aws-sdk-cloudwatchlogs 1.138.0 → 1.139.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69a58cf3fa74eddb5278a3227ed0727ddb5d95aeb46469a7a88496669dc2d013
-  data.tar.gz: 0f11870a4527af40e84af2734c503ffabd51d07cf10bed708abce9cebd4dbd7f
+  metadata.gz: f19b0f64deb633c633108dcd9f37f28e2d7a185510f31801feb5fcdc3d5d50d8
+  data.tar.gz: c5a669da720f1b3070bfbf2a188d4873bac7d327a3e5aa4c6d0e950e22a3b293
 SHA512:
-  metadata.gz: 9a4226cda156d271b357c1130e2729fd3678a2f18d54e500cea3a762005cd7ecf615e1ac98a66c627dde36c659bff5f868ebe85485ca6deee9653c6d1acb7117
-  data.tar.gz: d6c41774921879cf9e62ce73717520659d09826bb936d002cffa1c7dde442cef973c293ca803255a9f99509c33385c918861f026c6b45d977c0a53affe6587bd
+  metadata.gz: 13ff2eaaa81fdca738fe86c1f8ad3140263a261afd2b31d5c9d0822a88c7f028f87d38885df359e706c00c676d2791ec44c1cbfb7ae986ada273ae521e57acec
+  data.tar.gz: e408534a92b4e15e9c02e0b7e1504c3f92bd3c104561a411d5be9bf7a9a0fb46ee3dbb2fdad6fb80d3d7165bbb2ea1fddd168cef4832aa29625603d82e856ca8

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.139.0 (2026-03-03)
+------------------
+
+* Feature - CloudWatch Logs updates- Added support for the PutBearerTokenAuthentication API to enable or disable bearer token authentication on a log group. For more information, see CloudWatch Logs API documentation.
+
 1.138.0 (2026-01-16)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.138.0
+1.139.0

data/lib/aws-sdk-cloudwatchlogs/client.rb

@@ -973,9 +973,11 @@ module Aws::CloudWatchLogs
     #
     #   * logs:PutResourcePolicy
     #
-    #   * (If source has an associated AWS KMS Key) kms:Decrypt
+    #   * (If source has an associated Amazon Web Services KMS Key)
+    #     kms:Decrypt
     #
-    #   * (If source has an associated AWS KMS Key) kms:GenerateDataKey
+    #   * (If source has an associated Amazon Web Services KMS Key)
+    #     kms:GenerateDataKey
     #   Example IAM policy for provided import role:
     #
     #   `[ { "Effect": "Allow", "Action": "iam:PassRole", "Resource":
@@ -2865,6 +2867,7 @@ module Aws::CloudWatchLogs
     #   resp.log_groups[0].log_group_class #=> String, one of "STANDARD", "INFREQUENT_ACCESS", "DELIVERY"
     #   resp.log_groups[0].log_group_arn #=> String
     #   resp.log_groups[0].deletion_protection_enabled #=> Boolean
+    #   resp.log_groups[0].bearer_token_authentication_enabled #=> Boolean
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups AWS API Documentation
@@ -4197,6 +4200,20 @@ module Aws::CloudWatchLogs
     # `@ptr.$['AAA']['BBB']['CCC']['DDD']`, `@ptr.$['AAA']`, or any other
     # path matching your log structure.
     #
+    # <note markdown="1"> The `GetLogObject` API routes requests using SDK host prefix
+    # injection. SDK versions released before April 1, 2026 route to
+    # `streaming-logs.Region.amazonaws.com`, which does not support VPC
+    # endpoints. SDK versions released on or after April 1, 2026 route to
+    # `stream-logs.Region.amazonaws.com`, which supports VPC endpoints. To
+    # set up a VPC endpoint for this API, see [Creating a VPC endpoint for
+    # CloudWatch Logs ][1].
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch-logs-and-interface-VPC.html#create-VPC-endpoint-for-CloudWatchLogs
+    #
     # @option params [Boolean] :unmask
     #   A boolean flag that indicates whether to unmask sensitive log data.
     #   When set to true, any masked or redacted data in the log object will
@@ -5699,12 +5716,12 @@ module Aws::CloudWatchLogs
     # in the EMF format are still ingested, but no CloudWatch Metrics are
     # created from them.
     #
-    # Creating a policy disables metrics for AWS features that use EMF to
-    # create metrics, such as CloudWatch Container Insights and CloudWatch
-    # Application Signals. To prevent turning off those features by
-    # accident, we recommend that you exclude the underlying log-groups
-    # through a selection-criteria such as `LogGroupNamePrefix NOT IN
-    # ["/aws/containerinsights", "/aws/ecs/containerinsights",
+    # Creating a policy disables metrics for Amazon Web Services features
+    # that use EMF to create metrics, such as CloudWatch Container Insights
+    # and CloudWatch Application Signals. To prevent turning off those
+    # features by accident, we recommend that you exclude the underlying
+    # log-groups through a selection-criteria such as `LogGroupNamePrefix
+    # NOT IN ["/aws/containerinsights", "/aws/ecs/containerinsights",
     # "/aws/application-signals/data"]`.
     #
     # Each account can have either one account-level metric extraction
@@ -5957,6 +5974,53 @@ module Aws::CloudWatchLogs
       req.send_request(options)
     end
 
+    # Enables or disables bearer token authentication for the specified log
+    # group. When enabled on a log group, bearer token authentication is
+    # enabled on operations until it is explicitly disabled.
+    #
+    # For information about the parameters that are common to all actions,
+    # see [Common Parameters][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/CommonParameters.html
+    #
+    # @option params [required, String] :log_group_identifier
+    #   The name or ARN of the log group.
+    #
+    #   Type: String
+    #
+    #   Length Constraints: Minimum length of 1. Maximum length of 512.
+    #
+    #   Pattern: `[\.\-_/#A-Za-z0-9]+`
+    #
+    #   Required: Yes
+    #
+    # @option params [required, Boolean] :bearer_token_authentication_enabled
+    #   Whether to enable bearer token authentication.
+    #
+    #   Type: Boolean
+    #
+    #   Required: Yes
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_bearer_token_authentication({
+    #     log_group_identifier: "LogGroupIdentifier", # required
+    #     bearer_token_authentication_enabled: false, # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutBearerTokenAuthentication AWS API Documentation
+    #
+    # @overload put_bearer_token_authentication(params = {})
+    # @param [Hash] params ({})
+    def put_bearer_token_authentication(params = {}, options = {})
+      req = build_request(:put_bearer_token_authentication, params)
+      req.send_request(options)
+    end
+
     # Creates a data protection policy for the specified log group. A data
     # protection policy can help safeguard sensitive data that's ingested
     # by the log group by auditing and masking the sensitive log data.
@@ -7687,9 +7751,13 @@ module Aws::CloudWatchLogs
     # * A [SessionTimeoutException][5] object is returned when the session
     #   times out, after it has been kept open for three hours.
     #
-    # <note markdown="1"> The `StartLiveTail` API routes requests to
-    # `streaming-logs.Region.amazonaws.com` using SDK host prefix injection.
-    # VPC endpoint support is not available for this API.
+    # <note markdown="1"> The `StartLiveTail` API routes requests using SDK host prefix
+    # injection. SDK versions released before April 1, 2026 route to
+    # `streaming-logs.Region.amazonaws.com`, which does not support VPC
+    # endpoints. SDK versions released on or after April 1, 2026 route to
+    # `stream-logs.Region.amazonaws.com`, which supports VPC endpoints. To
+    # set up a VPC endpoint for this API, see [Creating a VPC endpoint for
+    # CloudWatch Logs ][6].
     #
     #  </note>
     #
@@ -7699,7 +7767,7 @@ module Aws::CloudWatchLogs
     # the server breaks.
     #
     # For examples of using an SDK to start a Live Tail session, see [ Start
-    # a Live Tail session using an Amazon Web Services SDK][6].
+    # a Live Tail session using an Amazon Web Services SDK][7].
     #
     #
     #
@@ -7708,7 +7776,8 @@ module Aws::CloudWatchLogs
     # [3]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html
     # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionStreamingException
     # [5]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionTimeoutException
-    # [6]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html
+    # [6]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch-logs-and-interface-VPC.html#create-VPC-endpoint-for-CloudWatchLogs
+    # [7]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html
     #
     # @option params [required, Array<String>] :log_group_identifiers
     #   An array where each item in the array is a log group to include in the
@@ -8878,7 +8947,7 @@ module Aws::CloudWatchLogs
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-cloudwatchlogs'
-      context[:gem_version] = '1.138.0'
+      context[:gem_version] = '1.139.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudwatchlogs/client_api.rb

@@ -47,6 +47,7 @@ module Aws::CloudWatchLogs
     AssociateSourceToS3TableIntegrationResponse = Shapes::StructureShape.new(name: 'AssociateSourceToS3TableIntegrationResponse')
     Baseline = Shapes::BooleanShape.new(name: 'Baseline')
     BatchId = Shapes::StringShape.new(name: 'BatchId')
+    BearerTokenAuthenticationEnabled = Shapes::BooleanShape.new(name: 'BearerTokenAuthenticationEnabled')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CSV = Shapes::StructureShape.new(name: 'CSV')
     CancelExportTaskRequest = Shapes::StructureShape.new(name: 'CancelExportTaskRequest')
@@ -465,6 +466,7 @@ module Aws::CloudWatchLogs
     Processors = Shapes::ListShape.new(name: 'Processors')
     PutAccountPolicyRequest = Shapes::StructureShape.new(name: 'PutAccountPolicyRequest')
     PutAccountPolicyResponse = Shapes::StructureShape.new(name: 'PutAccountPolicyResponse')
+    PutBearerTokenAuthenticationRequest = Shapes::StructureShape.new(name: 'PutBearerTokenAuthenticationRequest')
     PutDataProtectionPolicyRequest = Shapes::StructureShape.new(name: 'PutDataProtectionPolicyRequest')
     PutDataProtectionPolicyResponse = Shapes::StructureShape.new(name: 'PutDataProtectionPolicyResponse')
     PutDeliveryDestinationPolicyRequest = Shapes::StructureShape.new(name: 'PutDeliveryDestinationPolicyRequest')
@@ -1696,6 +1698,7 @@ module Aws::CloudWatchLogs
     LogGroup.add_member(:log_group_class, Shapes::ShapeRef.new(shape: LogGroupClass, location_name: "logGroupClass"))
     LogGroup.add_member(:log_group_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "logGroupArn"))
     LogGroup.add_member(:deletion_protection_enabled, Shapes::ShapeRef.new(shape: DeletionProtectionEnabled, location_name: "deletionProtectionEnabled"))
+    LogGroup.add_member(:bearer_token_authentication_enabled, Shapes::ShapeRef.new(shape: BearerTokenAuthenticationEnabled, location_name: "bearerTokenAuthenticationEnabled"))
     LogGroup.struct_class = Types::LogGroup
 
     LogGroupArnList.member = Shapes::ShapeRef.new(shape: LogGroupArn)
@@ -1937,6 +1940,10 @@ module Aws::CloudWatchLogs
     PutAccountPolicyResponse.add_member(:account_policy, Shapes::ShapeRef.new(shape: AccountPolicy, location_name: "accountPolicy"))
     PutAccountPolicyResponse.struct_class = Types::PutAccountPolicyResponse
 
+    PutBearerTokenAuthenticationRequest.add_member(:log_group_identifier, Shapes::ShapeRef.new(shape: LogGroupIdentifier, required: true, location_name: "logGroupIdentifier"))
+    PutBearerTokenAuthenticationRequest.add_member(:bearer_token_authentication_enabled, Shapes::ShapeRef.new(shape: BearerTokenAuthenticationEnabled, required: true, location_name: "bearerTokenAuthenticationEnabled"))
+    PutBearerTokenAuthenticationRequest.struct_class = Types::PutBearerTokenAuthenticationRequest
+
     PutDataProtectionPolicyRequest.add_member(:log_group_identifier, Shapes::ShapeRef.new(shape: LogGroupIdentifier, required: true, location_name: "logGroupIdentifier"))
     PutDataProtectionPolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: DataProtectionPolicyDocument, required: true, location_name: "policyDocument"))
     PutDataProtectionPolicyRequest.struct_class = Types::PutDataProtectionPolicyRequest
@@ -3510,6 +3517,20 @@ module Aws::CloudWatchLogs
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
 
+      api.add_operation(:put_bearer_token_authentication, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutBearerTokenAuthentication"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutBearerTokenAuthenticationRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: OperationAbortedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+      end)
+
       api.add_operation(:put_data_protection_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutDataProtectionPolicy"
         o.http_method = "POST"

data/lib/aws-sdk-cloudwatchlogs/types.rb

@@ -4302,7 +4302,7 @@ module Aws::CloudWatchLogs
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Processors.html#CloudWatch-Logs-Transformation-Grok
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Configurable.html#CloudWatch-Logs-Transformation-Grok
     #
     # @!attribute [rw] source
     #   The path to the field in the log event that you want to parse. If
@@ -4315,7 +4315,7 @@ module Aws::CloudWatchLogs
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Processors.html#Grok-Patterns
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation-Configurable.html#CloudWatch-Logs-Transformation-Grok
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/Grok AWS API Documentation
@@ -5572,6 +5572,12 @@ module Aws::CloudWatchLogs
     #   until it is explicitly disabled.
     #   @return [Boolean]
     #
+    # @!attribute [rw] bearer_token_authentication_enabled
+    #   Indicates whether bearer token authentication is enabled for this
+    #   log group. When enabled, bearer token authentication is allowed on
+    #   operations until it is explicitly disabled.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/LogGroup AWS API Documentation
     #
     class LogGroup < Struct.new(
@@ -5586,7 +5592,8 @@ module Aws::CloudWatchLogs
       :inherited_properties,
       :log_group_class,
       :log_group_arn,
-      :deletion_protection_enabled)
+      :deletion_protection_enabled,
+      :bearer_token_authentication_enabled)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7257,6 +7264,35 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] log_group_identifier
+    #   The name or ARN of the log group.
+    #
+    #   Type: String
+    #
+    #   Length Constraints: Minimum length of 1. Maximum length of 512.
+    #
+    #   Pattern: `[\.\-_/#A-Za-z0-9]+`
+    #
+    #   Required: Yes
+    #   @return [String]
+    #
+    # @!attribute [rw] bearer_token_authentication_enabled
+    #   Whether to enable bearer token authentication.
+    #
+    #   Type: Boolean
+    #
+    #   Required: Yes
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutBearerTokenAuthenticationRequest AWS API Documentation
+    #
+    class PutBearerTokenAuthenticationRequest < Struct.new(
+      :log_group_identifier,
+      :bearer_token_authentication_enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_identifier
     #   Specify either the log group name or log group ARN.
     #   @return [String]

data/lib/aws-sdk-cloudwatchlogs.rb

@@ -55,7 +55,7 @@ module Aws::CloudWatchLogs
   autoload :Endpoints, 'aws-sdk-cloudwatchlogs/endpoints'
   autoload :EventStreams, 'aws-sdk-cloudwatchlogs/event_streams'
 
-  GEM_VERSION = '1.138.0'
+  GEM_VERSION = '1.139.0'
 
 end
 

data/sig/client.rbs

@@ -1044,6 +1044,13 @@ module Aws
                               ) -> _PutAccountPolicyResponseSuccess
                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutAccountPolicyResponseSuccess
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CloudWatchLogs/Client.html#put_bearer_token_authentication-instance_method
+      def put_bearer_token_authentication: (
+                                             log_group_identifier: ::String,
+                                             bearer_token_authentication_enabled: bool
+                                           ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+
       interface _PutDataProtectionPolicyResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::PutDataProtectionPolicyResponse]
         def log_group_identifier: () -> ::String

data/sig/types.rbs

@@ -1337,6 +1337,7 @@ module Aws::CloudWatchLogs
       attr_accessor log_group_class: ("STANDARD" | "INFREQUENT_ACCESS" | "DELIVERY")
       attr_accessor log_group_arn: ::String
       attr_accessor deletion_protection_enabled: bool
+      attr_accessor bearer_token_authentication_enabled: bool
       SENSITIVE: []
     end
 
@@ -1609,6 +1610,12 @@ module Aws::CloudWatchLogs
       SENSITIVE: []
     end
 
+    class PutBearerTokenAuthenticationRequest
+      attr_accessor log_group_identifier: ::String
+      attr_accessor bearer_token_authentication_enabled: bool
+      SENSITIVE: []
+    end
+
     class PutDataProtectionPolicyRequest
       attr_accessor log_group_identifier: ::String
       attr_accessor policy_document: ::String

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudwatchlogs
 version: !ruby/object:Gem::Version
-  version: 1.138.0
+  version: 1.139.0
 platform: ruby
 authors:
 - Amazon Web Services