number can be
-- distributed between 1 and 5 event selectors, but the total cannot
-- exceed 250 across all selectors.
--
-- If you are using advanced event selectors, the maximum total number of
-- values for all conditions, across all advanced event selectors for the
-- trail, is 500.
--
-- The following example demonstrates how logging works when you
-- configure logging of all data events for an S3 bucket named
-- bucket-1. In this example, the CloudTrail user specified an
-- empty prefix, and the option to log both Read and
-- Write data events.
--
--
-- - A user uploads an image file to bucket-1.
-- - The PutObject API operation is an Amazon S3 object-level
-- API. It is recorded as a data event in CloudTrail. Because the
-- CloudTrail user specified an S3 bucket with an empty prefix, events
-- that occur on any object in that bucket are logged. The trail
-- processes and logs the event.
-- - A user uploads an object to an Amazon S3 bucket named
-- arn:aws:s3:::bucket-2.
-- - The PutObject API operation occurred for an object in an
-- S3 bucket that the CloudTrail user didn't specify for the trail. The
-- trail doesn’t log the event.
--
--
-- The following example demonstrates how logging works when you
-- configure logging of Lambda data events for a Lambda function named
-- MyLambdaFunction, but not for all Lambda functions.
--
--
-- - A user runs a script that includes a call to the
-- MyLambdaFunction function and the MyOtherLambdaFunction
-- function.
-- - The Invoke API operation on MyLambdaFunction is an
-- Lambda API. It is recorded as a data event in CloudTrail. Because the
-- CloudTrail user specified logging data events for
-- MyLambdaFunction, any invocations of that function are logged.
-- The trail processes and logs the event.
-- - The Invoke API operation on MyOtherLambdaFunction
-- is an Lambda API. Because the CloudTrail user did not specify logging
-- data events for all Lambda functions, the Invoke operation
-- for MyOtherLambdaFunction does not match the function specified
-- for the trail. The trail doesn’t log the event.
--
--
-- See: newDataResource smart constructor.
data DataResource
DataResource' :: Maybe Text -> Maybe [Text] -> DataResource
-- | Create a value of DataResource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:type':DataResource', dataResource_type - The
-- resource type in which you want to log data events. You can specify
-- the following basic event selector resource types:
--
--
-- AWS::S3::Object
AWS::Lambda::Function
AWS::DynamoDB::Table
--
-- The following resource types are also available through
-- advanced event selectors. Basic event selector resource types
-- are valid in advanced event selectors, but advanced event selector
-- resource types are not valid in basic event selectors. For more
-- information, see AdvancedFieldSelector$Field.
--
--
--
-- $sel:values:DataResource', dataResource_values - An
-- array of Amazon Resource Name (ARN) strings or partial ARN strings for
-- the specified objects.
--
--
-- - To log data events for all objects in all S3 buckets in your
-- Amazon Web Services account, specify the prefix as
-- arn:aws:s3.This also enables logging of data event activity
-- performed by any user or role in your Amazon Web Services account,
-- even if that activity is performed on a bucket that belongs to another
-- Amazon Web Services account.
-- - To log data events for all objects in an S3 bucket, specify the
-- bucket and an empty object prefix such as
-- arn:aws:s3:::bucket-1/. The trail logs data events for all
-- objects in this S3 bucket.
-- - To log data events for specific objects, specify the S3 bucket and
-- object prefix such as arn:aws:s3:::bucket-1/example-images.
-- The trail logs data events for objects in this S3 bucket that match
-- the prefix.
-- - To log data events for all Lambda functions in your Amazon Web
-- Services account, specify the prefix as arn:aws:lambda.This
-- also enables logging of Invoke activity performed by any user
-- or role in your Amazon Web Services account, even if that activity is
-- performed on a function that belongs to another Amazon Web Services
-- account.
-- - To log data events for a specific Lambda function, specify the
-- function ARN.Lambda function ARNs are exact. For example, if you
-- specify a function ARN
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld, data
-- events will only be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld. They
-- will not be logged for
-- arn:aws:lambda:us-west-2:111111111111:function:helloworld2.
-- - To log data events for all DynamoDB tables in your Amazon Web
-- Services account, specify the prefix as
-- arn:aws:dynamodb.
--
newDataResource :: DataResource
-- | Contains information about the service where CloudTrail delivers
-- events.
--
-- See: newDestination smart constructor.
data Destination
Destination' :: DestinationType -> Text -> Destination
-- | Create a value of Destination with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:type':Destination', destination_type - The type of
-- destination for events arriving from a channel. For service-linked
-- channels, the value is AWS_SERVICE.
--
-- $sel:location:Destination', destination_location - For
-- service-linked channels, the value is the name of the Amazon Web
-- Services service.
newDestination :: DestinationType -> Text -> Destination
-- | Contains information about an event that was returned by a lookup
-- request. The result includes a representation of a CloudTrail event.
--
-- See: newEvent smart constructor.
data Event
Event' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe [Resource] -> Maybe Text -> Event
-- | Create a value of Event with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:accessKeyId:Event', event_accessKeyId - The Amazon
-- Web Services access key ID that was used to sign the request. If the
-- request was made with temporary security credentials, this is the
-- access key ID of the temporary credentials.
--
-- $sel:cloudTrailEvent:Event', event_cloudTrailEvent - A
-- JSON string that contains a representation of the event returned.
--
-- $sel:eventId:Event', event_eventId - The CloudTrail ID
-- of the event returned.
--
-- $sel:eventName:Event', event_eventName - The name of the
-- event returned.
--
-- $sel:eventSource:Event', event_eventSource - The Amazon
-- Web Services service to which the request was made.
--
-- $sel:eventTime:Event', event_eventTime - The date and
-- time of the event returned.
--
-- $sel:readOnly:Event', event_readOnly - Information about
-- whether the event is a write event or a read event.
--
-- $sel:resources:Event', event_resources - A list of
-- resources referenced by the event returned.
--
-- $sel:username:Event', event_username - A user name or
-- role name of the requester that called the API in the event returned.
newEvent :: Event
-- | A storage lake of event data against which you can run complex
-- SQL-based queries. An event data store can include events that you
-- have logged on your account from the last 90 to 2557 days (about three
-- months to up to seven years). To select events for an event data
-- store, use advanced event selectors.
--
-- See: newEventDataStore smart constructor.
data EventDataStore
EventDataStore' :: Maybe [AdvancedEventSelector] -> Maybe POSIX -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Natural -> Maybe EventDataStoreStatus -> Maybe Bool -> Maybe POSIX -> EventDataStore
-- | Create a value of EventDataStore with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:advancedEventSelectors:EventDataStore',
-- eventDataStore_advancedEventSelectors - This field is being
-- deprecated. The advanced event selectors that were used to select
-- events for the data store.
--
-- $sel:createdTimestamp:EventDataStore',
-- eventDataStore_createdTimestamp - This field is being
-- deprecated. The timestamp of the event data store's creation.
--
-- $sel:eventDataStoreArn:EventDataStore',
-- eventDataStore_eventDataStoreArn - The ARN of the event data
-- store.
--
-- $sel:multiRegionEnabled:EventDataStore',
-- eventDataStore_multiRegionEnabled - This field is being
-- deprecated. Indicates whether the event data store includes events
-- from all regions, or only from the region in which it was created.
--
-- EventDataStore, eventDataStore_name - The name of the
-- event data store.
--
-- $sel:organizationEnabled:EventDataStore',
-- eventDataStore_organizationEnabled - This field is being
-- deprecated. Indicates that an event data store is collecting logged
-- events for an organization.
--
-- $sel:retentionPeriod:EventDataStore',
-- eventDataStore_retentionPeriod - This field is being
-- deprecated. The retention period, in days.
--
-- $sel:status:EventDataStore', eventDataStore_status -
-- This field is being deprecated. The status of an event data store.
-- Values are ENABLED and PENDING_DELETION.
--
-- $sel:terminationProtectionEnabled:EventDataStore',
-- eventDataStore_terminationProtectionEnabled - This field is
-- being deprecated. Indicates whether the event data store is protected
-- from termination.
--
-- $sel:updatedTimestamp:EventDataStore',
-- eventDataStore_updatedTimestamp - This field is being
-- deprecated. The timestamp showing when an event data store was
-- updated, if applicable. UpdatedTimestamp is always either the
-- same or newer than the time shown in CreatedTimestamp.
newEventDataStore :: EventDataStore
-- | Use event selectors to further specify the management and data event
-- settings for your trail. By default, trails created without specific
-- event selectors will be configured to log all read and write
-- management events, and no data events. When an event occurs in your
-- account, CloudTrail evaluates the event selector for all trails. For
-- each trail, if the event matches any event selector, the trail
-- processes and logs the event. If the event doesn't match any event
-- selector, the trail doesn't log the event.
--
-- You can configure up to five event selectors for a trail.
--
-- You cannot apply both event selectors and advanced event selectors to
-- a trail.
--
-- See: newEventSelector smart constructor.
data EventSelector
EventSelector' :: Maybe [DataResource] -> Maybe [Text] -> Maybe Bool -> Maybe ReadWriteType -> EventSelector
-- | Create a value of EventSelector with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:dataResources:EventSelector',
-- eventSelector_dataResources - CloudTrail supports data event
-- logging for Amazon S3 objects, Lambda functions, and Amazon DynamoDB
-- tables with basic event selectors. You can specify up to 250 resources
-- for an individual event selector, but the total number of data
-- resources cannot exceed 250 across all event selectors in a trail.
-- This limit does not apply if you configure resource logging for all
-- data events.
--
-- For more information, see Data Events and Limits in
-- CloudTrail in the CloudTrail User Guide.
--
-- $sel:excludeManagementEventSources:EventSelector',
-- eventSelector_excludeManagementEventSources - An optional list
-- of service event sources from which you do not want management events
-- to be logged on your trail. In this release, the list can be empty
-- (disables the filter), or it can filter out Key Management Service or
-- Amazon RDS Data API events by containing kms.amazonaws.com or
-- rdsdata.amazonaws.com. By default,
-- ExcludeManagementEventSources is empty, and KMS and Amazon
-- RDS Data API events are logged to your trail. You can exclude
-- management event sources only in regions that support the event
-- source.
--
-- $sel:includeManagementEvents:EventSelector',
-- eventSelector_includeManagementEvents - Specify if you want
-- your event selector to include management events for your trail.
--
-- For more information, see Management Events in the
-- CloudTrail User Guide.
--
-- By default, the value is true.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see CloudTrail Pricing.
--
-- $sel:readWriteType:EventSelector',
-- eventSelector_readWriteType - Specify if you want your trail to
-- log read-only events, write-only events, or all. For example, the EC2
-- GetConsoleOutput is a read-only API operation and
-- RunInstances is a write-only API operation.
--
-- By default, the value is All.
newEventSelector :: EventSelector
-- | Provides information about an import failure.
--
-- See: newImportFailureListItem smart constructor.
data ImportFailureListItem
ImportFailureListItem' :: Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe ImportFailureStatus -> ImportFailureListItem
-- | Create a value of ImportFailureListItem with all optional
-- fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:errorMessage:ImportFailureListItem',
-- importFailureListItem_errorMessage - Provides the reason the
-- import failed.
--
-- $sel:errorType:ImportFailureListItem',
-- importFailureListItem_errorType - The type of import error.
--
-- $sel:lastUpdatedTime:ImportFailureListItem',
-- importFailureListItem_lastUpdatedTime - When the import was
-- last updated.
--
-- $sel:location:ImportFailureListItem',
-- importFailureListItem_location - The location of the failure in
-- the S3 bucket.
--
-- $sel:status:ImportFailureListItem',
-- importFailureListItem_status - The status of the import.
newImportFailureListItem :: ImportFailureListItem
-- | The import source.
--
-- See: newImportSource smart constructor.
data ImportSource
ImportSource' :: S3ImportSource -> ImportSource
-- | Create a value of ImportSource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:s3:ImportSource', importSource_s3 - The source S3
-- bucket.
newImportSource :: S3ImportSource -> ImportSource
-- | Provides statistics for the specified ImportID. CloudTrail
-- does not update import statistics in real-time. Returned values for
-- parameters such as EventsCompleted may be lower than the
-- actual value, because CloudTrail updates statistics incrementally over
-- the course of the import.
--
-- See: newImportStatistics smart constructor.
data ImportStatistics
ImportStatistics' :: Maybe Integer -> Maybe Integer -> Maybe Integer -> Maybe Integer -> Maybe Integer -> ImportStatistics
-- | Create a value of ImportStatistics with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:eventsCompleted:ImportStatistics',
-- importStatistics_eventsCompleted - The number of trail events
-- imported into the event data store.
--
-- $sel:failedEntries:ImportStatistics',
-- importStatistics_failedEntries - The number of failed entries.
--
-- $sel:filesCompleted:ImportStatistics',
-- importStatistics_filesCompleted - The number of log files that
-- completed import.
--
-- $sel:prefixesCompleted:ImportStatistics',
-- importStatistics_prefixesCompleted - The number of S3 prefixes
-- that completed import.
--
-- $sel:prefixesFound:ImportStatistics',
-- importStatistics_prefixesFound - The number of S3 prefixes
-- found for the import.
newImportStatistics :: ImportStatistics
-- | Contains information about an import that was returned by a lookup
-- request.
--
-- See: newImportsListItem smart constructor.
data ImportsListItem
ImportsListItem' :: Maybe POSIX -> Maybe (NonEmpty Text) -> Maybe Text -> Maybe ImportStatus -> Maybe POSIX -> ImportsListItem
-- | Create a value of ImportsListItem with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:createdTimestamp:ImportsListItem',
-- importsListItem_createdTimestamp - The timestamp of the
-- import's creation.
--
-- $sel:destinations:ImportsListItem',
-- importsListItem_destinations - The ARN of the destination event
-- data store.
--
-- $sel:importId:ImportsListItem', importsListItem_importId
-- - The ID of the import.
--
-- $sel:importStatus:ImportsListItem',
-- importsListItem_importStatus - The status of the import.
--
-- $sel:updatedTimestamp:ImportsListItem',
-- importsListItem_updatedTimestamp - The timestamp of the
-- import's last update.
newImportsListItem :: ImportsListItem
-- | A JSON string that contains a list of insight types that are logged on
-- a trail.
--
-- See: newInsightSelector smart constructor.
data InsightSelector
InsightSelector' :: Maybe InsightType -> InsightSelector
-- | Create a value of InsightSelector with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:insightType:InsightSelector',
-- insightSelector_insightType - The type of insights to log on a
-- trail. ApiCallRateInsight and ApiErrorRateInsight
-- are valid insight types.
newInsightSelector :: InsightSelector
-- | Specifies an attribute and value that filter the events returned.
--
-- See: newLookupAttribute smart constructor.
data LookupAttribute
LookupAttribute' :: LookupAttributeKey -> Text -> LookupAttribute
-- | Create a value of LookupAttribute with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:attributeKey:LookupAttribute',
-- lookupAttribute_attributeKey - Specifies an attribute on which
-- to filter the events returned.
--
-- $sel:attributeValue:LookupAttribute',
-- lookupAttribute_attributeValue - Specifies a value for the
-- specified AttributeKey.
newLookupAttribute :: LookupAttributeKey -> Text -> LookupAttribute
-- | Contains information about a returned public key.
--
-- See: newPublicKey smart constructor.
data PublicKey
PublicKey' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Base64 -> PublicKey
-- | Create a value of PublicKey with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:fingerprint:PublicKey', publicKey_fingerprint - The
-- fingerprint of the public key.
--
-- $sel:validityEndTime:PublicKey',
-- publicKey_validityEndTime - The ending time of validity of the
-- public key.
--
-- $sel:validityStartTime:PublicKey',
-- publicKey_validityStartTime - The starting time of validity of
-- the public key.
--
-- $sel:value:PublicKey', publicKey_value - The DER encoded
-- public key value in PKCS#1 format.-- -- Note: This
-- Lens automatically encodes and decodes Base64 data. -- The
-- underlying isomorphism will encode to Base64 representation during --
-- serialisation, and decode from Base64 representation during
-- deserialisation. -- This Lens accepts and returns only raw
-- unencoded data.
newPublicKey :: PublicKey
-- | A SQL string of criteria about events that you want to collect in an
-- event data store.
--
-- See: newQuery smart constructor.
data Query
Query' :: Maybe POSIX -> Maybe Text -> Maybe QueryStatus -> Query
-- | Create a value of Query with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:creationTime:Query', query_creationTime - The
-- creation time of a query.
--
-- $sel:queryId:Query', query_queryId - The ID of a query.
--
-- $sel:queryStatus:Query', query_queryStatus - The status
-- of the query. This can be QUEUED, RUNNING,
-- FINISHED, FAILED, TIMED_OUT, or
-- CANCELLED.
newQuery :: Query
-- | Metadata about a query, such as the number of results.
--
-- See: newQueryStatistics smart constructor.
data QueryStatistics
QueryStatistics' :: Maybe Integer -> Maybe Int -> Maybe Int -> QueryStatistics
-- | Create a value of QueryStatistics with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:bytesScanned:QueryStatistics',
-- queryStatistics_bytesScanned - The total bytes that the query
-- scanned in the event data store. This value matches the number of
-- bytes for which your account is billed for the query, unless the query
-- is still running.
--
-- $sel:resultsCount:QueryStatistics',
-- queryStatistics_resultsCount - The number of results returned.
--
-- $sel:totalResultsCount:QueryStatistics',
-- queryStatistics_totalResultsCount - The total number of results
-- returned by a query.
newQueryStatistics :: QueryStatistics
-- | Gets metadata about a query, including the number of events that were
-- matched, the total number of events scanned, the query run time in
-- milliseconds, and the query's creation time.
--
-- See: newQueryStatisticsForDescribeQuery smart
-- constructor.
data QueryStatisticsForDescribeQuery
QueryStatisticsForDescribeQuery' :: Maybe Integer -> Maybe POSIX -> Maybe Integer -> Maybe Integer -> Maybe Int -> QueryStatisticsForDescribeQuery
-- | Create a value of QueryStatisticsForDescribeQuery with all
-- optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:bytesScanned:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_bytesScanned - The total bytes
-- that the query scanned in the event data store. This value matches the
-- number of bytes for which your account is billed for the query, unless
-- the query is still running.
--
-- $sel:creationTime:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_creationTime - The creation
-- time of the query.
--
-- $sel:eventsMatched:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_eventsMatched - The number of
-- events that matched a query.
--
-- $sel:eventsScanned:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_eventsScanned - The number of
-- events that the query scanned in the event data store.
--
-- $sel:executionTimeInMillis:QueryStatisticsForDescribeQuery',
-- queryStatisticsForDescribeQuery_executionTimeInMillis - The
-- query's run time, in milliseconds.
newQueryStatisticsForDescribeQuery :: QueryStatisticsForDescribeQuery
-- | Specifies the type and name of a resource referenced by an event.
--
-- See: newResource smart constructor.
data Resource
Resource' :: Maybe Text -> Maybe Text -> Resource
-- | Create a value of Resource with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:resourceName:Resource', resource_resourceName - The
-- name of the resource referenced by the event returned. These are
-- user-created names whose values will depend on the environment. For
-- example, the resource name might be "auto-scaling-test-group" for an
-- Auto Scaling Group or "i-1234567" for an EC2 Instance.
--
-- $sel:resourceType:Resource', resource_resourceType - The
-- type of a resource referenced by the event returned. When the resource
-- type cannot be determined, null is returned. Some examples of resource
-- types are: Instance for EC2, Trail for CloudTrail,
-- DBInstance for Amazon RDS, and AccessKey for IAM. To
-- learn more about how to look up and filter events by the resource
-- types supported for a service, see Filtering CloudTrail Events.
newResource :: Resource
-- | A resource tag.
--
-- See: newResourceTag smart constructor.
data ResourceTag
ResourceTag' :: Maybe Text -> Maybe [Tag] -> ResourceTag
-- | Create a value of ResourceTag with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:resourceId:ResourceTag', resourceTag_resourceId -
-- Specifies the ARN of the resource.
--
-- $sel:tagsList:ResourceTag', resourceTag_tagsList - A
-- list of tags.
newResourceTag :: ResourceTag
-- | The settings for the source S3 bucket.
--
-- See: newS3ImportSource smart constructor.
data S3ImportSource
S3ImportSource' :: Text -> Text -> Text -> S3ImportSource
-- | Create a value of S3ImportSource with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:s3LocationUri:S3ImportSource',
-- s3ImportSource_s3LocationUri - The URI for the source S3
-- bucket.
--
-- $sel:s3BucketRegion:S3ImportSource',
-- s3ImportSource_s3BucketRegion - The region associated with the
-- source S3 bucket.
--
-- $sel:s3BucketAccessRoleArn:S3ImportSource',
-- s3ImportSource_s3BucketAccessRoleArn - The IAM ARN role used to
-- access the source S3 bucket.
newS3ImportSource :: Text -> Text -> Text -> S3ImportSource
-- | Contains configuration information about the channel.
--
-- See: newSourceConfig smart constructor.
data SourceConfig
SourceConfig' :: Maybe [AdvancedEventSelector] -> Maybe Bool -> SourceConfig
-- | Create a value of SourceConfig with all optional fields
-- omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:advancedEventSelectors:SourceConfig',
-- sourceConfig_advancedEventSelectors - The advanced event
-- selectors that are configured for the channel.
--
-- $sel:applyToAllRegions:SourceConfig',
-- sourceConfig_applyToAllRegions - Specifies whether the channel
-- applies to a single region or to all regions.
newSourceConfig :: SourceConfig
-- | A custom key-value pair associated with a resource such as a
-- CloudTrail trail.
--
-- See: newTag smart constructor.
data Tag
Tag' :: Maybe Text -> Text -> Tag
-- | Create a value of Tag with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:value:Tag', tag_value - The value in a key-value
-- pair of a tag. The value must be no longer than 256 Unicode
-- characters.
--
-- $sel:key:Tag', tag_key - The key in a key-value pair.
-- The key must be must be no longer than 128 Unicode characters. The key
-- must be unique for the resource to which it applies.
newTag :: Text -> Tag
-- | The settings for a trail.
--
-- See: newTrail smart constructor.
data Trail
Trail' :: Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Trail
-- | Create a value of Trail with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:cloudWatchLogsLogGroupArn:Trail',
-- trail_cloudWatchLogsLogGroupArn - Specifies an Amazon Resource
-- Name (ARN), a unique identifier that represents the log group to which
-- CloudTrail logs will be delivered.
--
-- $sel:cloudWatchLogsRoleArn:Trail',
-- trail_cloudWatchLogsRoleArn - Specifies the role for the
-- CloudWatch Logs endpoint to assume to write to a user's log group.
--
-- $sel:hasCustomEventSelectors:Trail',
-- trail_hasCustomEventSelectors - Specifies if the trail has
-- custom event selectors.
--
-- $sel:hasInsightSelectors:Trail',
-- trail_hasInsightSelectors - Specifies whether a trail has
-- insight types specified in an InsightSelector list.
--
-- $sel:homeRegion:Trail', trail_homeRegion - The region in
-- which the trail was created.
--
-- $sel:includeGlobalServiceEvents:Trail',
-- trail_includeGlobalServiceEvents - Set to True to
-- include Amazon Web Services API calls from Amazon Web Services global
-- services such as IAM. Otherwise, False.
--
-- $sel:isMultiRegionTrail:Trail', trail_isMultiRegionTrail
-- - Specifies whether the trail exists only in one region or exists in
-- all regions.
--
-- $sel:isOrganizationTrail:Trail',
-- trail_isOrganizationTrail - Specifies whether the trail is an
-- organization trail.
--
-- $sel:kmsKeyId:Trail', trail_kmsKeyId - Specifies the KMS
-- key ID that encrypts the logs delivered by CloudTrail. The value is a
-- fully specified ARN to a KMS key in the following format.
--
--
-- arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
--
--
-- $sel:logFileValidationEnabled:Trail',
-- trail_logFileValidationEnabled - Specifies whether log file
-- validation is enabled.
--
-- $sel:name:Trail', trail_name - Name of the trail set by
-- calling CreateTrail. The maximum length is 128 characters.
--
-- $sel:s3BucketName:Trail', trail_s3BucketName - Name of
-- the Amazon S3 bucket into which CloudTrail delivers your trail files.
-- See Amazon S3 Bucket Naming Requirements.
--
-- $sel:s3KeyPrefix:Trail', trail_s3KeyPrefix - Specifies
-- the Amazon S3 key prefix that comes after the name of the bucket you
-- have designated for log file delivery. For more information, see
-- Finding Your CloudTrail Log Files. The maximum length is 200
-- characters.
--
-- $sel:snsTopicARN:Trail', trail_snsTopicARN - Specifies
-- the ARN of the Amazon SNS topic that CloudTrail uses to send
-- notifications when log files are delivered. The following is the
-- format of a topic ARN.
--
--
-- arn:aws:sns:us-east-2:123456789012:MyTopic
--
--
-- $sel:snsTopicName:Trail', trail_snsTopicName - This
-- field is no longer in use. Use SnsTopicARN.
--
-- $sel:trailARN:Trail', trail_trailARN - Specifies the ARN
-- of the trail. The following is the format of a trail ARN.
--
--
-- arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
--
newTrail :: Trail
-- | Information about a CloudTrail trail, including the trail's name, home
-- region, and Amazon Resource Name (ARN).
--
-- See: newTrailInfo smart constructor.
data TrailInfo
TrailInfo' :: Maybe Text -> Maybe Text -> Maybe Text -> TrailInfo
-- | Create a value of TrailInfo with all optional fields omitted.
--
-- Use generic-lens or optics to modify other optional
-- fields.
--
-- The following record fields are available, with the corresponding
-- lenses provided for backwards compatibility:
--
-- $sel:homeRegion:TrailInfo', trailInfo_homeRegion - The
-- Amazon Web Services Region in which a trail was created.
--
-- $sel:name:TrailInfo', trailInfo_name - The name of a
-- trail.
--
-- $sel:trailARN:TrailInfo', trailInfo_trailARN - The ARN
-- of a trail.
newTrailInfo :: TrailInfo