CLOUDTRAIL
AddTags
valid {
input.Body.ResourceId == STRING
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CancelQuery
valid {
input.Body.EventDataStore == STRING
input.Body.QueryId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateChannel
enum_DestinationType := [ "EVENT_DATA_STORE", "AWS_SERVICE" ]
valid {
input.Body.Name == STRING
input.Body.Source == STRING
input.Body.Destinations[_].Type == enum_DestinationType[_]
input.Body.Destinations[_].Location == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateEventDataStore
enum_BillingMode := [ "EXTENDABLE_RETENTION_PRICING", "FIXED_RETENTION_PRICING" ]
valid {
input.Body.Name == STRING
input.Body.AdvancedEventSelectors[_].Name == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Field == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Equals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].StartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].EndsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEquals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotStartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEndsWith[_] == STRING
input.Body.MultiRegionEnabled == BOOLEAN
input.Body.OrganizationEnabled == BOOLEAN
input.Body.RetentionPeriod == INTEGER
input.Body.TerminationProtectionEnabled == BOOLEAN
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.Body.KmsKeyId == STRING
input.Body.StartIngestion == BOOLEAN
input.Body.BillingMode == enum_BillingMode[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTrail
valid {
input.Body.Name == STRING
input.Body.S3BucketName == STRING
input.Body.S3KeyPrefix == STRING
input.Body.SnsTopicName == STRING
input.Body.IncludeGlobalServiceEvents == BOOLEAN
input.Body.IsMultiRegionTrail == BOOLEAN
input.Body.EnableLogFileValidation == BOOLEAN
input.Body.CloudWatchLogsLogGroupArn == STRING
input.Body.CloudWatchLogsRoleArn == STRING
input.Body.KmsKeyId == STRING
input.Body.IsOrganizationTrail == BOOLEAN
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteChannel
valid {
input.Body.Channel == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteEventDataStore
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTrail
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeregisterOrganizationDelegatedAdmin
valid {
input.Body.DelegatedAdminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeQuery
valid {
input.Body.EventDataStore == STRING
input.Body.QueryId == STRING
input.Body.QueryAlias == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTrails
valid {
input.Body.trailNameList[_] == STRING
input.Body.includeShadowTrails == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableFederation
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableFederation
valid {
input.Body.EventDataStore == STRING
input.Body.FederationRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetChannel
valid {
input.Body.Channel == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEventDataStore
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEventSelectors
valid {
input.Body.TrailName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetImport
valid {
input.Body.ImportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInsightSelectors
valid {
input.Body.TrailName == STRING
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetQueryResults
valid {
input.Body.EventDataStore == STRING
input.Body.QueryId == STRING
input.Body.NextToken == STRING
input.Body.MaxQueryResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetTrail
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetTrailStatus
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListChannels
valid {
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListEventDataStores
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListImportFailures
valid {
input.Body.ImportId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListImports
enum_ImportStatus := [ "INITIALIZING", "IN_PROGRESS", "FAILED", "STOPPED", "COMPLETED" ]
valid {
input.Body.MaxResults == INTEGER
input.Body.Destination == STRING
input.Body.ImportStatus == enum_ImportStatus[_]
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInsightsMetricData
enum_InsightType := [ "ApiCallRateInsight", "ApiErrorRateInsight" ]
enum_InsightsMetricDataType := [ "FillWithZeros", "NonZeroData" ]
valid {
input.Body.EventSource == STRING
input.Body.EventName == STRING
input.Body.InsightType == enum_InsightType[_]
input.Body.ErrorCode == STRING
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.Period == INTEGER
input.Body.DataType == enum_InsightsMetricDataType[_]
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPublicKeys
valid {
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListQueries
enum_QueryStatus := [ "QUEUED", "RUNNING", "FINISHED", "FAILED", "CANCELLED", "TIMED_OUT" ]
valid {
input.Body.EventDataStore == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.QueryStatus == enum_QueryStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTags
valid {
input.Body.ResourceIdList[_] == STRING
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTrails
valid {
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
LookupEvents
enum_EventCategory := [ "insight" ]
enum_LookupAttributeKey := [ "EventId", "EventName", "ReadOnly", "Username", "ResourceType", "ResourceName", "EventSource", "AccessKeyId" ]
valid {
input.Body.LookupAttributes[_].AttributeKey == enum_LookupAttributeKey[_]
input.Body.LookupAttributes[_].AttributeValue == STRING
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.EventCategory == enum_EventCategory[_]
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutEventSelectors
enum_ReadWriteType := [ "ReadOnly", "WriteOnly", "All" ]
valid {
input.Body.TrailName == STRING
input.Body.EventSelectors[_].ReadWriteType == enum_ReadWriteType[_]
input.Body.EventSelectors[_].IncludeManagementEvents == BOOLEAN
input.Body.EventSelectors[_].DataResources[_].Type == STRING
input.Body.EventSelectors[_].DataResources[_].Values[_] == STRING
input.Body.EventSelectors[_].ExcludeManagementEventSources[_] == STRING
input.Body.AdvancedEventSelectors[_].Name == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Field == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Equals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].StartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].EndsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEquals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotStartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEndsWith[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutInsightSelectors
enum_InsightType := [ "ApiCallRateInsight", "ApiErrorRateInsight" ]
valid {
input.Body.TrailName == STRING
input.Body.InsightSelectors[_].InsightType == enum_InsightType[_]
input.Body.EventDataStore == STRING
input.Body.InsightsDestination == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.Body.ResourcePolicy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RegisterOrganizationDelegatedAdmin
valid {
input.Body.MemberAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveTags
valid {
input.Body.ResourceId == STRING
input.Body.TagsList[_].Key == STRING
input.Body.TagsList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RestoreEventDataStore
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartEventDataStoreIngestion
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartImport
valid {
input.Body.Destinations[_] == STRING
input.Body.ImportSource.S3.S3LocationUri == STRING
input.Body.ImportSource.S3.S3BucketRegion == STRING
input.Body.ImportSource.S3.S3BucketAccessRoleArn == STRING
input.Body.StartEventTime == TIMESTAMP
input.Body.EndEventTime == TIMESTAMP
input.Body.ImportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartLogging
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartQuery
valid {
input.Body.QueryStatement == STRING
input.Body.DeliveryS3Uri == STRING
input.Body.QueryAlias == STRING
input.Body.QueryParameters[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopEventDataStoreIngestion
valid {
input.Body.EventDataStore == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopImport
valid {
input.Body.ImportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopLogging
valid {
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateChannel
enum_DestinationType := [ "EVENT_DATA_STORE", "AWS_SERVICE" ]
valid {
input.Body.Channel == STRING
input.Body.Destinations[_].Type == enum_DestinationType[_]
input.Body.Destinations[_].Location == STRING
input.Body.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateEventDataStore
enum_BillingMode := [ "EXTENDABLE_RETENTION_PRICING", "FIXED_RETENTION_PRICING" ]
valid {
input.Body.EventDataStore == STRING
input.Body.Name == STRING
input.Body.AdvancedEventSelectors[_].Name == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Field == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].Equals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].StartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].EndsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEquals[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotStartsWith[_] == STRING
input.Body.AdvancedEventSelectors[_].FieldSelectors[_].NotEndsWith[_] == STRING
input.Body.MultiRegionEnabled == BOOLEAN
input.Body.OrganizationEnabled == BOOLEAN
input.Body.RetentionPeriod == INTEGER
input.Body.TerminationProtectionEnabled == BOOLEAN
input.Body.KmsKeyId == STRING
input.Body.BillingMode == enum_BillingMode[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateTrail
valid {
input.Body.Name == STRING
input.Body.S3BucketName == STRING
input.Body.S3KeyPrefix == STRING
input.Body.SnsTopicName == STRING
input.Body.IncludeGlobalServiceEvents == BOOLEAN
input.Body.IsMultiRegionTrail == BOOLEAN
input.Body.EnableLogFileValidation == BOOLEAN
input.Body.CloudWatchLogsLogGroupArn == STRING
input.Body.CloudWatchLogsRoleArn == STRING
input.Body.KmsKeyId == STRING
input.Body.IsOrganizationTrail == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago