U 3 djB@sXddlZddlmZddlmZddlmZddlmZddl m Z GdddeZ dS) N)AWSQueryConnection) RegionInfo)JSONResponseError) exceptions)jsoncseZdZdZdZdZdZdZdZe Z e j e j e je je je je je je je je je je je je je je jdZfdd Zd d Zdd dZ ddZ!d ddZ"ddZ#d!ddZ$ddZ%ddZ&d"ddZ'ddZ(Z)S)#CloudTrailConnectiona AWS CloudTrail This is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters, and common errors for CloudTrail. CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service. As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWSCloudTrail. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the `Tools for Amazon Web Services page`_. See the CloudTrail User Guide for information about the data that is included with each AWS API call listed in the log files. z 2013-11-01z us-east-1z"cloudtrail.us-east-1.amazonaws.comZ CloudTrailz6com.amazonaws.cloudtrail.v20131101.CloudTrail_20131101)InvalidMaxResultsExceptionInvalidSnsTopicNameExceptionInvalidS3BucketNameExceptionTrailAlreadyExistsExceptionInvalidTimeRangeException InvalidLookupAttributesException#InsufficientSnsTopicPolicyException)InvalidCloudWatchLogsLogGroupArnException%InvalidCloudWatchLogsRoleArnExceptionInvalidTrailNameException*CloudWatchLogsDeliveryUnavailableExceptionTrailNotFoundExceptionS3BucketDoesNotExistExceptionInvalidNextTokenExceptionInvalidS3PrefixException&MaximumNumberOfTrailsExceededException#InsufficientS3BucketPolicyExceptionc sZ|dd}|s t||j|j}d|ks4|ddkr>|j|d<tt|jf|||_dS)Nregionhost) poprDefaultRegionNameDefaultRegionEndpointendpointsuperr__init__r)selfkwargsr __class__:/tmp/pip-unpacked-wheel-d7dsrkjd/boto/cloudtrail/layer1.pyr Us  zCloudTrailConnection.__init__cCsdgS)Nzhmac-v4r%)r!r%r%r&_required_auth_capabilityasz.CloudTrailConnection._required_auth_capabilityNc Csn||d}|dk r||d<|dk r*||d<|dk r:||d<|dk rJ||d<|dk rZ||d<|jdt|d S) a From the command line, use `create-subscription`. Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. :type name: string :param name: Specifies the name of the trail. :type s3_bucket_name: string :param s3_bucket_name: Specifies the name of the Amazon S3 bucket designated for publishing log files. :type s3_key_prefix: string :param s3_key_prefix: Specifies the Amazon S3 key prefix that precedes the name of the bucket you have designated for log file delivery. :type sns_topic_name: string :param sns_topic_name: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. :type include_global_service_events: boolean :param include_global_service_events: Specifies whether the trail is publishing events from global services such as IAM to the log files. :type cloud_watch_logs_log_group_arn: string :param cloud_watch_logs_log_group_arn: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. :type cloud_watch_logs_role_arn: string :param cloud_watch_logs_role_arn: Specifies the role for the CloudWatch Logs endpoint to assume to write to a users log group. )Name S3BucketNameN S3KeyPrefix SnsTopicNameIncludeGlobalServiceEventsCloudWatchLogsLogGroupArnCloudWatchLogsRoleArnZ CreateTrailactionbody make_requestrdumps r!nameZs3_bucket_nameZ s3_key_prefixZsns_topic_nameZinclude_global_service_eventsZcloud_watch_logs_log_group_arnZcloud_watch_logs_role_arnparamsr%r%r& create_trailds) z!CloudTrailConnection.create_trailcCsd|i}|jdt|dS)zw Deletes a trail. :type name: string :param name: The name of a trail to be deleted. r(Z DeleteTrailr/r2r!r6r7r%r%r& delete_trailsz!CloudTrailConnection.delete_trailcCs(i}|dk r||d<|jdt|dS)z Retrieves settings for the trail associated with the current region for your account. :type trail_name_list: list :param trail_name_list: The trail returned. NZ trailNameListZDescribeTrailsr/r2)r!Ztrail_name_listr7r%r%r&describe_trailss z$CloudTrailConnection.describe_trailscCsd|i}|jdt|dS)aw Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail. :type name: string :param name: The name of the trail for which you are requesting the current status. r(ZGetTrailStatusr/r2r9r%r%r&get_trail_statuss z%CloudTrailConnection.get_trail_statuscCshi}|dk r||d<|dk r$||d<|dk r4||d<|dk rD||d<|dk rT||d<|jdt|dS) al Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account. Events for a region can be looked up for the times in which you had CloudTrail turned on in that region during the last seven days. Lookup supports five different attributes: time range (defined by a start time and end time), user name, event name, resource type, and resource name. All attributes are optional. The maximum number of attributes that can be specified in any one lookup request are time range and one other attribute. The default number of results returned is 10, with a maximum of 50 possible. The response includes a token that you can use to get the next page of results. The rate of lookup requests is limited to one per second per account. If this limit is exceeded, a throttling error occurs. Events that occurred during the selected time range will not be available for lookup if CloudTrail logging was not enabled when the events occurred. :type lookup_attributes: list :param lookup_attributes: Contains a list of lookup attributes. Currently the list can contain only one item. :type start_time: timestamp :param start_time: Specifies that only events that occur after or at the specified time are returned. If the specified start time is after the specified end time, an error is returned. :type end_time: timestamp :param end_time: Specifies that only events that occur before or at the specified time are returned. If the specified end time is before the specified start time, an error is returned. :type max_results: integer :param max_results: The number of events to return. Possible values are 1 through 50. The default is 10. :type next_token: string :param next_token: The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the the original call. For example, if the original call specified an AttributeKey of 'Username' with a value of 'root', the call with NextToken should include those same parameters. NZLookupAttributesZ StartTimeZEndTimeZ MaxResultsZ NextTokenZ LookupEventsr/r2)r!Zlookup_attributes start_timeZend_timeZ max_resultsZ next_tokenr7r%r%r& lookup_eventss0z"CloudTrailConnection.lookup_eventscCsd|i}|jdt|dS)z Starts the recording of AWS API calls and log file delivery for a trail. :type name: string :param name: The name of the trail for which CloudTrail logs AWS API calls. r(Z StartLoggingr/r2r9r%r%r& start_loggings z"CloudTrailConnection.start_loggingcCsd|i}|jdt|dS)a Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circumstances, there is no need to use this action. You can update a trail without stopping it first. This action is the only way to stop recording. :type name: string :param name: Communicates to CloudTrail the name of the trail for which to stop logging AWS API calls. r(Z StopLoggingr/r2r9r%r%r& stop_loggings z!CloudTrailConnection.stop_loggingc Cs|d|i}|dk r||d<|dk r(||d<|dk r8||d<|dk rH||d<|dk rX||d<|dk rh||d<|jd t|d S) a From the command line, use `update-subscription`. Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the CloudTrail service. Use this action to designate an existing bucket for log delivery. If the existing bucket has previously been a target for CloudTrail log files, an IAM policy exists for the bucket. :type name: string :param name: Specifies the name of the trail. :type s3_bucket_name: string :param s3_bucket_name: Specifies the name of the Amazon S3 bucket designated for publishing log files. :type s3_key_prefix: string :param s3_key_prefix: Specifies the Amazon S3 key prefix that precedes the name of the bucket you have designated for log file delivery. :type sns_topic_name: string :param sns_topic_name: Specifies the name of the Amazon SNS topic defined for notification of log file delivery. :type include_global_service_events: boolean :param include_global_service_events: Specifies whether the trail is publishing events from global services such as IAM to the log files. :type cloud_watch_logs_log_group_arn: string :param cloud_watch_logs_log_group_arn: Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. :type cloud_watch_logs_role_arn: string :param cloud_watch_logs_role_arn: Specifies the role for the CloudWatch Logs endpoint to assume to write to a users log group. r(Nr)r*r+r,r-r.Z UpdateTrailr/r2r5r%r%r& update_trail#s -z!CloudTrailConnection.update_trailc Csd|j|f|jjdtt|d}|jdddi||d}|j|ddd}|d }t j ||j d kr~|rt |Sn8t |}|d d}|j||j} | |j |j|d dS) Nz%s.%szapplication/x-amz-json-1.1)z X-Amz-TargetHostz Content-TypezContent-LengthPOST/)methodpathZ auth_pathr7headersdata )ZsenderZoverride_num_retrieszutf-8Z__type)r1) TargetPrefixrrstrlenZbuild_base_http_requestZ_mexereaddecodebotologdebugstatusrloadsget_faults ResponseErrorreason) r!r0r1rG http_requestresponseZ response_bodyZ json_bodyZ fault_nameZexception_classr%r%r&r3`s6        z!CloudTrailConnection.make_request)NNNNN)N)NNNNN)NNNNNN)*__name__ __module__ __qualname____doc__Z APIVersionrrZ ServiceNamerKrrWrrr r r r r rrrrrrrrrrrrVr r'r8r:r;r<r>r?r@rAr3 __classcell__r%r%r#r&rsd  7  > =r) rPZboto.connectionrZboto.regioninforZboto.exceptionrZboto.cloudtrailrZ boto.compatrrr%r%r%r&s