/AWS1/IF_CWL=>CREATEIMPORTTASK()

About CreateImportTask

Starts an import from a data source to CloudWatch Log and creates a managed log group as the destination for the imported data. Currently, CloudTrail Event Data Store is the only supported data source.

The import task must satisfy the following constraints:

• The specified source must be in an ACTIVE state.

• The API caller must have permissions to access the data in the provided source and to perform iam:PassRole on the provided import role which has the same permissions, as described below.

• The provided IAM role must trust the "cloudtrail.amazonaws.com" principal and have the following permissions:

  • cloudtrail:GetEventDataStoreData

  • logs:CreateLogGroup

  • logs:CreateLogStream

  • logs:PutResourcePolicy

  • (If source has an associated Amazon Web Services KMS Key) kms:Decrypt

  • (If source has an associated Amazon Web Services KMS Key) kms:GenerateDataKey

  Example IAM policy for provided import role:

  [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::123456789012:role/apiCallerCredentials", "Condition": { "StringLike": { "iam:AssociatedResourceARN": "arn:aws:logs:us-east-1:123456789012:log-group:aws/cloudtrail/f1d45bff-d0e3-4868-b5d9-2eb678aa32fb:*" } } }, { "Effect": "Allow", "Action": [ "cloudtrail:GetEventDataStoreData" ], "Resource": [ "arn:aws:cloudtrail:us-east-1:123456789012:eventdatastore/f1d45bff-d0e3-4868-b5d9-2eb678aa32fb" ] }, { "Effect": "Allow", "Action": [ "logs:CreateImportTask", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutResourcePolicy" ], "Resource": [ "arn:aws:logs:us-east-1:123456789012:log-group:/aws/cloudtrail/*" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": [ "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012" ] } ]

• If the import source has a customer managed key, the "cloudtrail.amazonaws.com" principal needs permissions to perform kms:Decrypt and kms:GenerateDataKey.

• There can be no more than 3 active imports per account at a given time.

• The startEventTime must be less than or equal to endEventTime.

• The data being imported must be within the specified source's retention period.

Method Signature

METHODS /AWS1/IF_CWL~CREATEIMPORTTASK
  IMPORTING
    !IV_IMPORTSOURCEARN TYPE /AWS1/CWLARN OPTIONAL
    !IV_IMPORTROLEARN TYPE /AWS1/CWLROLEARN OPTIONAL
    !IO_IMPORTFILTER TYPE REF TO /AWS1/CL_CWLIMPORTFILTER OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_cwlcreateimptaskrsp
  RAISING
    /AWS1/CX_CWLACCESSDENIEDEX
    /AWS1/CX_CWLCONFLICTEXCEPTION
    /AWS1/CX_CWLINVALIDOPERATIONEX
    /AWS1/CX_CWLINVALIDPARAMETEREX
    /AWS1/CX_CWLRESOURCENOTFOUNDEX
    /AWS1/CX_CWLTHROTTLINGEX
    /AWS1/CX_CWLVALIDATIONEX
    /AWS1/CX_CWLCLIENTEXC
    /AWS1/CX_CWLSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_importsourcearn TYPE /AWS1/CWLARN /AWS1/CWLARN

The ARN of the source to import from.

iv_importrolearn TYPE /AWS1/CWLROLEARN /AWS1/CWLROLEARN

The ARN of the IAM role that grants CloudWatch Logs permission to import from the CloudTrail Lake Event Data Store.

Optional arguments:

io_importfilter TYPE REF TO /AWS1/CL_CWLIMPORTFILTER /AWS1/CL_CWLIMPORTFILTER

Optional filters to constrain the import by CloudTrail event time. Times are specified in Unix timestamp milliseconds. The range of data being imported must be within the specified source's retention period.

RETURNING

oo_output TYPE REF TO /aws1/cl_cwlcreateimptaskrsp /AWS1/CL_CWLCREATEIMPTASKRSP

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->createimporttask(
  io_importfilter = new /aws1/cl_cwlimportfilter(
    iv_endeventtime = 123
    iv_starteventtime = 123
  )
  iv_importrolearn = |string|
  iv_importsourcearn = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_importid = lo_result->get_importid( ).
  lv_arn = lo_result->get_importdestinationarn( ).
  lv_timestamp = lo_result->get_creationtime( ).
ENDIF.