aws
diff --git a/‎packages/@aws-cdk/aws-cloudtrail/README.md
+14-10 b/‎packages/@aws-cdk/aws-cloudtrail/README.md
+14-10
diff --git a/‎packages/@aws-cdk/aws-codepipeline/package.json
+2-1 b/‎packages/@aws-cdk/aws-codepipeline/package.json
+2-1
diff --git a/‎packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json
+238-2 b/‎packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json
+238-2
diff --git a/‎packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.ts
+6-1 b/‎packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.ts
+6-1
diff --git a/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn-cross-region.expected.json
+2-3 b/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn-cross-region.expected.json
+2-3
diff --git a/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json
+1-2 b/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json
+1-2
diff --git a/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json
+1-2 b/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json
+1-2
diff --git a/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json
+2-3 b/‎packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json
+2-3
@@ -31,25 +31,29 @@ For example, to log to CloudWatch Logs
 import cloudtrail = require('@aws-cdk/aws-cloudtrail');
 
 const trail = new cloudtrail.CloudTrail(stack, 'CloudTrail', {
-    sendToCloudWatchLogs: true
+  sendToCloudWatchLogs: true
 });
 ```
 
-This creates the same setup as above - but also logs events to a created CloudWatch Log stream. By default, the created log group has a retention period of 365 Days, but this is also configurable.
+This creates the same setup as above - but also logs events to a created CloudWatch Log stream.
+By default, the created log group has a retention period of 365 Days, but this is also configurable.
 
-
-For using CloudTrail event selector to log specific S3 events, you can use the `CloudTrailProps` configuration object
-
-For example - this logs all ReadWriteEvents for the `magic-bucket` bucket:
+For using CloudTrail event selector to log specific S3 events,
+you can use the `CloudTrailProps` configuration object.
+Example:
 
 ```ts
 import cloudtrail = require('@aws-cdk/aws-cloudtrail');
 
-const trail = new cloudtrail.CloudTrail(stack, 'MyAmazingCloudTrail')
+const trail = new cloudtrail.CloudTrail(stack, 'MyAmazingCloudTrail');
 
-trail.addS3Filter("arn:aws:s3:::magic-bucket/"); // Adds an event selector to the bucket magic-bucket. By default, this includes management events and all operations (Read + Write)
+// Adds an event selector to the bucket magic-bucket.
+// By default, this includes management events and all operations (Read + Write)
+trail.addS3EventSelector(["arn:aws:s3:::magic-bucket/"]); 
 
-const configuration = { includeManagementEvents = false, readWriteType = ReadWriteType.All };
-trail.addS3Filter(["arn:aws:s3:::foo"], configuration ); // Adds an event selector to the bucket foo, with a specific configuration
+// Adds an event selector to the bucket foo, with a specific configuration
+trail.addS3EventSelector(["arn:aws:s3:::foo"], { 
+  includeManagementEvents: false,
+  readWriteType: ReadWriteType.All,
 });
 ```
@@ -62,6 +62,7 @@
   "devDependencies": {
     "@aws-cdk/assert": "^0.22.0",
     "@aws-cdk/aws-cloudformation": "^0.22.0",
+    "@aws-cdk/aws-cloudtrail": "^0.22.0",
     "@aws-cdk/aws-codebuild": "^0.22.0",
     "@aws-cdk/aws-codecommit": "^0.22.0",
     "@aws-cdk/aws-codedeploy": "^0.22.0",
@@ -98,4 +99,4 @@
       "construct-ctor:@aws-cdk/aws-codepipeline.CrossRegionScaffoldStack.<initializer>.params[1]"
     ]
   }
-}
+}
@@ -145,7 +145,7 @@
                     "Ref": "PipelineBucketB967BD35"
                   },
                   "S3ObjectKey": "key",
-                  "PollForSourceChanges": true
+                  "PollForSourceChanges": false
                 },
                 "InputArtifacts": [],
                 "Name": "Source",
@@ -188,6 +188,66 @@
         "PipelineRoleDefaultPolicyC7A05455"
       ]
     },
+    "PipelineEventsRole46BEEA7C": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "events.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "PipelineEventsRoleDefaultPolicyFF4FCCE0": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "codepipeline:StartPipelineExecution",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:",
+                    {
+                      "Ref": "AWS::Partition"
+                    },
+                    ":codepipeline:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":",
+                    {
+                      "Ref": "PipelineC660917D"
+                    }
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "PipelineEventsRoleDefaultPolicyFF4FCCE0",
+        "Roles": [
+          {
+            "Ref": "PipelineEventsRole46BEEA7C"
+          }
+        ]
+      }
+    },
     "PipelineBucketB967BD35": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
@@ -196,6 +256,182 @@
         }
       }
     },
+    "PipelineBucketawscdkcodepipelinelambdaPipeline87A4B3D3SourceEventRuleCE4D4505": {
+      "Type": "AWS::Events::Rule",
+      "Properties": {
+        "EventPattern": {
+          "source": [
+            "aws.s3"
+          ],
+          "detail-type": [
+            "AWS API Call via CloudTrail"
+          ],
+          "detail": {
+            "eventSource": [
+              "s3.amazonaws.com"
+            ],
+            "eventName": [
+              "PutObject"
+            ],
+            "resources": {
+              "ARN": [
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Fn::GetAtt": [
+                          "PipelineBucketB967BD35",
+                          "Arn"
+                        ]
+                      },
+                      "/key"
+                    ]
+                  ]
+                }
+              ]
+            }
+          }
+        },
+        "State": "ENABLED",
+        "Targets": [
+          {
+            "Arn": {
+              "Fn::Join": [
+                "",
+                [
+                  "arn:",
+                  {
+                    "Ref": "AWS::Partition"
+                  },
+                  ":codepipeline:",
+                  {
+                    "Ref": "AWS::Region"
+                  },
+                  ":",
+                  {
+                    "Ref": "AWS::AccountId"
+                  },
+                  ":",
+                  {
+                    "Ref": "PipelineC660917D"
+                  }
+                ]
+              ]
+            },
+            "Id": "Pipeline",
+            "RoleArn": {
+              "Fn::GetAtt": [
+                "PipelineEventsRole46BEEA7C",
+                "Arn"
+              ]
+            }
+          }
+        ]
+      }
+    },
+    "CloudTrailS310CD22F2": {
+      "Type": "AWS::S3::Bucket",
+      "DeletionPolicy": "Retain"
+    },
+    "CloudTrailS3PolicyEA49A03E": {
+      "Type": "AWS::S3::BucketPolicy",
+      "Properties": {
+        "Bucket": {
+          "Ref": "CloudTrailS310CD22F2"
+        },
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "s3:GetBucketAcl",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+              },
+              "Resource": {
+                "Fn::GetAtt": [
+                  "CloudTrailS310CD22F2",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Action": "s3:PutObject",
+              "Condition": {
+                "StringEquals": {
+                  "s3:x-amz-acl": "bucket-owner-full-control"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+              },
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    {
+                      "Fn::GetAtt": [
+                        "CloudTrailS310CD22F2",
+                        "Arn"
+                      ]
+                    },
+                    "/AWSLogs/",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    "/*"
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "CloudTrailA62D711D": {
+      "Type": "AWS::CloudTrail::Trail",
+      "Properties": {
+        "IsLogging": true,
+        "S3BucketName": {
+          "Ref": "CloudTrailS310CD22F2"
+        },
+        "EnableLogFileValidation": true,
+        "EventSelectors": [
+          {
+            "DataResources": [
+              {
+                "Type": "AWS::S3::Object",
+                "Values": [
+                  {
+                    "Fn::Join": [
+                      "",
+                      [
+                        {
+                          "Fn::GetAtt": [
+                            "PipelineBucketB967BD35",
+                            "Arn"
+                          ]
+                        },
+                        "/key"
+                      ]
+                    ]
+                  }
+                ]
+              }
+            ],
+            "IncludeManagementEvents": false,
+            "ReadWriteType": "WriteOnly"
+          }
+        ],
+        "IncludeGlobalServiceEvents": true,
+        "IsMultiRegionTrail": true
+      },
+      "DependsOn": [
+        "CloudTrailS3PolicyEA49A03E"
+      ]
+    },
     "LambdaFunServiceRoleF0979767": {
       "Type": "AWS::IAM::Role",
       "Properties": {
@@ -272,4 +508,4 @@
       ]
     }
   }
-}
+}
@@ -1,3 +1,4 @@
+import cloudtrail = require('@aws-cdk/aws-cloudtrail');
 import lambda = require('@aws-cdk/aws-lambda');
 import s3 = require('@aws-cdk/aws-s3');
 import cdk = require('@aws-cdk/cdk');
@@ -14,11 +15,15 @@ const bucket = new s3.Bucket(stack, 'PipelineBucket', {
   versioned: true,
   removalPolicy: cdk.RemovalPolicy.Destroy,
 });
+const key = 'key';
+const trail = new cloudtrail.CloudTrail(stack, 'CloudTrail');
+trail.addS3EventSelector([bucket.arnForObjects(key)], cloudtrail.ReadWriteType.WriteOnly);
 new s3.PipelineSourceAction(stack, 'Source', {
   stage: sourceStage,
   outputArtifactName: 'SourceArtifact',
   bucket,
-  bucketKey: 'key',
+  bucketKey: key,
+  pollForSourceChanges: false,
 });
 
 const lambdaFun = new lambda.Function(stack, 'LambdaFun', {
 
@@ -161,8 +161,7 @@
                   "S3Bucket": {
                     "Ref": "MyBucketF68F3FF0"
                   },
-                  "S3ObjectKey": "some/path",
-                  "PollForSourceChanges": true
+                  "S3ObjectKey": "some/path"
                 },
                 "InputArtifacts": [],
                 "Name": "S3",
@@ -245,4 +244,4 @@
       }
     }
   }
-}
+}
@@ -173,8 +173,7 @@
                   "S3Bucket": {
                     "Ref": "PipelineBucketB967BD35"
                   },
-                  "S3ObjectKey": "key",
-                  "PollForSourceChanges": true
+                  "S3ObjectKey": "key"
                 },
                 "InputArtifacts": [],
                 "Name": "Source",
 
@@ -275,8 +275,7 @@
                   "S3Bucket": {
                     "Ref": "MyBucketF68F3FF0"
                   },
-                  "S3ObjectKey": "some/path",
-                  "PollForSourceChanges": true
+                  "S3ObjectKey": "some/path"
                 },
                 "InputArtifacts": [],
                 "Name": "Source2",
 
@@ -284,8 +284,7 @@
                   "S3Bucket": {
                     "Ref": "CodeDeployPipelineIntegTest9F618D61"
                   },
-                  "S3ObjectKey": "application.zip",
-                  "PollForSourceChanges": true
+                  "S3ObjectKey": "application.zip"
                 },
                 "InputArtifacts": [],
                 "Name": "S3Source",
@@ -336,4 +335,4 @@
       ]
     }
   }
-}
+}
Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@`
`62`	`62`	`"devDependencies": {`
`63`	`63`	`"@aws-cdk/assert": "^0.22.0",`
`64`	`64`	`"@aws-cdk/aws-cloudformation": "^0.22.0",`
	`65`	`+ "@aws-cdk/aws-cloudtrail": "^0.22.0",`
`65`	`66`	`"@aws-cdk/aws-codebuild": "^0.22.0",`
`66`	`67`	`"@aws-cdk/aws-codecommit": "^0.22.0",`
`67`	`68`	`"@aws-cdk/aws-codedeploy": "^0.22.0",`
`@@ -98,4 +99,4 @@`
`98`	`99`	`"construct-ctor:@aws-cdk/aws-codepipeline.CrossRegionScaffoldStack.<initializer>.params[1]"`
`99`	`100`	`]`
`100`	`101`	`}`
`101`		`-}`
	`102`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -161,8 +161,7 @@`
`161`	`161`	`"S3Bucket": {`
`162`	`162`	`"Ref": "MyBucketF68F3FF0"`
`163`	`163`	`},`
`164`		`- "S3ObjectKey": "some/path",`
`165`		`- "PollForSourceChanges": true`
	`164`	`+ "S3ObjectKey": "some/path"`
`166`	`165`	`},`
`167`	`166`	`"InputArtifacts": [],`
`168`	`167`	`"Name": "S3",`
`@@ -245,4 +244,4 @@`
`245`	`244`	`}`
`246`	`245`	`}`
`247`	`246`	`}`
`248`		`-}`
	`247`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -284,8 +284,7 @@`
`284`	`284`	`"S3Bucket": {`
`285`	`285`	`"Ref": "CodeDeployPipelineIntegTest9F618D61"`
`286`	`286`	`},`
`287`		`- "S3ObjectKey": "application.zip",`
`288`		`- "PollForSourceChanges": true`
	`287`	`+ "S3ObjectKey": "application.zip"`
`289`	`288`	`},`
`290`	`289`	`"InputArtifacts": [],`
`291`	`290`	`"Name": "S3Source",`
`@@ -336,4 +335,4 @@`
`336`	`335`	`]`
`337`	`336`	`}`
`338`	`337`	`}`
`339`		`-}`
	`338`	`+}`