1{ 2 "version":"2.0", 3 "metadata":{ 4 "apiVersion":"2021-08-11", 5 "endpointPrefix":"cloudtrail-data", 6 "jsonVersion":"1.1", 7 "protocol":"rest-json", 8 "serviceFullName":"AWS CloudTrail Data Service", 9 "serviceId":"CloudTrail Data", 10 "signatureVersion":"v4", 11 "signingName":"cloudtrail-data", 12 "uid":"cloudtrail-data-2021-08-11" 13 }, 14 "operations":{ 15 "PutAuditEvents":{ 16 "name":"PutAuditEvents", 17 "http":{ 18 "method":"POST", 19 "requestUri":"/PutAuditEvents", 20 "responseCode":200 21 }, 22 "input":{"shape":"PutAuditEventsRequest"}, 23 "output":{"shape":"PutAuditEventsResponse"}, 24 "errors":[ 25 {"shape":"ChannelInsufficientPermission"}, 26 {"shape":"ChannelNotFound"}, 27 {"shape":"InvalidChannelARN"}, 28 {"shape":"ChannelUnsupportedSchema"}, 29 {"shape":"DuplicatedAuditEventId"}, 30 {"shape":"UnsupportedOperationException"} 31 ], 32 "documentation":"<p>Ingests your application events into CloudTrail Lake. A required parameter, <code>auditEvents</code>, accepts the JSON records (also called <i>payload</i>) of events that you want CloudTrail to ingest. You can add up to 100 of these events (or up to 1 MB) per <code>PutAuditEvents</code> request.</p>" 33 } 34 }, 35 "shapes":{ 36 "AuditEvent":{ 37 "type":"structure", 38 "required":[ 39 "eventData", 40 "id" 41 ], 42 "members":{ 43 "eventData":{ 44 "shape":"String", 45 "documentation":"<p>The content of an audit event that comes from the event, such as <code>userIdentity</code>, <code>userAgent</code>, and <code>eventSource</code>.</p>" 46 }, 47 "eventDataChecksum":{ 48 "shape":"String", 49 "documentation":"<p>A checksum is a base64-SHA256 algorithm that helps you verify that CloudTrail receives the event that matches with the checksum. Calculate the checksum by running a command like the following:</p> <p> <code>printf %s <i>$eventdata</i> | openssl dgst -binary -sha256 | base64</code> </p>" 50 }, 51 "id":{ 52 "shape":"Uuid", 53 "documentation":"<p>The original event ID from the source event.</p>" 54 } 55 }, 56 "documentation":"<p>An event from a source outside of Amazon Web Services that you want CloudTrail to log.</p>" 57 }, 58 "AuditEventResultEntries":{ 59 "type":"list", 60 "member":{"shape":"AuditEventResultEntry"}, 61 "max":100, 62 "min":0 63 }, 64 "AuditEventResultEntry":{ 65 "type":"structure", 66 "required":[ 67 "eventID", 68 "id" 69 ], 70 "members":{ 71 "eventID":{ 72 "shape":"Uuid", 73 "documentation":"<p>The event ID assigned by CloudTrail.</p>" 74 }, 75 "id":{ 76 "shape":"Uuid", 77 "documentation":"<p>The original event ID from the source event.</p>" 78 } 79 }, 80 "documentation":"<p>A response that includes successful and failed event results.</p>" 81 }, 82 "AuditEvents":{ 83 "type":"list", 84 "member":{"shape":"AuditEvent"}, 85 "max":100, 86 "min":1 87 }, 88 "ChannelArn":{ 89 "type":"string", 90 "pattern":"^arn:.*$" 91 }, 92 "ChannelInsufficientPermission":{ 93 "type":"structure", 94 "members":{ 95 "message":{"shape":"String"} 96 }, 97 "documentation":"<p>The caller's account ID must be the same as the channel owner's account ID.</p>", 98 "exception":true 99 }, 100 "ChannelNotFound":{ 101 "type":"structure", 102 "members":{ 103 "message":{"shape":"String"} 104 }, 105 "documentation":"<p>The channel could not be found.</p>", 106 "exception":true 107 }, 108 "ChannelUnsupportedSchema":{ 109 "type":"structure", 110 "members":{ 111 "message":{"shape":"String"} 112 }, 113 "documentation":"<p>The schema type of the event is not supported.</p>", 114 "exception":true 115 }, 116 "DuplicatedAuditEventId":{ 117 "type":"structure", 118 "members":{ 119 "message":{"shape":"String"} 120 }, 121 "documentation":"<p>Two or more entries in the request have the same event ID.</p>", 122 "exception":true 123 }, 124 "ErrorCode":{ 125 "type":"string", 126 "max":128, 127 "min":1 128 }, 129 "ErrorMessage":{ 130 "type":"string", 131 "max":1024, 132 "min":1 133 }, 134 "ExternalId":{ 135 "type":"string", 136 "max":1224, 137 "min":2, 138 "pattern":"^[\\w+=,.@:\\/-]*$" 139 }, 140 "InvalidChannelARN":{ 141 "type":"structure", 142 "members":{ 143 "message":{"shape":"String"} 144 }, 145 "documentation":"<p>The specified channel ARN is not a valid channel ARN.</p>", 146 "exception":true 147 }, 148 "PutAuditEventsRequest":{ 149 "type":"structure", 150 "required":[ 151 "auditEvents", 152 "channelArn" 153 ], 154 "members":{ 155 "auditEvents":{ 156 "shape":"AuditEvents", 157 "documentation":"<p>The JSON payload of events that you want to ingest. You can also point to the JSON event payload in a file.</p>" 158 }, 159 "channelArn":{ 160 "shape":"ChannelArn", 161 "documentation":"<p>The ARN or ID (the ARN suffix) of a channel.</p>", 162 "location":"querystring", 163 "locationName":"channelArn" 164 }, 165 "externalId":{ 166 "shape":"ExternalId", 167 "documentation":"<p>A unique identifier that is conditionally required when the channel's resource policy includes an external ID. This value can be any string, such as a passphrase or account number.</p>", 168 "location":"querystring", 169 "locationName":"externalId" 170 } 171 } 172 }, 173 "PutAuditEventsResponse":{ 174 "type":"structure", 175 "required":[ 176 "failed", 177 "successful" 178 ], 179 "members":{ 180 "failed":{ 181 "shape":"ResultErrorEntries", 182 "documentation":"<p>Lists events in the provided event payload that could not be ingested into CloudTrail, and includes the error code and error message returned for events that could not be ingested.</p>" 183 }, 184 "successful":{ 185 "shape":"AuditEventResultEntries", 186 "documentation":"<p>Lists events in the provided event payload that were successfully ingested into CloudTrail.</p>" 187 } 188 } 189 }, 190 "ResultErrorEntries":{ 191 "type":"list", 192 "member":{"shape":"ResultErrorEntry"}, 193 "max":100, 194 "min":0 195 }, 196 "ResultErrorEntry":{ 197 "type":"structure", 198 "required":[ 199 "errorCode", 200 "errorMessage", 201 "id" 202 ], 203 "members":{ 204 "errorCode":{ 205 "shape":"ErrorCode", 206 "documentation":"<p>The error code for events that could not be ingested by CloudTrail. Possible error codes include: <code>FieldTooLong</code>, <code>FieldNotFound</code>, <code>InvalidChecksum</code>, <code>InvalidData</code>, <code>InvalidRecipient</code>, <code>InvalidEventSource</code>, <code>AccountNotSubscribed</code>, <code>Throttling</code>, and <code>InternalFailure</code>.</p>" 207 }, 208 "errorMessage":{ 209 "shape":"ErrorMessage", 210 "documentation":"<p>The message that describes the error for events that could not be ingested by CloudTrail.</p>" 211 }, 212 "id":{ 213 "shape":"Uuid", 214 "documentation":"<p>The original event ID from the source event that could not be ingested by CloudTrail.</p>" 215 } 216 }, 217 "documentation":"<p>Includes the error code and error message for events that could not be ingested by CloudTrail.</p>" 218 }, 219 "String":{"type":"string"}, 220 "UnsupportedOperationException":{ 221 "type":"structure", 222 "members":{ 223 "message":{"shape":"String"} 224 }, 225 "documentation":"<p>The operation requested is not supported in this region or account.</p>", 226 "exception":true 227 }, 228 "Uuid":{ 229 "type":"string", 230 "max":128, 231 "min":1, 232 "pattern":"^[-_A-Za-z0-9]+$" 233 } 234 }, 235 "documentation":"<p>The CloudTrail Data Service lets you ingest events into CloudTrail from any source in your hybrid environments, such as in-house or SaaS applications hosted on-premises or in the cloud, virtual machines, or containers. You can store, access, analyze, troubleshoot and take action on this data without maintaining multiple log aggregators and reporting tools. After you run <code>PutAuditEvents</code> to ingest your application activity into CloudTrail, you can use CloudTrail Lake to search, query, and analyze the data that is logged from your applications.</p>" 236} 237