aws-sdk-cloudwatchlogs 1.63.0 → 1.64.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8eed67c03b6fd8411e46d82c087afea97d39e8f7bd9af4823c798adbe2282b6d
4
- data.tar.gz: 9db042afe652f53b242e49e1c0ca9a97140249c28507a11d8ffc8b6219c97f6c
3
+ metadata.gz: 4087e11ea4a4fdd5a3bb5b6f145623058784baa35826f4ad4f9a53a3c67507e9
4
+ data.tar.gz: 8acbc2d70e6210c680edf2c63cf5d82844f2ae6439d30293e88bb526f908aeb5
5
5
  SHA512:
6
- metadata.gz: d77aaade04edf1626add5a96b5be41cad3209c3c9f82e99ec77537ebdd3fbd92c5e2b9f57466d0079f9dca2be30fd6c049a70ba54bb907f08f782d46e1e5335e
7
- data.tar.gz: 6da09ec0189e23dd971e82167bbc748ecca6b1daafcbddb48ce8c0090b636ac2a9aab5bc470d6d85e225fe6edc0400e924c910350022cf380121b5b3af6f45ac
6
+ metadata.gz: a25f75cccb56f477488eb71d5dbbd9266aa3fea01146d1cd6a08df41ef9ec20edaadc077a17934d623f8188ea7855a1bd4e3f40ff6612100118fb68ad55ba3ba
7
+ data.tar.gz: f66ec8453de6a4483cc6b762b1a16bff9c86817c76f87f217788e8ce3909c44533092e383c8deecbfb28e4000d2f122a9d7c31cc805da0ccc6d1b129556de080
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.64.0 (2023-06-07)
5
+ ------------------
6
+
7
+ * Feature - This change adds support for account level data protection policies using 3 new APIs, PutAccountPolicy, DeleteAccountPolicy and DescribeAccountPolicy. DescribeLogGroup API has been modified to indicate if account level policy is applied to the LogGroup via "inheritedProperties" list in the response.
8
+
4
9
  1.63.0 (2023-05-31)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.63.0
1
+ 1.64.0
@@ -582,7 +582,7 @@ module Aws::CloudWatchLogs
582
582
  # enables CloudWatch Logs to decrypt this data whenever it is requested.
583
583
  #
584
584
  # If you attempt to associate a KMS key with the log group but the KMS
585
- # keydoes not exist or the KMS key is disabled, you receive an
585
+ # key does not exist or the KMS key is disabled, you receive an
586
586
  # `InvalidParameterException` error.
587
587
  #
588
588
  # CloudWatch Logs supports only symmetric KMS keys. Do not associate an
@@ -683,6 +683,37 @@ module Aws::CloudWatchLogs
683
683
  req.send_request(options)
684
684
  end
685
685
 
686
+ # Deletes a CloudWatch Logs account policy.
687
+ #
688
+ # To use this operation, you must be signed on with the
689
+ # `logs:DeleteDataProtectionPolicy` and `logs:DeleteAccountPolicy`
690
+ # permissions.
691
+ #
692
+ # @option params [required, String] :policy_name
693
+ # The name of the policy to delete.
694
+ #
695
+ # @option params [required, String] :policy_type
696
+ # The type of policy to delete. Currently, the only valid value is
697
+ # `DATA_PROTECTION_POLICY`.
698
+ #
699
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
700
+ #
701
+ # @example Request syntax with placeholder values
702
+ #
703
+ # resp = client.delete_account_policy({
704
+ # policy_name: "PolicyName", # required
705
+ # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY
706
+ # })
707
+ #
708
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy AWS API Documentation
709
+ #
710
+ # @overload delete_account_policy(params = {})
711
+ # @param [Hash] params ({})
712
+ def delete_account_policy(params = {}, options = {})
713
+ req = build_request(:delete_account_policy, params)
714
+ req.send_request(options)
715
+ end
716
+
686
717
  # Deletes the data protection policy from the specified log group.
687
718
  #
688
719
  # For more information about data protection policies, see
@@ -929,6 +960,58 @@ module Aws::CloudWatchLogs
929
960
  req.send_request(options)
930
961
  end
931
962
 
963
+ # Returns a list of all CloudWatch Logs account policies in the account.
964
+ #
965
+ # @option params [required, String] :policy_type
966
+ # Use this parameter to limit the returned policies to only the policies
967
+ # that match the policy type that you specify. Currently, the only valid
968
+ # value is `DATA_PROTECTION_POLICY`.
969
+ #
970
+ # @option params [String] :policy_name
971
+ # Use this parameter to limit the returned policies to only the policy
972
+ # with the name that you specify.
973
+ #
974
+ # @option params [Array<String>] :account_identifiers
975
+ # If you are using an account that is set up as a monitoring account for
976
+ # CloudWatch unified cross-account observability, you can use this to
977
+ # specify the account ID of a source account. If you do, the operation
978
+ # returns the account policy for the specified account. Currently, you
979
+ # can specify only one account ID in this parameter.
980
+ #
981
+ # If you omit this parameter, only the policy in the current account is
982
+ # returned.
983
+ #
984
+ # @return [Types::DescribeAccountPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
985
+ #
986
+ # * {Types::DescribeAccountPoliciesResponse#account_policies #account_policies} => Array&lt;Types::AccountPolicy&gt;
987
+ #
988
+ # @example Request syntax with placeholder values
989
+ #
990
+ # resp = client.describe_account_policies({
991
+ # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY
992
+ # policy_name: "PolicyName",
993
+ # account_identifiers: ["AccountId"],
994
+ # })
995
+ #
996
+ # @example Response structure
997
+ #
998
+ # resp.account_policies #=> Array
999
+ # resp.account_policies[0].policy_name #=> String
1000
+ # resp.account_policies[0].policy_document #=> String
1001
+ # resp.account_policies[0].last_updated_time #=> Integer
1002
+ # resp.account_policies[0].policy_type #=> String, one of "DATA_PROTECTION_POLICY"
1003
+ # resp.account_policies[0].scope #=> String, one of "ALL"
1004
+ # resp.account_policies[0].account_id #=> String
1005
+ #
1006
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies AWS API Documentation
1007
+ #
1008
+ # @overload describe_account_policies(params = {})
1009
+ # @param [Hash] params ({})
1010
+ def describe_account_policies(params = {}, options = {})
1011
+ req = build_request(:describe_account_policies, params)
1012
+ req.send_request(options)
1013
+ end
1014
+
932
1015
  # Lists all your destinations. The results are ASCII-sorted by
933
1016
  # destination name.
934
1017
  #
@@ -1078,6 +1161,9 @@ module Aws::CloudWatchLogs
1078
1161
  # log groups named `FooBar`, `aws/Foo`, and `GroupFoo` would match, but
1079
1162
  # `foo`, `F/o/o` and `Froo` would not match.
1080
1163
  #
1164
+ # If you specify `logGroupNamePattern` in your request, then only `arn`,
1165
+ # `creationTime`, and `logGroupName` are included in the response.
1166
+ #
1081
1167
  # <note markdown="1"> `logGroupNamePattern` and `logGroupNamePrefix` are mutually exclusive.
1082
1168
  # Only one of these parameters can be passed.
1083
1169
  #
@@ -1101,12 +1187,6 @@ module Aws::CloudWatchLogs
1101
1187
  # account and all log groups in all source accounts that are linked to
1102
1188
  # the monitoring account.
1103
1189
  #
1104
- # <note markdown="1"> If you specify `includeLinkedAccounts` in your request, then
1105
- # `metricFilterCount`, `retentionInDays`, and `storedBytes` are not
1106
- # included in the response.
1107
- #
1108
- # </note>
1109
- #
1110
1190
  # @return [Types::DescribeLogGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1111
1191
  #
1112
1192
  # * {Types::DescribeLogGroupsResponse#log_groups #log_groups} => Array&lt;Types::LogGroup&gt;
@@ -1136,6 +1216,8 @@ module Aws::CloudWatchLogs
1136
1216
  # resp.log_groups[0].stored_bytes #=> Integer
1137
1217
  # resp.log_groups[0].kms_key_id #=> String
1138
1218
  # resp.log_groups[0].data_protection_status #=> String, one of "ACTIVATED", "DELETED", "ARCHIVED", "DISABLED"
1219
+ # resp.log_groups[0].inherited_properties #=> Array
1220
+ # resp.log_groups[0].inherited_properties[0] #=> String, one of "ACCOUNT_DATA_PROTECTION"
1139
1221
  # resp.next_token #=> String
1140
1222
  #
1141
1223
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups AWS API Documentation
@@ -1566,7 +1648,7 @@ module Aws::CloudWatchLogs
1566
1648
  # log events or filter the results using a filter pattern, a time range,
1567
1649
  # and the name of the log stream.
1568
1650
  #
1569
- # You must have the `logs;FilterLogEvents` permission to perform this
1651
+ # You must have the `logs:FilterLogEvents` permission to perform this
1570
1652
  # operation.
1571
1653
  #
1572
1654
  # You can specify the log group to search by using either
@@ -2137,6 +2219,141 @@ module Aws::CloudWatchLogs
2137
2219
  req.send_request(options)
2138
2220
  end
2139
2221
 
2222
+ # Creates an account-level data protection policy that applies to all
2223
+ # log groups in the account. A data protection policy can help safeguard
2224
+ # sensitive data that's ingested by your log groups by auditing and
2225
+ # masking the sensitive log data. Each account can have only one
2226
+ # account-level policy.
2227
+ #
2228
+ # Sensitive data is detected and masked when it is ingested into a log
2229
+ # group. When you set a data protection policy, log events ingested into
2230
+ # the log groups before that time are not masked.
2231
+ #
2232
+ # If you use `PutAccountPolicy` to create a data protection policy for
2233
+ # your whole account, it applies to both existing log groups and all log
2234
+ # groups that are created later in this account. The account policy is
2235
+ # applied to existing log groups with eventual consistency. It might
2236
+ # take up to 5 minutes before sensitive data in existing log groups
2237
+ # begins to be masked.
2238
+ #
2239
+ # By default, when a user views a log event that includes masked data,
2240
+ # the sensitive data is replaced by asterisks. A user who has the
2241
+ # `logs:Unmask` permission can use a [GetLogEvents][1] or
2242
+ # [FilterLogEvents][2] operation with the `unmask` parameter set to
2243
+ # `true` to view the unmasked log events. Users with the `logs:Unmask`
2244
+ # can also view unmasked data in the CloudWatch Logs console by running
2245
+ # a CloudWatch Logs Insights query with the `unmask` query command.
2246
+ #
2247
+ # For more information, including a list of types of data that can be
2248
+ # audited and masked, see [Protect sensitive log data with masking][3].
2249
+ #
2250
+ # To use the `PutAccountPolicy` operation, you must be signed on with
2251
+ # the `logs:PutDataProtectionPolicy` and `logs:PutAccountPolicy`
2252
+ # permissions.
2253
+ #
2254
+ # The `PutAccountPolicy` operation applies to all log groups in the
2255
+ # account. You can also use [PutDataProtectionPolicy][4] to create a
2256
+ # data protection policy that applies to just one log group. If a log
2257
+ # group has its own data protection policy and the account also has an
2258
+ # account-level data protection policy, then the two policies are
2259
+ # cumulative. Any sensitive term specified in either policy is masked.
2260
+ #
2261
+ #
2262
+ #
2263
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
2264
+ # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
2265
+ # [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
2266
+ # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
2267
+ #
2268
+ # @option params [required, String] :policy_name
2269
+ # A name for the policy. This must be unique within the account.
2270
+ #
2271
+ # @option params [required, String] :policy_document
2272
+ # Specify the data protection policy, in JSON.
2273
+ #
2274
+ # This policy must include two JSON blocks:
2275
+ #
2276
+ # * The first block must include both a `DataIdentifer` array and an
2277
+ # `Operation` property with an `Audit` action. The `DataIdentifer`
2278
+ # array lists the types of sensitive data that you want to mask. For
2279
+ # more information about the available options, see [Types of data
2280
+ # that you can mask][1].
2281
+ #
2282
+ # The `Operation` property with an `Audit` action is required to find
2283
+ # the sensitive data terms. This `Audit` action must contain a
2284
+ # `FindingsDestination` object. You can optionally use that
2285
+ # `FindingsDestination` object to list one or more destinations to
2286
+ # send audit findings to. If you specify destinations such as log
2287
+ # groups, Kinesis Data Firehose streams, and S3 buckets, they must
2288
+ # already exist.
2289
+ #
2290
+ # * The second block must include both a `DataIdentifer` array and an
2291
+ # `Operation` property with an `Deidentify` action. The
2292
+ # `DataIdentifer` array must exactly match the `DataIdentifer` array
2293
+ # in the first block of the policy.
2294
+ #
2295
+ # The `Operation` property with the `Deidentify` action is what
2296
+ # actually masks the data, and it must contain the ` "MaskConfig":
2297
+ # \{\}` object. The ` "MaskConfig": \{\}` object must be empty.
2298
+ #
2299
+ # For an example data protection policy, see the **Examples** section on
2300
+ # this page.
2301
+ #
2302
+ # The contents of the two `DataIdentifer` arrays must match exactly.
2303
+ #
2304
+ # In addition to the two JSON blocks, the `policyDocument` can also
2305
+ # include `Name`, `Description`, and `Version` fields. The `Name` is
2306
+ # different than the operation's `policyName` parameter, and is used as
2307
+ # a dimension when CloudWatch Logs reports audit findings metrics to
2308
+ # CloudWatch.
2309
+ #
2310
+ # The JSON specified in `policyDocument` can be up to 30,720 characters.
2311
+ #
2312
+ #
2313
+ #
2314
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
2315
+ #
2316
+ # @option params [required, String] :policy_type
2317
+ # Currently the only valid value for this parameter is
2318
+ # `DATA_PROTECTION_POLICY`.
2319
+ #
2320
+ # @option params [String] :scope
2321
+ # Currently the only valid value for this parameter is `GLOBAL`, which
2322
+ # specifies that the data protection policy applies to all log groups in
2323
+ # the account. If you omit this parameter, the default of `GLOBAL` is
2324
+ # used.
2325
+ #
2326
+ # @return [Types::PutAccountPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2327
+ #
2328
+ # * {Types::PutAccountPolicyResponse#account_policy #account_policy} => Types::AccountPolicy
2329
+ #
2330
+ # @example Request syntax with placeholder values
2331
+ #
2332
+ # resp = client.put_account_policy({
2333
+ # policy_name: "PolicyName", # required
2334
+ # policy_document: "AccountPolicyDocument", # required
2335
+ # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY
2336
+ # scope: "ALL", # accepts ALL
2337
+ # })
2338
+ #
2339
+ # @example Response structure
2340
+ #
2341
+ # resp.account_policy.policy_name #=> String
2342
+ # resp.account_policy.policy_document #=> String
2343
+ # resp.account_policy.last_updated_time #=> Integer
2344
+ # resp.account_policy.policy_type #=> String, one of "DATA_PROTECTION_POLICY"
2345
+ # resp.account_policy.scope #=> String, one of "ALL"
2346
+ # resp.account_policy.account_id #=> String
2347
+ #
2348
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy AWS API Documentation
2349
+ #
2350
+ # @overload put_account_policy(params = {})
2351
+ # @param [Hash] params ({})
2352
+ def put_account_policy(params = {}, options = {})
2353
+ req = build_request(:put_account_policy, params)
2354
+ req.send_request(options)
2355
+ end
2356
+
2140
2357
  # Creates a data protection policy for the specified log group. A data
2141
2358
  # protection policy can help safeguard sensitive data that's ingested
2142
2359
  # by the log group by auditing and masking the sensitive log data.
@@ -2156,11 +2373,21 @@ module Aws::CloudWatchLogs
2156
2373
  # For more information, including a list of types of data that can be
2157
2374
  # audited and masked, see [Protect sensitive log data with masking][3].
2158
2375
  #
2376
+ # The `PutDataProtectionPolicy` operation applies to only the specified
2377
+ # log group. You can also use [PutAccountPolicy][4] to create an
2378
+ # account-level data protection policy that applies to all log groups in
2379
+ # the account, including both existing log groups and log groups that
2380
+ # are created level. If a log group has its own data protection policy
2381
+ # and the account also has an account-level data protection policy, then
2382
+ # the two policies are cumulative. Any sensitive term specified in
2383
+ # either policy is masked.
2384
+ #
2159
2385
  #
2160
2386
  #
2161
2387
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
2162
2388
  # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
2163
2389
  # [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
2390
+ # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
2164
2391
  #
2165
2392
  # @option params [required, String] :log_group_identifier
2166
2393
  # Specify either the log group name or log group ARN.
@@ -2196,7 +2423,14 @@ module Aws::CloudWatchLogs
2196
2423
  # For an example data protection policy, see the **Examples** section on
2197
2424
  # this page.
2198
2425
  #
2199
- # The contents of two `DataIdentifer` arrays must match exactly.
2426
+ # The contents of the two `DataIdentifer` arrays must match exactly.
2427
+ #
2428
+ # In addition to the two JSON blocks, the `policyDocument` can also
2429
+ # include `Name`, `Description`, and `Version` fields. The `Name` is
2430
+ # used as a dimension when CloudWatch Logs reports audit findings
2431
+ # metrics to CloudWatch.
2432
+ #
2433
+ # The JSON specified in `policyDocument` can be up to 30,720 characters.
2200
2434
  #
2201
2435
  #
2202
2436
  #
@@ -2328,11 +2562,11 @@ module Aws::CloudWatchLogs
2328
2562
  # @option params [Boolean] :force_update
2329
2563
  # Specify true if you are updating an existing destination policy to
2330
2564
  # grant permission to an organization ID instead of granting permission
2331
- # to individual AWS accounts. Before you update a destination policy
2332
- # this way, you must first update the subscription filters in the
2333
- # accounts that send logs to this destination. If you do not, the
2334
- # subscription filters might stop working. By specifying `true` for
2335
- # `forceUpdate`, you are affirming that you have already updated the
2565
+ # to individual Amazon Web Services accounts. Before you update a
2566
+ # destination policy this way, you must first update the subscription
2567
+ # filters in the accounts that send logs to this destination. If you do
2568
+ # not, the subscription filters might stop working. By specifying `true`
2569
+ # for `forceUpdate`, you are affirming that you have already updated the
2336
2570
  # subscription filters. For more information, see [ Updating an existing
2337
2571
  # cross-account subscription][1]
2338
2572
  #
@@ -2392,6 +2626,8 @@ module Aws::CloudWatchLogs
2392
2626
  # * A batch of log events in a single request cannot span more than 24
2393
2627
  # hours. Otherwise, the operation fails.
2394
2628
  #
2629
+ # * Each log event can be no larger than 256 KB.
2630
+ #
2395
2631
  # * The maximum number of log events in a batch is 10,000.
2396
2632
  #
2397
2633
  # * The quota of five requests per second per log stream has been
@@ -2708,7 +2944,7 @@ module Aws::CloudWatchLogs
2708
2944
  # @option params [required, Integer] :retention_in_days
2709
2945
  # The number of days to retain the log events in the specified log
2710
2946
  # group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180,
2711
- # 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
2947
+ # 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653.
2712
2948
  #
2713
2949
  # To set a log group so that its log events do not expire, use
2714
2950
  # [DeleteRetentionPolicy][1].
@@ -2760,8 +2996,9 @@ module Aws::CloudWatchLogs
2760
2996
  # it. If you are updating an existing filter, you must specify the
2761
2997
  # correct name in `filterName`.
2762
2998
  #
2763
- # To perform a `PutSubscriptionFilter` operation, you must also have the
2764
- # `iam:PassRole` permission.
2999
+ # To perform a `PutSubscriptionFilter` operation for any destination
3000
+ # except a Lambda function, you must also have the `iam:PassRole`
3001
+ # permission.
2765
3002
  #
2766
3003
  #
2767
3004
  #
@@ -2848,7 +3085,7 @@ module Aws::CloudWatchLogs
2848
3085
  #
2849
3086
  # For more information, see [CloudWatch Logs Insights Query Syntax][1].
2850
3087
  #
2851
- # Queries time out after 15 minutes of runtime. If your queries are
3088
+ # Queries time out after 60 minutes of runtime. If your queries are
2852
3089
  # timing out, reduce the time range being searched or partition your
2853
3090
  # query into a number of queries.
2854
3091
  #
@@ -2858,7 +3095,7 @@ module Aws::CloudWatchLogs
2858
3095
  # observability][2]. For a cross-account `StartQuery` operation, the
2859
3096
  # query definition must be defined in the monitoring account.
2860
3097
  #
2861
- # You can have up to 20 concurrent CloudWatch Logs insights queries,
3098
+ # You can have up to 30 concurrent CloudWatch Logs insights queries,
2862
3099
  # including queries that have been added to dashboards.
2863
3100
  #
2864
3101
  #
@@ -3224,7 +3461,7 @@ module Aws::CloudWatchLogs
3224
3461
  params: params,
3225
3462
  config: config)
3226
3463
  context[:gem_name] = 'aws-sdk-cloudwatchlogs'
3227
- context[:gem_version] = '1.63.0'
3464
+ context[:gem_version] = '1.64.0'
3228
3465
  Seahorse::Client::Request.new(handlers, context)
3229
3466
  end
3230
3467
 
@@ -16,6 +16,9 @@ module Aws::CloudWatchLogs
16
16
  AccessPolicy = Shapes::StringShape.new(name: 'AccessPolicy')
17
17
  AccountId = Shapes::StringShape.new(name: 'AccountId')
18
18
  AccountIds = Shapes::ListShape.new(name: 'AccountIds')
19
+ AccountPolicies = Shapes::ListShape.new(name: 'AccountPolicies')
20
+ AccountPolicy = Shapes::StructureShape.new(name: 'AccountPolicy')
21
+ AccountPolicyDocument = Shapes::StringShape.new(name: 'AccountPolicyDocument')
19
22
  AmazonResourceName = Shapes::StringShape.new(name: 'AmazonResourceName')
20
23
  Arn = Shapes::StringShape.new(name: 'Arn')
21
24
  AssociateKmsKeyRequest = Shapes::StructureShape.new(name: 'AssociateKmsKeyRequest')
@@ -29,6 +32,7 @@ module Aws::CloudWatchLogs
29
32
  DataProtectionStatus = Shapes::StringShape.new(name: 'DataProtectionStatus')
30
33
  Days = Shapes::IntegerShape.new(name: 'Days')
31
34
  DefaultValue = Shapes::FloatShape.new(name: 'DefaultValue')
35
+ DeleteAccountPolicyRequest = Shapes::StructureShape.new(name: 'DeleteAccountPolicyRequest')
32
36
  DeleteDataProtectionPolicyRequest = Shapes::StructureShape.new(name: 'DeleteDataProtectionPolicyRequest')
33
37
  DeleteDestinationRequest = Shapes::StructureShape.new(name: 'DeleteDestinationRequest')
34
38
  DeleteLogGroupRequest = Shapes::StructureShape.new(name: 'DeleteLogGroupRequest')
@@ -40,6 +44,8 @@ module Aws::CloudWatchLogs
40
44
  DeleteRetentionPolicyRequest = Shapes::StructureShape.new(name: 'DeleteRetentionPolicyRequest')
41
45
  DeleteSubscriptionFilterRequest = Shapes::StructureShape.new(name: 'DeleteSubscriptionFilterRequest')
42
46
  Descending = Shapes::BooleanShape.new(name: 'Descending')
47
+ DescribeAccountPoliciesRequest = Shapes::StructureShape.new(name: 'DescribeAccountPoliciesRequest')
48
+ DescribeAccountPoliciesResponse = Shapes::StructureShape.new(name: 'DescribeAccountPoliciesResponse')
43
49
  DescribeDestinationsRequest = Shapes::StructureShape.new(name: 'DescribeDestinationsRequest')
44
50
  DescribeDestinationsResponse = Shapes::StructureShape.new(name: 'DescribeDestinationsResponse')
45
51
  DescribeExportTasksRequest = Shapes::StructureShape.new(name: 'DescribeExportTasksRequest')
@@ -104,6 +110,8 @@ module Aws::CloudWatchLogs
104
110
  GetQueryResultsRequest = Shapes::StructureShape.new(name: 'GetQueryResultsRequest')
105
111
  GetQueryResultsResponse = Shapes::StructureShape.new(name: 'GetQueryResultsResponse')
106
112
  IncludeLinkedAccounts = Shapes::BooleanShape.new(name: 'IncludeLinkedAccounts')
113
+ InheritedProperties = Shapes::ListShape.new(name: 'InheritedProperties')
114
+ InheritedProperty = Shapes::StringShape.new(name: 'InheritedProperty')
107
115
  InputLogEvent = Shapes::StructureShape.new(name: 'InputLogEvent')
108
116
  InputLogEvents = Shapes::ListShape.new(name: 'InputLogEvents')
109
117
  InputLogStreamNames = Shapes::ListShape.new(name: 'InputLogStreamNames')
@@ -152,6 +160,9 @@ module Aws::CloudWatchLogs
152
160
  Percentage = Shapes::IntegerShape.new(name: 'Percentage')
153
161
  PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
154
162
  PolicyName = Shapes::StringShape.new(name: 'PolicyName')
163
+ PolicyType = Shapes::StringShape.new(name: 'PolicyType')
164
+ PutAccountPolicyRequest = Shapes::StructureShape.new(name: 'PutAccountPolicyRequest')
165
+ PutAccountPolicyResponse = Shapes::StructureShape.new(name: 'PutAccountPolicyResponse')
155
166
  PutDataProtectionPolicyRequest = Shapes::StructureShape.new(name: 'PutDataProtectionPolicyRequest')
156
167
  PutDataProtectionPolicyResponse = Shapes::StructureShape.new(name: 'PutDataProtectionPolicyResponse')
157
168
  PutDestinationPolicyRequest = Shapes::StructureShape.new(name: 'PutDestinationPolicyRequest')
@@ -189,6 +200,7 @@ module Aws::CloudWatchLogs
189
200
  ResultField = Shapes::StructureShape.new(name: 'ResultField')
190
201
  ResultRows = Shapes::ListShape.new(name: 'ResultRows')
191
202
  RoleArn = Shapes::StringShape.new(name: 'RoleArn')
203
+ Scope = Shapes::StringShape.new(name: 'Scope')
192
204
  SearchedLogStream = Shapes::StructureShape.new(name: 'SearchedLogStream')
193
205
  SearchedLogStreams = Shapes::ListShape.new(name: 'SearchedLogStreams')
194
206
  SequenceToken = Shapes::StringShape.new(name: 'SequenceToken')
@@ -226,6 +238,16 @@ module Aws::CloudWatchLogs
226
238
 
227
239
  AccountIds.member = Shapes::ShapeRef.new(shape: AccountId)
228
240
 
241
+ AccountPolicies.member = Shapes::ShapeRef.new(shape: AccountPolicy)
242
+
243
+ AccountPolicy.add_member(:policy_name, Shapes::ShapeRef.new(shape: PolicyName, location_name: "policyName"))
244
+ AccountPolicy.add_member(:policy_document, Shapes::ShapeRef.new(shape: AccountPolicyDocument, location_name: "policyDocument"))
245
+ AccountPolicy.add_member(:last_updated_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "lastUpdatedTime"))
246
+ AccountPolicy.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, location_name: "policyType"))
247
+ AccountPolicy.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, location_name: "scope"))
248
+ AccountPolicy.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "accountId"))
249
+ AccountPolicy.struct_class = Types::AccountPolicy
250
+
229
251
  AssociateKmsKeyRequest.add_member(:log_group_name, Shapes::ShapeRef.new(shape: LogGroupName, required: true, location_name: "logGroupName"))
230
252
  AssociateKmsKeyRequest.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyId, required: true, location_name: "kmsKeyId"))
231
253
  AssociateKmsKeyRequest.struct_class = Types::AssociateKmsKeyRequest
@@ -257,6 +279,10 @@ module Aws::CloudWatchLogs
257
279
  DataAlreadyAcceptedException.add_member(:expected_sequence_token, Shapes::ShapeRef.new(shape: SequenceToken, location_name: "expectedSequenceToken"))
258
280
  DataAlreadyAcceptedException.struct_class = Types::DataAlreadyAcceptedException
259
281
 
282
+ DeleteAccountPolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: PolicyName, required: true, location_name: "policyName"))
283
+ DeleteAccountPolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
284
+ DeleteAccountPolicyRequest.struct_class = Types::DeleteAccountPolicyRequest
285
+
260
286
  DeleteDataProtectionPolicyRequest.add_member(:log_group_identifier, Shapes::ShapeRef.new(shape: LogGroupIdentifier, required: true, location_name: "logGroupIdentifier"))
261
287
  DeleteDataProtectionPolicyRequest.struct_class = Types::DeleteDataProtectionPolicyRequest
262
288
 
@@ -290,6 +316,14 @@ module Aws::CloudWatchLogs
290
316
  DeleteSubscriptionFilterRequest.add_member(:filter_name, Shapes::ShapeRef.new(shape: FilterName, required: true, location_name: "filterName"))
291
317
  DeleteSubscriptionFilterRequest.struct_class = Types::DeleteSubscriptionFilterRequest
292
318
 
319
+ DescribeAccountPoliciesRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
320
+ DescribeAccountPoliciesRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: PolicyName, location_name: "policyName"))
321
+ DescribeAccountPoliciesRequest.add_member(:account_identifiers, Shapes::ShapeRef.new(shape: AccountIds, location_name: "accountIdentifiers"))
322
+ DescribeAccountPoliciesRequest.struct_class = Types::DescribeAccountPoliciesRequest
323
+
324
+ DescribeAccountPoliciesResponse.add_member(:account_policies, Shapes::ShapeRef.new(shape: AccountPolicies, location_name: "accountPolicies"))
325
+ DescribeAccountPoliciesResponse.struct_class = Types::DescribeAccountPoliciesResponse
326
+
293
327
  DescribeDestinationsRequest.add_member(:destination_name_prefix, Shapes::ShapeRef.new(shape: DestinationName, location_name: "DestinationNamePrefix"))
294
328
  DescribeDestinationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
295
329
  DescribeDestinationsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: DescribeLimit, location_name: "limit"))
@@ -497,6 +531,8 @@ module Aws::CloudWatchLogs
497
531
  GetQueryResultsResponse.add_member(:status, Shapes::ShapeRef.new(shape: QueryStatus, location_name: "status"))
498
532
  GetQueryResultsResponse.struct_class = Types::GetQueryResultsResponse
499
533
 
534
+ InheritedProperties.member = Shapes::ShapeRef.new(shape: InheritedProperty)
535
+
500
536
  InputLogEvent.add_member(:timestamp, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "timestamp"))
501
537
  InputLogEvent.add_member(:message, Shapes::ShapeRef.new(shape: EventMessage, required: true, location_name: "message"))
502
538
  InputLogEvent.struct_class = Types::InputLogEvent
@@ -534,6 +570,7 @@ module Aws::CloudWatchLogs
534
570
  LogGroup.add_member(:stored_bytes, Shapes::ShapeRef.new(shape: StoredBytes, location_name: "storedBytes"))
535
571
  LogGroup.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyId, location_name: "kmsKeyId"))
536
572
  LogGroup.add_member(:data_protection_status, Shapes::ShapeRef.new(shape: DataProtectionStatus, location_name: "dataProtectionStatus"))
573
+ LogGroup.add_member(:inherited_properties, Shapes::ShapeRef.new(shape: InheritedProperties, location_name: "inheritedProperties"))
537
574
  LogGroup.struct_class = Types::LogGroup
538
575
 
539
576
  LogGroupField.add_member(:name, Shapes::ShapeRef.new(shape: Field, location_name: "name"))
@@ -601,6 +638,15 @@ module Aws::CloudWatchLogs
601
638
 
602
639
  OutputLogEvents.member = Shapes::ShapeRef.new(shape: OutputLogEvent)
603
640
 
641
+ PutAccountPolicyRequest.add_member(:policy_name, Shapes::ShapeRef.new(shape: PolicyName, required: true, location_name: "policyName"))
642
+ PutAccountPolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: AccountPolicyDocument, required: true, location_name: "policyDocument"))
643
+ PutAccountPolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
644
+ PutAccountPolicyRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, location_name: "scope"))
645
+ PutAccountPolicyRequest.struct_class = Types::PutAccountPolicyRequest
646
+
647
+ PutAccountPolicyResponse.add_member(:account_policy, Shapes::ShapeRef.new(shape: AccountPolicy, location_name: "accountPolicy"))
648
+ PutAccountPolicyResponse.struct_class = Types::PutAccountPolicyResponse
649
+
604
650
  PutDataProtectionPolicyRequest.add_member(:log_group_identifier, Shapes::ShapeRef.new(shape: LogGroupIdentifier, required: true, location_name: "logGroupIdentifier"))
605
651
  PutDataProtectionPolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: DataProtectionPolicyDocument, required: true, location_name: "policyDocument"))
606
652
  PutDataProtectionPolicyRequest.struct_class = Types::PutDataProtectionPolicyRequest
@@ -879,6 +925,18 @@ module Aws::CloudWatchLogs
879
925
  o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
880
926
  end)
881
927
 
928
+ api.add_operation(:delete_account_policy, Seahorse::Model::Operation.new.tap do |o|
929
+ o.name = "DeleteAccountPolicy"
930
+ o.http_method = "POST"
931
+ o.http_request_uri = "/"
932
+ o.input = Shapes::ShapeRef.new(shape: DeleteAccountPolicyRequest)
933
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
934
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
935
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
936
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
937
+ o.errors << Shapes::ShapeRef.new(shape: OperationAbortedException)
938
+ end)
939
+
882
940
  api.add_operation(:delete_data_protection_policy, Seahorse::Model::Operation.new.tap do |o|
883
941
  o.name = "DeleteDataProtectionPolicy"
884
942
  o.http_method = "POST"
@@ -985,6 +1043,18 @@ module Aws::CloudWatchLogs
985
1043
  o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
986
1044
  end)
987
1045
 
1046
+ api.add_operation(:describe_account_policies, Seahorse::Model::Operation.new.tap do |o|
1047
+ o.name = "DescribeAccountPolicies"
1048
+ o.http_method = "POST"
1049
+ o.http_request_uri = "/"
1050
+ o.input = Shapes::ShapeRef.new(shape: DescribeAccountPoliciesRequest)
1051
+ o.output = Shapes::ShapeRef.new(shape: DescribeAccountPoliciesResponse)
1052
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
1053
+ o.errors << Shapes::ShapeRef.new(shape: OperationAbortedException)
1054
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1055
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
1056
+ end)
1057
+
988
1058
  api.add_operation(:describe_destinations, Seahorse::Model::Operation.new.tap do |o|
989
1059
  o.name = "DescribeDestinations"
990
1060
  o.http_method = "POST"
@@ -1224,6 +1294,18 @@ module Aws::CloudWatchLogs
1224
1294
  o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
1225
1295
  end)
1226
1296
 
1297
+ api.add_operation(:put_account_policy, Seahorse::Model::Operation.new.tap do |o|
1298
+ o.name = "PutAccountPolicy"
1299
+ o.http_method = "POST"
1300
+ o.http_request_uri = "/"
1301
+ o.input = Shapes::ShapeRef.new(shape: PutAccountPolicyRequest)
1302
+ o.output = Shapes::ShapeRef.new(shape: PutAccountPolicyResponse)
1303
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
1304
+ o.errors << Shapes::ShapeRef.new(shape: OperationAbortedException)
1305
+ o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
1306
+ o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
1307
+ end)
1308
+
1227
1309
  api.add_operation(:put_data_protection_policy, Seahorse::Model::Operation.new.tap do |o|
1228
1310
  o.name = "PutDataProtectionPolicy"
1229
1311
  o.http_method = "POST"
@@ -50,9 +50,6 @@ module Aws::CloudWatchLogs
50
50
 
51
51
  def initialize(options = {})
52
52
  self[:region] = options[:region]
53
- if self[:region].nil?
54
- raise ArgumentError, "Missing required EndpointParameter: :region"
55
- end
56
53
  self[:use_dual_stack] = options[:use_dual_stack]
57
54
  self[:use_dual_stack] = false if self[:use_dual_stack].nil?
58
55
  if self[:use_dual_stack].nil?
@@ -14,42 +14,45 @@ module Aws::CloudWatchLogs
14
14
  use_dual_stack = parameters.use_dual_stack
15
15
  use_fips = parameters.use_fips
16
16
  endpoint = parameters.endpoint
17
- if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
18
- if Aws::Endpoints::Matchers.set?(endpoint)
19
- if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
20
- raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
21
- end
22
- if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
23
- raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
24
- end
25
- return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
17
+ if Aws::Endpoints::Matchers.set?(endpoint)
18
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
19
+ raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
26
20
  end
27
- if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
28
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
29
- return Aws::Endpoints::Endpoint.new(url: "https://logs-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
30
- end
31
- raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
21
+ if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
22
+ raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
32
23
  end
33
- if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
34
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
35
- if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-east-1")
36
- return Aws::Endpoints::Endpoint.new(url: "https://logs.us-gov-east-1.amazonaws.com", headers: {}, properties: {})
24
+ return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
25
+ end
26
+ if Aws::Endpoints::Matchers.set?(region)
27
+ if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
28
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
29
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
30
+ return Aws::Endpoints::Endpoint.new(url: "https://logs-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
37
31
  end
38
- if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-west-1")
39
- return Aws::Endpoints::Endpoint.new(url: "https://logs.us-gov-west-1.amazonaws.com", headers: {}, properties: {})
32
+ raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
33
+ end
34
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
35
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
36
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-east-1")
37
+ return Aws::Endpoints::Endpoint.new(url: "https://logs.us-gov-east-1.amazonaws.com", headers: {}, properties: {})
38
+ end
39
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-west-1")
40
+ return Aws::Endpoints::Endpoint.new(url: "https://logs.us-gov-west-1.amazonaws.com", headers: {}, properties: {})
41
+ end
42
+ return Aws::Endpoints::Endpoint.new(url: "https://logs-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
40
43
  end
41
- return Aws::Endpoints::Endpoint.new(url: "https://logs-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
44
+ raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
42
45
  end
43
- raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
44
- end
45
- if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
46
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
47
- return Aws::Endpoints::Endpoint.new(url: "https://logs.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
46
+ if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
47
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
48
+ return Aws::Endpoints::Endpoint.new(url: "https://logs.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
49
+ end
50
+ raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
48
51
  end
49
- raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
52
+ return Aws::Endpoints::Endpoint.new(url: "https://logs.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
50
53
  end
51
- return Aws::Endpoints::Endpoint.new(url: "https://logs.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
52
54
  end
55
+ raise ArgumentError, "Invalid Configuration: Missing Region"
53
56
  raise ArgumentError, 'No endpoint could be resolved'
54
57
 
55
58
  end
@@ -81,6 +81,20 @@ module Aws::CloudWatchLogs
81
81
  end
82
82
  end
83
83
 
84
+ class DeleteAccountPolicy
85
+ def self.build(context)
86
+ unless context.config.regional_endpoint
87
+ endpoint = context.config.endpoint.to_s
88
+ end
89
+ Aws::CloudWatchLogs::EndpointParameters.new(
90
+ region: context.config.region,
91
+ use_dual_stack: context.config.use_dualstack_endpoint,
92
+ use_fips: context.config.use_fips_endpoint,
93
+ endpoint: endpoint,
94
+ )
95
+ end
96
+ end
97
+
84
98
  class DeleteDataProtectionPolicy
85
99
  def self.build(context)
86
100
  unless context.config.regional_endpoint
@@ -207,6 +221,20 @@ module Aws::CloudWatchLogs
207
221
  end
208
222
  end
209
223
 
224
+ class DescribeAccountPolicies
225
+ def self.build(context)
226
+ unless context.config.regional_endpoint
227
+ endpoint = context.config.endpoint.to_s
228
+ end
229
+ Aws::CloudWatchLogs::EndpointParameters.new(
230
+ region: context.config.region,
231
+ use_dual_stack: context.config.use_dualstack_endpoint,
232
+ use_fips: context.config.use_fips_endpoint,
233
+ endpoint: endpoint,
234
+ )
235
+ end
236
+ end
237
+
210
238
  class DescribeDestinations
211
239
  def self.build(context)
212
240
  unless context.config.regional_endpoint
@@ -459,6 +487,20 @@ module Aws::CloudWatchLogs
459
487
  end
460
488
  end
461
489
 
490
+ class PutAccountPolicy
491
+ def self.build(context)
492
+ unless context.config.regional_endpoint
493
+ endpoint = context.config.endpoint.to_s
494
+ end
495
+ Aws::CloudWatchLogs::EndpointParameters.new(
496
+ region: context.config.region,
497
+ use_dual_stack: context.config.use_dualstack_endpoint,
498
+ use_fips: context.config.use_fips_endpoint,
499
+ endpoint: endpoint,
500
+ )
501
+ end
502
+ end
503
+
462
504
  class PutDataProtectionPolicy
463
505
  def self.build(context)
464
506
  unless context.config.regional_endpoint
@@ -66,6 +66,8 @@ module Aws::CloudWatchLogs
66
66
  Aws::CloudWatchLogs::Endpoints::CreateLogGroup.build(context)
67
67
  when :create_log_stream
68
68
  Aws::CloudWatchLogs::Endpoints::CreateLogStream.build(context)
69
+ when :delete_account_policy
70
+ Aws::CloudWatchLogs::Endpoints::DeleteAccountPolicy.build(context)
69
71
  when :delete_data_protection_policy
70
72
  Aws::CloudWatchLogs::Endpoints::DeleteDataProtectionPolicy.build(context)
71
73
  when :delete_destination
@@ -84,6 +86,8 @@ module Aws::CloudWatchLogs
84
86
  Aws::CloudWatchLogs::Endpoints::DeleteRetentionPolicy.build(context)
85
87
  when :delete_subscription_filter
86
88
  Aws::CloudWatchLogs::Endpoints::DeleteSubscriptionFilter.build(context)
89
+ when :describe_account_policies
90
+ Aws::CloudWatchLogs::Endpoints::DescribeAccountPolicies.build(context)
87
91
  when :describe_destinations
88
92
  Aws::CloudWatchLogs::Endpoints::DescribeDestinations.build(context)
89
93
  when :describe_export_tasks
@@ -120,6 +124,8 @@ module Aws::CloudWatchLogs
120
124
  Aws::CloudWatchLogs::Endpoints::ListTagsForResource.build(context)
121
125
  when :list_tags_log_group
122
126
  Aws::CloudWatchLogs::Endpoints::ListTagsLogGroup.build(context)
127
+ when :put_account_policy
128
+ Aws::CloudWatchLogs::Endpoints::PutAccountPolicy.build(context)
123
129
  when :put_data_protection_policy
124
130
  Aws::CloudWatchLogs::Endpoints::PutDataProtectionPolicy.build(context)
125
131
  when :put_destination
@@ -10,6 +10,49 @@
10
10
  module Aws::CloudWatchLogs
11
11
  module Types
12
12
 
13
+ # A structure that contains information about one CloudWatch Logs
14
+ # account policy.
15
+ #
16
+ # @!attribute [rw] policy_name
17
+ # The name of the account policy.
18
+ # @return [String]
19
+ #
20
+ # @!attribute [rw] policy_document
21
+ # The policy document for this account policy.
22
+ #
23
+ # The JSON specified in `policyDocument` can be up to 30,720
24
+ # characters.
25
+ # @return [String]
26
+ #
27
+ # @!attribute [rw] last_updated_time
28
+ # The date and time that this policy was most recently updated.
29
+ # @return [Integer]
30
+ #
31
+ # @!attribute [rw] policy_type
32
+ # The type of policy for this account policy.
33
+ # @return [String]
34
+ #
35
+ # @!attribute [rw] scope
36
+ # The scope of the account policy.
37
+ # @return [String]
38
+ #
39
+ # @!attribute [rw] account_id
40
+ # The Amazon Web Services account ID that the policy applies to.
41
+ # @return [String]
42
+ #
43
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AccountPolicy AWS API Documentation
44
+ #
45
+ class AccountPolicy < Struct.new(
46
+ :policy_name,
47
+ :policy_document,
48
+ :last_updated_time,
49
+ :policy_type,
50
+ :scope,
51
+ :account_id)
52
+ SENSITIVE = []
53
+ include Aws::Structure
54
+ end
55
+
13
56
  # @!attribute [rw] log_group_name
14
57
  # The name of the log group.
15
58
  # @return [String]
@@ -186,6 +229,24 @@ module Aws::CloudWatchLogs
186
229
  include Aws::Structure
187
230
  end
188
231
 
232
+ # @!attribute [rw] policy_name
233
+ # The name of the policy to delete.
234
+ # @return [String]
235
+ #
236
+ # @!attribute [rw] policy_type
237
+ # The type of policy to delete. Currently, the only valid value is
238
+ # `DATA_PROTECTION_POLICY`.
239
+ # @return [String]
240
+ #
241
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicyRequest AWS API Documentation
242
+ #
243
+ class DeleteAccountPolicyRequest < Struct.new(
244
+ :policy_name,
245
+ :policy_type)
246
+ SENSITIVE = []
247
+ include Aws::Structure
248
+ end
249
+
189
250
  # @!attribute [rw] log_group_identifier
190
251
  # The name or ARN of the log group that you want to delete the data
191
252
  # protection policy for.
@@ -329,6 +390,51 @@ module Aws::CloudWatchLogs
329
390
  include Aws::Structure
330
391
  end
331
392
 
393
+ # @!attribute [rw] policy_type
394
+ # Use this parameter to limit the returned policies to only the
395
+ # policies that match the policy type that you specify. Currently, the
396
+ # only valid value is `DATA_PROTECTION_POLICY`.
397
+ # @return [String]
398
+ #
399
+ # @!attribute [rw] policy_name
400
+ # Use this parameter to limit the returned policies to only the policy
401
+ # with the name that you specify.
402
+ # @return [String]
403
+ #
404
+ # @!attribute [rw] account_identifiers
405
+ # If you are using an account that is set up as a monitoring account
406
+ # for CloudWatch unified cross-account observability, you can use this
407
+ # to specify the account ID of a source account. If you do, the
408
+ # operation returns the account policy for the specified account.
409
+ # Currently, you can specify only one account ID in this parameter.
410
+ #
411
+ # If you omit this parameter, only the policy in the current account
412
+ # is returned.
413
+ # @return [Array<String>]
414
+ #
415
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPoliciesRequest AWS API Documentation
416
+ #
417
+ class DescribeAccountPoliciesRequest < Struct.new(
418
+ :policy_type,
419
+ :policy_name,
420
+ :account_identifiers)
421
+ SENSITIVE = []
422
+ include Aws::Structure
423
+ end
424
+
425
+ # @!attribute [rw] account_policies
426
+ # An array of structures that contain information about the CloudWatch
427
+ # Logs account policies that match the specified filters.
428
+ # @return [Array<Types::AccountPolicy>]
429
+ #
430
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPoliciesResponse AWS API Documentation
431
+ #
432
+ class DescribeAccountPoliciesResponse < Struct.new(
433
+ :account_policies)
434
+ SENSITIVE = []
435
+ include Aws::Structure
436
+ end
437
+
332
438
  # @!attribute [rw] destination_name_prefix
333
439
  # The prefix to match. If you don't specify a value, no prefix filter
334
440
  # is applied.
@@ -443,6 +549,10 @@ module Aws::CloudWatchLogs
443
549
  # log groups named `FooBar`, `aws/Foo`, and `GroupFoo` would match,
444
550
  # but `foo`, `F/o/o` and `Froo` would not match.
445
551
  #
552
+ # If you specify `logGroupNamePattern` in your request, then only
553
+ # `arn`, `creationTime`, and `logGroupName` are included in the
554
+ # response.
555
+ #
446
556
  # <note markdown="1"> `logGroupNamePattern` and `logGroupNamePrefix` are mutually
447
557
  # exclusive. Only one of these parameters can be passed.
448
558
  #
@@ -468,12 +578,6 @@ module Aws::CloudWatchLogs
468
578
  # a null value, the operation returns all log groups in the monitoring
469
579
  # account and all log groups in all source accounts that are linked to
470
580
  # the monitoring account.
471
- #
472
- # <note markdown="1"> If you specify `includeLinkedAccounts` in your request, then
473
- # `metricFilterCount`, `retentionInDays`, and `storedBytes` are not
474
- # included in the response.
475
- #
476
- # </note>
477
581
  # @return [Boolean]
478
582
  #
479
583
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroupsRequest AWS API Documentation
@@ -1434,7 +1538,7 @@ module Aws::CloudWatchLogs
1434
1538
  # are `Cancelled`, `Complete`, `Failed`, `Running`, `Scheduled`,
1435
1539
  # `Timeout`, and `Unknown`.
1436
1540
  #
1437
- # Queries time out after 15 minutes of runtime. To avoid having your
1541
+ # Queries time out after 60 minutes of runtime. To avoid having your
1438
1542
  # queries time out, reduce the time range being searched or partition
1439
1543
  # your query into a number of queries.
1440
1544
  # @return [String]
@@ -1458,7 +1562,7 @@ module Aws::CloudWatchLogs
1458
1562
  # @return [Integer]
1459
1563
  #
1460
1564
  # @!attribute [rw] message
1461
- # The raw event message.
1565
+ # The raw event message. Each log event can be no larger than 256 KB.
1462
1566
  # @return [String]
1463
1567
  #
1464
1568
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/InputLogEvent AWS API Documentation
@@ -1582,7 +1686,8 @@ module Aws::CloudWatchLogs
1582
1686
  # @!attribute [rw] retention_in_days
1583
1687
  # The number of days to retain the log events in the specified log
1584
1688
  # group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150,
1585
- # 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
1689
+ # 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and
1690
+ # 3653.
1586
1691
  #
1587
1692
  # To set a log group so that its log events do not expire, use
1588
1693
  # [DeleteRetentionPolicy][1].
@@ -1619,6 +1724,11 @@ module Aws::CloudWatchLogs
1619
1724
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
1620
1725
  # @return [String]
1621
1726
  #
1727
+ # @!attribute [rw] inherited_properties
1728
+ # Displays all the properties that this log group has inherited from
1729
+ # account-level settings.
1730
+ # @return [Array<String>]
1731
+ #
1622
1732
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/LogGroup AWS API Documentation
1623
1733
  #
1624
1734
  class LogGroup < Struct.new(
@@ -1629,7 +1739,8 @@ module Aws::CloudWatchLogs
1629
1739
  :arn,
1630
1740
  :stored_bytes,
1631
1741
  :kms_key_id,
1632
- :data_protection_status)
1742
+ :data_protection_status,
1743
+ :inherited_properties)
1633
1744
  SENSITIVE = []
1634
1745
  include Aws::Structure
1635
1746
  end
@@ -1916,6 +2027,92 @@ module Aws::CloudWatchLogs
1916
2027
  include Aws::Structure
1917
2028
  end
1918
2029
 
2030
+ # @!attribute [rw] policy_name
2031
+ # A name for the policy. This must be unique within the account.
2032
+ # @return [String]
2033
+ #
2034
+ # @!attribute [rw] policy_document
2035
+ # Specify the data protection policy, in JSON.
2036
+ #
2037
+ # This policy must include two JSON blocks:
2038
+ #
2039
+ # * The first block must include both a `DataIdentifer` array and an
2040
+ # `Operation` property with an `Audit` action. The `DataIdentifer`
2041
+ # array lists the types of sensitive data that you want to mask. For
2042
+ # more information about the available options, see [Types of data
2043
+ # that you can mask][1].
2044
+ #
2045
+ # The `Operation` property with an `Audit` action is required to
2046
+ # find the sensitive data terms. This `Audit` action must contain a
2047
+ # `FindingsDestination` object. You can optionally use that
2048
+ # `FindingsDestination` object to list one or more destinations to
2049
+ # send audit findings to. If you specify destinations such as log
2050
+ # groups, Kinesis Data Firehose streams, and S3 buckets, they must
2051
+ # already exist.
2052
+ #
2053
+ # * The second block must include both a `DataIdentifer` array and an
2054
+ # `Operation` property with an `Deidentify` action. The
2055
+ # `DataIdentifer` array must exactly match the `DataIdentifer` array
2056
+ # in the first block of the policy.
2057
+ #
2058
+ # The `Operation` property with the `Deidentify` action is what
2059
+ # actually masks the data, and it must contain the ` "MaskConfig":
2060
+ # \{\}` object. The ` "MaskConfig": \{\}` object must be empty.
2061
+ #
2062
+ # For an example data protection policy, see the **Examples** section
2063
+ # on this page.
2064
+ #
2065
+ # The contents of the two `DataIdentifer` arrays must match exactly.
2066
+ #
2067
+ # In addition to the two JSON blocks, the `policyDocument` can also
2068
+ # include `Name`, `Description`, and `Version` fields. The `Name` is
2069
+ # different than the operation's `policyName` parameter, and is used
2070
+ # as a dimension when CloudWatch Logs reports audit findings metrics
2071
+ # to CloudWatch.
2072
+ #
2073
+ # The JSON specified in `policyDocument` can be up to 30,720
2074
+ # characters.
2075
+ #
2076
+ #
2077
+ #
2078
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
2079
+ # @return [String]
2080
+ #
2081
+ # @!attribute [rw] policy_type
2082
+ # Currently the only valid value for this parameter is
2083
+ # `DATA_PROTECTION_POLICY`.
2084
+ # @return [String]
2085
+ #
2086
+ # @!attribute [rw] scope
2087
+ # Currently the only valid value for this parameter is `GLOBAL`, which
2088
+ # specifies that the data protection policy applies to all log groups
2089
+ # in the account. If you omit this parameter, the default of `GLOBAL`
2090
+ # is used.
2091
+ # @return [String]
2092
+ #
2093
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicyRequest AWS API Documentation
2094
+ #
2095
+ class PutAccountPolicyRequest < Struct.new(
2096
+ :policy_name,
2097
+ :policy_document,
2098
+ :policy_type,
2099
+ :scope)
2100
+ SENSITIVE = []
2101
+ include Aws::Structure
2102
+ end
2103
+
2104
+ # @!attribute [rw] account_policy
2105
+ # The account policy that you created.
2106
+ # @return [Types::AccountPolicy]
2107
+ #
2108
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicyResponse AWS API Documentation
2109
+ #
2110
+ class PutAccountPolicyResponse < Struct.new(
2111
+ :account_policy)
2112
+ SENSITIVE = []
2113
+ include Aws::Structure
2114
+ end
2115
+
1919
2116
  # @!attribute [rw] log_group_identifier
1920
2117
  # Specify either the log group name or log group ARN.
1921
2118
  # @return [String]
@@ -1951,7 +2148,15 @@ module Aws::CloudWatchLogs
1951
2148
  # For an example data protection policy, see the **Examples** section
1952
2149
  # on this page.
1953
2150
  #
1954
- # The contents of two `DataIdentifer` arrays must match exactly.
2151
+ # The contents of the two `DataIdentifer` arrays must match exactly.
2152
+ #
2153
+ # In addition to the two JSON blocks, the `policyDocument` can also
2154
+ # include `Name`, `Description`, and `Version` fields. The `Name` is
2155
+ # used as a dimension when CloudWatch Logs reports audit findings
2156
+ # metrics to CloudWatch.
2157
+ #
2158
+ # The JSON specified in `policyDocument` can be up to 30,720
2159
+ # characters.
1955
2160
  #
1956
2161
  #
1957
2162
  #
@@ -2002,13 +2207,14 @@ module Aws::CloudWatchLogs
2002
2207
  # @!attribute [rw] force_update
2003
2208
  # Specify true if you are updating an existing destination policy to
2004
2209
  # grant permission to an organization ID instead of granting
2005
- # permission to individual AWS accounts. Before you update a
2006
- # destination policy this way, you must first update the subscription
2007
- # filters in the accounts that send logs to this destination. If you
2008
- # do not, the subscription filters might stop working. By specifying
2009
- # `true` for `forceUpdate`, you are affirming that you have already
2010
- # updated the subscription filters. For more information, see [
2011
- # Updating an existing cross-account subscription][1]
2210
+ # permission to individual Amazon Web Services accounts. Before you
2211
+ # update a destination policy this way, you must first update the
2212
+ # subscription filters in the accounts that send logs to this
2213
+ # destination. If you do not, the subscription filters might stop
2214
+ # working. By specifying `true` for `forceUpdate`, you are affirming
2215
+ # that you have already updated the subscription filters. For more
2216
+ # information, see [ Updating an existing cross-account
2217
+ # subscription][1]
2012
2218
  #
2013
2219
  # If you omit this parameter, the default of `false` is used.
2014
2220
  #
@@ -2297,7 +2503,8 @@ module Aws::CloudWatchLogs
2297
2503
  # @!attribute [rw] retention_in_days
2298
2504
  # The number of days to retain the log events in the specified log
2299
2505
  # group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150,
2300
- # 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
2506
+ # 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and
2507
+ # 3653.
2301
2508
  #
2302
2509
  # To set a log group so that its log events do not expire, use
2303
2510
  # [DeleteRetentionPolicy][1].
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-cloudwatchlogs/customizations'
52
52
  # @!group service
53
53
  module Aws::CloudWatchLogs
54
54
 
55
- GEM_VERSION = '1.63.0'
55
+ GEM_VERSION = '1.64.0'
56
56
 
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-cloudwatchlogs
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.63.0
4
+ version: 1.64.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-31 00:00:00.000000000 Z
11
+ date: 2023-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core