aws-sdk-cloudwatchlogs 1.117.0 → 1.118.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudwatchlogs/client.rb +32 -13
- data/lib/aws-sdk-cloudwatchlogs/client_api.rb +9 -0
- data/lib/aws-sdk-cloudwatchlogs/types.rb +46 -1
- data/lib/aws-sdk-cloudwatchlogs.rb +1 -1
- data/sig/client.rbs +10 -0
- data/sig/types.rbs +8 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 23dc8be85a62f92df26846e57ce1fcb2fad5ecf49af8d4f04d5fdb90e738f0f4
|
|
4
|
+
data.tar.gz: ce4159d3bcb415937333a408651ff2b86e23569787c8a3f28411ff90c63d0dd1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f6dedafa8bcdc23044187dba186e5c3ac7ecf2c67f2b0f1a95af67cfd68f288031889d873a3c177aeb8fee020b5d55859bfe27f8df137f961140c25a56c335f2
|
|
7
|
+
data.tar.gz: 329b7298a7ccd7a0cccc850b2664ccd5ff87f87a4238f5b5486e4f913bd56779534dc89d3cb32369404647fe01c207e00136b9cda7d19a986faaf30d7044e017
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.118.0 (2025-06-18)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Added CloudWatch Logs Transformer support for converting CloudTrail, VPC Flow, EKS Audit, AWS WAF and Route53 Resolver logs to OCSF v1.1 format.
|
|
8
|
+
|
|
4
9
|
1.117.0 (2025-06-02)
|
|
5
10
|
------------------
|
|
6
11
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.118.0
|
|
@@ -3808,6 +3808,9 @@ module Aws::CloudWatchLogs
|
|
|
3808
3808
|
# resp.transformer_config[0].parse_key_value.non_match_value #=> String
|
|
3809
3809
|
# resp.transformer_config[0].parse_key_value.overwrite_if_exists #=> Boolean
|
|
3810
3810
|
# resp.transformer_config[0].parse_route_53.source #=> String
|
|
3811
|
+
# resp.transformer_config[0].parse_to_ocsf.source #=> String
|
|
3812
|
+
# resp.transformer_config[0].parse_to_ocsf.event_source #=> String, one of "CloudTrail", "Route53Resolver", "VPCFlow", "EKSAudit", "AWSWAF"
|
|
3813
|
+
# resp.transformer_config[0].parse_to_ocsf.ocsf_version #=> String, one of "V1.1"
|
|
3811
3814
|
# resp.transformer_config[0].parse_postgres.source #=> String
|
|
3812
3815
|
# resp.transformer_config[0].parse_vpc.source #=> String
|
|
3813
3816
|
# resp.transformer_config[0].parse_waf.source #=> String
|
|
@@ -4983,11 +4986,14 @@ module Aws::CloudWatchLogs
|
|
|
4983
4986
|
# `AD_DECISION_SERVER_LOGS`, `MANIFEST_SERVICE_LOGS`, and
|
|
4984
4987
|
# `TRANSCODE_LOGS`.
|
|
4985
4988
|
#
|
|
4989
|
+
# * For Entity Resolution, the valid value is `WORKFLOW_LOGS`.
|
|
4990
|
+
#
|
|
4986
4991
|
# * For IAM Identity Center, the valid value is `ERROR_LOGS`.
|
|
4987
4992
|
#
|
|
4988
4993
|
# * For Amazon Q, the valid value is `EVENT_LOGS`.
|
|
4989
4994
|
#
|
|
4990
|
-
# * For Amazon SES mail manager, the valid
|
|
4995
|
+
# * For Amazon SES mail manager, the valid values are `APPLICATION_LOG`
|
|
4996
|
+
# and `TRAFFIC_POLICY_DEBUG_LOGS`.
|
|
4991
4997
|
#
|
|
4992
4998
|
# * For Amazon WorkMail, the valid values are `ACCESS_CONTROL_LOGS`,
|
|
4993
4999
|
# `AUTHENTICATION_LOGS`, `WORKMAIL_AVAILABILITY_PROVIDER_LOGS`,
|
|
@@ -5345,12 +5351,11 @@ module Aws::CloudWatchLogs
|
|
|
5345
5351
|
# as the sum of all event messages in UTF-8, plus 26 bytes for each
|
|
5346
5352
|
# log event.
|
|
5347
5353
|
#
|
|
5348
|
-
# *
|
|
5349
|
-
#
|
|
5354
|
+
# * Events more than 2 hours in the future are rejected while processing
|
|
5355
|
+
# remaining valid events.
|
|
5350
5356
|
#
|
|
5351
|
-
# *
|
|
5352
|
-
#
|
|
5353
|
-
# retention period of the log group.
|
|
5357
|
+
# * Events older than 14 days or preceding the log group's retention
|
|
5358
|
+
# period are rejected while processing remaining valid events.
|
|
5354
5359
|
#
|
|
5355
5360
|
# * The log events in the batch must be in chronological order by their
|
|
5356
5361
|
# timestamp. The timestamp is the time that the event occurred,
|
|
@@ -5359,17 +5364,21 @@ module Aws::CloudWatchLogs
|
|
|
5359
5364
|
# Web Services SDK for .NET, the timestamp is specified in .NET
|
|
5360
5365
|
# format: `yyyy-mm-ddThh:mm:ss`. For example, `2017-09-15T13:45:30`.)
|
|
5361
5366
|
#
|
|
5362
|
-
# * A batch of log events in a single request
|
|
5363
|
-
#
|
|
5367
|
+
# * A batch of log events in a single request must be in a chronological
|
|
5368
|
+
# order. Otherwise, the operation fails.
|
|
5364
5369
|
#
|
|
5365
5370
|
# * Each log event can be no larger than 1 MB.
|
|
5366
5371
|
#
|
|
5367
5372
|
# * The maximum number of log events in a batch is 10,000.
|
|
5368
5373
|
#
|
|
5369
|
-
# *
|
|
5370
|
-
#
|
|
5371
|
-
#
|
|
5372
|
-
#
|
|
5374
|
+
# * For valid events (within 14 days in the past to 2 hours in future),
|
|
5375
|
+
# the time span in a single batch cannot exceed 24 hours. Otherwise,
|
|
5376
|
+
# the operation fails.
|
|
5377
|
+
#
|
|
5378
|
+
# The quota of five requests per second per log stream has been removed.
|
|
5379
|
+
# Instead, `PutLogEvents` actions are throttled based on a per-second
|
|
5380
|
+
# per-account quota. You can request an increase to the per-second
|
|
5381
|
+
# throttling quota by using the Service Quotas service.
|
|
5373
5382
|
#
|
|
5374
5383
|
# If a call to `PutLogEvents` returns "UnrecognizedClientException"
|
|
5375
5384
|
# the most likely cause is a non-valid Amazon Web Services access key ID
|
|
@@ -6050,6 +6059,11 @@ module Aws::CloudWatchLogs
|
|
|
6050
6059
|
# parse_route_53: {
|
|
6051
6060
|
# source: "Source",
|
|
6052
6061
|
# },
|
|
6062
|
+
# parse_to_ocsf: {
|
|
6063
|
+
# source: "Source",
|
|
6064
|
+
# event_source: "CloudTrail", # required, accepts CloudTrail, Route53Resolver, VPCFlow, EKSAudit, AWSWAF
|
|
6065
|
+
# ocsf_version: "V1.1", # required, accepts V1.1
|
|
6066
|
+
# },
|
|
6053
6067
|
# parse_postgres: {
|
|
6054
6068
|
# source: "Source",
|
|
6055
6069
|
# },
|
|
@@ -6850,6 +6864,11 @@ module Aws::CloudWatchLogs
|
|
|
6850
6864
|
# parse_route_53: {
|
|
6851
6865
|
# source: "Source",
|
|
6852
6866
|
# },
|
|
6867
|
+
# parse_to_ocsf: {
|
|
6868
|
+
# source: "Source",
|
|
6869
|
+
# event_source: "CloudTrail", # required, accepts CloudTrail, Route53Resolver, VPCFlow, EKSAudit, AWSWAF
|
|
6870
|
+
# ocsf_version: "V1.1", # required, accepts V1.1
|
|
6871
|
+
# },
|
|
6853
6872
|
# parse_postgres: {
|
|
6854
6873
|
# source: "Source",
|
|
6855
6874
|
# },
|
|
@@ -7198,7 +7217,7 @@ module Aws::CloudWatchLogs
|
|
|
7198
7217
|
tracer: tracer
|
|
7199
7218
|
)
|
|
7200
7219
|
context[:gem_name] = 'aws-sdk-cloudwatchlogs'
|
|
7201
|
-
context[:gem_version] = '1.
|
|
7220
|
+
context[:gem_version] = '1.118.0'
|
|
7202
7221
|
Seahorse::Client::Request.new(handlers, context)
|
|
7203
7222
|
end
|
|
7204
7223
|
|
|
@@ -176,6 +176,7 @@ module Aws::CloudWatchLogs
|
|
|
176
176
|
EventId = Shapes::StringShape.new(name: 'EventId')
|
|
177
177
|
EventMessage = Shapes::StringShape.new(name: 'EventMessage')
|
|
178
178
|
EventNumber = Shapes::IntegerShape.new(name: 'EventNumber')
|
|
179
|
+
EventSource = Shapes::StringShape.new(name: 'EventSource')
|
|
179
180
|
EventsLimit = Shapes::IntegerShape.new(name: 'EventsLimit')
|
|
180
181
|
ExportDestinationBucket = Shapes::StringShape.new(name: 'ExportDestinationBucket')
|
|
181
182
|
ExportDestinationPrefix = Shapes::StringShape.new(name: 'ExportDestinationPrefix')
|
|
@@ -333,6 +334,7 @@ module Aws::CloudWatchLogs
|
|
|
333
334
|
MoveKeys = Shapes::StructureShape.new(name: 'MoveKeys')
|
|
334
335
|
NextToken = Shapes::StringShape.new(name: 'NextToken')
|
|
335
336
|
NonMatchValue = Shapes::StringShape.new(name: 'NonMatchValue')
|
|
337
|
+
OCSFVersion = Shapes::StringShape.new(name: 'OCSFVersion')
|
|
336
338
|
OpenSearchApplication = Shapes::StructureShape.new(name: 'OpenSearchApplication')
|
|
337
339
|
OpenSearchApplicationEndpoint = Shapes::StringShape.new(name: 'OpenSearchApplicationEndpoint')
|
|
338
340
|
OpenSearchApplicationId = Shapes::StringShape.new(name: 'OpenSearchApplicationId')
|
|
@@ -363,6 +365,7 @@ module Aws::CloudWatchLogs
|
|
|
363
365
|
ParseKeyValue = Shapes::StructureShape.new(name: 'ParseKeyValue')
|
|
364
366
|
ParsePostgres = Shapes::StructureShape.new(name: 'ParsePostgres')
|
|
365
367
|
ParseRoute53 = Shapes::StructureShape.new(name: 'ParseRoute53')
|
|
368
|
+
ParseToOCSF = Shapes::StructureShape.new(name: 'ParseToOCSF')
|
|
366
369
|
ParseVPC = Shapes::StructureShape.new(name: 'ParseVPC')
|
|
367
370
|
ParseWAF = Shapes::StructureShape.new(name: 'ParseWAF')
|
|
368
371
|
ParserFieldDelimiter = Shapes::StringShape.new(name: 'ParserFieldDelimiter')
|
|
@@ -1507,6 +1510,11 @@ module Aws::CloudWatchLogs
|
|
|
1507
1510
|
ParseRoute53.add_member(:source, Shapes::ShapeRef.new(shape: Source, location_name: "source"))
|
|
1508
1511
|
ParseRoute53.struct_class = Types::ParseRoute53
|
|
1509
1512
|
|
|
1513
|
+
ParseToOCSF.add_member(:source, Shapes::ShapeRef.new(shape: Source, location_name: "source"))
|
|
1514
|
+
ParseToOCSF.add_member(:event_source, Shapes::ShapeRef.new(shape: EventSource, required: true, location_name: "eventSource"))
|
|
1515
|
+
ParseToOCSF.add_member(:ocsf_version, Shapes::ShapeRef.new(shape: OCSFVersion, required: true, location_name: "ocsfVersion"))
|
|
1516
|
+
ParseToOCSF.struct_class = Types::ParseToOCSF
|
|
1517
|
+
|
|
1510
1518
|
ParseVPC.add_member(:source, Shapes::ShapeRef.new(shape: Source, location_name: "source"))
|
|
1511
1519
|
ParseVPC.struct_class = Types::ParseVPC
|
|
1512
1520
|
|
|
@@ -1538,6 +1546,7 @@ module Aws::CloudWatchLogs
|
|
|
1538
1546
|
Processor.add_member(:parse_json, Shapes::ShapeRef.new(shape: ParseJSON, location_name: "parseJSON"))
|
|
1539
1547
|
Processor.add_member(:parse_key_value, Shapes::ShapeRef.new(shape: ParseKeyValue, location_name: "parseKeyValue"))
|
|
1540
1548
|
Processor.add_member(:parse_route_53, Shapes::ShapeRef.new(shape: ParseRoute53, location_name: "parseRoute53"))
|
|
1549
|
+
Processor.add_member(:parse_to_ocsf, Shapes::ShapeRef.new(shape: ParseToOCSF, location_name: "parseToOCSF"))
|
|
1541
1550
|
Processor.add_member(:parse_postgres, Shapes::ShapeRef.new(shape: ParsePostgres, location_name: "parsePostgres"))
|
|
1542
1551
|
Processor.add_member(:parse_vpc, Shapes::ShapeRef.new(shape: ParseVPC, location_name: "parseVPC"))
|
|
1543
1552
|
Processor.add_member(:parse_waf, Shapes::ShapeRef.new(shape: ParseWAF, location_name: "parseWAF"))
|
|
@@ -5419,6 +5419,42 @@ module Aws::CloudWatchLogs
|
|
|
5419
5419
|
include Aws::Structure
|
|
5420
5420
|
end
|
|
5421
5421
|
|
|
5422
|
+
# This processor converts logs into [Open Cybersecurity Schema Framework
|
|
5423
|
+
# (OCSF)][1] events.
|
|
5424
|
+
#
|
|
5425
|
+
# For more information about this processor including examples, see [
|
|
5426
|
+
# parseToOSCF][2] in the *CloudWatch Logs User Guide*.
|
|
5427
|
+
#
|
|
5428
|
+
#
|
|
5429
|
+
#
|
|
5430
|
+
# [1]: https://ocsf.io
|
|
5431
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseToOCSF
|
|
5432
|
+
#
|
|
5433
|
+
# @!attribute [rw] source
|
|
5434
|
+
# The path to the field in the log event that you want to parse. If
|
|
5435
|
+
# you omit this value, the whole log message is parsed.
|
|
5436
|
+
# @return [String]
|
|
5437
|
+
#
|
|
5438
|
+
# @!attribute [rw] event_source
|
|
5439
|
+
# Specify the service or process that produces the log events that
|
|
5440
|
+
# will be converted with this processor.
|
|
5441
|
+
# @return [String]
|
|
5442
|
+
#
|
|
5443
|
+
# @!attribute [rw] ocsf_version
|
|
5444
|
+
# Specify which version of the OCSF schema to use for the transformed
|
|
5445
|
+
# log events.
|
|
5446
|
+
# @return [String]
|
|
5447
|
+
#
|
|
5448
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseToOCSF AWS API Documentation
|
|
5449
|
+
#
|
|
5450
|
+
class ParseToOCSF < Struct.new(
|
|
5451
|
+
:source,
|
|
5452
|
+
:event_source,
|
|
5453
|
+
:ocsf_version)
|
|
5454
|
+
SENSITIVE = []
|
|
5455
|
+
include Aws::Structure
|
|
5456
|
+
end
|
|
5457
|
+
|
|
5422
5458
|
# Use this processor to parse Amazon VPC vended logs, extract fields,
|
|
5423
5459
|
# and and convert them into a JSON format. This processor always
|
|
5424
5460
|
# processes the entire log event message.
|
|
@@ -5678,6 +5714,11 @@ module Aws::CloudWatchLogs
|
|
|
5678
5714
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseRoute53
|
|
5679
5715
|
# @return [Types::ParseRoute53]
|
|
5680
5716
|
#
|
|
5717
|
+
# @!attribute [rw] parse_to_ocsf
|
|
5718
|
+
# Use this processor to convert logs into Open Cybersecurity Schema
|
|
5719
|
+
# Framework (OCSF) format
|
|
5720
|
+
# @return [Types::ParseToOCSF]
|
|
5721
|
+
#
|
|
5681
5722
|
# @!attribute [rw] parse_postgres
|
|
5682
5723
|
# Use this parameter to include the [ parsePostGres][1] processor in
|
|
5683
5724
|
# your transformer.
|
|
@@ -5784,6 +5825,7 @@ module Aws::CloudWatchLogs
|
|
|
5784
5825
|
:parse_json,
|
|
5785
5826
|
:parse_key_value,
|
|
5786
5827
|
:parse_route_53,
|
|
5828
|
+
:parse_to_ocsf,
|
|
5787
5829
|
:parse_postgres,
|
|
5788
5830
|
:parse_vpc,
|
|
5789
5831
|
:parse_waf,
|
|
@@ -6154,11 +6196,14 @@ module Aws::CloudWatchLogs
|
|
|
6154
6196
|
# `AD_DECISION_SERVER_LOGS`, `MANIFEST_SERVICE_LOGS`, and
|
|
6155
6197
|
# `TRANSCODE_LOGS`.
|
|
6156
6198
|
#
|
|
6199
|
+
# * For Entity Resolution, the valid value is `WORKFLOW_LOGS`.
|
|
6200
|
+
#
|
|
6157
6201
|
# * For IAM Identity Center, the valid value is `ERROR_LOGS`.
|
|
6158
6202
|
#
|
|
6159
6203
|
# * For Amazon Q, the valid value is `EVENT_LOGS`.
|
|
6160
6204
|
#
|
|
6161
|
-
# * For Amazon SES mail manager, the valid
|
|
6205
|
+
# * For Amazon SES mail manager, the valid values are
|
|
6206
|
+
# `APPLICATION_LOG` and `TRAFFIC_POLICY_DEBUG_LOGS`.
|
|
6162
6207
|
#
|
|
6163
6208
|
# * For Amazon WorkMail, the valid values are `ACCESS_CONTROL_LOGS`,
|
|
6164
6209
|
# `AUTHENTICATION_LOGS`, `WORKMAIL_AVAILABILITY_PROVIDER_LOGS`,
|
data/sig/client.rbs
CHANGED
|
@@ -1068,6 +1068,11 @@ module Aws
|
|
|
1068
1068
|
parse_route_53: {
|
|
1069
1069
|
source: ::String?
|
|
1070
1070
|
}?,
|
|
1071
|
+
parse_to_ocsf: {
|
|
1072
|
+
source: ::String?,
|
|
1073
|
+
event_source: ("CloudTrail" | "Route53Resolver" | "VPCFlow" | "EKSAudit" | "AWSWAF"),
|
|
1074
|
+
ocsf_version: ("V1.1")
|
|
1075
|
+
}?,
|
|
1071
1076
|
parse_postgres: {
|
|
1072
1077
|
source: ::String?
|
|
1073
1078
|
}?,
|
|
@@ -1274,6 +1279,11 @@ module Aws
|
|
|
1274
1279
|
parse_route_53: {
|
|
1275
1280
|
source: ::String?
|
|
1276
1281
|
}?,
|
|
1282
|
+
parse_to_ocsf: {
|
|
1283
|
+
source: ::String?,
|
|
1284
|
+
event_source: ("CloudTrail" | "Route53Resolver" | "VPCFlow" | "EKSAudit" | "AWSWAF"),
|
|
1285
|
+
ocsf_version: ("V1.1")
|
|
1286
|
+
}?,
|
|
1277
1287
|
parse_postgres: {
|
|
1278
1288
|
source: ::String?
|
|
1279
1289
|
}?,
|
data/sig/types.rbs
CHANGED
|
@@ -1214,6 +1214,13 @@ module Aws::CloudWatchLogs
|
|
|
1214
1214
|
SENSITIVE: []
|
|
1215
1215
|
end
|
|
1216
1216
|
|
|
1217
|
+
class ParseToOCSF
|
|
1218
|
+
attr_accessor source: ::String
|
|
1219
|
+
attr_accessor event_source: ("CloudTrail" | "Route53Resolver" | "VPCFlow" | "EKSAudit" | "AWSWAF")
|
|
1220
|
+
attr_accessor ocsf_version: ("V1.1")
|
|
1221
|
+
SENSITIVE: []
|
|
1222
|
+
end
|
|
1223
|
+
|
|
1217
1224
|
class ParseVPC
|
|
1218
1225
|
attr_accessor source: ::String
|
|
1219
1226
|
SENSITIVE: []
|
|
@@ -1252,6 +1259,7 @@ module Aws::CloudWatchLogs
|
|
|
1252
1259
|
attr_accessor parse_json: Types::ParseJSON
|
|
1253
1260
|
attr_accessor parse_key_value: Types::ParseKeyValue
|
|
1254
1261
|
attr_accessor parse_route_53: Types::ParseRoute53
|
|
1262
|
+
attr_accessor parse_to_ocsf: Types::ParseToOCSF
|
|
1255
1263
|
attr_accessor parse_postgres: Types::ParsePostgres
|
|
1256
1264
|
attr_accessor parse_vpc: Types::ParseVPC
|
|
1257
1265
|
attr_accessor parse_waf: Types::ParseWAF
|