2023/01/31 - AWS CloudTrail Data Service - 1 new api methods
Changes Add CloudTrail Data Service to enable users to ingest activity events from non-AWS sources into CloudTrail Lake.
Ingests your application events into CloudTrail Lake. A required parameter, auditEvents , accepts the JSON records (also called payload ) of events that you want CloudTrail to ingest. You can add up to 100 of these events (or up to 1 MB) per PutAuditEvents request.
See also: AWS API Documentation
Request Syntax
client.put_audit_events( auditEvents=[ { 'eventData': 'string', 'eventDataChecksum': 'string', 'id': 'string' }, ], channelArn='string', externalId='string' )
list
[REQUIRED]
The JSON payload of events that you want to ingest. You can also point to the JSON event payload in a file.
(dict) --
An event from a source outside of Amazon Web Services that you want CloudTrail to log.
eventData (string) -- [REQUIRED]
The content of an audit event that comes from the event, such as userIdentity , userAgent , and eventSource .
eventDataChecksum (string) --
A checksum is a base64-SHA256 algorithm that helps you verify that CloudTrail receives the event that matches with the checksum. Calculate the checksum by running a command like the following:
printf %s *$eventdata* | openssl dgst -binary -sha256 | base64
id (string) -- [REQUIRED]
The original event ID from the source event.
string
[REQUIRED]
The ARN or ID (the ARN suffix) of a channel.
string
A unique identifier that is conditionally required when the channel's resource policy includes an external ID. This value can be any string, such as a passphrase or account number.
dict
Response Syntax
{ 'failed': [ { 'errorCode': 'string', 'errorMessage': 'string', 'id': 'string' }, ], 'successful': [ { 'eventID': 'string', 'id': 'string' }, ] }
Response Structure
(dict) --
failed (list) --
Lists events in the provided event payload that could not be ingested into CloudTrail, and includes the error code and error message returned for events that could not be ingested.
(dict) --
Includes the error code and error message for events that could not be ingested by CloudTrail.
errorCode (string) --
The error code for events that could not be ingested by CloudTrail. Possible error codes include: FieldTooLong , FieldNotFound , InvalidChecksum , InvalidData , InvalidRecipient , InvalidEventSource , AccountNotSubscribed , Throttling , and InternalFailure .
errorMessage (string) --
The message that describes the error for events that could not be ingested by CloudTrail.
id (string) --
The original event ID from the source event that could not be ingested by CloudTrail.
successful (list) --
Lists events in the provided event payload that were successfully ingested into CloudTrail.
(dict) --
A response that includes successful and failed event results.
eventID (string) --
The event ID assigned by CloudTrail.
id (string) --
The original event ID from the source event.