aws-sdk-cloudwatch 1.139.0 → 1.141.0

data/lib/aws-sdk-cloudwatch/client.rb

@@ -481,6 +481,110 @@ module Aws::CloudWatch
 
     # @!group API Operations
 
+    # Associates an Amazon Web Services Key Management Service (Amazon Web
+    # Services KMS) customer managed key with the specified dataset. After
+    # this operation completes, all data published to the dataset is
+    # encrypted at rest using the specified KMS key. Callers must have
+    # `kms:Decrypt` permission on the key to read the encrypted data.
+    #
+    # Only the `default` dataset is supported. The `default` dataset is
+    # implicit for every account in every Region — you do not need to create
+    # it before calling this operation.
+    #
+    # You can call `AssociateDatasetKmsKey` on a dataset that is already
+    # associated with a KMS key to replace the existing key with a different
+    # one. To replace a key, the caller must have `kms:Decrypt` permission
+    # on both the current key and the new key.
+    #
+    # The KMS key that you specify must meet all of the following
+    # requirements:
+    #
+    # * It must be a symmetric encryption KMS key (key spec
+    #   `SYMMETRIC_DEFAULT`, key usage `ENCRYPT_DECRYPT`). Asymmetric keys,
+    #   HMAC keys, and key material types other than `SYMMETRIC_DEFAULT` are
+    #   not supported.
+    #
+    # * It must be enabled and not pending deletion.
+    #
+    # * Its key policy must grant the CloudWatch service principal
+    #   (`cloudwatch.amazonaws.com`) these permissions: `kms:DescribeKey`,
+    #   `kms:GenerateDataKey`, `kms:Encrypt`, `kms:Decrypt`, and
+    #   `kms:ReEncrypt*`. Amazon CloudWatch requires these permissions to
+    #   manage the data on your behalf.
+    #
+    # * The calling principal must have `kms:Decrypt` permission on the key.
+    #
+    # * It must be specified as a fully qualified key ARN. Key IDs, aliases,
+    #   and alias ARNs are not accepted.
+    #
+    # * It must be in the same Amazon Web Services Region as the dataset.
+    #
+    # Before completing the association, Amazon CloudWatch validates the key
+    # by performing a series of dry-run KMS operations. Service-principal
+    # checks run first to verify that the key policy grants the required
+    # access to Amazon CloudWatch. These checks include `kms:DescribeKey`,
+    # `kms:GenerateDataKey`, `kms:Encrypt`, `kms:Decrypt`, and
+    # `kms:ReEncrypt*`. After those succeed, a `kms:Decrypt` dry-run is run
+    # with the caller's credentials to verify that the calling principal
+    # can use the key. When you are replacing an existing key, the caller's
+    # `kms:Decrypt` dry-run is run on the current key first, and only then
+    # on the new key.
+    #
+    # If any of these checks fails, the operation fails and the existing key
+    # association (if any) remains unchanged. Common failure causes include
+    # the key being disabled, the key policy not granting the required
+    # permissions to Amazon CloudWatch, or the caller lacking `kms:Decrypt`
+    # permission on the key.
+    #
+    # For more information about using customer managed keys with Amazon
+    # CloudWatch, see [Encryption at rest with customer managed keys][1] in
+    # the *Amazon CloudWatch User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cmk-encryption.html
+    #
+    # @option params [required, String] :dataset_identifier
+    #   Specifies the identifier of the dataset that you want to associate the
+    #   KMS key with. For the `default` dataset, you can specify either
+    #   `default` or the full dataset Amazon Resource Name (ARN) in the format
+    #   `arn:aws:cloudwatch:Region:account-id:dataset/default`.
+    #
+    # @option params [required, String] :kms_key_arn
+    #   Specifies the Amazon Resource Name (ARN) of the customer managed KMS
+    #   key to associate with the dataset. The key must be a symmetric
+    #   encryption KMS key (`SYMMETRIC_DEFAULT`) in the same Amazon Web
+    #   Services Region as the dataset.
+    #
+    #   The ARN must be in the format
+    #   `arn:aws:kms:Region:account-id:key/key-id `. Key IDs, aliases, and
+    #   alias ARNs are not accepted.
+    #
+    #   For more information about KMS key ARNs, see [Key ARN][1] in the
+    #   *Amazon Web Services Key Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_dataset_kms_key({
+    #     dataset_identifier: "DatasetIdentifier", # required
+    #     kms_key_arn: "KmsKeyArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/AssociateDatasetKmsKey AWS API Documentation
+    #
+    # @overload associate_dataset_kms_key(params = {})
+    # @param [Hash] params ({})
+    def associate_dataset_kms_key(params = {}, options = {})
+      req = build_request(:associate_dataset_kms_key, params)
+      req.send_request(options)
+    end
+
     # Deletes a specific alarm mute rule.
     #
     # When you delete a mute rule, any alarms that are currently being muted
@@ -519,7 +623,8 @@ module Aws::CloudWatch
     # operation. However, this total can include no more than one composite
     # alarm. For example, you could delete 99 metric alarms and one
     # composite alarms with one operation, but you can't delete two
-    # composite alarms with one operation.
+    # composite alarms with one operation. Log alarms cannot be batch
+    # deleted.
     #
     # If you specify any incorrect alarm names, the alarms you specify with
     # correct names are still deleted. Other syntax errors might result in
@@ -848,8 +953,8 @@ module Aws::CloudWatch
     #
     # @option params [Array<String>] :alarm_types
     #   Use this parameter to specify whether you want the operation to return
-    #   metric alarms or composite alarms. If you omit this parameter, only
-    #   metric alarms are returned.
+    #   metric alarms, composite alarms, or log alarms. If you omit this
+    #   parameter, only metric alarms are returned.
     #
     # @option params [String] :history_item_type
     #   The type of alarm histories to retrieve.
@@ -885,7 +990,7 @@ module Aws::CloudWatch
     #   resp = client.describe_alarm_history({
     #     alarm_name: "AlarmName",
     #     alarm_contributor_id: "ContributorId",
-    #     alarm_types: ["CompositeAlarm"], # accepts CompositeAlarm, MetricAlarm
+    #     alarm_types: ["CompositeAlarm"], # accepts CompositeAlarm, MetricAlarm, LogAlarm
     #     history_item_type: "ConfigurationUpdate", # accepts ConfigurationUpdate, StateUpdate, Action, AlarmContributorStateUpdate, AlarmContributorAction
     #     start_date: Time.now,
     #     end_date: Time.now,
@@ -899,7 +1004,7 @@ module Aws::CloudWatch
     #   resp.alarm_history_items #=> Array
     #   resp.alarm_history_items[0].alarm_name #=> String
     #   resp.alarm_history_items[0].alarm_contributor_id #=> String
-    #   resp.alarm_history_items[0].alarm_type #=> String, one of "CompositeAlarm", "MetricAlarm"
+    #   resp.alarm_history_items[0].alarm_type #=> String, one of "CompositeAlarm", "MetricAlarm", "LogAlarm"
     #   resp.alarm_history_items[0].timestamp #=> Time
     #   resp.alarm_history_items[0].history_item_type #=> String, one of "ConfigurationUpdate", "StateUpdate", "Action", "AlarmContributorStateUpdate", "AlarmContributorAction"
     #   resp.alarm_history_items[0].history_summary #=> String
@@ -939,16 +1044,19 @@ module Aws::CloudWatch
     #
     # @option params [Array<String>] :alarm_types
     #   Use this parameter to specify whether you want the operation to return
-    #   metric alarms or composite alarms. If you omit this parameter, only
-    #   metric alarms are returned, even if composite alarms exist in the
-    #   account.
+    #   metric alarms, composite alarms, or log alarms. If you omit this
+    #   parameter, only metric alarms are returned, even if composite alarms
+    #   or log alarms exist in the account.
     #
     #   For example, if you omit this parameter or specify `MetricAlarms`, the
     #   operation returns only a list of metric alarms. It does not return any
-    #   composite alarms, even if composite alarms exist in the account.
+    #   composite alarms or log alarms, even if they exist in the account.
     #
     #   If you specify `CompositeAlarms`, the operation returns only a list of
-    #   composite alarms, and does not return any metric alarms.
+    #   composite alarms, and does not return any metric alarms or log alarms.
+    #
+    #   If you specify `LogAlarms`, the operation returns only a list of log
+    #   alarms, and does not return any metric alarms or composite alarms.
     #
     # @option params [String] :children_of_alarm_name
     #   If you use this parameter and specify the name of a composite alarm,
@@ -1011,6 +1119,7 @@ module Aws::CloudWatch
     #
     #   * {Types::DescribeAlarmsOutput#composite_alarms #composite_alarms} => Array&lt;Types::CompositeAlarm&gt;
     #   * {Types::DescribeAlarmsOutput#metric_alarms #metric_alarms} => Array&lt;Types::MetricAlarm&gt;
+    #   * {Types::DescribeAlarmsOutput#log_alarms #log_alarms} => Array&lt;Types::LogAlarm&gt;
     #   * {Types::DescribeAlarmsOutput#next_token #next_token} => String
     #
     # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
@@ -1020,7 +1129,7 @@ module Aws::CloudWatch
     #   resp = client.describe_alarms({
     #     alarm_names: ["AlarmName"],
     #     alarm_name_prefix: "AlarmNamePrefix",
-    #     alarm_types: ["CompositeAlarm"], # accepts CompositeAlarm, MetricAlarm
+    #     alarm_types: ["CompositeAlarm"], # accepts CompositeAlarm, MetricAlarm, LogAlarm
     #     children_of_alarm_name: "AlarmName",
     #     parents_of_alarm_name: "AlarmName",
     #     state_value: "OK", # accepts OK, ALARM, INSUFFICIENT_DATA
@@ -1107,6 +1216,43 @@ module Aws::CloudWatch
     #   resp.metric_alarms[0].evaluation_criteria.prom_ql_criteria.pending_period #=> Integer
     #   resp.metric_alarms[0].evaluation_criteria.prom_ql_criteria.recovery_period #=> Integer
     #   resp.metric_alarms[0].evaluation_interval #=> Integer
+    #   resp.log_alarms #=> Array
+    #   resp.log_alarms[0].alarm_name #=> String
+    #   resp.log_alarms[0].alarm_arn #=> String
+    #   resp.log_alarms[0].alarm_description #=> String
+    #   resp.log_alarms[0].alarm_configuration_updated_timestamp #=> Time
+    #   resp.log_alarms[0].actions_enabled #=> Boolean
+    #   resp.log_alarms[0].ok_actions #=> Array
+    #   resp.log_alarms[0].ok_actions[0] #=> String
+    #   resp.log_alarms[0].alarm_actions #=> Array
+    #   resp.log_alarms[0].alarm_actions[0] #=> String
+    #   resp.log_alarms[0].insufficient_data_actions #=> Array
+    #   resp.log_alarms[0].insufficient_data_actions[0] #=> String
+    #   resp.log_alarms[0].state_value #=> String, one of "OK", "ALARM", "INSUFFICIENT_DATA"
+    #   resp.log_alarms[0].state_reason #=> String
+    #   resp.log_alarms[0].state_reason_data #=> String
+    #   resp.log_alarms[0].state_updated_timestamp #=> Time
+    #   resp.log_alarms[0].scheduled_query_configuration.query_string #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.log_group_identifiers #=> Array
+    #   resp.log_alarms[0].scheduled_query_configuration.log_group_identifiers[0] #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.query_arn #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.scheduled_query_role_arn #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.schedule_configuration.schedule_expression #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.schedule_configuration.start_time_offset #=> Integer
+    #   resp.log_alarms[0].scheduled_query_configuration.schedule_configuration.end_time_offset #=> Integer
+    #   resp.log_alarms[0].scheduled_query_configuration.aggregation_expression #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.tags #=> Array
+    #   resp.log_alarms[0].scheduled_query_configuration.tags[0].key #=> String
+    #   resp.log_alarms[0].scheduled_query_configuration.tags[0].value #=> String
+    #   resp.log_alarms[0].query_results_to_evaluate #=> Integer
+    #   resp.log_alarms[0].query_results_to_alarm #=> Integer
+    #   resp.log_alarms[0].threshold #=> Float
+    #   resp.log_alarms[0].comparison_operator #=> String, one of "GreaterThanOrEqualToThreshold", "GreaterThanThreshold", "LessThanThreshold", "LessThanOrEqualToThreshold", "LessThanLowerOrGreaterThanUpperThreshold", "LessThanLowerThreshold", "GreaterThanUpperThreshold"
+    #   resp.log_alarms[0].treat_missing_data #=> String
+    #   resp.log_alarms[0].state_transitioned_timestamp #=> Time
+    #   resp.log_alarms[0].evaluation_state #=> String, one of "PARTIAL_DATA", "EVALUATION_FAILURE", "EVALUATION_ERROR"
+    #   resp.log_alarms[0].action_log_line_count #=> Integer
+    #   resp.log_alarms[0].action_log_line_role_arn #=> String
     #   resp.next_token #=> String
     #
     #
@@ -1114,6 +1260,7 @@ module Aws::CloudWatch
     #
     #   * alarm_exists
     #   * composite_alarm_exists
+    #   * log_alarm_exists
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DescribeAlarms AWS API Documentation
     #
@@ -1467,6 +1614,63 @@ module Aws::CloudWatch
       req.send_request(options)
     end
 
+    # Removes the customer managed Amazon Web Services Key Management
+    # Service (Amazon Web Services KMS) key association from the specified
+    # dataset. After this operation completes, data that you publish to the
+    # dataset is encrypted at rest using an Amazon Web Services owned key
+    # managed by Amazon CloudWatch.
+    #
+    # Only the `default` dataset is supported. To call this operation, the
+    # dataset must currently have a customer managed KMS key associated with
+    # it. If the dataset has no associated KMS key, the operation fails with
+    # `ResourceNotFoundException`.
+    #
+    # Amazon CloudWatch performs a dry-run `kms:Decrypt` call on the key as
+    # part of this operation. This verifies that the caller is authorized to
+    # use the currently associated key. The caller must have `kms:Decrypt`
+    # permission on the currently associated key, and the key must be
+    # enabled and accessible. If the key has been disabled or scheduled for
+    # deletion, you must first re-enable or restore it before you can
+    # disassociate it from the dataset.
+    #
+    # Disassociating a KMS key from a dataset does not immediately remove
+    # the `kms:Decrypt` requirement on data plane operations. For up to
+    # three hours after disassociation, callers must continue to have
+    # `kms:Decrypt` permission on the previously associated key. Some data
+    # may still be encrypted with that key during this window. After this
+    # enforcement window elapses, the `kms:Decrypt` requirement is lifted.
+    #
+    # For more information about using customer managed keys with Amazon
+    # CloudWatch, see [Encryption at rest with customer managed keys][1] in
+    # the *Amazon CloudWatch User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cmk-encryption.html
+    #
+    # @option params [required, String] :dataset_identifier
+    #   Specifies the identifier of the dataset from which to remove the KMS
+    #   key association. For the `default` dataset, you can specify either
+    #   `default` or the full dataset Amazon Resource Name (ARN) in the format
+    #   `arn:aws:cloudwatch:Region:account-id:dataset/default`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_dataset_kms_key({
+    #     dataset_identifier: "DatasetIdentifier", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/DisassociateDatasetKmsKey AWS API Documentation
+    #
+    # @overload disassociate_dataset_kms_key(params = {})
+    # @param [Hash] params ({})
+    def disassociate_dataset_kms_key(params = {}, options = {})
+      req = build_request(:disassociate_dataset_kms_key, params)
+      req.send_request(options)
+    end
+
     # Enables the actions for the specified alarms.
     #
     # @option params [required, Array<String>] :alarm_names
@@ -1636,6 +1840,60 @@ module Aws::CloudWatch
       req.send_request(options)
     end
 
+    # Returns information about the specified dataset. This includes its
+    # identifier, Amazon Resource Name (ARN), and any customer managed
+    # Amazon Web Services Key Management Service (Amazon Web Services KMS)
+    # key that is currently associated with it.
+    #
+    # Only the `default` dataset is supported. The `default` dataset is
+    # implicit for every account in every Region — you can call `GetDataset`
+    # for it without first creating it. If no customer managed KMS key has
+    # been associated with the dataset, the response omits the `KmsKeyArn`
+    # field, indicating that data is encrypted at rest using an Amazon Web
+    # Services owned key managed by Amazon CloudWatch.
+    #
+    # To associate a customer managed KMS key with a dataset, use
+    # [AssociateDatasetKmsKey][1]. To remove the association, use
+    # [DisassociateDatasetKmsKey][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_AssociateDatasetKmsKey.html
+    # [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DisassociateDatasetKmsKey.html
+    #
+    # @option params [required, String] :dataset_identifier
+    #   Specifies the identifier of the dataset to retrieve. For the `default`
+    #   dataset, you can specify either `default` or the full dataset Amazon
+    #   Resource Name (ARN) in the format
+    #   `arn:aws:cloudwatch:Region:account-id:dataset/default`.
+    #
+    # @return [Types::GetDatasetOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetDatasetOutput#dataset_id #dataset_id} => String
+    #   * {Types::GetDatasetOutput#arn #arn} => String
+    #   * {Types::GetDatasetOutput#kms_key_arn #kms_key_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_dataset({
+    #     dataset_identifier: "DatasetIdentifier", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.dataset_id #=> String
+    #   resp.arn #=> String
+    #   resp.kms_key_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/GetDataset AWS API Documentation
+    #
+    # @overload get_dataset(params = {})
+    # @param [Hash] params ({})
+    def get_dataset(params = {}, options = {})
+      req = build_request(:get_dataset, params)
+      req.send_request(options)
+    end
+
     # This operation returns the time series data collected by a Contributor
     # Insights rule. The data includes the identity and number of
     # contributors to the log group.
@@ -2312,7 +2570,7 @@ module Aws::CloudWatch
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Metric-Widget-Structure.html
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Metric-Widget-Structure.html
     #
     # @option params [String] :output_format
     #   The format of the resulting image. Only PNG images are supported.
@@ -3358,7 +3616,7 @@ module Aws::CloudWatch
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structure.html
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Dashboard-Body-Structure.html
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of key-value pairs to associate with the dashboard. You can
@@ -3505,6 +3763,222 @@ module Aws::CloudWatch
       req.send_request(options)
     end
 
+    # Creates or updates a log alarm. A log alarm evaluates the results of a
+    # CloudWatch Logs scheduled query against the configured threshold and
+    # comparison operator to determine its state.
+    #
+    # When you create a log alarm, the operation creates a service-managed
+    # CloudWatch Logs scheduled query that runs the query string you provide
+    # on the schedule you configure. Each scheduled query execution returns
+    # one or more aggregated values determined by the
+    # `AggregationExpression`, and each aggregated value is compared against
+    # the alarm `Threshold` to determine the alarm state. The alarm uses
+    # M-out-of-N evaluation: if `QueryResultsToAlarm` out of the most recent
+    # `QueryResultsToEvaluate` query results breach the threshold, the alarm
+    # transitions to `ALARM`.
+    #
+    # Log alarms support the alarm states (`OK`, `ALARM`,
+    # `INSUFFICIENT_DATA`). Configure transition actions using `OKActions`,
+    # `AlarmActions`, and `InsufficientDataActions`.
+    #
+    # If you call this operation with the name of an existing log alarm, the
+    # operation replaces the previous configuration of that alarm.
+    #
+    # **Permissions**
+    #
+    # To create or update a log alarm, you must have the
+    # `cloudwatch:PutLogAlarm` permission. The IAM role specified in
+    # `ScheduledQueryRoleARN` must grant the CloudWatch Alarms service
+    # permission to execute scheduled queries on the specified log groups.
+    # If you set `ActionLogLineCount`, the role specified in
+    # `ActionLogLineRoleArn` must grant permission to retrieve log events
+    # for inclusion in alarm notifications.
+    #
+    # @option params [required, String] :alarm_name
+    #   The name for the alarm. This name must be unique within the Amazon Web
+    #   Services account and Region.
+    #
+    # @option params [String] :alarm_description
+    #   The description for the alarm.
+    #
+    # @option params [required, Types::ScheduledQueryConfiguration] :scheduled_query_configuration
+    #   The configuration of the underlying CloudWatch Logs scheduled query
+    #   that this alarm evaluates, including the query string, log groups,
+    #   schedule, and aggregation expression.
+    #
+    # @option params [Integer] :action_log_line_count
+    #   The number of log lines from the most recent scheduled query execution
+    #   to include in alarm action notifications. Valid range is 0 through 50.
+    #   The default is 0, which means no log lines are included.
+    #
+    # @option params [String] :action_log_line_role_arn
+    #   The Amazon Resource Name (ARN) of an IAM role that CloudWatch assumes
+    #   to retrieve log events for inclusion in alarm action notifications.
+    #   Required when `ActionLogLineCount` is greater than 0.
+    #
+    # @option params [Boolean] :actions_enabled
+    #   Indicates whether actions should be executed during any changes to the
+    #   alarm state. The default is `true`.
+    #
+    # @option params [Array<String>] :ok_actions
+    #   The actions to execute when this alarm transitions to the `OK` state
+    #   from any other state. Each action is specified as an Amazon Resource
+    #   Name (ARN).
+    #
+    #   Valid Values:
+    #
+    #   **Amazon SNS actions:**
+    #
+    #   `arn:aws:sns:region:account-id:sns-topic-name `
+    #
+    #   **Lambda actions:**
+    #
+    #   * Invoke the latest version of a Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name `
+    #
+    #   * Invoke a specific version of a Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name:version-number
+    #     `
+    #
+    #   * Invoke a function by using an alias Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name:alias-name
+    #     `
+    #
+    # @option params [Array<String>] :alarm_actions
+    #   The actions to execute when this alarm transitions to the `ALARM`
+    #   state from any other state. Each action is specified as an Amazon
+    #   Resource Name (ARN).
+    #
+    #   Valid Values:
+    #
+    #   **Amazon SNS actions:**
+    #
+    #   `arn:aws:sns:region:account-id:sns-topic-name `
+    #
+    #   **Lambda actions:**
+    #
+    #   * Invoke the latest version of a Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name `
+    #
+    #   * Invoke a specific version of a Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name:version-number
+    #     `
+    #
+    #   * Invoke a function by using an alias Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name:alias-name
+    #     `
+    #
+    #   **Systems Manager actions:**
+    #
+    #   `arn:aws:ssm:region:account-id:opsitem:severity `
+    #
+    # @option params [Array<String>] :insufficient_data_actions
+    #   The actions to execute when this alarm transitions to the
+    #   `INSUFFICIENT_DATA` state from any other state. Each action is
+    #   specified as an Amazon Resource Name (ARN).
+    #
+    #   Valid Values:
+    #
+    #   **Amazon SNS actions:**
+    #
+    #   `arn:aws:sns:region:account-id:sns-topic-name `
+    #
+    #   **Lambda actions:**
+    #
+    #   * Invoke the latest version of a Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name `
+    #
+    #   * Invoke a specific version of a Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name:version-number
+    #     `
+    #
+    #   * Invoke a function by using an alias Lambda function:
+    #     `arn:aws:lambda:region:account-id:function:function-name:alias-name
+    #     `
+    #
+    # @option params [required, Integer] :query_results_to_evaluate
+    #   The number of most recent scheduled query results to evaluate against
+    #   the threshold (the N in M-of-N evaluation). Valid range is 1 through
+    #   100.
+    #
+    # @option params [required, Integer] :query_results_to_alarm
+    #   The number of query results, out of the most recent
+    #   `QueryResultsToEvaluate` results, that must breach the threshold to
+    #   trigger the alarm to transition to `ALARM` (the M in M-of-N
+    #   evaluation). Must be less than or equal to `QueryResultsToEvaluate`.
+    #
+    # @option params [required, Float] :threshold
+    #   The value to compare with the aggregated query result.
+    #
+    # @option params [required, String] :comparison_operator
+    #   The arithmetic operation to use when comparing the aggregated query
+    #   result and the threshold. The aggregated query result is used as the
+    #   first operand. Valid values are `GreaterThanThreshold`,
+    #   `GreaterThanOrEqualToThreshold`, `LessThanThreshold`, and
+    #   `LessThanOrEqualToThreshold`.
+    #
+    # @option params [String] :treat_missing_data
+    #   Sets how this alarm is to handle missing data points. Valid values are
+    #   `breaching`, `notBreaching`, `ignore`, and `missing`. If this
+    #   parameter is omitted, the default behavior of `missing` is used.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of key-value pairs to associate with the alarm. You can use
+    #   tags to categorize and manage your alarms.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_log_alarm({
+    #     alarm_name: "AlarmName", # required
+    #     alarm_description: "AlarmDescription",
+    #     scheduled_query_configuration: { # required
+    #       query_string: "QueryString", # required
+    #       log_group_identifiers: ["AmazonResourceName"],
+    #       query_arn: "AmazonResourceName",
+    #       scheduled_query_role_arn: "AmazonResourceName", # required
+    #       schedule_configuration: { # required
+    #         schedule_expression: "ScheduleExpression", # required
+    #         start_time_offset: 1,
+    #         end_time_offset: 1,
+    #       },
+    #       aggregation_expression: "AggregationExpression", # required
+    #       tags: [
+    #         {
+    #           key: "TagKey", # required
+    #           value: "TagValue", # required
+    #         },
+    #       ],
+    #     },
+    #     action_log_line_count: 1,
+    #     action_log_line_role_arn: "ActionLogLineRoleArn",
+    #     actions_enabled: false,
+    #     ok_actions: ["ResourceName"],
+    #     alarm_actions: ["ResourceName"],
+    #     insufficient_data_actions: ["ResourceName"],
+    #     query_results_to_evaluate: 1, # required
+    #     query_results_to_alarm: 1, # required
+    #     threshold: 1.0, # required
+    #     comparison_operator: "GreaterThanOrEqualToThreshold", # required, accepts GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold, LessThanLowerOrGreaterThanUpperThreshold, LessThanLowerThreshold, GreaterThanUpperThreshold
+    #     treat_missing_data: "TreatMissingData",
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/monitoring-2010-08-01/PutLogAlarm AWS API Documentation
+    #
+    # @overload put_log_alarm(params = {})
+    # @param [Hash] params ({})
+    def put_log_alarm(params = {}, options = {})
+      req = build_request(:put_log_alarm, params)
+      req.send_request(options)
+    end
+
     # Creates a managed Contributor Insights rule for a specified Amazon Web
     # Services resource. When you enable a managed rule, you create a
     # Contributor Insights rule that collects data from Amazon Web Services
@@ -4846,7 +5320,7 @@ module Aws::CloudWatch
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-cloudwatch'
-      context[:gem_version] = '1.139.0'
+      context[:gem_version] = '1.141.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 
@@ -4917,6 +5391,7 @@ module Aws::CloudWatch
     # | alarm_exists           | {Client#describe_alarms}     | 5        | 40            |
     # | alarm_mute_rule_exists | {Client#get_alarm_mute_rule} | 5        | 40            |
     # | composite_alarm_exists | {Client#describe_alarms}     | 5        | 40            |
+    # | log_alarm_exists       | {Client#describe_alarms}     | 5        | 40            |
     #
     # @raise [Errors::FailureStateError] Raised when the waiter terminates
     #   because the waiter has entered a state that it will not transition
@@ -4969,7 +5444,8 @@ module Aws::CloudWatch
       {
         alarm_exists: Waiters::AlarmExists,
         alarm_mute_rule_exists: Waiters::AlarmMuteRuleExists,
-        composite_alarm_exists: Waiters::CompositeAlarmExists
+        composite_alarm_exists: Waiters::CompositeAlarmExists,
+        log_alarm_exists: Waiters::LogAlarmExists
       }
     end