aws-sdk-cloudtrail 1.72.0 → 1.73.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b06776bb2b0dc051b261fefe0fc55106b2476c72eb4513182b23d23e96bbc73f
-  data.tar.gz: ffa5899ae76b28c5e97f5e627535f1b8755b8ab8a4b15b1a6f6a91117f3b6ddf
+  metadata.gz: 6701872c247ca32899a7ea46b56ed3eccbd2bcb8b6a024cd07385976c32e4c12
+  data.tar.gz: dc0294be39f562cc1826fddb1aefb9627ab89c2141923c92e39fcafd5e3c3758
 SHA512:
-  metadata.gz: 904b624dc428a5d2131e5363472c94fc86010e2df69e80eb32b6b482d69f8056ee69a2c88a7df6fee618d1a33929aeb9c937527fee364f43f6b7d2edab4e7c7e
-  data.tar.gz: 0e7010a32748a05b75bd04fe131cc78d69a6bd931b6a6aee6e633b329b236f192c4441c23bcd3327a9b11bb3d8f419dea0a8592306ac0b6a64ea989c5cd1fec3
+  metadata.gz: 75ec5991334ca5973acc817c28b1050e9b98d191ea3f8e13c5257a6704d5d91afcd2cd364b6c81f0c00bdea5ef0576aa3f658b3f06e1cf881140d2c9784781d4
+  data.tar.gz: 0d27daa1d2416cc68bbf71631eb2cc05a1335e728cfb1ccfa074fb3e65a60f747de5aa91de1d8a069618d49b41ff46262edeaa6d85f0c47c51f5cdf766967328

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.73.0 (2023-11-27)
+------------------
+
+* Feature - CloudTrail Lake now supports federating event data stores. giving users the ability to run queries against their event data using Amazon Athena.
+
 1.72.0 (2023-11-22)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.72.0
+1.73.0

data/lib/aws-sdk-cloudtrail/client.rb

@@ -997,8 +997,9 @@ module Aws::CloudTrail
     # the event data store enters a `PENDING_DELETION` state, and is
     # automatically deleted after a wait period of seven days.
     # `TerminationProtectionEnabled` must be set to `False` on the event
-    # data store; this operation cannot work if
-    # `TerminationProtectionEnabled` is `True`.
+    # data store and the `FederationStatus` must be `DISABLED`. You cannot
+    # delete an event data store if `TerminationProtectionEnabled` is `True`
+    # or the `FederationStatus` is `ENABLED`.
     #
     # After you run `DeleteEventDataStore` on an event data store, you
     # cannot run `ListQueries`, `DescribeQuery`, or `GetQueryResults` on
@@ -1238,6 +1239,109 @@ module Aws::CloudTrail
       req.send_request(options)
     end
 
+    # Disables Lake query federation on the specified event data store. When
+    # you disable federation, CloudTrail removes the metadata associated
+    # with the federated event data store in the Glue Data Catalog and
+    # removes registration for the federation role ARN and event data store
+    # in Lake Formation. No CloudTrail Lake data is deleted when you disable
+    # federation.
+    #
+    # @option params [required, String] :event_data_store
+    #   The ARN (or ID suffix of the ARN) of the event data store for which
+    #   you want to disable Lake query federation.
+    #
+    # @return [Types::DisableFederationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisableFederationResponse#event_data_store_arn #event_data_store_arn} => String
+    #   * {Types::DisableFederationResponse#federation_status #federation_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disable_federation({
+    #     event_data_store: "EventDataStoreArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.event_data_store_arn #=> String
+    #   resp.federation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DisableFederation AWS API Documentation
+    #
+    # @overload disable_federation(params = {})
+    # @param [Hash] params ({})
+    def disable_federation(params = {}, options = {})
+      req = build_request(:disable_federation, params)
+      req.send_request(options)
+    end
+
+    # Enables Lake query federation on the specified event data store.
+    # Federating an event data store lets you view the metadata associated
+    # with the event data store in the Glue [Data Catalog][1] and run SQL
+    # queries against your event data using Amazon Athena. The table
+    # metadata stored in the Glue Data Catalog lets the Athena query engine
+    # know how to find, read, and process the data that you want to query.
+    #
+    # When you enable Lake query federation, CloudTrail creates a federated
+    # database named `aws:cloudtrail` (if the database doesn't already
+    # exist) and a federated table in the Glue Data Catalog. The event data
+    # store ID is used for the table name. CloudTrail registers the role ARN
+    # and event data store in [Lake Formation][2], the service responsible
+    # for revoking or granting permissions to the federated resources in the
+    # Glue Data Catalog.
+    #
+    # For more information about Lake query federation, see [Federate an
+    # event data store][3].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/glue/latest/dg/components-overview.html#data-catalog-intro
+    # [2]: https://docs.aws.amazon.com/lake-formation/latest/dg/how-it-works.html
+    # [3]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html
+    #
+    # @option params [required, String] :event_data_store
+    #   The ARN (or ID suffix of the ARN) of the event data store for which
+    #   you want to enable Lake query federation.
+    #
+    # @option params [required, String] :federation_role_arn
+    #   The ARN of the federation role to use for the event data store. Amazon
+    #   Web Services services like Lake Formation use this federation role to
+    #   access data for the federated event data store. The federation role
+    #   must exist in your account and provide the [required minimum
+    #   permissions][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions-role
+    #
+    # @return [Types::EnableFederationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::EnableFederationResponse#event_data_store_arn #event_data_store_arn} => String
+    #   * {Types::EnableFederationResponse#federation_status #federation_status} => String
+    #   * {Types::EnableFederationResponse#federation_role_arn #federation_role_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_federation({
+    #     event_data_store: "EventDataStoreArn", # required
+    #     federation_role_arn: "FederationRoleArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.event_data_store_arn #=> String
+    #   resp.federation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #   resp.federation_role_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EnableFederation AWS API Documentation
+    #
+    # @overload enable_federation(params = {})
+    # @param [Hash] params ({})
+    def enable_federation(params = {}, options = {})
+      req = build_request(:enable_federation, params)
+      req.send_request(options)
+    end
+
     # Returns information about a specific channel.
     #
     # @option params [required, String] :channel
@@ -1319,6 +1423,8 @@ module Aws::CloudTrail
     #   * {Types::GetEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
     #   * {Types::GetEventDataStoreResponse#kms_key_id #kms_key_id} => String
     #   * {Types::GetEventDataStoreResponse#billing_mode #billing_mode} => String
+    #   * {Types::GetEventDataStoreResponse#federation_status #federation_status} => String
+    #   * {Types::GetEventDataStoreResponse#federation_role_arn #federation_role_arn} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -1355,6 +1461,8 @@ module Aws::CloudTrail
     #   resp.updated_timestamp #=> Time
     #   resp.kms_key_id #=> String
     #   resp.billing_mode #=> String, one of "EXTENDABLE_RETENTION_PRICING", "FIXED_RETENTION_PRICING"
+    #   resp.federation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #   resp.federation_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStore AWS API Documentation
     #
@@ -3340,6 +3448,8 @@ module Aws::CloudTrail
     #   * {Types::UpdateEventDataStoreResponse#updated_timestamp #updated_timestamp} => Time
     #   * {Types::UpdateEventDataStoreResponse#kms_key_id #kms_key_id} => String
     #   * {Types::UpdateEventDataStoreResponse#billing_mode #billing_mode} => String
+    #   * {Types::UpdateEventDataStoreResponse#federation_status #federation_status} => String
+    #   * {Types::UpdateEventDataStoreResponse#federation_role_arn #federation_role_arn} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -3399,6 +3509,8 @@ module Aws::CloudTrail
     #   resp.updated_timestamp #=> Time
     #   resp.kms_key_id #=> String
     #   resp.billing_mode #=> String, one of "EXTENDABLE_RETENTION_PRICING", "FIXED_RETENTION_PRICING"
+    #   resp.federation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #   resp.federation_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStore AWS API Documentation
     #
@@ -3619,7 +3731,7 @@ module Aws::CloudTrail
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudtrail'
-      context[:gem_version] = '1.72.0'
+      context[:gem_version] = '1.73.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudtrail/client_api.rb

@@ -13,6 +13,7 @@ module Aws::CloudTrail
 
     include Seahorse::Model
 
+    AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccountHasOngoingImportException = Shapes::StructureShape.new(name: 'AccountHasOngoingImportException')
     AccountId = Shapes::StringShape.new(name: 'AccountId')
     AccountNotFoundException = Shapes::StructureShape.new(name: 'AccountNotFoundException')
@@ -43,6 +44,7 @@ module Aws::CloudTrail
     CloudTrailAccessNotEnabledException = Shapes::StructureShape.new(name: 'CloudTrailAccessNotEnabledException')
     CloudTrailInvalidClientTokenIdException = Shapes::StructureShape.new(name: 'CloudTrailInvalidClientTokenIdException')
     CloudWatchLogsDeliveryUnavailableException = Shapes::StructureShape.new(name: 'CloudWatchLogsDeliveryUnavailableException')
+    ConcurrentModificationException = Shapes::StructureShape.new(name: 'ConcurrentModificationException')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     CreateChannelRequest = Shapes::StructureShape.new(name: 'CreateChannelRequest')
     CreateChannelResponse = Shapes::StructureShape.new(name: 'CreateChannelResponse')
@@ -74,6 +76,10 @@ module Aws::CloudTrail
     Destination = Shapes::StructureShape.new(name: 'Destination')
     DestinationType = Shapes::StringShape.new(name: 'DestinationType')
     Destinations = Shapes::ListShape.new(name: 'Destinations')
+    DisableFederationRequest = Shapes::StructureShape.new(name: 'DisableFederationRequest')
+    DisableFederationResponse = Shapes::StructureShape.new(name: 'DisableFederationResponse')
+    EnableFederationRequest = Shapes::StructureShape.new(name: 'EnableFederationRequest')
+    EnableFederationResponse = Shapes::StructureShape.new(name: 'EnableFederationResponse')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     Event = Shapes::StructureShape.new(name: 'Event')
     EventCategory = Shapes::StringShape.new(name: 'EventCategory')
@@ -81,6 +87,7 @@ module Aws::CloudTrail
     EventDataStoreARNInvalidException = Shapes::StructureShape.new(name: 'EventDataStoreARNInvalidException')
     EventDataStoreAlreadyExistsException = Shapes::StructureShape.new(name: 'EventDataStoreAlreadyExistsException')
     EventDataStoreArn = Shapes::StringShape.new(name: 'EventDataStoreArn')
+    EventDataStoreFederationEnabledException = Shapes::StructureShape.new(name: 'EventDataStoreFederationEnabledException')
     EventDataStoreHasOngoingImportException = Shapes::StructureShape.new(name: 'EventDataStoreHasOngoingImportException')
     EventDataStoreKmsKeyId = Shapes::StringShape.new(name: 'EventDataStoreKmsKeyId')
     EventDataStoreMaxLimitExceededException = Shapes::StructureShape.new(name: 'EventDataStoreMaxLimitExceededException')
@@ -93,6 +100,8 @@ module Aws::CloudTrail
     EventSelectors = Shapes::ListShape.new(name: 'EventSelectors')
     EventsList = Shapes::ListShape.new(name: 'EventsList')
     ExcludeManagementEventSources = Shapes::ListShape.new(name: 'ExcludeManagementEventSources')
+    FederationRoleArn = Shapes::StringShape.new(name: 'FederationRoleArn')
+    FederationStatus = Shapes::StringShape.new(name: 'FederationStatus')
     GetChannelRequest = Shapes::StructureShape.new(name: 'GetChannelRequest')
     GetChannelResponse = Shapes::StructureShape.new(name: 'GetChannelResponse')
     GetEventDataStoreRequest = Shapes::StructureShape.new(name: 'GetEventDataStoreRequest')
@@ -293,6 +302,8 @@ module Aws::CloudTrail
     UpdateTrailRequest = Shapes::StructureShape.new(name: 'UpdateTrailRequest')
     UpdateTrailResponse = Shapes::StructureShape.new(name: 'UpdateTrailResponse')
 
+    AccessDeniedException.struct_class = Types::AccessDeniedException
+
     AccountHasOngoingImportException.struct_class = Types::AccountHasOngoingImportException
 
     AccountNotFoundException.struct_class = Types::AccountNotFoundException
@@ -358,6 +369,8 @@ module Aws::CloudTrail
 
     CloudWatchLogsDeliveryUnavailableException.struct_class = Types::CloudWatchLogsDeliveryUnavailableException
 
+    ConcurrentModificationException.struct_class = Types::ConcurrentModificationException
+
     ConflictException.struct_class = Types::ConflictException
 
     CreateChannelRequest.add_member(:name, Shapes::ShapeRef.new(shape: ChannelName, required: true, location_name: "Name"))
@@ -491,6 +504,22 @@ module Aws::CloudTrail
 
     Destinations.member = Shapes::ShapeRef.new(shape: Destination)
 
+    DisableFederationRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, required: true, location_name: "EventDataStore"))
+    DisableFederationRequest.struct_class = Types::DisableFederationRequest
+
+    DisableFederationResponse.add_member(:event_data_store_arn, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStoreArn"))
+    DisableFederationResponse.add_member(:federation_status, Shapes::ShapeRef.new(shape: FederationStatus, location_name: "FederationStatus"))
+    DisableFederationResponse.struct_class = Types::DisableFederationResponse
+
+    EnableFederationRequest.add_member(:event_data_store, Shapes::ShapeRef.new(shape: EventDataStoreArn, required: true, location_name: "EventDataStore"))
+    EnableFederationRequest.add_member(:federation_role_arn, Shapes::ShapeRef.new(shape: FederationRoleArn, required: true, location_name: "FederationRoleArn"))
+    EnableFederationRequest.struct_class = Types::EnableFederationRequest
+
+    EnableFederationResponse.add_member(:event_data_store_arn, Shapes::ShapeRef.new(shape: EventDataStoreArn, location_name: "EventDataStoreArn"))
+    EnableFederationResponse.add_member(:federation_status, Shapes::ShapeRef.new(shape: FederationStatus, location_name: "FederationStatus"))
+    EnableFederationResponse.add_member(:federation_role_arn, Shapes::ShapeRef.new(shape: FederationRoleArn, location_name: "FederationRoleArn"))
+    EnableFederationResponse.struct_class = Types::EnableFederationResponse
+
     Event.add_member(:event_id, Shapes::ShapeRef.new(shape: String, location_name: "EventId"))
     Event.add_member(:event_name, Shapes::ShapeRef.new(shape: String, location_name: "EventName"))
     Event.add_member(:read_only, Shapes::ShapeRef.new(shape: String, location_name: "ReadOnly"))
@@ -518,6 +547,8 @@ module Aws::CloudTrail
 
     EventDataStoreAlreadyExistsException.struct_class = Types::EventDataStoreAlreadyExistsException
 
+    EventDataStoreFederationEnabledException.struct_class = Types::EventDataStoreFederationEnabledException
+
     EventDataStoreHasOngoingImportException.struct_class = Types::EventDataStoreHasOngoingImportException
 
     EventDataStoreMaxLimitExceededException.struct_class = Types::EventDataStoreMaxLimitExceededException
@@ -566,6 +597,8 @@ module Aws::CloudTrail
     GetEventDataStoreResponse.add_member(:updated_timestamp, Shapes::ShapeRef.new(shape: Date, location_name: "UpdatedTimestamp"))
     GetEventDataStoreResponse.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: EventDataStoreKmsKeyId, location_name: "KmsKeyId"))
     GetEventDataStoreResponse.add_member(:billing_mode, Shapes::ShapeRef.new(shape: BillingMode, location_name: "BillingMode"))
+    GetEventDataStoreResponse.add_member(:federation_status, Shapes::ShapeRef.new(shape: FederationStatus, location_name: "FederationStatus"))
+    GetEventDataStoreResponse.add_member(:federation_role_arn, Shapes::ShapeRef.new(shape: FederationRoleArn, location_name: "FederationRoleArn"))
     GetEventDataStoreResponse.struct_class = Types::GetEventDataStoreResponse
 
     GetEventSelectorsRequest.add_member(:trail_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "TrailName"))
@@ -1143,6 +1176,8 @@ module Aws::CloudTrail
     UpdateEventDataStoreResponse.add_member(:updated_timestamp, Shapes::ShapeRef.new(shape: Date, location_name: "UpdatedTimestamp"))
     UpdateEventDataStoreResponse.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: EventDataStoreKmsKeyId, location_name: "KmsKeyId"))
     UpdateEventDataStoreResponse.add_member(:billing_mode, Shapes::ShapeRef.new(shape: BillingMode, location_name: "BillingMode"))
+    UpdateEventDataStoreResponse.add_member(:federation_status, Shapes::ShapeRef.new(shape: FederationStatus, location_name: "FederationStatus"))
+    UpdateEventDataStoreResponse.add_member(:federation_role_arn, Shapes::ShapeRef.new(shape: FederationRoleArn, location_name: "FederationRoleArn"))
     UpdateEventDataStoreResponse.struct_class = Types::UpdateEventDataStoreResponse
 
     UpdateTrailRequest.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Name"))
@@ -1350,6 +1385,8 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: NoManagementAccountSLRExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ChannelExistsForEDSException)
         o.errors << Shapes::ShapeRef.new(shape: InsufficientDependencyServiceAccessPermissionException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: EventDataStoreFederationEnabledException)
       end)
 
       api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
@@ -1432,6 +1469,51 @@ module Aws::CloudTrail
         o.errors << Shapes::ShapeRef.new(shape: NoManagementAccountSLRExistsException)
       end)
 
+      api.add_operation(:disable_federation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisableFederation"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DisableFederationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisableFederationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
+        o.errors << Shapes::ShapeRef.new(shape: EventDataStoreNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InactiveEventDataStoreException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailAccessNotEnabledException)
+        o.errors << Shapes::ShapeRef.new(shape: InsufficientDependencyServiceAccessPermissionException)
+        o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
+        o.errors << Shapes::ShapeRef.new(shape: NoManagementAccountSLRExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
+      api.add_operation(:enable_federation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "EnableFederation"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: EnableFederationRequest)
+        o.output = Shapes::ShapeRef.new(shape: EnableFederationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: EventDataStoreARNInvalidException)
+        o.errors << Shapes::ShapeRef.new(shape: EventDataStoreNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InactiveEventDataStoreException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationNotPermittedException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: CloudTrailAccessNotEnabledException)
+        o.errors << Shapes::ShapeRef.new(shape: InsufficientDependencyServiceAccessPermissionException)
+        o.errors << Shapes::ShapeRef.new(shape: NotOrganizationMasterAccountException)
+        o.errors << Shapes::ShapeRef.new(shape: NoManagementAccountSLRExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: OrganizationsNotInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: OrganizationNotInAllFeaturesModeException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: EventDataStoreFederationEnabledException)
+      end)
+
       api.add_operation(:get_channel, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetChannel"
         o.http_method = "POST"

data/lib/aws-sdk-cloudtrail/endpoints.rb

@@ -180,6 +180,34 @@ module Aws::CloudTrail
       end
     end
 
+    class DisableFederation
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::CloudTrail::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+    class EnableFederation
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::CloudTrail::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class GetChannel
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-cloudtrail/errors.rb

@@ -27,6 +27,7 @@ module Aws::CloudTrail
   # See {Seahorse::Client::RequestContext} for more information.
   #
   # ## Error Classes
+  # * {AccessDeniedException}
   # * {AccountHasOngoingImportException}
   # * {AccountNotFoundException}
   # * {AccountNotRegisteredException}
@@ -41,10 +42,12 @@ module Aws::CloudTrail
   # * {CloudTrailAccessNotEnabledException}
   # * {CloudTrailInvalidClientTokenIdException}
   # * {CloudWatchLogsDeliveryUnavailableException}
+  # * {ConcurrentModificationException}
   # * {ConflictException}
   # * {DelegatedAdminAccountLimitExceededException}
   # * {EventDataStoreARNInvalidException}
   # * {EventDataStoreAlreadyExistsException}
+  # * {EventDataStoreFederationEnabledException}
   # * {EventDataStoreHasOngoingImportException}
   # * {EventDataStoreMaxLimitExceededException}
   # * {EventDataStoreNotFoundException}
@@ -114,6 +117,16 @@ module Aws::CloudTrail
 
     extend Aws::Errors::DynamicErrors
 
+    class AccessDeniedException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::AccessDeniedException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class AccountHasOngoingImportException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -254,6 +267,16 @@ module Aws::CloudTrail
       end
     end
 
+    class ConcurrentModificationException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::ConcurrentModificationException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class ConflictException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -294,6 +317,16 @@ module Aws::CloudTrail
       end
     end
 
+    class EventDataStoreFederationEnabledException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::CloudTrail::Types::EventDataStoreFederationEnabledException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+    end
+
     class EventDataStoreHasOngoingImportException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-cloudtrail/plugins/endpoints.rb

@@ -80,6 +80,10 @@ module Aws::CloudTrail
             Aws::CloudTrail::Endpoints::DescribeQuery.build(context)
           when :describe_trails
             Aws::CloudTrail::Endpoints::DescribeTrails.build(context)
+          when :disable_federation
+            Aws::CloudTrail::Endpoints::DisableFederation.build(context)
+          when :enable_federation
+            Aws::CloudTrail::Endpoints::EnableFederation.build(context)
           when :get_channel
             Aws::CloudTrail::Endpoints::GetChannel.build(context)
           when :get_event_data_store

data/lib/aws-sdk-cloudtrail/types.rb

@@ -10,6 +10,12 @@
 module Aws::CloudTrail
   module Types
 
+    # You do not have sufficient access to perform this action.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/AccessDeniedException AWS API Documentation
+    #
+    class AccessDeniedException < Aws::EmptyStructure; end
+
     # This exception is thrown when you start a new import and a previous
     # import is still in progress.
     #
@@ -689,6 +695,14 @@ module Aws::CloudTrail
     #
     class CloudWatchLogsDeliveryUnavailableException < Aws::EmptyStructure; end
 
+    # You are trying to update a resource when another request is in
+    # progress. Allow sufficient wait time for the previous request to
+    # complete, then retry your request.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/ConcurrentModificationException AWS API Documentation
+    #
+    class ConcurrentModificationException < Aws::EmptyStructure; end
+
     # This exception is thrown when the specified resource is not ready for
     # an operation. This can occur when you try to run an operation on a
     # resource before CloudTrail has time to fully load the resource, or
@@ -1718,6 +1732,86 @@ module Aws::CloudTrail
       include Aws::Structure
     end
 
+    # @!attribute [rw] event_data_store
+    #   The ARN (or ID suffix of the ARN) of the event data store for which
+    #   you want to disable Lake query federation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DisableFederationRequest AWS API Documentation
+    #
+    class DisableFederationRequest < Struct.new(
+      :event_data_store)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] event_data_store_arn
+    #   The ARN of the event data store for which you disabled Lake query
+    #   federation.
+    #   @return [String]
+    #
+    # @!attribute [rw] federation_status
+    #   The federation status.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/DisableFederationResponse AWS API Documentation
+    #
+    class DisableFederationResponse < Struct.new(
+      :event_data_store_arn,
+      :federation_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] event_data_store
+    #   The ARN (or ID suffix of the ARN) of the event data store for which
+    #   you want to enable Lake query federation.
+    #   @return [String]
+    #
+    # @!attribute [rw] federation_role_arn
+    #   The ARN of the federation role to use for the event data store.
+    #   Amazon Web Services services like Lake Formation use this federation
+    #   role to access data for the federated event data store. The
+    #   federation role must exist in your account and provide the [required
+    #   minimum permissions][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html#query-federation-permissions-role
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EnableFederationRequest AWS API Documentation
+    #
+    class EnableFederationRequest < Struct.new(
+      :event_data_store,
+      :federation_role_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] event_data_store_arn
+    #   The ARN of the event data store for which you enabled Lake query
+    #   federation.
+    #   @return [String]
+    #
+    # @!attribute [rw] federation_status
+    #   The federation status.
+    #   @return [String]
+    #
+    # @!attribute [rw] federation_role_arn
+    #   The ARN of the federation role.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EnableFederationResponse AWS API Documentation
+    #
+    class EnableFederationResponse < Struct.new(
+      :event_data_store_arn,
+      :federation_status,
+      :federation_role_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about an event that was returned by a lookup
     # request. The result includes a representation of a CloudTrail event.
     #
@@ -1862,6 +1956,15 @@ module Aws::CloudTrail
     #
     class EventDataStoreAlreadyExistsException < Aws::EmptyStructure; end
 
+    # You cannot delete the event data store because Lake query federation
+    # is enabled. To delete the event data store, run the
+    # `DisableFederation` operation to disable Lake query federation on the
+    # event data store.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/EventDataStoreFederationEnabledException AWS API Documentation
+    #
+    class EventDataStoreFederationEnabledException < Aws::EmptyStructure; end
+
     # This exception is thrown when you try to update or delete an event
     # data store that currently has an import in progress.
     #
@@ -2100,6 +2203,23 @@ module Aws::CloudTrail
     #   The billing mode for the event data store.
     #   @return [String]
     #
+    # @!attribute [rw] federation_status
+    #   Indicates the [Lake query federation][1] status. The status is
+    #   `ENABLED` if Lake query federation is enabled, or `DISABLED` if Lake
+    #   query federation is disabled. You cannot delete an event data store
+    #   if the `FederationStatus` is `ENABLED`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html
+    #   @return [String]
+    #
+    # @!attribute [rw] federation_role_arn
+    #   If Lake query federation is enabled, provides the ARN of the
+    #   federation role used to access the resources for the federated event
+    #   data store.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/GetEventDataStoreResponse AWS API Documentation
     #
     class GetEventDataStoreResponse < Struct.new(
@@ -2114,7 +2234,9 @@ module Aws::CloudTrail
       :created_timestamp,
       :updated_timestamp,
       :kms_key_id,
-      :billing_mode)
+      :billing_mode,
+      :federation_status,
+      :federation_role_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5000,6 +5122,23 @@ module Aws::CloudTrail
     #   The billing mode for the event data store.
     #   @return [String]
     #
+    # @!attribute [rw] federation_status
+    #   Indicates the [Lake query federation][1] status. The status is
+    #   `ENABLED` if Lake query federation is enabled, or `DISABLED` if Lake
+    #   query federation is disabled. You cannot delete an event data store
+    #   if the `FederationStatus` is `ENABLED`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-federation.html
+    #   @return [String]
+    #
+    # @!attribute [rw] federation_role_arn
+    #   If Lake query federation is enabled, provides the ARN of the
+    #   federation role used to access the resources for the federated event
+    #   data store.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudtrail-2013-11-01/UpdateEventDataStoreResponse AWS API Documentation
     #
     class UpdateEventDataStoreResponse < Struct.new(
@@ -5014,7 +5153,9 @@ module Aws::CloudTrail
       :created_timestamp,
       :updated_timestamp,
       :kms_key_id,
-      :billing_mode)
+      :billing_mode,
+      :federation_status,
+      :federation_role_arn)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-cloudtrail.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-cloudtrail/customizations'
 # @!group service
 module Aws::CloudTrail
 
-  GEM_VERSION = '1.72.0'
+  GEM_VERSION = '1.73.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudtrail
 version: !ruby/object:Gem::Version
-  version: 1.72.0
+  version: 1.73.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-11-22 00:00:00.000000000 Z
+date: 2023-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core