aws-sdk-securitylake 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '016699452e81a8726a1c9635e073487f5c83d8192a767d6563e0c896f7159b61'
-  data.tar.gz: '083eaed03acae97620a3190fcd76238aa23f2ea68544ad65655d466de80051d0'
+  metadata.gz: 8e03124dc46bcd925d122233bba64cdecbdbd6a5e8ba745bd6cf94c93c3f6a3f
+  data.tar.gz: 287808dabd2c67fa87b964aa8b32e92610a7e0e2a6435060ddfc8a44784431f7
 SHA512:
-  metadata.gz: d06b3f6200c7d7422859ad9f58994968ec21ad01f22bf3069bd34c9650201a280e9f3dc55fb8c74547d2c9a5a1f9ad41a6c3012dc76256a29632cf3797cb8c22
-  data.tar.gz: 9c7811471abfdb6ba19518f83efaf81add2e45902c9cb61e6ceace0772cbcdbfe2620789c95807302f68cefa49637d9a3a82a1ec90c643e7fbb44b39b2a39210
+  metadata.gz: f9220866188d7bff17acdabe8491ff73de708b5dc172241076425cf4b268a59917d1fb37a854b09268a490e63b15920aeaf890e29dae69a4fc80656fbeab2382
+  data.tar.gz: c4047ca0d0406b3e59a07fe88957ec5f2199c54cbd7a24e27aa0068ad5a8cd890514f9313424a4b1018a7b754a672414944fb70b379e9660488d783db8b3dc2b

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.3.0 (2023-03-15)
+------------------
+
+* Feature - Make Create/Get/ListSubscribers APIs return resource share ARN and name so they can be used to validate the RAM resource share to accept. GetDatalake can be used to track status of UpdateDatalake and DeleteDatalake requests.
+
 1.2.0 (2023-01-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.2.0
+1.3.0

data/lib/aws-sdk-securitylake/client.rb

@@ -701,6 +701,8 @@ module Aws::SecurityLake
     #
     # @return [Types::CreateSubscriberResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
+    #   * {Types::CreateSubscriberResponse#resource_share_arn #resource_share_arn} => String
+    #   * {Types::CreateSubscriberResponse#resource_share_name #resource_share_name} => String
     #   * {Types::CreateSubscriberResponse#role_arn #role_arn} => String
     #   * {Types::CreateSubscriberResponse#s3_bucket_arn #s3_bucket_arn} => String
     #   * {Types::CreateSubscriberResponse#sns_arn #sns_arn} => String
@@ -724,6 +726,8 @@ module Aws::SecurityLake
     #
     # @example Response structure
     #
+    #   resp.resource_share_arn #=> String
+    #   resp.resource_share_name #=> String
     #   resp.role_arn #=> String
     #   resp.s3_bucket_arn #=> String
     #   resp.sns_arn #=> String
@@ -739,7 +743,8 @@ module Aws::SecurityLake
     end
 
     # Notifies the subscriber when new data is written to the data lake for
-    # the sources that the subscriber consumes in Security Lake.
+    # the sources that the subscriber consumes in Security Lake. You can
+    # create only one subscriber notification per subscriber.
     #
     # @option params [Boolean] :create_sqs
     #   Create an Amazon Simple Queue Service queue.
@@ -755,14 +760,21 @@ module Aws::SecurityLake
     #
     # @option params [String] :role_arn
     #   The Amazon Resource Name (ARN) of the EventBridge API destinations IAM
-    #   role that you created.
+    #   role that you created. For more information about ARNs and how to use
+    #   them in policies, see [Managing data access][1] and [Amazon Web
+    #   Services Managed Policies][2] in the Amazon Security Lake User Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html
+    #   [2]: https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html
     #
     # @option params [String] :subscription_endpoint
     #   The subscription endpoint in Security Lake. If you prefer notification
     #   with an HTTPs endpoint, populate this field.
     #
     # @option params [required, String] :subscription_id
-    #   The subscription ID for the notification subscription/
+    #   The subscription ID for the notification subscription.
     #
     # @return [Types::CreateSubscriptionNotificationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -927,27 +939,16 @@ module Aws::SecurityLake
       req.send_request(options)
     end
 
-    # Automatically deletes Amazon Security Lake to stop collecting security
-    # data. When you delete Amazon Security Lake from your account, Security
-    # Lake is disabled in all Regions. Also, this API automatically takes
-    # steps to remove the account from Security Lake .
-    #
-    # This operation disables security data collection from sources, deletes
-    # data stored, and stops making data accessible to subscribers. Security
-    # Lake also deletes all the existing settings and resources that it
-    # stores or maintains for your Amazon Web Services account in the
-    # current Region, including security log and event data. The
-    # `DeleteDatalake` operation does not delete the Amazon S3 bucket, which
-    # is owned by your Amazon Web Services account. For more information,
-    # see the [Amazon Security Lake User Guide][1].
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/disable-security-lake.html
+    # `DeleteDatalakeAutoEnable` removes automatic enablement of
+    # configuration settings for new member accounts (but keeps settings for
+    # the delegated administrator) from Amazon Security Lake. You must run
+    # this API using credentials of the delegated administrator. When you
+    # run this API, new member accounts that are added after the
+    # organization enables Security Lake won't contribute to the data lake.
     #
     # @option params [required, Array<Types::AutoEnableNewRegionConfiguration>] :remove_from_configuration_for_new_accounts
-    #   Delete Amazon Security Lake with the specified configuration settings
-    #   to stop ingesting security data for new accounts in Security Lake.
+    #   Remove automatic enablement of configuration settings for new member
+    #   accounts in Security Lake.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1087,6 +1088,10 @@ module Aws::SecurityLake
     #   resp.configurations["Region"].status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
     #   resp.configurations["Region"].tags_map #=> Hash
     #   resp.configurations["Region"].tags_map["String"] #=> String
+    #   resp.configurations["Region"].update_status.last_update_failure.code #=> String
+    #   resp.configurations["Region"].update_status.last_update_failure.reason #=> String
+    #   resp.configurations["Region"].update_status.last_update_request_id #=> String
+    #   resp.configurations["Region"].update_status.last_update_status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalake AWS API Documentation
     #
@@ -1247,6 +1252,8 @@ module Aws::SecurityLake
     #   resp.subscriber.account_id #=> String
     #   resp.subscriber.created_at #=> Time
     #   resp.subscriber.external_id #=> String
+    #   resp.subscriber.resource_share_arn #=> String
+    #   resp.subscriber.resource_share_name #=> String
     #   resp.subscriber.role_arn #=> String
     #   resp.subscriber.s3_bucket_arn #=> String
     #   resp.subscriber.sns_arn #=> String
@@ -1429,6 +1436,8 @@ module Aws::SecurityLake
     #   resp.subscribers[0].account_id #=> String
     #   resp.subscribers[0].created_at #=> Time
     #   resp.subscribers[0].external_id #=> String
+    #   resp.subscribers[0].resource_share_arn #=> String
+    #   resp.subscribers[0].resource_share_name #=> String
     #   resp.subscribers[0].role_arn #=> String
     #   resp.subscribers[0].s3_bucket_arn #=> String
     #   resp.subscribers[0].sns_arn #=> String
@@ -1596,6 +1605,8 @@ module Aws::SecurityLake
     #   resp.subscriber.account_id #=> String
     #   resp.subscriber.created_at #=> Time
     #   resp.subscriber.external_id #=> String
+    #   resp.subscriber.resource_share_arn #=> String
+    #   resp.subscriber.resource_share_name #=> String
     #   resp.subscriber.role_arn #=> String
     #   resp.subscriber.s3_bucket_arn #=> String
     #   resp.subscriber.sns_arn #=> String
@@ -1619,8 +1630,9 @@ module Aws::SecurityLake
       req.send_request(options)
     end
 
-    # Creates a new subscription notification or adds the existing
-    # subscription notification setting for the specified subscription ID.
+    # Updates an existing notification method for the subscription (SQS or
+    # HTTPs endpoint) or switches the notification subscription endpoint for
+    # a subscriber.
     #
     # @option params [Boolean] :create_sqs
     #   Create a new subscription notification for the specified subscription
@@ -1637,6 +1649,14 @@ module Aws::SecurityLake
     #
     # @option params [String] :role_arn
     #   The Amazon Resource Name (ARN) specifying the role of the subscriber.
+    #   For more information about ARNs and how to use them in policies, see,
+    #   see the [Managing data access][1] and [Amazon Web Services Managed
+    #   Policies][2]in the Amazon Security Lake User Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html
+    #   [2]: https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html
     #
     # @option params [String] :subscription_endpoint
     #   The subscription endpoint in Security Lake.
@@ -1687,7 +1707,7 @@ module Aws::SecurityLake
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securitylake'
-      context[:gem_version] = '1.2.0'
+      context[:gem_version] = '1.3.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securitylake/client_api.rb

@@ -97,6 +97,7 @@ module Aws::SecurityLake
     LakeConfigurationRequestMap = Shapes::MapShape.new(name: 'LakeConfigurationRequestMap')
     LakeConfigurationResponse = Shapes::StructureShape.new(name: 'LakeConfigurationResponse')
     LakeConfigurationResponseMap = Shapes::MapShape.new(name: 'LakeConfigurationResponseMap')
+    LastUpdateFailure = Shapes::StructureShape.new(name: 'LastUpdateFailure')
     ListDatalakeExceptionsRequest = Shapes::StructureShape.new(name: 'ListDatalakeExceptionsRequest')
     ListDatalakeExceptionsResponse = Shapes::StructureShape.new(name: 'ListDatalakeExceptionsResponse')
     ListLogSourcesRequest = Shapes::StructureShape.new(name: 'ListLogSourcesRequest')
@@ -112,6 +113,8 @@ module Aws::SecurityLake
     RegionSet = Shapes::ListShape.new(name: 'RegionSet')
     RegionSourceTypesAccountsList = Shapes::ListShape.new(name: 'RegionSourceTypesAccountsList')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
+    ResourceShareArn = Shapes::StringShape.new(name: 'ResourceShareArn')
+    ResourceShareName = Shapes::StringShape.new(name: 'ResourceShareName')
     RetentionSetting = Shapes::StructureShape.new(name: 'RetentionSetting')
     RetentionSettingList = Shapes::ListShape.new(name: 'RetentionSettingList')
     RetentionSettingRetentionPeriodInteger = Shapes::IntegerShape.new(name: 'RetentionSettingRetentionPeriodInteger')
@@ -142,6 +145,7 @@ module Aws::SecurityLake
     UpdateDatalakeExceptionsSubscriptionResponse = Shapes::StructureShape.new(name: 'UpdateDatalakeExceptionsSubscriptionResponse')
     UpdateDatalakeRequest = Shapes::StructureShape.new(name: 'UpdateDatalakeRequest')
     UpdateDatalakeResponse = Shapes::StructureShape.new(name: 'UpdateDatalakeResponse')
+    UpdateStatus = Shapes::StructureShape.new(name: 'UpdateStatus')
     UpdateSubscriberRequest = Shapes::StructureShape.new(name: 'UpdateSubscriberRequest')
     UpdateSubscriberRequestSubscriberNameString = Shapes::StringShape.new(name: 'UpdateSubscriberRequestSubscriberNameString')
     UpdateSubscriberResponse = Shapes::StructureShape.new(name: 'UpdateSubscriberResponse')
@@ -155,6 +159,7 @@ module Aws::SecurityLake
     ValueSet = Shapes::ListShape.new(name: 'ValueSet')
     settingsStatus = Shapes::StringShape.new(name: 'settingsStatus')
 
+    AccessDeniedException.add_member(:error_code, Shapes::ShapeRef.new(shape: String, location_name: "errorCode"))
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
 
@@ -256,6 +261,8 @@ module Aws::SecurityLake
     CreateSubscriberRequest.add_member(:subscriber_name, Shapes::ShapeRef.new(shape: CreateSubscriberRequestSubscriberNameString, required: true, location_name: "subscriberName"))
     CreateSubscriberRequest.struct_class = Types::CreateSubscriberRequest
 
+    CreateSubscriberResponse.add_member(:resource_share_arn, Shapes::ShapeRef.new(shape: ResourceShareArn, location_name: "resourceShareArn"))
+    CreateSubscriberResponse.add_member(:resource_share_name, Shapes::ShapeRef.new(shape: ResourceShareName, location_name: "resourceShareName"))
     CreateSubscriberResponse.add_member(:role_arn, Shapes::ShapeRef.new(shape: RoleArn, location_name: "roleArn"))
     CreateSubscriberResponse.add_member(:s3_bucket_arn, Shapes::ShapeRef.new(shape: S3BucketArn, location_name: "s3BucketArn"))
     CreateSubscriberResponse.add_member(:sns_arn, Shapes::ShapeRef.new(shape: SnsTopicArn, location_name: "snsArn"))
@@ -398,11 +405,16 @@ module Aws::SecurityLake
     LakeConfigurationResponse.add_member(:s3_bucket_arn, Shapes::ShapeRef.new(shape: S3BucketArn, location_name: "s3BucketArn"))
     LakeConfigurationResponse.add_member(:status, Shapes::ShapeRef.new(shape: settingsStatus, location_name: "status"))
     LakeConfigurationResponse.add_member(:tags_map, Shapes::ShapeRef.new(shape: TagsMap, location_name: "tagsMap"))
+    LakeConfigurationResponse.add_member(:update_status, Shapes::ShapeRef.new(shape: UpdateStatus, location_name: "updateStatus"))
     LakeConfigurationResponse.struct_class = Types::LakeConfigurationResponse
 
     LakeConfigurationResponseMap.key = Shapes::ShapeRef.new(shape: Region)
     LakeConfigurationResponseMap.value = Shapes::ShapeRef.new(shape: LakeConfigurationResponse)
 
+    LastUpdateFailure.add_member(:code, Shapes::ShapeRef.new(shape: String, location_name: "code"))
+    LastUpdateFailure.add_member(:reason, Shapes::ShapeRef.new(shape: String, location_name: "reason"))
+    LastUpdateFailure.struct_class = Types::LastUpdateFailure
+
     ListDatalakeExceptionsRequest.add_member(:max_failures, Shapes::ShapeRef.new(shape: Integer, location_name: "maxFailures"))
     ListDatalakeExceptionsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: SafeString, location_name: "nextToken"))
     ListDatalakeExceptionsRequest.add_member(:region_set, Shapes::ShapeRef.new(shape: RegionSet, location_name: "regionSet"))
@@ -483,6 +495,8 @@ module Aws::SecurityLake
     SubscriberResource.add_member(:account_id, Shapes::ShapeRef.new(shape: AwsAccountId, required: true, location_name: "accountId"))
     SubscriberResource.add_member(:created_at, Shapes::ShapeRef.new(shape: SyntheticTimestamp_date_time, location_name: "createdAt"))
     SubscriberResource.add_member(:external_id, Shapes::ShapeRef.new(shape: SafeString, location_name: "externalId"))
+    SubscriberResource.add_member(:resource_share_arn, Shapes::ShapeRef.new(shape: ResourceShareArn, location_name: "resourceShareArn"))
+    SubscriberResource.add_member(:resource_share_name, Shapes::ShapeRef.new(shape: ResourceShareName, location_name: "resourceShareName"))
     SubscriberResource.add_member(:role_arn, Shapes::ShapeRef.new(shape: RoleArn, location_name: "roleArn"))
     SubscriberResource.add_member(:s3_bucket_arn, Shapes::ShapeRef.new(shape: S3BucketArn, location_name: "s3BucketArn"))
     SubscriberResource.add_member(:sns_arn, Shapes::ShapeRef.new(shape: SnsTopicArn, location_name: "snsArn"))
@@ -524,6 +538,11 @@ module Aws::SecurityLake
 
     UpdateDatalakeResponse.struct_class = Types::UpdateDatalakeResponse
 
+    UpdateStatus.add_member(:last_update_failure, Shapes::ShapeRef.new(shape: LastUpdateFailure, location_name: "lastUpdateFailure"))
+    UpdateStatus.add_member(:last_update_request_id, Shapes::ShapeRef.new(shape: String, location_name: "lastUpdateRequestId"))
+    UpdateStatus.add_member(:last_update_status, Shapes::ShapeRef.new(shape: settingsStatus, location_name: "lastUpdateStatus"))
+    UpdateStatus.struct_class = Types::UpdateStatus
+
     UpdateSubscriberRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: SafeString, location_name: "externalId"))
     UpdateSubscriberRequest.add_member(:id, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "id"))
     UpdateSubscriberRequest.add_member(:source_types, Shapes::ShapeRef.new(shape: SourceTypeList, required: true, location_name: "sourceTypes"))

data/lib/aws-sdk-securitylake/endpoint_parameters.rb

@@ -50,9 +50,6 @@ module Aws::SecurityLake
 
     def initialize(options = {})
       self[:region] = options[:region]
-      if self[:region].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :region"
-      end
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
       if self[:use_dual_stack].nil?

data/lib/aws-sdk-securitylake/endpoint_provider.rb

@@ -14,36 +14,39 @@ module Aws::SecurityLake
       use_dual_stack = parameters.use_dual_stack
       use_fips = parameters.use_fips
       endpoint = parameters.endpoint
-      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-        if Aws::Endpoints::Matchers.set?(endpoint)
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
-          end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
-          end
-          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
-        end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://securitylake-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
-        end
+      if Aws::Endpoints::Matchers.set?(endpoint)
         if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
-            return Aws::Endpoints::Endpoint.new(url: "https://securitylake-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
-          end
-          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
         if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
-          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-            return Aws::Endpoints::Endpoint.new(url: "https://securitylake.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://securitylake-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+              return Aws::Endpoints::Endpoint.new(url: "https://securitylake-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              return Aws::Endpoints::Endpoint.new(url: "https://securitylake.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+          return Aws::Endpoints::Endpoint.new(url: "https://securitylake.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://securitylake.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
       raise ArgumentError, 'No endpoint could be resolved'
 
     end

data/lib/aws-sdk-securitylake/errors.rb

@@ -58,6 +58,11 @@ module Aws::SecurityLake
         super(context, message, data)
       end
 
+      # @return [String]
+      def error_code
+        @data[:error_code]
+      end
+
       # @return [String]
       def message
         @message || @data[:message]

data/lib/aws-sdk-securitylake/types.rb

@@ -17,12 +17,18 @@ module Aws::SecurityLake
     # Services action. An implicit denial occurs when there is no applicable
     # Deny statement and also no applicable Allow statement.
     #
+    # @!attribute [rw] error_code
+    #   A coded string to provide more information about the access denied
+    #   exception. You can use the error code to check the exception type.
+    #   @return [String]
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/AccessDeniedException AWS API Documentation
     #
     class AccessDeniedException < Struct.new(
+      :error_code,
       :message)
       SENSITIVE = []
       include Aws::Structure
@@ -452,15 +458,24 @@ module Aws::SecurityLake
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_share_arn
+    #   The Amazon Resource Name (ARN) which uniquely defines the AWS RAM
+    #   resource share. Before accepting the RAM resource share invitation,
+    #   you can view details related to the RAM resource share.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_share_name
+    #   The name of the resource share.
+    #   @return [String]
+    #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) created by you to provide to the
     #   subscriber. For more information about ARNs and how to use them in
-    #   policies, see [IAM identifiers in the Identity and Access Management
-    #   (IAM) User Guide][1]. .
+    #   policies, see [Amazon Security Lake User Guide][1].
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #   [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html
     #   @return [String]
     #
     # @!attribute [rw] s3_bucket_arn
@@ -478,6 +493,8 @@ module Aws::SecurityLake
     # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriberResponse AWS API Documentation
     #
     class CreateSubscriberResponse < Struct.new(
+      :resource_share_arn,
+      :resource_share_name,
       :role_arn,
       :s3_bucket_arn,
       :sns_arn,
@@ -504,7 +521,15 @@ module Aws::SecurityLake
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) of the EventBridge API destinations
-    #   IAM role that you created.
+    #   IAM role that you created. For more information about ARNs and how
+    #   to use them in policies, see [Managing data access][1] and [Amazon
+    #   Web Services Managed Policies][2] in the Amazon Security Lake User
+    #   Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html
+    #   [2]: https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html
     #   @return [String]
     #
     # @!attribute [rw] subscription_endpoint
@@ -513,7 +538,7 @@ module Aws::SecurityLake
     #   @return [String]
     #
     # @!attribute [rw] subscription_id
-    #   The subscription ID for the notification subscription/
+    #   The subscription ID for the notification subscription.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriptionNotificationConfigurationRequest AWS API Documentation
@@ -619,9 +644,8 @@ module Aws::SecurityLake
     end
 
     # @!attribute [rw] remove_from_configuration_for_new_accounts
-    #   Delete Amazon Security Lake with the specified configuration
-    #   settings to stop ingesting security data for new accounts in
-    #   Security Lake.
+    #   Remove automatic enablement of configuration settings for new member
+    #   accounts in Security Lake.
     #   @return [Array<Types::AutoEnableNewRegionConfiguration>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeAutoEnableRequest AWS API Documentation
@@ -1056,6 +1080,11 @@ module Aws::SecurityLake
     #   define.
     #   @return [Hash<String,String>]
     #
+    # @!attribute [rw] update_status
+    #   The status of the last `UpdateDatalake `or `DeleteDatalake` API
+    #   request.
+    #   @return [Types::UpdateStatus]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/LakeConfigurationResponse AWS API Documentation
     #
     class LakeConfigurationResponse < Struct.new(
@@ -1065,7 +1094,30 @@ module Aws::SecurityLake
       :retention_settings,
       :s3_bucket_arn,
       :status,
-      :tags_map)
+      :tags_map,
+      :update_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The details of the last `UpdateDatalake` or `DeleteDatalake` API
+    # request which failed.
+    #
+    # @!attribute [rw] code
+    #   The reason code for the failure of the last `UpdateDatalake` or
+    #   `DeleteDatalake` API request.
+    #   @return [String]
+    #
+    # @!attribute [rw] reason
+    #   The reason for the failure of the last `UpdateDatalake`or
+    #   `DeleteDatalake` API request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/LastUpdateFailure AWS API Documentation
+    #
+    class LastUpdateFailure < Struct.new(
+      :code,
+      :reason)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1431,6 +1483,19 @@ module Aws::SecurityLake
     #   the role to be assumed only under specific circumstances.
     #   @return [String]
     #
+    # @!attribute [rw] resource_share_arn
+    #   The Amazon Resource Name (ARN) which uniquely defines the AWS RAM
+    #   resource share. Before accepting the RAM resource share invitation,
+    #   you can view details related to the RAM resource share.
+    #
+    #   This field is available only for Lake Formation subscribers created
+    #   after March 8, 2023.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_share_name
+    #   The name of the resource share.
+    #   @return [String]
+    #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) specifying the role of the
     #   subscriber.
@@ -1488,6 +1553,8 @@ module Aws::SecurityLake
       :account_id,
       :created_at,
       :external_id,
+      :resource_share_arn,
+      :resource_share_name,
       :role_arn,
       :s3_bucket_arn,
       :sns_arn,
@@ -1586,6 +1653,35 @@ module Aws::SecurityLake
     #
     class UpdateDatalakeResponse < Aws::EmptyStructure; end
 
+    # The status of the last `UpdateDatalake` or `DeleteDatalake` API
+    # request. This is set to Completed after the configuration is updated,
+    # or removed if deletion of the data lake is successful.
+    #
+    # @!attribute [rw] last_update_failure
+    #   The details of the last `UpdateDatalake`or `DeleteDatalake` API
+    #   request which failed.
+    #   @return [Types::LastUpdateFailure]
+    #
+    # @!attribute [rw] last_update_request_id
+    #   The unique ID for the `UpdateDatalake` or `DeleteDatalake` API
+    #   request.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_update_status
+    #   The status of the last `UpdateDatalake` or `DeleteDatalake` API
+    #   request that was requested.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateStatus AWS API Documentation
+    #
+    class UpdateStatus < Struct.new(
+      :last_update_failure,
+      :last_update_request_id,
+      :last_update_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] external_id
     #   The external ID of the Security Lake account.
     #   @return [String]
@@ -1656,7 +1752,14 @@ module Aws::SecurityLake
     #
     # @!attribute [rw] role_arn
     #   The Amazon Resource Name (ARN) specifying the role of the
-    #   subscriber.
+    #   subscriber. For more information about ARNs and how to use them in
+    #   policies, see, see the [Managing data access][1] and [Amazon Web
+    #   Services Managed Policies][2]in the Amazon Security Lake User Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html
+    #   [2]: https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html
     #   @return [String]
     #
     # @!attribute [rw] subscription_endpoint

data/lib/aws-sdk-securitylake.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-securitylake/customizations'
 # @!group service
 module Aws::SecurityLake
 
-  GEM_VERSION = '1.2.0'
+  GEM_VERSION = '1.3.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securitylake
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-01-18 00:00:00.000000000 Z
+date: 2023-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core