aws-sdk-cloudwatchlogs 1.73.0 → 1.74.0

data/lib/aws-sdk-cloudwatchlogs/types.rb

@@ -59,6 +59,223 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This structure represents one anomaly that has been found by a logs
+    # anomaly detector.
+    #
+    # For more information about patterns and anomalies, see
+    # [CreateLogAnomalyDetector][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html
+    #
+    # @!attribute [rw] anomaly_id
+    #   The unique ID that CloudWatch Logs assigned to this anomaly.
+    #   @return [String]
+    #
+    # @!attribute [rw] pattern_id
+    #   The ID of the pattern used to help identify this anomaly.
+    #   @return [String]
+    #
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector that identified this anomaly.
+    #   @return [String]
+    #
+    # @!attribute [rw] pattern_string
+    #   The pattern used to help identify this anomaly, in string format.
+    #   @return [String]
+    #
+    # @!attribute [rw] pattern_regex
+    #   The pattern used to help identify this anomaly, in regular
+    #   expression format.
+    #   @return [String]
+    #
+    # @!attribute [rw] priority
+    #   The priority level of this anomaly, as determined by CloudWatch
+    #   Logs. Priority is computed based on log severity labels such as
+    #   `FATAL` and `ERROR` and the amount of deviation from the baseline.
+    #   Possible values are `HIGH`, `MEDIUM`, and `LOW`.
+    #   @return [String]
+    #
+    # @!attribute [rw] first_seen
+    #   The date and time when the anomaly detector first saw this anomaly.
+    #   It is specified as epoch time, which is the number of seconds since
+    #   `January 1, 1970, 00:00:00 UTC`.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] last_seen
+    #   The date and time when the anomaly detector most recently saw this
+    #   anomaly. It is specified as epoch time, which is the number of
+    #   seconds since `January 1, 1970, 00:00:00 UTC`.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] description
+    #   A human-readable description of the anomaly. This description is
+    #   generated by CloudWatch Logs.
+    #   @return [String]
+    #
+    # @!attribute [rw] active
+    #   Specifies whether this anomaly is still ongoing.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] state
+    #   Indicates the current state of this anomaly. If it is still being
+    #   treated as an anomaly, the value is `Active`. If you have suppressed
+    #   this anomaly by using the [UpdateAnomaly][1] operation, the value is
+    #   `Suppressed`. If this behavior is now considered to be normal, the
+    #   value is `Baseline`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateAnomaly.html
+    #   @return [String]
+    #
+    # @!attribute [rw] histogram
+    #   A map showing times when the anomaly detector ran, and the number of
+    #   occurrences of this anomaly that were detected at each of those
+    #   runs. The times are specified in epoch time, which is the number of
+    #   seconds since `January 1, 1970, 00:00:00 UTC`.
+    #   @return [Hash<String,Integer>]
+    #
+    # @!attribute [rw] log_samples
+    #   An array of sample log event messages that are considered to be part
+    #   of this anomaly.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] pattern_tokens
+    #   An array of structures where each structure contains information
+    #   about one token that makes up the pattern.
+    #   @return [Array<Types::PatternToken>]
+    #
+    # @!attribute [rw] log_group_arn_list
+    #   An array of ARNS of the log groups that contained log events
+    #   considered to be part of this anomaly.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] suppressed
+    #   Indicates whether this anomaly is currently suppressed. To suppress
+    #   an anomaly, use [UpdateAnomaly][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateAnomaly.html
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] suppressed_date
+    #   If the anomaly is suppressed, this indicates when it was suppressed.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] suppressed_until
+    #   If the anomaly is suppressed, this indicates when the suppression
+    #   will end. If this value is `0`, the anomaly was suppressed with no
+    #   expiration, with the `INFINITE` value.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] is_pattern_level_suppression
+    #   If this anomaly is suppressed, this field is `true` if the
+    #   suppression is because the pattern is suppressed. If `false`, then
+    #   only this particular anomaly is suppressed.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/Anomaly AWS API Documentation
+    #
+    class Anomaly < Struct.new(
+      :anomaly_id,
+      :pattern_id,
+      :anomaly_detector_arn,
+      :pattern_string,
+      :pattern_regex,
+      :priority,
+      :first_seen,
+      :last_seen,
+      :description,
+      :active,
+      :state,
+      :histogram,
+      :log_samples,
+      :pattern_tokens,
+      :log_group_arn_list,
+      :suppressed,
+      :suppressed_date,
+      :suppressed_until,
+      :is_pattern_level_suppression)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about one anomaly detector in the account.
+    #
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector.
+    #   @return [String]
+    #
+    # @!attribute [rw] detector_name
+    #   The name of the anomaly detector.
+    #   @return [String]
+    #
+    # @!attribute [rw] log_group_arn_list
+    #   A list of the ARNs of the log groups that this anomaly detector
+    #   watches.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] evaluation_frequency
+    #   Specifies how often the anomaly detector runs and look for
+    #   anomalies.
+    #   @return [String]
+    #
+    # @!attribute [rw] filter_pattern
+    #   A symbolic description of how CloudWatch Logs should interpret the
+    #   data in each log event. For example, a log event can contain
+    #   timestamps, IP addresses, strings, and so on. You use the filter
+    #   pattern to specify what to look for in the log event message.
+    #   @return [String]
+    #
+    # @!attribute [rw] anomaly_detector_status
+    #   Specifies the current status of the anomaly detector. To pause an
+    #   anomaly detector, use the `enabled` parameter in the
+    #   [UpdateLogAnomalyDetector][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLogAnomalyDetector.html
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The ID of the KMS key assigned to this anomaly detector, if any.
+    #   @return [String]
+    #
+    # @!attribute [rw] creation_time_stamp
+    #   The date and time when this anomaly detector was created.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] last_modified_time_stamp
+    #   The date and time when this anomaly detector was most recently
+    #   modified.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] anomaly_visibility_time
+    #   The number of days used as the life cycle of anomalies. After this
+    #   time, anomalies are automatically baselined and the anomaly detector
+    #   model will treat new occurrences of similar event as normal.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AnomalyDetector AWS API Documentation
+    #
+    class AnomalyDetector < Struct.new(
+      :anomaly_detector_arn,
+      :detector_name,
+      :log_group_arn_list,
+      :evaluation_frequency,
+      :filter_pattern,
+      :anomaly_detector_status,
+      :kms_key_id,
+      :creation_time_stamp,
+      :last_modified_time_stamp,
+      :anomaly_visibility_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_name
     #   The name of the log group.
     #
@@ -240,8 +457,98 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] log_group_arn_list
+    #   An array containing the ARNs of the log groups that this anomaly
+    #   detector will watch. You must specify at least one ARN.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] detector_name
+    #   A name for this anomaly detector.
+    #   @return [String]
+    #
+    # @!attribute [rw] evaluation_frequency
+    #   Specifies how often the anomaly detector is to run and look for
+    #   anomalies. Set this value according to the frequency that the log
+    #   group receives new logs. For example, if the log group receives new
+    #   log events every 10 minutes, then 15 minutes might be a good setting
+    #   for `evaluationFrequency` .
+    #   @return [String]
+    #
+    # @!attribute [rw] filter_pattern
+    #   You can use this parameter to limit the anomaly detection model to
+    #   examine only log events that match the pattern you specify here. For
+    #   more information, see [Filter and Pattern Syntax][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   Optionally assigns a KMS key to secure this anomaly detector and its
+    #   findings. If a key is assigned, the anomalies found and the model
+    #   used by this detector are encrypted at rest with the key. If a key
+    #   is assigned to an anomaly detector, a user must have permissions for
+    #   both this key and for the anomaly detector to retrieve information
+    #   about the anomalies that it finds.
+    #
+    #   For more information about using a KMS key and to see the required
+    #   IAM policy, see [Use a KMS key with an anomaly detector][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/LogsAnomalyDetection-KMS.html
+    #   @return [String]
+    #
+    # @!attribute [rw] anomaly_visibility_time
+    #   The number of days to have visibility on an anomaly. After this time
+    #   period has elapsed for an anomaly, it will be automatically
+    #   baselined and the anomaly detector will treat new occurrences of a
+    #   similar anomaly as normal. Therefore, if you do not correct the
+    #   cause of an anomaly during the time period specified in
+    #   `anomalyVisibilityTime`, it will be considered normal going forward
+    #   and will not be detected as an anomaly.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] tags
+    #   An optional list of key-value pairs to associate with the resource.
+    #
+    #   For more information about tagging, see [Tagging Amazon Web Services
+    #   resources][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogAnomalyDetectorRequest AWS API Documentation
+    #
+    class CreateLogAnomalyDetectorRequest < Struct.new(
+      :log_group_arn_list,
+      :detector_name,
+      :evaluation_frequency,
+      :filter_pattern,
+      :kms_key_id,
+      :anomaly_visibility_time,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the log anomaly detector that you just created.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogAnomalyDetectorResponse AWS API Documentation
+    #
+    class CreateLogAnomalyDetectorResponse < Struct.new(
+      :anomaly_detector_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_name
-    #   The name of the log group.
+    #   A name for the log group.
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
@@ -271,12 +578,32 @@ module Aws::CloudWatchLogs
     #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html
     #   @return [Hash<String,String>]
     #
+    # @!attribute [rw] log_group_class
+    #   Use this parameter to specify the log group class for this log
+    #   group. There are two classes:
+    #
+    #   * The `Standard` log class supports all CloudWatch Logs features.
+    #
+    #   * The `Infrequent Access` log class supports a subset of CloudWatch
+    #     Logs features and incurs lower costs.
+    #
+    #   If you omit this parameter, the default of `STANDARD` is used.
+    #
+    #   For details about the features supported by each class, see [Log
+    #   classes][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CreateLogGroupRequest AWS API Documentation
     #
     class CreateLogGroupRequest < Struct.new(
       :log_group_name,
       :kms_key_id,
-      :tags)
+      :tags,
+      :log_group_class)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -418,6 +745,24 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector to delete. You can find the ARNs of
+    #   log anomaly detectors in your account by using the
+    #   [ListLogAnomalyDetectors][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteLogAnomalyDetectorRequest AWS API Documentation
+    #
+    class DeleteLogAnomalyDetectorRequest < Struct.new(
+      :anomaly_detector_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_name
     #   The name of the log group.
     #   @return [String]
@@ -594,9 +939,9 @@ module Aws::CloudWatchLogs
 
     # This structure contains information about one *delivery destination*
     # in your account. A delivery destination is an Amazon Web Services
-    # resource that represents an shared id="AWS"/&gt; service that logs
-    # can be sent to. CloudWatch Logs, Amazon S3, are supported as Kinesis
-    # Data Firehose delivery destinations.
+    # resource that represents an Amazon Web Services service that logs can
+    # be sent to. CloudWatch Logs, Amazon S3, are supported as Kinesis Data
+    # Firehose delivery destinations.
     #
     # To configure logs delivery between a supported Amazon Web Services
     # service and a destination, you must do the following:
@@ -721,7 +1066,7 @@ module Aws::CloudWatchLogs
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/ AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-vended-logs-permissions
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html
     # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html
     # [3]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestination.html
     # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationolicy.html
@@ -1072,6 +1417,23 @@ module Aws::CloudWatchLogs
     #   the monitoring account.
     #   @return [Boolean]
     #
+    # @!attribute [rw] log_group_class
+    #   Specifies the log group class for this log group. There are two
+    #   classes:
+    #
+    #   * The `Standard` log class supports all CloudWatch Logs features.
+    #
+    #   * The `Infrequent Access` log class supports a subset of CloudWatch
+    #     Logs features and incurs lower costs.
+    #
+    #   For details about the features supported by each class, see [Log
+    #   classes][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroupsRequest AWS API Documentation
     #
     class DescribeLogGroupsRequest < Struct.new(
@@ -1080,7 +1442,8 @@ module Aws::CloudWatchLogs
       :log_group_name_pattern,
       :next_token,
       :limit,
-      :include_linked_accounts)
+      :include_linked_accounts,
+      :log_group_class)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1929,6 +2292,93 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector to retrieve information about. You
+    #   can find the ARNs of log anomaly detectors in your account by using
+    #   the [ListLogAnomalyDetectors][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogAnomalyDetectorRequest AWS API Documentation
+    #
+    class GetLogAnomalyDetectorRequest < Struct.new(
+      :anomaly_detector_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] detector_name
+    #   The name of the log anomaly detector
+    #   @return [String]
+    #
+    # @!attribute [rw] log_group_arn_list
+    #   An array of structures, where each structure contains the ARN of a
+    #   log group associated with this anomaly detector.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] evaluation_frequency
+    #   Specifies how often the anomaly detector runs and look for
+    #   anomalies. Set this value according to the frequency that the log
+    #   group receives new logs. For example, if the log group receives new
+    #   log events every 10 minutes, then setting `evaluationFrequency` to
+    #   `FIFTEEN_MIN` might be appropriate.
+    #   @return [String]
+    #
+    # @!attribute [rw] filter_pattern
+    #   A symbolic description of how CloudWatch Logs should interpret the
+    #   data in each log event. For example, a log event can contain
+    #   timestamps, IP addresses, strings, and so on. You use the filter
+    #   pattern to specify what to look for in the log event message.
+    #   @return [String]
+    #
+    # @!attribute [rw] anomaly_detector_status
+    #   Specifies whether the anomaly detector is currently active. To
+    #   change its status, use the `enabled` parameter in the
+    #   [UpdateLogAnomalyDetector][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateLogAnomalyDetector.html
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The ID of the KMS key assigned to this anomaly detector, if any.
+    #   @return [String]
+    #
+    # @!attribute [rw] creation_time_stamp
+    #   The date and time when this anomaly detector was created.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] last_modified_time_stamp
+    #   The date and time when this anomaly detector was most recently
+    #   modified.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] anomaly_visibility_time
+    #   The number of days used as the life cycle of anomalies. After this
+    #   time, anomalies are automatically baselined and the anomaly detector
+    #   model will treat new occurrences of similar event as normal.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogAnomalyDetectorResponse AWS API Documentation
+    #
+    class GetLogAnomalyDetectorResponse < Struct.new(
+      :detector_name,
+      :log_group_arn_list,
+      :evaluation_frequency,
+      :filter_pattern,
+      :anomaly_detector_status,
+      :kms_key_id,
+      :creation_time_stamp,
+      :last_modified_time_stamp,
+      :anomaly_visibility_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_name
     #   The name of the log group.
     #
@@ -2247,6 +2697,101 @@ module Aws::CloudWatchLogs
     #
     class LimitExceededException < Aws::EmptyStructure; end
 
+    # @!attribute [rw] anomaly_detector_arn
+    #   Use this to optionally limit the results to only the anomalies found
+    #   by a certain anomaly detector.
+    #   @return [String]
+    #
+    # @!attribute [rw] suppression_state
+    #   You can specify this parameter if you want to the operation to
+    #   return only anomalies that are currently either suppressed or
+    #   unsuppressed.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of items to return. If you don't specify a
+    #   value, the default maximum value of 50 items is used.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListAnomaliesRequest AWS API Documentation
+    #
+    class ListAnomaliesRequest < Struct.new(
+      :anomaly_detector_arn,
+      :suppression_state,
+      :limit,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] anomalies
+    #   An array of structures, where each structure contains information
+    #   about one anomaly that a log anomaly detector has found.
+    #   @return [Array<Types::Anomaly>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListAnomaliesResponse AWS API Documentation
+    #
+    class ListAnomaliesResponse < Struct.new(
+      :anomalies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] filter_log_group_arn
+    #   Use this to optionally filter the results to only include anomaly
+    #   detectors that are associated with the specified log group.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of items to return. If you don't specify a
+    #   value, the default maximum value of 50 items is used.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogAnomalyDetectorsRequest AWS API Documentation
+    #
+    class ListLogAnomalyDetectorsRequest < Struct.new(
+      :filter_log_group_arn,
+      :limit,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] anomaly_detectors
+    #   An array of structures, where each structure in the array contains
+    #   information about one anomaly detector.
+    #   @return [Array<Types::AnomalyDetector>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogAnomalyDetectorsResponse AWS API Documentation
+    #
+    class ListLogAnomalyDetectorsResponse < Struct.new(
+      :anomaly_detectors,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   The ARN of the resource that you want to view tags for.
     #
@@ -2365,6 +2910,23 @@ module Aws::CloudWatchLogs
     #   account-level settings.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] log_group_class
+    #   This specifies the log group class for this log group. There are two
+    #   classes:
+    #
+    #   * The `Standard` log class supports all CloudWatch Logs features.
+    #
+    #   * The `Infrequent Access` log class supports a subset of CloudWatch
+    #     Logs features and incurs lower costs.
+    #
+    #   For details about the features supported by each class, see [Log
+    #   classes][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/LogGroup AWS API Documentation
     #
     class LogGroup < Struct.new(
@@ -2376,7 +2938,8 @@ module Aws::CloudWatchLogs
       :stored_bytes,
       :kms_key_id,
       :data_protection_status,
-      :inherited_properties)
+      :inherited_properties,
+      :log_group_class)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2663,6 +3226,48 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # A tructures that contains information about one pattern token related
+    # to an anomaly.
+    #
+    # For more information about patterns and tokens, see
+    # [CreateLogAnomalyDetector][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html
+    #
+    # @!attribute [rw] dynamic_token_position
+    #   For a dynamic token, this indicates where in the pattern that this
+    #   token appears, related to other dynamic tokens. The dynamic token
+    #   that appears first has a value of `1`, the one that appears second
+    #   is `2`, and so on.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] is_dynamic
+    #   Specifies whether this is a dynamic token.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] token_string
+    #   The string represented by this token. If this is a dynamic token,
+    #   the value will be `<*>`
+    #   @return [String]
+    #
+    # @!attribute [rw] enumerations
+    #   Contains the values found for a dynamic token, and the number of
+    #   times each value was found.
+    #   @return [Hash<String,Integer>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PatternToken AWS API Documentation
+    #
+    class PatternToken < Struct.new(
+      :dynamic_token_position,
+      :is_dynamic,
+      :token_string,
+      :enumerations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A structure that contains information about one delivery destination
     # policy.
     #
@@ -3810,6 +4415,28 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # If you are suppressing an anomaly temporariliy, this structure defines
+    # how long the suppression period is to be.
+    #
+    # @!attribute [rw] value
+    #   Specifies the number of seconds, minutes or hours to suppress this
+    #   anomaly. There is no maximum.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] suppression_unit
+    #   Specifies whether the value of `value` is in seconds, minutes, or
+    #   hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SuppressionPeriod AWS API Documentation
+    #
+    class SuppressionPeriod < Struct.new(
+      :value,
+      :suppression_unit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_name
     #   The name of the log group.
     #   @return [String]
@@ -3968,6 +4595,98 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] anomaly_id
+    #   If you are suppressing or unsuppressing an anomaly, specify its
+    #   unique ID here. You can find anomaly IDs by using the
+    #   [ListAnomalies][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAnomalies.html
+    #   @return [String]
+    #
+    # @!attribute [rw] pattern_id
+    #   If you are suppressing or unsuppressing an pattern, specify its
+    #   unique ID here. You can find pattern IDs by using the
+    #   [ListAnomalies][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListAnomalies.html
+    #   @return [String]
+    #
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector that this operation is to act on.
+    #   @return [String]
+    #
+    # @!attribute [rw] suppression_type
+    #   Use this to specify whether the suppression to be temporary or
+    #   infinite. If you specify `LIMITED`, you must also specify a
+    #   `suppressionPeriod`. If you specify `INFINITE`, any value for
+    #   `suppressionPeriod` is ignored.
+    #   @return [String]
+    #
+    # @!attribute [rw] suppression_period
+    #   If you are temporarily suppressing an anomaly or pattern, use this
+    #   structure to specify how long the suppression is to last.
+    #   @return [Types::SuppressionPeriod]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpdateAnomalyRequest AWS API Documentation
+    #
+    class UpdateAnomalyRequest < Struct.new(
+      :anomaly_id,
+      :pattern_id,
+      :anomaly_detector_arn,
+      :suppression_type,
+      :suppression_period)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector that you want to update.
+    #   @return [String]
+    #
+    # @!attribute [rw] evaluation_frequency
+    #   Specifies how often the anomaly detector runs and look for
+    #   anomalies. Set this value according to the frequency that the log
+    #   group receives new logs. For example, if the log group receives new
+    #   log events every 10 minutes, then setting `evaluationFrequency` to
+    #   `FIFTEEN_MIN` might be appropriate.
+    #   @return [String]
+    #
+    # @!attribute [rw] filter_pattern
+    #   A symbolic description of how CloudWatch Logs should interpret the
+    #   data in each log event. For example, a log event can contain
+    #   timestamps, IP addresses, strings, and so on. You use the filter
+    #   pattern to specify what to look for in the log event message.
+    #   @return [String]
+    #
+    # @!attribute [rw] anomaly_visibility_time
+    #   The number of days to use as the life cycle of anomalies. After this
+    #   time, anomalies are automatically baselined and the anomaly detector
+    #   model will treat new occurrences of similar event as normal.
+    #   Therefore, if you do not correct the cause of an anomaly during this
+    #   time, it will be considered normal going forward and will not be
+    #   detected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] enabled
+    #   Use this parameter to pause or restart the anomaly detector.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpdateLogAnomalyDetectorRequest AWS API Documentation
+    #
+    class UpdateLogAnomalyDetectorRequest < Struct.new(
+      :anomaly_detector_arn,
+      :evaluation_frequency,
+      :filter_pattern,
+      :anomaly_visibility_time,
+      :enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # One of the parameters for the request is not valid.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ValidationException AWS API Documentation