com.amazonaws.services.cloudtrail
Class AWSCloudTrailClient

java.lang.Object
  com.amazonaws.AmazonWebServiceClient
      com.amazonaws.services.cloudtrail.AWSCloudTrailClient

All Implemented Interfaces:

AWSCloudTrail

Direct Known Subclasses:

AWSCloudTrailAsyncClient

public class AWSCloudTrailClient
extends AmazonWebServiceClient
implements AWSCloudTrail

Client for accessing AWSCloudTrail. All service calls made using this client are blocking, and will not return until the service call completes.

AWS Cloud Trail

This is the CloudTrail API Reference. It provides descriptions of actions, data types, common parameters, and common errors for CloudTrail.

CloudTrail is a web service that records AWS API calls for your AWS account and delivers log files to an Amazon S3 bucket. The recorded information includes the identity of the user, the start time of the AWS API call, the source IP address, the request parameters, and the response elements returned by the service.

NOTE: As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWSCloudTrail. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

See the CloudTrail User Guide for information about the data that is included with each AWS API call listed in the log files.

Field Summary

protected List<com.amazonaws.transform.JsonErrorUnmarshaller>

jsonErrorUnmarshallers List of exception unmarshallers for all AWSCloudTrail exceptions.

Fields inherited from class com.amazonaws.AmazonWebServiceClient

client, clientConfiguration, endpoint, LOGGING_AWS_REQUEST_METRIC, requestHandler2s, timeOffset

Constructor Summary

AWSCloudTrailClient()
Constructs a new client to invoke service methods on AWSCloudTrail.

AWSCloudTrailClient(AWSCredentials awsCredentials)
Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials.

AWSCloudTrailClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration)
Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials and client configuration options.

AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider)
Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials provider.

AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration)
Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials provider and client configuration options.

AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector)
Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials provider, client configuration options and request metric collector.

AWSCloudTrailClient(ClientConfiguration clientConfiguration)
Constructs a new client to invoke service methods on AWSCloudTrail.

Method Summary

CreateTrailResult	createTrail(CreateTrailRequest createTrailRequest) From the command line, use create-subscription.
DeleteTrailResult	deleteTrail(DeleteTrailRequest deleteTrailRequest) Deletes a trail.
DescribeTrailsResult	describeTrails() Retrieves the settings for some or all trails associated with an account.
DescribeTrailsResult	describeTrails(DescribeTrailsRequest describeTrailsRequest) Retrieves the settings for some or all trails associated with an account.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetTrailStatusResult	getTrailStatus(GetTrailStatusRequest getTrailStatusRequest) Returns a JSON-formatted list of information about the specified trail.
void	setEndpoint(String endpoint) Overrides the default endpoint for this client.
void	setEndpoint(String endpoint, String serviceName, String regionId) An internal method that is not expected to be normally called except for AWS internal development purposes.
StartLoggingResult	startLogging(StartLoggingRequest startLoggingRequest) Starts the recording of AWS API calls and log file delivery for a trail.
StopLoggingResult	stopLogging(StopLoggingRequest stopLoggingRequest) Suspends the recording of AWS API calls and log file delivery for the specified trail.
UpdateTrailResult	updateTrail(UpdateTrailRequest updateTrailRequest) From the command line, use update-subscription.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, configSigner, configSigner, convertToHttpRequest, createExecutionContext, createExecutionContext, createExecutionContext, endClientExecution, endClientExecution, findRequestMetricCollector, getRequestMetricsCollector, getServiceAbbreviation, getServiceName, getServiceNameIntern, getSigner, getSignerByURI, getSignerRegionOverride, getTimeOffset, isProfilingEnabled, isRequestMetricsEnabled, removeRequestHandler, removeRequestHandler, requestMetricCollector, setConfiguration, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, shutdown, withTimeOffset

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.amazonaws.services.cloudtrail.AWSCloudTrail

setRegion, shutdown

Field Detail

jsonErrorUnmarshallers

protected List<com.amazonaws.transform.JsonErrorUnmarshaller> jsonErrorUnmarshallers

List of exception unmarshallers for all AWSCloudTrail exceptions.

Constructor Detail

AWSCloudTrailClient

public AWSCloudTrailClient()

Constructs a new client to invoke service methods on AWSCloudTrail. A credentials provider chain will be used that searches for credentials in this order:

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
• Java System Properties - aws.accessKeyId and aws.secretKey
• Instance profile credentials delivered through the Amazon EC2 metadata service

All service calls made using this new client object are blocking, and will not return until the service call completes.

See Also:

DefaultAWSCredentialsProviderChain

AWSCloudTrailClient

public AWSCloudTrailClient(ClientConfiguration clientConfiguration)

Constructs a new client to invoke service methods on AWSCloudTrail. A credentials provider chain will be used that searches for credentials in this order:

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
• Java System Properties - aws.accessKeyId and aws.secretKey
• Instance profile credentials delivered through the Amazon EC2 metadata service

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

clientConfiguration - The client configuration options controlling how this client connects to AWSCloudTrail (ex: proxy settings, retry counts, etc.).

See Also:

DefaultAWSCredentialsProviderChain

AWSCloudTrailClient

public AWSCloudTrailClient(AWSCredentials awsCredentials)

Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentials - The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.

AWSCloudTrailClient

public AWSCloudTrailClient(AWSCredentials awsCredentials,
                           ClientConfiguration clientConfiguration)

Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials and client configuration options.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentials - The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AWSCloudTrail (ex: proxy settings, retry counts, etc.).

AWSCloudTrailClient

public AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider)

Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials provider.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentialsProvider - The AWS credentials provider which will provide credentials to authenticate requests with AWS services.

AWSCloudTrailClient

public AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider,
                           ClientConfiguration clientConfiguration)

Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials provider and client configuration options.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentialsProvider - The AWS credentials provider which will provide credentials to authenticate requests with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AWSCloudTrail (ex: proxy settings, retry counts, etc.).

AWSCloudTrailClient

public AWSCloudTrailClient(AWSCredentialsProvider awsCredentialsProvider,
                           ClientConfiguration clientConfiguration,
                           RequestMetricCollector requestMetricCollector)

Constructs a new client to invoke service methods on AWSCloudTrail using the specified AWS account credentials provider, client configuration options and request metric collector.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentialsProvider - The AWS credentials provider which will provide credentials to authenticate requests with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AWSCloudTrail (ex: proxy settings, retry counts, etc.).

requestMetricCollector - optional request metric collector

Method Detail

getTrailStatus

public GetTrailStatusResult getTrailStatus(GetTrailStatusRequest getTrailStatusRequest)

Returns a JSON-formatted list of information about the specified trail. Fields include information such as delivery errors, Amazon SNS and Amazon S3 errors, and times that logging started and stopped for each trail.

Specified by:

getTrailStatus in interface AWSCloudTrail

Parameters:

getTrailStatusRequest - Container for the necessary parameters to execute the GetTrailStatus service method on AWSCloudTrail.

Returns:

The response from the GetTrailStatus service method, as returned by AWSCloudTrail.

Throws:

InvalidTrailNameException

TrailNotFoundException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

deleteTrail

public DeleteTrailResult deleteTrail(DeleteTrailRequest deleteTrailRequest)

Deletes a trail.

Specified by:

deleteTrail in interface AWSCloudTrail

Parameters:

deleteTrailRequest - Container for the necessary parameters to execute the DeleteTrail service method on AWSCloudTrail.

Returns:

The response from the DeleteTrail service method, as returned by AWSCloudTrail.

Throws:

InvalidTrailNameException

TrailNotFoundException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

createTrail

public CreateTrailResult createTrail(CreateTrailRequest createTrailRequest)

From the command line, use create-subscription.

Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. The request includes a Trail structure that specifies the following:

• Trail name.
• The name of an existing Amazon S3 bucket to which CloudTrail delivers your log files.
• The name of the Amazon S3 key prefix that precedes each log file.
• The name of an existing Amazon SNS topic that notifies you that a new file is available in your bucket.
• Whether the log file should include AWS API calls from global services. Currently, the only global AWS API calls included in CloudTrail log files are from IAM and AWS STS.

Specified by:

createTrail in interface AWSCloudTrail

Parameters:

createTrailRequest - Container for the necessary parameters to execute the CreateTrail service method on AWSCloudTrail.

Returns:

The response from the CreateTrail service method, as returned by AWSCloudTrail.

Throws:

S3BucketDoesNotExistException

InvalidS3PrefixException

InvalidTrailNameException

TrailAlreadyExistsException

MaximumNumberOfTrailsExceededException

InvalidS3BucketNameException

TrailNotProvidedException

InsufficientSnsTopicPolicyException

InvalidSnsTopicNameException

InsufficientS3BucketPolicyException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

updateTrail

public UpdateTrailResult updateTrail(UpdateTrailRequest updateTrailRequest)

From the command line, use update-subscription.

Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the CloudTrail service. You use this action to designate an existing bucket for log delivery. If the existing bucket has previously been a target for CloudTrail log files, an IAM policy exists for the bucket. Use a Trail data type to pass updated bucket or topic names.

Specified by:

updateTrail in interface AWSCloudTrail

Parameters:

updateTrailRequest - Container for the necessary parameters to execute the UpdateTrail service method on AWSCloudTrail.

Returns:

The response from the UpdateTrail service method, as returned by AWSCloudTrail.

Throws:

S3BucketDoesNotExistException

InvalidS3PrefixException

InvalidTrailNameException

InvalidS3BucketNameException

TrailNotProvidedException

InsufficientSnsTopicPolicyException

InvalidSnsTopicNameException

InsufficientS3BucketPolicyException

TrailNotFoundException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

describeTrails

public DescribeTrailsResult describeTrails(DescribeTrailsRequest describeTrailsRequest)

Retrieves the settings for some or all trails associated with an account. Returns a list of Trail structures in JSON format.

Specified by:

describeTrails in interface AWSCloudTrail

Parameters:

describeTrailsRequest - Container for the necessary parameters to execute the DescribeTrails service method on AWSCloudTrail.

Returns:

The response from the DescribeTrails service method, as returned by AWSCloudTrail.

Throws:

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

stopLogging

public StopLoggingResult stopLogging(StopLoggingRequest stopLoggingRequest)

Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circumstances, there is no need to use this action. You can update a trail without stopping it first. This action is the only way to stop recording.

Specified by:

stopLogging in interface AWSCloudTrail

Parameters:

stopLoggingRequest - Container for the necessary parameters to execute the StopLogging service method on AWSCloudTrail.

Returns:

The response from the StopLogging service method, as returned by AWSCloudTrail.

Throws:

InvalidTrailNameException

TrailNotFoundException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

startLogging

public StartLoggingResult startLogging(StartLoggingRequest startLoggingRequest)

Starts the recording of AWS API calls and log file delivery for a trail.

Specified by:

startLogging in interface AWSCloudTrail

Parameters:

startLoggingRequest - Container for the necessary parameters to execute the StartLogging service method on AWSCloudTrail.

Returns:

The response from the StartLogging service method, as returned by AWSCloudTrail.

Throws:

InvalidTrailNameException

TrailNotFoundException

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

describeTrails

public DescribeTrailsResult describeTrails()
                                    throws AmazonServiceException,
                                           AmazonClientException

Retrieves the settings for some or all trails associated with an account. Returns a list of Trail structures in JSON format.

Specified by:

describeTrails in interface AWSCloudTrail

Returns:

The response from the DescribeTrails service method, as returned by AWSCloudTrail.

Throws:

AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.

AmazonServiceException - If an error response is returned by AWSCloudTrail indicating either a problem with the data in the request, or a server side issue.

setEndpoint

public void setEndpoint(String endpoint)

Description copied from class: AmazonWebServiceClient

Overrides the default endpoint for this client. Callers can use this method to control which AWS region they want to work with.

This method is not threadsafe. Endpoints should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit.

Callers can pass in just the endpoint (ex: "ec2.amazonaws.com") or a full URL, including the protocol (ex: "https://ec2.amazonaws.com"). If the protocol is not specified here, the default protocol from this client's ClientConfiguration will be used, which by default is HTTPS.

For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912

Specified by:

setEndpoint in interface AWSCloudTrail

Overrides:

setEndpoint in class AmazonWebServiceClient

Parameters:

endpoint - The endpoint (ex: "ec2.amazonaws.com") or a full URL, including the protocol (ex: "https://ec2.amazonaws.com") of the region specific AWS endpoint this client will communicate with.

setEndpoint

public void setEndpoint(String endpoint,
                        String serviceName,
                        String regionId)
                 throws IllegalArgumentException

Description copied from class: AmazonWebServiceClient

An internal method that is not expected to be normally called except for AWS internal development purposes.

Overrides the default endpoint for this client ("http://dynamodb.us-east-1.amazonaws.com/") and explicitly provides an AWS region ID and AWS service name to use when the client calculates a signature for requests. In almost all cases, this region ID and service name are automatically determined from the endpoint, and callers should use the simpler one-argument form of setEndpoint instead of this method.

Callers can pass in just the endpoint (ex: "dynamodb.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex: "http://dynamodb.us-east-1.amazonaws.com/"). If the protocol is not specified here, the default protocol from this client's ClientConfiguration will be used, which by default is HTTPS.

For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID= 3912

Overrides:

setEndpoint in class AmazonWebServiceClient

Parameters:

endpoint - The endpoint (ex: "dynamodb.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex: "http://dynamodb.us-east-1.amazonaws.com/") of the region specific AWS endpoint this client will communicate with.

serviceName - This parameter is ignored.

regionId - The ID of the region in which this service resides AND the overriding region for signing purposes.

Throws:

IllegalArgumentException - If any problems are detected with the specified endpoint.

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSCloudTrail

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.