Amazon Security Lake is in preview release. Your use of the Security Lake preview is subject to -Section 2 of the Amazon Web Services Service -Terms("Betas and Previews").
-Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to automatically centralize security data from cloud, on-premises, and custom sources into a -data lake that's stored in your Amazon Web Servicesaccount. Amazon Web Services Organizations +data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations is an account management service that lets you consolidate multiple Amazon Web Services accounts into an organization that you create and centrally manage. With Organizations, you can create member accounts and invite existing accounts to join your organization. @@ -21,9 +16,9 @@ Security Lake helps you analyze security data for a more complete understanding security posture across the entire organization. It can also help you improve the protection of your workloads, applications, and data.
The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you -retain ownership over your data.
+retain ownership over your data.Amazon Security Lake integrates with CloudTrail, a service that provides a record of
-actions taken by a user, role, or an Amazon Web Services service in Security Lake CloudTrail captures API calls for Security Lake as events. The calls captured include calls
+actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls
from the Security Lake console and code calls to the Security Lake API operations. If you create a
trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still
view the most recent events in the CloudTrail console in Event history. Using the
@@ -251,7 +246,7 @@ CreateCustomLogSource
Amazon Security Lake is in preview release. Your use of the Security Lake preview is subject to
- * Section 2 of the Amazon Web Services Service
- * Terms("Betas and Previews"). Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to
+ * Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to
* automatically centralize security data from cloud, on-premises, and custom sources into a
- * data lake that's stored in your Amazon Web Servicesaccount. Amazon Web Services Organizations
+ * data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations
* is an account management service that lets you consolidate multiple Amazon Web Services
* accounts into an organization that you create and centrally manage. With Organizations, you
* can create member accounts and invite existing accounts to join your organization.
@@ -685,9 +638,9 @@ export interface SecurityLake {
* security posture across the entire organization. It can also help you improve the
* protection of your workloads, applications, and data. The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you
- * retain ownership over your data.
-CreateDatalake
+CreateDataLake
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createdatalakecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakecommandoutput.html)
@@ -259,26 +254,18 @@ CreateDatalake
-CreateDatalakeAutoEnable
+CreateDataLakeExceptionSubscription
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createdatalakeautoenablecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeautoenablecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeautoenablecommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createdatalakeexceptionsubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeexceptionsubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeexceptionsubscriptioncommandoutput.html)
-CreateDatalakeDelegatedAdmin
+CreateDataLakeOrganizationConfiguration
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createdatalakedelegatedadmincommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakedelegatedadmincommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakedelegatedadmincommandoutput.html)
-
-
-CreateDatalakeExceptionsSubscription
-
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createdatalakeexceptionssubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeexceptionssubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeexceptionssubscriptioncommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createdatalakeorganizationconfigurationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeorganizationconfigurationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createdatalakeorganizationconfigurationcommandoutput.html)
-CreateSubscriptionNotificationConfiguration
+CreateSubscriberNotification
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createsubscriptionnotificationconfigurationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createsubscriptionnotificationconfigurationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createsubscriptionnotificationconfigurationcommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/createsubscribernotificationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createsubscribernotificationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/createsubscribernotificationcommandoutput.html)
-DeleteDatalake
+DeleteDataLake
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletedatalakecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakecommandoutput.html)
@@ -323,26 +310,18 @@ DeleteDatalake
-DeleteDatalakeAutoEnable
-
-
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletedatalakeautoenablecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeautoenablecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeautoenablecommandoutput.html)
-
-
-DeleteDatalakeDelegatedAdmin
+DeleteDataLakeExceptionSubscription
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletedatalakedelegatedadmincommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakedelegatedadmincommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakedelegatedadmincommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletedatalakeexceptionsubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeexceptionsubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeexceptionsubscriptioncommandoutput.html)
-DeleteDatalakeExceptionsSubscription
+DeleteDataLakeOrganizationConfiguration
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletedatalakeexceptionssubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeexceptionssubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeexceptionssubscriptioncommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletedatalakeorganizationconfigurationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeorganizationconfigurationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletedatalakeorganizationconfigurationcommandoutput.html)
-DeleteSubscriptionNotificationConfiguration
+DeleteSubscriberNotification
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletesubscriptionnotificationconfigurationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletesubscriptionnotificationconfigurationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletesubscriptionnotificationconfigurationcommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deletesubscribernotificationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletesubscribernotificationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deletesubscribernotificationcommandoutput.html)
-GetDatalake
+DeregisterDataLakeDelegatedAdministrator
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakecommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/deregisterdatalakedelegatedadministratorcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deregisterdatalakedelegatedadministratorcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/deregisterdatalakedelegatedadministratorcommandoutput.html)
-GetDatalakeAutoEnable
+GetDataLakeExceptionSubscription
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakeautoenablecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeautoenablecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeautoenablecommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakeexceptionsubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeexceptionsubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeexceptionsubscriptioncommandoutput.html)
-GetDatalakeExceptionsExpiry
+GetDataLakeOrganizationConfiguration
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakeexceptionsexpirycommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeexceptionsexpirycommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeexceptionsexpirycommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakeorganizationconfigurationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeorganizationconfigurationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeorganizationconfigurationcommandoutput.html)
-GetDatalakeExceptionsSubscription
+GetDataLakeSources
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakeexceptionssubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeexceptionssubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakeexceptionssubscriptioncommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakesourcescommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakesourcescommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakesourcescommandoutput.html)
-GetDatalakeStatus
+GetSubscriber
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getdatalakestatuscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakestatuscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getdatalakestatuscommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getsubscribercommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getsubscribercommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getsubscribercommandoutput.html)
-GetSubscriber
+ListDataLakeExceptions
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/getsubscribercommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getsubscribercommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/getsubscribercommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/listdatalakeexceptionscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/listdatalakeexceptionscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/listdatalakeexceptionscommandoutput.html)
-ListDatalakeExceptions
+ListDataLakes
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/listdatalakeexceptionscommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/listdatalakeexceptionscommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/listdatalakeexceptionscommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/listdatalakescommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/listdatalakescommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/listdatalakescommandoutput.html)
-UpdateDatalake
+RegisterDataLakeDelegatedAdministrator
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatedatalakecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakecommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/registerdatalakedelegatedadministratorcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/registerdatalakedelegatedadministratorcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/registerdatalakedelegatedadministratorcommandoutput.html)
-UpdateDatalakeExceptionsExpiry
+UpdateDataLake
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatedatalakeexceptionsexpirycommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakeexceptionsexpirycommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakeexceptionsexpirycommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatedatalakecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakecommandoutput.html)
-UpdateDatalakeExceptionsSubscription
+UpdateDataLakeExceptionSubscription
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatedatalakeexceptionssubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakeexceptionssubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakeexceptionssubscriptioncommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatedatalakeexceptionsubscriptioncommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakeexceptionsubscriptioncommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatedatalakeexceptionsubscriptioncommandoutput.html)
-UpdateSubscriptionNotificationConfiguration
+UpdateSubscriberNotification
-[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatesubscriptionnotificationconfigurationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatesubscriptionnotificationconfigurationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatesubscriptionnotificationconfigurationcommandoutput.html)
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/classes/updatesubscribernotificationcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatesubscribernotificationcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-securitylake/interfaces/updatesubscribernotificationcommandoutput.html)
Amazon Security Lake integrates with CloudTrail, a service that provides a record of
- * actions taken by a user, role, or an Amazon Web Services service in Security Lake CloudTrail captures API calls for Security Lake as events. The calls captured include calls
+ * actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls
* from the Security Lake console and code calls to the Security Lake API operations. If you create a
* trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still
* view the most recent events in the CloudTrail console in Event history. Using the
diff --git a/clients/client-securitylake/src/SecurityLakeClient.ts b/clients/client-securitylake/src/SecurityLakeClient.ts
index bd1925d595a2..d48a46874efd 100644
--- a/clients/client-securitylake/src/SecurityLakeClient.ts
+++ b/clients/client-securitylake/src/SecurityLakeClient.ts
@@ -56,82 +56,74 @@ import {
CreateCustomLogSourceCommandInput,
CreateCustomLogSourceCommandOutput,
} from "./commands/CreateCustomLogSourceCommand";
+import { CreateDataLakeCommandInput, CreateDataLakeCommandOutput } from "./commands/CreateDataLakeCommand";
import {
- CreateDatalakeAutoEnableCommandInput,
- CreateDatalakeAutoEnableCommandOutput,
-} from "./commands/CreateDatalakeAutoEnableCommand";
-import { CreateDatalakeCommandInput, CreateDatalakeCommandOutput } from "./commands/CreateDatalakeCommand";
+ CreateDataLakeExceptionSubscriptionCommandInput,
+ CreateDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/CreateDataLakeExceptionSubscriptionCommand";
import {
- CreateDatalakeDelegatedAdminCommandInput,
- CreateDatalakeDelegatedAdminCommandOutput,
-} from "./commands/CreateDatalakeDelegatedAdminCommand";
-import {
- CreateDatalakeExceptionsSubscriptionCommandInput,
- CreateDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/CreateDatalakeExceptionsSubscriptionCommand";
+ CreateDataLakeOrganizationConfigurationCommandInput,
+ CreateDataLakeOrganizationConfigurationCommandOutput,
+} from "./commands/CreateDataLakeOrganizationConfigurationCommand";
import { CreateSubscriberCommandInput, CreateSubscriberCommandOutput } from "./commands/CreateSubscriberCommand";
import {
- CreateSubscriptionNotificationConfigurationCommandInput,
- CreateSubscriptionNotificationConfigurationCommandOutput,
-} from "./commands/CreateSubscriptionNotificationConfigurationCommand";
+ CreateSubscriberNotificationCommandInput,
+ CreateSubscriberNotificationCommandOutput,
+} from "./commands/CreateSubscriberNotificationCommand";
import { DeleteAwsLogSourceCommandInput, DeleteAwsLogSourceCommandOutput } from "./commands/DeleteAwsLogSourceCommand";
import {
DeleteCustomLogSourceCommandInput,
DeleteCustomLogSourceCommandOutput,
} from "./commands/DeleteCustomLogSourceCommand";
+import { DeleteDataLakeCommandInput, DeleteDataLakeCommandOutput } from "./commands/DeleteDataLakeCommand";
import {
- DeleteDatalakeAutoEnableCommandInput,
- DeleteDatalakeAutoEnableCommandOutput,
-} from "./commands/DeleteDatalakeAutoEnableCommand";
-import { DeleteDatalakeCommandInput, DeleteDatalakeCommandOutput } from "./commands/DeleteDatalakeCommand";
-import {
- DeleteDatalakeDelegatedAdminCommandInput,
- DeleteDatalakeDelegatedAdminCommandOutput,
-} from "./commands/DeleteDatalakeDelegatedAdminCommand";
+ DeleteDataLakeExceptionSubscriptionCommandInput,
+ DeleteDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/DeleteDataLakeExceptionSubscriptionCommand";
import {
- DeleteDatalakeExceptionsSubscriptionCommandInput,
- DeleteDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/DeleteDatalakeExceptionsSubscriptionCommand";
+ DeleteDataLakeOrganizationConfigurationCommandInput,
+ DeleteDataLakeOrganizationConfigurationCommandOutput,
+} from "./commands/DeleteDataLakeOrganizationConfigurationCommand";
import { DeleteSubscriberCommandInput, DeleteSubscriberCommandOutput } from "./commands/DeleteSubscriberCommand";
import {
- DeleteSubscriptionNotificationConfigurationCommandInput,
- DeleteSubscriptionNotificationConfigurationCommandOutput,
-} from "./commands/DeleteSubscriptionNotificationConfigurationCommand";
+ DeleteSubscriberNotificationCommandInput,
+ DeleteSubscriberNotificationCommandOutput,
+} from "./commands/DeleteSubscriberNotificationCommand";
import {
- GetDatalakeAutoEnableCommandInput,
- GetDatalakeAutoEnableCommandOutput,
-} from "./commands/GetDatalakeAutoEnableCommand";
-import { GetDatalakeCommandInput, GetDatalakeCommandOutput } from "./commands/GetDatalakeCommand";
+ DeregisterDataLakeDelegatedAdministratorCommandInput,
+ DeregisterDataLakeDelegatedAdministratorCommandOutput,
+} from "./commands/DeregisterDataLakeDelegatedAdministratorCommand";
import {
- GetDatalakeExceptionsExpiryCommandInput,
- GetDatalakeExceptionsExpiryCommandOutput,
-} from "./commands/GetDatalakeExceptionsExpiryCommand";
+ GetDataLakeExceptionSubscriptionCommandInput,
+ GetDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/GetDataLakeExceptionSubscriptionCommand";
import {
- GetDatalakeExceptionsSubscriptionCommandInput,
- GetDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/GetDatalakeExceptionsSubscriptionCommand";
-import { GetDatalakeStatusCommandInput, GetDatalakeStatusCommandOutput } from "./commands/GetDatalakeStatusCommand";
+ GetDataLakeOrganizationConfigurationCommandInput,
+ GetDataLakeOrganizationConfigurationCommandOutput,
+} from "./commands/GetDataLakeOrganizationConfigurationCommand";
+import { GetDataLakeSourcesCommandInput, GetDataLakeSourcesCommandOutput } from "./commands/GetDataLakeSourcesCommand";
import { GetSubscriberCommandInput, GetSubscriberCommandOutput } from "./commands/GetSubscriberCommand";
import {
- ListDatalakeExceptionsCommandInput,
- ListDatalakeExceptionsCommandOutput,
-} from "./commands/ListDatalakeExceptionsCommand";
+ ListDataLakeExceptionsCommandInput,
+ ListDataLakeExceptionsCommandOutput,
+} from "./commands/ListDataLakeExceptionsCommand";
+import { ListDataLakesCommandInput, ListDataLakesCommandOutput } from "./commands/ListDataLakesCommand";
import { ListLogSourcesCommandInput, ListLogSourcesCommandOutput } from "./commands/ListLogSourcesCommand";
import { ListSubscribersCommandInput, ListSubscribersCommandOutput } from "./commands/ListSubscribersCommand";
-import { UpdateDatalakeCommandInput, UpdateDatalakeCommandOutput } from "./commands/UpdateDatalakeCommand";
import {
- UpdateDatalakeExceptionsExpiryCommandInput,
- UpdateDatalakeExceptionsExpiryCommandOutput,
-} from "./commands/UpdateDatalakeExceptionsExpiryCommand";
+ RegisterDataLakeDelegatedAdministratorCommandInput,
+ RegisterDataLakeDelegatedAdministratorCommandOutput,
+} from "./commands/RegisterDataLakeDelegatedAdministratorCommand";
+import { UpdateDataLakeCommandInput, UpdateDataLakeCommandOutput } from "./commands/UpdateDataLakeCommand";
import {
- UpdateDatalakeExceptionsSubscriptionCommandInput,
- UpdateDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/UpdateDatalakeExceptionsSubscriptionCommand";
+ UpdateDataLakeExceptionSubscriptionCommandInput,
+ UpdateDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/UpdateDataLakeExceptionSubscriptionCommand";
import { UpdateSubscriberCommandInput, UpdateSubscriberCommandOutput } from "./commands/UpdateSubscriberCommand";
import {
- UpdateSubscriptionNotificationConfigurationCommandInput,
- UpdateSubscriptionNotificationConfigurationCommandOutput,
-} from "./commands/UpdateSubscriptionNotificationConfigurationCommand";
+ UpdateSubscriberNotificationCommandInput,
+ UpdateSubscriberNotificationCommandOutput,
+} from "./commands/UpdateSubscriberNotificationCommand";
import {
ClientInputEndpointParameters,
ClientResolvedEndpointParameters,
@@ -148,34 +140,32 @@ export { __Client };
export type ServiceInputTypes =
| CreateAwsLogSourceCommandInput
| CreateCustomLogSourceCommandInput
- | CreateDatalakeAutoEnableCommandInput
- | CreateDatalakeCommandInput
- | CreateDatalakeDelegatedAdminCommandInput
- | CreateDatalakeExceptionsSubscriptionCommandInput
+ | CreateDataLakeCommandInput
+ | CreateDataLakeExceptionSubscriptionCommandInput
+ | CreateDataLakeOrganizationConfigurationCommandInput
| CreateSubscriberCommandInput
- | CreateSubscriptionNotificationConfigurationCommandInput
+ | CreateSubscriberNotificationCommandInput
| DeleteAwsLogSourceCommandInput
| DeleteCustomLogSourceCommandInput
- | DeleteDatalakeAutoEnableCommandInput
- | DeleteDatalakeCommandInput
- | DeleteDatalakeDelegatedAdminCommandInput
- | DeleteDatalakeExceptionsSubscriptionCommandInput
+ | DeleteDataLakeCommandInput
+ | DeleteDataLakeExceptionSubscriptionCommandInput
+ | DeleteDataLakeOrganizationConfigurationCommandInput
| DeleteSubscriberCommandInput
- | DeleteSubscriptionNotificationConfigurationCommandInput
- | GetDatalakeAutoEnableCommandInput
- | GetDatalakeCommandInput
- | GetDatalakeExceptionsExpiryCommandInput
- | GetDatalakeExceptionsSubscriptionCommandInput
- | GetDatalakeStatusCommandInput
+ | DeleteSubscriberNotificationCommandInput
+ | DeregisterDataLakeDelegatedAdministratorCommandInput
+ | GetDataLakeExceptionSubscriptionCommandInput
+ | GetDataLakeOrganizationConfigurationCommandInput
+ | GetDataLakeSourcesCommandInput
| GetSubscriberCommandInput
- | ListDatalakeExceptionsCommandInput
+ | ListDataLakeExceptionsCommandInput
+ | ListDataLakesCommandInput
| ListLogSourcesCommandInput
| ListSubscribersCommandInput
- | UpdateDatalakeCommandInput
- | UpdateDatalakeExceptionsExpiryCommandInput
- | UpdateDatalakeExceptionsSubscriptionCommandInput
+ | RegisterDataLakeDelegatedAdministratorCommandInput
+ | UpdateDataLakeCommandInput
+ | UpdateDataLakeExceptionSubscriptionCommandInput
| UpdateSubscriberCommandInput
- | UpdateSubscriptionNotificationConfigurationCommandInput;
+ | UpdateSubscriberNotificationCommandInput;
/**
* @public
@@ -183,34 +173,32 @@ export type ServiceInputTypes =
export type ServiceOutputTypes =
| CreateAwsLogSourceCommandOutput
| CreateCustomLogSourceCommandOutput
- | CreateDatalakeAutoEnableCommandOutput
- | CreateDatalakeCommandOutput
- | CreateDatalakeDelegatedAdminCommandOutput
- | CreateDatalakeExceptionsSubscriptionCommandOutput
+ | CreateDataLakeCommandOutput
+ | CreateDataLakeExceptionSubscriptionCommandOutput
+ | CreateDataLakeOrganizationConfigurationCommandOutput
| CreateSubscriberCommandOutput
- | CreateSubscriptionNotificationConfigurationCommandOutput
+ | CreateSubscriberNotificationCommandOutput
| DeleteAwsLogSourceCommandOutput
| DeleteCustomLogSourceCommandOutput
- | DeleteDatalakeAutoEnableCommandOutput
- | DeleteDatalakeCommandOutput
- | DeleteDatalakeDelegatedAdminCommandOutput
- | DeleteDatalakeExceptionsSubscriptionCommandOutput
+ | DeleteDataLakeCommandOutput
+ | DeleteDataLakeExceptionSubscriptionCommandOutput
+ | DeleteDataLakeOrganizationConfigurationCommandOutput
| DeleteSubscriberCommandOutput
- | DeleteSubscriptionNotificationConfigurationCommandOutput
- | GetDatalakeAutoEnableCommandOutput
- | GetDatalakeCommandOutput
- | GetDatalakeExceptionsExpiryCommandOutput
- | GetDatalakeExceptionsSubscriptionCommandOutput
- | GetDatalakeStatusCommandOutput
+ | DeleteSubscriberNotificationCommandOutput
+ | DeregisterDataLakeDelegatedAdministratorCommandOutput
+ | GetDataLakeExceptionSubscriptionCommandOutput
+ | GetDataLakeOrganizationConfigurationCommandOutput
+ | GetDataLakeSourcesCommandOutput
| GetSubscriberCommandOutput
- | ListDatalakeExceptionsCommandOutput
+ | ListDataLakeExceptionsCommandOutput
+ | ListDataLakesCommandOutput
| ListLogSourcesCommandOutput
| ListSubscribersCommandOutput
- | UpdateDatalakeCommandOutput
- | UpdateDatalakeExceptionsExpiryCommandOutput
- | UpdateDatalakeExceptionsSubscriptionCommandOutput
+ | RegisterDataLakeDelegatedAdministratorCommandOutput
+ | UpdateDataLakeCommandOutput
+ | UpdateDataLakeExceptionSubscriptionCommandOutput
| UpdateSubscriberCommandOutput
- | UpdateSubscriptionNotificationConfigurationCommandOutput;
+ | UpdateSubscriberNotificationCommandOutput;
/**
* @public
@@ -376,14 +364,9 @@ export interface SecurityLakeClientResolvedConfig extends SecurityLakeClientReso
/**
* @public
- * Amazon Security Lake is in preview release. Your use of the Security Lake preview is subject to
- * Section 2 of the Amazon Web Services Service
- * Terms("Betas and Previews").
Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to + *
Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to * automatically centralize security data from cloud, on-premises, and custom sources into a - * data lake that's stored in your Amazon Web Servicesaccount. Amazon Web Services Organizations + * data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations * is an account management service that lets you consolidate multiple Amazon Web Services * accounts into an organization that you create and centrally manage. With Organizations, you * can create member accounts and invite existing accounts to join your organization. @@ -391,9 +374,9 @@ export interface SecurityLakeClientResolvedConfig extends SecurityLakeClientReso * security posture across the entire organization. It can also help you improve the * protection of your workloads, applications, and data.
*The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you - * retain ownership over your data.
+ * retain ownership over your data. *Amazon Security Lake integrates with CloudTrail, a service that provides a record of - * actions taken by a user, role, or an Amazon Web Services service in Security Lake CloudTrail captures API calls for Security Lake as events. The calls captured include calls + * actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls * from the Security Lake console and code calls to the Security Lake API operations. If you create a * trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still * view the most recent events in the CloudTrail console in Event history. Using the diff --git a/clients/client-securitylake/src/commands/CreateAwsLogSourceCommand.ts b/clients/client-securitylake/src/commands/CreateAwsLogSourceCommand.ts index b4bc38cf21eb..bc68cc6d944b 100644 --- a/clients/client-securitylake/src/commands/CreateAwsLogSourceCommand.ts +++ b/clients/client-securitylake/src/commands/CreateAwsLogSourceCommand.ts @@ -39,18 +39,10 @@ export interface CreateAwsLogSourceCommandOutput extends CreateAwsLogSourceRespo *
Adds a natively supported Amazon Web Service as an Amazon Security Lake source. Enables * source types for member accounts in required Amazon Web Services Regions, based on the * parameters you specify. You can choose any source type in any Region for either accounts - * that are part of a trusted organization or standalone accounts. At least one of the three - * dimensions is a mandatory input to this API. However, you can supply any combination of the - * three dimensions to this API.
- *By default, a dimension refers to the entire set. When you don't provide a dimension, - * Security Lake assumes that the missing dimension refers to the entire set. This is overridden - * when you supply any one of the inputs. For instance, when you do not specify members, the - * API enables all Security Lake member accounts for all sources. Similarly, when you do not - * specify Regions, Security Lake is enabled for all the Regions where Security Lake is available as a - * service.
+ * that are part of a trusted organization or standalone accounts. Once you add an Amazon Web Service as a source, Security Lake starts collecting logs and events from it, *You can use this API only to enable natively supported Amazon Web Services as a
* source. Use CreateCustomLogSource to enable data collection from a custom
- * source.
Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link S3Exception} (client fault) - *Provides an extension of the AmazonServiceException for errors reported by Amazon S3 while processing a request. In particular, this class provides access to the - * Amazon S3 extended request ID. If Amazon S3 is incorrectly handling a - * request and you need to contact Amazon, this extended request ID may provide useful - * debugging information.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/CreateCustomLogSourceCommand.ts b/clients/client-securitylake/src/commands/CreateCustomLogSourceCommand.ts index 3d8e97c45fd0..40df3b66b42a 100644 --- a/clients/client-securitylake/src/commands/CreateCustomLogSourceCommand.ts +++ b/clients/client-securitylake/src/commands/CreateCustomLogSourceCommand.ts @@ -41,7 +41,8 @@ export interface CreateCustomLogSourceCommandOutput extends CreateCustomLogSourc * third-party custom sources. After creating the appropriate IAM role to * invoke Glue crawler, use this API to add a custom source name in Security Lake. This * operation creates a partition in the Amazon S3 bucket for Security Lake as the target - * location for log files from the custom source in addition to an associated Glue table and an Glue crawler. + * location for log files from the custom source. In addition, this operation also creates an + * associated Glue table and an Glue crawler. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -49,19 +50,37 @@ export interface CreateCustomLogSourceCommandOutput extends CreateCustomLogSourc * // const { SecurityLakeClient, CreateCustomLogSourceCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); * const input = { // CreateCustomLogSourceRequest - * customSourceName: "STRING_VALUE", // required - * eventClass: "STRING_VALUE", // required - * glueInvocationRoleArn: "STRING_VALUE", // required - * logProviderAccountId: "STRING_VALUE", // required + * sourceName: "STRING_VALUE", // required + * sourceVersion: "STRING_VALUE", + * eventClasses: [ // OcsfEventClassList + * "STRING_VALUE", + * ], + * configuration: { // CustomLogSourceConfiguration + * crawlerConfiguration: { // CustomLogSourceCrawlerConfiguration + * roleArn: "STRING_VALUE", // required + * }, + * providerIdentity: { // AwsIdentity + * principal: "STRING_VALUE", // required + * externalId: "STRING_VALUE", // required + * }, + * }, * }; * const command = new CreateCustomLogSourceCommand(input); * const response = await client.send(command); * // { // CreateCustomLogSourceResponse - * // customDataLocation: "STRING_VALUE", // required - * // glueCrawlerName: "STRING_VALUE", // required - * // glueTableName: "STRING_VALUE", // required - * // glueDatabaseName: "STRING_VALUE", // required - * // logProviderAccessRoleArn: "STRING_VALUE", // required + * // source: { // CustomLogSourceResource + * // sourceName: "STRING_VALUE", + * // sourceVersion: "STRING_VALUE", + * // provider: { // CustomLogSourceProvider + * // roleArn: "STRING_VALUE", + * // location: "STRING_VALUE", + * // }, + * // attributes: { // CustomLogSourceAttributes + * // crawlerArn: "STRING_VALUE", + * // databaseArn: "STRING_VALUE", + * // tableArn: "STRING_VALUE", + * // }, + * // }, * // }; * * ``` @@ -78,27 +97,24 @@ export interface CreateCustomLogSourceCommandOutput extends CreateCustomLogSourc * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link BucketNotFoundException} (client fault) - *Amazon Security Lake generally returns 404 errors if the requested object is missing from the - * bucket.
- * - * @throws {@link ConflictSourceNamesException} (client fault) - *There was a conflict when you attempted to modify a Security Lake source name.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/CreateDatalakeCommand.ts b/clients/client-securitylake/src/commands/CreateDataLakeCommand.ts similarity index 56% rename from clients/client-securitylake/src/commands/CreateDatalakeCommand.ts rename to clients/client-securitylake/src/commands/CreateDataLakeCommand.ts index f21d420d1f26..f7fb69c77b64 100644 --- a/clients/client-securitylake/src/commands/CreateDatalakeCommand.ts +++ b/clients/client-securitylake/src/commands/CreateDataLakeCommand.ts @@ -13,8 +13,8 @@ import { import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; import { SerdeContext as __SerdeContext } from "@smithy/types"; -import { CreateDatalakeRequest, CreateDatalakeResponse } from "../models/models_0"; -import { de_CreateDatalakeCommand, se_CreateDatalakeCommand } from "../protocols/Aws_restJson1"; +import { CreateDataLakeRequest, CreateDataLakeResponse } from "../models/models_0"; +import { de_CreateDataLakeCommand, se_CreateDataLakeCommand } from "../protocols/Aws_restJson1"; import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; /** @@ -24,25 +24,24 @@ export { __MetadataBearer, $Command }; /** * @public * - * The input for {@link CreateDatalakeCommand}. + * The input for {@link CreateDataLakeCommand}. */ -export interface CreateDatalakeCommandInput extends CreateDatalakeRequest {} +export interface CreateDataLakeCommandInput extends CreateDataLakeRequest {} /** * @public * - * The output of {@link CreateDatalakeCommand}. + * The output of {@link CreateDataLakeCommand}. */ -export interface CreateDatalakeCommandOutput extends CreateDatalakeResponse, __MetadataBearer {} +export interface CreateDataLakeCommandOutput extends CreateDataLakeResponse, __MetadataBearer {} /** * @public *Initializes an Amazon Security Lake instance with the provided (or default) configuration. You
* can enable Security Lake in Amazon Web Services Regions with customized settings before enabling
- * log collection in Regions. You can either use the enableAll parameter to
- * specify all Regions or specify the Regions where you want to enable Security Lake. To specify
- * particular Regions, use the Regions parameter and then configure these Regions
- * using the configurations parameter. If you have already enabled Security Lake in a
- * Region when you call this command, the command will update the Region if you provide new
+ * log collection in Regions. By default, the CreateDataLake Security Lake in all
+ * Regions. To specify particular Regions, configure these Regions using the
+ * configurations parameter. If you have already enabled Security Lake in a Region
+ * when you call this command, the command will update the Region if you provide new
* configuration parameters. If you have not already enabled Security Lake in the Region when you
* call this API, it will set up the data lake in the Region with the specified
* configurations.
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * * @throws {@link ConflictException} (client fault) *Occurs when a conflict with a previous successful write is detected. This generally * occurs when the previous write did not have time to propagate to the host serving the @@ -109,28 +151,21 @@ export interface CreateDatalakeCommandOutput extends CreateDatalakeResponse, __M * * @throws {@link InternalServerException} (server fault) *
Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ServiceQuotaExceededException} (client fault) - *You have exceeded your service quota. To perform the requested action, remove some of - * the relevant resources, or use Service Quotas to request a service quota increase.
- * * @throws {@link ThrottlingException} (client fault) - *The limit on the number of requests per second was exceeded.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class CreateDatalakeCommand extends $Command< - CreateDatalakeCommandInput, - CreateDatalakeCommandOutput, +export class CreateDataLakeCommand extends $Command< + CreateDataLakeCommandInput, + CreateDataLakeCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -148,7 +183,7 @@ export class CreateDatalakeCommand extends $Command< /** * @public */ - constructor(readonly input: CreateDatalakeCommandInput) { + constructor(readonly input: CreateDataLakeCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -161,17 +196,17 @@ export class CreateDatalakeCommand extends $Command< clientStack: MiddlewareStackAmazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class CreateDatalakeExceptionsSubscriptionCommand extends $Command< - CreateDatalakeExceptionsSubscriptionCommandInput, - CreateDatalakeExceptionsSubscriptionCommandOutput, +export class CreateDataLakeExceptionSubscriptionCommand extends $Command< + CreateDataLakeExceptionSubscriptionCommandInput, + CreateDataLakeExceptionSubscriptionCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -110,7 +118,7 @@ export class CreateDatalakeExceptionsSubscriptionCommand extends $Command< /** * @public */ - constructor(readonly input: CreateDatalakeExceptionsSubscriptionCommandInput) { + constructor(readonly input: CreateDataLakeExceptionSubscriptionCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -123,17 +131,17 @@ export class CreateDatalakeExceptionsSubscriptionCommand extends $Command< clientStack: MiddlewareStackUpdates an existing notification method for the subscription (SQS or HTTPs endpoint) or - * switches the notification subscription endpoint for a subscriber.
+ *Automatically enables Amazon Security Lake for new member accounts in your organization. + * Security Lake is not automatically enabled for any existing member accounts in your + * organization.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, UpdateSubscriptionNotificationConfigurationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, UpdateSubscriptionNotificationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, CreateDataLakeOrganizationConfigurationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, CreateDataLakeOrganizationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // UpdateSubscriptionNotificationConfigurationRequest - * subscriptionId: "STRING_VALUE", // required - * subscriptionEndpoint: "STRING_VALUE", - * httpsApiKeyName: "STRING_VALUE", - * httpsApiKeyValue: "STRING_VALUE", - * httpsMethod: "STRING_VALUE", - * createSqs: true || false, - * roleArn: "STRING_VALUE", + * const input = { // CreateDataLakeOrganizationConfigurationRequest + * autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList // required + * { // DataLakeAutoEnableNewAccountConfiguration + * region: "STRING_VALUE", // required + * sources: [ // AwsLogSourceResourceList // required + * { // AwsLogSourceResource + * sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", + * sourceVersion: "STRING_VALUE", + * }, + * ], + * }, + * ], * }; - * const command = new UpdateSubscriptionNotificationConfigurationCommand(input); + * const command = new CreateDataLakeOrganizationConfigurationCommand(input); * const response = await client.send(command); - * // { // UpdateSubscriptionNotificationConfigurationResponse - * // queueArn: "STRING_VALUE", - * // }; + * // {}; * * ``` * - * @param UpdateSubscriptionNotificationConfigurationCommandInput - {@link UpdateSubscriptionNotificationConfigurationCommandInput} - * @returns {@link UpdateSubscriptionNotificationConfigurationCommandOutput} - * @see {@link UpdateSubscriptionNotificationConfigurationCommandInput} for command's `input` shape. - * @see {@link UpdateSubscriptionNotificationConfigurationCommandOutput} for command's `response` shape. + * @param CreateDataLakeOrganizationConfigurationCommandInput - {@link CreateDataLakeOrganizationConfigurationCommandInput} + * @returns {@link CreateDataLakeOrganizationConfigurationCommandOutput} + * @see {@link CreateDataLakeOrganizationConfigurationCommandInput} for command's `input` shape. + * @see {@link CreateDataLakeOrganizationConfigurationCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -82,35 +85,32 @@ export interface UpdateSubscriptionNotificationConfigurationCommandOutput * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link ConcurrentModificationException} (client fault) - *More than one process tried to modify a resource at the same time.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class UpdateSubscriptionNotificationConfigurationCommand extends $Command< - UpdateSubscriptionNotificationConfigurationCommandInput, - UpdateSubscriptionNotificationConfigurationCommandOutput, +export class CreateDataLakeOrganizationConfigurationCommand extends $Command< + CreateDataLakeOrganizationConfigurationCommandInput, + CreateDataLakeOrganizationConfigurationCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -128,7 +128,7 @@ export class UpdateSubscriptionNotificationConfigurationCommand extends $Command /** * @public */ - constructor(readonly input: UpdateSubscriptionNotificationConfigurationCommandInput) { + constructor(readonly input: CreateDataLakeOrganizationConfigurationCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -142,14 +142,14 @@ export class UpdateSubscriptionNotificationConfigurationCommand extends $Command configuration: SecurityLakeClientResolvedConfig, options?: __HttpHandlerOptions ): Handler< - UpdateSubscriptionNotificationConfigurationCommandInput, - UpdateSubscriptionNotificationConfigurationCommandOutput + CreateDataLakeOrganizationConfigurationCommandInput, + CreateDataLakeOrganizationConfigurationCommandOutput > { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); this.middlewareStack.use( getEndpointPlugin( configuration, - UpdateSubscriptionNotificationConfigurationCommand.getEndpointParameterInstructions() + CreateDataLakeOrganizationConfigurationCommand.getEndpointParameterInstructions() ) ); @@ -157,7 +157,7 @@ export class UpdateSubscriptionNotificationConfigurationCommand extends $Command const { logger } = configuration; const clientName = "SecurityLakeClient"; - const commandName = "UpdateSubscriptionNotificationConfigurationCommand"; + const commandName = "CreateDataLakeOrganizationConfigurationCommand"; const handlerExecutionContext: HandlerExecutionContext = { logger, clientName, @@ -177,10 +177,10 @@ export class UpdateSubscriptionNotificationConfigurationCommand extends $Command * @internal */ private serialize( - input: UpdateSubscriptionNotificationConfigurationCommandInput, + input: CreateDataLakeOrganizationConfigurationCommandInput, context: __SerdeContext ): Promise<__HttpRequest> { - return se_UpdateSubscriptionNotificationConfigurationCommand(input, context); + return se_CreateDataLakeOrganizationConfigurationCommand(input, context); } /** @@ -189,8 +189,8 @@ export class UpdateSubscriptionNotificationConfigurationCommand extends $Command private deserialize( output: __HttpResponse, context: __SerdeContext - ): PromiseAutomatically enables Amazon Security Lake for new member accounts in your organization. - * Security Lake is not automatically enabled for any existing member accounts in your - * organization.
- * @example - * Use a bare-bones client and the command you need to make an API call. - * ```javascript - * import { SecurityLakeClient, CreateDatalakeAutoEnableCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, CreateDatalakeAutoEnableCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import - * const client = new SecurityLakeClient(config); - * const input = { // CreateDatalakeAutoEnableRequest - * configurationForNewAccounts: [ // AutoEnableNewRegionConfigurationList // required - * { // AutoEnableNewRegionConfiguration - * region: "STRING_VALUE", // required - * sources: [ // AwsSourceTypeList // required - * "STRING_VALUE", - * ], - * }, - * ], - * }; - * const command = new CreateDatalakeAutoEnableCommand(input); - * const response = await client.send(command); - * // {}; - * - * ``` - * - * @param CreateDatalakeAutoEnableCommandInput - {@link CreateDatalakeAutoEnableCommandInput} - * @returns {@link CreateDatalakeAutoEnableCommandOutput} - * @see {@link CreateDatalakeAutoEnableCommandInput} for command's `input` shape. - * @see {@link CreateDatalakeAutoEnableCommandOutput} for command's `response` shape. - * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. - * - * @throws {@link AccessDeniedException} (client fault) - *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization - * request. An explicit denial occurs when a policy contains a Deny statement for the specific - * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also - * no applicable Allow statement.
- * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link InternalServerException} (server fault) - *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
- * - * @throws {@link SecurityLakeServiceException} - *Base exception class for all service exceptions from SecurityLake service.
- * - */ -export class CreateDatalakeAutoEnableCommand extends $Command< - CreateDatalakeAutoEnableCommandInput, - CreateDatalakeAutoEnableCommandOutput, - SecurityLakeClientResolvedConfig -> { - // Start section: command_properties - // End section: command_properties - - public static getEndpointParameterInstructions(): EndpointParameterInstructions { - return { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, - }; - } - - /** - * @public - */ - constructor(readonly input: CreateDatalakeAutoEnableCommandInput) { - // Start section: command_constructor - super(); - // End section: command_constructor - } - - /** - * @internal - */ - resolveMiddleware( - clientStack: MiddlewareStackAmazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link BucketNotFoundException} (client fault) - *Amazon Security Lake generally returns 404 errors if the requested object is missing from the - * bucket.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link ConflictSubscriptionException} (client fault) - *A conflicting subscription exception operation is in progress.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/CreateSubscriptionNotificationConfigurationCommand.ts b/clients/client-securitylake/src/commands/CreateSubscriberNotificationCommand.ts similarity index 52% rename from clients/client-securitylake/src/commands/CreateSubscriptionNotificationConfigurationCommand.ts rename to clients/client-securitylake/src/commands/CreateSubscriberNotificationCommand.ts index dfdbe74b4baa..75a45234c502 100644 --- a/clients/client-securitylake/src/commands/CreateSubscriptionNotificationConfigurationCommand.ts +++ b/clients/client-securitylake/src/commands/CreateSubscriberNotificationCommand.ts @@ -13,13 +13,10 @@ import { import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; import { SerdeContext as __SerdeContext } from "@smithy/types"; +import { CreateSubscriberNotificationRequest, CreateSubscriberNotificationResponse } from "../models/models_0"; import { - CreateSubscriptionNotificationConfigurationRequest, - CreateSubscriptionNotificationConfigurationResponse, -} from "../models/models_0"; -import { - de_CreateSubscriptionNotificationConfigurationCommand, - se_CreateSubscriptionNotificationConfigurationCommand, + de_CreateSubscriberNotificationCommand, + se_CreateSubscriberNotificationCommand, } from "../protocols/Aws_restJson1"; import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; @@ -30,17 +27,16 @@ export { __MetadataBearer, $Command }; /** * @public * - * The input for {@link CreateSubscriptionNotificationConfigurationCommand}. + * The input for {@link CreateSubscriberNotificationCommand}. */ -export interface CreateSubscriptionNotificationConfigurationCommandInput - extends CreateSubscriptionNotificationConfigurationRequest {} +export interface CreateSubscriberNotificationCommandInput extends CreateSubscriberNotificationRequest {} /** * @public * - * The output of {@link CreateSubscriptionNotificationConfigurationCommand}. + * The output of {@link CreateSubscriberNotificationCommand}. */ -export interface CreateSubscriptionNotificationConfigurationCommandOutput - extends CreateSubscriptionNotificationConfigurationResponse, +export interface CreateSubscriberNotificationCommandOutput + extends CreateSubscriberNotificationResponse, __MetadataBearer {} /** @@ -51,30 +47,34 @@ export interface CreateSubscriptionNotificationConfigurationCommandOutput * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, CreateSubscriptionNotificationConfigurationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, CreateSubscriptionNotificationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, CreateSubscriberNotificationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, CreateSubscriberNotificationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // CreateSubscriptionNotificationConfigurationRequest - * subscriptionId: "STRING_VALUE", // required - * subscriptionEndpoint: "STRING_VALUE", - * httpsApiKeyName: "STRING_VALUE", - * httpsApiKeyValue: "STRING_VALUE", - * httpsMethod: "STRING_VALUE", - * createSqs: true || false, - * roleArn: "STRING_VALUE", + * const input = { // CreateSubscriberNotificationRequest + * subscriberId: "STRING_VALUE", // required + * configuration: { // NotificationConfiguration Union: only one key present + * sqsNotificationConfiguration: {}, + * httpsNotificationConfiguration: { // HttpsNotificationConfiguration + * endpoint: "STRING_VALUE", // required + * authorizationApiKeyName: "STRING_VALUE", + * authorizationApiKeyValue: "STRING_VALUE", + * httpMethod: "POST" || "PUT", + * targetRoleArn: "STRING_VALUE", // required + * }, + * }, * }; - * const command = new CreateSubscriptionNotificationConfigurationCommand(input); + * const command = new CreateSubscriberNotificationCommand(input); * const response = await client.send(command); - * // { // CreateSubscriptionNotificationConfigurationResponse - * // queueArn: "STRING_VALUE", + * // { // CreateSubscriberNotificationResponse + * // subscriberEndpoint: "STRING_VALUE", * // }; * * ``` * - * @param CreateSubscriptionNotificationConfigurationCommandInput - {@link CreateSubscriptionNotificationConfigurationCommandInput} - * @returns {@link CreateSubscriptionNotificationConfigurationCommandOutput} - * @see {@link CreateSubscriptionNotificationConfigurationCommandInput} for command's `input` shape. - * @see {@link CreateSubscriptionNotificationConfigurationCommandOutput} for command's `response` shape. + * @param CreateSubscriberNotificationCommandInput - {@link CreateSubscriberNotificationCommandInput} + * @returns {@link CreateSubscriberNotificationCommandOutput} + * @see {@link CreateSubscriberNotificationCommandInput} for command's `input` shape. + * @see {@link CreateSubscriberNotificationCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -83,35 +83,32 @@ export interface CreateSubscriptionNotificationConfigurationCommandOutput * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link ConcurrentModificationException} (client fault) - *More than one process tried to modify a resource at the same time.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class CreateSubscriptionNotificationConfigurationCommand extends $Command< - CreateSubscriptionNotificationConfigurationCommandInput, - CreateSubscriptionNotificationConfigurationCommandOutput, +export class CreateSubscriberNotificationCommand extends $Command< + CreateSubscriberNotificationCommandInput, + CreateSubscriberNotificationCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -129,7 +126,7 @@ export class CreateSubscriptionNotificationConfigurationCommand extends $Command /** * @public */ - constructor(readonly input: CreateSubscriptionNotificationConfigurationCommandInput) { + constructor(readonly input: CreateSubscriberNotificationCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -142,23 +139,17 @@ export class CreateSubscriptionNotificationConfigurationCommand extends $Command clientStack: MiddlewareStackRemoves a natively supported Amazon Web Service as an Amazon Security Lake source. When - * you remove the source, Security Lake stops collecting data from that source, and subscribers - * can no longer consume new data from the source. Subscribers can still consume data that - * Security Lake collected from the source before disablement.
+ *Removes a natively supported Amazon Web Service as an Amazon Security Lake source. You + * can remove a source for one or more Regions. When you remove the source, Security Lake stops + * collecting data from that source in the specified Regions and accounts, and subscribers can + * no longer consume new data from the source. However, subscribers can still consume data + * that Security Lake collected from the source before removal.
*You can choose any source type in any Amazon Web Services Region for either accounts that - * are part of a trusted organization or standalone accounts. At least one of the three - * dimensions is a mandatory input to this API. However, you can supply any combination of the - * three dimensions to this API.
- *By default, a dimension refers to the entire set. This is overridden when you supply any - * one of the inputs. For instance, when you do not specify members, the API disables all - * Security Lake member accounts for sources. Similarly, when you do not specify Regions, - * Security Lake is disabled for all the Regions where Security Lake is available as a service.
- *When you don't provide a dimension, Security Lake assumes that the missing dimension refers - * to the entire set. For example, if you don't provide specific accounts, the API applies to - * the entire set of accounts in your organization.
+ * are part of a trusted organization or standalone accounts. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -58,32 +50,23 @@ export interface DeleteAwsLogSourceCommandOutput extends DeleteAwsLogSourceRespo * // const { SecurityLakeClient, DeleteAwsLogSourceCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); * const input = { // DeleteAwsLogSourceRequest - * inputOrder: [ // DimensionSet // required - * "STRING_VALUE", - * ], - * disableAllDimensions: { // AllDimensionsMap - * "Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/DeleteCustomLogSourceCommand.ts b/clients/client-securitylake/src/commands/DeleteCustomLogSourceCommand.ts index 0545d5394965..996fba6d257c 100644 --- a/clients/client-securitylake/src/commands/DeleteCustomLogSourceCommand.ts +++ b/clients/client-securitylake/src/commands/DeleteCustomLogSourceCommand.ts @@ -36,7 +36,8 @@ export interface DeleteCustomLogSourceCommandOutput extends DeleteCustomLogSourc /** * @public - *Removes a custom log source from Amazon Security Lake.
+ *Removes a custom log source from Amazon Security Lake, to stop sending data from the custom + * source to Security Lake.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -44,13 +45,12 @@ export interface DeleteCustomLogSourceCommandOutput extends DeleteCustomLogSourc * // const { SecurityLakeClient, DeleteCustomLogSourceCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); * const input = { // DeleteCustomLogSourceRequest - * customSourceName: "STRING_VALUE", // required + * sourceName: "STRING_VALUE", // required + * sourceVersion: "STRING_VALUE", * }; * const command = new DeleteCustomLogSourceCommand(input); * const response = await client.send(command); - * // { // DeleteCustomLogSourceResponse - * // customDataLocation: "STRING_VALUE", // required - * // }; + * // {}; * * ``` * @@ -66,27 +66,24 @@ export interface DeleteCustomLogSourceCommandOutput extends DeleteCustomLogSourc * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link BucketNotFoundException} (client fault) - *Amazon Security Lake generally returns 404 errors if the requested object is missing from the - * bucket.
- * - * @throws {@link ConflictSourceNamesException} (client fault) - *There was a conflict when you attempted to modify a Security Lake source name.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/DeleteDatalakeCommand.ts b/clients/client-securitylake/src/commands/DeleteDataLakeCommand.ts similarity index 63% rename from clients/client-securitylake/src/commands/DeleteDatalakeCommand.ts rename to clients/client-securitylake/src/commands/DeleteDataLakeCommand.ts index ce74bc32a648..a03891383bfb 100644 --- a/clients/client-securitylake/src/commands/DeleteDatalakeCommand.ts +++ b/clients/client-securitylake/src/commands/DeleteDataLakeCommand.ts @@ -13,8 +13,8 @@ import { import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; import { SerdeContext as __SerdeContext } from "@smithy/types"; -import { DeleteDatalakeRequest, DeleteDatalakeResponse } from "../models/models_0"; -import { de_DeleteDatalakeCommand, se_DeleteDatalakeCommand } from "../protocols/Aws_restJson1"; +import { DeleteDataLakeRequest, DeleteDataLakeResponse } from "../models/models_0"; +import { de_DeleteDataLakeCommand, se_DeleteDataLakeCommand } from "../protocols/Aws_restJson1"; import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; /** @@ -24,43 +24,47 @@ export { __MetadataBearer, $Command }; /** * @public * - * The input for {@link DeleteDatalakeCommand}. + * The input for {@link DeleteDataLakeCommand}. */ -export interface DeleteDatalakeCommandInput extends DeleteDatalakeRequest {} +export interface DeleteDataLakeCommandInput extends DeleteDataLakeRequest {} /** * @public * - * The output of {@link DeleteDatalakeCommand}. + * The output of {@link DeleteDataLakeCommand}. */ -export interface DeleteDatalakeCommandOutput extends DeleteDatalakeResponse, __MetadataBearer {} +export interface DeleteDataLakeCommandOutput extends DeleteDataLakeResponse, __MetadataBearer {} /** * @public - *When you delete Amazon Security Lake from your account, Security Lake is disabled in all Amazon Web Services Regions. Also, this API automatically takes steps to remove the account from - * Security Lake .
- *This operation disables security data collection from sources, deletes data stored, and
- * stops making data accessible to subscribers. Security Lake also deletes all the existing
- * settings and resources that it stores or maintains for your Amazon Web Services account in
- * the current Region, including security log and event data. The When you disable Amazon Security Lake from your account, Security Lake is disabled in all Amazon Web Services Regions and it stops collecting data from your sources. Also, this API
+ * automatically takes steps to remove the account from Security Lake. However, Security Lake retains
+ * all of your existing settings and the resources that it created in your Amazon Web Services
+ * account in the current Amazon Web Services Region. The DeleteDatalake
- * operation does not delete the Amazon S3 bucket, which is owned by your Amazon Web Services account. For more information, see the Amazon Security Lake User
+ * DeleteDataLake operation does not delete the data that is stored in
+ * your Amazon S3 bucket, which is owned by your Amazon Web Services account. For more
+ * information, see the Amazon Security Lake User
* Guide.
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * * @throws {@link ConflictException} (client fault) *Occurs when a conflict with a previous successful write is detected. This generally * occurs when the previous write did not have time to propagate to the host serving the @@ -77,28 +84,21 @@ export interface DeleteDatalakeCommandOutput extends DeleteDatalakeResponse, __M * * @throws {@link InternalServerException} (server fault) *
Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ServiceQuotaExceededException} (client fault) - *You have exceeded your service quota. To perform the requested action, remove some of - * the relevant resources, or use Service Quotas to request a service quota increase.
- * * @throws {@link ThrottlingException} (client fault) - *The limit on the number of requests per second was exceeded.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class DeleteDatalakeCommand extends $Command< - DeleteDatalakeCommandInput, - DeleteDatalakeCommandOutput, +export class DeleteDataLakeCommand extends $Command< + DeleteDataLakeCommandInput, + DeleteDataLakeCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -116,7 +116,7 @@ export class DeleteDatalakeCommand extends $Command< /** * @public */ - constructor(readonly input: DeleteDatalakeCommandInput) { + constructor(readonly input: DeleteDataLakeCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -129,17 +129,17 @@ export class DeleteDatalakeCommand extends $Command< clientStack: MiddlewareStackAmazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class DeleteDatalakeExceptionsSubscriptionCommand extends $Command< - DeleteDatalakeExceptionsSubscriptionCommandInput, - DeleteDatalakeExceptionsSubscriptionCommandOutput, +export class DeleteDataLakeExceptionSubscriptionCommand extends $Command< + DeleteDataLakeExceptionSubscriptionCommandInput, + DeleteDataLakeExceptionSubscriptionCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -109,7 +114,7 @@ export class DeleteDatalakeExceptionsSubscriptionCommand extends $Command< /** * @public */ - constructor(readonly input: DeleteDatalakeExceptionsSubscriptionCommandInput) { + constructor(readonly input: DeleteDataLakeExceptionSubscriptionCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -122,17 +127,17 @@ export class DeleteDatalakeExceptionsSubscriptionCommand extends $Command< clientStack: MiddlewareStackRemoves automatic the enablement of configuration settings for new member accounts (but + * retains the settings for the delegated administrator) from Amazon Security Lake. You must run this + * API using the credentials of the delegated administrator. When you run this API, new member + * accounts that are added after the organization enables Security Lake won't contribute to the + * data lake.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SecurityLakeClient, DeleteDataLakeOrganizationConfigurationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, DeleteDataLakeOrganizationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * const client = new SecurityLakeClient(config); + * const input = { // DeleteDataLakeOrganizationConfigurationRequest + * autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList // required + * { // DataLakeAutoEnableNewAccountConfiguration + * region: "STRING_VALUE", // required + * sources: [ // AwsLogSourceResourceList // required + * { // AwsLogSourceResource + * sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", + * sourceVersion: "STRING_VALUE", + * }, + * ], + * }, + * ], + * }; + * const command = new DeleteDataLakeOrganizationConfigurationCommand(input); + * const response = await client.send(command); + * // {}; + * + * ``` + * + * @param DeleteDataLakeOrganizationConfigurationCommandInput - {@link DeleteDataLakeOrganizationConfigurationCommandInput} + * @returns {@link DeleteDataLakeOrganizationConfigurationCommandOutput} + * @see {@link DeleteDataLakeOrganizationConfigurationCommandInput} for command's `input` shape. + * @see {@link DeleteDataLakeOrganizationConfigurationCommandOutput} for command's `response` shape. + * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization + * request. An explicit denial occurs when a policy contains a Deny statement for the specific + * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also + * no applicable Allow statement.
+ * + * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
+ * + * @throws {@link InternalServerException} (server fault) + *Internal service exceptions are sometimes caused by transient issues. Before you start + * troubleshooting, perform the operation again.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link SecurityLakeServiceException} + *Base exception class for all service exceptions from SecurityLake service.
+ * + */ +export class DeleteDataLakeOrganizationConfigurationCommand extends $Command< + DeleteDataLakeOrganizationConfigurationCommandInput, + DeleteDataLakeOrganizationConfigurationCommandOutput, + SecurityLakeClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: DeleteDataLakeOrganizationConfigurationCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack
- * DeleteDatalakeAutoEnable removes automatic enablement of configuration
- * settings for new member accounts (but keeps settings for the delegated administrator) from
- * Amazon Security Lake. You must run this API using credentials of the delegated administrator.
- * When you run this API, new member accounts that are added after the organization enables
- * Security Lake won't contribute to the data lake.
You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization - * request. An explicit denial occurs when a policy contains a Deny statement for the specific - * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also - * no applicable Allow statement.
- * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link InternalServerException} (server fault) - *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
- * - * @throws {@link SecurityLakeServiceException} - *Base exception class for all service exceptions from SecurityLake service.
- * - */ -export class DeleteDatalakeAutoEnableCommand extends $Command< - DeleteDatalakeAutoEnableCommandInput, - DeleteDatalakeAutoEnableCommandOutput, - SecurityLakeClientResolvedConfig -> { - // Start section: command_properties - // End section: command_properties - - public static getEndpointParameterInstructions(): EndpointParameterInstructions { - return { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, - }; - } - - /** - * @public - */ - constructor(readonly input: DeleteDatalakeAutoEnableCommandInput) { - // Start section: command_constructor - super(); - // End section: command_constructor - } - - /** - * @internal - */ - resolveMiddleware( - clientStack: MiddlewareStackDeletes the subscription permission for accounts that are already enabled in - * Amazon Security Lake. You can delete a subscriber and remove access to data in the current Amazon Web Services - * Region.
+ *Deletes the subscription permission and all notification settings for accounts that are
+ * already enabled in Amazon Security Lake. When you run DeleteSubscriber, the
+ * subscriber will no longer consume data from Security Lake and the subscriber is removed. This
+ * operation deletes the subscriber and removes access to data in the current Amazon Web Services Region.
Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link BucketNotFoundException} (client fault) - *Amazon Security Lake generally returns 404 errors if the requested object is missing from the - * bucket.
- * - * @throws {@link ConcurrentModificationException} (client fault) - *More than one process tried to modify a resource at the same time.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/DeleteDatalakeDelegatedAdminCommand.ts b/clients/client-securitylake/src/commands/DeleteSubscriberNotificationCommand.ts similarity index 60% rename from clients/client-securitylake/src/commands/DeleteDatalakeDelegatedAdminCommand.ts rename to clients/client-securitylake/src/commands/DeleteSubscriberNotificationCommand.ts index 306b09eff2f2..68622d3a8408 100644 --- a/clients/client-securitylake/src/commands/DeleteDatalakeDelegatedAdminCommand.ts +++ b/clients/client-securitylake/src/commands/DeleteSubscriberNotificationCommand.ts @@ -13,10 +13,10 @@ import { import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; import { SerdeContext as __SerdeContext } from "@smithy/types"; -import { DeleteDatalakeDelegatedAdminRequest, DeleteDatalakeDelegatedAdminResponse } from "../models/models_0"; +import { DeleteSubscriberNotificationRequest, DeleteSubscriberNotificationResponse } from "../models/models_0"; import { - de_DeleteDatalakeDelegatedAdminCommand, - se_DeleteDatalakeDelegatedAdminCommand, + de_DeleteSubscriberNotificationCommand, + se_DeleteSubscriberNotificationCommand, } from "../protocols/Aws_restJson1"; import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; @@ -27,42 +27,41 @@ export { __MetadataBearer, $Command }; /** * @public * - * The input for {@link DeleteDatalakeDelegatedAdminCommand}. + * The input for {@link DeleteSubscriberNotificationCommand}. */ -export interface DeleteDatalakeDelegatedAdminCommandInput extends DeleteDatalakeDelegatedAdminRequest {} +export interface DeleteSubscriberNotificationCommandInput extends DeleteSubscriberNotificationRequest {} /** * @public * - * The output of {@link DeleteDatalakeDelegatedAdminCommand}. + * The output of {@link DeleteSubscriberNotificationCommand}. */ -export interface DeleteDatalakeDelegatedAdminCommandOutput - extends DeleteDatalakeDelegatedAdminResponse, +export interface DeleteSubscriberNotificationCommandOutput + extends DeleteSubscriberNotificationResponse, __MetadataBearer {} /** * @public - *Deletes the Amazon Security Lake delegated administrator account for the organization. This API - * can only be called by the organization management account. The organization management - * account cannot be the delegated administrator account.
+ *Deletes the specified notification subscription in Amazon Security Lake for the organization + * you specify.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, DeleteDatalakeDelegatedAdminCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, DeleteDatalakeDelegatedAdminCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, DeleteSubscriberNotificationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, DeleteSubscriberNotificationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // DeleteDatalakeDelegatedAdminRequest - * account: "STRING_VALUE", // required + * const input = { // DeleteSubscriberNotificationRequest + * subscriberId: "STRING_VALUE", // required * }; - * const command = new DeleteDatalakeDelegatedAdminCommand(input); + * const command = new DeleteSubscriberNotificationCommand(input); * const response = await client.send(command); * // {}; * * ``` * - * @param DeleteDatalakeDelegatedAdminCommandInput - {@link DeleteDatalakeDelegatedAdminCommandInput} - * @returns {@link DeleteDatalakeDelegatedAdminCommandOutput} - * @see {@link DeleteDatalakeDelegatedAdminCommandInput} for command's `input` shape. - * @see {@link DeleteDatalakeDelegatedAdminCommandOutput} for command's `response` shape. + * @param DeleteSubscriberNotificationCommandInput - {@link DeleteSubscriberNotificationCommandInput} + * @returns {@link DeleteSubscriberNotificationCommandOutput} + * @see {@link DeleteSubscriberNotificationCommandInput} for command's `input` shape. + * @see {@link DeleteSubscriberNotificationCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -71,23 +70,32 @@ export interface DeleteDatalakeDelegatedAdminCommandOutput * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * + * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
+ * * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * - * @throws {@link ThrottlingException} (client fault) - *The limit on the number of requests per second was exceeded.
+ * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class DeleteDatalakeDelegatedAdminCommand extends $Command< - DeleteDatalakeDelegatedAdminCommandInput, - DeleteDatalakeDelegatedAdminCommandOutput, +export class DeleteSubscriberNotificationCommand extends $Command< + DeleteSubscriberNotificationCommandInput, + DeleteSubscriberNotificationCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -105,7 +113,7 @@ export class DeleteDatalakeDelegatedAdminCommand extends $Command< /** * @public */ - constructor(readonly input: DeleteDatalakeDelegatedAdminCommandInput) { + constructor(readonly input: DeleteSubscriberNotificationCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -118,17 +126,17 @@ export class DeleteDatalakeDelegatedAdminCommand extends $Command< clientStack: MiddlewareStackDeletes the specified notification subscription in Amazon Security Lake for the organization - * you specify.
+ *Deletes the Amazon Security Lake delegated administrator account for the organization. This API + * can only be called by the organization management account. The organization management + * account cannot be the delegated administrator account.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, DeleteSubscriptionNotificationConfigurationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, DeleteSubscriptionNotificationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, DeregisterDataLakeDelegatedAdministratorCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, DeregisterDataLakeDelegatedAdministratorCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // DeleteSubscriptionNotificationConfigurationRequest - * subscriptionId: "STRING_VALUE", // required - * }; - * const command = new DeleteSubscriptionNotificationConfigurationCommand(input); + * const input = {}; + * const command = new DeregisterDataLakeDelegatedAdministratorCommand(input); * const response = await client.send(command); * // {}; * * ``` * - * @param DeleteSubscriptionNotificationConfigurationCommandInput - {@link DeleteSubscriptionNotificationConfigurationCommandInput} - * @returns {@link DeleteSubscriptionNotificationConfigurationCommandOutput} - * @see {@link DeleteSubscriptionNotificationConfigurationCommandInput} for command's `input` shape. - * @see {@link DeleteSubscriptionNotificationConfigurationCommandOutput} for command's `response` shape. + * @param DeregisterDataLakeDelegatedAdministratorCommandInput - {@link DeregisterDataLakeDelegatedAdministratorCommandInput} + * @returns {@link DeregisterDataLakeDelegatedAdministratorCommandOutput} + * @see {@link DeregisterDataLakeDelegatedAdministratorCommandInput} for command's `input` shape. + * @see {@link DeregisterDataLakeDelegatedAdministratorCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -74,35 +73,32 @@ export interface DeleteSubscriptionNotificationConfigurationCommandOutput * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link ConcurrentModificationException} (client fault) - *More than one process tried to modify a resource at the same time.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class DeleteSubscriptionNotificationConfigurationCommand extends $Command< - DeleteSubscriptionNotificationConfigurationCommandInput, - DeleteSubscriptionNotificationConfigurationCommandOutput, +export class DeregisterDataLakeDelegatedAdministratorCommand extends $Command< + DeregisterDataLakeDelegatedAdministratorCommandInput, + DeregisterDataLakeDelegatedAdministratorCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -120,7 +116,7 @@ export class DeleteSubscriptionNotificationConfigurationCommand extends $Command /** * @public */ - constructor(readonly input: DeleteSubscriptionNotificationConfigurationCommandInput) { + constructor(readonly input: DeregisterDataLakeDelegatedAdministratorCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -134,14 +130,14 @@ export class DeleteSubscriptionNotificationConfigurationCommand extends $Command configuration: SecurityLakeClientResolvedConfig, options?: __HttpHandlerOptions ): Handler< - DeleteSubscriptionNotificationConfigurationCommandInput, - DeleteSubscriptionNotificationConfigurationCommandOutput + DeregisterDataLakeDelegatedAdministratorCommandInput, + DeregisterDataLakeDelegatedAdministratorCommandOutput > { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); this.middlewareStack.use( getEndpointPlugin( configuration, - DeleteSubscriptionNotificationConfigurationCommand.getEndpointParameterInstructions() + DeregisterDataLakeDelegatedAdministratorCommand.getEndpointParameterInstructions() ) ); @@ -149,7 +145,7 @@ export class DeleteSubscriptionNotificationConfigurationCommand extends $Command const { logger } = configuration; const clientName = "SecurityLakeClient"; - const commandName = "DeleteSubscriptionNotificationConfigurationCommand"; + const commandName = "DeregisterDataLakeDelegatedAdministratorCommand"; const handlerExecutionContext: HandlerExecutionContext = { logger, clientName, @@ -169,10 +165,10 @@ export class DeleteSubscriptionNotificationConfigurationCommand extends $Command * @internal */ private serialize( - input: DeleteSubscriptionNotificationConfigurationCommandInput, + input: DeregisterDataLakeDelegatedAdministratorCommandInput, context: __SerdeContext ): Promise<__HttpRequest> { - return se_DeleteSubscriptionNotificationConfigurationCommand(input, context); + return se_DeregisterDataLakeDelegatedAdministratorCommand(input, context); } /** @@ -181,8 +177,8 @@ export class DeleteSubscriptionNotificationConfigurationCommand extends $Command private deserialize( output: __HttpResponse, context: __SerdeContext - ): PromiseAmazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class GetDatalakeExceptionsSubscriptionCommand extends $Command< - GetDatalakeExceptionsSubscriptionCommandInput, - GetDatalakeExceptionsSubscriptionCommandOutput, +export class GetDataLakeExceptionSubscriptionCommand extends $Command< + GetDataLakeExceptionSubscriptionCommandInput, + GetDataLakeExceptionSubscriptionCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -111,7 +114,7 @@ export class GetDatalakeExceptionsSubscriptionCommand extends $Command< /** * @public */ - constructor(readonly input: GetDatalakeExceptionsSubscriptionCommandInput) { + constructor(readonly input: GetDataLakeExceptionSubscriptionCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -124,17 +127,17 @@ export class GetDatalakeExceptionsSubscriptionCommand extends $Command< clientStack: MiddlewareStackRetrieves the configuration that will be automatically set up for accounts added to the + * organization after the organization has onboarded to Amazon Security Lake. This API does not take + * input parameters.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SecurityLakeClient, GetDataLakeOrganizationConfigurationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, GetDataLakeOrganizationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * const client = new SecurityLakeClient(config); + * const input = {}; + * const command = new GetDataLakeOrganizationConfigurationCommand(input); + * const response = await client.send(command); + * // { // GetDataLakeOrganizationConfigurationResponse + * // autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList + * // { // DataLakeAutoEnableNewAccountConfiguration + * // region: "STRING_VALUE", // required + * // sources: [ // AwsLogSourceResourceList // required + * // { // AwsLogSourceResource + * // sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", + * // sourceVersion: "STRING_VALUE", + * // }, + * // ], + * // }, + * // ], + * // }; + * + * ``` + * + * @param GetDataLakeOrganizationConfigurationCommandInput - {@link GetDataLakeOrganizationConfigurationCommandInput} + * @returns {@link GetDataLakeOrganizationConfigurationCommandOutput} + * @see {@link GetDataLakeOrganizationConfigurationCommandInput} for command's `input` shape. + * @see {@link GetDataLakeOrganizationConfigurationCommandOutput} for command's `response` shape. + * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization + * request. An explicit denial occurs when a policy contains a Deny statement for the specific + * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also + * no applicable Allow statement.
+ * + * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
+ * + * @throws {@link InternalServerException} (server fault) + *Internal service exceptions are sometimes caused by transient issues. Before you start + * troubleshooting, perform the operation again.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link SecurityLakeServiceException} + *Base exception class for all service exceptions from SecurityLake service.
+ * + */ +export class GetDataLakeOrganizationConfigurationCommand extends $Command< + GetDataLakeOrganizationConfigurationCommandInput, + GetDataLakeOrganizationConfigurationCommandOutput, + SecurityLakeClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: GetDataLakeOrganizationConfigurationCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackRetrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled - * for those accounts and which sources Security Lake is collecting data from.
+ * for those accounts and which sources Security Lake is collecting data from. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, GetDatalakeStatusCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, GetDatalakeStatusCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, GetDataLakeSourcesCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, GetDataLakeSourcesCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // GetDatalakeStatusRequest - * accountSet: [ // InputSet + * const input = { // GetDataLakeSourcesRequest + * accounts: [ // AccountList * "STRING_VALUE", * ], - * maxAccountResults: Number("int"), + * maxResults: Number("int"), * nextToken: "STRING_VALUE", * }; - * const command = new GetDatalakeStatusCommand(input); + * const command = new GetDataLakeSourcesCommand(input); * const response = await client.send(command); - * // { // GetDatalakeStatusResponse - * // accountSourcesList: [ // AccountSourcesList // required - * // { // AccountSources - * // account: "STRING_VALUE", // required - * // sourceType: "STRING_VALUE", // required - * // logsStatus: [ // LogsStatusList - * // { // LogsStatus - * // pathToLogs: "STRING_VALUE", // required - * // healthStatus: "STRING_VALUE", // required + * // { // GetDataLakeSourcesResponse + * // dataLakeArn: "STRING_VALUE", + * // dataLakeSources: [ // DataLakeSourceList + * // { // DataLakeSource + * // account: "STRING_VALUE", + * // sourceName: "STRING_VALUE", + * // eventClasses: [ // OcsfEventClassList + * // "STRING_VALUE", + * // ], + * // sourceStatuses: [ // DataLakeSourceStatusList + * // { // DataLakeSourceStatus + * // resource: "STRING_VALUE", + * // status: "COLLECTING" || "MISCONFIGURED" || "NOT_COLLECTING", * // }, * // ], - * // eventClass: "STRING_VALUE", * // }, * // ], * // nextToken: "STRING_VALUE", @@ -72,10 +75,10 @@ export interface GetDatalakeStatusCommandOutput extends GetDatalakeStatusRespons * * ``` * - * @param GetDatalakeStatusCommandInput - {@link GetDatalakeStatusCommandInput} - * @returns {@link GetDatalakeStatusCommandOutput} - * @see {@link GetDatalakeStatusCommandInput} for command's `input` shape. - * @see {@link GetDatalakeStatusCommandOutput} for command's `response` shape. + * @param GetDataLakeSourcesCommandInput - {@link GetDataLakeSourcesCommandInput} + * @returns {@link GetDataLakeSourcesCommandOutput} + * @see {@link GetDataLakeSourcesCommandInput} for command's `input` shape. + * @see {@link GetDataLakeSourcesCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -84,25 +87,32 @@ export interface GetDatalakeStatusCommandOutput extends GetDatalakeStatusRespons * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class GetDatalakeStatusCommand extends $Command< - GetDatalakeStatusCommandInput, - GetDatalakeStatusCommandOutput, +export class GetDataLakeSourcesCommand extends $Command< + GetDataLakeSourcesCommandInput, + GetDataLakeSourcesCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -120,7 +130,7 @@ export class GetDatalakeStatusCommand extends $Command< /** * @public */ - constructor(readonly input: GetDatalakeStatusCommandInput) { + constructor(readonly input: GetDataLakeSourcesCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -133,17 +143,17 @@ export class GetDatalakeStatusCommand extends $Command< clientStack: MiddlewareStackRetrieves the configuration that will be automatically set up for accounts added to the - * organization after the organization has onboarded to Amazon Security Lake. This API does not take - * input parameters.
- * @example - * Use a bare-bones client and the command you need to make an API call. - * ```javascript - * import { SecurityLakeClient, GetDatalakeAutoEnableCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, GetDatalakeAutoEnableCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import - * const client = new SecurityLakeClient(config); - * const input = {}; - * const command = new GetDatalakeAutoEnableCommand(input); - * const response = await client.send(command); - * // { // GetDatalakeAutoEnableResponse - * // autoEnableNewAccounts: [ // AutoEnableNewRegionConfigurationList // required - * // { // AutoEnableNewRegionConfiguration - * // region: "STRING_VALUE", // required - * // sources: [ // AwsSourceTypeList // required - * // "STRING_VALUE", - * // ], - * // }, - * // ], - * // }; - * - * ``` - * - * @param GetDatalakeAutoEnableCommandInput - {@link GetDatalakeAutoEnableCommandInput} - * @returns {@link GetDatalakeAutoEnableCommandOutput} - * @see {@link GetDatalakeAutoEnableCommandInput} for command's `input` shape. - * @see {@link GetDatalakeAutoEnableCommandOutput} for command's `response` shape. - * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. - * - * @throws {@link AccessDeniedException} (client fault) - *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization - * request. An explicit denial occurs when a policy contains a Deny statement for the specific - * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also - * no applicable Allow statement.
- * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link InternalServerException} (server fault) - *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
- * - * @throws {@link SecurityLakeServiceException} - *Base exception class for all service exceptions from SecurityLake service.
- * - */ -export class GetDatalakeAutoEnableCommand extends $Command< - GetDatalakeAutoEnableCommandInput, - GetDatalakeAutoEnableCommandOutput, - SecurityLakeClientResolvedConfig -> { - // Start section: command_properties - // End section: command_properties - - public static getEndpointParameterInstructions(): EndpointParameterInstructions { - return { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, - }; - } - - /** - * @public - */ - constructor(readonly input: GetDatalakeAutoEnableCommandInput) { - // Start section: command_constructor - super(); - // End section: command_constructor - } - - /** - * @internal - */ - resolveMiddleware( - clientStack: MiddlewareStackRetrieves the expiration period and time-to-live (TTL) for which the exception message - * will remain. Exceptions are stored by default, for 2 weeks from when a record was created - * in Amazon Security Lake. This API does not take input parameters.
- * @example - * Use a bare-bones client and the command you need to make an API call. - * ```javascript - * import { SecurityLakeClient, GetDatalakeExceptionsExpiryCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, GetDatalakeExceptionsExpiryCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import - * const client = new SecurityLakeClient(config); - * const input = {}; - * const command = new GetDatalakeExceptionsExpiryCommand(input); - * const response = await client.send(command); - * // { // GetDatalakeExceptionsExpiryResponse - * // exceptionMessageExpiry: Number("long"), // required - * // }; - * - * ``` - * - * @param GetDatalakeExceptionsExpiryCommandInput - {@link GetDatalakeExceptionsExpiryCommandInput} - * @returns {@link GetDatalakeExceptionsExpiryCommandOutput} - * @see {@link GetDatalakeExceptionsExpiryCommandInput} for command's `input` shape. - * @see {@link GetDatalakeExceptionsExpiryCommandOutput} for command's `response` shape. - * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. - * - * @throws {@link AccessDeniedException} (client fault) - *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization - * request. An explicit denial occurs when a policy contains a Deny statement for the specific - * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also - * no applicable Allow statement.
- * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link InternalServerException} (server fault) - *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
- * - * @throws {@link SecurityLakeServiceException} - *Base exception class for all service exceptions from SecurityLake service.
- * - */ -export class GetDatalakeExceptionsExpiryCommand extends $Command< - GetDatalakeExceptionsExpiryCommandInput, - GetDatalakeExceptionsExpiryCommandOutput, - SecurityLakeClientResolvedConfig -> { - // Start section: command_properties - // End section: command_properties - - public static getEndpointParameterInstructions(): EndpointParameterInstructions { - return { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, - }; - } - - /** - * @public - */ - constructor(readonly input: GetDatalakeExceptionsExpiryCommandInput) { - // Start section: command_constructor - super(); - // End section: command_constructor - } - - /** - * @internal - */ - resolveMiddleware( - clientStack: MiddlewareStackAmazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* diff --git a/clients/client-securitylake/src/commands/ListDatalakeExceptionsCommand.ts b/clients/client-securitylake/src/commands/ListDataLakeExceptionsCommand.ts similarity index 61% rename from clients/client-securitylake/src/commands/ListDatalakeExceptionsCommand.ts rename to clients/client-securitylake/src/commands/ListDataLakeExceptionsCommand.ts index ccdb68d19e4d..fa7e7c9bb0ec 100644 --- a/clients/client-securitylake/src/commands/ListDatalakeExceptionsCommand.ts +++ b/clients/client-securitylake/src/commands/ListDataLakeExceptionsCommand.ts @@ -13,8 +13,8 @@ import { import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; import { SerdeContext as __SerdeContext } from "@smithy/types"; -import { ListDatalakeExceptionsRequest, ListDatalakeExceptionsResponse } from "../models/models_0"; -import { de_ListDatalakeExceptionsCommand, se_ListDatalakeExceptionsCommand } from "../protocols/Aws_restJson1"; +import { ListDataLakeExceptionsRequest, ListDataLakeExceptionsResponse } from "../models/models_0"; +import { de_ListDataLakeExceptionsCommand, se_ListDataLakeExceptionsCommand } from "../protocols/Aws_restJson1"; import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; /** @@ -24,15 +24,15 @@ export { __MetadataBearer, $Command }; /** * @public * - * The input for {@link ListDatalakeExceptionsCommand}. + * The input for {@link ListDataLakeExceptionsCommand}. */ -export interface ListDatalakeExceptionsCommandInput extends ListDatalakeExceptionsRequest {} +export interface ListDataLakeExceptionsCommandInput extends ListDataLakeExceptionsRequest {} /** * @public * - * The output of {@link ListDatalakeExceptionsCommand}. + * The output of {@link ListDataLakeExceptionsCommand}. */ -export interface ListDatalakeExceptionsCommandOutput extends ListDatalakeExceptionsResponse, __MetadataBearer {} +export interface ListDataLakeExceptionsCommandOutput extends ListDataLakeExceptionsResponse, __MetadataBearer {} /** * @public @@ -41,29 +41,25 @@ export interface ListDatalakeExceptionsCommandOutput extends ListDatalakeExcepti * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, ListDatalakeExceptionsCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, ListDatalakeExceptionsCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, ListDataLakeExceptionsCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, ListDataLakeExceptionsCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // ListDatalakeExceptionsRequest - * regionSet: [ // RegionSet + * const input = { // ListDataLakeExceptionsRequest + * regions: [ // RegionList * "STRING_VALUE", * ], - * maxFailures: Number("int"), + * maxResults: Number("int"), * nextToken: "STRING_VALUE", * }; - * const command = new ListDatalakeExceptionsCommand(input); + * const command = new ListDataLakeExceptionsCommand(input); * const response = await client.send(command); - * // { // ListDatalakeExceptionsResponse - * // nonRetryableFailures: [ // FailuresResponseList // required - * // { // FailuresResponse + * // { // ListDataLakeExceptionsResponse + * // exceptions: [ // DataLakeExceptionList + * // { // DataLakeException * // region: "STRING_VALUE", - * // failures: [ // Failureslist - * // { // Failures - * // exceptionMessage: "STRING_VALUE", // required - * // remediation: "STRING_VALUE", // required - * // timestamp: new Date("TIMESTAMP"), // required - * // }, - * // ], + * // exception: "STRING_VALUE", + * // remediation: "STRING_VALUE", + * // timestamp: new Date("TIMESTAMP"), * // }, * // ], * // nextToken: "STRING_VALUE", @@ -71,10 +67,10 @@ export interface ListDatalakeExceptionsCommandOutput extends ListDatalakeExcepti * * ``` * - * @param ListDatalakeExceptionsCommandInput - {@link ListDatalakeExceptionsCommandInput} - * @returns {@link ListDatalakeExceptionsCommandOutput} - * @see {@link ListDatalakeExceptionsCommandInput} for command's `input` shape. - * @see {@link ListDatalakeExceptionsCommandOutput} for command's `response` shape. + * @param ListDataLakeExceptionsCommandInput - {@link ListDataLakeExceptionsCommandInput} + * @returns {@link ListDataLakeExceptionsCommandOutput} + * @see {@link ListDataLakeExceptionsCommandInput} for command's `input` shape. + * @see {@link ListDataLakeExceptionsCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -83,25 +79,32 @@ export interface ListDatalakeExceptionsCommandOutput extends ListDatalakeExcepti * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class ListDatalakeExceptionsCommand extends $Command< - ListDatalakeExceptionsCommandInput, - ListDatalakeExceptionsCommandOutput, +export class ListDataLakeExceptionsCommand extends $Command< + ListDataLakeExceptionsCommandInput, + ListDataLakeExceptionsCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -119,7 +122,7 @@ export class ListDatalakeExceptionsCommand extends $Command< /** * @public */ - constructor(readonly input: ListDatalakeExceptionsCommandInput) { + constructor(readonly input: ListDataLakeExceptionsCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -132,17 +135,17 @@ export class ListDatalakeExceptionsCommand extends $Command< clientStack: MiddlewareStackRetrieves the Amazon Security Lake configuration object for the specified Amazon Web Services account ID. You can use the GetDatalake API to know whether
- * Security Lake is enabled for the current Region. This API does not take input parameters.
Retrieves the Amazon Security Lake configuration object for the specified Amazon Web Services account ID. You can use the ListDataLakes API to know whether
+ * Security Lake is enabled for any region.
Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class GetDatalakeCommand extends $Command< - GetDatalakeCommandInput, - GetDatalakeCommandOutput, +export class ListDataLakesCommand extends $Command< + ListDataLakesCommandInput, + ListDataLakesCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -131,7 +147,7 @@ export class GetDatalakeCommand extends $Command< /** * @public */ - constructor(readonly input: GetDatalakeCommandInput) { + constructor(readonly input: ListDataLakesCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -144,15 +160,15 @@ export class GetDatalakeCommand extends $Command< clientStack: MiddlewareStackRetrieves the log sources in the current Amazon Web Services Region.
+ *Retrieves the log sources in the current Amazon Web Services Region.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -44,37 +44,64 @@ export interface ListLogSourcesCommandOutput extends ListLogSourcesResponse, __M * // const { SecurityLakeClient, ListLogSourcesCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); * const input = { // ListLogSourcesRequest - * inputOrder: [ // DimensionSet + * accounts: [ // AccountList * "STRING_VALUE", * ], - * listAllDimensions: { // AllDimensionsMap - * "Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/ListSubscribersCommand.ts b/clients/client-securitylake/src/commands/ListSubscribersCommand.ts index b40e66807c82..50be160c598a 100644 --- a/clients/client-securitylake/src/commands/ListSubscribersCommand.ts +++ b/clients/client-securitylake/src/commands/ListSubscribersCommand.ts @@ -51,32 +51,48 @@ export interface ListSubscribersCommandOutput extends ListSubscribersResponse, _ * const command = new ListSubscribersCommand(input); * const response = await client.send(command); * // { // ListSubscribersResponse - * // subscribers: [ // SubscriberList // required + * // subscribers: [ // SubscriberResourceList * // { // SubscriberResource - * // subscriptionId: "STRING_VALUE", // required - * // sourceTypes: [ // SourceTypeList // required - * // { // SourceType Union: only one key present - * // awsSourceType: "STRING_VALUE", - * // customSourceType: "STRING_VALUE", + * // subscriberId: "STRING_VALUE", // required + * // subscriberArn: "STRING_VALUE", // required + * // subscriberIdentity: { // AwsIdentity + * // principal: "STRING_VALUE", // required + * // externalId: "STRING_VALUE", // required + * // }, + * // subscriberName: "STRING_VALUE", // required + * // subscriberDescription: "STRING_VALUE", + * // sources: [ // LogSourceResourceList // required + * // { // LogSourceResource Union: only one key present + * // awsLogSource: { // AwsLogSourceResource + * // sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", + * // sourceVersion: "STRING_VALUE", + * // }, + * // customLogSource: { // CustomLogSourceResource + * // sourceName: "STRING_VALUE", + * // sourceVersion: "STRING_VALUE", + * // provider: { // CustomLogSourceProvider + * // roleArn: "STRING_VALUE", + * // location: "STRING_VALUE", + * // }, + * // attributes: { // CustomLogSourceAttributes + * // crawlerArn: "STRING_VALUE", + * // databaseArn: "STRING_VALUE", + * // tableArn: "STRING_VALUE", + * // }, + * // }, * // }, * // ], - * // accountId: "STRING_VALUE", // required - * // subscriberName: "STRING_VALUE", - * // subscriberDescription: "STRING_VALUE", - * // subscriptionStatus: "STRING_VALUE", - * // roleArn: "STRING_VALUE", - * // snsArn: "STRING_VALUE", - * // s3BucketArn: "STRING_VALUE", * // accessTypes: [ // AccessTypeList - * // "STRING_VALUE", + * // "LAKEFORMATION" || "S3", * // ], - * // subscriptionEndpoint: "STRING_VALUE", - * // subscriptionProtocol: "STRING_VALUE", - * // externalId: "STRING_VALUE", - * // createdAt: new Date("TIMESTAMP"), - * // updatedAt: new Date("TIMESTAMP"), + * // roleArn: "STRING_VALUE", + * // s3BucketArn: "STRING_VALUE", + * // subscriberEndpoint: "STRING_VALUE", + * // subscriberStatus: "ACTIVE" || "DEACTIVATED" || "PENDING" || "READY", * // resourceShareArn: "STRING_VALUE", * // resourceShareName: "STRING_VALUE", + * // createdAt: new Date("TIMESTAMP"), + * // updatedAt: new Date("TIMESTAMP"), * // }, * // ], * // nextToken: "STRING_VALUE", @@ -96,24 +112,24 @@ export interface ListSubscribersCommandOutput extends ListSubscribersResponse, _ * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * troubleshooting, perform the operation again. * * @throws {@link ResourceNotFoundException} (client fault) *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/CreateDatalakeDelegatedAdminCommand.ts b/clients/client-securitylake/src/commands/RegisterDataLakeDelegatedAdministratorCommand.ts similarity index 57% rename from clients/client-securitylake/src/commands/CreateDatalakeDelegatedAdminCommand.ts rename to clients/client-securitylake/src/commands/RegisterDataLakeDelegatedAdministratorCommand.ts index edaedd99755e..3aa156ff0109 100644 --- a/clients/client-securitylake/src/commands/CreateDatalakeDelegatedAdminCommand.ts +++ b/clients/client-securitylake/src/commands/RegisterDataLakeDelegatedAdministratorCommand.ts @@ -13,10 +13,13 @@ import { import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; import { SerdeContext as __SerdeContext } from "@smithy/types"; -import { CreateDatalakeDelegatedAdminRequest, CreateDatalakeDelegatedAdminResponse } from "../models/models_0"; import { - de_CreateDatalakeDelegatedAdminCommand, - se_CreateDatalakeDelegatedAdminCommand, + RegisterDataLakeDelegatedAdministratorRequest, + RegisterDataLakeDelegatedAdministratorResponse, +} from "../models/models_0"; +import { + de_RegisterDataLakeDelegatedAdministratorCommand, + se_RegisterDataLakeDelegatedAdministratorCommand, } from "../protocols/Aws_restJson1"; import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; @@ -27,16 +30,17 @@ export { __MetadataBearer, $Command }; /** * @public * - * The input for {@link CreateDatalakeDelegatedAdminCommand}. + * The input for {@link RegisterDataLakeDelegatedAdministratorCommand}. */ -export interface CreateDatalakeDelegatedAdminCommandInput extends CreateDatalakeDelegatedAdminRequest {} +export interface RegisterDataLakeDelegatedAdministratorCommandInput + extends RegisterDataLakeDelegatedAdministratorRequest {} /** * @public * - * The output of {@link CreateDatalakeDelegatedAdminCommand}. + * The output of {@link RegisterDataLakeDelegatedAdministratorCommand}. */ -export interface CreateDatalakeDelegatedAdminCommandOutput - extends CreateDatalakeDelegatedAdminResponse, +export interface RegisterDataLakeDelegatedAdministratorCommandOutput + extends RegisterDataLakeDelegatedAdministratorResponse, __MetadataBearer {} /** @@ -47,22 +51,22 @@ export interface CreateDatalakeDelegatedAdminCommandOutput * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript - * import { SecurityLakeClient, CreateDatalakeDelegatedAdminCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, CreateDatalakeDelegatedAdminCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * import { SecurityLakeClient, RegisterDataLakeDelegatedAdministratorCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, RegisterDataLakeDelegatedAdministratorCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); - * const input = { // CreateDatalakeDelegatedAdminRequest - * account: "STRING_VALUE", // required + * const input = { // RegisterDataLakeDelegatedAdministratorRequest + * accountId: "STRING_VALUE", // required * }; - * const command = new CreateDatalakeDelegatedAdminCommand(input); + * const command = new RegisterDataLakeDelegatedAdministratorCommand(input); * const response = await client.send(command); * // {}; * * ``` * - * @param CreateDatalakeDelegatedAdminCommandInput - {@link CreateDatalakeDelegatedAdminCommandInput} - * @returns {@link CreateDatalakeDelegatedAdminCommandOutput} - * @see {@link CreateDatalakeDelegatedAdminCommandInput} for command's `input` shape. - * @see {@link CreateDatalakeDelegatedAdminCommandOutput} for command's `response` shape. + * @param RegisterDataLakeDelegatedAdministratorCommandInput - {@link RegisterDataLakeDelegatedAdministratorCommandInput} + * @returns {@link RegisterDataLakeDelegatedAdministratorCommandOutput} + * @see {@link RegisterDataLakeDelegatedAdministratorCommandInput} for command's `input` shape. + * @see {@link RegisterDataLakeDelegatedAdministratorCommandOutput} for command's `response` shape. * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. * * @throws {@link AccessDeniedException} (client fault) @@ -71,23 +75,32 @@ export interface CreateDatalakeDelegatedAdminCommandOutput * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * + * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
+ * * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * - * @throws {@link ThrottlingException} (client fault) - *The limit on the number of requests per second was exceeded.
+ * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class CreateDatalakeDelegatedAdminCommand extends $Command< - CreateDatalakeDelegatedAdminCommandInput, - CreateDatalakeDelegatedAdminCommandOutput, +export class RegisterDataLakeDelegatedAdministratorCommand extends $Command< + RegisterDataLakeDelegatedAdministratorCommandInput, + RegisterDataLakeDelegatedAdministratorCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -105,7 +118,7 @@ export class CreateDatalakeDelegatedAdminCommand extends $Command< /** * @public */ - constructor(readonly input: CreateDatalakeDelegatedAdminCommandInput) { + constructor(readonly input: RegisterDataLakeDelegatedAdministratorCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -118,17 +131,17 @@ export class CreateDatalakeDelegatedAdminCommand extends $Command< clientStack: MiddlewareStackSpecifies where to store your security data and for how long. You can add a rollup + * Region to consolidate data from multiple Amazon Web Services Regions.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SecurityLakeClient, UpdateDataLakeCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, UpdateDataLakeCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * const client = new SecurityLakeClient(config); + * const input = { // UpdateDataLakeRequest + * configurations: [ // DataLakeConfigurationList // required + * { // DataLakeConfiguration + * region: "STRING_VALUE", // required + * encryptionConfiguration: { // DataLakeEncryptionConfiguration + * kmsKeyId: "STRING_VALUE", + * }, + * lifecycleConfiguration: { // DataLakeLifecycleConfiguration + * expiration: { // DataLakeLifecycleExpiration + * days: Number("int"), + * }, + * transitions: [ // DataLakeLifecycleTransitionList + * { // DataLakeLifecycleTransition + * storageClass: "STRING_VALUE", + * days: Number("int"), + * }, + * ], + * }, + * replicationConfiguration: { // DataLakeReplicationConfiguration + * regions: [ // RegionList + * "STRING_VALUE", + * ], + * roleArn: "STRING_VALUE", + * }, + * }, + * ], + * }; + * const command = new UpdateDataLakeCommand(input); + * const response = await client.send(command); + * // { // UpdateDataLakeResponse + * // dataLakes: [ // DataLakeResourceList + * // { // DataLakeResource + * // dataLakeArn: "STRING_VALUE", // required + * // region: "STRING_VALUE", // required + * // s3BucketArn: "STRING_VALUE", + * // encryptionConfiguration: { // DataLakeEncryptionConfiguration + * // kmsKeyId: "STRING_VALUE", + * // }, + * // lifecycleConfiguration: { // DataLakeLifecycleConfiguration + * // expiration: { // DataLakeLifecycleExpiration + * // days: Number("int"), + * // }, + * // transitions: [ // DataLakeLifecycleTransitionList + * // { // DataLakeLifecycleTransition + * // storageClass: "STRING_VALUE", + * // days: Number("int"), + * // }, + * // ], + * // }, + * // replicationConfiguration: { // DataLakeReplicationConfiguration + * // regions: [ // RegionList + * // "STRING_VALUE", + * // ], + * // roleArn: "STRING_VALUE", + * // }, + * // createStatus: "INITIALIZED" || "PENDING" || "COMPLETED" || "FAILED", + * // updateStatus: { // DataLakeUpdateStatus + * // requestId: "STRING_VALUE", + * // status: "INITIALIZED" || "PENDING" || "COMPLETED" || "FAILED", + * // exception: { // DataLakeUpdateException + * // reason: "STRING_VALUE", + * // code: "STRING_VALUE", + * // }, + * // }, + * // }, + * // ], + * // }; + * + * ``` + * + * @param UpdateDataLakeCommandInput - {@link UpdateDataLakeCommandInput} + * @returns {@link UpdateDataLakeCommandOutput} + * @see {@link UpdateDataLakeCommandInput} for command's `input` shape. + * @see {@link UpdateDataLakeCommandOutput} for command's `response` shape. + * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization + * request. An explicit denial occurs when a policy contains a Deny statement for the specific + * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also + * no applicable Allow statement.
+ * + * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
+ * + * @throws {@link InternalServerException} (server fault) + *Internal service exceptions are sometimes caused by transient issues. Before you start + * troubleshooting, perform the operation again.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link SecurityLakeServiceException} + *Base exception class for all service exceptions from SecurityLake service.
+ * + */ +export class UpdateDataLakeCommand extends $Command< + UpdateDataLakeCommandInput, + UpdateDataLakeCommandOutput, + SecurityLakeClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: UpdateDataLakeCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackAmazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. + * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
* */ -export class UpdateDatalakeExceptionsSubscriptionCommand extends $Command< - UpdateDatalakeExceptionsSubscriptionCommandInput, - UpdateDatalakeExceptionsSubscriptionCommandOutput, +export class UpdateDataLakeExceptionSubscriptionCommand extends $Command< + UpdateDataLakeExceptionSubscriptionCommandInput, + UpdateDataLakeExceptionSubscriptionCommandOutput, SecurityLakeClientResolvedConfig > { // Start section: command_properties @@ -110,7 +118,7 @@ export class UpdateDatalakeExceptionsSubscriptionCommand extends $Command< /** * @public */ - constructor(readonly input: UpdateDatalakeExceptionsSubscriptionCommandInput) { + constructor(readonly input: UpdateDataLakeExceptionSubscriptionCommandInput) { // Start section: command_constructor super(); // End section: command_constructor @@ -123,17 +131,17 @@ export class UpdateDatalakeExceptionsSubscriptionCommand extends $Command< clientStack: MiddlewareStackSpecifies where to store your security data and for how long. You can add a rollup - * Region to consolidate data from multiple Amazon Web Services Regions.
- * @example - * Use a bare-bones client and the command you need to make an API call. - * ```javascript - * import { SecurityLakeClient, UpdateDatalakeCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, UpdateDatalakeCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import - * const client = new SecurityLakeClient(config); - * const input = { // UpdateDatalakeRequest - * configurations: { // LakeConfigurationRequestMap // required - * "You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization - * request. An explicit denial occurs when a policy contains a Deny statement for the specific - * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also - * no applicable Allow statement.
- * - * @throws {@link EventBridgeException} (client fault) - *Represents an error interacting with the Amazon EventBridge service.
- * - * @throws {@link InternalServerException} (server fault) - *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link ResourceNotFoundException} (client fault) - *The resource could not be found.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
- * - * @throws {@link SecurityLakeServiceException} - *Base exception class for all service exceptions from SecurityLake service.
- * - */ -export class UpdateDatalakeCommand extends $Command< - UpdateDatalakeCommandInput, - UpdateDatalakeCommandOutput, - SecurityLakeClientResolvedConfig -> { - // Start section: command_properties - // End section: command_properties - - public static getEndpointParameterInstructions(): EndpointParameterInstructions { - return { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, - }; - } - - /** - * @public - */ - constructor(readonly input: UpdateDatalakeCommandInput) { - // Start section: command_constructor - super(); - // End section: command_constructor - } - - /** - * @internal - */ - resolveMiddleware( - clientStack: MiddlewareStackUpdate the expiration period for the exception message to your preferred time, and - * control the time-to-live (TTL) for the exception message to remain. Exceptions are stored - * by default for 2 weeks from when a record was created in Amazon Security Lake.
- * @example - * Use a bare-bones client and the command you need to make an API call. - * ```javascript - * import { SecurityLakeClient, UpdateDatalakeExceptionsExpiryCommand } from "@aws-sdk/client-securitylake"; // ES Modules import - * // const { SecurityLakeClient, UpdateDatalakeExceptionsExpiryCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import - * const client = new SecurityLakeClient(config); - * const input = { // UpdateDatalakeExceptionsExpiryRequest - * exceptionMessageExpiry: Number("long"), // required - * }; - * const command = new UpdateDatalakeExceptionsExpiryCommand(input); - * const response = await client.send(command); - * // {}; - * - * ``` - * - * @param UpdateDatalakeExceptionsExpiryCommandInput - {@link UpdateDatalakeExceptionsExpiryCommandInput} - * @returns {@link UpdateDatalakeExceptionsExpiryCommandOutput} - * @see {@link UpdateDatalakeExceptionsExpiryCommandInput} for command's `input` shape. - * @see {@link UpdateDatalakeExceptionsExpiryCommandOutput} for command's `response` shape. - * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. - * - * @throws {@link AccessDeniedException} (client fault) - *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization - * request. An explicit denial occurs when a policy contains a Deny statement for the specific - * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also - * no applicable Allow statement.
- * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link InternalServerException} (server fault) - *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
- * - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
- * - * @throws {@link SecurityLakeServiceException} - *Base exception class for all service exceptions from SecurityLake service.
- * - */ -export class UpdateDatalakeExceptionsExpiryCommand extends $Command< - UpdateDatalakeExceptionsExpiryCommandInput, - UpdateDatalakeExceptionsExpiryCommandOutput, - SecurityLakeClientResolvedConfig -> { - // Start section: command_properties - // End section: command_properties - - public static getEndpointParameterInstructions(): EndpointParameterInstructions { - return { - UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, - Endpoint: { type: "builtInParams", name: "endpoint" }, - Region: { type: "builtInParams", name: "region" }, - UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, - }; - } - - /** - * @public - */ - constructor(readonly input: UpdateDatalakeExceptionsExpiryCommandInput) { - // Start section: command_constructor - super(); - // End section: command_constructor - } - - /** - * @internal - */ - resolveMiddleware( - clientStack: MiddlewareStackUpdates an existing subscription for the given Amazon Security Lake account ID. You can update - * a subscriber by changing the sources that the subscriber consumes data from.
+ * a subscriber by changing the sources that the subscriber consumes data from. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -45,45 +45,79 @@ export interface UpdateSubscriberCommandOutput extends UpdateSubscriberResponse, * // const { SecurityLakeClient, UpdateSubscriberCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import * const client = new SecurityLakeClient(config); * const input = { // UpdateSubscriberRequest - * id: "STRING_VALUE", // required - * sourceTypes: [ // SourceTypeList // required - * { // SourceType Union: only one key present - * awsSourceType: "STRING_VALUE", - * customSourceType: "STRING_VALUE", - * }, - * ], - * externalId: "STRING_VALUE", + * subscriberId: "STRING_VALUE", // required + * subscriberIdentity: { // AwsIdentity + * principal: "STRING_VALUE", // required + * externalId: "STRING_VALUE", // required + * }, * subscriberName: "STRING_VALUE", * subscriberDescription: "STRING_VALUE", + * sources: [ // LogSourceResourceList + * { // LogSourceResource Union: only one key present + * awsLogSource: { // AwsLogSourceResource + * sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", + * sourceVersion: "STRING_VALUE", + * }, + * customLogSource: { // CustomLogSourceResource + * sourceName: "STRING_VALUE", + * sourceVersion: "STRING_VALUE", + * provider: { // CustomLogSourceProvider + * roleArn: "STRING_VALUE", + * location: "STRING_VALUE", + * }, + * attributes: { // CustomLogSourceAttributes + * crawlerArn: "STRING_VALUE", + * databaseArn: "STRING_VALUE", + * tableArn: "STRING_VALUE", + * }, + * }, + * }, + * ], * }; * const command = new UpdateSubscriberCommand(input); * const response = await client.send(command); * // { // UpdateSubscriberResponse * // subscriber: { // SubscriberResource - * // subscriptionId: "STRING_VALUE", // required - * // sourceTypes: [ // SourceTypeList // required - * // { // SourceType Union: only one key present - * // awsSourceType: "STRING_VALUE", - * // customSourceType: "STRING_VALUE", + * // subscriberId: "STRING_VALUE", // required + * // subscriberArn: "STRING_VALUE", // required + * // subscriberIdentity: { // AwsIdentity + * // principal: "STRING_VALUE", // required + * // externalId: "STRING_VALUE", // required + * // }, + * // subscriberName: "STRING_VALUE", // required + * // subscriberDescription: "STRING_VALUE", + * // sources: [ // LogSourceResourceList // required + * // { // LogSourceResource Union: only one key present + * // awsLogSource: { // AwsLogSourceResource + * // sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", + * // sourceVersion: "STRING_VALUE", + * // }, + * // customLogSource: { // CustomLogSourceResource + * // sourceName: "STRING_VALUE", + * // sourceVersion: "STRING_VALUE", + * // provider: { // CustomLogSourceProvider + * // roleArn: "STRING_VALUE", + * // location: "STRING_VALUE", + * // }, + * // attributes: { // CustomLogSourceAttributes + * // crawlerArn: "STRING_VALUE", + * // databaseArn: "STRING_VALUE", + * // tableArn: "STRING_VALUE", + * // }, + * // }, * // }, * // ], - * // accountId: "STRING_VALUE", // required - * // subscriberName: "STRING_VALUE", - * // subscriberDescription: "STRING_VALUE", - * // subscriptionStatus: "STRING_VALUE", - * // roleArn: "STRING_VALUE", - * // snsArn: "STRING_VALUE", - * // s3BucketArn: "STRING_VALUE", * // accessTypes: [ // AccessTypeList - * // "STRING_VALUE", + * // "LAKEFORMATION" || "S3", * // ], - * // subscriptionEndpoint: "STRING_VALUE", - * // subscriptionProtocol: "STRING_VALUE", - * // externalId: "STRING_VALUE", - * // createdAt: new Date("TIMESTAMP"), - * // updatedAt: new Date("TIMESTAMP"), + * // roleArn: "STRING_VALUE", + * // s3BucketArn: "STRING_VALUE", + * // subscriberEndpoint: "STRING_VALUE", + * // subscriberStatus: "ACTIVE" || "DEACTIVATED" || "PENDING" || "READY", * // resourceShareArn: "STRING_VALUE", * // resourceShareName: "STRING_VALUE", + * // createdAt: new Date("TIMESTAMP"), + * // updatedAt: new Date("TIMESTAMP"), * // }, * // }; * @@ -101,27 +135,24 @@ export interface UpdateSubscriberCommandOutput extends UpdateSubscriberResponse, * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also * no applicable Allow statement. * - * @throws {@link AccountNotFoundException} (client fault) - *Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
- * - * @throws {@link ConcurrentModificationException} (client fault) - *More than one process tried to modify a resource at the same time.
+ * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
* - * @throws {@link ConflictSubscriptionException} (client fault) - *A conflicting subscription exception operation is in progress.
+ * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
* * @throws {@link InternalServerException} (server fault) *Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. * - * @throws {@link InvalidInputException} (client fault) - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
+ * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
* - * @throws {@link ValidationException} (client fault) - *Your signing certificate could not be validated.
+ * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
* * @throws {@link SecurityLakeServiceException} *Base exception class for all service exceptions from SecurityLake service.
diff --git a/clients/client-securitylake/src/commands/UpdateSubscriberNotificationCommand.ts b/clients/client-securitylake/src/commands/UpdateSubscriberNotificationCommand.ts new file mode 100644 index 000000000000..03b441e8a026 --- /dev/null +++ b/clients/client-securitylake/src/commands/UpdateSubscriberNotificationCommand.ts @@ -0,0 +1,186 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint"; +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, +} from "@aws-sdk/types"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { SerdeContext as __SerdeContext } from "@smithy/types"; + +import { UpdateSubscriberNotificationRequest, UpdateSubscriberNotificationResponse } from "../models/models_0"; +import { + de_UpdateSubscriberNotificationCommand, + se_UpdateSubscriberNotificationCommand, +} from "../protocols/Aws_restJson1"; +import { SecurityLakeClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityLakeClient"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link UpdateSubscriberNotificationCommand}. + */ +export interface UpdateSubscriberNotificationCommandInput extends UpdateSubscriberNotificationRequest {} +/** + * @public + * + * The output of {@link UpdateSubscriberNotificationCommand}. + */ +export interface UpdateSubscriberNotificationCommandOutput + extends UpdateSubscriberNotificationResponse, + __MetadataBearer {} + +/** + * @public + *Updates an existing notification method for the subscription (SQS or HTTPs endpoint) or + * switches the notification subscription endpoint for a subscriber.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SecurityLakeClient, UpdateSubscriberNotificationCommand } from "@aws-sdk/client-securitylake"; // ES Modules import + * // const { SecurityLakeClient, UpdateSubscriberNotificationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import + * const client = new SecurityLakeClient(config); + * const input = { // UpdateSubscriberNotificationRequest + * subscriberId: "STRING_VALUE", // required + * configuration: { // NotificationConfiguration Union: only one key present + * sqsNotificationConfiguration: {}, + * httpsNotificationConfiguration: { // HttpsNotificationConfiguration + * endpoint: "STRING_VALUE", // required + * authorizationApiKeyName: "STRING_VALUE", + * authorizationApiKeyValue: "STRING_VALUE", + * httpMethod: "POST" || "PUT", + * targetRoleArn: "STRING_VALUE", // required + * }, + * }, + * }; + * const command = new UpdateSubscriberNotificationCommand(input); + * const response = await client.send(command); + * // { // UpdateSubscriberNotificationResponse + * // subscriberEndpoint: "STRING_VALUE", + * // }; + * + * ``` + * + * @param UpdateSubscriberNotificationCommandInput - {@link UpdateSubscriberNotificationCommandInput} + * @returns {@link UpdateSubscriberNotificationCommandOutput} + * @see {@link UpdateSubscriberNotificationCommandInput} for command's `input` shape. + * @see {@link UpdateSubscriberNotificationCommandOutput} for command's `response` shape. + * @see {@link SecurityLakeClientResolvedConfig | config} for SecurityLakeClient's `config` shape. + * + * @throws {@link AccessDeniedException} (client fault) + *You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization + * request. An explicit denial occurs when a policy contains a Deny statement for the specific + * Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also + * no applicable Allow statement.
+ * + * @throws {@link BadRequestException} (client fault) + *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
+ * + * @throws {@link ConflictException} (client fault) + *Occurs when a conflict with a previous successful write is detected. This generally + * occurs when the previous write did not have time to propagate to the host serving the + * current request. A retry (with appropriate backoff logic) is the recommended response to + * this exception.
+ * + * @throws {@link InternalServerException} (server fault) + *Internal service exceptions are sometimes caused by transient issues. Before you start + * troubleshooting, perform the operation again.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The resource could not be found.
+ * + * @throws {@link ThrottlingException} (client fault) + *The limit on the number of requests per second was exceeded.
+ * + * @throws {@link SecurityLakeServiceException} + *Base exception class for all service exceptions from SecurityLake service.
+ * + */ +export class UpdateSubscriberNotificationCommand extends $Command< + UpdateSubscriberNotificationCommandInput, + UpdateSubscriberNotificationCommandOutput, + SecurityLakeClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: UpdateSubscriberNotificationCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackAmazon Security Lake is in preview release. Your use of the Security Lake preview is subject to - * Section 2 of the Amazon Web Services Service - * Terms("Betas and Previews").
- *Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to + *
Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to * automatically centralize security data from cloud, on-premises, and custom sources into a - * data lake that's stored in your Amazon Web Servicesaccount. Amazon Web Services Organizations + * data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations * is an account management service that lets you consolidate multiple Amazon Web Services * accounts into an organization that you create and centrally manage. With Organizations, you * can create member accounts and invite existing accounts to join your organization. @@ -16,9 +11,9 @@ * security posture across the entire organization. It can also help you improve the * protection of your workloads, applications, and data.
*The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you - * retain ownership over your data.
+ * retain ownership over your data. *Amazon Security Lake integrates with CloudTrail, a service that provides a record of - * actions taken by a user, role, or an Amazon Web Services service in Security Lake CloudTrail captures API calls for Security Lake as events. The calls captured include calls + * actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls * from the Security Lake console and code calls to the Security Lake API operations. If you create a * trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still * view the most recent events in the CloudTrail console in Event history. Using the diff --git a/clients/client-securitylake/src/models/models_0.ts b/clients/client-securitylake/src/models/models_0.ts index e09c6f97090c..135a0731e0ad 100644 --- a/clients/client-securitylake/src/models/models_0.ts +++ b/clients/client-securitylake/src/models/models_0.ts @@ -48,222 +48,97 @@ export type AccessType = (typeof AccessType)[keyof typeof AccessType]; /** * @public - *
Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you - * specified, or the account whose credentials you used to make this request isn't a member of - * an organization.
+ *The AWS identity.
*/ -export class AccountNotFoundException extends __BaseException { - readonly name: "AccountNotFoundException" = "AccountNotFoundException"; - readonly $fault: "client" = "client"; +export interface AwsIdentity { /** - * @internal + *The AWS identity principal.
*/ - constructor(opts: __ExceptionOptionTypeThe external ID used to estalish trust relationship with the AWS identity.
+ */ + externalId: string | undefined; +} /** * @public * @enum */ -export const SourceStatus = { - ACTIVE: "ACTIVE", - DEACTIVATED: "DEACTIVATED", - PENDING: "PENDING", +export const AwsLogSourceName = { + CLOUD_TRAIL_MGMT: "CLOUD_TRAIL_MGMT", + LAMBDA_EXECUTION: "LAMBDA_EXECUTION", + ROUTE53: "ROUTE53", + S3_DATA: "S3_DATA", + SH_FINDINGS: "SH_FINDINGS", + VPC_FLOW: "VPC_FLOW", } as const; /** * @public */ -export type SourceStatus = (typeof SourceStatus)[keyof typeof SourceStatus]; - -/** - * @public - *Retrieves the Logs status for the Amazon Security Lake account.
- */ -export interface LogsStatus { - /** - *Defines path the stored logs are available which has information on your systems, - * applications, and services.
- */ - pathToLogs: string | undefined; - - /** - *The health status of services, including error codes and patterns.
- */ - healthStatus: SourceStatus | string | undefined; -} +export type AwsLogSourceName = (typeof AwsLogSourceName)[keyof typeof AwsLogSourceName]; /** * @public - *Amazon Security Lake collects logs and events from supported Amazon Web Services and - * custom sources. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
+ *The Security Lake logs source configuration file describes the information needed to generate Security Lake logs.
*/ -export interface AccountSources { +export interface AwsLogSourceConfiguration { /** - *The ID of the Security Lake account for which logs are collected.
+ *Specify the Amazon Web Services account information where you want to enable Security Lake.
*/ - account: string | undefined; + accounts?: string[]; /** - *The supported Amazon Web Services from which logs and events are collected. - * Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
+ *Specify the Regions where you want to enable Security Lake.
*/ - sourceType: string | undefined; + regions: string[] | undefined; /** - *The log status for the Security Lake account.
+ *The name for a Amazon Web Services source. This must be a Regionally unique value.
*/ - logsStatus?: LogsStatus[]; + sourceName: AwsLogSourceName | string | undefined; /** - *Initializes a new instance of the Event class.
+ *The version for a Amazon Web Services source. This must be a Regionally unique value.
*/ - eventClass?: OcsfEventClass | string; + sourceVersion?: string; } /** * @public - * @enum - */ -export const Region = { - AP_NORTHEAST_1: "ap-northeast-1", - AP_SOUTHEAST_2: "ap-southeast-2", - EU_CENTRAL_1: "eu-central-1", - EU_WEST_1: "eu-west-1", - US_EAST_1: "us-east-1", - US_EAST_2: "us-east-2", - US_WEST_2: "us-west-2", -} as const; - -/** - * @public - */ -export type Region = (typeof Region)[keyof typeof Region]; - -/** - * @public - * @enum - */ -export const AwsLogSourceType = { - CLOUD_TRAIL: "CLOUD_TRAIL", - ROUTE53: "ROUTE53", - SH_FINDINGS: "SH_FINDINGS", - VPC_FLOW: "VPC_FLOW", -} as const; - -/** - * @public + *Amazon Security Lake can collect logs and events from natively-supported Amazon Web Services services.
*/ -export type AwsLogSourceType = (typeof AwsLogSourceType)[keyof typeof AwsLogSourceType]; - -/** - * @public - *Automatically enable new organization accounts as member accounts from an Amazon Security Lake - * administrator account.
- */ -export interface AutoEnableNewRegionConfiguration { - /** - *The Amazon Web Services Regions where Security Lake is automatically enabled.
- */ - region: Region | string | undefined; - +export interface AwsLogSourceResource { /** - *The Amazon Web Services sources that are automatically enabled in Security Lake.
+ *The name for a Amazon Web Services source. This must be a Regionally unique value.
*/ - sources: (AwsLogSourceType | string)[] | undefined; -} + sourceName?: AwsLogSourceName | string; -/** - * @public - *Amazon Security Lake generally returns 404 errors if the requested object is missing from the - * bucket.
- */ -export class BucketNotFoundException extends __BaseException { - readonly name: "BucketNotFoundException" = "BucketNotFoundException"; - readonly $fault: "client" = "client"; /** - * @internal + *The version for a Amazon Web Services source. This must be a Regionally unique value.
*/ - constructor(opts: __ExceptionOptionTypeMore than one process tried to modify a resource at the same time.
+ *The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
*/ -export class ConcurrentModificationException extends __BaseException { - readonly name: "ConcurrentModificationException" = "ConcurrentModificationException"; +export class BadRequestException extends __BaseException { + readonly name: "BadRequestException" = "BadRequestException"; readonly $fault: "client" = "client"; - $retryable = {}; /** * @internal */ - constructor(opts: __ExceptionOptionTypeA conflict occurred when prompting for the Resource ID.
+ *The resource name.
*/ - resourceId: string | undefined; + resourceName?: string; /** - *The resource type.
+ *The resource type.
*/ - resourceType: string | undefined; + resourceType?: string; /** * @internal @@ -297,104 +172,25 @@ export class ConflictException extends __BaseException { ...opts, }); Object.setPrototypeOf(this, ConflictException.prototype); - this.resourceId = opts.resourceId; + this.resourceName = opts.resourceName; this.resourceType = opts.resourceType; } } -/** - * @public - *There was a conflict when you attempted to modify a Security Lake source name.
- */ -export class ConflictSourceNamesException extends __BaseException { - readonly name: "ConflictSourceNamesException" = "ConflictSourceNamesException"; - readonly $fault: "client" = "client"; - /** - * @internal - */ - constructor(opts: __ExceptionOptionTypeA conflicting subscription exception operation is in progress.
- */ -export class ConflictSubscriptionException extends __BaseException { - readonly name: "ConflictSubscriptionException" = "ConflictSubscriptionException"; - readonly $fault: "client" = "client"; - /** - * @internal - */ - constructor(opts: __ExceptionOptionTypeSpecifies the input order to enable dimensions in Security Lake, namely Region, source type, - * and member account.
- */ - inputOrder: (Dimension | string)[] | undefined; - - /** - *Enables data collection from specific Amazon Web Services sources in all specific - * accounts and specific Regions.
+ *Specify the natively-supported Amazon Web Services service to add as a source in Security Lake.
*/ - enableAllDimensions?: RecordEnables data collection from specific Amazon Web Services sources in specific accounts or - * Regions.
- */ - enableTwoDimensions?: RecordEnables data collection from all Amazon Web Services sources in specific accounts or - * Regions.
- */ - enableSingleDimension?: string[]; + sources: AwsLogSourceConfiguration[] | undefined; } /** * @public */ export interface CreateAwsLogSourceResponse { - /** - *Lists the accounts that are in the process of enabling a natively supported Amazon Web Service as a Security Lake source.
- */ - processing?: string[]; - /** *Lists all accounts in which enabling a natively supported Amazon Web Service as * a Security Lake source failed. The failure occurred as these accounts are not part of an @@ -406,17 +202,12 @@ export interface CreateAwsLogSourceResponse { /** * @public *
Internal service exceptions are sometimes caused by transient issues. Before you start - * troubleshooting, perform the operation again.
+ * troubleshooting, perform the operation again. */ export class InternalServerException extends __BaseException { readonly name: "InternalServerException" = "InternalServerException"; readonly $fault: "server" = "server"; $retryable = {}; - /** - *Retry the request after the specified time.
- */ - retryAfterSeconds?: number; - /** * @internal */ @@ -427,7 +218,6 @@ export class InternalServerException extends __BaseException { ...opts, }); Object.setPrototypeOf(this, InternalServerException.prototype); - this.retryAfterSeconds = opts.retryAfterSeconds; } } @@ -439,14 +229,14 @@ export class ResourceNotFoundException extends __BaseException { readonly name: "ResourceNotFoundException" = "ResourceNotFoundException"; readonly $fault: "client" = "client"; /** - *The ID of the resource for which the type of resource could not be found.
+ *The name of the resource that could not be found.
*/ - resourceId: string | undefined; + resourceName?: string; /** *The type of the resource that could not be found.
*/ - resourceType: string | undefined; + resourceType?: string; /** * @internal @@ -458,113 +248,57 @@ export class ResourceNotFoundException extends __BaseException { ...opts, }); Object.setPrototypeOf(this, ResourceNotFoundException.prototype); - this.resourceId = opts.resourceId; + this.resourceName = opts.resourceName; this.resourceType = opts.resourceType; } } /** * @public - *Provides an extension of the AmazonServiceException for errors reported by Amazon S3 while processing a request. In particular, this class provides access to the - * Amazon S3 extended request ID. If Amazon S3 is incorrectly handling a - * request and you need to contact Amazon, this extended request ID may provide useful - * debugging information.
+ *The limit on the number of requests per second was exceeded.
*/ -export class S3Exception extends __BaseException { - readonly name: "S3Exception" = "S3Exception"; +export class ThrottlingException extends __BaseException { + readonly name: "ThrottlingException" = "ThrottlingException"; readonly $fault: "client" = "client"; + $retryable = { + throttling: true, + }; /** - * @internal - */ - constructor(opts: __ExceptionOptionTypeThe input fails to meet the constraints specified in Amazon Security Lake.
- */ -export interface ValidationExceptionField { - /** - *Name of the validation exception.
- */ - name: string | undefined; - - /** - *Describes the error encountered.
+ *The code for the service in Service Quotas.
*/ - message: string | undefined; -} - -/** - * @public - * @enum - */ -export const ValidationExceptionReason = { - CANNOT_PARSE: "cannotParse", - FIELD_VALIDATION_FAILED: "fieldValidationFailed", - OTHER: "other", - UNKNOWN_OPERATION: "unknownOperation", -} as const; - -/** - * @public - */ -export type ValidationExceptionReason = (typeof ValidationExceptionReason)[keyof typeof ValidationExceptionReason]; + serviceCode?: string; -/** - * @public - *Your signing certificate could not be validated.
- */ -export class ValidationException extends __BaseException { - readonly name: "ValidationException" = "ValidationException"; - readonly $fault: "client" = "client"; /** - *The reason for the validation exception.
+ *That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
*/ - reason: ValidationExceptionReason | string | undefined; + quotaCode?: string; /** - *The list of parameters that failed to validate.
+ *Retry the request after the specified time.
*/ - fieldList?: ValidationExceptionField[]; + retryAfterSeconds?: number; /** * @internal */ - constructor(opts: __ExceptionOptionTypeThe configuration for the Glue Crawler for the third-party custom source.
*/ -export interface CreateCustomLogSourceRequest { - /** - *The name for a third-party custom source. This must be a Regionally unique value.
- */ - customSourceName: string | undefined; - - /** - *The Open Cybersecurity Schema Framework (OCSF) event class which describes the type of - * data that the custom source will send to Security Lake.
- */ - eventClass: OcsfEventClass | string | undefined; - +export interface CustomLogSourceCrawlerConfiguration { /** *The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role * to be used by the Glue crawler. The recommended IAM policies @@ -579,336 +313,597 @@ export interface CreateCustomLogSourceRequest { * * */ - glueInvocationRoleArn: string | undefined; - - /** - *
The Amazon Web Services account ID of the custom source that will write logs and events - * into the Amazon S3 Data Lake.
- */ - logProviderAccountId: string | undefined; -} - -/** - * @public - */ -export interface CreateCustomLogSourceResponse { - /** - *The location of the partition in the Amazon S3 bucket for Security Lake.
- */ - customDataLocation: string | undefined; - - /** - *The name of the Glue crawler.
- */ - glueCrawlerName: string | undefined; - - /** - *The table name of the Glue crawler.
- */ - glueTableName: string | undefined; - - /** - *The Glue database where results are written, such as:
- * arn:aws:daylight:us-east-1::database/sometable/*.
The ARN of the IAM role to be used by the entity putting logs into your
- * custom source partition. Security Lake will apply the correct access policies to this role, but
- * you must first manually create the trust policy for this role. The IAM role
- * name must start with the text 'Security Lake'. The IAM role must trust the
- * logProviderAccountId to assume the role.
Retention settings for the destination Amazon S3 buckets in Amazon Security Lake.
+ *The configuration for the third-party custom source.
*/ -export interface RetentionSetting { +export interface CustomLogSourceConfiguration { /** - *The range of storage classes that you can choose from based on the data access, - * resiliency, and cost requirements of your workloads.
+ *The configuration for the Glue Crawler for the third-party custom source.
*/ - storageClass?: StorageClass | string; + crawlerConfiguration: CustomLogSourceCrawlerConfiguration | undefined; /** - *The retention period specifies a fixed period of time during which the Security Lake object - * remains locked. You can specify the retention period in days for one or more sources.
+ *The identity of the log provider for the third-party custom source.
*/ - retentionPeriod?: number; + providerIdentity: AwsIdentity | undefined; } /** * @public - *Provides details of Amazon Security Lake configuration object.
*/ -export interface LakeConfigurationRequest { - /** - *The type of encryption key used by Amazon Security Lake to encrypt the Security Lake configuration - * object.
- */ - encryptionKey?: string; - - /** - *Retention settings for the destination Amazon S3 buckets.
- */ - retentionSettings?: RetentionSetting[]; - +export interface CreateCustomLogSourceRequest { /** - *A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an - * optional value, both of which you define.
+ *Specify the name for a third-party custom source. This must be a Regionally unique + * value.
*/ - tagsMap?: RecordReplication enables automatic, asynchronous copying of objects across Amazon S3 - * buckets. Amazon S3 buckets that are configured for object replication can be owned - * by the same Amazon Web Services account or by different accounts. You can replicate objects - * to a single destination bucket or to multiple destination buckets. The destination buckets - * can be in different Amazon Web Services Regions or within the same Region as the source - * bucket.
- *Set up one or more rollup Regions by providing the Region or Regions that should - * contribute to the central rollup Region.
+ *Specify the source version for the third-party custom source, to limit log collection to + * a specific version of custom data source.
*/ - replicationDestinationRegions?: (Region | string)[]; + sourceVersion?: string; /** - *Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to - * ensure the replication setting is correct.
- */ - replicationRoleArn?: string; -} - + *The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of + * data that the custom source will send to Security Lake. The supported event classes are:
+ *
+ * ACCESS_ACTIVITY
+ *
+ * FILE_ACTIVITY
+ *
+ * KERNEL_ACTIVITY
+ *
+ * KERNEL_EXTENSION
+ *
+ * MEMORY_ACTIVITY
+ *
+ * MODULE_ACTIVITY
+ *
+ * PROCESS_ACTIVITY
+ *
+ * REGISTRY_KEY_ACTIVITY
+ *
+ * REGISTRY_VALUE_ACTIVITY
+ *
+ * RESOURCE_ACTIVITY
+ *
+ * SCHEDULED_JOB_ACTIVITY
+ *
+ * SECURITY_FINDING
+ *
+ * ACCOUNT_CHANGE
+ *
+ * AUTHENTICATION
+ *
+ * AUTHORIZATION
+ *
+ * ENTITY_MANAGEMENT_AUDIT
+ *
+ * DHCP_ACTIVITY
+ *
+ * NETWORK_ACTIVITY
+ *
+ * DNS_ACTIVITY
+ *
+ * FTP_ACTIVITY
+ *
+ * HTTP_ACTIVITY
+ *
+ * RDP_ACTIVITY
+ *
+ * SMB_ACTIVITY
+ *
+ * SSH_ACTIVITY
+ *
+ * CONFIG_STATE
+ *
+ * INVENTORY_INFO
+ *
+ * EMAIL_ACTIVITY
+ *
+ * API_ACTIVITY
+ *
+ * CLOUD_API
+ *
The configuration for the third-party custom source.
+ */ + configuration?: CustomLogSourceConfiguration; +} + /** * @public + *The attributes of a third-party custom source.
*/ -export interface CreateDatalakeRequest { +export interface CustomLogSourceAttributes { /** - *Enable Security Lake in the specified Regions. To enable Security Lake in specific Amazon Web Services Regions, such as us-east-1 or ap-northeast-3, provide the Region codes. For a - * list of Region codes, see Amazon Security Lake endpoints in the - * Amazon Web Services General Reference.
+ *The ARN of the Glue crawler.
*/ - regions?: (Region | string)[]; + crawlerArn?: string; /** - *Specify the Region or Regions that will contribute data to the rollup region.
+ *The ARN of the Glue database where results are written, such as:
+ * arn:aws:daylight:us-east-1::database/sometable/*.
Enable Security Lake in all Regions.
+ *The ARN of the Glue table.
*/ - enableAll?: boolean; + tableArn?: string; +} +/** + * @public + *The details of the log provider for a third-party custom source.
+ */ +export interface CustomLogSourceProvider { /** - *The Amazon Resource Name (ARN) used to create and update the Glue table. - * This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
+ *The ARN of the IAM role to be used by the entity putting logs into your
+ * custom source partition. Security Lake will apply the correct access policies to this role, but
+ * you must first manually create the trust policy for this role. The IAM role
+ * name must start with the text 'Security Lake'. The IAM role must trust the
+ * logProviderAccountId to assume the role.
The location of the partition in the Amazon S3 bucket for Security Lake.
*/ - metaStoreManagerRoleArn?: string; + location?: string; } /** * @public + *Amazon Security Lake can collect logs and events from third-party custom sources.
*/ -export interface CreateDatalakeResponse {} +export interface CustomLogSourceResource { + /** + *The name for a third-party custom source. This must be a Regionally unique value.
+ */ + sourceName?: string; + + /** + *The version for a third-party custom source. This must be a Regionally unique value.
+ */ + sourceVersion?: string; + + /** + *The details of the log provider for a third-party custom source.
+ */ + provider?: CustomLogSourceProvider; + + /** + *The attributes of a third-party custom source.
+ */ + attributes?: CustomLogSourceAttributes; +} /** * @public - *You have exceeded your service quota. To perform the requested action, remove some of - * the relevant resources, or use Service Quotas to request a service quota increase.
*/ -export class ServiceQuotaExceededException extends __BaseException { - readonly name: "ServiceQuotaExceededException" = "ServiceQuotaExceededException"; - readonly $fault: "client" = "client"; +export interface CreateCustomLogSourceResponse { /** - *The ID of the resource that exceeds the service quota.
+ *The created third-party custom source.
*/ - resourceId: string | undefined; + source?: CustomLogSourceResource; +} +/** + * @public + *Provides encryption details of Amazon Security Lake object.
+ */ +export interface DataLakeEncryptionConfiguration { /** - *The type of the resource that exceeds the service quota.
+ *The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake + * object.
*/ - resourceType: string | undefined; + kmsKeyId?: string; +} +/** + * @public + *Provide expiration lifecycle details of Amazon Security Lake object.
+ */ +export interface DataLakeLifecycleExpiration { /** - *The code for the service in Service Quotas.
+ *Number of days before data expires in the Amazon Security Lake object.
*/ - serviceCode: string | undefined; + days?: number; +} +/** + * @public + *Provide transition lifecycle details of Amazon Security Lake object.
+ */ +export interface DataLakeLifecycleTransition { /** - *That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
+ *The range of storage classes that you can choose from based on the data access, + * resiliency, and cost requirements of your workloads.
*/ - quotaCode: string | undefined; + storageClass?: string; /** - * @internal + *Number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
*/ - constructor(opts: __ExceptionOptionTypeThe limit on the number of requests per second was exceeded.
+ *Provides lifecycle details of Amazon Security Lake object.
*/ -export class ThrottlingException extends __BaseException { - readonly name: "ThrottlingException" = "ThrottlingException"; - readonly $fault: "client" = "client"; - $retryable = { - throttling: true, - }; +export interface DataLakeLifecycleConfiguration { /** - *The code for the service in Service Quotas.
+ *Provides data expiration details of Amazon Security Lake object.
*/ - serviceCode?: string; + expiration?: DataLakeLifecycleExpiration; /** - *That the rate of requests to Security Lake is exceeding the request quotas for your Amazon Web Services account.
+ *Provides data storage transition details of Amazon Security Lake object.
*/ - quotaCode?: string; + transitions?: DataLakeLifecycleTransition[]; +} +/** + * @public + *Provides replication details of Amazon Security Lake object.
+ */ +export interface DataLakeReplicationConfiguration { /** - *Retry the request after the specified time.
+ *Replication enables automatic, asynchronous copying of objects across Amazon S3 + * buckets. Amazon S3 buckets that are configured for object replication can be owned + * by the same Amazon Web Services account or by different accounts. You can replicate objects + * to a single destination bucket or to multiple destination buckets. The destination buckets + * can be in different Amazon Web Services Regions or within the same Region as the source + * bucket.
+ *Set up one or more rollup Regions by providing the Region or Regions that should + * contribute to the central rollup Region.
*/ - retryAfterSeconds?: number; + regions?: string[]; /** - * @internal + *Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to + * ensure the replication setting is correct.
*/ - constructor(opts: __ExceptionOptionTypeProvides details of Amazon Security Lake object.
+ */ +export interface DataLakeConfiguration { + /** + *The Amazon Web Services Regions where Security Lake is automatically enabled.
+ */ + region: string | undefined; + + /** + *Provides encryption details of Amazon Security Lake object.
+ */ + encryptionConfiguration?: DataLakeEncryptionConfiguration; + + /** + *Provides lifecycle details of Amazon Security Lake object.
+ */ + lifecycleConfiguration?: DataLakeLifecycleConfiguration; + + /** + *Provides replication details of Amazon Security Lake object.
+ */ + replicationConfiguration?: DataLakeReplicationConfiguration; } /** * @public */ -export interface CreateDatalakeAutoEnableRequest { +export interface CreateDataLakeRequest { + /** + *Specify the Region or Regions that will contribute data to the rollup region.
+ */ + configurations: DataLakeConfiguration[] | undefined; + /** - *Enable Security Lake with the specified configuration settings to begin collecting security - * data for new accounts in your organization.
+ *The Amazon Resource Name (ARN) used to create and update the Glue table. + * This table contains partitions generated by the ingestion and normalization of + * Amazon Web Services log sources and custom sources.
*/ - configurationForNewAccounts: AutoEnableNewRegionConfiguration[] | undefined; + metaStoreManagerRoleArn: string | undefined; } +/** + * @public + * @enum + */ +export const DataLakeStatus = { + COMPLETED: "COMPLETED", + FAILED: "FAILED", + INITIALIZED: "INITIALIZED", + PENDING: "PENDING", +} as const; + /** * @public */ -export interface CreateDatalakeAutoEnableResponse {} +export type DataLakeStatus = (typeof DataLakeStatus)[keyof typeof DataLakeStatus]; /** * @public + *The details of the last UpdateDataLake or DeleteDataLake
+ * API request which failed.
The Amazon Web Services account ID of the Security Lake delegated administrator.
+ *The reason for the exception of the last UpdateDataLakeor
+ * DeleteDataLake API request.
The reason code for the exception of the last UpdateDataLake or
+ * DeleteDataLake API request.
The status of the last UpdateDataLake or DeleteDataLake API
+ * request. This is set to Completed after the configuration is updated, or removed if
+ * deletion of the data lake is successful.
The unique ID for the last UpdateDataLake or DeleteDataLake API
+ * request.
The status of the last UpdateDataLake or DeleteDataLake API
+ * request that was requested.
The details of the last UpdateDataLakeor DeleteDataLake API
+ * request which failed.
Provides details of Amazon Security Lake object.
*/ -export const SubscriptionProtocolType = { - APP: "APP", - EMAIL: "EMAIL", - EMAIL_JSON: "EMAIL_JSON", - FIREHOSE: "FIREHOSE", - HTTP: "HTTP", - HTTPS: "HTTPS", - LAMBDA: "LAMBDA", - SMS: "SMS", - SQS: "SQS", -} as const; +export interface DataLakeResource { + /** + *The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
+ */ + dataLakeArn: string | undefined; + + /** + *The Amazon Web Services Regions where Security Lake is enabled.
+ */ + region: string | undefined; + + /** + *The ARN for the Amazon Security Lake Amazon S3 bucket.
+ */ + s3BucketArn?: string; + + /** + *Provides encryption details of Amazon Security Lake object.
+ */ + encryptionConfiguration?: DataLakeEncryptionConfiguration; + + /** + *Provides lifecycle details of Amazon Security Lake object.
+ */ + lifecycleConfiguration?: DataLakeLifecycleConfiguration; + + /** + *Provides replication details of Amazon Security Lake object.
+ */ + replicationConfiguration?: DataLakeReplicationConfiguration; + + /** + *Retrieves the status of the configuration operation for an account in Amazon Security Lake.
+ */ + createStatus?: DataLakeStatus | string; + + /** + *The status of the last UpdateDataLake or DeleteDataLake API
+ * request.
The created Security Lake configuration object.
+ */ + dataLakes?: DataLakeResource[]; +} /** * @public */ -export interface CreateDatalakeExceptionsSubscriptionRequest { +export interface CreateDataLakeExceptionSubscriptionRequest { /** - *The subscription protocol to which exception notifications are posted.
+ *The subscription protocol to which exception notifications are posted.
*/ - subscriptionProtocol: SubscriptionProtocolType | string | undefined; + subscriptionProtocol: string | undefined; /** *The Amazon Web Services account where you want to receive exception notifications.
*/ notificationEndpoint: string | undefined; + + /** + *The expiration period and time-to-live (TTL).
+ */ + exceptionTimeToLive?: number; } /** * @public */ -export interface CreateDatalakeExceptionsSubscriptionResponse {} +export interface CreateDataLakeExceptionSubscriptionResponse {} + +/** + * @public + *Automatically enable new organization accounts as member accounts from an Amazon Security Lake + * administrator account.
+ */ +export interface DataLakeAutoEnableNewAccountConfiguration { + /** + *The Amazon Web Services Regions where Security Lake is automatically enabled.
+ */ + region: string | undefined; + + /** + *The Amazon Web Services sources that are automatically enabled in Security Lake.
+ */ + sources: AwsLogSourceResource[] | undefined; +} + +/** + * @public + */ +export interface CreateDataLakeOrganizationConfigurationRequest { + /** + *Enable Security Lake with the specified configuration settings, to begin collecting security + * data for new accounts in your organization.
+ */ + autoEnableNewAccount: DataLakeAutoEnableNewAccountConfiguration[] | undefined; +} + +/** + * @public + */ +export interface CreateDataLakeOrganizationConfigurationResponse {} /** * @public *The supported source types from which logs and events are collected in Amazon Security Lake. * For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
*/ -export type SourceType = SourceType.AwsSourceTypeMember | SourceType.CustomSourceTypeMember | SourceType.$UnknownMember; +export type LogSourceResource = + | LogSourceResource.AwsLogSourceMember + | LogSourceResource.CustomLogSourceMember + | LogSourceResource.$UnknownMember; /** * @public */ -export namespace SourceType { +export namespace LogSourceResource { /** - *Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
+ *Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
*/ - export interface AwsSourceTypeMember { - awsSourceType: AwsLogSourceType | string; - customSourceType?: never; + export interface AwsLogSourceMember { + awsLogSource: AwsLogSourceResource; + customLogSource?: never; $unknown?: never; } @@ -916,27 +911,27 @@ export namespace SourceType { *Amazon Security Lake supports custom source types. For a detailed list, see the Amazon Security Lake * User Guide.
*/ - export interface CustomSourceTypeMember { - awsSourceType?: never; - customSourceType: string; + export interface CustomLogSourceMember { + awsLogSource?: never; + customLogSource: CustomLogSourceResource; $unknown?: never; } export interface $UnknownMember { - awsSourceType?: never; - customSourceType?: never; + awsLogSource?: never; + customLogSource?: never; $unknown: [string, any]; } export interface VisitorThe supported Amazon Web Services from which logs and events are collected. - * Security Lake supports log and event collection for natively supported Amazon Web Services.
+ *The AWS identity used to access your data.
*/ - sourceTypes: SourceType[] | undefined; + subscriberIdentity: AwsIdentity | undefined; /** - *The Amazon Web Services account ID used to access your data.
+ *The name of your Security Lake subscriber account.
*/ - accountId: string | undefined; + subscriberName: string | undefined; /** - *The external ID of the subscriber. This lets the user that is assuming the role assert - * the circumstances in which they are operating. It also provides a way for the account owner - * to permit the role to be assumed only under specific circumstances.
+ *The description for your subscriber account in Security Lake.
*/ - externalId: string | undefined; + subscriberDescription?: string; + + /** + *The supported Amazon Web Services from which logs and events are collected. + * Security Lake supports log and event collection for natively supported Amazon Web Services.
+ */ + sources: LogSourceResource[] | undefined; /** *The Amazon S3 or Lake Formation access type.
*/ accessTypes?: (AccessType | string)[]; +} + +/** + * @public + * @enum + */ +export const SubscriberStatus = { + ACTIVE: "ACTIVE", + DEACTIVATED: "DEACTIVATED", + PENDING: "PENDING", + READY: "READY", +} as const; + +/** + * @public + */ +export type SubscriberStatus = (typeof SubscriberStatus)[keyof typeof SubscriberStatus]; + +/** + * @public + *Provides details about the Amazon Security Lake account subscription. Subscribers are notified + * of new objects for a source as the data is written to your Amazon S3 bucket for + * Security Lake.
+ */ +export interface SubscriberResource { + /** + *The subscriber ID of the Amazon Security Lake subscriber account.
+ */ + subscriberId: string | undefined; /** - *The name of your Security Lake subscriber account.
+ *The subscriber ARN of the Amazon Security Lake subscriber account.
+ */ + subscriberArn: string | undefined; + + /** + *The AWS identity used to access your data.
+ */ + subscriberIdentity: AwsIdentity | undefined; + + /** + *The name of your Amazon Security Lake subscriber account.
*/ subscriberName: string | undefined; /** - *The description for your subscriber account in Security Lake.
+ *The subscriber descriptions for a subscriber account. The description for a subscriber
+ * includes subscriberName, accountID, externalID, and
+ * subscriberId.
The subscriptionId created by the CreateSubscriber API
- * call.
Amazon Security Lake supports log and event collection for natively supported Amazon Web Services. For more information, see the Amazon Security Lake User Guide.
*/ - subscriptionId: string | undefined; + sources: LogSourceResource[] | undefined; /** - *The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more - * information about ARNs and how to use them in policies, see Amazon Security Lake User - * Guide.
+ *You can choose to notify subscribers of new objects with an Amazon Simple Queue Service + * (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the + * subscriber.
+ * Subscribers can consume data by directly querying Lake Formation tables in your
+ * Amazon S3 bucket through services like Amazon Athena. This subscription
+ * type is defined as LAKEFORMATION.
The ARN for the Amazon Simple Notification Service.
+ *The Amazon Resource Name (ARN) specifying the role of the subscriber.
*/ - snsArn?: string; + roleArn?: string; /** - *The ARN for the Amazon S3 bucket.
+ *The ARN for the Amazon S3 bucket.
*/ s3BucketArn?: string; /** - *The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share.
+ *The subscriber endpoint to which exception messages are posted.
+ */ + subscriberEndpoint?: string; + + /** + *The subscriber status of the Amazon Security Lake subscriber account.
+ */ + subscriberStatus?: SubscriberStatus | string; + + /** + *The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before + * accepting the RAM resource share invitation, you can view details related to the RAM + * resource share.
+ *This field is available only for Lake Formation subscribers created after March 8, 2023.
*/ resourceShareArn?: string; /** - *The name of the resource share.
+ *The name of the resource share.
+ */ + resourceShareName?: string; + + /** + *The date and time when the subscriber was created.
+ */ + createdAt?: Date; + + /** + *The date and time when the subscriber was last updated.
*/ - resourceShareName?: string; + updatedAt?: Date; } /** * @public - *The request was rejected because a value that's not valid or is out of range was - * supplied for an input parameter.
*/ -export class InvalidInputException extends __BaseException { - readonly name: "InvalidInputException" = "InvalidInputException"; - readonly $fault: "client" = "client"; +export interface CreateSubscriberResponse { /** - * @internal + *Retrieve information about the subscriber created using the
+ * CreateSubscriber API.
The configurations for HTTPS subscriber notification.
*/ -export interface CreateSubscriptionNotificationConfigurationRequest { - /** - *The subscription ID for the notification subscription.
- */ - subscriptionId: string | undefined; - +export interface HttpsNotificationConfiguration { /** *The subscription endpoint in Security Lake. If you prefer notification with an HTTPs * endpoint, populate this field.
*/ - subscriptionEndpoint?: string; + endpoint: string | undefined; /** *The key name for the notification subscription.
*/ - httpsApiKeyName?: string; + authorizationApiKeyName?: string; /** *The key value for the notification subscription.
*/ - httpsApiKeyValue?: string; + authorizationApiKeyValue?: string; /** - *The HTTPS method used for the notification subscription.
+ *The HTTPS method used for the notification subscription.
*/ - httpsMethod?: HttpsMethod | string; - - /** - *Create an Amazon Simple Queue Service queue.
- */ - createSqs?: boolean; + httpMethod?: HttpMethod | string; /** *The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you * created. For more information about ARNs and how to use them in policies, see Managing data access and Amazon Web Services * Managed Policies in the Amazon Security Lake User Guide.
*/ - roleArn?: string; + targetRoleArn: string | undefined; } /** * @public + *The configurations for SQS subscriber notification.
*/ -export interface CreateSubscriptionNotificationConfigurationResponse { - /** - *Returns the Amazon Resource Name (ARN) of the queue.
- */ - queueArn?: string; -} +export interface SqsNotificationConfiguration {} /** * @public + *Specify the configurations you want to use for subscriber notification to notify the + * subscriber when new data is written to the data lake for sources that the subscriber + * consumes in Security Lake.
*/ -export interface DeleteAwsLogSourceRequest { - /** - *This is a mandatory input. Specify the input order to disable dimensions in Security Lake, - * namely Region (Amazon Web Services Region code, source type, and member (account ID of a - * specific Amazon Web Services account).
- */ - inputOrder: (Dimension | string)[] | undefined; +export type NotificationConfiguration = + | NotificationConfiguration.HttpsNotificationConfigurationMember + | NotificationConfiguration.SqsNotificationConfigurationMember + | NotificationConfiguration.$UnknownMember; +/** + * @public + */ +export namespace NotificationConfiguration { /** - *Removes the specific Amazon Web Services sources from specific accounts and specific - * Regions.
+ *The configurations for SQS subscriber notification.
*/ - disableAllDimensions?: RecordRemove a specific Amazon Web Services source from specific accounts or Regions.
+ *The configurations for HTTPS subscriber notification.
*/ - disableTwoDimensions?: RecordRemoves all Amazon Web Services sources from specific accounts or Regions.
- */ - disableSingleDimension?: string[]; + export interface $UnknownMember { + sqsNotificationConfiguration?: never; + httpsNotificationConfiguration?: never; + $unknown: [string, any]; + } + + export interface VisitorDeletion of the Amazon Web Services sources is in progress.
+ *The subscriber ID for the notification subscription.
*/ - processing?: string[]; + subscriberId: string | undefined; /** - *Deletion of the Amazon Web Services sources failed as the account is not a part of the organization.
+ *Specify the configuration using which you want to create the subscriber + * notification.
*/ - failed?: string[]; + configuration: NotificationConfiguration | undefined; } /** * @public */ -export interface DeleteCustomLogSourceRequest { +export interface CreateSubscriberNotificationResponse { /** - *The custom source name for the custom log source.
+ *The subscriber endpoint to which exception messages are posted.
*/ - customSourceName: string | undefined; + subscriberEndpoint?: string; } /** * @public */ -export interface DeleteCustomLogSourceResponse { +export interface DeleteAwsLogSourceRequest { /** - *The location of the partition in the Amazon S3 bucket for Security Lake.
+ *Specify the natively-supported Amazon Web Services service to remove as a source in + * Security Lake.
*/ - customDataLocation: string | undefined; + sources: AwsLogSourceConfiguration[] | undefined; } /** * @public */ -export interface DeleteDatalakeRequest {} - -/** - * @public - */ -export interface DeleteDatalakeResponse {} - -/** - * @public - */ -export interface DeleteDatalakeAutoEnableRequest { +export interface DeleteAwsLogSourceResponse { /** - *Remove automatic enablement of configuration settings for new member accounts in - * Security Lake.
+ *Deletion of the Amazon Web Services sources failed as the account is not a part of the organization.
*/ - removeFromConfigurationForNewAccounts: AutoEnableNewRegionConfiguration[] | undefined; + failed?: string[]; } /** * @public */ -export interface DeleteDatalakeAutoEnableResponse {} +export interface DeleteCustomLogSourceRequest { + /** + *The source name of custom log source that you want to delete.
+ */ + sourceName: string | undefined; -/** - * @public - */ -export interface DeleteDatalakeDelegatedAdminRequest { /** - *The account ID the Security Lake delegated administrator.
+ *The source version for the third-party custom source. You can limit the custom source + * removal to the specified source version.
*/ - account: string | undefined; + sourceVersion?: string; } /** * @public */ -export interface DeleteDatalakeDelegatedAdminResponse {} - -/** - * @public - */ -export interface DeleteDatalakeExceptionsSubscriptionRequest {} +export interface DeleteCustomLogSourceResponse {} /** * @public */ -export interface DeleteDatalakeExceptionsSubscriptionResponse { - /** - *Retrieves the status of the delete Security Lake operation for an account.
- */ - status: string | undefined; -} - -/** - * @public - */ -export interface DeleteSubscriberRequest { +export interface DeleteDataLakeRequest { /** - *A value created by Security Lake that uniquely identifies your DeleteSubscriber API request.
The list of Regions where Security Lake is enabled.
*/ - id: string | undefined; + regions: string[] | undefined; } /** * @public */ -export interface DeleteSubscriberResponse {} +export interface DeleteDataLakeResponse {} /** * @public */ -export interface DeleteSubscriptionNotificationConfigurationRequest { +export interface DeleteDataLakeOrganizationConfigurationRequest { /** - *The ID of the Security Lake subscriber account.
+ *Removes the automatic enablement of configuration settings for new member accounts in + * Security Lake.
*/ - subscriptionId: string | undefined; + autoEnableNewAccount: DataLakeAutoEnableNewAccountConfiguration[] | undefined; } /** * @public */ -export interface DeleteSubscriptionNotificationConfigurationResponse {} - -/** - * @public - * @enum - */ -export const EndpointProtocol = { - HTTPS: "HTTPS", - SQS: "SQS", -} as const; +export interface DeleteDataLakeOrganizationConfigurationResponse {} /** * @public */ -export type EndpointProtocol = (typeof EndpointProtocol)[keyof typeof EndpointProtocol]; +export interface GetDataLakeOrganizationConfigurationRequest {} /** * @public - *Represents an error interacting with the Amazon EventBridge service.
*/ -export class EventBridgeException extends __BaseException { - readonly name: "EventBridgeException" = "EventBridgeException"; - readonly $fault: "client" = "client"; +export interface GetDataLakeOrganizationConfigurationResponse { /** - * @internal + *The configuration for new accounts.
*/ - constructor(opts: __ExceptionOptionTypeList of all failures.
*/ -export interface Failures { +export interface GetDataLakeSourcesRequest { /** - *List of all exception messages.
- */ - exceptionMessage: string | undefined; - - /** - *List of all remediation steps for failures.
- */ - remediation: string | undefined; - - /** - *This error can occur if you configure the wrong timestamp format, or if the subset of entries used for validation had errors or missing values.
+ *The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
*/ - timestamp: Date | undefined; -} + accounts?: string[]; -/** - * @public - *Response element for actions that make changes, namely create, update, or delete - * actions.
- */ -export interface FailuresResponse { /** - *List of Amazon Web Services Regions where the failure occurred.
+ *The maximum limit of accounts for which the static snapshot of the current Region, + * including enabled accounts and log sources, is retrieved.
*/ - region?: string; + maxResults?: number; /** - *List of all failures.
+ *Lists if there are more results available. The value of nextToken is a unique pagination + * token for each page. Repeat the call using the returned token to retrieve the next page. + * Keep all other arguments unchanged.
+ *Each pagination token expires after 24 hours. Using an expired pagination token will + * return an HTTP 400 InvalidToken error.
*/ - failures?: Failures[]; + nextToken?: string; } -/** - * @public - */ -export interface GetDatalakeRequest {} - /** * @public * @enum */ -export const SettingsStatus = { - COMPLETED: "COMPLETED", - FAILED: "FAILED", - INITIALIZED: "INITIALIZED", - PENDING: "PENDING", +export const SourceCollectionStatus = { + COLLECTING: "COLLECTING", + MISCONFIGURED: "MISCONFIGURED", + NOT_COLLECTING: "NOT_COLLECTING", } as const; /** * @public */ -export type SettingsStatus = (typeof SettingsStatus)[keyof typeof SettingsStatus]; +export type SourceCollectionStatus = (typeof SourceCollectionStatus)[keyof typeof SourceCollectionStatus]; /** * @public - *The details of the last UpdateDatalake or DeleteDatalake
- * API request which failed.
Retrieves the Logs status for the Amazon Security Lake account.
*/ -export interface LastUpdateFailure { +export interface DataLakeSourceStatus { /** - *The reason for the failure of the last UpdateDatalakeor
- * DeleteDatalake API request.
Defines path the stored logs are available which has information on your systems, + * applications, and services.
*/ - reason?: string; + resource?: string; /** - *The reason code for the failure of the last UpdateDatalake or
- * DeleteDatalake API request.
The health status of services, including error codes and patterns.
*/ - code?: string; + status?: SourceCollectionStatus | string; } /** * @public - *The status of the last UpdateDatalake or DeleteDatalake API
- * request. This is set to Completed after the configuration is updated, or removed if
- * deletion of the data lake is successful.
Amazon Security Lake collects logs and events from supported Amazon Web Services and + * custom sources. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
*/ -export interface UpdateStatus { +export interface DataLakeSource { /** - *The unique ID for the UpdateDatalake or DeleteDatalake API
- * request.
The ID of the Security Lake account for which logs are collected.
*/ - lastUpdateRequestId?: string; + account?: string; /** - *The status of the last UpdateDatalake or DeleteDatalake API
- * request that was requested.
The supported Amazon Web Services from which logs and events are collected. + * Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
*/ - lastUpdateStatus?: SettingsStatus | string; + sourceName?: string; /** - *The details of the last UpdateDatalakeor DeleteDatalake API
- * request which failed.
The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of + * data that the custom source will send to Security Lake. The supported event classes are:
+ *
+ * ACCESS_ACTIVITY
+ *
+ * FILE_ACTIVITY
+ *
+ * KERNEL_ACTIVITY
+ *
+ * KERNEL_EXTENSION
+ *
+ * MEMORY_ACTIVITY
+ *
+ * MODULE_ACTIVITY
+ *
+ * PROCESS_ACTIVITY
+ *
+ * REGISTRY_KEY_ACTIVITY
+ *
+ * REGISTRY_VALUE_ACTIVITY
+ *
+ * RESOURCE_ACTIVITY
+ *
+ * SCHEDULED_JOB_ACTIVITY
+ *
+ * SECURITY_FINDING
+ *
+ * ACCOUNT_CHANGE
+ *
+ * AUTHENTICATION
+ *
+ * AUTHORIZATION
+ *
+ * ENTITY_MANAGEMENT_AUDIT
+ *
+ * DHCP_ACTIVITY
+ *
+ * NETWORK_ACTIVITY
+ *
+ * DNS_ACTIVITY
+ *
+ * FTP_ACTIVITY
+ *
+ * HTTP_ACTIVITY
+ *
+ * RDP_ACTIVITY
+ *
+ * SMB_ACTIVITY
+ *
+ * SSH_ACTIVITY
+ *
+ * CONFIG_STATE
+ *
+ * INVENTORY_INFO
+ *
+ * EMAIL_ACTIVITY
+ *
+ * API_ACTIVITY
+ *
+ * CLOUD_API
+ *
The log status for the Security Lake account.
*/ - lastUpdateFailure?: LastUpdateFailure; + sourceStatuses?: DataLakeSourceStatus[]; } /** * @public - *Provides details of Amazon Security Lake lake configuration object.
*/ -export interface LakeConfigurationResponse { - /** - *The type of encryption key used by secure the Security Lake configuration object.
- */ - encryptionKey?: string; - - /** - *Retention settings for the destination Amazon S3 buckets.
- */ - retentionSettings?: RetentionSetting[]; - - /** - *A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an - * optional value, both of which you define.
- */ - tagsMap?: RecordReplication enables automatic, asynchronous copying of objects across Amazon S3 - * buckets. Amazon S3 buckets that are configured for object replication can be owned - * by the same Amazon Web Services account or by different accounts. You can replicate objects - * to a single destination bucket or to multiple destination buckets. The destination buckets - * can be in different Amazon Web Services Regions or within the same Region as the source - * bucket.
- *Set up one or more rollup Regions by providing the Region or Regions that should - * contribute to the central rollup Region.
- */ - replicationDestinationRegions?: (Region | string)[]; - +export interface GetDataLakeSourcesResponse { /** - *Replication settings for the Amazon S3 buckets. This parameter uses the IAM role you created that is managed by Security Lake, to ensure the replication - * setting is correct.
+ *The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see the Amazon Security Lake User Guide.
*/ - replicationRoleArn?: string; - - /** - *Amazon Resource Names (ARNs) uniquely identify Amazon Web Services resources. Security Lake - * requires an ARN when you need to specify a resource unambiguously across all of Amazon Web Services, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls.
- */ - s3BucketArn?: string; + dataLakeArn?: string; /** - *Retrieves the status of the configuration operation for an account in Amazon Security Lake.
+ *The list of enabled accounts and enabled sources.
*/ - status?: SettingsStatus | string; + dataLakeSources?: DataLakeSource[]; /** - *The status of the last UpdateDatalake or DeleteDatalake API
- * request.
Lists if there are more results available. The value of nextToken is a unique pagination + * token for each page. Repeat the call using the returned token to retrieve the next page. + * Keep all other arguments unchanged.
+ *Each pagination token expires after 24 hours. Using an expired pagination token will + * return an HTTP 400 InvalidToken error.
*/ - updateStatus?: UpdateStatus; + nextToken?: string; } /** * @public */ -export interface GetDatalakeResponse { +export interface ListDataLakesRequest { /** - *Retrieves the Security Lake configuration object.
+ *The list of regions where Security Lake is enabled.
*/ - configurations: RecordThe configuration for new accounts.
+ *Retrieves the Security Lake configuration object.
*/ - autoEnableNewAccounts: AutoEnableNewRegionConfiguration[] | undefined; + dataLakes?: DataLakeResource[]; } /** * @public */ -export interface GetDatalakeExceptionsExpiryRequest {} - -/** - * @public - */ -export interface GetDatalakeExceptionsExpiryResponse { +export interface ListLogSourcesRequest { /** - *The expiration period and time-to-live (TTL).
+ *The list of Amazon Web Services accounts for which log sources are displayed.
*/ - exceptionMessageExpiry: number | undefined; -} + accounts?: string[]; -/** - * @public - */ -export interface GetDatalakeExceptionsSubscriptionRequest {} + /** + *The list of regions for which log sources are displayed.
+ */ + regions?: string[]; -/** - * @public - *Protocol used in Amazon Security Lake that dictates how notifications are posted at the - * endpoint.
- */ -export interface ProtocolAndNotificationEndpoint { /** - *The protocol to which notification messages are posted.
+ *The list of sources for which log sources are displayed.
*/ - protocol?: string; + sources?: LogSourceResource[]; /** - *The account that is subscribed to receive exception notifications.
+ *The maximum number of accounts for which the log sources are displayed.
*/ - endpoint?: string; -} + maxResults?: number; -/** - * @public - */ -export interface GetDatalakeExceptionsSubscriptionResponse { /** - *Retrieves the exception notification subscription information.
+ *If nextToken is returned, there are more results available. You can repeat the call + * using the returned token to retrieve the next page.
*/ - protocolAndNotificationEndpoint: ProtocolAndNotificationEndpoint | undefined; + nextToken?: string; } /** * @public + *Amazon Security Lake can collect logs and events from natively-supported Amazon Web Services services and custom sources.
*/ -export interface GetDatalakeStatusRequest { +export interface LogSource { /** - *The Amazon Web Services account ID for which a static snapshot of the current Amazon Web Services Region, including enabled accounts and log sources, is retrieved.
+ *Specify the account from which you want to collect logs.
*/ - accountSet?: string[]; + account?: string; /** - *The maximum limit of accounts for which the static snapshot of the current Region, - * including enabled accounts and log sources, is retrieved.
+ *Specify the Regions from which you want to collect logs.
*/ - maxAccountResults?: number; + region?: string; /** - *Lists if there are more results available. The value of nextToken is a unique pagination - * token for each page. Repeat the call using the returned token to retrieve the next page. - * Keep all other arguments unchanged.
- *Each pagination token expires after 24 hours. Using an expired pagination token will - * return an HTTP 400 InvalidToken error.
+ *Specify the sources from which you want to collect logs.
*/ - nextToken?: string; + sources?: LogSourceResource[]; } /** * @public */ -export interface GetDatalakeStatusResponse { +export interface ListLogSourcesResponse { /** - *The list of enabled accounts and enabled sources.
+ *The list of log sources in your organization that send data to the data lake.
*/ - accountSourcesList: AccountSources[] | undefined; + sources?: LogSource[]; /** - *Lists if there are more results available. The value of nextToken is a unique pagination - * token for each page. Repeat the call using the returned token to retrieve the next page. - * Keep all other arguments unchanged.
- *Each pagination token expires after 24 hours. Using an expired pagination token will - * return an HTTP 400 InvalidToken error.
+ *If nextToken is returned, there are more results available. You can repeat the call + * using the returned token to retrieve the next page.
*/ nextToken?: string; } @@ -1568,134 +1657,133 @@ export interface GetDatalakeStatusResponse { /** * @public */ -export interface GetSubscriberRequest { +export interface UpdateDataLakeRequest { /** - *A value created by Amazon Security Lake that uniquely identifies your
- * GetSubscriber API request.
Specify the Region or Regions that will contribute data to the rollup region.
*/ - id: string | undefined; + configurations: DataLakeConfiguration[] | undefined; } -/** - * @public - * @enum - */ -export const SubscriptionStatus = { - ACTIVE: "ACTIVE", - DEACTIVATED: "DEACTIVATED", - PENDING: "PENDING", - READY: "READY", -} as const; - /** * @public */ -export type SubscriptionStatus = (typeof SubscriptionStatus)[keyof typeof SubscriptionStatus]; +export interface UpdateDataLakeResponse { + /** + *The created Security Lake configuration object.
+ */ + dataLakes?: DataLakeResource[]; +} /** * @public - *Provides details about the Amazon Security Lake account subscription. Subscribers are notified - * of new objects for a source as the data is written to your Amazon S3 bucket for - * Security Lake.
+ *The details for a Security Lake exception
*/ -export interface SubscriberResource { +export interface DataLakeException { /** - *The subscription ID of the Amazon Security Lake subscriber account.
+ *The Amazon Web Services Regions where the exception occurred.
*/ - subscriptionId: string | undefined; + region?: string; /** - *Amazon Security Lake supports log and event collection for natively supported Amazon Web Services. For more information, see the Amazon Security Lake User Guide.
+ *The underlying exception of a Security Lake exception.
*/ - sourceTypes: SourceType[] | undefined; + exception?: string; /** - *The Amazon Web Services account ID you are using to create your Amazon Security Lake - * account.
+ *List of all remediation steps for a Security Lake exception.
*/ - accountId: string | undefined; + remediation?: string; /** - *The name of your Amazon Security Lake subscriber account.
+ *This error can occur if you configure the wrong timestamp format, or if the subset of entries used for validation had errors or missing values.
*/ - subscriberName?: string; + timestamp?: Date; +} - /** - *The subscriber descriptions for a subscriber account. The description for a subscriber
- * includes subscriberName, accountID, externalID, and
- * subscriptionId.
The subscription status of the Amazon Security Lake subscriber account.
- */ - subscriptionStatus?: SubscriptionStatus | string; +/** + * @public + */ +export interface DeleteDataLakeExceptionSubscriptionResponse {} +/** + * @public + */ +export interface DeleteSubscriberRequest { /** - *The Amazon Resource Name (ARN) specifying the role of the subscriber.
+ *A value created by Security Lake that uniquely identifies your DeleteSubscriber API request.
The ARN for the Amazon Simple Notification Service.
- */ - snsArn?: string; +/** + * @public + */ +export interface DeleteSubscriberResponse {} +/** + * @public + */ +export interface DeleteSubscriberNotificationRequest { /** - *The ARN for the Amazon S3 bucket.
+ *The ID of the Security Lake subscriber account.
*/ - s3BucketArn?: string; + subscriberId: string | undefined; +} - /** - *You can choose to notify subscribers of new objects with an Amazon Simple Queue Service - * (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the - * subscriber.
- * Subscribers can consume data by directly querying Lake Formation tables in your
- * Amazon S3 bucket through services like Amazon Athena. This subscription
- * type is defined as LAKEFORMATION.
The subscription endpoint to which exception messages are posted.
- */ - subscriptionEndpoint?: string; +/** + * @public + */ +export interface DeregisterDataLakeDelegatedAdministratorRequest {} - /** - *The subscription protocol to which exception messages are posted.
- */ - subscriptionProtocol?: EndpointProtocol | string; +/** + * @public + */ +export interface DeregisterDataLakeDelegatedAdministratorResponse {} - /** - *The external ID of the subscriber. The external ID lets the user that is assuming the - * role assert the circumstances in which they are operating. It also provides a way for the - * account owner to permit the role to be assumed only under specific circumstances.
- */ - externalId?: string; +/** + * @public + */ +export interface GetDataLakeExceptionSubscriptionRequest {} +/** + * @public + */ +export interface GetDataLakeExceptionSubscriptionResponse { /** - *The date and time when the subscription was created.
+ *The subscription protocol to which exception notifications are posted.
*/ - createdAt?: Date; + subscriptionProtocol?: string; /** - *The date and time when the subscription was created.
+ *The Amazon Web Services account where you receive exception notifications.
*/ - updatedAt?: Date; + notificationEndpoint?: string; /** - *The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before - * accepting the RAM resource share invitation, you can view details related to the RAM - * resource share.
- *This field is available only for Lake Formation subscribers created after March 8, 2023.
+ *The expiration period and time-to-live (TTL).
*/ - resourceShareArn?: string; + exceptionTimeToLive?: number; +} +/** + * @public + */ +export interface GetSubscriberRequest { /** - *The name of the resource share.
+ *A value created by Amazon Security Lake that uniquely identifies your
+ * GetSubscriber API request.
The subscription information for the specified subscription ID.
+ *The subscriber information for the specified subscriber ID.
*/ subscriber?: SubscriberResource; } @@ -1711,21 +1799,21 @@ export interface GetSubscriberResponse { /** * @public */ -export interface ListDatalakeExceptionsRequest { +export interface ListDataLakeExceptionsRequest { /** *List the Amazon Web Services Regions from which exceptions are retrieved.
*/ - regionSet?: (Region | string)[]; + regions?: string[]; /** *List the maximum number of failures in Security Lake.
*/ - maxFailures?: number; + maxResults?: number; /** *List if there are more results available. The value of nextToken is a unique pagination * token for each page. Repeat the call using the returned token to retrieve the next page. - * Keep all other arguments unchanged.
+ * Keep all other arguments unchanged. *Each pagination token expires after 24 hours. Using an expired pagination token will * return an HTTP 400 InvalidToken error.
*/ @@ -1735,76 +1823,22 @@ export interface ListDatalakeExceptionsRequest { /** * @public */ -export interface ListDatalakeExceptionsResponse { +export interface ListDataLakeExceptionsResponse { /** *Lists the failures that cannot be retried in the current Region.
*/ - nonRetryableFailures: FailuresResponse[] | undefined; + exceptions?: DataLakeException[]; /** *List if there are more results available. The value of nextToken is a unique pagination * token for each page. Repeat the call using the returned token to retrieve the next page. - * Keep all other arguments unchanged.
+ * Keep all other arguments unchanged. *Each pagination token expires after 24 hours. Using an expired pagination token will * return an HTTP 400 InvalidToken error.
*/ nextToken?: string; } -/** - * @public - */ -export interface ListLogSourcesRequest { - /** - *Lists the log sources in input order, namely Region, source - * type, and member account.
- */ - inputOrder?: (Dimension | string)[]; - - /** - *List the view of log sources for enabled Amazon Security Lake accounts for specific Amazon Web Services sources from specific accounts and specific Regions.
- */ - listAllDimensions?: RecordLists the view of log sources for enabled Security Lake accounts for specific Amazon Web Services sources from specific accounts or specific Regions.
- */ - listTwoDimensions?: RecordList the view of log sources for enabled Security Lake accounts for all Amazon Web Services - * sources from specific accounts or specific Regions.
- */ - listSingleDimension?: string[]; - - /** - *The maximum number of accounts for which the log sources are displayed.
- */ - maxResults?: number; - - /** - *If nextToken is returned, there are more results available. You can repeat the call - * using the returned token to retrieve the next page.
- */ - nextToken?: string; -} - -/** - * @public - */ -export interface ListLogSourcesResponse { - /** - *Lists the log sources by Regions for enabled Security Lake accounts.
- */ - regionSourceTypesAccountsList: RecordIf nextToken is returned, there are more results available. You can repeat the call - * using the returned token to retrieve the next page.
- */ - nextToken?: string; -} - /** * @public */ @@ -1828,7 +1862,7 @@ export interface ListSubscribersResponse { /** *The subscribers available for the specified Security Lake account ID.
*/ - subscribers: SubscriberResource[] | undefined; + subscribers?: SubscriberResource[]; /** *If nextToken is returned, there are more results available. You can repeat the call @@ -1840,82 +1874,47 @@ export interface ListSubscribersResponse { /** * @public */ -export interface UpdateDatalakeRequest { +export interface RegisterDataLakeDelegatedAdministratorRequest { /** - *
Specify the Region or Regions that will contribute data to the rollup region.
+ *The Amazon Web Services account ID of the Security Lake delegated administrator.
*/ - configurations: RecordThe time-to-live (TTL) for the exception message to remain.
+ *A value created by Security Lake that uniquely identifies your subscription.
*/ - exceptionMessageExpiry: number | undefined; -} - -/** - * @public - */ -export interface UpdateDatalakeExceptionsExpiryResponse {} + subscriberId: string | undefined; -/** - * @public - */ -export interface UpdateDatalakeExceptionsSubscriptionRequest { /** - *The subscription protocol to which exception messages are posted.
+ *The AWS identity used to access your data.
*/ - subscriptionProtocol: SubscriptionProtocolType | string | undefined; + subscriberIdentity?: AwsIdentity; /** - *The account that is subscribed to receive exception notifications.
+ *The name of the Security Lake account subscriber.
*/ - notificationEndpoint: string | undefined; -} - -/** - * @public - */ -export interface UpdateDatalakeExceptionsSubscriptionResponse {} + subscriberName?: string; -/** - * @public - */ -export interface UpdateSubscriberRequest { /** - *A value created by Security Lake that uniquely identifies your subscription.
+ *The description of the Security Lake account subscriber.
*/ - id: string | undefined; + subscriberDescription?: string; /** *The supported Amazon Web Services from which logs and events are collected. For * the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
*/ - sourceTypes: SourceType[] | undefined; - - /** - *The external ID of the Security Lake account.
- */ - externalId?: string; - - /** - *The name of the Security Lake account subscriber.
- */ - subscriberName?: string; - - /** - *The description of the Security Lake account subscriber.
- */ - subscriberDescription?: string; + sources?: LogSourceResource[]; } /** @@ -1923,7 +1922,7 @@ export interface UpdateSubscriberRequest { */ export interface UpdateSubscriberResponse { /** - *The account of the subscriber.
+ *The updated subscriber information.
*/ subscriber?: SubscriberResource; } @@ -1931,51 +1930,49 @@ export interface UpdateSubscriberResponse { /** * @public */ -export interface UpdateSubscriptionNotificationConfigurationRequest { - /** - *The subscription ID for which the subscription notification is specified.
- */ - subscriptionId: string | undefined; - +export interface UpdateSubscriberNotificationRequest { /** - *The subscription endpoint in Security Lake.
+ *The subscription ID for which the subscription notification is specified.
*/ - subscriptionEndpoint?: string; + subscriberId: string | undefined; /** - *The key name for the subscription notification.
+ *The configuration for subscriber notification.
*/ - httpsApiKeyName?: string; + configuration: NotificationConfiguration | undefined; +} +/** + * @public + */ +export interface UpdateSubscriberNotificationResponse { /** - *The key value for the subscription notification.
+ *The subscriber endpoint to which exception messages are posted.
*/ - httpsApiKeyValue?: string; + subscriberEndpoint?: string; +} +/** + * @public + */ +export interface UpdateDataLakeExceptionSubscriptionRequest { /** - *The HTTPS method used for the subscription notification.
+ *The subscription protocol to which exception messages are posted.
*/ - httpsMethod?: HttpsMethod | string; + subscriptionProtocol: string | undefined; /** - *Create a new subscription notification for the specified subscription ID in - * Amazon Security Lake.
+ *The account that is subscribed to receive exception notifications.
*/ - createSqs?: boolean; + notificationEndpoint: string | undefined; /** - *The Amazon Resource Name (ARN) specifying the role of the subscriber. For more information about ARNs and how to use them in policies, see, see the Managing data access and Amazon Web Services Managed Policiesin the Amazon Security Lake User - * Guide.
+ *The time-to-live (TTL) for the exception message to remain.
*/ - roleArn?: string; + exceptionTimeToLive?: number; } /** * @public */ -export interface UpdateSubscriptionNotificationConfigurationResponse { - /** - *Returns the ARN of the queue.
- */ - queueArn?: string; -} +export interface UpdateDataLakeExceptionSubscriptionResponse {} diff --git a/clients/client-securitylake/src/pagination/GetDatalakeStatusPaginator.ts b/clients/client-securitylake/src/pagination/GetDataLakeSourcesPaginator.ts similarity index 67% rename from clients/client-securitylake/src/pagination/GetDatalakeStatusPaginator.ts rename to clients/client-securitylake/src/pagination/GetDataLakeSourcesPaginator.ts index f8b35bcf4b86..a3821f34df1d 100644 --- a/clients/client-securitylake/src/pagination/GetDatalakeStatusPaginator.ts +++ b/clients/client-securitylake/src/pagination/GetDataLakeSourcesPaginator.ts @@ -2,10 +2,10 @@ import { Paginator } from "@aws-sdk/types"; import { - GetDatalakeStatusCommand, - GetDatalakeStatusCommandInput, - GetDatalakeStatusCommandOutput, -} from "../commands/GetDatalakeStatusCommand"; + GetDataLakeSourcesCommand, + GetDataLakeSourcesCommandInput, + GetDataLakeSourcesCommandOutput, +} from "../commands/GetDataLakeSourcesCommand"; import { SecurityLakeClient } from "../SecurityLakeClient"; import { SecurityLakePaginationConfiguration } from "./Interfaces"; @@ -14,27 +14,27 @@ import { SecurityLakePaginationConfiguration } from "./Interfaces"; */ const makePagedClientRequest = async ( client: SecurityLakeClient, - input: GetDatalakeStatusCommandInput, + input: GetDataLakeSourcesCommandInput, ...args: any -): Promise