Connection module for Amazon CloudTrail
2016.3.0 新版功能.
configuration: | This module accepts explicit Lambda credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
If IAM roles are not used you need to specify them either in a pillar or in the minion's config file: cloudtrail.keyid: GKTADJGHEIQSXMKKRBJ08H
cloudtrail.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
A region may also be specified in the configuration: cloudtrail.region: us-east-1
If a region is not specified, the default is us-east-1. It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config: myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
|
---|---|
depends: | boto3 |
Add tags to a trail
Returns {tagged: true} if the trail was tagged and returns {tagged: False} if the trail was not tagged.
CLI Example:
salt myminion boto_cloudtrail.add_tags my_trail tag_a=tag_value tag_b=tag_value
salt.modules.boto_cloudtrail.
create
(Name, S3BucketName, S3KeyPrefix=None, SnsTopicName=None, IncludeGlobalServiceEvents=None, IsMultiRegionTrail=None, EnableLogFileValidation=None, CloudWatchLogsLogGroupArn=None, CloudWatchLogsRoleArn=None, KmsKeyId=None, region=None, key=None, keyid=None, profile=None)¶Given a valid config, create a trail.
Returns {created: true} if the trail was created and returns {created: False} if the trail was not created.
CLI Example:
salt myminion boto_cloudtrail.create my_trail my_bucket
salt.modules.boto_cloudtrail.
delete
(Name, region=None, key=None, keyid=None, profile=None)¶Given a trail name, delete it.
Returns {deleted: true} if the trail was deleted and returns {deleted: false} if the trail was not deleted.
CLI Example:
salt myminion boto_cloudtrail.delete mytrail
salt.modules.boto_cloudtrail.
describe
(Name, region=None, key=None, keyid=None, profile=None)¶Given a trail name describe its properties.
Returns a dictionary of interesting properties.
CLI Example:
salt myminion boto_cloudtrail.describe mytrail
salt.modules.boto_cloudtrail.
exists
(Name, region=None, key=None, keyid=None, profile=None)¶Given a trail name, check to see if the given trail exists.
Returns True if the given trail exists and returns False if the given trail does not exist.
CLI Example:
salt myminion boto_cloudtrail.exists mytrail
salt.modules.boto_cloudtrail.
list
(region=None, key=None, keyid=None, profile=None)¶List all trails
Returns list of trails
CLI Example:
policies:
- {...}
- {...}
List tags of a trail
CLI Example:
salt myminion boto_cloudtrail.list_tags my_trail
Remove tags from a trail
Returns {tagged: true} if the trail was tagged and returns {tagged: False} if the trail was not tagged.
CLI Example:
salt myminion boto_cloudtrail.remove_tags my_trail tag_a=tag_value tag_b=tag_value
salt.modules.boto_cloudtrail.
start_logging
(Name, region=None, key=None, keyid=None, profile=None)¶Start logging for a trail
Returns {started: true} if the trail was started and returns {started: False} if the trail was not started.
CLI Example:
salt myminion boto_cloudtrail.start_logging my_trail
salt.modules.boto_cloudtrail.
status
(Name, region=None, key=None, keyid=None, profile=None)¶Given a trail name describe its properties.
Returns a dictionary of interesting properties.
CLI Example:
salt myminion boto_cloudtrail.describe mytrail
salt.modules.boto_cloudtrail.
stop_logging
(Name, region=None, key=None, keyid=None, profile=None)¶Stop logging for a trail
Returns {stopped: true} if the trail was stopped and returns {stopped: False} if the trail was not stopped.
CLI Example:
salt myminion boto_cloudtrail.stop_logging my_trail
salt.modules.boto_cloudtrail.
update
(Name, S3BucketName, S3KeyPrefix=None, SnsTopicName=None, IncludeGlobalServiceEvents=None, IsMultiRegionTrail=None, EnableLogFileValidation=None, CloudWatchLogsLogGroupArn=None, CloudWatchLogsRoleArn=None, KmsKeyId=None, region=None, key=None, keyid=None, profile=None)¶Given a valid config, update a trail.
Returns {created: true} if the trail was created and returns {created: False} if the trail was not created.
CLI Example:
salt myminion boto_cloudtrail.update my_trail my_bucket