aws-sdk-cloudwatchlogs 1.56.0 → 1.57.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudwatchlogs/client.rb +489 -137
- data/lib/aws-sdk-cloudwatchlogs/client_api.rb +87 -0
- data/lib/aws-sdk-cloudwatchlogs/endpoint_parameters.rb +3 -0
- data/lib/aws-sdk-cloudwatchlogs/endpoint_provider.rb +84 -85
- data/lib/aws-sdk-cloudwatchlogs/endpoints.rb +42 -0
- data/lib/aws-sdk-cloudwatchlogs/plugins/endpoints.rb +6 -0
- data/lib/aws-sdk-cloudwatchlogs/types.rb +423 -101
- data/lib/aws-sdk-cloudwatchlogs.rb +1 -1
- metadata +2 -2
@@ -378,24 +378,24 @@ module Aws::CloudWatchLogs
|
|
378
378
|
|
379
379
|
# @!group API Operations
|
380
380
|
|
381
|
-
# Associates the specified
|
382
|
-
# (CMK) with the specified log group.
|
381
|
+
# Associates the specified KMS key with the specified log group.
|
383
382
|
#
|
384
|
-
# Associating
|
385
|
-
# associations between the log group and a
|
383
|
+
# Associating a KMS key with a log group overrides any existing
|
384
|
+
# associations between the log group and a KMS key. After a KMS key is
|
386
385
|
# associated with a log group, all newly ingested data for the log group
|
387
|
-
# is encrypted using the
|
388
|
-
# data encrypted with the
|
389
|
-
# enables CloudWatch Logs to decrypt this data whenever it is
|
386
|
+
# is encrypted using the KMS key. This association is stored as long as
|
387
|
+
# the data encrypted with the KMS keyis still within CloudWatch Logs.
|
388
|
+
# This enables CloudWatch Logs to decrypt this data whenever it is
|
389
|
+
# requested.
|
390
390
|
#
|
391
|
-
# CloudWatch Logs supports only symmetric
|
392
|
-
# an asymmetric
|
393
|
-
# [Using Symmetric and Asymmetric Keys][1].
|
391
|
+
# CloudWatch Logs supports only symmetric KMS keys. Do not use an
|
392
|
+
# associate an asymmetric KMS key with your log group. For more
|
393
|
+
# information, see [Using Symmetric and Asymmetric Keys][1].
|
394
394
|
#
|
395
395
|
# It can take up to 5 minutes for this operation to take effect.
|
396
396
|
#
|
397
|
-
# If you attempt to associate a
|
398
|
-
# not exist or the
|
397
|
+
# If you attempt to associate a KMS key with a log group but the KMS key
|
398
|
+
# does not exist or the KMS key is disabled, you receive an
|
399
399
|
# `InvalidParameterException` error.
|
400
400
|
#
|
401
401
|
#
|
@@ -406,10 +406,10 @@ module Aws::CloudWatchLogs
|
|
406
406
|
# The name of the log group.
|
407
407
|
#
|
408
408
|
# @option params [required, String] :kms_key_id
|
409
|
-
# The Amazon Resource Name (ARN) of the
|
410
|
-
# data. This must be a symmetric
|
411
|
-
# Resource Names
|
412
|
-
#
|
409
|
+
# The Amazon Resource Name (ARN) of the KMS key to use when encrypting
|
410
|
+
# log data. This must be a symmetric KMS key. For more information, see
|
411
|
+
# [Amazon Resource Names][1] and [Using Symmetric and Asymmetric
|
412
|
+
# Keys][2].
|
413
413
|
#
|
414
414
|
#
|
415
415
|
#
|
@@ -458,13 +458,13 @@ module Aws::CloudWatchLogs
|
|
458
458
|
req.send_request(options)
|
459
459
|
end
|
460
460
|
|
461
|
-
# Creates an export task
|
462
|
-
#
|
461
|
+
# Creates an export task so that you can efficiently export data from a
|
462
|
+
# log group to an Amazon S3 bucket. When you perform a
|
463
463
|
# `CreateExportTask` operation, you must use credentials that have
|
464
464
|
# permission to write to the S3 bucket that you specify as the
|
465
465
|
# destination.
|
466
466
|
#
|
467
|
-
# Exporting log data to
|
467
|
+
# Exporting log data to S3 buckets that are encrypted by KMS is
|
468
468
|
# supported. Exporting log data to Amazon S3 buckets that have S3 Object
|
469
469
|
# Lock enabled with a retention period is also supported.
|
470
470
|
#
|
@@ -478,13 +478,13 @@ module Aws::CloudWatchLogs
|
|
478
478
|
# at a time. To cancel an export task, use [CancelExportTask][2].
|
479
479
|
#
|
480
480
|
# You can export logs from multiple log groups or multiple time ranges
|
481
|
-
# to the same S3 bucket. To separate
|
482
|
-
#
|
483
|
-
#
|
481
|
+
# to the same S3 bucket. To separate log data for each export task,
|
482
|
+
# specify a prefix to be used as the Amazon S3 key prefix for all
|
483
|
+
# exported objects.
|
484
484
|
#
|
485
485
|
# <note markdown="1"> Time-based sorting on chunks of log data inside an exported file is
|
486
|
-
# not guaranteed. You can sort the exported log
|
487
|
-
# utilities.
|
486
|
+
# not guaranteed. You can sort the exported log field data by using
|
487
|
+
# Linux utilities.
|
488
488
|
#
|
489
489
|
# </note>
|
490
490
|
#
|
@@ -505,12 +505,12 @@ module Aws::CloudWatchLogs
|
|
505
505
|
#
|
506
506
|
# @option params [required, Integer] :from
|
507
507
|
# The start time of the range for the request, expressed as the number
|
508
|
-
# of milliseconds after Jan 1, 1970 00:00:00 UTC
|
508
|
+
# of milliseconds after `Jan 1, 1970 00:00:00 UTC`. Events with a
|
509
509
|
# timestamp earlier than this time are not exported.
|
510
510
|
#
|
511
511
|
# @option params [required, Integer] :to
|
512
512
|
# The end time of the range for the request, expressed as the number of
|
513
|
-
# milliseconds after Jan 1, 1970 00:00:00 UTC
|
513
|
+
# milliseconds after `Jan 1, 1970 00:00:00 UTC`. Events with a timestamp
|
514
514
|
# later than this time are not exported.
|
515
515
|
#
|
516
516
|
# You must specify a time that is not earlier than when this log group
|
@@ -518,7 +518,7 @@ module Aws::CloudWatchLogs
|
|
518
518
|
#
|
519
519
|
# @option params [required, String] :destination
|
520
520
|
# The name of S3 bucket for the exported log data. The bucket must be in
|
521
|
-
# the same Amazon Web Services
|
521
|
+
# the same Amazon Web Services Region.
|
522
522
|
#
|
523
523
|
# @option params [String] :destination_prefix
|
524
524
|
# The prefix used as the start of the key for every object exported. If
|
@@ -558,7 +558,7 @@ module Aws::CloudWatchLogs
|
|
558
558
|
#
|
559
559
|
# You must use the following guidelines when naming a log group:
|
560
560
|
#
|
561
|
-
# * Log group names must be unique within a
|
561
|
+
# * Log group names must be unique within a Region for an Amazon Web
|
562
562
|
# Services account.
|
563
563
|
#
|
564
564
|
# * Log group names can be between 1 and 512 characters long.
|
@@ -568,22 +568,21 @@ module Aws::CloudWatchLogs
|
|
568
568
|
# (period), and '#' (number sign)
|
569
569
|
#
|
570
570
|
# When you create a log group, by default the log events in the log
|
571
|
-
# group
|
571
|
+
# group do not expire. To set a retention policy so that events expire
|
572
572
|
# and are deleted after a specified time, use [PutRetentionPolicy][1].
|
573
573
|
#
|
574
|
-
# If you associate
|
575
|
-
#
|
576
|
-
#
|
577
|
-
#
|
578
|
-
# this data whenever it is requested.
|
574
|
+
# If you associate an KMS key with the log group, ingested data is
|
575
|
+
# encrypted using the KMS key. This association is stored as long as the
|
576
|
+
# data encrypted with the KMS key is still within CloudWatch Logs. This
|
577
|
+
# enables CloudWatch Logs to decrypt this data whenever it is requested.
|
579
578
|
#
|
580
|
-
# If you attempt to associate a
|
581
|
-
# not exist or the
|
579
|
+
# If you attempt to associate a KMS key with the log group but the KMS
|
580
|
+
# keydoes not exist or the KMS key is disabled, you receive an
|
582
581
|
# `InvalidParameterException` error.
|
583
582
|
#
|
584
|
-
# CloudWatch Logs supports only symmetric
|
585
|
-
# asymmetric
|
586
|
-
# Symmetric and Asymmetric Keys][2].
|
583
|
+
# CloudWatch Logs supports only symmetric KMS keys. Do not associate an
|
584
|
+
# asymmetric KMS key with your log group. For more information, see
|
585
|
+
# [Using Symmetric and Asymmetric Keys][2].
|
587
586
|
#
|
588
587
|
#
|
589
588
|
#
|
@@ -594,9 +593,8 @@ module Aws::CloudWatchLogs
|
|
594
593
|
# The name of the log group.
|
595
594
|
#
|
596
595
|
# @option params [String] :kms_key_id
|
597
|
-
# The Amazon Resource Name (ARN) of the
|
598
|
-
# data. For more information, see [Amazon Resource Names
|
599
|
-
# Management Service][1].
|
596
|
+
# The Amazon Resource Name (ARN) of the KMS key to use when encrypting
|
597
|
+
# log data. For more information, see [Amazon Resource Names][1].
|
600
598
|
#
|
601
599
|
#
|
602
600
|
#
|
@@ -650,7 +648,7 @@ module Aws::CloudWatchLogs
|
|
650
648
|
#
|
651
649
|
# * Log stream names can be between 1 and 512 characters long.
|
652
650
|
#
|
653
|
-
# *
|
651
|
+
# * Don't use ':' (colon) or '*' (asterisk) characters.
|
654
652
|
#
|
655
653
|
# @option params [required, String] :log_group_name
|
656
654
|
# The name of the log group.
|
@@ -676,6 +674,36 @@ module Aws::CloudWatchLogs
|
|
676
674
|
req.send_request(options)
|
677
675
|
end
|
678
676
|
|
677
|
+
# Deletes the data protection policy from the specified log group.
|
678
|
+
#
|
679
|
+
# For more information about data protection policies, see
|
680
|
+
# [PutDataProtectionPolicy][1].
|
681
|
+
#
|
682
|
+
#
|
683
|
+
#
|
684
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
|
685
|
+
#
|
686
|
+
# @option params [required, String] :log_group_identifier
|
687
|
+
# The name or ARN of the log group that you want to delete the data
|
688
|
+
# protection policy for.
|
689
|
+
#
|
690
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
691
|
+
#
|
692
|
+
# @example Request syntax with placeholder values
|
693
|
+
#
|
694
|
+
# resp = client.delete_data_protection_policy({
|
695
|
+
# log_group_identifier: "LogGroupIdentifier", # required
|
696
|
+
# })
|
697
|
+
#
|
698
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteDataProtectionPolicy AWS API Documentation
|
699
|
+
#
|
700
|
+
# @overload delete_data_protection_policy(params = {})
|
701
|
+
# @param [Hash] params ({})
|
702
|
+
def delete_data_protection_policy(params = {}, options = {})
|
703
|
+
req = build_request(:delete_data_protection_policy, params)
|
704
|
+
req.send_request(options)
|
705
|
+
end
|
706
|
+
|
679
707
|
# Deletes the specified destination, and eventually disables all the
|
680
708
|
# subscription filters that publish to it. This operation does not
|
681
709
|
# delete the physical resource encapsulated by the destination.
|
@@ -947,7 +975,7 @@ module Aws::CloudWatchLogs
|
|
947
975
|
#
|
948
976
|
# @option params [String] :task_id
|
949
977
|
# The ID of the export task. Specifying a task ID filters the results to
|
950
|
-
#
|
978
|
+
# one or zero export tasks.
|
951
979
|
#
|
952
980
|
# @option params [String] :status_code
|
953
981
|
# The status code of the export task. Specifying a status code filters
|
@@ -1011,13 +1039,41 @@ module Aws::CloudWatchLogs
|
|
1011
1039
|
# more information about using tags to control access, see [Controlling
|
1012
1040
|
# access to Amazon Web Services resources using tags][1].
|
1013
1041
|
#
|
1042
|
+
# If you are using CloudWatch cross-account observability, you can use
|
1043
|
+
# this operation in a monitoring account and view data from the linked
|
1044
|
+
# source accounts. For more information, see [CloudWatch cross-account
|
1045
|
+
# observability][2].
|
1046
|
+
#
|
1014
1047
|
#
|
1015
1048
|
#
|
1016
1049
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
|
1050
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
1051
|
+
#
|
1052
|
+
# @option params [Array<String>] :account_identifiers
|
1053
|
+
# When `includeLinkedAccounts` is set to `True`, use this parameter to
|
1054
|
+
# specify the list of accounts to search. You can specify as many as 20
|
1055
|
+
# account IDs in the array.
|
1017
1056
|
#
|
1018
1057
|
# @option params [String] :log_group_name_prefix
|
1019
1058
|
# The prefix to match.
|
1020
1059
|
#
|
1060
|
+
# <note markdown="1"> `logGroupNamePrefix` and `logGroupNamePattern` are mutually exclusive.
|
1061
|
+
# Only one of these parameters can be passed.
|
1062
|
+
#
|
1063
|
+
# </note>
|
1064
|
+
#
|
1065
|
+
# @option params [String] :log_group_name_pattern
|
1066
|
+
# If you specify a string for this parameter, the operation returns only
|
1067
|
+
# log groups that have names that match the string based on a
|
1068
|
+
# case-sensitive substring search. For example, if you specify `Foo`,
|
1069
|
+
# log groups named `FooBar`, `aws/Foo`, and `GroupFoo` would match, but
|
1070
|
+
# `foo`, `F/o/o` and `Froo` would not match.
|
1071
|
+
#
|
1072
|
+
# <note markdown="1"> `logGroupNamePattern` and `logGroupNamePrefix` are mutually exclusive.
|
1073
|
+
# Only one of these parameters can be passed.
|
1074
|
+
#
|
1075
|
+
# </note>
|
1076
|
+
#
|
1021
1077
|
# @option params [String] :next_token
|
1022
1078
|
# The token for the next set of items to return. (You received this
|
1023
1079
|
# token from a previous call.)
|
@@ -1026,6 +1082,22 @@ module Aws::CloudWatchLogs
|
|
1026
1082
|
# The maximum number of items returned. If you don't specify a value,
|
1027
1083
|
# the default is up to 50 items.
|
1028
1084
|
#
|
1085
|
+
# @option params [Boolean] :include_linked_accounts
|
1086
|
+
# If you are using a monitoring account, set this to `True` to have the
|
1087
|
+
# operation return log groups in the accounts listed in
|
1088
|
+
# `accountIdentifiers`.
|
1089
|
+
#
|
1090
|
+
# If this parameter is set to `true` and `accountIdentifiers` contains a
|
1091
|
+
# null value, the operation returns all log groups in the monitoring
|
1092
|
+
# account and all log groups in all source accounts that are linked to
|
1093
|
+
# the monitoring account.
|
1094
|
+
#
|
1095
|
+
# <note markdown="1"> If you specify `includeLinkedAccounts` in your request, then
|
1096
|
+
# `metricFilterCount`, `retentionInDays`, and `storedBytes` are not
|
1097
|
+
# included in the response.
|
1098
|
+
#
|
1099
|
+
# </note>
|
1100
|
+
#
|
1029
1101
|
# @return [Types::DescribeLogGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1030
1102
|
#
|
1031
1103
|
# * {Types::DescribeLogGroupsResponse#log_groups #log_groups} => Array<Types::LogGroup>
|
@@ -1036,9 +1108,12 @@ module Aws::CloudWatchLogs
|
|
1036
1108
|
# @example Request syntax with placeholder values
|
1037
1109
|
#
|
1038
1110
|
# resp = client.describe_log_groups({
|
1111
|
+
# account_identifiers: ["AccountId"],
|
1039
1112
|
# log_group_name_prefix: "LogGroupName",
|
1113
|
+
# log_group_name_pattern: "LogGroupNamePattern",
|
1040
1114
|
# next_token: "NextToken",
|
1041
1115
|
# limit: 1,
|
1116
|
+
# include_linked_accounts: false,
|
1042
1117
|
# })
|
1043
1118
|
#
|
1044
1119
|
# @example Response structure
|
@@ -1051,6 +1126,7 @@ module Aws::CloudWatchLogs
|
|
1051
1126
|
# resp.log_groups[0].arn #=> String
|
1052
1127
|
# resp.log_groups[0].stored_bytes #=> Integer
|
1053
1128
|
# resp.log_groups[0].kms_key_id #=> String
|
1129
|
+
# resp.log_groups[0].data_protection_status #=> String, one of "ACTIVATED", "DELETED", "ARCHIVED", "DISABLED"
|
1054
1130
|
# resp.next_token #=> String
|
1055
1131
|
#
|
1056
1132
|
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups AWS API Documentation
|
@@ -1069,9 +1145,33 @@ module Aws::CloudWatchLogs
|
|
1069
1145
|
# This operation has a limit of five transactions per second, after
|
1070
1146
|
# which transactions are throttled.
|
1071
1147
|
#
|
1148
|
+
# If you are using CloudWatch cross-account observability, you can use
|
1149
|
+
# this operation in a monitoring account and view data from the linked
|
1150
|
+
# source accounts. For more information, see [CloudWatch cross-account
|
1151
|
+
# observability][1].
|
1152
|
+
#
|
1153
|
+
#
|
1154
|
+
#
|
1155
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
1156
|
+
#
|
1072
1157
|
# @option params [required, String] :log_group_name
|
1073
1158
|
# The name of the log group.
|
1074
1159
|
#
|
1160
|
+
# <note markdown="1"> If you specify values for both `logGroupName` and
|
1161
|
+
# `logGroupIdentifier`, the action returns an
|
1162
|
+
# `InvalidParameterException` error.
|
1163
|
+
#
|
1164
|
+
# </note>
|
1165
|
+
#
|
1166
|
+
# @option params [String] :log_group_identifier
|
1167
|
+
# Specify either the name or ARN of the log group to view. If the log
|
1168
|
+
# group is in a source account and you are using a monitoring account,
|
1169
|
+
# you must use the log group ARN.
|
1170
|
+
#
|
1171
|
+
# If you specify values for both `logGroupName` and
|
1172
|
+
# `logGroupIdentifier`, the action returns an
|
1173
|
+
# `InvalidParameterException` error.
|
1174
|
+
#
|
1075
1175
|
# @option params [String] :log_stream_name_prefix
|
1076
1176
|
# The prefix to match.
|
1077
1177
|
#
|
@@ -1087,7 +1187,7 @@ module Aws::CloudWatchLogs
|
|
1087
1187
|
#
|
1088
1188
|
# `lastEventTimestamp` represents the time of the most recent log event
|
1089
1189
|
# in the log stream in CloudWatch Logs. This number is expressed as the
|
1090
|
-
# number of milliseconds after Jan 1, 1970 00:00:00 UTC
|
1190
|
+
# number of milliseconds after `Jan 1, 1970 00:00:00 UTC`.
|
1091
1191
|
# `lastEventTimestamp` updates on an eventual consistency basis. It
|
1092
1192
|
# typically updates in less than an hour from ingestion, but in rare
|
1093
1193
|
# situations might take longer.
|
@@ -1116,6 +1216,7 @@ module Aws::CloudWatchLogs
|
|
1116
1216
|
#
|
1117
1217
|
# resp = client.describe_log_streams({
|
1118
1218
|
# log_group_name: "LogGroupName", # required
|
1219
|
+
# log_group_identifier: "LogGroupIdentifier",
|
1119
1220
|
# log_stream_name_prefix: "LogStreamName",
|
1120
1221
|
# order_by: "LogStreamName", # accepts LogStreamName, LastEventTime
|
1121
1222
|
# descending: false,
|
@@ -1153,8 +1254,8 @@ module Aws::CloudWatchLogs
|
|
1153
1254
|
# The name of the log group.
|
1154
1255
|
#
|
1155
1256
|
# @option params [String] :filter_name_prefix
|
1156
|
-
# The prefix to match. CloudWatch Logs uses the value you set here
|
1157
|
-
# if you also include the `logGroupName` parameter in your request.
|
1257
|
+
# The prefix to match. CloudWatch Logs uses the value that you set here
|
1258
|
+
# only if you also include the `logGroupName` parameter in your request.
|
1158
1259
|
#
|
1159
1260
|
# @option params [String] :next_token
|
1160
1261
|
# The token for the next set of items to return. (You received this
|
@@ -1219,9 +1320,9 @@ module Aws::CloudWatchLogs
|
|
1219
1320
|
end
|
1220
1321
|
|
1221
1322
|
# Returns a list of CloudWatch Logs Insights queries that are scheduled,
|
1222
|
-
#
|
1223
|
-
#
|
1224
|
-
#
|
1323
|
+
# running, or have been run recently in this account. You can request
|
1324
|
+
# all queries or limit it to queries of a specific log group or queries
|
1325
|
+
# with a certain status.
|
1225
1326
|
#
|
1226
1327
|
# @option params [String] :log_group_name
|
1227
1328
|
# Limits the returned queries to only those for the specified log group.
|
@@ -1418,13 +1519,12 @@ module Aws::CloudWatchLogs
|
|
1418
1519
|
req.send_request(options)
|
1419
1520
|
end
|
1420
1521
|
|
1421
|
-
# Disassociates the associated
|
1422
|
-
# key (CMK) from the specified log group.
|
1522
|
+
# Disassociates the associated KMS key from the specified log group.
|
1423
1523
|
#
|
1424
|
-
# After the KMS
|
1524
|
+
# After the KMS key is disassociated from the log group, CloudWatch Logs
|
1425
1525
|
# stops encrypting newly ingested data for the log group. All previously
|
1426
1526
|
# ingested data remains encrypted, and CloudWatch Logs requires
|
1427
|
-
# permissions for the
|
1527
|
+
# permissions for the KMS key whenever the encrypted data is requested.
|
1428
1528
|
#
|
1429
1529
|
# Note that it can take up to 5 minutes for this operation to take
|
1430
1530
|
# effect.
|
@@ -1457,9 +1557,9 @@ module Aws::CloudWatchLogs
|
|
1457
1557
|
# operation.
|
1458
1558
|
#
|
1459
1559
|
# By default, this operation returns as many log events as can fit in 1
|
1460
|
-
# MB (up to 10,000 log events) or all the events found within the
|
1461
|
-
#
|
1462
|
-
# more log events available
|
1560
|
+
# MB (up to 10,000 log events) or all the events found within the
|
1561
|
+
# specified time range. If the results include a token, that means there
|
1562
|
+
# are more log events available. You can get additional results by
|
1463
1563
|
# specifying the token in a subsequent call. This operation can return
|
1464
1564
|
# empty results while there are more log events available through the
|
1465
1565
|
# token.
|
@@ -1468,9 +1568,33 @@ module Aws::CloudWatchLogs
|
|
1468
1568
|
# when the event was ingested by CloudWatch Logs, and the ID of the
|
1469
1569
|
# `PutLogEvents` request.
|
1470
1570
|
#
|
1571
|
+
# If you are using CloudWatch cross-account observability, you can use
|
1572
|
+
# this operation in a monitoring account and view data from the linked
|
1573
|
+
# source accounts. For more information, see [CloudWatch cross-account
|
1574
|
+
# observability][1].
|
1575
|
+
#
|
1576
|
+
#
|
1577
|
+
#
|
1578
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
1579
|
+
#
|
1471
1580
|
# @option params [required, String] :log_group_name
|
1472
1581
|
# The name of the log group to search.
|
1473
1582
|
#
|
1583
|
+
# <note markdown="1"> If you specify values for both `logGroupName` and
|
1584
|
+
# `logGroupIdentifier`, the action returns an
|
1585
|
+
# `InvalidParameterException` error.
|
1586
|
+
#
|
1587
|
+
# </note>
|
1588
|
+
#
|
1589
|
+
# @option params [String] :log_group_identifier
|
1590
|
+
# Specify either the name or ARN of the log group to view log events
|
1591
|
+
# from. If the log group is in a source account and you are using a
|
1592
|
+
# monitoring account, you must use the log group ARN.
|
1593
|
+
#
|
1594
|
+
# If you specify values for both `logGroupName` and
|
1595
|
+
# `logGroupIdentifier`, the action returns an
|
1596
|
+
# `InvalidParameterException` error.
|
1597
|
+
#
|
1474
1598
|
# @option params [Array<String>] :log_stream_names
|
1475
1599
|
# Filters the results to only logs from the log streams in this list.
|
1476
1600
|
#
|
@@ -1489,12 +1613,12 @@ module Aws::CloudWatchLogs
|
|
1489
1613
|
#
|
1490
1614
|
# @option params [Integer] :start_time
|
1491
1615
|
# The start of the time range, expressed as the number of milliseconds
|
1492
|
-
# after Jan 1, 1970 00:00:00 UTC
|
1616
|
+
# after `Jan 1, 1970 00:00:00 UTC`. Events with a timestamp before this
|
1493
1617
|
# time are not returned.
|
1494
1618
|
#
|
1495
1619
|
# @option params [Integer] :end_time
|
1496
1620
|
# The end of the time range, expressed as the number of milliseconds
|
1497
|
-
# after Jan 1, 1970 00:00:00 UTC
|
1621
|
+
# after `Jan 1, 1970 00:00:00 UTC`. Events with a timestamp later than
|
1498
1622
|
# this time are not returned.
|
1499
1623
|
#
|
1500
1624
|
# @option params [String] :filter_pattern
|
@@ -1515,16 +1639,22 @@ module Aws::CloudWatchLogs
|
|
1515
1639
|
# The maximum number of events to return. The default is 10,000 events.
|
1516
1640
|
#
|
1517
1641
|
# @option params [Boolean] :interleaved
|
1518
|
-
# If the value is true, the operation
|
1519
|
-
#
|
1520
|
-
#
|
1521
|
-
#
|
1522
|
-
#
|
1642
|
+
# If the value is true, the operation attempts to provide responses that
|
1643
|
+
# contain events from multiple log streams within the log group,
|
1644
|
+
# interleaved in a single response. If the value is false, all the
|
1645
|
+
# matched log events in the first log stream are searched first, then
|
1646
|
+
# those in the next log stream, and so on.
|
1523
1647
|
#
|
1524
|
-
# **Important
|
1525
|
-
#
|
1526
|
-
#
|
1527
|
-
#
|
1648
|
+
# **Important** As of June 17, 2019, this parameter is ignored and the
|
1649
|
+
# value is assumed to be true. The response from this operation always
|
1650
|
+
# interleaves events from multiple log streams within a log group.
|
1651
|
+
#
|
1652
|
+
# @option params [Boolean] :unmask
|
1653
|
+
# Specify `true` to display the log event fields with all sensitive data
|
1654
|
+
# unmasked and visible. The default is `false`.
|
1655
|
+
#
|
1656
|
+
# To use this operation with this parameter, you must be signed into an
|
1657
|
+
# account with the `logs:Unmask` permission.
|
1528
1658
|
#
|
1529
1659
|
# @return [Types::FilterLogEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1530
1660
|
#
|
@@ -1538,6 +1668,7 @@ module Aws::CloudWatchLogs
|
|
1538
1668
|
#
|
1539
1669
|
# resp = client.filter_log_events({
|
1540
1670
|
# log_group_name: "LogGroupName", # required
|
1671
|
+
# log_group_identifier: "LogGroupIdentifier",
|
1541
1672
|
# log_stream_names: ["LogStreamName"],
|
1542
1673
|
# log_stream_name_prefix: "LogStreamName",
|
1543
1674
|
# start_time: 1,
|
@@ -1546,6 +1677,7 @@ module Aws::CloudWatchLogs
|
|
1546
1677
|
# next_token: "NextToken",
|
1547
1678
|
# limit: 1,
|
1548
1679
|
# interleaved: false,
|
1680
|
+
# unmask: false,
|
1549
1681
|
# })
|
1550
1682
|
#
|
1551
1683
|
# @example Response structure
|
@@ -1570,6 +1702,39 @@ module Aws::CloudWatchLogs
|
|
1570
1702
|
req.send_request(options)
|
1571
1703
|
end
|
1572
1704
|
|
1705
|
+
# Returns information about a log group data protection policy.
|
1706
|
+
#
|
1707
|
+
# @option params [required, String] :log_group_identifier
|
1708
|
+
# The name or ARN of the log group that contains the data protection
|
1709
|
+
# policy that you want to see.
|
1710
|
+
#
|
1711
|
+
# @return [Types::GetDataProtectionPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1712
|
+
#
|
1713
|
+
# * {Types::GetDataProtectionPolicyResponse#log_group_identifier #log_group_identifier} => String
|
1714
|
+
# * {Types::GetDataProtectionPolicyResponse#policy_document #policy_document} => String
|
1715
|
+
# * {Types::GetDataProtectionPolicyResponse#last_updated_time #last_updated_time} => Integer
|
1716
|
+
#
|
1717
|
+
# @example Request syntax with placeholder values
|
1718
|
+
#
|
1719
|
+
# resp = client.get_data_protection_policy({
|
1720
|
+
# log_group_identifier: "LogGroupIdentifier", # required
|
1721
|
+
# })
|
1722
|
+
#
|
1723
|
+
# @example Response structure
|
1724
|
+
#
|
1725
|
+
# resp.log_group_identifier #=> String
|
1726
|
+
# resp.policy_document #=> String
|
1727
|
+
# resp.last_updated_time #=> Integer
|
1728
|
+
#
|
1729
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetDataProtectionPolicy AWS API Documentation
|
1730
|
+
#
|
1731
|
+
# @overload get_data_protection_policy(params = {})
|
1732
|
+
# @param [Hash] params ({})
|
1733
|
+
def get_data_protection_policy(params = {}, options = {})
|
1734
|
+
req = build_request(:get_data_protection_policy, params)
|
1735
|
+
req.send_request(options)
|
1736
|
+
end
|
1737
|
+
|
1573
1738
|
# Lists log events from the specified log stream. You can list all of
|
1574
1739
|
# the log events or filter using a time range.
|
1575
1740
|
#
|
@@ -1579,21 +1744,45 @@ module Aws::CloudWatchLogs
|
|
1579
1744
|
# operation can return empty results while there are more log events
|
1580
1745
|
# available through the token.
|
1581
1746
|
#
|
1747
|
+
# If you are using CloudWatch cross-account observability, you can use
|
1748
|
+
# this operation in a monitoring account and view data from the linked
|
1749
|
+
# source accounts. For more information, see [CloudWatch cross-account
|
1750
|
+
# observability][1].
|
1751
|
+
#
|
1752
|
+
#
|
1753
|
+
#
|
1754
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
1755
|
+
#
|
1582
1756
|
# @option params [required, String] :log_group_name
|
1583
1757
|
# The name of the log group.
|
1584
1758
|
#
|
1759
|
+
# <note markdown="1"> If you specify values for both `logGroupName` and
|
1760
|
+
# `logGroupIdentifier`, the action returns an
|
1761
|
+
# `InvalidParameterException` error.
|
1762
|
+
#
|
1763
|
+
# </note>
|
1764
|
+
#
|
1765
|
+
# @option params [String] :log_group_identifier
|
1766
|
+
# Specify either the name or ARN of the log group to view events from.
|
1767
|
+
# If the log group is in a source account and you are using a monitoring
|
1768
|
+
# account, you must use the log group ARN.
|
1769
|
+
#
|
1770
|
+
# If you specify values for both `logGroupName` and
|
1771
|
+
# `logGroupIdentifier`, the action returns an
|
1772
|
+
# `InvalidParameterException` error.
|
1773
|
+
#
|
1585
1774
|
# @option params [required, String] :log_stream_name
|
1586
1775
|
# The name of the log stream.
|
1587
1776
|
#
|
1588
1777
|
# @option params [Integer] :start_time
|
1589
1778
|
# The start of the time range, expressed as the number of milliseconds
|
1590
|
-
# after Jan 1, 1970 00:00:00 UTC
|
1591
|
-
# time or later than this time are included. Events with a
|
1592
|
-
# earlier than this time are not included.
|
1779
|
+
# after `Jan 1, 1970 00:00:00 UTC`. Events with a timestamp equal to
|
1780
|
+
# this time or later than this time are included. Events with a
|
1781
|
+
# timestamp earlier than this time are not included.
|
1593
1782
|
#
|
1594
1783
|
# @option params [Integer] :end_time
|
1595
1784
|
# The end of the time range, expressed as the number of milliseconds
|
1596
|
-
# after Jan 1, 1970 00:00:00 UTC
|
1785
|
+
# after `Jan 1, 1970 00:00:00 UTC`. Events with a timestamp equal to or
|
1597
1786
|
# later than this time are not included.
|
1598
1787
|
#
|
1599
1788
|
# @option params [String] :next_token
|
@@ -1602,8 +1791,8 @@ module Aws::CloudWatchLogs
|
|
1602
1791
|
#
|
1603
1792
|
# @option params [Integer] :limit
|
1604
1793
|
# The maximum number of log events returned. If you don't specify a
|
1605
|
-
#
|
1606
|
-
# of 1 MB
|
1794
|
+
# limit, the default is as many log events as can fit in a response size
|
1795
|
+
# of 1 MB (up to 10,000 log events).
|
1607
1796
|
#
|
1608
1797
|
# @option params [Boolean] :start_from_head
|
1609
1798
|
# If the value is true, the earliest log events are returned first. If
|
@@ -1614,6 +1803,13 @@ module Aws::CloudWatchLogs
|
|
1614
1803
|
# `nextToken` in this operation, you must specify `true` for
|
1615
1804
|
# `startFromHead`.
|
1616
1805
|
#
|
1806
|
+
# @option params [Boolean] :unmask
|
1807
|
+
# Specify `true` to display the log event fields with all sensitive data
|
1808
|
+
# unmasked and visible. The default is `false`.
|
1809
|
+
#
|
1810
|
+
# To use this operation with this parameter, you must be signed into an
|
1811
|
+
# account with the `logs:Unmask` permission.
|
1812
|
+
#
|
1617
1813
|
# @return [Types::GetLogEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1618
1814
|
#
|
1619
1815
|
# * {Types::GetLogEventsResponse#events #events} => Array<Types::OutputLogEvent>
|
@@ -1626,12 +1822,14 @@ module Aws::CloudWatchLogs
|
|
1626
1822
|
#
|
1627
1823
|
# resp = client.get_log_events({
|
1628
1824
|
# log_group_name: "LogGroupName", # required
|
1825
|
+
# log_group_identifier: "LogGroupIdentifier",
|
1629
1826
|
# log_stream_name: "LogStreamName", # required
|
1630
1827
|
# start_time: 1,
|
1631
1828
|
# end_time: 1,
|
1632
1829
|
# next_token: "NextToken",
|
1633
1830
|
# limit: 1,
|
1634
1831
|
# start_from_head: false,
|
1832
|
+
# unmask: false,
|
1635
1833
|
# })
|
1636
1834
|
#
|
1637
1835
|
# @example Response structure
|
@@ -1653,11 +1851,11 @@ module Aws::CloudWatchLogs
|
|
1653
1851
|
end
|
1654
1852
|
|
1655
1853
|
# Returns a list of the fields that are included in log events in the
|
1656
|
-
# specified log group
|
1854
|
+
# specified log group. Includes the percentage of log events that
|
1657
1855
|
# contain each field. The search is limited to a time period that you
|
1658
1856
|
# specify.
|
1659
1857
|
#
|
1660
|
-
# In the results, fields that start with
|
1858
|
+
# In the results, fields that start with `@` are fields generated by
|
1661
1859
|
# CloudWatch Logs. For example, `@timestamp` is the timestamp of each
|
1662
1860
|
# log event. For more information about the fields that are generated by
|
1663
1861
|
# CloudWatch logs, see [Supported Logs and Discovered Fields][1].
|
@@ -1665,20 +1863,39 @@ module Aws::CloudWatchLogs
|
|
1665
1863
|
# The response results are sorted by the frequency percentage, starting
|
1666
1864
|
# with the highest percentage.
|
1667
1865
|
#
|
1866
|
+
# If you are using CloudWatch cross-account observability, you can use
|
1867
|
+
# this operation in a monitoring account and view data from the linked
|
1868
|
+
# source accounts. For more information, see [CloudWatch cross-account
|
1869
|
+
# observability][2].
|
1870
|
+
#
|
1668
1871
|
#
|
1669
1872
|
#
|
1670
1873
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html
|
1874
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
1671
1875
|
#
|
1672
1876
|
# @option params [required, String] :log_group_name
|
1673
1877
|
# The name of the log group to search.
|
1674
1878
|
#
|
1879
|
+
# If you specify values for both `logGroupName` and
|
1880
|
+
# `logGroupIdentifier`, the action returns an
|
1881
|
+
# `InvalidParameterException` error.
|
1882
|
+
#
|
1675
1883
|
# @option params [Integer] :time
|
1676
1884
|
# The time to set as the center of the query. If you specify `time`, the
|
1677
|
-
# 15 minutes before this time are queries. If you omit `time
|
1885
|
+
# 15 minutes before this time are queries. If you omit `time`, the 8
|
1678
1886
|
# minutes before and 8 minutes after this time are searched.
|
1679
1887
|
#
|
1680
|
-
# The `time` value is specified as epoch time, the number of
|
1681
|
-
# since January 1, 1970, 00:00:00 UTC
|
1888
|
+
# The `time` value is specified as epoch time, which is the number of
|
1889
|
+
# seconds since `January 1, 1970, 00:00:00 UTC`.
|
1890
|
+
#
|
1891
|
+
# @option params [String] :log_group_identifier
|
1892
|
+
# Specify either the name or ARN of the log group to view. If the log
|
1893
|
+
# group is in a source account and you are using a monitoring account,
|
1894
|
+
# you must specify the ARN.
|
1895
|
+
#
|
1896
|
+
# If you specify values for both `logGroupName` and
|
1897
|
+
# `logGroupIdentifier`, the action returns an
|
1898
|
+
# `InvalidParameterException` error.
|
1682
1899
|
#
|
1683
1900
|
# @return [Types::GetLogGroupFieldsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1684
1901
|
#
|
@@ -1689,6 +1906,7 @@ module Aws::CloudWatchLogs
|
|
1689
1906
|
# resp = client.get_log_group_fields({
|
1690
1907
|
# log_group_name: "LogGroupName", # required
|
1691
1908
|
# time: 1,
|
1909
|
+
# log_group_identifier: "LogGroupIdentifier",
|
1692
1910
|
# })
|
1693
1911
|
#
|
1694
1912
|
# @example Response structure
|
@@ -1720,6 +1938,13 @@ module Aws::CloudWatchLogs
|
|
1720
1938
|
# event is the value to use as `logRecordPointer` to retrieve that
|
1721
1939
|
# complete log event record.
|
1722
1940
|
#
|
1941
|
+
# @option params [Boolean] :unmask
|
1942
|
+
# Specify `true` to display the log event fields with all sensitive data
|
1943
|
+
# unmasked and visible. The default is `false`.
|
1944
|
+
#
|
1945
|
+
# To use this operation with this parameter, you must be signed into an
|
1946
|
+
# account with the `logs:Unmask` permission.
|
1947
|
+
#
|
1723
1948
|
# @return [Types::GetLogRecordResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1724
1949
|
#
|
1725
1950
|
# * {Types::GetLogRecordResponse#log_record #log_record} => Hash<String,String>
|
@@ -1728,6 +1953,7 @@ module Aws::CloudWatchLogs
|
|
1728
1953
|
#
|
1729
1954
|
# resp = client.get_log_record({
|
1730
1955
|
# log_record_pointer: "LogRecordPointer", # required
|
1956
|
+
# unmask: false,
|
1731
1957
|
# })
|
1732
1958
|
#
|
1733
1959
|
# @example Response structure
|
@@ -1751,18 +1977,24 @@ module Aws::CloudWatchLogs
|
|
1751
1977
|
# the value of `@ptr` in a [GetLogRecord][1] operation to get the full
|
1752
1978
|
# log record.
|
1753
1979
|
#
|
1754
|
-
# `GetQueryResults` does not start a query
|
1755
|
-
#
|
1980
|
+
# `GetQueryResults` does not start running a query. To run a query, use
|
1981
|
+
# [StartQuery][2].
|
1756
1982
|
#
|
1757
1983
|
# If the value of the `Status` field in the output is `Running`, this
|
1758
1984
|
# operation returns only partial results. If you see a value of
|
1759
1985
|
# `Scheduled` or `Running` for the status, you can retry the operation
|
1760
1986
|
# later to see the final results.
|
1761
1987
|
#
|
1988
|
+
# If you are using CloudWatch cross-account observability, you can use
|
1989
|
+
# this operation in a monitoring account to start queries in linked
|
1990
|
+
# source accounts. For more information, see [CloudWatch cross-account
|
1991
|
+
# observability][3].
|
1992
|
+
#
|
1762
1993
|
#
|
1763
1994
|
#
|
1764
1995
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogRecord.html
|
1765
1996
|
# [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
|
1997
|
+
# [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
1766
1998
|
#
|
1767
1999
|
# @option params [required, String] :query_id
|
1768
2000
|
# The ID number of the query.
|
@@ -1878,12 +2110,106 @@ module Aws::CloudWatchLogs
|
|
1878
2110
|
req.send_request(options)
|
1879
2111
|
end
|
1880
2112
|
|
2113
|
+
# Creates a data protection policy for the specified log group. A data
|
2114
|
+
# protection policy can help safeguard sensitive data that's ingested
|
2115
|
+
# by the log group by auditing and masking the sensitive log data.
|
2116
|
+
#
|
2117
|
+
# Sensitive data is detected and masked when it is ingested into the log
|
2118
|
+
# group. When you set a data protection policy, log events ingested into
|
2119
|
+
# the log group before that time are not masked.
|
2120
|
+
#
|
2121
|
+
# By default, when a user views a log event that includes masked data,
|
2122
|
+
# the sensitive data is replaced by asterisks. A user who has the
|
2123
|
+
# `logs:Unmask` permission can use a [GetLogEvents][1] or
|
2124
|
+
# [FilterLogEvents][2] operation with the `unmask` parameter set to
|
2125
|
+
# `true` to view the unmasked log events. Users with the `logs:Unmask`
|
2126
|
+
# can also view unmasked data in the CloudWatch Logs console by running
|
2127
|
+
# a CloudWatch Logs Insights query with the `unmask` query command.
|
2128
|
+
#
|
2129
|
+
# For more information, including a list of types of data that can be
|
2130
|
+
# audited and masked, see [Protect sensitive log data with masking][3].
|
2131
|
+
#
|
2132
|
+
#
|
2133
|
+
#
|
2134
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
|
2135
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
|
2136
|
+
# [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
|
2137
|
+
#
|
2138
|
+
# @option params [required, String] :log_group_identifier
|
2139
|
+
# Specify either the log group name or log group ARN.
|
2140
|
+
#
|
2141
|
+
# @option params [required, String] :policy_document
|
2142
|
+
# Specify the data protection policy, in JSON.
|
2143
|
+
#
|
2144
|
+
# This policy must include two JSON blocks:
|
2145
|
+
#
|
2146
|
+
# * The first block must include both a `DataIdentifer` array and an
|
2147
|
+
# `Operation` property with an `Audit` action. The `DataIdentifer`
|
2148
|
+
# array lists the types of sensitive data that you want to mask. For
|
2149
|
+
# more information about the available options, see [Types of data
|
2150
|
+
# that you can mask][1].
|
2151
|
+
#
|
2152
|
+
# The `Operation` property with an `Audit` action is required to find
|
2153
|
+
# the sensitive data terms. This `Audit` action must contain a
|
2154
|
+
# `FindingsDestination` object. You can optionally use that
|
2155
|
+
# `FindingsDestination` object to list one or more destinations to
|
2156
|
+
# send audit findings to. If you specify destinations such as log
|
2157
|
+
# groups, Kinesis Data Firehose streams, and S3 buckets, they must
|
2158
|
+
# already exist.
|
2159
|
+
#
|
2160
|
+
# * The second block must include both a `DataIdentifer` array and an
|
2161
|
+
# `Operation` property with an `Deidentify` action. The
|
2162
|
+
# `DataIdentifer` array must exactly match the `DataIdentifer` array
|
2163
|
+
# in the first block of the policy.
|
2164
|
+
#
|
2165
|
+
# The `Operation` property with the `Deidentify` action is what
|
2166
|
+
# actually masks the data, and it must contain the ` "MaskConfig":
|
2167
|
+
# \{\}` object. The ` "MaskConfig": \{\}` object must be empty.
|
2168
|
+
#
|
2169
|
+
# For an example data protection policy, see the **Examples** section on
|
2170
|
+
# this page.
|
2171
|
+
#
|
2172
|
+
# The contents of two `DataIdentifer` arrays must match exactly.
|
2173
|
+
#
|
2174
|
+
#
|
2175
|
+
#
|
2176
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
|
2177
|
+
#
|
2178
|
+
# @return [Types::PutDataProtectionPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2179
|
+
#
|
2180
|
+
# * {Types::PutDataProtectionPolicyResponse#log_group_identifier #log_group_identifier} => String
|
2181
|
+
# * {Types::PutDataProtectionPolicyResponse#policy_document #policy_document} => String
|
2182
|
+
# * {Types::PutDataProtectionPolicyResponse#last_updated_time #last_updated_time} => Integer
|
2183
|
+
#
|
2184
|
+
# @example Request syntax with placeholder values
|
2185
|
+
#
|
2186
|
+
# resp = client.put_data_protection_policy({
|
2187
|
+
# log_group_identifier: "LogGroupIdentifier", # required
|
2188
|
+
# policy_document: "DataProtectionPolicyDocument", # required
|
2189
|
+
# })
|
2190
|
+
#
|
2191
|
+
# @example Response structure
|
2192
|
+
#
|
2193
|
+
# resp.log_group_identifier #=> String
|
2194
|
+
# resp.policy_document #=> String
|
2195
|
+
# resp.last_updated_time #=> Integer
|
2196
|
+
#
|
2197
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDataProtectionPolicy AWS API Documentation
|
2198
|
+
#
|
2199
|
+
# @overload put_data_protection_policy(params = {})
|
2200
|
+
# @param [Hash] params ({})
|
2201
|
+
def put_data_protection_policy(params = {}, options = {})
|
2202
|
+
req = build_request(:put_data_protection_policy, params)
|
2203
|
+
req.send_request(options)
|
2204
|
+
end
|
2205
|
+
|
1881
2206
|
# Creates or updates a destination. This operation is used only to
|
1882
2207
|
# create destinations for cross-account subscriptions.
|
1883
2208
|
#
|
1884
2209
|
# A destination encapsulates a physical resource (such as an Amazon
|
1885
|
-
# Kinesis stream)
|
1886
|
-
# log events for a different account, ingested using
|
2210
|
+
# Kinesis stream). With a destination, you can subscribe to a real-time
|
2211
|
+
# stream of log events for a different account, ingested using
|
2212
|
+
# [PutLogEvents][1].
|
1887
2213
|
#
|
1888
2214
|
# Through an access policy, a destination controls what is written to
|
1889
2215
|
# it. By default, `PutDestination` does not set any access policy with
|
@@ -2032,26 +2358,27 @@ module Aws::CloudWatchLogs
|
|
2032
2358
|
# * None of the log events in the batch can be more than 2 hours in the
|
2033
2359
|
# future.
|
2034
2360
|
#
|
2035
|
-
# * None of the log events in the batch can be
|
2036
|
-
#
|
2361
|
+
# * None of the log events in the batch can be more than 14 days in the
|
2362
|
+
# past. Also, none of the log events can be from earlier than the
|
2363
|
+
# retention period of the log group.
|
2037
2364
|
#
|
2038
2365
|
# * The log events in the batch must be in chronological order by their
|
2039
|
-
# timestamp. The timestamp is the time the event occurred,
|
2040
|
-
# as the number of milliseconds after Jan 1, 1970 00:00:00
|
2041
|
-
# Amazon Web Services Tools for PowerShell and the Amazon
|
2042
|
-
# SDK for .NET, the timestamp is specified in .NET
|
2043
|
-
# yyyy-mm-ddThh:mm:ss
|
2366
|
+
# timestamp. The timestamp is the time that the event occurred,
|
2367
|
+
# expressed as the number of milliseconds after `Jan 1, 1970 00:00:00
|
2368
|
+
# UTC`. (In Amazon Web Services Tools for PowerShell and the Amazon
|
2369
|
+
# Web Services SDK for .NET, the timestamp is specified in .NET
|
2370
|
+
# format: `yyyy-mm-ddThh:mm:ss`. For example, `2017-09-15T13:45:30`.)
|
2044
2371
|
#
|
2045
2372
|
# * A batch of log events in a single request cannot span more than 24
|
2046
2373
|
# hours. Otherwise, the operation fails.
|
2047
2374
|
#
|
2048
2375
|
# * The maximum number of log events in a batch is 10,000.
|
2049
2376
|
#
|
2050
|
-
# * There is a quota of
|
2051
|
-
# requests are throttled. This quota can't be changed.
|
2377
|
+
# * There is a quota of five requests per second per log stream.
|
2378
|
+
# Additional requests are throttled. This quota can't be changed.
|
2052
2379
|
#
|
2053
2380
|
# If a call to `PutLogEvents` returns "UnrecognizedClientException"
|
2054
|
-
# the most likely cause is
|
2381
|
+
# the most likely cause is a non-valid Amazon Web Services access key ID
|
2055
2382
|
# or secret key.
|
2056
2383
|
#
|
2057
2384
|
# @option params [required, String] :log_group_name
|
@@ -2111,7 +2438,7 @@ module Aws::CloudWatchLogs
|
|
2111
2438
|
end
|
2112
2439
|
|
2113
2440
|
# Creates or updates a metric filter and associates it with the
|
2114
|
-
# specified log group.
|
2441
|
+
# specified log group. With metric filters, you can configure rules to
|
2115
2442
|
# extract metric data from log events ingested through
|
2116
2443
|
# [PutLogEvents][1].
|
2117
2444
|
#
|
@@ -2127,9 +2454,9 @@ module Aws::CloudWatchLogs
|
|
2127
2454
|
# different value found for a dimension is treated as a separate metric
|
2128
2455
|
# and accrues charges as a separate custom metric.
|
2129
2456
|
#
|
2130
|
-
#
|
2131
|
-
#
|
2132
|
-
#
|
2457
|
+
# CloudWatch Logs disables a metric filter if it generates 1,000
|
2458
|
+
# different name/value pairs for your specified dimensions within a
|
2459
|
+
# certain amount of time. This helps to prevent accidental high charges.
|
2133
2460
|
#
|
2134
2461
|
# You can also set up a billing alarm to alert you if your charges are
|
2135
2462
|
# higher than expected. For more information, see [ Creating a Billing
|
@@ -2192,8 +2519,8 @@ module Aws::CloudWatchLogs
|
|
2192
2519
|
# request. The values of `name`, `queryString`, and `logGroupNames` are
|
2193
2520
|
# changed to the values that you specify in your update operation. No
|
2194
2521
|
# current values are retained from the current query definition. For
|
2195
|
-
# example,
|
2196
|
-
# groups
|
2522
|
+
# example, imagine updating a current query definition that includes log
|
2523
|
+
# groups. If you don't specify the `logGroupNames` parameter in your
|
2197
2524
|
# update operation, the query definition changes to contain no log
|
2198
2525
|
# groups.
|
2199
2526
|
#
|
@@ -2205,10 +2532,10 @@ module Aws::CloudWatchLogs
|
|
2205
2532
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
|
2206
2533
|
#
|
2207
2534
|
# @option params [required, String] :name
|
2208
|
-
# A name for the query definition. If you are saving
|
2209
|
-
# definitions, we recommend that you name them
|
2210
|
-
#
|
2211
|
-
#
|
2535
|
+
# A name for the query definition. If you are saving numerous query
|
2536
|
+
# definitions, we recommend that you name them. This way, you can find
|
2537
|
+
# the ones you want by using the first part of the name as a filter in
|
2538
|
+
# the `queryDefinitionNamePrefix` parameter of
|
2212
2539
|
# [DescribeQueryDefinitions][1].
|
2213
2540
|
#
|
2214
2541
|
#
|
@@ -2293,8 +2620,8 @@ module Aws::CloudWatchLogs
|
|
2293
2620
|
#
|
2294
2621
|
# In the example resource policy, you would replace the value of
|
2295
2622
|
# `SourceArn` with the resource making the call from Route 53 to
|
2296
|
-
# CloudWatch Logs
|
2297
|
-
# Amazon Web Services account ID making that call.
|
2623
|
+
# CloudWatch Logs. You would also replace the value of `SourceAccount`
|
2624
|
+
# with the Amazon Web Services account ID making that call.
|
2298
2625
|
#
|
2299
2626
|
#
|
2300
2627
|
#
|
@@ -2336,8 +2663,8 @@ module Aws::CloudWatchLogs
|
|
2336
2663
|
req.send_request(options)
|
2337
2664
|
end
|
2338
2665
|
|
2339
|
-
# Sets the retention of the specified log group.
|
2340
|
-
#
|
2666
|
+
# Sets the retention of the specified log group. With a retention
|
2667
|
+
# policy, you can configure the number of days for which to retain log
|
2341
2668
|
# events in the specified log group.
|
2342
2669
|
#
|
2343
2670
|
# <note markdown="1"> CloudWatch Logs doesn’t immediately delete log events when they reach
|
@@ -2345,14 +2672,14 @@ module Aws::CloudWatchLogs
|
|
2345
2672
|
# before log events are deleted, but in rare situations might take
|
2346
2673
|
# longer.
|
2347
2674
|
#
|
2348
|
-
#
|
2349
|
-
# setting when it contains log events that are past the
|
2350
|
-
# but haven’t been
|
2351
|
-
# hours to be deleted after the new retention date is reached.
|
2352
|
-
# sure that log data is deleted permanently, keep a log group at
|
2353
|
-
# lower retention setting until 72 hours
|
2354
|
-
#
|
2355
|
-
# events are deleted.
|
2675
|
+
# To illustrate, imagine that you change a log group to have a longer
|
2676
|
+
# retention setting when it contains log events that are past the
|
2677
|
+
# expiration date, but haven’t been deleted. Those log events will take
|
2678
|
+
# up to 72 hours to be deleted after the new retention date is reached.
|
2679
|
+
# To make sure that log data is deleted permanently, keep a log group at
|
2680
|
+
# its lower retention setting until 72 hours after the previous
|
2681
|
+
# retention period ends. Alternatively, wait to change the retention
|
2682
|
+
# setting until you confirm that the earlier log events are deleted.
|
2356
2683
|
#
|
2357
2684
|
# </note>
|
2358
2685
|
#
|
@@ -2364,7 +2691,7 @@ module Aws::CloudWatchLogs
|
|
2364
2691
|
# group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180,
|
2365
2692
|
# 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
|
2366
2693
|
#
|
2367
|
-
# To set a log group
|
2694
|
+
# To set a log group so that its log events do not expire, use
|
2368
2695
|
# [DeleteRetentionPolicy][1].
|
2369
2696
|
#
|
2370
2697
|
#
|
@@ -2390,22 +2717,22 @@ module Aws::CloudWatchLogs
|
|
2390
2717
|
end
|
2391
2718
|
|
2392
2719
|
# Creates or updates a subscription filter and associates it with the
|
2393
|
-
# specified log group.
|
2720
|
+
# specified log group. With subscription filters, you can subscribe to a
|
2394
2721
|
# real-time stream of log events ingested through [PutLogEvents][1] and
|
2395
2722
|
# have them delivered to a specific destination. When log events are
|
2396
2723
|
# sent to the receiving service, they are Base64 encoded and compressed
|
2397
|
-
# with the
|
2724
|
+
# with the GZIP format.
|
2398
2725
|
#
|
2399
2726
|
# The following destinations are supported for subscription filters:
|
2400
2727
|
#
|
2401
|
-
# * An Amazon Kinesis stream belonging to the same account as the
|
2728
|
+
# * An Amazon Kinesis data stream belonging to the same account as the
|
2402
2729
|
# subscription filter, for same-account delivery.
|
2403
2730
|
#
|
2404
2731
|
# * A logical destination that belongs to a different account, for
|
2405
2732
|
# cross-account delivery.
|
2406
2733
|
#
|
2407
|
-
# * An Amazon Kinesis Firehose delivery stream that belongs to the
|
2408
|
-
# account as the subscription filter, for same-account delivery.
|
2734
|
+
# * An Amazon Kinesis Data Firehose delivery stream that belongs to the
|
2735
|
+
# same account as the subscription filter, for same-account delivery.
|
2409
2736
|
#
|
2410
2737
|
# * An Lambda function that belongs to the same account as the
|
2411
2738
|
# subscription filter, for same-account delivery.
|
@@ -2447,12 +2774,12 @@ module Aws::CloudWatchLogs
|
|
2447
2774
|
# * A logical destination (specified using an ARN) belonging to a
|
2448
2775
|
# different account, for cross-account delivery.
|
2449
2776
|
#
|
2450
|
-
# If you
|
2451
|
-
# must have an IAM policy associated with it
|
2452
|
-
# send logs to the destination. For more
|
2453
|
-
# [PutDestinationPolicy][1].
|
2777
|
+
# If you're setting up a cross-account subscription, the destination
|
2778
|
+
# must have an IAM policy associated with it. The IAM policy must
|
2779
|
+
# allow the sender to send logs to the destination. For more
|
2780
|
+
# information, see [PutDestinationPolicy][1].
|
2454
2781
|
#
|
2455
|
-
# *
|
2782
|
+
# * A Kinesis Data Firehose delivery stream belonging to the same
|
2456
2783
|
# account as the subscription filter, for same-account delivery.
|
2457
2784
|
#
|
2458
2785
|
# * A Lambda function belonging to the same account as the subscription
|
@@ -2472,7 +2799,7 @@ module Aws::CloudWatchLogs
|
|
2472
2799
|
# The method used to distribute log data to the destination. By default,
|
2473
2800
|
# log data is grouped by log stream, but the grouping can be set to
|
2474
2801
|
# random for a more even distribution. This property is only applicable
|
2475
|
-
# when the destination is an Amazon Kinesis stream.
|
2802
|
+
# when the destination is an Amazon Kinesis data stream.
|
2476
2803
|
#
|
2477
2804
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2478
2805
|
#
|
@@ -2502,39 +2829,63 @@ module Aws::CloudWatchLogs
|
|
2502
2829
|
#
|
2503
2830
|
# For more information, see [CloudWatch Logs Insights Query Syntax][1].
|
2504
2831
|
#
|
2505
|
-
# Queries time out after 15 minutes of
|
2832
|
+
# Queries time out after 15 minutes of runtime. If your queries are
|
2506
2833
|
# timing out, reduce the time range being searched or partition your
|
2507
2834
|
# query into a number of queries.
|
2508
2835
|
#
|
2509
|
-
#
|
2836
|
+
# If you are using CloudWatch cross-account observability, you can use
|
2837
|
+
# this operation in a monitoring account to start a query in a linked
|
2838
|
+
# source account. For more information, see [CloudWatch cross-account
|
2839
|
+
# observability][2]. For a cross-account `StartQuery` operation, the
|
2840
|
+
# query definition must be defined in the monitoring account.
|
2841
|
+
#
|
2842
|
+
# You can have up to 20 concurrent CloudWatch Logs insights queries,
|
2510
2843
|
# including queries that have been added to dashboards.
|
2511
2844
|
#
|
2512
2845
|
#
|
2513
2846
|
#
|
2514
2847
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
|
2848
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
|
2515
2849
|
#
|
2516
2850
|
# @option params [String] :log_group_name
|
2517
2851
|
# The log group on which to perform the query.
|
2518
2852
|
#
|
2519
|
-
# A `StartQuery` operation must include
|
2520
|
-
# `logGroupName`
|
2853
|
+
# <note markdown="1"> A `StartQuery` operation must include exactly one of the following
|
2854
|
+
# parameters: `logGroupName`, `logGroupNames` or `logGroupIdentifiers`.
|
2855
|
+
#
|
2856
|
+
# </note>
|
2521
2857
|
#
|
2522
2858
|
# @option params [Array<String>] :log_group_names
|
2523
|
-
# The list of log groups to be queried. You can include up to
|
2859
|
+
# The list of log groups to be queried. You can include up to 50 log
|
2524
2860
|
# groups.
|
2525
2861
|
#
|
2526
|
-
# A `StartQuery` operation must include
|
2527
|
-
# `logGroupName`
|
2862
|
+
# <note markdown="1"> A `StartQuery` operation must include exactly one of the following
|
2863
|
+
# parameters: `logGroupName`, `logGroupNames` or `logGroupIdentifiers`.
|
2864
|
+
#
|
2865
|
+
# </note>
|
2866
|
+
#
|
2867
|
+
# @option params [Array<String>] :log_group_identifiers
|
2868
|
+
# The list of log groups to query. You can include up to 50 log groups.
|
2869
|
+
#
|
2870
|
+
# You can specify them by the log group name or ARN. If a log group that
|
2871
|
+
# you're querying is in a source account and you're using a monitoring
|
2872
|
+
# account, you must specify the ARN of the log group here. The query
|
2873
|
+
# definition must also be defined in the monitoring account.
|
2874
|
+
#
|
2875
|
+
# If you specify an ARN, the ARN can't end with an asterisk (*).
|
2876
|
+
#
|
2877
|
+
# A `StartQuery` operation must include exactly one of the following
|
2878
|
+
# parameters: `logGroupName`, `logGroupNames` or `logGroupIdentifiers`.
|
2528
2879
|
#
|
2529
2880
|
# @option params [required, Integer] :start_time
|
2530
2881
|
# The beginning of the time range to query. The range is inclusive, so
|
2531
2882
|
# the specified start time is included in the query. Specified as epoch
|
2532
|
-
# time, the number of seconds since January 1, 1970, 00:00:00 UTC
|
2883
|
+
# time, the number of seconds since `January 1, 1970, 00:00:00 UTC`.
|
2533
2884
|
#
|
2534
2885
|
# @option params [required, Integer] :end_time
|
2535
2886
|
# The end of the time range to query. The range is inclusive, so the
|
2536
2887
|
# specified end time is included in the query. Specified as epoch time,
|
2537
|
-
# the number of seconds since January 1, 1970, 00:00:00 UTC
|
2888
|
+
# the number of seconds since `January 1, 1970, 00:00:00 UTC`.
|
2538
2889
|
#
|
2539
2890
|
# @option params [required, String] :query_string
|
2540
2891
|
# The query string to use. For more information, see [CloudWatch Logs
|
@@ -2558,6 +2909,7 @@ module Aws::CloudWatchLogs
|
|
2558
2909
|
# resp = client.start_query({
|
2559
2910
|
# log_group_name: "LogGroupName",
|
2560
2911
|
# log_group_names: ["LogGroupName"],
|
2912
|
+
# log_group_identifiers: ["LogGroupIdentifier"],
|
2561
2913
|
# start_time: 1, # required
|
2562
2914
|
# end_time: 1, # required
|
2563
2915
|
# query_string: "QueryString", # required
|
@@ -2853,7 +3205,7 @@ module Aws::CloudWatchLogs
|
|
2853
3205
|
params: params,
|
2854
3206
|
config: config)
|
2855
3207
|
context[:gem_name] = 'aws-sdk-cloudwatchlogs'
|
2856
|
-
context[:gem_version] = '1.
|
3208
|
+
context[:gem_version] = '1.57.0'
|
2857
3209
|
Seahorse::Client::Request.new(handlers, context)
|
2858
3210
|
end
|
2859
3211
|
|