CLOUDTRAIL
AddTags
valid {
input.Body.ResourceId == STRING
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CancelQuery
valid {
input.Body.EventDataStore == STRING
input.Body.QueryId == STRING
input.Body.EventDataStoreOwnerAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateChannel
enum_DestinationType := [ "EVENT_DATA_STORE", "AWS_SERVICE" ]
valid {
input.Body.Name == STRING
input.Body.Source == STRING
input.Body.Destinations[_].Type == enum_DestinationType[_]
input.Body.Destinations[_].Location == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateDashboard
enum_RefreshScheduleFrequencyUnit := [ "HOURS", "DAYS" ]
enum_RefreshScheduleStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.Name == STRING
input.Body.RefreshSchedule.Frequency.Unit == enum_RefreshScheduleFrequencyUnit[_]
input.Body.RefreshSchedule.Frequency.Value == INTEGER
input.Body.RefreshSchedule.Status == enum_RefreshScheduleStatus[_]
input.Body.RefreshSchedule.TimeOfDay == STRING
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.Body.TerminationProtectionEnabled == BOOLEAN
input.Body.Widgets[_].QueryStatement == STRING
input.Body.Widgets[_].QueryParameters[_] == STRING
input.Body.Widgets[_].ViewProperties.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateEventDataStore
enum_BillingMode := [ "EXTENDABLE_RETENTION_PRICING", "FIXED_RETENTION_PRICING" ]
valid {
input.Body.Name == STRING
input.Body.AdvancedEventSelectors[_].Name == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Field == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Equals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].StartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].EndsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEquals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotStartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEndsWith[_] == STRING
input.Body.MultiRegionEnabled == BOOLEAN
input.Body.OrganizationEnabled == BOOLEAN
input.Body.RetentionPeriod == INTEGER
input.Body.TerminationProtectionEnabled == BOOLEAN
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.Body.KmsKeyId == STRING
input.Body.StartIngestion == BOOLEAN
input.Body.BillingMode == enum_BillingMode[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateTrail
valid {
input.Body.Name == STRING
input.Body.S3BucketName == STRING
input.Body.S3KeyPrefix == STRING
input.Body.SnsTopicName == STRING
input.Body.IncludeGlobalServiceEvents == BOOLEAN
input.Body.IsMultiRegionTrail == BOOLEAN
input.Body.EnableLogFileValidation == BOOLEAN
input.Body.CloudWatchLogsLogGroupArn == STRING
input.Body.CloudWatchLogsRoleArn == STRING
input.Body.KmsKeyId == STRING
input.Body.IsOrganizationTrail == BOOLEAN
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteChannel
valid {
input.Body.Channel == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteDashboard
valid {
input.Body.DashboardId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteEventDataStore
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteTrail
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeregisterOrganizationDelegatedAdmin
valid {
input.Body.DelegatedAdminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeQuery
valid {
input.Body.EventDataStore == STRING
input.Body.QueryId == STRING
input.Body.QueryAlias == STRING
input.Body.RefreshId == STRING
input.Body.EventDataStoreOwnerAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeTrails
valid {
input.Body.trailNameList[_] == STRING
input.Body.includeShadowTrails == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisableFederation
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}EnableFederation
valid {
input.Body.EventDataStore == STRING
input.Body.FederationRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateQuery
valid {
input.Body.EventDataStores[_] == STRING
input.Body.Prompt == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetChannel
valid {
input.Body.Channel == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDashboard
valid {
input.Body.DashboardId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEventConfiguration
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEventDataStore
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEventSelectors
valid {
input.Body.TrailName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetImport
valid {
input.Body.ImportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetInsightSelectors
valid {
input.Body.TrailName == STRING
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetQueryResults
valid {
input.Body.EventDataStore == STRING
input.Body.QueryId == STRING
input.Body.NextToken == STRING
input.Body.MaxQueryResults == INTEGER
input.Body.EventDataStoreOwnerAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetTrail
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetTrailStatus
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListChannels
valid {
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListDashboards
enum_DashboardType := [ "MANAGED", "CUSTOM" ]
valid {
input.Body.NamePrefix == STRING
input.Body.Type == enum_DashboardType[_]
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListEventDataStores
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListImportFailures
valid {
input.Body.ImportId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListImports
enum_ImportStatus := [ "INITIALIZING", "IN_PROGRESS", "FAILED", "STOPPED", "COMPLETED" ]
valid {
input.Body.MaxResults == INTEGER
input.Body.Destination == STRING
input.Body.ImportStatus == enum_ImportStatus[_]
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListInsightsMetricData
enum_InsightType := [ "ApiCallRateInsight", "ApiErrorRateInsight" ]
enum_InsightsMetricDataType := [ "FillWithZeros", "NonZeroData" ]
valid {
input.Body.EventSource == STRING
input.Body.EventName == STRING
input.Body.InsightType == enum_InsightType[_]
input.Body.ErrorCode == STRING
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.Period == INTEGER
input.Body.DataType == enum_InsightsMetricDataType[_]
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListPublicKeys
valid {
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListQueries
enum_QueryStatus := [ "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED", "TIMED_OUT" ]
valid {
input.Body.EventDataStore == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.QueryStatus == enum_QueryStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTags
valid {
input.Body.ResourceIdList[_] == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTrails
valid {
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}LookupEvents
enum_EventCategory := [ "insight" ]
enum_LookupAttributeKey := [ "EventId", "EventName", "ReadOnly", "Username", "ResourceType", "ResourceName", "EventSource", "AccessKeyId" ]
valid {
input.Body.LookupAttributes[_].AttributeKey == enum_LookupAttributeKey[_]
input.Body.LookupAttributes[_].AttributeValue == STRING
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.EventCategory == enum_EventCategory[_]
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutEventConfiguration
enum_MaxEventSize := [ "Standard", "Large" ]
enum_Type := [ "TagContext", "RequestContext" ]
valid {
input.Body.EventDataStore == STRING
input.Body.MaxEventSize == enum_MaxEventSize[_]
input.Body.ContextKeySelectors[_].Type == enum_Type[_]
input.Body.ContextKeySelectors[_].Equals[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutEventSelectors
enum_ReadWriteType := [ "ReadOnly", "WriteOnly", "All" ]
valid {
input.Body.TrailName == STRING
input.Body.EventSelectors[_].ReadWriteType == enum_ReadWriteType[_]
input.Body.EventSelectors[_].IncludeManagementEvents == BOOLEAN
input.Body.EventSelectors[_].DataResources[_].Type == STRING
input.Body.EventSelectors[_].DataResources[_].Values[_] == STRING
input.Body.EventSelectors[_].ExcludeManagementEventSources[_] == STRING
input.Body.AdvancedEventSelectors[_].Name == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Field == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Equals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].StartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].EndsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEquals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotStartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEndsWith[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutInsightSelectors
enum_InsightType := [ "ApiCallRateInsight", "ApiErrorRateInsight" ]
valid {
input.Body.TrailName == STRING
input.Body.InsightSelectors[_].InsightType == enum_InsightType[_]
input.Body.EventDataStore == STRING
input.Body.InsightsDestination == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.Body.ResourcePolicy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RegisterOrganizationDelegatedAdmin
valid {
input.Body.MemberAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RemoveTags
valid {
input.Body.ResourceId == STRING
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RestoreEventDataStore
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SearchSampleQueries
valid {
input.Body.SearchPhrase == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartDashboardRefresh
valid {
input.Body.DashboardId == STRING
input.Body.QueryParameterValues.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartEventDataStoreIngestion
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartImport
valid {
input.Body.Destinations[_] == STRING
input.Body.ImportSource.S3.S3LocationUri == STRING
input.Body.ImportSource.S3.S3BucketRegion == STRING
input.Body.ImportSource.S3.S3BucketAccessRoleArn == STRING
input.Body.StartEventTime == TIMESTAMP
input.Body.EndEventTime == TIMESTAMP
input.Body.ImportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartLogging
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartQuery
valid {
input.Body.QueryStatement == STRING
input.Body.DeliveryS3Uri == STRING
input.Body.QueryAlias == STRING
input.Body.QueryParameters[_] == STRING
input.Body.EventDataStoreOwnerAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StopEventDataStoreIngestion
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StopImport
valid {
input.Body.ImportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StopLogging
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateChannel
enum_DestinationType := [ "EVENT_DATA_STORE", "AWS_SERVICE" ]
valid {
input.Body.Channel == STRING
input.Body.Destinations[_].Type == enum_DestinationType[_]
input.Body.Destinations[_].Location == STRING
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateDashboard
enum_RefreshScheduleFrequencyUnit := [ "HOURS", "DAYS" ]
enum_RefreshScheduleStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.DashboardId == STRING
input.Body.Widgets[_].QueryStatement == STRING
input.Body.Widgets[_].QueryParameters[_] == STRING
input.Body.Widgets[_].ViewProperties.STRING == STRING
input.Body.RefreshSchedule.Frequency.Unit == enum_RefreshScheduleFrequencyUnit[_]
input.Body.RefreshSchedule.Frequency.Value == INTEGER
input.Body.RefreshSchedule.Status == enum_RefreshScheduleStatus[_]
input.Body.RefreshSchedule.TimeOfDay == STRING
input.Body.TerminationProtectionEnabled == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateEventDataStore
enum_BillingMode := [ "EXTENDABLE_RETENTION_PRICING", "FIXED_RETENTION_PRICING" ]
valid {
input.Body.EventDataStore == STRING
input.Body.Name == STRING
input.Body.AdvancedEventSelectors[_].Name == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Field == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Equals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].StartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].EndsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEquals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotStartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEndsWith[_] == STRING
input.Body.MultiRegionEnabled == BOOLEAN
input.Body.OrganizationEnabled == BOOLEAN
input.Body.RetentionPeriod == INTEGER
input.Body.TerminationProtectionEnabled == BOOLEAN
input.Body.KmsKeyId == STRING
input.Body.BillingMode == enum_BillingMode[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateTrail
valid {
input.Body.Name == STRING
input.Body.S3BucketName == STRING
input.Body.S3KeyPrefix == STRING
input.Body.SnsTopicName == STRING
input.Body.IncludeGlobalServiceEvents == BOOLEAN
input.Body.IsMultiRegionTrail == BOOLEAN
input.Body.EnableLogFileValidation == BOOLEAN
input.Body.CloudWatchLogsLogGroupArn == STRING
input.Body.CloudWatchLogsRoleArn == STRING
input.Body.KmsKeyId == STRING
input.Body.IsOrganizationTrail == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 12 days ago