aws-sdk-cloudwatchlogs 1.76.0 → 1.78.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-cloudwatchlogs/client.rb +150 -35
- data/lib/aws-sdk-cloudwatchlogs/client_api.rb +3 -0
- data/lib/aws-sdk-cloudwatchlogs/plugins/endpoints.rb +1 -0
- data/lib/aws-sdk-cloudwatchlogs/types.rb +80 -11
- data/lib/aws-sdk-cloudwatchlogs.rb +1 -1
- data/sig/client.rbs +901 -0
- data/sig/errors.rbs +61 -0
- data/sig/resource.rbs +83 -0
- data/sig/types.rbs +1182 -0
- data/sig/waiters.rbs +13 -0
- metadata +13 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c3650741ac61989533f0c4da21d9f25349a93c5eed823ad5cd309d118d2b9596
|
4
|
+
data.tar.gz: 37101c00e49dbf99e69e91b449d681b3d41fb7e67cf1c4b1b7d90a791a5834d3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f5343b73f4728d1e0f9a9346c0117f715fe8b9614a9142c0e054a78a1b58244b8cb00d5e0d3f4631d364b41930ab9eab9645d7b2682f3f47c242eeebd899f919
|
7
|
+
data.tar.gz: 24f9b2b77d40ec020a908eb5aa49c295e04328701ef6a7d13457897d851a437f868fbc300fa3dbd51430254f782f2d404cc8eb26295a8bdbb15329bbd4cf1d52
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.78.0 (2024-01-26)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.77.0 (2024-01-10)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Add support for account level subscription filter policies to PutAccountPolicy, DescribeAccountPolicies, and DeleteAccountPolicy APIs. Additionally, PutAccountPolicy has been modified with new optional "selectionCriteria" parameter for resource selection.
|
13
|
+
|
4
14
|
1.76.0 (2023-12-12)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.78.0
|
@@ -950,7 +950,8 @@ module Aws::CloudWatchLogs
|
|
950
950
|
#
|
951
951
|
# If you omit this parameter, the default of `STANDARD` is used.
|
952
952
|
#
|
953
|
-
#
|
953
|
+
# The value of `logGroupClass` can't be changed after a log group is
|
954
|
+
# created.
|
954
955
|
#
|
955
956
|
# For details about the features supported by each class, see [Log
|
956
957
|
# classes][1]
|
@@ -1021,18 +1022,26 @@ module Aws::CloudWatchLogs
|
|
1021
1022
|
req.send_request(options)
|
1022
1023
|
end
|
1023
1024
|
|
1024
|
-
# Deletes a CloudWatch Logs account policy.
|
1025
|
+
# Deletes a CloudWatch Logs account policy. This stops the policy from
|
1026
|
+
# applying to all log groups or a subset of log groups in the account.
|
1027
|
+
# Log-group level policies will still be in effect.
|
1025
1028
|
#
|
1026
|
-
# To use this operation, you must be signed on with the
|
1027
|
-
#
|
1028
|
-
#
|
1029
|
+
# To use this operation, you must be signed on with the correct
|
1030
|
+
# permissions depending on the type of policy that you are deleting.
|
1031
|
+
#
|
1032
|
+
# * To delete a data protection policy, you must have the
|
1033
|
+
# `logs:DeleteDataProtectionPolicy` and `logs:DeleteAccountPolicy`
|
1034
|
+
# permissions.
|
1035
|
+
#
|
1036
|
+
# * To delete a subscription filter policy, you must have the
|
1037
|
+
# `logs:DeleteSubscriptionFilter` and `logs:DeleteAccountPolicy`
|
1038
|
+
# permissions.
|
1029
1039
|
#
|
1030
1040
|
# @option params [required, String] :policy_name
|
1031
1041
|
# The name of the policy to delete.
|
1032
1042
|
#
|
1033
1043
|
# @option params [required, String] :policy_type
|
1034
|
-
# The type of policy to delete.
|
1035
|
-
# `DATA_PROTECTION_POLICY`.
|
1044
|
+
# The type of policy to delete.
|
1036
1045
|
#
|
1037
1046
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1038
1047
|
#
|
@@ -1040,7 +1049,7 @@ module Aws::CloudWatchLogs
|
|
1040
1049
|
#
|
1041
1050
|
# resp = client.delete_account_policy({
|
1042
1051
|
# policy_name: "PolicyName", # required
|
1043
|
-
# policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY
|
1052
|
+
# policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY
|
1044
1053
|
# })
|
1045
1054
|
#
|
1046
1055
|
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy AWS API Documentation
|
@@ -1459,8 +1468,7 @@ module Aws::CloudWatchLogs
|
|
1459
1468
|
#
|
1460
1469
|
# @option params [required, String] :policy_type
|
1461
1470
|
# Use this parameter to limit the returned policies to only the policies
|
1462
|
-
# that match the policy type that you specify.
|
1463
|
-
# value is `DATA_PROTECTION_POLICY`.
|
1471
|
+
# that match the policy type that you specify.
|
1464
1472
|
#
|
1465
1473
|
# @option params [String] :policy_name
|
1466
1474
|
# Use this parameter to limit the returned policies to only the policy
|
@@ -1483,7 +1491,7 @@ module Aws::CloudWatchLogs
|
|
1483
1491
|
# @example Request syntax with placeholder values
|
1484
1492
|
#
|
1485
1493
|
# resp = client.describe_account_policies({
|
1486
|
-
# policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY
|
1494
|
+
# policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY
|
1487
1495
|
# policy_name: "PolicyName",
|
1488
1496
|
# account_identifiers: ["AccountId"],
|
1489
1497
|
# })
|
@@ -1494,8 +1502,9 @@ module Aws::CloudWatchLogs
|
|
1494
1502
|
# resp.account_policies[0].policy_name #=> String
|
1495
1503
|
# resp.account_policies[0].policy_document #=> String
|
1496
1504
|
# resp.account_policies[0].last_updated_time #=> Integer
|
1497
|
-
# resp.account_policies[0].policy_type #=> String, one of "DATA_PROTECTION_POLICY"
|
1505
|
+
# resp.account_policies[0].policy_type #=> String, one of "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY"
|
1498
1506
|
# resp.account_policies[0].scope #=> String, one of "ALL"
|
1507
|
+
# resp.account_policies[0].selection_criteria #=> String
|
1499
1508
|
# resp.account_policies[0].account_id #=> String
|
1500
1509
|
#
|
1501
1510
|
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies AWS API Documentation
|
@@ -3260,11 +3269,16 @@ module Aws::CloudWatchLogs
|
|
3260
3269
|
req.send_request(options)
|
3261
3270
|
end
|
3262
3271
|
|
3263
|
-
# Creates an account-level data protection policy
|
3264
|
-
# log groups
|
3265
|
-
#
|
3266
|
-
#
|
3267
|
-
#
|
3272
|
+
# Creates an account-level data protection policy or subscription filter
|
3273
|
+
# policy that applies to all log groups or a subset of log groups in the
|
3274
|
+
# account.
|
3275
|
+
#
|
3276
|
+
# **Data protection policy**
|
3277
|
+
#
|
3278
|
+
# A data protection policy can help safeguard sensitive data that's
|
3279
|
+
# ingested by your log groups by auditing and masking the sensitive log
|
3280
|
+
# data. Each account can have only one account-level data protection
|
3281
|
+
# policy.
|
3268
3282
|
#
|
3269
3283
|
# Sensitive data is detected and masked when it is ingested into a log
|
3270
3284
|
# group. When you set a data protection policy, log events ingested into
|
@@ -3272,10 +3286,10 @@ module Aws::CloudWatchLogs
|
|
3272
3286
|
#
|
3273
3287
|
# If you use `PutAccountPolicy` to create a data protection policy for
|
3274
3288
|
# your whole account, it applies to both existing log groups and all log
|
3275
|
-
# groups that are created later in this account. The account
|
3276
|
-
# applied to existing log groups with eventual consistency. It
|
3277
|
-
# take up to 5 minutes before sensitive data in existing log
|
3278
|
-
# begins to be masked.
|
3289
|
+
# groups that are created later in this account. The account-level
|
3290
|
+
# policy is applied to existing log groups with eventual consistency. It
|
3291
|
+
# might take up to 5 minutes before sensitive data in existing log
|
3292
|
+
# groups begins to be masked.
|
3279
3293
|
#
|
3280
3294
|
# By default, when a user views a log event that includes masked data,
|
3281
3295
|
# the sensitive data is replaced by asterisks. A user who has the
|
@@ -3288,31 +3302,66 @@ module Aws::CloudWatchLogs
|
|
3288
3302
|
# For more information, including a list of types of data that can be
|
3289
3303
|
# audited and masked, see [Protect sensitive log data with masking][3].
|
3290
3304
|
#
|
3291
|
-
# To use the `PutAccountPolicy` operation
|
3292
|
-
# the `logs:PutDataProtectionPolicy` and
|
3293
|
-
# permissions.
|
3305
|
+
# To use the `PutAccountPolicy` operation for a data protection policy,
|
3306
|
+
# you must be signed on with the `logs:PutDataProtectionPolicy` and
|
3307
|
+
# `logs:PutAccountPolicy` permissions.
|
3294
3308
|
#
|
3295
3309
|
# The `PutAccountPolicy` operation applies to all log groups in the
|
3296
|
-
# account. You can
|
3297
|
-
#
|
3298
|
-
#
|
3310
|
+
# account. You can use [PutDataProtectionPolicy][4] to create a data
|
3311
|
+
# protection policy that applies to just one log group. If a log group
|
3312
|
+
# has its own data protection policy and the account also has an
|
3299
3313
|
# account-level data protection policy, then the two policies are
|
3300
3314
|
# cumulative. Any sensitive term specified in either policy is masked.
|
3301
3315
|
#
|
3316
|
+
# **Subscription filter policy**
|
3317
|
+
#
|
3318
|
+
# A subscription filter policy sets up a real-time feed of log events
|
3319
|
+
# from CloudWatch Logs to other Amazon Web Services services.
|
3320
|
+
# Account-level subscription filter policies apply to both existing log
|
3321
|
+
# groups and log groups that are created later in this account.
|
3322
|
+
# Supported destinations are Kinesis Data Streams, Kinesis Data
|
3323
|
+
# Firehose, and Lambda. When log events are sent to the receiving
|
3324
|
+
# service, they are Base64 encoded and compressed with the GZIP format.
|
3325
|
+
#
|
3326
|
+
# The following destinations are supported for subscription filters:
|
3327
|
+
#
|
3328
|
+
# * An Kinesis Data Streams data stream in the same account as the
|
3329
|
+
# subscription policy, for same-account delivery.
|
3330
|
+
#
|
3331
|
+
# * An Kinesis Data Firehose data stream in the same account as the
|
3332
|
+
# subscription policy, for same-account delivery.
|
3333
|
+
#
|
3334
|
+
# * A Lambda function in the same account as the subscription policy,
|
3335
|
+
# for same-account delivery.
|
3336
|
+
#
|
3337
|
+
# * A logical destination in a different account created with
|
3338
|
+
# [PutDestination][5], for cross-account delivery. Kinesis Data
|
3339
|
+
# Streams and Kinesis Data Firehose are supported as logical
|
3340
|
+
# destinations.
|
3341
|
+
#
|
3342
|
+
# Each account can have one account-level subscription filter policy. If
|
3343
|
+
# you are updating an existing filter, you must specify the correct name
|
3344
|
+
# in `PolicyName`. To perform a `PutAccountPolicy` subscription filter
|
3345
|
+
# operation for any destination except a Lambda function, you must also
|
3346
|
+
# have the `iam:PassRole` permission.
|
3347
|
+
#
|
3302
3348
|
#
|
3303
3349
|
#
|
3304
3350
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
|
3305
3351
|
# [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html
|
3306
3352
|
# [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
|
3307
3353
|
# [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
|
3354
|
+
# [5]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
|
3308
3355
|
#
|
3309
3356
|
# @option params [required, String] :policy_name
|
3310
3357
|
# A name for the policy. This must be unique within the account.
|
3311
3358
|
#
|
3312
3359
|
# @option params [required, String] :policy_document
|
3313
|
-
# Specify the
|
3360
|
+
# Specify the policy, in JSON.
|
3314
3361
|
#
|
3315
|
-
#
|
3362
|
+
# **Data protection policy**
|
3363
|
+
#
|
3364
|
+
# A data protection policy must include two JSON blocks:
|
3316
3365
|
#
|
3317
3366
|
# * The first block must include both a `DataIdentifer` array and an
|
3318
3367
|
# `Operation` property with an `Audit` action. The `DataIdentifer`
|
@@ -3348,21 +3397,75 @@ module Aws::CloudWatchLogs
|
|
3348
3397
|
# a dimension when CloudWatch Logs reports audit findings metrics to
|
3349
3398
|
# CloudWatch.
|
3350
3399
|
#
|
3351
|
-
# The JSON specified in `policyDocument` can be up to 30,720 characters
|
3400
|
+
# The JSON specified in `policyDocument` can be up to 30,720 characters
|
3401
|
+
# long.
|
3402
|
+
#
|
3403
|
+
# **Subscription filter policy**
|
3404
|
+
#
|
3405
|
+
# A subscription filter policy can include the following attributes in a
|
3406
|
+
# JSON block:
|
3407
|
+
#
|
3408
|
+
# * **DestinationArn** The ARN of the destination to deliver log events
|
3409
|
+
# to. Supported destinations are:
|
3410
|
+
#
|
3411
|
+
# * An Kinesis Data Streams data stream in the same account as the
|
3412
|
+
# subscription policy, for same-account delivery.
|
3413
|
+
#
|
3414
|
+
# * An Kinesis Data Firehose data stream in the same account as the
|
3415
|
+
# subscription policy, for same-account delivery.
|
3416
|
+
#
|
3417
|
+
# * A Lambda function in the same account as the subscription policy,
|
3418
|
+
# for same-account delivery.
|
3419
|
+
#
|
3420
|
+
# * A logical destination in a different account created with
|
3421
|
+
# [PutDestination][2], for cross-account delivery. Kinesis Data
|
3422
|
+
# Streams and Kinesis Data Firehose are supported as logical
|
3423
|
+
# destinations.
|
3424
|
+
#
|
3425
|
+
# * **RoleArn** The ARN of an IAM role that grants CloudWatch Logs
|
3426
|
+
# permissions to deliver ingested log events to the destination
|
3427
|
+
# stream. You don't need to provide the ARN when you are working with
|
3428
|
+
# a logical destination for cross-account delivery.
|
3429
|
+
#
|
3430
|
+
# * **FilterPattern** A filter pattern for subscribing to a filtered
|
3431
|
+
# stream of log events.
|
3432
|
+
#
|
3433
|
+
# * **Distribution**The method used to distribute log data to the
|
3434
|
+
# destination. By default, log data is grouped by log stream, but the
|
3435
|
+
# grouping can be set to `Random` for a more even distribution. This
|
3436
|
+
# property is only applicable when the destination is an Kinesis Data
|
3437
|
+
# Streams data stream.
|
3352
3438
|
#
|
3353
3439
|
#
|
3354
3440
|
#
|
3355
3441
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
|
3442
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
|
3356
3443
|
#
|
3357
3444
|
# @option params [required, String] :policy_type
|
3358
|
-
#
|
3359
|
-
# `DATA_PROTECTION_POLICY`.
|
3445
|
+
# The type of policy that you're creating or updating.
|
3360
3446
|
#
|
3361
3447
|
# @option params [String] :scope
|
3362
3448
|
# Currently the only valid value for this parameter is `ALL`, which
|
3363
3449
|
# specifies that the data protection policy applies to all log groups in
|
3364
3450
|
# the account. If you omit this parameter, the default of `ALL` is used.
|
3365
3451
|
#
|
3452
|
+
# @option params [String] :selection_criteria
|
3453
|
+
# Use this parameter to apply the subscription filter policy to a subset
|
3454
|
+
# of log groups in the account. Currently, the only supported filter is
|
3455
|
+
# `LogGroupName NOT IN []`. The `selectionCriteria` string can be up to
|
3456
|
+
# 25KB in length. The length is determined by using its UTF-8 bytes.
|
3457
|
+
#
|
3458
|
+
# Using the `selectionCriteria` parameter is useful to help prevent
|
3459
|
+
# infinite loops. For more information, see [Log recursion
|
3460
|
+
# prevention][1].
|
3461
|
+
#
|
3462
|
+
# Specifing `selectionCriteria` is valid only when you specify `
|
3463
|
+
# SUBSCRIPTION_FILTER_POLICY` for `policyType`.
|
3464
|
+
#
|
3465
|
+
#
|
3466
|
+
#
|
3467
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions-recursion-prevention.html
|
3468
|
+
#
|
3366
3469
|
# @return [Types::PutAccountPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3367
3470
|
#
|
3368
3471
|
# * {Types::PutAccountPolicyResponse#account_policy #account_policy} => Types::AccountPolicy
|
@@ -3372,8 +3475,9 @@ module Aws::CloudWatchLogs
|
|
3372
3475
|
# resp = client.put_account_policy({
|
3373
3476
|
# policy_name: "PolicyName", # required
|
3374
3477
|
# policy_document: "AccountPolicyDocument", # required
|
3375
|
-
# policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY
|
3478
|
+
# policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY
|
3376
3479
|
# scope: "ALL", # accepts ALL
|
3480
|
+
# selection_criteria: "SelectionCriteria",
|
3377
3481
|
# })
|
3378
3482
|
#
|
3379
3483
|
# @example Response structure
|
@@ -3381,8 +3485,9 @@ module Aws::CloudWatchLogs
|
|
3381
3485
|
# resp.account_policy.policy_name #=> String
|
3382
3486
|
# resp.account_policy.policy_document #=> String
|
3383
3487
|
# resp.account_policy.last_updated_time #=> Integer
|
3384
|
-
# resp.account_policy.policy_type #=> String, one of "DATA_PROTECTION_POLICY"
|
3488
|
+
# resp.account_policy.policy_type #=> String, one of "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY"
|
3385
3489
|
# resp.account_policy.scope #=> String, one of "ALL"
|
3490
|
+
# resp.account_policy.selection_criteria #=> String
|
3386
3491
|
# resp.account_policy.account_id #=> String
|
3387
3492
|
#
|
3388
3493
|
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy AWS API Documentation
|
@@ -4454,6 +4559,9 @@ module Aws::CloudWatchLogs
|
|
4454
4559
|
# session also ends if the established connection between the client and
|
4455
4560
|
# the server breaks.
|
4456
4561
|
#
|
4562
|
+
# For examples of using an SDK to start a Live Tail session, see [ Start
|
4563
|
+
# a Live Tail session using an Amazon Web Services SDK][6].
|
4564
|
+
#
|
4457
4565
|
#
|
4458
4566
|
#
|
4459
4567
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html
|
@@ -4461,6 +4569,7 @@ module Aws::CloudWatchLogs
|
|
4461
4569
|
# [3]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html
|
4462
4570
|
# [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_SessionStreamingException.html
|
4463
4571
|
# [5]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_SessionTimeoutException.html
|
4572
|
+
# [6]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html
|
4464
4573
|
#
|
4465
4574
|
# @option params [required, Array<String>] :log_group_identifiers
|
4466
4575
|
# An array where each item in the array is a log group to include in the
|
@@ -4478,6 +4587,9 @@ module Aws::CloudWatchLogs
|
|
4478
4587
|
# If you specify this parameter, then only log events in the log streams
|
4479
4588
|
# that you specify here are included in the Live Tail session.
|
4480
4589
|
#
|
4590
|
+
# If you specify this field, you can't also specify the
|
4591
|
+
# `logStreamNamePrefixes` field.
|
4592
|
+
#
|
4481
4593
|
# <note markdown="1"> You can specify this parameter only if you specify only one log group
|
4482
4594
|
# in `logGroupIdentifiers`.
|
4483
4595
|
#
|
@@ -4488,6 +4600,9 @@ module Aws::CloudWatchLogs
|
|
4488
4600
|
# that have names that start with the prefixes that you specify here are
|
4489
4601
|
# included in the Live Tail session.
|
4490
4602
|
#
|
4603
|
+
# If you specify this field, you can't also specify the
|
4604
|
+
# `logStreamNames` field.
|
4605
|
+
#
|
4491
4606
|
# <note markdown="1"> You can specify this parameter only if you specify only one log group
|
4492
4607
|
# in `logGroupIdentifiers`.
|
4493
4608
|
#
|
@@ -5205,7 +5320,7 @@ module Aws::CloudWatchLogs
|
|
5205
5320
|
params: params,
|
5206
5321
|
config: config)
|
5207
5322
|
context[:gem_name] = 'aws-sdk-cloudwatchlogs'
|
5208
|
-
context[:gem_version] = '1.
|
5323
|
+
context[:gem_version] = '1.78.0'
|
5209
5324
|
Seahorse::Client::Request.new(handlers, context)
|
5210
5325
|
end
|
5211
5326
|
|
@@ -297,6 +297,7 @@ module Aws::CloudWatchLogs
|
|
297
297
|
Scope = Shapes::StringShape.new(name: 'Scope')
|
298
298
|
SearchedLogStream = Shapes::StructureShape.new(name: 'SearchedLogStream')
|
299
299
|
SearchedLogStreams = Shapes::ListShape.new(name: 'SearchedLogStreams')
|
300
|
+
SelectionCriteria = Shapes::StringShape.new(name: 'SelectionCriteria')
|
300
301
|
SequenceToken = Shapes::StringShape.new(name: 'SequenceToken')
|
301
302
|
Service = Shapes::StringShape.new(name: 'Service')
|
302
303
|
ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
|
@@ -362,6 +363,7 @@ module Aws::CloudWatchLogs
|
|
362
363
|
AccountPolicy.add_member(:last_updated_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "lastUpdatedTime"))
|
363
364
|
AccountPolicy.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, location_name: "policyType"))
|
364
365
|
AccountPolicy.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, location_name: "scope"))
|
366
|
+
AccountPolicy.add_member(:selection_criteria, Shapes::ShapeRef.new(shape: SelectionCriteria, location_name: "selectionCriteria"))
|
365
367
|
AccountPolicy.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "accountId"))
|
366
368
|
AccountPolicy.struct_class = Types::AccountPolicy
|
367
369
|
|
@@ -998,6 +1000,7 @@ module Aws::CloudWatchLogs
|
|
998
1000
|
PutAccountPolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: AccountPolicyDocument, required: true, location_name: "policyDocument"))
|
999
1001
|
PutAccountPolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
|
1000
1002
|
PutAccountPolicyRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, location_name: "scope"))
|
1003
|
+
PutAccountPolicyRequest.add_member(:selection_criteria, Shapes::ShapeRef.new(shape: SelectionCriteria, location_name: "selectionCriteria"))
|
1001
1004
|
PutAccountPolicyRequest.struct_class = Types::PutAccountPolicyRequest
|
1002
1005
|
|
1003
1006
|
PutAccountPolicyResponse.add_member(:account_policy, Shapes::ShapeRef.new(shape: AccountPolicy, location_name: "accountPolicy"))
|
@@ -14,6 +14,7 @@ module Aws::CloudWatchLogs
|
|
14
14
|
option(
|
15
15
|
:endpoint_provider,
|
16
16
|
doc_type: 'Aws::CloudWatchLogs::EndpointProvider',
|
17
|
+
rbs_type: 'untyped',
|
17
18
|
docstring: 'The endpoint provider used to resolve endpoints. Any '\
|
18
19
|
'object that responds to `#resolve_endpoint(parameters)` '\
|
19
20
|
'where `parameters` is a Struct similar to '\
|
@@ -42,6 +42,11 @@ module Aws::CloudWatchLogs
|
|
42
42
|
# The scope of the account policy.
|
43
43
|
# @return [String]
|
44
44
|
#
|
45
|
+
# @!attribute [rw] selection_criteria
|
46
|
+
# The log group selection criteria for this subscription filter
|
47
|
+
# policy.
|
48
|
+
# @return [String]
|
49
|
+
#
|
45
50
|
# @!attribute [rw] account_id
|
46
51
|
# The Amazon Web Services account ID that the policy applies to.
|
47
52
|
# @return [String]
|
@@ -54,6 +59,7 @@ module Aws::CloudWatchLogs
|
|
54
59
|
:last_updated_time,
|
55
60
|
:policy_type,
|
56
61
|
:scope,
|
62
|
+
:selection_criteria,
|
57
63
|
:account_id)
|
58
64
|
SENSITIVE = []
|
59
65
|
include Aws::Structure
|
@@ -589,7 +595,8 @@ module Aws::CloudWatchLogs
|
|
589
595
|
#
|
590
596
|
# If you omit this parameter, the default of `STANDARD` is used.
|
591
597
|
#
|
592
|
-
#
|
598
|
+
# The value of `logGroupClass` can't be changed after a log group is
|
599
|
+
# created.
|
593
600
|
#
|
594
601
|
# For details about the features supported by each class, see [Log
|
595
602
|
# classes][1]
|
@@ -649,8 +656,7 @@ module Aws::CloudWatchLogs
|
|
649
656
|
# @return [String]
|
650
657
|
#
|
651
658
|
# @!attribute [rw] policy_type
|
652
|
-
# The type of policy to delete.
|
653
|
-
# `DATA_PROTECTION_POLICY`.
|
659
|
+
# The type of policy to delete.
|
654
660
|
# @return [String]
|
655
661
|
#
|
656
662
|
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicyRequest AWS API Documentation
|
@@ -1117,8 +1123,7 @@ module Aws::CloudWatchLogs
|
|
1117
1123
|
|
1118
1124
|
# @!attribute [rw] policy_type
|
1119
1125
|
# Use this parameter to limit the returned policies to only the
|
1120
|
-
# policies that match the policy type that you specify.
|
1121
|
-
# only valid value is `DATA_PROTECTION_POLICY`.
|
1126
|
+
# policies that match the policy type that you specify.
|
1122
1127
|
# @return [String]
|
1123
1128
|
#
|
1124
1129
|
# @!attribute [rw] policy_name
|
@@ -3436,9 +3441,11 @@ module Aws::CloudWatchLogs
|
|
3436
3441
|
# @return [String]
|
3437
3442
|
#
|
3438
3443
|
# @!attribute [rw] policy_document
|
3439
|
-
# Specify the
|
3444
|
+
# Specify the policy, in JSON.
|
3440
3445
|
#
|
3441
|
-
#
|
3446
|
+
# **Data protection policy**
|
3447
|
+
#
|
3448
|
+
# A data protection policy must include two JSON blocks:
|
3442
3449
|
#
|
3443
3450
|
# * The first block must include both a `DataIdentifer` array and an
|
3444
3451
|
# `Operation` property with an `Audit` action. The `DataIdentifer`
|
@@ -3475,16 +3482,52 @@ module Aws::CloudWatchLogs
|
|
3475
3482
|
# to CloudWatch.
|
3476
3483
|
#
|
3477
3484
|
# The JSON specified in `policyDocument` can be up to 30,720
|
3478
|
-
# characters.
|
3485
|
+
# characters long.
|
3486
|
+
#
|
3487
|
+
# **Subscription filter policy**
|
3488
|
+
#
|
3489
|
+
# A subscription filter policy can include the following attributes in
|
3490
|
+
# a JSON block:
|
3491
|
+
#
|
3492
|
+
# * **DestinationArn** The ARN of the destination to deliver log
|
3493
|
+
# events to. Supported destinations are:
|
3494
|
+
#
|
3495
|
+
# * An Kinesis Data Streams data stream in the same account as the
|
3496
|
+
# subscription policy, for same-account delivery.
|
3497
|
+
#
|
3498
|
+
# * An Kinesis Data Firehose data stream in the same account as the
|
3499
|
+
# subscription policy, for same-account delivery.
|
3500
|
+
#
|
3501
|
+
# * A Lambda function in the same account as the subscription
|
3502
|
+
# policy, for same-account delivery.
|
3503
|
+
#
|
3504
|
+
# * A logical destination in a different account created with
|
3505
|
+
# [PutDestination][2], for cross-account delivery. Kinesis Data
|
3506
|
+
# Streams and Kinesis Data Firehose are supported as logical
|
3507
|
+
# destinations.
|
3508
|
+
#
|
3509
|
+
# * **RoleArn** The ARN of an IAM role that grants CloudWatch Logs
|
3510
|
+
# permissions to deliver ingested log events to the destination
|
3511
|
+
# stream. You don't need to provide the ARN when you are working
|
3512
|
+
# with a logical destination for cross-account delivery.
|
3513
|
+
#
|
3514
|
+
# * **FilterPattern** A filter pattern for subscribing to a filtered
|
3515
|
+
# stream of log events.
|
3516
|
+
#
|
3517
|
+
# * **Distribution**The method used to distribute log data to the
|
3518
|
+
# destination. By default, log data is grouped by log stream, but
|
3519
|
+
# the grouping can be set to `Random` for a more even distribution.
|
3520
|
+
# This property is only applicable when the destination is an
|
3521
|
+
# Kinesis Data Streams data stream.
|
3479
3522
|
#
|
3480
3523
|
#
|
3481
3524
|
#
|
3482
3525
|
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
|
3526
|
+
# [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
|
3483
3527
|
# @return [String]
|
3484
3528
|
#
|
3485
3529
|
# @!attribute [rw] policy_type
|
3486
|
-
#
|
3487
|
-
# `DATA_PROTECTION_POLICY`.
|
3530
|
+
# The type of policy that you're creating or updating.
|
3488
3531
|
# @return [String]
|
3489
3532
|
#
|
3490
3533
|
# @!attribute [rw] scope
|
@@ -3494,13 +3537,33 @@ module Aws::CloudWatchLogs
|
|
3494
3537
|
# used.
|
3495
3538
|
# @return [String]
|
3496
3539
|
#
|
3540
|
+
# @!attribute [rw] selection_criteria
|
3541
|
+
# Use this parameter to apply the subscription filter policy to a
|
3542
|
+
# subset of log groups in the account. Currently, the only supported
|
3543
|
+
# filter is `LogGroupName NOT IN []`. The `selectionCriteria` string
|
3544
|
+
# can be up to 25KB in length. The length is determined by using its
|
3545
|
+
# UTF-8 bytes.
|
3546
|
+
#
|
3547
|
+
# Using the `selectionCriteria` parameter is useful to help prevent
|
3548
|
+
# infinite loops. For more information, see [Log recursion
|
3549
|
+
# prevention][1].
|
3550
|
+
#
|
3551
|
+
# Specifing `selectionCriteria` is valid only when you specify `
|
3552
|
+
# SUBSCRIPTION_FILTER_POLICY` for `policyType`.
|
3553
|
+
#
|
3554
|
+
#
|
3555
|
+
#
|
3556
|
+
# [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions-recursion-prevention.html
|
3557
|
+
# @return [String]
|
3558
|
+
#
|
3497
3559
|
# @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicyRequest AWS API Documentation
|
3498
3560
|
#
|
3499
3561
|
class PutAccountPolicyRequest < Struct.new(
|
3500
3562
|
:policy_name,
|
3501
3563
|
:policy_document,
|
3502
3564
|
:policy_type,
|
3503
|
-
:scope
|
3565
|
+
:scope,
|
3566
|
+
:selection_criteria)
|
3504
3567
|
SENSITIVE = []
|
3505
3568
|
include Aws::Structure
|
3506
3569
|
end
|
@@ -4446,6 +4509,9 @@ module Aws::CloudWatchLogs
|
|
4446
4509
|
# If you specify this parameter, then only log events in the log
|
4447
4510
|
# streams that you specify here are included in the Live Tail session.
|
4448
4511
|
#
|
4512
|
+
# If you specify this field, you can't also specify the
|
4513
|
+
# `logStreamNamePrefixes` field.
|
4514
|
+
#
|
4449
4515
|
# <note markdown="1"> You can specify this parameter only if you specify only one log
|
4450
4516
|
# group in `logGroupIdentifiers`.
|
4451
4517
|
#
|
@@ -4457,6 +4523,9 @@ module Aws::CloudWatchLogs
|
|
4457
4523
|
# streams that have names that start with the prefixes that you
|
4458
4524
|
# specify here are included in the Live Tail session.
|
4459
4525
|
#
|
4526
|
+
# If you specify this field, you can't also specify the
|
4527
|
+
# `logStreamNames` field.
|
4528
|
+
#
|
4460
4529
|
# <note markdown="1"> You can specify this parameter only if you specify only one log
|
4461
4530
|
# group in `logGroupIdentifiers`.
|
4462
4531
|
#
|