2025/11/20 - AWS CloudTrail - 2 updated api methods
Changes AWS launches CloudTrail aggregated events to simplify monitoring of data events at scale. This feature delivers both granular and summarized data events for resources like S3/Lambda, helping security teams identify patterns without custom aggregation logic.
{'TrailName': 'string'}
Response {'AggregationConfigurations': [{'EventCategory': 'Data',
'Templates': ['API_ACTIVITY | RESOURCE_ACCESS '
'| USER_ACTIONS']}],
'TrailARN': 'string'}
Retrieves the current event configuration settings for the specified event data store or trail. The response includes maximum event size configuration, the context key selectors configured for the event data store, and any aggregation settings configured for the trail.
See also: AWS API Documentation
Request Syntax
client.get_event_configuration(
TrailName='string',
EventDataStore='string'
)
string
The name of the trail for which you want to retrieve event configuration settings.
string
The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to retrieve event configuration settings.
dict
Response Syntax
{
'TrailARN': 'string',
'EventDataStoreArn': 'string',
'MaxEventSize': 'Standard'|'Large',
'ContextKeySelectors': [
{
'Type': 'TagContext'|'RequestContext',
'Equals': [
'string',
]
},
],
'AggregationConfigurations': [
{
'Templates': [
'API_ACTIVITY'|'RESOURCE_ACCESS'|'USER_ACTIONS',
],
'EventCategory': 'Data'
},
]
}
Response Structure
(dict) --
TrailARN (string) --
The Amazon Resource Name (ARN) of the trail for which the event configuration settings are returned.
EventDataStoreArn (string) --
The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings are returned.
MaxEventSize (string) --
The maximum allowed size for events stored in the specified event data store.
ContextKeySelectors (list) --
The list of context key selectors that are configured for the event data store.
(dict) --
An object that contains information types to be included in CloudTrail enriched events.
Type (string) --
Specifies the type of the event record field in ContextKeySelector. Valid values include RequestContext, TagContext.
Equals (list) --
A list of keys defined by Type to be included in CloudTrail enriched events.
(string) --
AggregationConfigurations (list) --
The list of aggregation configurations that are configured for the trail.
(dict) --
An object that contains configuration settings for aggregating events.
Templates (list) --
A list of aggregation templates that can be used to configure event aggregation.
(string) --
Specifies the type of the aggregation templates in the aggregation configuration. Valid values include API_ACTIVITY, RESOURCE_ACCESS and USER_ACTIONS.
EventCategory (string) --
Specifies the event category for which aggregation should be performed.
{'AggregationConfigurations': [{'EventCategory': 'Data',
'Templates': ['API_ACTIVITY | RESOURCE_ACCESS '
'| USER_ACTIONS']}],
'TrailName': 'string'}
Response {'AggregationConfigurations': [{'EventCategory': 'Data',
'Templates': ['API_ACTIVITY | RESOURCE_ACCESS '
'| USER_ACTIONS']}],
'TrailARN': 'string'}
Updates the event configuration settings for the specified event data store or trail. This operation supports updating the maximum event size, adding or modifying context key selectors for event data store, and configuring aggregation settings for the trail.
See also: AWS API Documentation
Request Syntax
client.put_event_configuration(
TrailName='string',
EventDataStore='string',
MaxEventSize='Standard'|'Large',
ContextKeySelectors=[
{
'Type': 'TagContext'|'RequestContext',
'Equals': [
'string',
]
},
],
AggregationConfigurations=[
{
'Templates': [
'API_ACTIVITY'|'RESOURCE_ACCESS'|'USER_ACTIONS',
],
'EventCategory': 'Data'
},
]
)
string
The name of the trail for which you want to update event configuration settings.
string
The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which event configuration settings are updated.
string
The maximum allowed size for events to be stored in the specified event data store. If you are using context key selectors, MaxEventSize must be set to Large.
list
A list of context key selectors that will be included to provide enriched event data.
(dict) --
An object that contains information types to be included in CloudTrail enriched events.
Type (string) -- [REQUIRED]
Specifies the type of the event record field in ContextKeySelector. Valid values include RequestContext, TagContext.
Equals (list) -- [REQUIRED]
A list of keys defined by Type to be included in CloudTrail enriched events.
(string) --
list
The list of aggregation configurations that you want to configure for the trail.
(dict) --
An object that contains configuration settings for aggregating events.
Templates (list) -- [REQUIRED]
A list of aggregation templates that can be used to configure event aggregation.
(string) --
Specifies the type of the aggregation templates in the aggregation configuration. Valid values include API_ACTIVITY, RESOURCE_ACCESS and USER_ACTIONS.
EventCategory (string) -- [REQUIRED]
Specifies the event category for which aggregation should be performed.
dict
Response Syntax
{
'TrailARN': 'string',
'EventDataStoreArn': 'string',
'MaxEventSize': 'Standard'|'Large',
'ContextKeySelectors': [
{
'Type': 'TagContext'|'RequestContext',
'Equals': [
'string',
]
},
],
'AggregationConfigurations': [
{
'Templates': [
'API_ACTIVITY'|'RESOURCE_ACCESS'|'USER_ACTIONS',
],
'EventCategory': 'Data'
},
]
}
Response Structure
(dict) --
TrailARN (string) --
The Amazon Resource Name (ARN) of the trail that has aggregation enabled.
EventDataStoreArn (string) --
The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings were updated.
MaxEventSize (string) --
The maximum allowed size for events stored in the specified event data store.
ContextKeySelectors (list) --
The list of context key selectors that are configured for the event data store.
(dict) --
An object that contains information types to be included in CloudTrail enriched events.
Type (string) --
Specifies the type of the event record field in ContextKeySelector. Valid values include RequestContext, TagContext.
Equals (list) --
A list of keys defined by Type to be included in CloudTrail enriched events.
(string) --
AggregationConfigurations (list) --
A list of aggregation configurations that are configured for the trail.
(dict) --
An object that contains configuration settings for aggregating events.
Templates (list) --
A list of aggregation templates that can be used to configure event aggregation.
(string) --
Specifies the type of the aggregation templates in the aggregation configuration. Valid values include API_ACTIVITY, RESOURCE_ACCESS and USER_ACTIONS.
EventCategory (string) --
Specifies the event category for which aggregation should be performed.