aws-sdk-securitylake 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securitylake/client.rb +256 -225
- data/lib/aws-sdk-securitylake/client_api.rb +6 -5
- data/lib/aws-sdk-securitylake/endpoint_provider.rb +53 -55
- data/lib/aws-sdk-securitylake/types.rb +235 -517
- data/lib/aws-sdk-securitylake.rb +1 -1
- metadata +2 -2
@@ -368,38 +368,41 @@ module Aws::SecurityLake
|
|
368
368
|
|
369
369
|
# @!group API Operations
|
370
370
|
|
371
|
-
# Adds a natively
|
371
|
+
# Adds a natively supported Amazon Web Service as an Amazon Security
|
372
372
|
# Lake source. Enables source types for member accounts in required
|
373
|
-
# Regions, based on
|
374
|
-
# in any Region for accounts that are
|
375
|
-
# organization or standalone accounts. At least one of
|
376
|
-
# dimensions is a mandatory input to this API. However,
|
377
|
-
# of the three dimensions
|
373
|
+
# Amazon Web Services Regions, based on the parameters you specify. You
|
374
|
+
# can choose any source type in any Region for either accounts that are
|
375
|
+
# part of a trusted organization or standalone accounts. At least one of
|
376
|
+
# the three dimensions is a mandatory input to this API. However, you
|
377
|
+
# can supply any combination of the three dimensions to this API.
|
378
378
|
#
|
379
|
-
# By default, dimension refers to the entire set. When you don't
|
379
|
+
# By default, a dimension refers to the entire set. When you don't
|
380
380
|
# provide a dimension, Security Lake assumes that the missing dimension
|
381
381
|
# refers to the entire set. This is overridden when you supply any one
|
382
|
-
# of the inputs. For instance, when
|
383
|
-
#
|
384
|
-
# when
|
382
|
+
# of the inputs. For instance, when you do not specify members, the API
|
383
|
+
# enables all Security Lake member accounts for all sources. Similarly,
|
384
|
+
# when you do not specify Regions, Security Lake is enabled for all the
|
385
385
|
# Regions where Security Lake is available as a service.
|
386
386
|
#
|
387
|
-
# You can use this API only to enable
|
388
|
-
# Services
|
389
|
-
#
|
387
|
+
# You can use this API only to enable natively supported Amazon Web
|
388
|
+
# Services as a source. Use `CreateCustomLogSource` to enable data
|
389
|
+
# collection from a custom source.
|
390
390
|
#
|
391
391
|
# @option params [Hash<String,Hash>] :enable_all_dimensions
|
392
|
-
# Enables
|
392
|
+
# Enables data collection from specific Amazon Web Services sources in
|
393
|
+
# all specific accounts and specific Regions.
|
393
394
|
#
|
394
395
|
# @option params [Array<String>] :enable_single_dimension
|
395
|
-
# Enables all
|
396
|
+
# Enables data collection from all Amazon Web Services sources in
|
397
|
+
# specific accounts or Regions.
|
396
398
|
#
|
397
399
|
# @option params [Hash<String,Array>] :enable_two_dimensions
|
398
|
-
# Enables
|
400
|
+
# Enables data collection from specific Amazon Web Services sources in
|
401
|
+
# specific accounts or Regions.
|
399
402
|
#
|
400
403
|
# @option params [required, Array<String>] :input_order
|
401
404
|
# Specifies the input order to enable dimensions in Security Lake,
|
402
|
-
# namely
|
405
|
+
# namely Region, source type, and member account.
|
403
406
|
#
|
404
407
|
# @return [Types::CreateAwsLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
405
408
|
#
|
@@ -438,30 +441,35 @@ module Aws::SecurityLake
|
|
438
441
|
end
|
439
442
|
|
440
443
|
# Adds a third-party custom source in Amazon Security Lake, from the
|
441
|
-
# Region where you want to create a custom source.
|
442
|
-
# collect logs and events from third-party custom
|
443
|
-
# creating the appropriate
|
444
|
-
#
|
445
|
-
#
|
446
|
-
#
|
444
|
+
# Amazon Web Services Region where you want to create a custom source.
|
445
|
+
# Security Lake can collect logs and events from third-party custom
|
446
|
+
# sources. After creating the appropriate IAM role to invoke Glue
|
447
|
+
# crawler, use this API to add a custom source name in Security Lake.
|
448
|
+
# This operation creates a partition in the Amazon S3 bucket for
|
449
|
+
# Security Lake as the target location for log files from the custom
|
450
|
+
# source in addition to an associated Glue table and an Glue crawler.
|
447
451
|
#
|
448
452
|
# @option params [required, String] :custom_source_name
|
449
|
-
# The
|
453
|
+
# The name for a third-party custom source. This must be a Regionally
|
454
|
+
# unique value.
|
450
455
|
#
|
451
456
|
# @option params [required, String] :event_class
|
452
|
-
# The Open Cybersecurity Schema Framework (OCSF) event class
|
457
|
+
# The Open Cybersecurity Schema Framework (OCSF) event class which
|
458
|
+
# describes the type of data that the custom source will send to
|
459
|
+
# Security Lake.
|
453
460
|
#
|
454
461
|
# @option params [required, String] :glue_invocation_role_arn
|
455
|
-
# The
|
462
|
+
# The Amazon Resource Name (ARN) of the Identity and Access Management
|
463
|
+
# (IAM) role to be used by the Glue crawler. The recommended IAM
|
456
464
|
# policies are:
|
457
465
|
#
|
458
466
|
# * The managed policy `AWSGlueServiceRole`
|
459
467
|
#
|
460
|
-
# * A custom policy granting access to your S3 Data Lake
|
468
|
+
# * A custom policy granting access to your Amazon S3 Data Lake
|
461
469
|
#
|
462
470
|
# @option params [required, String] :log_provider_account_id
|
463
|
-
# The
|
464
|
-
# Data Lake.
|
471
|
+
# The Amazon Web Services account ID of the custom source that will
|
472
|
+
# write logs and events into the Amazon S3 Data Lake.
|
465
473
|
#
|
466
474
|
# @return [Types::CreateCustomLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
467
475
|
#
|
@@ -498,47 +506,52 @@ module Aws::SecurityLake
|
|
498
506
|
end
|
499
507
|
|
500
508
|
# Initializes an Amazon Security Lake instance with the provided (or
|
501
|
-
# default) configuration. You can enable Security Lake in
|
502
|
-
# customized settings
|
503
|
-
# Regions. You can either use the `enableAll` parameter to
|
504
|
-
# Regions or
|
505
|
-
# Lake
|
506
|
-
#
|
507
|
-
#
|
508
|
-
#
|
509
|
-
#
|
510
|
-
#
|
509
|
+
# default) configuration. You can enable Security Lake in Amazon Web
|
510
|
+
# Services Regions with customized settings before enabling log
|
511
|
+
# collection in Regions. You can either use the `enableAll` parameter to
|
512
|
+
# specify all Regions or specify the Regions where you want to enable
|
513
|
+
# Security Lake. To specify particular Regions, use the `Regions`
|
514
|
+
# parameter and then configure these Regions using the `configurations`
|
515
|
+
# parameter. If you have already enabled Security Lake in a Region when
|
516
|
+
# you call this command, the command will update the Region if you
|
517
|
+
# provide new configuration parameters. If you have not already enabled
|
518
|
+
# Security Lake in the Region when you call this API, it will set up the
|
519
|
+
# data lake in the Region with the specified configurations.
|
511
520
|
#
|
512
521
|
# When you enable Security Lake, it starts ingesting security data after
|
513
522
|
# the `CreateAwsLogSource` call. This includes ingesting security data
|
514
523
|
# from sources, storing data, and making data accessible to subscribers.
|
515
524
|
# Security Lake also enables all the existing settings and resources
|
516
|
-
# that it stores or maintains for your
|
517
|
-
# including security log and event data. For more
|
518
|
-
# Amazon Security Lake User Guide.
|
525
|
+
# that it stores or maintains for your Amazon Web Services account in
|
526
|
+
# the current Region, including security log and event data. For more
|
527
|
+
# information, see the [Amazon Security Lake User Guide][1].
|
528
|
+
#
|
529
|
+
#
|
530
|
+
#
|
531
|
+
# [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html
|
519
532
|
#
|
520
533
|
# @option params [Hash<String,Types::LakeConfigurationRequest>] :configurations
|
521
|
-
#
|
522
|
-
#
|
534
|
+
# Specify the Region or Regions that will contribute data to the rollup
|
535
|
+
# region.
|
523
536
|
#
|
524
537
|
# @option params [Boolean] :enable_all
|
525
|
-
# Enable Security Lake in all Regions
|
538
|
+
# Enable Security Lake in all Regions.
|
526
539
|
#
|
527
540
|
# @option params [String] :meta_store_manager_role_arn
|
528
|
-
# The
|
529
|
-
#
|
530
|
-
# sources and custom sources.
|
541
|
+
# The Amazon Resource Name (ARN) used to create and update the Glue
|
542
|
+
# table. This table contains partitions generated by the ingestion and
|
543
|
+
# normalization of Amazon Web Services log sources and custom sources.
|
531
544
|
#
|
532
545
|
# @option params [Array<String>] :regions
|
533
|
-
# Enable Security Lake in the specified Regions
|
534
|
-
#
|
535
|
-
#
|
536
|
-
#
|
537
|
-
#
|
546
|
+
# Enable Security Lake in the specified Regions. To enable Security Lake
|
547
|
+
# in specific Amazon Web Services Regions, such as us-east-1 or
|
548
|
+
# ap-northeast-3, provide the Region codes. For a list of Region codes,
|
549
|
+
# see [Amazon Security Lake endpoints][1] in the Amazon Web Services
|
550
|
+
# General Reference.
|
538
551
|
#
|
539
552
|
#
|
540
553
|
#
|
541
|
-
# [1]: https://docs.aws.amazon.com/general/latest/gr/
|
554
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/securitylake.html
|
542
555
|
#
|
543
556
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
544
557
|
#
|
@@ -575,16 +588,13 @@ module Aws::SecurityLake
|
|
575
588
|
req.send_request(options)
|
576
589
|
end
|
577
590
|
|
578
|
-
# Automatically
|
579
|
-
#
|
580
|
-
#
|
581
|
-
# accounts as member accounts as they are added to the organization.
|
582
|
-
# Security Lake does not enable existing organization accounts that are
|
583
|
-
# not yet enabled.
|
591
|
+
# Automatically enables Amazon Security Lake for new member accounts in
|
592
|
+
# your organization. Security Lake is not automatically enabled for any
|
593
|
+
# existing member accounts in your organization.
|
584
594
|
#
|
585
595
|
# @option params [required, Array<Types::AutoEnableNewRegionConfiguration>] :configuration_for_new_accounts
|
586
|
-
# Enable
|
587
|
-
#
|
596
|
+
# Enable Security Lake with the specified configuration settings to
|
597
|
+
# begin collecting security data for new accounts in your organization.
|
588
598
|
#
|
589
599
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
590
600
|
#
|
@@ -608,13 +618,14 @@ module Aws::SecurityLake
|
|
608
618
|
req.send_request(options)
|
609
619
|
end
|
610
620
|
|
611
|
-
# Designates the Security Lake administrator account
|
612
|
-
# organization. This API can only be called by the organization
|
621
|
+
# Designates the Amazon Security Lake delegated administrator account
|
622
|
+
# for the organization. This API can only be called by the organization
|
613
623
|
# management account. The organization management account cannot be the
|
614
624
|
# delegated administrator account.
|
615
625
|
#
|
616
626
|
# @option params [required, String] :account
|
617
|
-
#
|
627
|
+
# The Amazon Web Services account ID of the Security Lake delegated
|
628
|
+
# administrator.
|
618
629
|
#
|
619
630
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
620
631
|
#
|
@@ -633,16 +644,15 @@ module Aws::SecurityLake
|
|
633
644
|
req.send_request(options)
|
634
645
|
end
|
635
646
|
|
636
|
-
# Creates the specified notification subscription in Security
|
637
|
-
#
|
638
|
-
# organization.
|
647
|
+
# Creates the specified notification subscription in Amazon Security
|
648
|
+
# Lake for the organization you specify.
|
639
649
|
#
|
640
650
|
# @option params [required, String] :notification_endpoint
|
641
|
-
# The account
|
642
|
-
#
|
651
|
+
# The Amazon Web Services account where you want to receive exception
|
652
|
+
# notifications.
|
643
653
|
#
|
644
654
|
# @option params [required, String] :subscription_protocol
|
645
|
-
# The subscription protocol to which exception
|
655
|
+
# The subscription protocol to which exception notifications are posted.
|
646
656
|
#
|
647
657
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
648
658
|
#
|
@@ -663,32 +673,31 @@ module Aws::SecurityLake
|
|
663
673
|
end
|
664
674
|
|
665
675
|
# Creates a subscription permission for accounts that are already
|
666
|
-
# enabled in Security Lake.
|
676
|
+
# enabled in Amazon Security Lake. You can create a subscriber with
|
677
|
+
# access to data in the current Amazon Web Services Region.
|
667
678
|
#
|
668
679
|
# @option params [Array<String>] :access_types
|
669
680
|
# The Amazon S3 or Lake Formation access type.
|
670
681
|
#
|
671
682
|
# @option params [required, String] :account_id
|
672
|
-
# The
|
673
|
-
# data.
|
683
|
+
# The Amazon Web Services account ID used to access your data.
|
674
684
|
#
|
675
685
|
# @option params [required, String] :external_id
|
676
|
-
# The external ID of the subscriber.
|
677
|
-
#
|
678
|
-
#
|
679
|
-
#
|
686
|
+
# The external ID of the subscriber. This lets the user that is assuming
|
687
|
+
# the role assert the circumstances in which they are operating. It also
|
688
|
+
# provides a way for the account owner to permit the role to be assumed
|
689
|
+
# only under specific circumstances.
|
680
690
|
#
|
681
691
|
# @option params [required, Array<Types::SourceType>] :source_types
|
682
|
-
# The supported Amazon Web Services
|
683
|
-
#
|
684
|
-
#
|
692
|
+
# The supported Amazon Web Services from which logs and events are
|
693
|
+
# collected. Security Lake supports log and event collection for
|
694
|
+
# natively supported Amazon Web Services.
|
685
695
|
#
|
686
696
|
# @option params [String] :subscriber_description
|
687
|
-
# The
|
688
|
-
# Security Lake.
|
697
|
+
# The description for your subscriber account in Security Lake.
|
689
698
|
#
|
690
699
|
# @option params [required, String] :subscriber_name
|
691
|
-
# The name of your
|
700
|
+
# The name of your Security Lake subscriber account.
|
692
701
|
#
|
693
702
|
# @return [Types::CreateSubscriberResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
694
703
|
#
|
@@ -709,7 +718,7 @@ module Aws::SecurityLake
|
|
709
718
|
# custom_source_type: "CustomSourceType",
|
710
719
|
# },
|
711
720
|
# ],
|
712
|
-
# subscriber_description: "
|
721
|
+
# subscriber_description: "DescriptionString",
|
713
722
|
# subscriber_name: "CreateSubscriberRequestSubscriberNameString", # required
|
714
723
|
# })
|
715
724
|
#
|
@@ -729,32 +738,31 @@ module Aws::SecurityLake
|
|
729
738
|
req.send_request(options)
|
730
739
|
end
|
731
740
|
|
732
|
-
#
|
733
|
-
#
|
734
|
-
# organization.
|
741
|
+
# Notifies the subscriber when new data is written to the data lake for
|
742
|
+
# the sources that the subscriber consumes in Security Lake.
|
735
743
|
#
|
736
744
|
# @option params [Boolean] :create_sqs
|
737
|
-
# Create
|
738
|
-
# ID in Security Lake.
|
745
|
+
# Create an Amazon Simple Queue Service queue.
|
739
746
|
#
|
740
747
|
# @option params [String] :https_api_key_name
|
741
|
-
# The key name for the subscription
|
748
|
+
# The key name for the notification subscription.
|
742
749
|
#
|
743
750
|
# @option params [String] :https_api_key_value
|
744
|
-
# The key value for the subscription
|
751
|
+
# The key value for the notification subscription.
|
745
752
|
#
|
746
753
|
# @option params [String] :https_method
|
747
|
-
# The HTTPS method used for the subscription
|
754
|
+
# The HTTPS method used for the notification subscription.
|
748
755
|
#
|
749
756
|
# @option params [String] :role_arn
|
750
|
-
# The Amazon Resource Name (ARN)
|
757
|
+
# The Amazon Resource Name (ARN) of the EventBridge API destinations IAM
|
758
|
+
# role that you created.
|
751
759
|
#
|
752
760
|
# @option params [String] :subscription_endpoint
|
753
|
-
# The subscription endpoint in Security Lake.
|
761
|
+
# The subscription endpoint in Security Lake. If you prefer notification
|
762
|
+
# with an HTTPs endpoint, populate this field.
|
754
763
|
#
|
755
764
|
# @option params [required, String] :subscription_id
|
756
|
-
# The subscription ID for
|
757
|
-
# specified.
|
765
|
+
# The subscription ID for the notification subscription/
|
758
766
|
#
|
759
767
|
# @return [Types::CreateSubscriptionNotificationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
760
768
|
#
|
@@ -785,37 +793,33 @@ module Aws::SecurityLake
|
|
785
793
|
req.send_request(options)
|
786
794
|
end
|
787
795
|
|
788
|
-
# Removes a natively
|
789
|
-
#
|
796
|
+
# Removes a natively supported Amazon Web Service as an Amazon Security
|
797
|
+
# Lake source. When you remove the source, Security Lake stops
|
790
798
|
# collecting data from that source, and subscribers can no longer
|
791
799
|
# consume new data from the source. Subscribers can still consume data
|
792
|
-
# that
|
793
|
-
#
|
794
|
-
#
|
795
|
-
#
|
796
|
-
#
|
797
|
-
#
|
798
|
-
#
|
799
|
-
#
|
800
|
-
# By default, dimension refers to the entire set. This is overridden
|
801
|
-
# when you supply any one of the inputs. For instance, when
|
802
|
-
#
|
803
|
-
# sources. Similarly, when
|
804
|
-
# disabled for all the Regions where Security Lake is available as a
|
800
|
+
# that Security Lake collected from the source before disablement.
|
801
|
+
#
|
802
|
+
# You can choose any source type in any Amazon Web Services Region for
|
803
|
+
# either accounts that are part of a trusted organization or standalone
|
804
|
+
# accounts. At least one of the three dimensions is a mandatory input to
|
805
|
+
# this API. However, you can supply any combination of the three
|
806
|
+
# dimensions to this API.
|
807
|
+
#
|
808
|
+
# By default, a dimension refers to the entire set. This is overridden
|
809
|
+
# when you supply any one of the inputs. For instance, when you do not
|
810
|
+
# specify members, the API disables all Security Lake member accounts
|
811
|
+
# for sources. Similarly, when you do not specify Regions, Security Lake
|
812
|
+
# is disabled for all the Regions where Security Lake is available as a
|
805
813
|
# service.
|
806
814
|
#
|
807
|
-
# You can use this API to remove a natively-supported Amazon Web
|
808
|
-
# Services service as a source. Use `DeregisterCustomData` to remove a
|
809
|
-
# custom source.
|
810
|
-
#
|
811
815
|
# When you don't provide a dimension, Security Lake assumes that the
|
812
816
|
# missing dimension refers to the entire set. For example, if you don't
|
813
817
|
# provide specific accounts, the API applies to the entire set of
|
814
818
|
# accounts in your organization.
|
815
819
|
#
|
816
820
|
# @option params [Hash<String,Hash>] :disable_all_dimensions
|
817
|
-
# Removes the specific Amazon Web Services sources from
|
818
|
-
#
|
821
|
+
# Removes the specific Amazon Web Services sources from specific
|
822
|
+
# accounts and specific Regions.
|
819
823
|
#
|
820
824
|
# @option params [Array<String>] :disable_single_dimension
|
821
825
|
# Removes all Amazon Web Services sources from specific accounts or
|
@@ -826,8 +830,10 @@ module Aws::SecurityLake
|
|
826
830
|
# Regions.
|
827
831
|
#
|
828
832
|
# @option params [required, Array<String>] :input_order
|
829
|
-
# This is a mandatory input.
|
830
|
-
# dimensions in Security Lake, namely Region
|
833
|
+
# This is a mandatory input. Specify the input order to disable
|
834
|
+
# dimensions in Security Lake, namely Region (Amazon Web Services Region
|
835
|
+
# code, source type, and member (account ID of a specific Amazon Web
|
836
|
+
# Services account).
|
831
837
|
#
|
832
838
|
# @return [Types::DeleteAwsLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
833
839
|
#
|
@@ -865,10 +871,10 @@ module Aws::SecurityLake
|
|
865
871
|
req.send_request(options)
|
866
872
|
end
|
867
873
|
|
868
|
-
# Removes a custom log source from Security Lake.
|
874
|
+
# Removes a custom log source from Amazon Security Lake.
|
869
875
|
#
|
870
876
|
# @option params [required, String] :custom_source_name
|
871
|
-
# The custom source name for the
|
877
|
+
# The custom source name for the custom log source.
|
872
878
|
#
|
873
879
|
# @return [Types::DeleteCustomLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
874
880
|
#
|
@@ -894,15 +900,21 @@ module Aws::SecurityLake
|
|
894
900
|
end
|
895
901
|
|
896
902
|
# When you delete Amazon Security Lake from your account, Security Lake
|
897
|
-
# is disabled in all Regions. Also, this API
|
898
|
-
#
|
899
|
-
#
|
900
|
-
#
|
901
|
-
#
|
902
|
-
#
|
903
|
-
#
|
904
|
-
#
|
905
|
-
#
|
903
|
+
# is disabled in all Amazon Web Services Regions. Also, this API
|
904
|
+
# automatically takes steps to remove the account from Security Lake .
|
905
|
+
#
|
906
|
+
# This operation disables security data collection from sources, deletes
|
907
|
+
# data stored, and stops making data accessible to subscribers. Security
|
908
|
+
# Lake also deletes all the existing settings and resources that it
|
909
|
+
# stores or maintains for your Amazon Web Services account in the
|
910
|
+
# current Region, including security log and event data. The
|
911
|
+
# `DeleteDatalake` operation does not delete the Amazon S3 bucket, which
|
912
|
+
# is owned by your Amazon Web Services account. For more information,
|
913
|
+
# see the [Amazon Security Lake User Guide][1].
|
914
|
+
#
|
915
|
+
#
|
916
|
+
#
|
917
|
+
# [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/disable-security-lake.html
|
906
918
|
#
|
907
919
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
908
920
|
#
|
@@ -915,19 +927,26 @@ module Aws::SecurityLake
|
|
915
927
|
req.send_request(options)
|
916
928
|
end
|
917
929
|
|
918
|
-
# Automatically
|
919
|
-
#
|
920
|
-
#
|
921
|
-
#
|
922
|
-
#
|
923
|
-
#
|
924
|
-
#
|
925
|
-
#
|
926
|
-
#
|
927
|
-
#
|
930
|
+
# Automatically deletes Amazon Security Lake to stop collecting security
|
931
|
+
# data. When you delete Amazon Security Lake from your account, Security
|
932
|
+
# Lake is disabled in all Regions. Also, this API automatically takes
|
933
|
+
# steps to remove the account from Security Lake .
|
934
|
+
#
|
935
|
+
# This operation disables security data collection from sources, deletes
|
936
|
+
# data stored, and stops making data accessible to subscribers. Security
|
937
|
+
# Lake also deletes all the existing settings and resources that it
|
938
|
+
# stores or maintains for your Amazon Web Services account in the
|
939
|
+
# current Region, including security log and event data. The
|
940
|
+
# `DeleteDatalake` operation does not delete the Amazon S3 bucket, which
|
941
|
+
# is owned by your Amazon Web Services account. For more information,
|
942
|
+
# see the [Amazon Security Lake User Guide][1].
|
943
|
+
#
|
944
|
+
#
|
945
|
+
#
|
946
|
+
# [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/disable-security-lake.html
|
928
947
|
#
|
929
948
|
# @option params [required, Array<Types::AutoEnableNewRegionConfiguration>] :remove_from_configuration_for_new_accounts
|
930
|
-
# Delete Amazon Security Lake with the specified
|
949
|
+
# Delete Amazon Security Lake with the specified configuration settings
|
931
950
|
# to stop ingesting security data for new accounts in Security Lake.
|
932
951
|
#
|
933
952
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
@@ -952,13 +971,13 @@ module Aws::SecurityLake
|
|
952
971
|
req.send_request(options)
|
953
972
|
end
|
954
973
|
|
955
|
-
# Deletes the Security Lake administrator account for
|
956
|
-
# This API can only be called by the organization
|
957
|
-
# The organization management account cannot be the
|
958
|
-
# administrator account.
|
974
|
+
# Deletes the Amazon Security Lake delegated administrator account for
|
975
|
+
# the organization. This API can only be called by the organization
|
976
|
+
# management account. The organization management account cannot be the
|
977
|
+
# delegated administrator account.
|
959
978
|
#
|
960
979
|
# @option params [required, String] :account
|
961
|
-
#
|
980
|
+
# The account ID the Security Lake delegated administrator.
|
962
981
|
#
|
963
982
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
964
983
|
#
|
@@ -977,9 +996,8 @@ module Aws::SecurityLake
|
|
977
996
|
req.send_request(options)
|
978
997
|
end
|
979
998
|
|
980
|
-
# Deletes the specified notification subscription in Security
|
981
|
-
#
|
982
|
-
# organization.
|
999
|
+
# Deletes the specified notification subscription in Amazon Security
|
1000
|
+
# Lake for the organization you specify.
|
983
1001
|
#
|
984
1002
|
# @return [Types::DeleteDatalakeExceptionsSubscriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
985
1003
|
#
|
@@ -998,9 +1016,9 @@ module Aws::SecurityLake
|
|
998
1016
|
req.send_request(options)
|
999
1017
|
end
|
1000
1018
|
|
1001
|
-
# Deletes the
|
1002
|
-
#
|
1003
|
-
#
|
1019
|
+
# Deletes the subscription permission for accounts that are already
|
1020
|
+
# enabled in Amazon Security Lake. You can delete a subscriber and
|
1021
|
+
# remove access to data in the current Amazon Web Services Region.
|
1004
1022
|
#
|
1005
1023
|
# @option params [required, String] :id
|
1006
1024
|
# A value created by Security Lake that uniquely identifies your
|
@@ -1023,12 +1041,11 @@ module Aws::SecurityLake
|
|
1023
1041
|
req.send_request(options)
|
1024
1042
|
end
|
1025
1043
|
|
1026
|
-
# Deletes the specified notification subscription in Security
|
1027
|
-
#
|
1028
|
-
# organization.
|
1044
|
+
# Deletes the specified notification subscription in Amazon Security
|
1045
|
+
# Lake for the organization you specify.
|
1029
1046
|
#
|
1030
1047
|
# @option params [required, String] :subscription_id
|
1031
|
-
# The
|
1048
|
+
# The ID of the Security Lake subscriber account.
|
1032
1049
|
#
|
1033
1050
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1034
1051
|
#
|
@@ -1047,8 +1064,10 @@ module Aws::SecurityLake
|
|
1047
1064
|
req.send_request(options)
|
1048
1065
|
end
|
1049
1066
|
|
1050
|
-
#
|
1051
|
-
# account ID.
|
1067
|
+
# Retrieves the Amazon Security Lake configuration object for the
|
1068
|
+
# specified Amazon Web Services account ID. You can use the
|
1069
|
+
# `GetDatalake` API to know whether Security Lake is enabled for the
|
1070
|
+
# current Region. This API does not take input parameters.
|
1052
1071
|
#
|
1053
1072
|
# @return [Types::GetDatalakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1054
1073
|
#
|
@@ -1079,8 +1098,8 @@ module Aws::SecurityLake
|
|
1079
1098
|
end
|
1080
1099
|
|
1081
1100
|
# Retrieves the configuration that will be automatically set up for
|
1082
|
-
# accounts added to the organization after the organization has
|
1083
|
-
#
|
1101
|
+
# accounts added to the organization after the organization has
|
1102
|
+
# onboarded to Amazon Security Lake. This API does not take input
|
1084
1103
|
# parameters.
|
1085
1104
|
#
|
1086
1105
|
# @return [Types::GetDatalakeAutoEnableResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -1104,10 +1123,9 @@ module Aws::SecurityLake
|
|
1104
1123
|
end
|
1105
1124
|
|
1106
1125
|
# Retrieves the expiration period and time-to-live (TTL) for which the
|
1107
|
-
# exception message will remain. Exceptions are stored by default, for
|
1108
|
-
#
|
1109
|
-
#
|
1110
|
-
# parameters.
|
1126
|
+
# exception message will remain. Exceptions are stored by default, for 2
|
1127
|
+
# weeks from when a record was created in Amazon Security Lake. This API
|
1128
|
+
# does not take input parameters.
|
1111
1129
|
#
|
1112
1130
|
# @return [Types::GetDatalakeExceptionsExpiryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1113
1131
|
#
|
@@ -1147,25 +1165,28 @@ module Aws::SecurityLake
|
|
1147
1165
|
req.send_request(options)
|
1148
1166
|
end
|
1149
1167
|
|
1150
|
-
#
|
1151
|
-
#
|
1168
|
+
# Retrieves a snapshot of the current Region, including whether Amazon
|
1169
|
+
# Security Lake is enabled for those accounts and which sources Security
|
1170
|
+
# Lake is collecting data from.
|
1152
1171
|
#
|
1153
1172
|
# @option params [Array<String>] :account_set
|
1154
|
-
# The account
|
1155
|
-
# including enabled accounts and log
|
1173
|
+
# The Amazon Web Services account ID for which a static snapshot of the
|
1174
|
+
# current Amazon Web Services Region, including enabled accounts and log
|
1175
|
+
# sources, is retrieved.
|
1156
1176
|
#
|
1157
1177
|
# @option params [Integer] :max_account_results
|
1158
1178
|
# The maximum limit of accounts for which the static snapshot of the
|
1159
|
-
# current Region including enabled accounts and log sources is
|
1179
|
+
# current Region, including enabled accounts and log sources, is
|
1160
1180
|
# retrieved.
|
1161
1181
|
#
|
1162
1182
|
# @option params [String] :next_token
|
1163
|
-
#
|
1164
|
-
#
|
1165
|
-
#
|
1166
|
-
#
|
1167
|
-
#
|
1168
|
-
#
|
1183
|
+
# Lists if there are more results available. The value of nextToken is a
|
1184
|
+
# unique pagination token for each page. Repeat the call using the
|
1185
|
+
# returned token to retrieve the next page. Keep all other arguments
|
1186
|
+
# unchanged.
|
1187
|
+
#
|
1188
|
+
# Each pagination token expires after 24 hours. Using an expired
|
1189
|
+
# pagination token will return an HTTP 400 InvalidToken error.
|
1169
1190
|
#
|
1170
1191
|
# @return [Types::GetDatalakeStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1171
1192
|
#
|
@@ -1202,10 +1223,11 @@ module Aws::SecurityLake
|
|
1202
1223
|
req.send_request(options)
|
1203
1224
|
end
|
1204
1225
|
|
1205
|
-
# Retrieves subscription information for the specified subscription
|
1226
|
+
# Retrieves the subscription information for the specified subscription
|
1227
|
+
# ID. You can get information about a specific subscriber.
|
1206
1228
|
#
|
1207
1229
|
# @option params [required, String] :id
|
1208
|
-
# A value created by Security Lake that uniquely identifies your
|
1230
|
+
# A value created by Amazon Security Lake that uniquely identifies your
|
1209
1231
|
# `GetSubscriber` API request.
|
1210
1232
|
#
|
1211
1233
|
# @return [Types::GetSubscriberResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -1248,19 +1270,24 @@ module Aws::SecurityLake
|
|
1248
1270
|
req.send_request(options)
|
1249
1271
|
end
|
1250
1272
|
|
1251
|
-
#
|
1273
|
+
# Lists the Amazon Security Lake exceptions that you can use to find the
|
1252
1274
|
# source of problems and fix them.
|
1253
1275
|
#
|
1254
1276
|
# @option params [Integer] :max_failures
|
1255
1277
|
# List the maximum number of failures in Security Lake.
|
1256
1278
|
#
|
1257
1279
|
# @option params [String] :next_token
|
1258
|
-
# List if there are more results available.
|
1259
|
-
#
|
1260
|
-
# next page
|
1280
|
+
# List if there are more results available. The value of nextToken is a
|
1281
|
+
# unique pagination token for each page. Repeat the call using the
|
1282
|
+
# returned token to retrieve the next page. Keep all other arguments
|
1283
|
+
# unchanged.
|
1284
|
+
#
|
1285
|
+
# Each pagination token expires after 24 hours. Using an expired
|
1286
|
+
# pagination token will return an HTTP 400 InvalidToken error.
|
1261
1287
|
#
|
1262
1288
|
# @option params [Array<String>] :region_set
|
1263
|
-
# List the
|
1289
|
+
# List the Amazon Web Services Regions from which exceptions are
|
1290
|
+
# retrieved.
|
1264
1291
|
#
|
1265
1292
|
# @return [Types::ListDatalakeExceptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1266
1293
|
#
|
@@ -1296,33 +1323,34 @@ module Aws::SecurityLake
|
|
1296
1323
|
req.send_request(options)
|
1297
1324
|
end
|
1298
1325
|
|
1299
|
-
#
|
1326
|
+
# Retrieves the log sources in the current Amazon Web Services Region.
|
1300
1327
|
#
|
1301
1328
|
# @option params [Array<String>] :input_order
|
1302
1329
|
# Lists the log sources in input order, namely Region, source type, and
|
1303
1330
|
# member account.
|
1304
1331
|
#
|
1305
1332
|
# @option params [Hash<String,Hash>] :list_all_dimensions
|
1306
|
-
# List the view of log sources for enabled Security Lake accounts
|
1307
|
-
#
|
1333
|
+
# List the view of log sources for enabled Amazon Security Lake accounts
|
1334
|
+
# for specific Amazon Web Services sources from specific accounts and
|
1335
|
+
# specific Regions.
|
1308
1336
|
#
|
1309
1337
|
# @option params [Array<String>] :list_single_dimension
|
1310
1338
|
# List the view of log sources for enabled Security Lake accounts for
|
1311
|
-
#
|
1339
|
+
# all Amazon Web Services sources from specific accounts or specific
|
1340
|
+
# Regions.
|
1312
1341
|
#
|
1313
1342
|
# @option params [Hash<String,Array>] :list_two_dimensions
|
1314
|
-
# Lists the log sources for
|
1315
|
-
#
|
1316
|
-
#
|
1343
|
+
# Lists the view of log sources for enabled Security Lake accounts for
|
1344
|
+
# specific Amazon Web Services sources from specific accounts or
|
1345
|
+
# specific Regions.
|
1317
1346
|
#
|
1318
1347
|
# @option params [Integer] :max_results
|
1319
|
-
# The maximum number of accounts for which the
|
1348
|
+
# The maximum number of accounts for which the log sources are
|
1320
1349
|
# displayed.
|
1321
1350
|
#
|
1322
1351
|
# @option params [String] :next_token
|
1323
1352
|
# If nextToken is returned, there are more results available. You can
|
1324
|
-
#
|
1325
|
-
# page.
|
1353
|
+
# repeat the call using the returned token to retrieve the next page.
|
1326
1354
|
#
|
1327
1355
|
# @return [Types::ListLogSourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1328
1356
|
#
|
@@ -1366,7 +1394,9 @@ module Aws::SecurityLake
|
|
1366
1394
|
req.send_request(options)
|
1367
1395
|
end
|
1368
1396
|
|
1369
|
-
# List all subscribers for the specific Security Lake account ID.
|
1397
|
+
# List all subscribers for the specific Amazon Security Lake account ID.
|
1398
|
+
# You can retrieve a list of subscriptions associated with a specific
|
1399
|
+
# organization or Amazon Web Services account.
|
1370
1400
|
#
|
1371
1401
|
# @option params [Integer] :max_results
|
1372
1402
|
# The maximum number of accounts for which the configuration is
|
@@ -1374,8 +1404,7 @@ module Aws::SecurityLake
|
|
1374
1404
|
#
|
1375
1405
|
# @option params [String] :next_token
|
1376
1406
|
# If nextToken is returned, there are more results available. You can
|
1377
|
-
#
|
1378
|
-
# page.
|
1407
|
+
# repeat the call using the returned token to retrieve the next page.
|
1379
1408
|
#
|
1380
1409
|
# @return [Types::ListSubscribersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1381
1410
|
#
|
@@ -1388,7 +1417,7 @@ module Aws::SecurityLake
|
|
1388
1417
|
#
|
1389
1418
|
# resp = client.list_subscribers({
|
1390
1419
|
# max_results: 1,
|
1391
|
-
# next_token: "
|
1420
|
+
# next_token: "String",
|
1392
1421
|
# })
|
1393
1422
|
#
|
1394
1423
|
# @example Response structure
|
@@ -1423,15 +1452,13 @@ module Aws::SecurityLake
|
|
1423
1452
|
req.send_request(options)
|
1424
1453
|
end
|
1425
1454
|
|
1426
|
-
#
|
1427
|
-
#
|
1428
|
-
#
|
1429
|
-
#
|
1430
|
-
# You can update the properties of a Region or source. Input can either
|
1431
|
-
# be directly specified to the API.
|
1455
|
+
# Specifies where to store your security data and for how long. You can
|
1456
|
+
# add a rollup Region to consolidate data from multiple Amazon Web
|
1457
|
+
# Services Regions.
|
1432
1458
|
#
|
1433
1459
|
# @option params [required, Hash<String,Types::LakeConfigurationRequest>] :configurations
|
1434
|
-
#
|
1460
|
+
# Specify the Region or Regions that will contribute data to the rollup
|
1461
|
+
# region.
|
1435
1462
|
#
|
1436
1463
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1437
1464
|
#
|
@@ -1467,8 +1494,8 @@ module Aws::SecurityLake
|
|
1467
1494
|
|
1468
1495
|
# Update the expiration period for the exception message to your
|
1469
1496
|
# preferred time, and control the time-to-live (TTL) for the exception
|
1470
|
-
# message to remain. Exceptions are stored by default
|
1471
|
-
#
|
1497
|
+
# message to remain. Exceptions are stored by default for 2 weeks from
|
1498
|
+
# when a record was created in Amazon Security Lake.
|
1472
1499
|
#
|
1473
1500
|
# @option params [required, Integer] :exception_message_expiry
|
1474
1501
|
# The time-to-live (TTL) for the exception message to remain.
|
@@ -1490,10 +1517,11 @@ module Aws::SecurityLake
|
|
1490
1517
|
req.send_request(options)
|
1491
1518
|
end
|
1492
1519
|
|
1493
|
-
#
|
1520
|
+
# Updates the specified notification subscription in Amazon Security
|
1521
|
+
# Lake for the organization you specify.
|
1494
1522
|
#
|
1495
1523
|
# @option params [required, String] :notification_endpoint
|
1496
|
-
# The account
|
1524
|
+
# The account that is subscribed to receive exception notifications.
|
1497
1525
|
#
|
1498
1526
|
# @option params [required, String] :subscription_protocol
|
1499
1527
|
# The subscription protocol to which exception messages are posted.
|
@@ -1516,28 +1544,31 @@ module Aws::SecurityLake
|
|
1516
1544
|
req.send_request(options)
|
1517
1545
|
end
|
1518
1546
|
|
1519
|
-
#
|
1520
|
-
# ID.
|
1547
|
+
# Updates an existing subscription for the given Amazon Security Lake
|
1548
|
+
# account ID. You can update a subscriber by changing the sources that
|
1549
|
+
# the subscriber consumes data from.
|
1521
1550
|
#
|
1522
1551
|
# @option params [String] :external_id
|
1523
|
-
#
|
1552
|
+
# The external ID of the Security Lake account.
|
1524
1553
|
#
|
1525
1554
|
# @option params [required, String] :id
|
1526
1555
|
# A value created by Security Lake that uniquely identifies your
|
1527
|
-
#
|
1556
|
+
# subscription.
|
1528
1557
|
#
|
1529
|
-
# @option params [Array<Types::SourceType>] :source_types
|
1530
|
-
# The supported Amazon Web Services
|
1531
|
-
#
|
1532
|
-
#
|
1533
|
-
#
|
1534
|
-
#
|
1558
|
+
# @option params [required, Array<Types::SourceType>] :source_types
|
1559
|
+
# The supported Amazon Web Services from which logs and events are
|
1560
|
+
# collected. For the list of supported Amazon Web Services, see the
|
1561
|
+
# [Amazon Security Lake User Guide][1].
|
1562
|
+
#
|
1563
|
+
#
|
1564
|
+
#
|
1565
|
+
# [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html
|
1535
1566
|
#
|
1536
1567
|
# @option params [String] :subscriber_description
|
1537
|
-
#
|
1568
|
+
# The description of the Security Lake account subscriber.
|
1538
1569
|
#
|
1539
1570
|
# @option params [String] :subscriber_name
|
1540
|
-
#
|
1571
|
+
# The name of the Security Lake account subscriber.
|
1541
1572
|
#
|
1542
1573
|
# @return [Types::UpdateSubscriberResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1543
1574
|
#
|
@@ -1548,13 +1579,13 @@ module Aws::SecurityLake
|
|
1548
1579
|
# resp = client.update_subscriber({
|
1549
1580
|
# external_id: "SafeString",
|
1550
1581
|
# id: "String", # required
|
1551
|
-
# source_types: [
|
1582
|
+
# source_types: [ # required
|
1552
1583
|
# {
|
1553
1584
|
# aws_source_type: "ROUTE53", # accepts ROUTE53, VPC_FLOW, CLOUD_TRAIL, SH_FINDINGS
|
1554
1585
|
# custom_source_type: "CustomSourceType",
|
1555
1586
|
# },
|
1556
1587
|
# ],
|
1557
|
-
# subscriber_description: "
|
1588
|
+
# subscriber_description: "DescriptionString",
|
1558
1589
|
# subscriber_name: "UpdateSubscriberRequestSubscriberNameString",
|
1559
1590
|
# })
|
1560
1591
|
#
|
@@ -1588,12 +1619,12 @@ module Aws::SecurityLake
|
|
1588
1619
|
req.send_request(options)
|
1589
1620
|
end
|
1590
1621
|
|
1591
|
-
#
|
1622
|
+
# Creates a new subscription notification or adds the existing
|
1592
1623
|
# subscription notification setting for the specified subscription ID.
|
1593
1624
|
#
|
1594
1625
|
# @option params [Boolean] :create_sqs
|
1595
1626
|
# Create a new subscription notification for the specified subscription
|
1596
|
-
# ID in Security Lake.
|
1627
|
+
# ID in Amazon Security Lake.
|
1597
1628
|
#
|
1598
1629
|
# @option params [String] :https_api_key_name
|
1599
1630
|
# The key name for the subscription notification.
|
@@ -1656,7 +1687,7 @@ module Aws::SecurityLake
|
|
1656
1687
|
params: params,
|
1657
1688
|
config: config)
|
1658
1689
|
context[:gem_name] = 'aws-sdk-securitylake'
|
1659
|
-
context[:gem_version] = '1.
|
1690
|
+
context[:gem_version] = '1.1.0'
|
1660
1691
|
Seahorse::Client::Request.new(handlers, context)
|
1661
1692
|
end
|
1662
1693
|
|