search

cloudtools / troposphere

troposphere - Python library to create AWS CloudFormation descriptions
BSD 2-Clause "Simplified" License
4.93k stars 1.45k forks source link

CloudTrail Data Events #939

Open skothk opened 6 years ago

skothk commented 6 years ago

Hi,

Does anyone have an example of CloudTrail Data Event for S3?

I have a few buckets I need to enable event selector on for both read and write API events to a dedicated logging bucket.

Documentation here specifies 'EventSelectors': ([EventSelector], False), can someone provided a working example please?

Thanks,

skothk

markpeek commented 6 years ago

Untested against AWS but try something like this:


from troposphere import Template
from troposphere.cloudtrail import DataResource, EventSelector, Trail

t = Template()

myTrail = t.add_resource(Trail(
    "myTrail",
    IsLogging=True,
    S3BucketName="mybucket",
    SnsTopicName="mytopic",
    EventSelectors=[
        EventSelector(
            IncludeManagementEvents=True,
            DataResources=[
                DataResource(
                    Values=[
                        "arn:aws:s3:::mybucket/prefix",
                        "arn:aws:s3:::mybucket2/prefix2",
                    ],
                    Type="AWS::S3::Object",
                ),
            ],
            ReadWriteType="All",
        ),
    ],
))

print(t.to_json())```