aws-sdk-securitylake 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -275,6 +275,11 @@ module Aws::SecurityLake
275
275
  # in the future.
276
276
  #
277
277
  #
278
+ # @option options [String] :sdk_ua_app_id
279
+ # A unique and opaque application ID that is appended to the
280
+ # User-Agent header as app/<sdk_ua_app_id>. It should have a
281
+ # maximum length of 50.
282
+ #
278
283
  # @option options [String] :secret_access_key
279
284
  #
280
285
  # @option options [String] :session_token
@@ -372,64 +377,39 @@ module Aws::SecurityLake
372
377
  # Lake source. Enables source types for member accounts in required
373
378
  # Amazon Web Services Regions, based on the parameters you specify. You
374
379
  # can choose any source type in any Region for either accounts that are
375
- # part of a trusted organization or standalone accounts. At least one of
376
- # the three dimensions is a mandatory input to this API. However, you
377
- # can supply any combination of the three dimensions to this API.
378
- #
379
- # By default, a dimension refers to the entire set. When you don't
380
- # provide a dimension, Security Lake assumes that the missing dimension
381
- # refers to the entire set. This is overridden when you supply any one
382
- # of the inputs. For instance, when you do not specify members, the API
383
- # enables all Security Lake member accounts for all sources. Similarly,
384
- # when you do not specify Regions, Security Lake is enabled for all the
385
- # Regions where Security Lake is available as a service.
380
+ # part of a trusted organization or standalone accounts. Once you add an
381
+ # Amazon Web Service as a source, Security Lake starts collecting logs
382
+ # and events from it,
386
383
  #
387
384
  # You can use this API only to enable natively supported Amazon Web
388
385
  # Services as a source. Use `CreateCustomLogSource` to enable data
389
386
  # collection from a custom source.
390
387
  #
391
- # @option params [Hash<String,Hash>] :enable_all_dimensions
392
- # Enables data collection from specific Amazon Web Services sources in
393
- # all specific accounts and specific Regions.
394
- #
395
- # @option params [Array<String>] :enable_single_dimension
396
- # Enables data collection from all Amazon Web Services sources in
397
- # specific accounts or Regions.
398
- #
399
- # @option params [Hash<String,Array>] :enable_two_dimensions
400
- # Enables data collection from specific Amazon Web Services sources in
401
- # specific accounts or Regions.
402
- #
403
- # @option params [required, Array<String>] :input_order
404
- # Specifies the input order to enable dimensions in Security Lake,
405
- # namely Region, source type, and member account.
388
+ # @option params [required, Array<Types::AwsLogSourceConfiguration>] :sources
389
+ # Specify the natively-supported Amazon Web Services service to add as a
390
+ # source in Security Lake.
406
391
  #
407
392
  # @return [Types::CreateAwsLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
408
393
  #
409
394
  # * {Types::CreateAwsLogSourceResponse#failed #failed} => Array&lt;String&gt;
410
- # * {Types::CreateAwsLogSourceResponse#processing #processing} => Array&lt;String&gt;
411
395
  #
412
396
  # @example Request syntax with placeholder values
413
397
  #
414
398
  # resp = client.create_aws_log_source({
415
- # enable_all_dimensions: {
416
- # "String" => {
417
- # "String" => ["String"],
399
+ # sources: [ # required
400
+ # {
401
+ # accounts: ["AwsAccountId"],
402
+ # regions: ["Region"], # required
403
+ # source_name: "ROUTE53", # required, accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
404
+ # source_version: "AwsLogSourceVersion",
418
405
  # },
419
- # },
420
- # enable_single_dimension: ["SafeString"],
421
- # enable_two_dimensions: {
422
- # "String" => ["String"],
423
- # },
424
- # input_order: ["REGION"], # required, accepts REGION, SOURCE_TYPE, MEMBER
406
+ # ],
425
407
  # })
426
408
  #
427
409
  # @example Response structure
428
410
  #
429
411
  # resp.failed #=> Array
430
412
  # resp.failed[0] #=> String
431
- # resp.processing #=> Array
432
- # resp.processing[0] #=> String
433
413
  #
434
414
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateAwsLogSource AWS API Documentation
435
415
  #
@@ -447,54 +427,113 @@ module Aws::SecurityLake
447
427
  # crawler, use this API to add a custom source name in Security Lake.
448
428
  # This operation creates a partition in the Amazon S3 bucket for
449
429
  # Security Lake as the target location for log files from the custom
450
- # source in addition to an associated Glue table and an Glue crawler.
430
+ # source. In addition, this operation also creates an associated Glue
431
+ # table and an Glue crawler.
451
432
  #
452
- # @option params [required, String] :custom_source_name
453
- # The name for a third-party custom source. This must be a Regionally
454
- # unique value.
433
+ # @option params [Types::CustomLogSourceConfiguration] :configuration
434
+ # The configuration for the third-party custom source.
455
435
  #
456
- # @option params [required, String] :event_class
457
- # The Open Cybersecurity Schema Framework (OCSF) event class which
436
+ # @option params [Array<String>] :event_classes
437
+ # The Open Cybersecurity Schema Framework (OCSF) event classes which
458
438
  # describes the type of data that the custom source will send to
459
- # Security Lake.
439
+ # Security Lake. The supported event classes are:
440
+ #
441
+ # * `ACCESS_ACTIVITY`
442
+ #
443
+ # * `FILE_ACTIVITY`
444
+ #
445
+ # * `KERNEL_ACTIVITY`
446
+ #
447
+ # * `KERNEL_EXTENSION`
448
+ #
449
+ # * `MEMORY_ACTIVITY`
450
+ #
451
+ # * `MODULE_ACTIVITY`
452
+ #
453
+ # * `PROCESS_ACTIVITY`
454
+ #
455
+ # * `REGISTRY_KEY_ACTIVITY`
456
+ #
457
+ # * `REGISTRY_VALUE_ACTIVITY`
458
+ #
459
+ # * `RESOURCE_ACTIVITY`
460
+ #
461
+ # * `SCHEDULED_JOB_ACTIVITY`
460
462
  #
461
- # @option params [required, String] :glue_invocation_role_arn
462
- # The Amazon Resource Name (ARN) of the Identity and Access Management
463
- # (IAM) role to be used by the Glue crawler. The recommended IAM
464
- # policies are:
463
+ # * `SECURITY_FINDING`
465
464
  #
466
- # * The managed policy `AWSGlueServiceRole`
465
+ # * `ACCOUNT_CHANGE`
467
466
  #
468
- # * A custom policy granting access to your Amazon S3 Data Lake
467
+ # * `AUTHENTICATION`
469
468
  #
470
- # @option params [required, String] :log_provider_account_id
471
- # The Amazon Web Services account ID of the custom source that will
472
- # write logs and events into the Amazon S3 Data Lake.
469
+ # * `AUTHORIZATION`
470
+ #
471
+ # * `ENTITY_MANAGEMENT_AUDIT`
472
+ #
473
+ # * `DHCP_ACTIVITY`
474
+ #
475
+ # * `NETWORK_ACTIVITY`
476
+ #
477
+ # * `DNS_ACTIVITY`
478
+ #
479
+ # * `FTP_ACTIVITY`
480
+ #
481
+ # * `HTTP_ACTIVITY`
482
+ #
483
+ # * `RDP_ACTIVITY`
484
+ #
485
+ # * `SMB_ACTIVITY`
486
+ #
487
+ # * `SSH_ACTIVITY`
488
+ #
489
+ # * `CONFIG_STATE`
490
+ #
491
+ # * `INVENTORY_INFO`
492
+ #
493
+ # * `EMAIL_ACTIVITY`
494
+ #
495
+ # * `API_ACTIVITY`
496
+ #
497
+ # * `CLOUD_API`
498
+ #
499
+ # @option params [required, String] :source_name
500
+ # Specify the name for a third-party custom source. This must be a
501
+ # Regionally unique value.
502
+ #
503
+ # @option params [String] :source_version
504
+ # Specify the source version for the third-party custom source, to limit
505
+ # log collection to a specific version of custom data source.
473
506
  #
474
507
  # @return [Types::CreateCustomLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
475
508
  #
476
- # * {Types::CreateCustomLogSourceResponse#custom_data_location #custom_data_location} => String
477
- # * {Types::CreateCustomLogSourceResponse#glue_crawler_name #glue_crawler_name} => String
478
- # * {Types::CreateCustomLogSourceResponse#glue_database_name #glue_database_name} => String
479
- # * {Types::CreateCustomLogSourceResponse#glue_table_name #glue_table_name} => String
480
- # * {Types::CreateCustomLogSourceResponse#log_provider_access_role_arn #log_provider_access_role_arn} => String
509
+ # * {Types::CreateCustomLogSourceResponse#source #source} => Types::CustomLogSourceResource
481
510
  #
482
511
  # @example Request syntax with placeholder values
483
512
  #
484
513
  # resp = client.create_custom_log_source({
485
- # custom_source_name: "CustomSourceType", # required
486
- # event_class: "ACCESS_ACTIVITY", # required, accepts ACCESS_ACTIVITY, FILE_ACTIVITY, KERNEL_ACTIVITY, KERNEL_EXTENSION, MEMORY_ACTIVITY, MODULE_ACTIVITY, PROCESS_ACTIVITY, REGISTRY_KEY_ACTIVITY, REGISTRY_VALUE_ACTIVITY, RESOURCE_ACTIVITY, SCHEDULED_JOB_ACTIVITY, SECURITY_FINDING, ACCOUNT_CHANGE, AUTHENTICATION, AUTHORIZATION, ENTITY_MANAGEMENT_AUDIT, DHCP_ACTIVITY, NETWORK_ACTIVITY, DNS_ACTIVITY, FTP_ACTIVITY, HTTP_ACTIVITY, RDP_ACTIVITY, SMB_ACTIVITY, SSH_ACTIVITY, CLOUD_API, CONTAINER_LIFECYCLE, DATABASE_LIFECYCLE, CONFIG_STATE, CLOUD_STORAGE, INVENTORY_INFO, RFB_ACTIVITY, SMTP_ACTIVITY, VIRTUAL_MACHINE_ACTIVITY
487
- # glue_invocation_role_arn: "RoleArn", # required
488
- # log_provider_account_id: "AwsAccountId", # required
514
+ # configuration: {
515
+ # crawler_configuration: { # required
516
+ # role_arn: "RoleArn", # required
517
+ # },
518
+ # provider_identity: { # required
519
+ # external_id: "ExternalId", # required
520
+ # principal: "AwsPrincipal", # required
521
+ # },
522
+ # },
523
+ # event_classes: ["OcsfEventClass"],
524
+ # source_name: "CustomLogSourceName", # required
525
+ # source_version: "CustomLogSourceVersion",
489
526
  # })
490
527
  #
491
528
  # @example Response structure
492
529
  #
493
- # resp.custom_data_location #=> String
494
- # resp.glue_crawler_name #=> String
495
- # resp.glue_database_name #=> String
496
- # resp.glue_table_name #=> String
497
- # resp.log_provider_access_role_arn #=> String
530
+ # resp.source.attributes.crawler_arn #=> String
531
+ # resp.source.attributes.database_arn #=> String
532
+ # resp.source.attributes.table_arn #=> String
533
+ # resp.source.provider.location #=> String
534
+ # resp.source.provider.role_arn #=> String
535
+ # resp.source.source_name #=> String
536
+ # resp.source.source_version #=> String
498
537
  #
499
538
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateCustomLogSource AWS API Documentation
500
539
  #
@@ -508,15 +547,14 @@ module Aws::SecurityLake
508
547
  # Initializes an Amazon Security Lake instance with the provided (or
509
548
  # default) configuration. You can enable Security Lake in Amazon Web
510
549
  # Services Regions with customized settings before enabling log
511
- # collection in Regions. You can either use the `enableAll` parameter to
512
- # specify all Regions or specify the Regions where you want to enable
513
- # Security Lake. To specify particular Regions, use the `Regions`
514
- # parameter and then configure these Regions using the `configurations`
515
- # parameter. If you have already enabled Security Lake in a Region when
516
- # you call this command, the command will update the Region if you
517
- # provide new configuration parameters. If you have not already enabled
518
- # Security Lake in the Region when you call this API, it will set up the
519
- # data lake in the Region with the specified configurations.
550
+ # collection in Regions. By default, the `CreateDataLake` Security Lake
551
+ # in all Regions. To specify particular Regions, configure these Regions
552
+ # using the `configurations` parameter. If you have already enabled
553
+ # Security Lake in a Region when you call this command, the command will
554
+ # update the Region if you provide new configuration parameters. If you
555
+ # have not already enabled Security Lake in the Region when you call
556
+ # this API, it will set up the data lake in the Region with the
557
+ # specified configurations.
520
558
  #
521
559
  # When you enable Security Lake, it starts ingesting security data after
522
560
  # the `CreateAwsLogSource` call. This includes ingesting security data
@@ -530,145 +568,141 @@ module Aws::SecurityLake
530
568
  #
531
569
  # [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html
532
570
  #
533
- # @option params [Hash<String,Types::LakeConfigurationRequest>] :configurations
571
+ # @option params [required, Array<Types::DataLakeConfiguration>] :configurations
534
572
  # Specify the Region or Regions that will contribute data to the rollup
535
573
  # region.
536
574
  #
537
- # @option params [Boolean] :enable_all
538
- # Enable Security Lake in all Regions.
539
- #
540
- # @option params [String] :meta_store_manager_role_arn
575
+ # @option params [required, String] :meta_store_manager_role_arn
541
576
  # The Amazon Resource Name (ARN) used to create and update the Glue
542
577
  # table. This table contains partitions generated by the ingestion and
543
578
  # normalization of Amazon Web Services log sources and custom sources.
544
579
  #
545
- # @option params [Array<String>] :regions
546
- # Enable Security Lake in the specified Regions. To enable Security Lake
547
- # in specific Amazon Web Services Regions, such as us-east-1 or
548
- # ap-northeast-3, provide the Region codes. For a list of Region codes,
549
- # see [Amazon Security Lake endpoints][1] in the Amazon Web Services
550
- # General Reference.
551
- #
552
- #
553
- #
554
- # [1]: https://docs.aws.amazon.com/general/latest/gr/securitylake.html
580
+ # @return [Types::CreateDataLakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
555
581
  #
556
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
582
+ # * {Types::CreateDataLakeResponse#data_lakes #data_lakes} => Array&lt;Types::DataLakeResource&gt;
557
583
  #
558
584
  # @example Request syntax with placeholder values
559
585
  #
560
- # resp = client.create_datalake({
561
- # configurations: {
562
- # "us-east-1" => {
563
- # encryption_key: "String",
564
- # replication_destination_regions: ["us-east-1"], # accepts us-east-1, us-west-2, eu-central-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2
565
- # replication_role_arn: "RoleArn",
566
- # retention_settings: [
567
- # {
568
- # retention_period: 1,
569
- # storage_class: "STANDARD_IA", # accepts STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, DEEP_ARCHIVE, EXPIRE
586
+ # resp = client.create_data_lake({
587
+ # configurations: [ # required
588
+ # {
589
+ # encryption_configuration: {
590
+ # kms_key_id: "String",
591
+ # },
592
+ # lifecycle_configuration: {
593
+ # expiration: {
594
+ # days: 1,
570
595
  # },
571
- # ],
572
- # tags_map: {
573
- # "String" => "String",
596
+ # transitions: [
597
+ # {
598
+ # days: 1,
599
+ # storage_class: "DataLakeStorageClass",
600
+ # },
601
+ # ],
602
+ # },
603
+ # region: "Region", # required
604
+ # replication_configuration: {
605
+ # regions: ["Region"],
606
+ # role_arn: "RoleArn",
574
607
  # },
575
608
  # },
576
- # },
577
- # enable_all: false,
578
- # meta_store_manager_role_arn: "RoleArn",
579
- # regions: ["us-east-1"], # accepts us-east-1, us-west-2, eu-central-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2
609
+ # ],
610
+ # meta_store_manager_role_arn: "RoleArn", # required
580
611
  # })
581
612
  #
582
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalake AWS API Documentation
613
+ # @example Response structure
583
614
  #
584
- # @overload create_datalake(params = {})
615
+ # resp.data_lakes #=> Array
616
+ # resp.data_lakes[0].create_status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
617
+ # resp.data_lakes[0].data_lake_arn #=> String
618
+ # resp.data_lakes[0].encryption_configuration.kms_key_id #=> String
619
+ # resp.data_lakes[0].lifecycle_configuration.expiration.days #=> Integer
620
+ # resp.data_lakes[0].lifecycle_configuration.transitions #=> Array
621
+ # resp.data_lakes[0].lifecycle_configuration.transitions[0].days #=> Integer
622
+ # resp.data_lakes[0].lifecycle_configuration.transitions[0].storage_class #=> String
623
+ # resp.data_lakes[0].region #=> String
624
+ # resp.data_lakes[0].replication_configuration.regions #=> Array
625
+ # resp.data_lakes[0].replication_configuration.regions[0] #=> String
626
+ # resp.data_lakes[0].replication_configuration.role_arn #=> String
627
+ # resp.data_lakes[0].s3_bucket_arn #=> String
628
+ # resp.data_lakes[0].update_status.exception.code #=> String
629
+ # resp.data_lakes[0].update_status.exception.reason #=> String
630
+ # resp.data_lakes[0].update_status.request_id #=> String
631
+ # resp.data_lakes[0].update_status.status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
632
+ #
633
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDataLake AWS API Documentation
634
+ #
635
+ # @overload create_data_lake(params = {})
585
636
  # @param [Hash] params ({})
586
- def create_datalake(params = {}, options = {})
587
- req = build_request(:create_datalake, params)
637
+ def create_data_lake(params = {}, options = {})
638
+ req = build_request(:create_data_lake, params)
588
639
  req.send_request(options)
589
640
  end
590
641
 
591
- # Automatically enables Amazon Security Lake for new member accounts in
592
- # your organization. Security Lake is not automatically enabled for any
593
- # existing member accounts in your organization.
594
- #
595
- # @option params [required, Array<Types::AutoEnableNewRegionConfiguration>] :configuration_for_new_accounts
596
- # Enable Security Lake with the specified configuration settings to
597
- # begin collecting security data for new accounts in your organization.
598
- #
599
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
600
- #
601
- # @example Request syntax with placeholder values
602
- #
603
- # resp = client.create_datalake_auto_enable({
604
- # configuration_for_new_accounts: [ # required
605
- # {
606
- # region: "us-east-1", # required, accepts us-east-1, us-west-2, eu-central-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2
607
- # sources: ["ROUTE53"], # required, accepts ROUTE53, VPC_FLOW, CLOUD_TRAIL, SH_FINDINGS
608
- # },
609
- # ],
610
- # })
642
+ # Creates the specified notification subscription in Amazon Security
643
+ # Lake for the organization you specify.
611
644
  #
612
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeAutoEnable AWS API Documentation
645
+ # @option params [Integer] :exception_time_to_live
646
+ # The expiration period and time-to-live (TTL).
613
647
  #
614
- # @overload create_datalake_auto_enable(params = {})
615
- # @param [Hash] params ({})
616
- def create_datalake_auto_enable(params = {}, options = {})
617
- req = build_request(:create_datalake_auto_enable, params)
618
- req.send_request(options)
619
- end
620
-
621
- # Designates the Amazon Security Lake delegated administrator account
622
- # for the organization. This API can only be called by the organization
623
- # management account. The organization management account cannot be the
624
- # delegated administrator account.
648
+ # @option params [required, String] :notification_endpoint
649
+ # The Amazon Web Services account where you want to receive exception
650
+ # notifications.
625
651
  #
626
- # @option params [required, String] :account
627
- # The Amazon Web Services account ID of the Security Lake delegated
628
- # administrator.
652
+ # @option params [required, String] :subscription_protocol
653
+ # The subscription protocol to which exception notifications are posted.
629
654
  #
630
655
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
631
656
  #
632
657
  # @example Request syntax with placeholder values
633
658
  #
634
- # resp = client.create_datalake_delegated_admin({
635
- # account: "SafeString", # required
659
+ # resp = client.create_data_lake_exception_subscription({
660
+ # exception_time_to_live: 1,
661
+ # notification_endpoint: "SafeString", # required
662
+ # subscription_protocol: "SubscriptionProtocol", # required
636
663
  # })
637
664
  #
638
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeDelegatedAdmin AWS API Documentation
665
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDataLakeExceptionSubscription AWS API Documentation
639
666
  #
640
- # @overload create_datalake_delegated_admin(params = {})
667
+ # @overload create_data_lake_exception_subscription(params = {})
641
668
  # @param [Hash] params ({})
642
- def create_datalake_delegated_admin(params = {}, options = {})
643
- req = build_request(:create_datalake_delegated_admin, params)
669
+ def create_data_lake_exception_subscription(params = {}, options = {})
670
+ req = build_request(:create_data_lake_exception_subscription, params)
644
671
  req.send_request(options)
645
672
  end
646
673
 
647
- # Creates the specified notification subscription in Amazon Security
648
- # Lake for the organization you specify.
649
- #
650
- # @option params [required, String] :notification_endpoint
651
- # The Amazon Web Services account where you want to receive exception
652
- # notifications.
674
+ # Automatically enables Amazon Security Lake for new member accounts in
675
+ # your organization. Security Lake is not automatically enabled for any
676
+ # existing member accounts in your organization.
653
677
  #
654
- # @option params [required, String] :subscription_protocol
655
- # The subscription protocol to which exception notifications are posted.
678
+ # @option params [required, Array<Types::DataLakeAutoEnableNewAccountConfiguration>] :auto_enable_new_account
679
+ # Enable Security Lake with the specified configuration settings, to
680
+ # begin collecting security data for new accounts in your organization.
656
681
  #
657
682
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
658
683
  #
659
684
  # @example Request syntax with placeholder values
660
685
  #
661
- # resp = client.create_datalake_exceptions_subscription({
662
- # notification_endpoint: "SafeString", # required
663
- # subscription_protocol: "HTTP", # required, accepts HTTP, HTTPS, EMAIL, EMAIL_JSON, SMS, SQS, LAMBDA, APP, FIREHOSE
686
+ # resp = client.create_data_lake_organization_configuration({
687
+ # auto_enable_new_account: [ # required
688
+ # {
689
+ # region: "Region", # required
690
+ # sources: [ # required
691
+ # {
692
+ # source_name: "ROUTE53", # accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
693
+ # source_version: "AwsLogSourceVersion",
694
+ # },
695
+ # ],
696
+ # },
697
+ # ],
664
698
  # })
665
699
  #
666
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDatalakeExceptionsSubscription AWS API Documentation
700
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateDataLakeOrganizationConfiguration AWS API Documentation
667
701
  #
668
- # @overload create_datalake_exceptions_subscription(params = {})
702
+ # @overload create_data_lake_organization_configuration(params = {})
669
703
  # @param [Hash] params ({})
670
- def create_datalake_exceptions_subscription(params = {}, options = {})
671
- req = build_request(:create_datalake_exceptions_subscription, params)
704
+ def create_data_lake_organization_configuration(params = {}, options = {})
705
+ req = build_request(:create_data_lake_organization_configuration, params)
672
706
  req.send_request(options)
673
707
  end
674
708
 
@@ -679,16 +713,7 @@ module Aws::SecurityLake
679
713
  # @option params [Array<String>] :access_types
680
714
  # The Amazon S3 or Lake Formation access type.
681
715
  #
682
- # @option params [required, String] :account_id
683
- # The Amazon Web Services account ID used to access your data.
684
- #
685
- # @option params [required, String] :external_id
686
- # The external ID of the subscriber. This lets the user that is assuming
687
- # the role assert the circumstances in which they are operating. It also
688
- # provides a way for the account owner to permit the role to be assumed
689
- # only under specific circumstances.
690
- #
691
- # @option params [required, Array<Types::SourceType>] :source_types
716
+ # @option params [required, Array<Types::LogSourceResource>] :sources
692
717
  # The supported Amazon Web Services from which logs and events are
693
718
  # collected. Security Lake supports log and event collection for
694
719
  # natively supported Amazon Web Services.
@@ -696,42 +721,77 @@ module Aws::SecurityLake
696
721
  # @option params [String] :subscriber_description
697
722
  # The description for your subscriber account in Security Lake.
698
723
  #
724
+ # @option params [required, Types::AwsIdentity] :subscriber_identity
725
+ # The AWS identity used to access your data.
726
+ #
699
727
  # @option params [required, String] :subscriber_name
700
728
  # The name of your Security Lake subscriber account.
701
729
  #
702
730
  # @return [Types::CreateSubscriberResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
703
731
  #
704
- # * {Types::CreateSubscriberResponse#resource_share_arn #resource_share_arn} => String
705
- # * {Types::CreateSubscriberResponse#resource_share_name #resource_share_name} => String
706
- # * {Types::CreateSubscriberResponse#role_arn #role_arn} => String
707
- # * {Types::CreateSubscriberResponse#s3_bucket_arn #s3_bucket_arn} => String
708
- # * {Types::CreateSubscriberResponse#sns_arn #sns_arn} => String
709
- # * {Types::CreateSubscriberResponse#subscription_id #subscription_id} => String
732
+ # * {Types::CreateSubscriberResponse#subscriber #subscriber} => Types::SubscriberResource
710
733
  #
711
734
  # @example Request syntax with placeholder values
712
735
  #
713
736
  # resp = client.create_subscriber({
714
737
  # access_types: ["LAKEFORMATION"], # accepts LAKEFORMATION, S3
715
- # account_id: "AwsAccountId", # required
716
- # external_id: "SafeString", # required
717
- # source_types: [ # required
738
+ # sources: [ # required
718
739
  # {
719
- # aws_source_type: "ROUTE53", # accepts ROUTE53, VPC_FLOW, CLOUD_TRAIL, SH_FINDINGS
720
- # custom_source_type: "CustomSourceType",
740
+ # aws_log_source: {
741
+ # source_name: "ROUTE53", # accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
742
+ # source_version: "AwsLogSourceVersion",
743
+ # },
744
+ # custom_log_source: {
745
+ # attributes: {
746
+ # crawler_arn: "AmazonResourceName",
747
+ # database_arn: "AmazonResourceName",
748
+ # table_arn: "AmazonResourceName",
749
+ # },
750
+ # provider: {
751
+ # location: "S3URI",
752
+ # role_arn: "RoleArn",
753
+ # },
754
+ # source_name: "CustomLogSourceName",
755
+ # source_version: "CustomLogSourceVersion",
756
+ # },
721
757
  # },
722
758
  # ],
723
759
  # subscriber_description: "DescriptionString",
760
+ # subscriber_identity: { # required
761
+ # external_id: "ExternalId", # required
762
+ # principal: "AwsPrincipal", # required
763
+ # },
724
764
  # subscriber_name: "CreateSubscriberRequestSubscriberNameString", # required
725
765
  # })
726
766
  #
727
767
  # @example Response structure
728
768
  #
729
- # resp.resource_share_arn #=> String
730
- # resp.resource_share_name #=> String
731
- # resp.role_arn #=> String
732
- # resp.s3_bucket_arn #=> String
733
- # resp.sns_arn #=> String
734
- # resp.subscription_id #=> String
769
+ # resp.subscriber.access_types #=> Array
770
+ # resp.subscriber.access_types[0] #=> String, one of "LAKEFORMATION", "S3"
771
+ # resp.subscriber.created_at #=> Time
772
+ # resp.subscriber.resource_share_arn #=> String
773
+ # resp.subscriber.resource_share_name #=> String
774
+ # resp.subscriber.role_arn #=> String
775
+ # resp.subscriber.s3_bucket_arn #=> String
776
+ # resp.subscriber.sources #=> Array
777
+ # resp.subscriber.sources[0].aws_log_source.source_name #=> String, one of "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA"
778
+ # resp.subscriber.sources[0].aws_log_source.source_version #=> String
779
+ # resp.subscriber.sources[0].custom_log_source.attributes.crawler_arn #=> String
780
+ # resp.subscriber.sources[0].custom_log_source.attributes.database_arn #=> String
781
+ # resp.subscriber.sources[0].custom_log_source.attributes.table_arn #=> String
782
+ # resp.subscriber.sources[0].custom_log_source.provider.location #=> String
783
+ # resp.subscriber.sources[0].custom_log_source.provider.role_arn #=> String
784
+ # resp.subscriber.sources[0].custom_log_source.source_name #=> String
785
+ # resp.subscriber.sources[0].custom_log_source.source_version #=> String
786
+ # resp.subscriber.subscriber_arn #=> String
787
+ # resp.subscriber.subscriber_description #=> String
788
+ # resp.subscriber.subscriber_endpoint #=> String
789
+ # resp.subscriber.subscriber_id #=> String
790
+ # resp.subscriber.subscriber_identity.external_id #=> String
791
+ # resp.subscriber.subscriber_identity.principal #=> String
792
+ # resp.subscriber.subscriber_name #=> String
793
+ # resp.subscriber.subscriber_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
794
+ # resp.subscriber.updated_at #=> Time
735
795
  #
736
796
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriber AWS API Documentation
737
797
  #
@@ -746,133 +806,84 @@ module Aws::SecurityLake
746
806
  # the sources that the subscriber consumes in Security Lake. You can
747
807
  # create only one subscriber notification per subscriber.
748
808
  #
749
- # @option params [Boolean] :create_sqs
750
- # Create an Amazon Simple Queue Service queue.
751
- #
752
- # @option params [String] :https_api_key_name
753
- # The key name for the notification subscription.
754
- #
755
- # @option params [String] :https_api_key_value
756
- # The key value for the notification subscription.
809
+ # @option params [required, Types::NotificationConfiguration] :configuration
810
+ # Specify the configuration using which you want to create the
811
+ # subscriber notification.
757
812
  #
758
- # @option params [String] :https_method
759
- # The HTTPS method used for the notification subscription.
813
+ # @option params [required, String] :subscriber_id
814
+ # The subscriber ID for the notification subscription.
760
815
  #
761
- # @option params [String] :role_arn
762
- # The Amazon Resource Name (ARN) of the EventBridge API destinations IAM
763
- # role that you created. For more information about ARNs and how to use
764
- # them in policies, see [Managing data access][1] and [Amazon Web
765
- # Services Managed Policies][2] in the Amazon Security Lake User Guide.
816
+ # @return [Types::CreateSubscriberNotificationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
766
817
  #
767
- #
768
- #
769
- # [1]: https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html
770
- # [2]: https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html
771
- #
772
- # @option params [String] :subscription_endpoint
773
- # The subscription endpoint in Security Lake. If you prefer notification
774
- # with an HTTPs endpoint, populate this field.
775
- #
776
- # @option params [required, String] :subscription_id
777
- # The subscription ID for the notification subscription.
778
- #
779
- # @return [Types::CreateSubscriptionNotificationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
780
- #
781
- # * {Types::CreateSubscriptionNotificationConfigurationResponse#queue_arn #queue_arn} => String
818
+ # * {Types::CreateSubscriberNotificationResponse#subscriber_endpoint #subscriber_endpoint} => String
782
819
  #
783
820
  # @example Request syntax with placeholder values
784
821
  #
785
- # resp = client.create_subscription_notification_configuration({
786
- # create_sqs: false,
787
- # https_api_key_name: "String",
788
- # https_api_key_value: "String",
789
- # https_method: "POST", # accepts POST, PUT
790
- # role_arn: "RoleArn",
791
- # subscription_endpoint: "CreateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString",
792
- # subscription_id: "UUID", # required
822
+ # resp = client.create_subscriber_notification({
823
+ # configuration: { # required
824
+ # https_notification_configuration: {
825
+ # authorization_api_key_name: "String",
826
+ # authorization_api_key_value: "String",
827
+ # endpoint: "HttpsNotificationConfigurationEndpointString", # required
828
+ # http_method: "POST", # accepts POST, PUT
829
+ # target_role_arn: "RoleArn", # required
830
+ # },
831
+ # sqs_notification_configuration: {
832
+ # },
833
+ # },
834
+ # subscriber_id: "UUID", # required
793
835
  # })
794
836
  #
795
837
  # @example Response structure
796
838
  #
797
- # resp.queue_arn #=> String
839
+ # resp.subscriber_endpoint #=> String
798
840
  #
799
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriptionNotificationConfiguration AWS API Documentation
841
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/CreateSubscriberNotification AWS API Documentation
800
842
  #
801
- # @overload create_subscription_notification_configuration(params = {})
843
+ # @overload create_subscriber_notification(params = {})
802
844
  # @param [Hash] params ({})
803
- def create_subscription_notification_configuration(params = {}, options = {})
804
- req = build_request(:create_subscription_notification_configuration, params)
845
+ def create_subscriber_notification(params = {}, options = {})
846
+ req = build_request(:create_subscriber_notification, params)
805
847
  req.send_request(options)
806
848
  end
807
849
 
808
850
  # Removes a natively supported Amazon Web Service as an Amazon Security
809
- # Lake source. When you remove the source, Security Lake stops
810
- # collecting data from that source, and subscribers can no longer
811
- # consume new data from the source. Subscribers can still consume data
812
- # that Security Lake collected from the source before disablement.
851
+ # Lake source. You can remove a source for one or more Regions. When you
852
+ # remove the source, Security Lake stops collecting data from that
853
+ # source in the specified Regions and accounts, and subscribers can no
854
+ # longer consume new data from the source. However, subscribers can
855
+ # still consume data that Security Lake collected from the source before
856
+ # removal.
813
857
  #
814
858
  # You can choose any source type in any Amazon Web Services Region for
815
859
  # either accounts that are part of a trusted organization or standalone
816
- # accounts. At least one of the three dimensions is a mandatory input to
817
- # this API. However, you can supply any combination of the three
818
- # dimensions to this API.
819
- #
820
- # By default, a dimension refers to the entire set. This is overridden
821
- # when you supply any one of the inputs. For instance, when you do not
822
- # specify members, the API disables all Security Lake member accounts
823
- # for sources. Similarly, when you do not specify Regions, Security Lake
824
- # is disabled for all the Regions where Security Lake is available as a
825
- # service.
826
- #
827
- # When you don't provide a dimension, Security Lake assumes that the
828
- # missing dimension refers to the entire set. For example, if you don't
829
- # provide specific accounts, the API applies to the entire set of
830
- # accounts in your organization.
831
- #
832
- # @option params [Hash<String,Hash>] :disable_all_dimensions
833
- # Removes the specific Amazon Web Services sources from specific
834
- # accounts and specific Regions.
835
- #
836
- # @option params [Array<String>] :disable_single_dimension
837
- # Removes all Amazon Web Services sources from specific accounts or
838
- # Regions.
839
- #
840
- # @option params [Hash<String,Array>] :disable_two_dimensions
841
- # Remove a specific Amazon Web Services source from specific accounts or
842
- # Regions.
843
- #
844
- # @option params [required, Array<String>] :input_order
845
- # This is a mandatory input. Specify the input order to disable
846
- # dimensions in Security Lake, namely Region (Amazon Web Services Region
847
- # code, source type, and member (account ID of a specific Amazon Web
848
- # Services account).
860
+ # accounts.
861
+ #
862
+ # @option params [required, Array<Types::AwsLogSourceConfiguration>] :sources
863
+ # Specify the natively-supported Amazon Web Services service to remove
864
+ # as a source in Security Lake.
849
865
  #
850
866
  # @return [Types::DeleteAwsLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
851
867
  #
852
868
  # * {Types::DeleteAwsLogSourceResponse#failed #failed} => Array&lt;String&gt;
853
- # * {Types::DeleteAwsLogSourceResponse#processing #processing} => Array&lt;String&gt;
854
869
  #
855
870
  # @example Request syntax with placeholder values
856
871
  #
857
872
  # resp = client.delete_aws_log_source({
858
- # disable_all_dimensions: {
859
- # "String" => {
860
- # "String" => ["String"],
873
+ # sources: [ # required
874
+ # {
875
+ # accounts: ["AwsAccountId"],
876
+ # regions: ["Region"], # required
877
+ # source_name: "ROUTE53", # required, accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
878
+ # source_version: "AwsLogSourceVersion",
861
879
  # },
862
- # },
863
- # disable_single_dimension: ["SafeString"],
864
- # disable_two_dimensions: {
865
- # "String" => ["String"],
866
- # },
867
- # input_order: ["REGION"], # required, accepts REGION, SOURCE_TYPE, MEMBER
880
+ # ],
868
881
  # })
869
882
  #
870
883
  # @example Response structure
871
884
  #
872
885
  # resp.failed #=> Array
873
886
  # resp.failed[0] #=> String
874
- # resp.processing #=> Array
875
- # resp.processing[0] #=> String
876
887
  #
877
888
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteAwsLogSource AWS API Documentation
878
889
  #
@@ -883,25 +894,25 @@ module Aws::SecurityLake
883
894
  req.send_request(options)
884
895
  end
885
896
 
886
- # Removes a custom log source from Amazon Security Lake.
897
+ # Removes a custom log source from Amazon Security Lake, to stop sending
898
+ # data from the custom source to Security Lake.
887
899
  #
888
- # @option params [required, String] :custom_source_name
889
- # The custom source name for the custom log source.
900
+ # @option params [required, String] :source_name
901
+ # The source name of custom log source that you want to delete.
890
902
  #
891
- # @return [Types::DeleteCustomLogSourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
903
+ # @option params [String] :source_version
904
+ # The source version for the third-party custom source. You can limit
905
+ # the custom source removal to the specified source version.
892
906
  #
893
- # * {Types::DeleteCustomLogSourceResponse#custom_data_location #custom_data_location} => String
907
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
894
908
  #
895
909
  # @example Request syntax with placeholder values
896
910
  #
897
911
  # resp = client.delete_custom_log_source({
898
- # custom_source_name: "String", # required
912
+ # source_name: "CustomLogSourceName", # required
913
+ # source_version: "CustomLogSourceVersion",
899
914
  # })
900
915
  #
901
- # @example Response structure
902
- #
903
- # resp.custom_data_location #=> String
904
- #
905
916
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteCustomLogSource AWS API Documentation
906
917
  #
907
918
  # @overload delete_custom_log_source(params = {})
@@ -911,117 +922,103 @@ module Aws::SecurityLake
911
922
  req.send_request(options)
912
923
  end
913
924
 
914
- # When you delete Amazon Security Lake from your account, Security Lake
915
- # is disabled in all Amazon Web Services Regions. Also, this API
916
- # automatically takes steps to remove the account from Security Lake .
925
+ # When you disable Amazon Security Lake from your account, Security Lake
926
+ # is disabled in all Amazon Web Services Regions and it stops collecting
927
+ # data from your sources. Also, this API automatically takes steps to
928
+ # remove the account from Security Lake. However, Security Lake retains
929
+ # all of your existing settings and the resources that it created in
930
+ # your Amazon Web Services account in the current Amazon Web Services
931
+ # Region.
917
932
  #
918
- # This operation disables security data collection from sources, deletes
919
- # data stored, and stops making data accessible to subscribers. Security
920
- # Lake also deletes all the existing settings and resources that it
921
- # stores or maintains for your Amazon Web Services account in the
922
- # current Region, including security log and event data. The
923
- # `DeleteDatalake` operation does not delete the Amazon S3 bucket, which
924
- # is owned by your Amazon Web Services account. For more information,
925
- # see the [Amazon Security Lake User Guide][1].
933
+ # The `DeleteDataLake` operation does not delete the data that is stored
934
+ # in your Amazon S3 bucket, which is owned by your Amazon Web Services
935
+ # account. For more information, see the [Amazon Security Lake User
936
+ # Guide][1].
926
937
  #
927
938
  #
928
939
  #
929
940
  # [1]: https://docs.aws.amazon.com/security-lake/latest/userguide/disable-security-lake.html
930
941
  #
931
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
932
- #
933
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalake AWS API Documentation
934
- #
935
- # @overload delete_datalake(params = {})
936
- # @param [Hash] params ({})
937
- def delete_datalake(params = {}, options = {})
938
- req = build_request(:delete_datalake, params)
939
- req.send_request(options)
940
- end
941
-
942
- # `DeleteDatalakeAutoEnable` removes automatic enablement of
943
- # configuration settings for new member accounts (but keeps settings for
944
- # the delegated administrator) from Amazon Security Lake. You must run
945
- # this API using credentials of the delegated administrator. When you
946
- # run this API, new member accounts that are added after the
947
- # organization enables Security Lake won't contribute to the data lake.
948
- #
949
- # @option params [required, Array<Types::AutoEnableNewRegionConfiguration>] :remove_from_configuration_for_new_accounts
950
- # Remove automatic enablement of configuration settings for new member
951
- # accounts in Security Lake.
942
+ # @option params [required, Array<String>] :regions
943
+ # The list of Regions where Security Lake is enabled.
952
944
  #
953
945
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
954
946
  #
955
947
  # @example Request syntax with placeholder values
956
948
  #
957
- # resp = client.delete_datalake_auto_enable({
958
- # remove_from_configuration_for_new_accounts: [ # required
959
- # {
960
- # region: "us-east-1", # required, accepts us-east-1, us-west-2, eu-central-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2
961
- # sources: ["ROUTE53"], # required, accepts ROUTE53, VPC_FLOW, CLOUD_TRAIL, SH_FINDINGS
962
- # },
963
- # ],
949
+ # resp = client.delete_data_lake({
950
+ # regions: ["Region"], # required
964
951
  # })
965
952
  #
966
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeAutoEnable AWS API Documentation
953
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDataLake AWS API Documentation
967
954
  #
968
- # @overload delete_datalake_auto_enable(params = {})
955
+ # @overload delete_data_lake(params = {})
969
956
  # @param [Hash] params ({})
970
- def delete_datalake_auto_enable(params = {}, options = {})
971
- req = build_request(:delete_datalake_auto_enable, params)
957
+ def delete_data_lake(params = {}, options = {})
958
+ req = build_request(:delete_data_lake, params)
972
959
  req.send_request(options)
973
960
  end
974
961
 
975
- # Deletes the Amazon Security Lake delegated administrator account for
976
- # the organization. This API can only be called by the organization
977
- # management account. The organization management account cannot be the
978
- # delegated administrator account.
979
- #
980
- # @option params [required, String] :account
981
- # The account ID the Security Lake delegated administrator.
962
+ # Deletes the specified notification subscription in Amazon Security
963
+ # Lake for the organization you specify.
982
964
  #
983
965
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
984
966
  #
985
- # @example Request syntax with placeholder values
967
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDataLakeExceptionSubscription AWS API Documentation
986
968
  #
987
- # resp = client.delete_datalake_delegated_admin({
988
- # account: "SafeString", # required
989
- # })
990
- #
991
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeDelegatedAdmin AWS API Documentation
992
- #
993
- # @overload delete_datalake_delegated_admin(params = {})
969
+ # @overload delete_data_lake_exception_subscription(params = {})
994
970
  # @param [Hash] params ({})
995
- def delete_datalake_delegated_admin(params = {}, options = {})
996
- req = build_request(:delete_datalake_delegated_admin, params)
971
+ def delete_data_lake_exception_subscription(params = {}, options = {})
972
+ req = build_request(:delete_data_lake_exception_subscription, params)
997
973
  req.send_request(options)
998
974
  end
999
975
 
1000
- # Deletes the specified notification subscription in Amazon Security
1001
- # Lake for the organization you specify.
976
+ # Removes automatic the enablement of configuration settings for new
977
+ # member accounts (but retains the settings for the delegated
978
+ # administrator) from Amazon Security Lake. You must run this API using
979
+ # the credentials of the delegated administrator. When you run this API,
980
+ # new member accounts that are added after the organization enables
981
+ # Security Lake won't contribute to the data lake.
1002
982
  #
1003
- # @return [Types::DeleteDatalakeExceptionsSubscriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
983
+ # @option params [required, Array<Types::DataLakeAutoEnableNewAccountConfiguration>] :auto_enable_new_account
984
+ # Removes the automatic enablement of configuration settings for new
985
+ # member accounts in Security Lake.
1004
986
  #
1005
- # * {Types::DeleteDatalakeExceptionsSubscriptionResponse#status #status} => String
987
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1006
988
  #
1007
- # @example Response structure
989
+ # @example Request syntax with placeholder values
1008
990
  #
1009
- # resp.status #=> String
991
+ # resp = client.delete_data_lake_organization_configuration({
992
+ # auto_enable_new_account: [ # required
993
+ # {
994
+ # region: "Region", # required
995
+ # sources: [ # required
996
+ # {
997
+ # source_name: "ROUTE53", # accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
998
+ # source_version: "AwsLogSourceVersion",
999
+ # },
1000
+ # ],
1001
+ # },
1002
+ # ],
1003
+ # })
1010
1004
  #
1011
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDatalakeExceptionsSubscription AWS API Documentation
1005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteDataLakeOrganizationConfiguration AWS API Documentation
1012
1006
  #
1013
- # @overload delete_datalake_exceptions_subscription(params = {})
1007
+ # @overload delete_data_lake_organization_configuration(params = {})
1014
1008
  # @param [Hash] params ({})
1015
- def delete_datalake_exceptions_subscription(params = {}, options = {})
1016
- req = build_request(:delete_datalake_exceptions_subscription, params)
1009
+ def delete_data_lake_organization_configuration(params = {}, options = {})
1010
+ req = build_request(:delete_data_lake_organization_configuration, params)
1017
1011
  req.send_request(options)
1018
1012
  end
1019
1013
 
1020
- # Deletes the subscription permission for accounts that are already
1021
- # enabled in Amazon Security Lake. You can delete a subscriber and
1022
- # remove access to data in the current Amazon Web Services Region.
1023
- #
1024
- # @option params [required, String] :id
1014
+ # Deletes the subscription permission and all notification settings for
1015
+ # accounts that are already enabled in Amazon Security Lake. When you
1016
+ # run `DeleteSubscriber`, the subscriber will no longer consume data
1017
+ # from Security Lake and the subscriber is removed. This operation
1018
+ # deletes the subscriber and removes access to data in the current
1019
+ # Amazon Web Services Region.
1020
+ #
1021
+ # @option params [required, String] :subscriber_id
1025
1022
  # A value created by Security Lake that uniquely identifies your
1026
1023
  # `DeleteSubscriber` API request.
1027
1024
  #
@@ -1030,7 +1027,7 @@ module Aws::SecurityLake
1030
1027
  # @example Request syntax with placeholder values
1031
1028
  #
1032
1029
  # resp = client.delete_subscriber({
1033
- # id: "String", # required
1030
+ # subscriber_id: "UUID", # required
1034
1031
  # })
1035
1032
  #
1036
1033
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriber AWS API Documentation
@@ -1045,128 +1042,89 @@ module Aws::SecurityLake
1045
1042
  # Deletes the specified notification subscription in Amazon Security
1046
1043
  # Lake for the organization you specify.
1047
1044
  #
1048
- # @option params [required, String] :subscription_id
1045
+ # @option params [required, String] :subscriber_id
1049
1046
  # The ID of the Security Lake subscriber account.
1050
1047
  #
1051
1048
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1052
1049
  #
1053
1050
  # @example Request syntax with placeholder values
1054
1051
  #
1055
- # resp = client.delete_subscription_notification_configuration({
1056
- # subscription_id: "UUID", # required
1052
+ # resp = client.delete_subscriber_notification({
1053
+ # subscriber_id: "UUID", # required
1057
1054
  # })
1058
1055
  #
1059
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriptionNotificationConfiguration AWS API Documentation
1056
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeleteSubscriberNotification AWS API Documentation
1060
1057
  #
1061
- # @overload delete_subscription_notification_configuration(params = {})
1058
+ # @overload delete_subscriber_notification(params = {})
1062
1059
  # @param [Hash] params ({})
1063
- def delete_subscription_notification_configuration(params = {}, options = {})
1064
- req = build_request(:delete_subscription_notification_configuration, params)
1060
+ def delete_subscriber_notification(params = {}, options = {})
1061
+ req = build_request(:delete_subscriber_notification, params)
1065
1062
  req.send_request(options)
1066
1063
  end
1067
1064
 
1068
- # Retrieves the Amazon Security Lake configuration object for the
1069
- # specified Amazon Web Services account ID. You can use the
1070
- # `GetDatalake` API to know whether Security Lake is enabled for the
1071
- # current Region. This API does not take input parameters.
1072
- #
1073
- # @return [Types::GetDatalakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1074
- #
1075
- # * {Types::GetDatalakeResponse#configurations #configurations} => Hash&lt;String,Types::LakeConfigurationResponse&gt;
1076
- #
1077
- # @example Response structure
1078
- #
1079
- # resp.configurations #=> Hash
1080
- # resp.configurations["Region"].encryption_key #=> String
1081
- # resp.configurations["Region"].replication_destination_regions #=> Array
1082
- # resp.configurations["Region"].replication_destination_regions[0] #=> String, one of "us-east-1", "us-west-2", "eu-central-1", "us-east-2", "eu-west-1", "ap-northeast-1", "ap-southeast-2"
1083
- # resp.configurations["Region"].replication_role_arn #=> String
1084
- # resp.configurations["Region"].retention_settings #=> Array
1085
- # resp.configurations["Region"].retention_settings[0].retention_period #=> Integer
1086
- # resp.configurations["Region"].retention_settings[0].storage_class #=> String, one of "STANDARD_IA", "ONEZONE_IA", "INTELLIGENT_TIERING", "GLACIER_IR", "GLACIER", "DEEP_ARCHIVE", "EXPIRE"
1087
- # resp.configurations["Region"].s3_bucket_arn #=> String
1088
- # resp.configurations["Region"].status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
1089
- # resp.configurations["Region"].tags_map #=> Hash
1090
- # resp.configurations["Region"].tags_map["String"] #=> String
1091
- # resp.configurations["Region"].update_status.last_update_failure.code #=> String
1092
- # resp.configurations["Region"].update_status.last_update_failure.reason #=> String
1093
- # resp.configurations["Region"].update_status.last_update_request_id #=> String
1094
- # resp.configurations["Region"].update_status.last_update_status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
1095
- #
1096
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalake AWS API Documentation
1097
- #
1098
- # @overload get_datalake(params = {})
1099
- # @param [Hash] params ({})
1100
- def get_datalake(params = {}, options = {})
1101
- req = build_request(:get_datalake, params)
1102
- req.send_request(options)
1103
- end
1104
-
1105
- # Retrieves the configuration that will be automatically set up for
1106
- # accounts added to the organization after the organization has
1107
- # onboarded to Amazon Security Lake. This API does not take input
1108
- # parameters.
1109
- #
1110
- # @return [Types::GetDatalakeAutoEnableResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1111
- #
1112
- # * {Types::GetDatalakeAutoEnableResponse#auto_enable_new_accounts #auto_enable_new_accounts} => Array&lt;Types::AutoEnableNewRegionConfiguration&gt;
1113
- #
1114
- # @example Response structure
1065
+ # Deletes the Amazon Security Lake delegated administrator account for
1066
+ # the organization. This API can only be called by the organization
1067
+ # management account. The organization management account cannot be the
1068
+ # delegated administrator account.
1115
1069
  #
1116
- # resp.auto_enable_new_accounts #=> Array
1117
- # resp.auto_enable_new_accounts[0].region #=> String, one of "us-east-1", "us-west-2", "eu-central-1", "us-east-2", "eu-west-1", "ap-northeast-1", "ap-southeast-2"
1118
- # resp.auto_enable_new_accounts[0].sources #=> Array
1119
- # resp.auto_enable_new_accounts[0].sources[0] #=> String, one of "ROUTE53", "VPC_FLOW", "CLOUD_TRAIL", "SH_FINDINGS"
1070
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1120
1071
  #
1121
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeAutoEnable AWS API Documentation
1072
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/DeregisterDataLakeDelegatedAdministrator AWS API Documentation
1122
1073
  #
1123
- # @overload get_datalake_auto_enable(params = {})
1074
+ # @overload deregister_data_lake_delegated_administrator(params = {})
1124
1075
  # @param [Hash] params ({})
1125
- def get_datalake_auto_enable(params = {}, options = {})
1126
- req = build_request(:get_datalake_auto_enable, params)
1076
+ def deregister_data_lake_delegated_administrator(params = {}, options = {})
1077
+ req = build_request(:deregister_data_lake_delegated_administrator, params)
1127
1078
  req.send_request(options)
1128
1079
  end
1129
1080
 
1130
- # Retrieves the expiration period and time-to-live (TTL) for which the
1131
- # exception message will remain. Exceptions are stored by default, for 2
1132
- # weeks from when a record was created in Amazon Security Lake. This API
1133
- # does not take input parameters.
1081
+ # Retrieves the details of exception notifications for the account in
1082
+ # Amazon Security Lake.
1134
1083
  #
1135
- # @return [Types::GetDatalakeExceptionsExpiryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1084
+ # @return [Types::GetDataLakeExceptionSubscriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1136
1085
  #
1137
- # * {Types::GetDatalakeExceptionsExpiryResponse#exception_message_expiry #exception_message_expiry} => Integer
1086
+ # * {Types::GetDataLakeExceptionSubscriptionResponse#exception_time_to_live #exception_time_to_live} => Integer
1087
+ # * {Types::GetDataLakeExceptionSubscriptionResponse#notification_endpoint #notification_endpoint} => String
1088
+ # * {Types::GetDataLakeExceptionSubscriptionResponse#subscription_protocol #subscription_protocol} => String
1138
1089
  #
1139
1090
  # @example Response structure
1140
1091
  #
1141
- # resp.exception_message_expiry #=> Integer
1092
+ # resp.exception_time_to_live #=> Integer
1093
+ # resp.notification_endpoint #=> String
1094
+ # resp.subscription_protocol #=> String
1142
1095
  #
1143
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeExceptionsExpiry AWS API Documentation
1096
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDataLakeExceptionSubscription AWS API Documentation
1144
1097
  #
1145
- # @overload get_datalake_exceptions_expiry(params = {})
1098
+ # @overload get_data_lake_exception_subscription(params = {})
1146
1099
  # @param [Hash] params ({})
1147
- def get_datalake_exceptions_expiry(params = {}, options = {})
1148
- req = build_request(:get_datalake_exceptions_expiry, params)
1100
+ def get_data_lake_exception_subscription(params = {}, options = {})
1101
+ req = build_request(:get_data_lake_exception_subscription, params)
1149
1102
  req.send_request(options)
1150
1103
  end
1151
1104
 
1152
- # Retrieves the details of exception notifications for the account in
1153
- # Amazon Security Lake.
1105
+ # Retrieves the configuration that will be automatically set up for
1106
+ # accounts added to the organization after the organization has
1107
+ # onboarded to Amazon Security Lake. This API does not take input
1108
+ # parameters.
1154
1109
  #
1155
- # @return [Types::GetDatalakeExceptionsSubscriptionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1110
+ # @return [Types::GetDataLakeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1156
1111
  #
1157
- # * {Types::GetDatalakeExceptionsSubscriptionResponse#protocol_and_notification_endpoint #protocol_and_notification_endpoint} => Types::ProtocolAndNotificationEndpoint
1112
+ # * {Types::GetDataLakeOrganizationConfigurationResponse#auto_enable_new_account #auto_enable_new_account} => Array&lt;Types::DataLakeAutoEnableNewAccountConfiguration&gt;
1158
1113
  #
1159
1114
  # @example Response structure
1160
1115
  #
1161
- # resp.protocol_and_notification_endpoint.endpoint #=> String
1162
- # resp.protocol_and_notification_endpoint.protocol #=> String
1116
+ # resp.auto_enable_new_account #=> Array
1117
+ # resp.auto_enable_new_account[0].region #=> String
1118
+ # resp.auto_enable_new_account[0].sources #=> Array
1119
+ # resp.auto_enable_new_account[0].sources[0].source_name #=> String, one of "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA"
1120
+ # resp.auto_enable_new_account[0].sources[0].source_version #=> String
1163
1121
  #
1164
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeExceptionsSubscription AWS API Documentation
1122
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDataLakeOrganizationConfiguration AWS API Documentation
1165
1123
  #
1166
- # @overload get_datalake_exceptions_subscription(params = {})
1124
+ # @overload get_data_lake_organization_configuration(params = {})
1167
1125
  # @param [Hash] params ({})
1168
- def get_datalake_exceptions_subscription(params = {}, options = {})
1169
- req = build_request(:get_datalake_exceptions_subscription, params)
1126
+ def get_data_lake_organization_configuration(params = {}, options = {})
1127
+ req = build_request(:get_data_lake_organization_configuration, params)
1170
1128
  req.send_request(options)
1171
1129
  end
1172
1130
 
@@ -1174,12 +1132,12 @@ module Aws::SecurityLake
1174
1132
  # Security Lake is enabled for those accounts and which sources Security
1175
1133
  # Lake is collecting data from.
1176
1134
  #
1177
- # @option params [Array<String>] :account_set
1135
+ # @option params [Array<String>] :accounts
1178
1136
  # The Amazon Web Services account ID for which a static snapshot of the
1179
1137
  # current Amazon Web Services Region, including enabled accounts and log
1180
1138
  # sources, is retrieved.
1181
1139
  #
1182
- # @option params [Integer] :max_account_results
1140
+ # @option params [Integer] :max_results
1183
1141
  # The maximum limit of accounts for which the static snapshot of the
1184
1142
  # current Region, including enabled accounts and log sources, is
1185
1143
  # retrieved.
@@ -1193,45 +1151,48 @@ module Aws::SecurityLake
1193
1151
  # Each pagination token expires after 24 hours. Using an expired
1194
1152
  # pagination token will return an HTTP 400 InvalidToken error.
1195
1153
  #
1196
- # @return [Types::GetDatalakeStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1154
+ # @return [Types::GetDataLakeSourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1197
1155
  #
1198
- # * {Types::GetDatalakeStatusResponse#account_sources_list #account_sources_list} => Array&lt;Types::AccountSources&gt;
1199
- # * {Types::GetDatalakeStatusResponse#next_token #next_token} => String
1156
+ # * {Types::GetDataLakeSourcesResponse#data_lake_arn #data_lake_arn} => String
1157
+ # * {Types::GetDataLakeSourcesResponse#data_lake_sources #data_lake_sources} => Array&lt;Types::DataLakeSource&gt;
1158
+ # * {Types::GetDataLakeSourcesResponse#next_token #next_token} => String
1200
1159
  #
1201
1160
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1202
1161
  #
1203
1162
  # @example Request syntax with placeholder values
1204
1163
  #
1205
- # resp = client.get_datalake_status({
1206
- # account_set: ["SafeString"],
1207
- # max_account_results: 1,
1208
- # next_token: "SafeString",
1164
+ # resp = client.get_data_lake_sources({
1165
+ # accounts: ["AwsAccountId"],
1166
+ # max_results: 1,
1167
+ # next_token: "NextToken",
1209
1168
  # })
1210
1169
  #
1211
1170
  # @example Response structure
1212
1171
  #
1213
- # resp.account_sources_list #=> Array
1214
- # resp.account_sources_list[0].account #=> String
1215
- # resp.account_sources_list[0].event_class #=> String, one of "ACCESS_ACTIVITY", "FILE_ACTIVITY", "KERNEL_ACTIVITY", "KERNEL_EXTENSION", "MEMORY_ACTIVITY", "MODULE_ACTIVITY", "PROCESS_ACTIVITY", "REGISTRY_KEY_ACTIVITY", "REGISTRY_VALUE_ACTIVITY", "RESOURCE_ACTIVITY", "SCHEDULED_JOB_ACTIVITY", "SECURITY_FINDING", "ACCOUNT_CHANGE", "AUTHENTICATION", "AUTHORIZATION", "ENTITY_MANAGEMENT_AUDIT", "DHCP_ACTIVITY", "NETWORK_ACTIVITY", "DNS_ACTIVITY", "FTP_ACTIVITY", "HTTP_ACTIVITY", "RDP_ACTIVITY", "SMB_ACTIVITY", "SSH_ACTIVITY", "CLOUD_API", "CONTAINER_LIFECYCLE", "DATABASE_LIFECYCLE", "CONFIG_STATE", "CLOUD_STORAGE", "INVENTORY_INFO", "RFB_ACTIVITY", "SMTP_ACTIVITY", "VIRTUAL_MACHINE_ACTIVITY"
1216
- # resp.account_sources_list[0].logs_status #=> Array
1217
- # resp.account_sources_list[0].logs_status[0].health_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING"
1218
- # resp.account_sources_list[0].logs_status[0].path_to_logs #=> String
1219
- # resp.account_sources_list[0].source_type #=> String
1172
+ # resp.data_lake_arn #=> String
1173
+ # resp.data_lake_sources #=> Array
1174
+ # resp.data_lake_sources[0].account #=> String
1175
+ # resp.data_lake_sources[0].event_classes #=> Array
1176
+ # resp.data_lake_sources[0].event_classes[0] #=> String
1177
+ # resp.data_lake_sources[0].source_name #=> String
1178
+ # resp.data_lake_sources[0].source_statuses #=> Array
1179
+ # resp.data_lake_sources[0].source_statuses[0].resource #=> String
1180
+ # resp.data_lake_sources[0].source_statuses[0].status #=> String, one of "COLLECTING", "MISCONFIGURED", "NOT_COLLECTING"
1220
1181
  # resp.next_token #=> String
1221
1182
  #
1222
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDatalakeStatus AWS API Documentation
1183
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetDataLakeSources AWS API Documentation
1223
1184
  #
1224
- # @overload get_datalake_status(params = {})
1185
+ # @overload get_data_lake_sources(params = {})
1225
1186
  # @param [Hash] params ({})
1226
- def get_datalake_status(params = {}, options = {})
1227
- req = build_request(:get_datalake_status, params)
1187
+ def get_data_lake_sources(params = {}, options = {})
1188
+ req = build_request(:get_data_lake_sources, params)
1228
1189
  req.send_request(options)
1229
1190
  end
1230
1191
 
1231
1192
  # Retrieves the subscription information for the specified subscription
1232
1193
  # ID. You can get information about a specific subscriber.
1233
1194
  #
1234
- # @option params [required, String] :id
1195
+ # @option params [required, String] :subscriber_id
1235
1196
  # A value created by Amazon Security Lake that uniquely identifies your
1236
1197
  # `GetSubscriber` API request.
1237
1198
  #
@@ -1242,30 +1203,36 @@ module Aws::SecurityLake
1242
1203
  # @example Request syntax with placeholder values
1243
1204
  #
1244
1205
  # resp = client.get_subscriber({
1245
- # id: "String", # required
1206
+ # subscriber_id: "UUID", # required
1246
1207
  # })
1247
1208
  #
1248
1209
  # @example Response structure
1249
1210
  #
1250
1211
  # resp.subscriber.access_types #=> Array
1251
1212
  # resp.subscriber.access_types[0] #=> String, one of "LAKEFORMATION", "S3"
1252
- # resp.subscriber.account_id #=> String
1253
1213
  # resp.subscriber.created_at #=> Time
1254
- # resp.subscriber.external_id #=> String
1255
1214
  # resp.subscriber.resource_share_arn #=> String
1256
1215
  # resp.subscriber.resource_share_name #=> String
1257
1216
  # resp.subscriber.role_arn #=> String
1258
1217
  # resp.subscriber.s3_bucket_arn #=> String
1259
- # resp.subscriber.sns_arn #=> String
1260
- # resp.subscriber.source_types #=> Array
1261
- # resp.subscriber.source_types[0].aws_source_type #=> String, one of "ROUTE53", "VPC_FLOW", "CLOUD_TRAIL", "SH_FINDINGS"
1262
- # resp.subscriber.source_types[0].custom_source_type #=> String
1218
+ # resp.subscriber.sources #=> Array
1219
+ # resp.subscriber.sources[0].aws_log_source.source_name #=> String, one of "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA"
1220
+ # resp.subscriber.sources[0].aws_log_source.source_version #=> String
1221
+ # resp.subscriber.sources[0].custom_log_source.attributes.crawler_arn #=> String
1222
+ # resp.subscriber.sources[0].custom_log_source.attributes.database_arn #=> String
1223
+ # resp.subscriber.sources[0].custom_log_source.attributes.table_arn #=> String
1224
+ # resp.subscriber.sources[0].custom_log_source.provider.location #=> String
1225
+ # resp.subscriber.sources[0].custom_log_source.provider.role_arn #=> String
1226
+ # resp.subscriber.sources[0].custom_log_source.source_name #=> String
1227
+ # resp.subscriber.sources[0].custom_log_source.source_version #=> String
1228
+ # resp.subscriber.subscriber_arn #=> String
1263
1229
  # resp.subscriber.subscriber_description #=> String
1230
+ # resp.subscriber.subscriber_endpoint #=> String
1231
+ # resp.subscriber.subscriber_id #=> String
1232
+ # resp.subscriber.subscriber_identity.external_id #=> String
1233
+ # resp.subscriber.subscriber_identity.principal #=> String
1264
1234
  # resp.subscriber.subscriber_name #=> String
1265
- # resp.subscriber.subscription_endpoint #=> String
1266
- # resp.subscriber.subscription_id #=> String
1267
- # resp.subscriber.subscription_protocol #=> String, one of "HTTPS", "SQS"
1268
- # resp.subscriber.subscription_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
1235
+ # resp.subscriber.subscriber_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
1269
1236
  # resp.subscriber.updated_at #=> Time
1270
1237
  #
1271
1238
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/GetSubscriber AWS API Documentation
@@ -1280,7 +1247,7 @@ module Aws::SecurityLake
1280
1247
  # Lists the Amazon Security Lake exceptions that you can use to find the
1281
1248
  # source of problems and fix them.
1282
1249
  #
1283
- # @option params [Integer] :max_failures
1250
+ # @option params [Integer] :max_results
1284
1251
  # List the maximum number of failures in Security Lake.
1285
1252
  #
1286
1253
  # @option params [String] :next_token
@@ -1292,64 +1259,95 @@ module Aws::SecurityLake
1292
1259
  # Each pagination token expires after 24 hours. Using an expired
1293
1260
  # pagination token will return an HTTP 400 InvalidToken error.
1294
1261
  #
1295
- # @option params [Array<String>] :region_set
1262
+ # @option params [Array<String>] :regions
1296
1263
  # List the Amazon Web Services Regions from which exceptions are
1297
1264
  # retrieved.
1298
1265
  #
1299
- # @return [Types::ListDatalakeExceptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1266
+ # @return [Types::ListDataLakeExceptionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1300
1267
  #
1301
- # * {Types::ListDatalakeExceptionsResponse#next_token #next_token} => String
1302
- # * {Types::ListDatalakeExceptionsResponse#non_retryable_failures #non_retryable_failures} => Array&lt;Types::FailuresResponse&gt;
1268
+ # * {Types::ListDataLakeExceptionsResponse#exceptions #exceptions} => Array&lt;Types::DataLakeException&gt;
1269
+ # * {Types::ListDataLakeExceptionsResponse#next_token #next_token} => String
1303
1270
  #
1304
1271
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1305
1272
  #
1306
1273
  # @example Request syntax with placeholder values
1307
1274
  #
1308
- # resp = client.list_datalake_exceptions({
1309
- # max_failures: 1,
1310
- # next_token: "SafeString",
1311
- # region_set: ["us-east-1"], # accepts us-east-1, us-west-2, eu-central-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2
1275
+ # resp = client.list_data_lake_exceptions({
1276
+ # max_results: 1,
1277
+ # next_token: "NextToken",
1278
+ # regions: ["Region"],
1312
1279
  # })
1313
1280
  #
1314
1281
  # @example Response structure
1315
1282
  #
1283
+ # resp.exceptions #=> Array
1284
+ # resp.exceptions[0].exception #=> String
1285
+ # resp.exceptions[0].region #=> String
1286
+ # resp.exceptions[0].remediation #=> String
1287
+ # resp.exceptions[0].timestamp #=> Time
1316
1288
  # resp.next_token #=> String
1317
- # resp.non_retryable_failures #=> Array
1318
- # resp.non_retryable_failures[0].failures #=> Array
1319
- # resp.non_retryable_failures[0].failures[0].exception_message #=> String
1320
- # resp.non_retryable_failures[0].failures[0].remediation #=> String
1321
- # resp.non_retryable_failures[0].failures[0].timestamp #=> Time
1322
- # resp.non_retryable_failures[0].region #=> String
1323
1289
  #
1324
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListDatalakeExceptions AWS API Documentation
1290
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListDataLakeExceptions AWS API Documentation
1325
1291
  #
1326
- # @overload list_datalake_exceptions(params = {})
1292
+ # @overload list_data_lake_exceptions(params = {})
1327
1293
  # @param [Hash] params ({})
1328
- def list_datalake_exceptions(params = {}, options = {})
1329
- req = build_request(:list_datalake_exceptions, params)
1294
+ def list_data_lake_exceptions(params = {}, options = {})
1295
+ req = build_request(:list_data_lake_exceptions, params)
1330
1296
  req.send_request(options)
1331
1297
  end
1332
1298
 
1333
- # Retrieves the log sources in the current Amazon Web Services Region.
1299
+ # Retrieves the Amazon Security Lake configuration object for the
1300
+ # specified Amazon Web Services account ID. You can use the
1301
+ # `ListDataLakes` API to know whether Security Lake is enabled for any
1302
+ # region.
1303
+ #
1304
+ # @option params [Array<String>] :regions
1305
+ # The list of regions where Security Lake is enabled.
1334
1306
  #
1335
- # @option params [Array<String>] :input_order
1336
- # Lists the log sources in input order, namely Region, source type, and
1337
- # member account.
1307
+ # @return [Types::ListDataLakesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1338
1308
  #
1339
- # @option params [Hash<String,Hash>] :list_all_dimensions
1340
- # List the view of log sources for enabled Amazon Security Lake accounts
1341
- # for specific Amazon Web Services sources from specific accounts and
1342
- # specific Regions.
1309
+ # * {Types::ListDataLakesResponse#data_lakes #data_lakes} => Array&lt;Types::DataLakeResource&gt;
1343
1310
  #
1344
- # @option params [Array<String>] :list_single_dimension
1345
- # List the view of log sources for enabled Security Lake accounts for
1346
- # all Amazon Web Services sources from specific accounts or specific
1347
- # Regions.
1311
+ # @example Request syntax with placeholder values
1312
+ #
1313
+ # resp = client.list_data_lakes({
1314
+ # regions: ["Region"],
1315
+ # })
1316
+ #
1317
+ # @example Response structure
1318
+ #
1319
+ # resp.data_lakes #=> Array
1320
+ # resp.data_lakes[0].create_status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
1321
+ # resp.data_lakes[0].data_lake_arn #=> String
1322
+ # resp.data_lakes[0].encryption_configuration.kms_key_id #=> String
1323
+ # resp.data_lakes[0].lifecycle_configuration.expiration.days #=> Integer
1324
+ # resp.data_lakes[0].lifecycle_configuration.transitions #=> Array
1325
+ # resp.data_lakes[0].lifecycle_configuration.transitions[0].days #=> Integer
1326
+ # resp.data_lakes[0].lifecycle_configuration.transitions[0].storage_class #=> String
1327
+ # resp.data_lakes[0].region #=> String
1328
+ # resp.data_lakes[0].replication_configuration.regions #=> Array
1329
+ # resp.data_lakes[0].replication_configuration.regions[0] #=> String
1330
+ # resp.data_lakes[0].replication_configuration.role_arn #=> String
1331
+ # resp.data_lakes[0].s3_bucket_arn #=> String
1332
+ # resp.data_lakes[0].update_status.exception.code #=> String
1333
+ # resp.data_lakes[0].update_status.exception.reason #=> String
1334
+ # resp.data_lakes[0].update_status.request_id #=> String
1335
+ # resp.data_lakes[0].update_status.status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
1336
+ #
1337
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListDataLakes AWS API Documentation
1338
+ #
1339
+ # @overload list_data_lakes(params = {})
1340
+ # @param [Hash] params ({})
1341
+ def list_data_lakes(params = {}, options = {})
1342
+ req = build_request(:list_data_lakes, params)
1343
+ req.send_request(options)
1344
+ end
1345
+
1346
+ # Retrieves the log sources in the current Amazon Web Services Region.
1348
1347
  #
1349
- # @option params [Hash<String,Array>] :list_two_dimensions
1350
- # Lists the view of log sources for enabled Security Lake accounts for
1351
- # specific Amazon Web Services sources from specific accounts or
1352
- # specific Regions.
1348
+ # @option params [Array<String>] :accounts
1349
+ # The list of Amazon Web Services accounts for which log sources are
1350
+ # displayed.
1353
1351
  #
1354
1352
  # @option params [Integer] :max_results
1355
1353
  # The maximum number of accounts for which the log sources are
@@ -1359,38 +1357,65 @@ module Aws::SecurityLake
1359
1357
  # If nextToken is returned, there are more results available. You can
1360
1358
  # repeat the call using the returned token to retrieve the next page.
1361
1359
  #
1360
+ # @option params [Array<String>] :regions
1361
+ # The list of regions for which log sources are displayed.
1362
+ #
1363
+ # @option params [Array<Types::LogSourceResource>] :sources
1364
+ # The list of sources for which log sources are displayed.
1365
+ #
1362
1366
  # @return [Types::ListLogSourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1363
1367
  #
1364
1368
  # * {Types::ListLogSourcesResponse#next_token #next_token} => String
1365
- # * {Types::ListLogSourcesResponse#region_source_types_accounts_list #region_source_types_accounts_list} => Array&lt;Hash&lt;String,Hash&lt;String,Array&lt;String&gt;&gt;&gt;&gt;
1369
+ # * {Types::ListLogSourcesResponse#sources #sources} => Array&lt;Types::LogSource&gt;
1366
1370
  #
1367
1371
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1368
1372
  #
1369
1373
  # @example Request syntax with placeholder values
1370
1374
  #
1371
1375
  # resp = client.list_log_sources({
1372
- # input_order: ["REGION"], # accepts REGION, SOURCE_TYPE, MEMBER
1373
- # list_all_dimensions: {
1374
- # "String" => {
1375
- # "String" => ["String"],
1376
- # },
1377
- # },
1378
- # list_single_dimension: ["SafeString"],
1379
- # list_two_dimensions: {
1380
- # "String" => ["String"],
1381
- # },
1376
+ # accounts: ["AwsAccountId"],
1382
1377
  # max_results: 1,
1383
- # next_token: "SafeString",
1378
+ # next_token: "NextToken",
1379
+ # regions: ["Region"],
1380
+ # sources: [
1381
+ # {
1382
+ # aws_log_source: {
1383
+ # source_name: "ROUTE53", # accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
1384
+ # source_version: "AwsLogSourceVersion",
1385
+ # },
1386
+ # custom_log_source: {
1387
+ # attributes: {
1388
+ # crawler_arn: "AmazonResourceName",
1389
+ # database_arn: "AmazonResourceName",
1390
+ # table_arn: "AmazonResourceName",
1391
+ # },
1392
+ # provider: {
1393
+ # location: "S3URI",
1394
+ # role_arn: "RoleArn",
1395
+ # },
1396
+ # source_name: "CustomLogSourceName",
1397
+ # source_version: "CustomLogSourceVersion",
1398
+ # },
1399
+ # },
1400
+ # ],
1384
1401
  # })
1385
1402
  #
1386
1403
  # @example Response structure
1387
1404
  #
1388
1405
  # resp.next_token #=> String
1389
- # resp.region_source_types_accounts_list #=> Array
1390
- # resp.region_source_types_accounts_list[0] #=> Hash
1391
- # resp.region_source_types_accounts_list[0]["String"] #=> Hash
1392
- # resp.region_source_types_accounts_list[0]["String"]["String"] #=> Array
1393
- # resp.region_source_types_accounts_list[0]["String"]["String"][0] #=> String
1406
+ # resp.sources #=> Array
1407
+ # resp.sources[0].account #=> String
1408
+ # resp.sources[0].region #=> String
1409
+ # resp.sources[0].sources #=> Array
1410
+ # resp.sources[0].sources[0].aws_log_source.source_name #=> String, one of "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA"
1411
+ # resp.sources[0].sources[0].aws_log_source.source_version #=> String
1412
+ # resp.sources[0].sources[0].custom_log_source.attributes.crawler_arn #=> String
1413
+ # resp.sources[0].sources[0].custom_log_source.attributes.database_arn #=> String
1414
+ # resp.sources[0].sources[0].custom_log_source.attributes.table_arn #=> String
1415
+ # resp.sources[0].sources[0].custom_log_source.provider.location #=> String
1416
+ # resp.sources[0].sources[0].custom_log_source.provider.role_arn #=> String
1417
+ # resp.sources[0].sources[0].custom_log_source.source_name #=> String
1418
+ # resp.sources[0].sources[0].custom_log_source.source_version #=> String
1394
1419
  #
1395
1420
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListLogSources AWS API Documentation
1396
1421
  #
@@ -1424,7 +1449,7 @@ module Aws::SecurityLake
1424
1449
  #
1425
1450
  # resp = client.list_subscribers({
1426
1451
  # max_results: 1,
1427
- # next_token: "String",
1452
+ # next_token: "NextToken",
1428
1453
  # })
1429
1454
  #
1430
1455
  # @example Response structure
@@ -1433,23 +1458,29 @@ module Aws::SecurityLake
1433
1458
  # resp.subscribers #=> Array
1434
1459
  # resp.subscribers[0].access_types #=> Array
1435
1460
  # resp.subscribers[0].access_types[0] #=> String, one of "LAKEFORMATION", "S3"
1436
- # resp.subscribers[0].account_id #=> String
1437
1461
  # resp.subscribers[0].created_at #=> Time
1438
- # resp.subscribers[0].external_id #=> String
1439
1462
  # resp.subscribers[0].resource_share_arn #=> String
1440
1463
  # resp.subscribers[0].resource_share_name #=> String
1441
1464
  # resp.subscribers[0].role_arn #=> String
1442
1465
  # resp.subscribers[0].s3_bucket_arn #=> String
1443
- # resp.subscribers[0].sns_arn #=> String
1444
- # resp.subscribers[0].source_types #=> Array
1445
- # resp.subscribers[0].source_types[0].aws_source_type #=> String, one of "ROUTE53", "VPC_FLOW", "CLOUD_TRAIL", "SH_FINDINGS"
1446
- # resp.subscribers[0].source_types[0].custom_source_type #=> String
1466
+ # resp.subscribers[0].sources #=> Array
1467
+ # resp.subscribers[0].sources[0].aws_log_source.source_name #=> String, one of "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA"
1468
+ # resp.subscribers[0].sources[0].aws_log_source.source_version #=> String
1469
+ # resp.subscribers[0].sources[0].custom_log_source.attributes.crawler_arn #=> String
1470
+ # resp.subscribers[0].sources[0].custom_log_source.attributes.database_arn #=> String
1471
+ # resp.subscribers[0].sources[0].custom_log_source.attributes.table_arn #=> String
1472
+ # resp.subscribers[0].sources[0].custom_log_source.provider.location #=> String
1473
+ # resp.subscribers[0].sources[0].custom_log_source.provider.role_arn #=> String
1474
+ # resp.subscribers[0].sources[0].custom_log_source.source_name #=> String
1475
+ # resp.subscribers[0].sources[0].custom_log_source.source_version #=> String
1476
+ # resp.subscribers[0].subscriber_arn #=> String
1447
1477
  # resp.subscribers[0].subscriber_description #=> String
1478
+ # resp.subscribers[0].subscriber_endpoint #=> String
1479
+ # resp.subscribers[0].subscriber_id #=> String
1480
+ # resp.subscribers[0].subscriber_identity.external_id #=> String
1481
+ # resp.subscribers[0].subscriber_identity.principal #=> String
1448
1482
  # resp.subscribers[0].subscriber_name #=> String
1449
- # resp.subscribers[0].subscription_endpoint #=> String
1450
- # resp.subscribers[0].subscription_id #=> String
1451
- # resp.subscribers[0].subscription_protocol #=> String, one of "HTTPS", "SQS"
1452
- # resp.subscribers[0].subscription_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
1483
+ # resp.subscribers[0].subscriber_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
1453
1484
  # resp.subscribers[0].updated_at #=> Time
1454
1485
  #
1455
1486
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/ListSubscribers AWS API Documentation
@@ -1461,74 +1492,107 @@ module Aws::SecurityLake
1461
1492
  req.send_request(options)
1462
1493
  end
1463
1494
 
1464
- # Specifies where to store your security data and for how long. You can
1465
- # add a rollup Region to consolidate data from multiple Amazon Web
1466
- # Services Regions.
1495
+ # Designates the Amazon Security Lake delegated administrator account
1496
+ # for the organization. This API can only be called by the organization
1497
+ # management account. The organization management account cannot be the
1498
+ # delegated administrator account.
1467
1499
  #
1468
- # @option params [required, Hash<String,Types::LakeConfigurationRequest>] :configurations
1469
- # Specify the Region or Regions that will contribute data to the rollup
1470
- # region.
1500
+ # @option params [required, String] :account_id
1501
+ # The Amazon Web Services account ID of the Security Lake delegated
1502
+ # administrator.
1471
1503
  #
1472
1504
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1473
1505
  #
1474
1506
  # @example Request syntax with placeholder values
1475
1507
  #
1476
- # resp = client.update_datalake({
1477
- # configurations: { # required
1478
- # "us-east-1" => {
1479
- # encryption_key: "String",
1480
- # replication_destination_regions: ["us-east-1"], # accepts us-east-1, us-west-2, eu-central-1, us-east-2, eu-west-1, ap-northeast-1, ap-southeast-2
1481
- # replication_role_arn: "RoleArn",
1482
- # retention_settings: [
1483
- # {
1484
- # retention_period: 1,
1485
- # storage_class: "STANDARD_IA", # accepts STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER_IR, GLACIER, DEEP_ARCHIVE, EXPIRE
1486
- # },
1487
- # ],
1488
- # tags_map: {
1489
- # "String" => "String",
1490
- # },
1491
- # },
1492
- # },
1508
+ # resp = client.register_data_lake_delegated_administrator({
1509
+ # account_id: "SafeString", # required
1493
1510
  # })
1494
1511
  #
1495
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalake AWS API Documentation
1512
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/RegisterDataLakeDelegatedAdministrator AWS API Documentation
1496
1513
  #
1497
- # @overload update_datalake(params = {})
1514
+ # @overload register_data_lake_delegated_administrator(params = {})
1498
1515
  # @param [Hash] params ({})
1499
- def update_datalake(params = {}, options = {})
1500
- req = build_request(:update_datalake, params)
1516
+ def register_data_lake_delegated_administrator(params = {}, options = {})
1517
+ req = build_request(:register_data_lake_delegated_administrator, params)
1501
1518
  req.send_request(options)
1502
1519
  end
1503
1520
 
1504
- # Update the expiration period for the exception message to your
1505
- # preferred time, and control the time-to-live (TTL) for the exception
1506
- # message to remain. Exceptions are stored by default for 2 weeks from
1507
- # when a record was created in Amazon Security Lake.
1521
+ # Specifies where to store your security data and for how long. You can
1522
+ # add a rollup Region to consolidate data from multiple Amazon Web
1523
+ # Services Regions.
1508
1524
  #
1509
- # @option params [required, Integer] :exception_message_expiry
1510
- # The time-to-live (TTL) for the exception message to remain.
1525
+ # @option params [required, Array<Types::DataLakeConfiguration>] :configurations
1526
+ # Specify the Region or Regions that will contribute data to the rollup
1527
+ # region.
1511
1528
  #
1512
- # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1529
+ # @return [Types::UpdateDataLakeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1530
+ #
1531
+ # * {Types::UpdateDataLakeResponse#data_lakes #data_lakes} => Array&lt;Types::DataLakeResource&gt;
1513
1532
  #
1514
1533
  # @example Request syntax with placeholder values
1515
1534
  #
1516
- # resp = client.update_datalake_exceptions_expiry({
1517
- # exception_message_expiry: 1, # required
1535
+ # resp = client.update_data_lake({
1536
+ # configurations: [ # required
1537
+ # {
1538
+ # encryption_configuration: {
1539
+ # kms_key_id: "String",
1540
+ # },
1541
+ # lifecycle_configuration: {
1542
+ # expiration: {
1543
+ # days: 1,
1544
+ # },
1545
+ # transitions: [
1546
+ # {
1547
+ # days: 1,
1548
+ # storage_class: "DataLakeStorageClass",
1549
+ # },
1550
+ # ],
1551
+ # },
1552
+ # region: "Region", # required
1553
+ # replication_configuration: {
1554
+ # regions: ["Region"],
1555
+ # role_arn: "RoleArn",
1556
+ # },
1557
+ # },
1558
+ # ],
1518
1559
  # })
1519
1560
  #
1520
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalakeExceptionsExpiry AWS API Documentation
1561
+ # @example Response structure
1521
1562
  #
1522
- # @overload update_datalake_exceptions_expiry(params = {})
1563
+ # resp.data_lakes #=> Array
1564
+ # resp.data_lakes[0].create_status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
1565
+ # resp.data_lakes[0].data_lake_arn #=> String
1566
+ # resp.data_lakes[0].encryption_configuration.kms_key_id #=> String
1567
+ # resp.data_lakes[0].lifecycle_configuration.expiration.days #=> Integer
1568
+ # resp.data_lakes[0].lifecycle_configuration.transitions #=> Array
1569
+ # resp.data_lakes[0].lifecycle_configuration.transitions[0].days #=> Integer
1570
+ # resp.data_lakes[0].lifecycle_configuration.transitions[0].storage_class #=> String
1571
+ # resp.data_lakes[0].region #=> String
1572
+ # resp.data_lakes[0].replication_configuration.regions #=> Array
1573
+ # resp.data_lakes[0].replication_configuration.regions[0] #=> String
1574
+ # resp.data_lakes[0].replication_configuration.role_arn #=> String
1575
+ # resp.data_lakes[0].s3_bucket_arn #=> String
1576
+ # resp.data_lakes[0].update_status.exception.code #=> String
1577
+ # resp.data_lakes[0].update_status.exception.reason #=> String
1578
+ # resp.data_lakes[0].update_status.request_id #=> String
1579
+ # resp.data_lakes[0].update_status.status #=> String, one of "INITIALIZED", "PENDING", "COMPLETED", "FAILED"
1580
+ #
1581
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDataLake AWS API Documentation
1582
+ #
1583
+ # @overload update_data_lake(params = {})
1523
1584
  # @param [Hash] params ({})
1524
- def update_datalake_exceptions_expiry(params = {}, options = {})
1525
- req = build_request(:update_datalake_exceptions_expiry, params)
1585
+ def update_data_lake(params = {}, options = {})
1586
+ req = build_request(:update_data_lake, params)
1526
1587
  req.send_request(options)
1527
1588
  end
1528
1589
 
1529
1590
  # Updates the specified notification subscription in Amazon Security
1530
1591
  # Lake for the organization you specify.
1531
1592
  #
1593
+ # @option params [Integer] :exception_time_to_live
1594
+ # The time-to-live (TTL) for the exception message to remain.
1595
+ #
1532
1596
  # @option params [required, String] :notification_endpoint
1533
1597
  # The account that is subscribed to receive exception notifications.
1534
1598
  #
@@ -1539,17 +1603,18 @@ module Aws::SecurityLake
1539
1603
  #
1540
1604
  # @example Request syntax with placeholder values
1541
1605
  #
1542
- # resp = client.update_datalake_exceptions_subscription({
1606
+ # resp = client.update_data_lake_exception_subscription({
1607
+ # exception_time_to_live: 1,
1543
1608
  # notification_endpoint: "SafeString", # required
1544
- # subscription_protocol: "HTTP", # required, accepts HTTP, HTTPS, EMAIL, EMAIL_JSON, SMS, SQS, LAMBDA, APP, FIREHOSE
1609
+ # subscription_protocol: "SubscriptionProtocol", # required
1545
1610
  # })
1546
1611
  #
1547
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDatalakeExceptionsSubscription AWS API Documentation
1612
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateDataLakeExceptionSubscription AWS API Documentation
1548
1613
  #
1549
- # @overload update_datalake_exceptions_subscription(params = {})
1614
+ # @overload update_data_lake_exception_subscription(params = {})
1550
1615
  # @param [Hash] params ({})
1551
- def update_datalake_exceptions_subscription(params = {}, options = {})
1552
- req = build_request(:update_datalake_exceptions_subscription, params)
1616
+ def update_data_lake_exception_subscription(params = {}, options = {})
1617
+ req = build_request(:update_data_lake_exception_subscription, params)
1553
1618
  req.send_request(options)
1554
1619
  end
1555
1620
 
@@ -1557,14 +1622,7 @@ module Aws::SecurityLake
1557
1622
  # account ID. You can update a subscriber by changing the sources that
1558
1623
  # the subscriber consumes data from.
1559
1624
  #
1560
- # @option params [String] :external_id
1561
- # The external ID of the Security Lake account.
1562
- #
1563
- # @option params [required, String] :id
1564
- # A value created by Security Lake that uniquely identifies your
1565
- # subscription.
1566
- #
1567
- # @option params [required, Array<Types::SourceType>] :source_types
1625
+ # @option params [Array<Types::LogSourceResource>] :sources
1568
1626
  # The supported Amazon Web Services from which logs and events are
1569
1627
  # collected. For the list of supported Amazon Web Services, see the
1570
1628
  # [Amazon Security Lake User Guide][1].
@@ -1576,6 +1634,13 @@ module Aws::SecurityLake
1576
1634
  # @option params [String] :subscriber_description
1577
1635
  # The description of the Security Lake account subscriber.
1578
1636
  #
1637
+ # @option params [required, String] :subscriber_id
1638
+ # A value created by Security Lake that uniquely identifies your
1639
+ # subscription.
1640
+ #
1641
+ # @option params [Types::AwsIdentity] :subscriber_identity
1642
+ # The AWS identity used to access your data.
1643
+ #
1579
1644
  # @option params [String] :subscriber_name
1580
1645
  # The name of the Security Lake account subscriber.
1581
1646
  #
@@ -1586,15 +1651,33 @@ module Aws::SecurityLake
1586
1651
  # @example Request syntax with placeholder values
1587
1652
  #
1588
1653
  # resp = client.update_subscriber({
1589
- # external_id: "SafeString",
1590
- # id: "String", # required
1591
- # source_types: [ # required
1654
+ # sources: [
1592
1655
  # {
1593
- # aws_source_type: "ROUTE53", # accepts ROUTE53, VPC_FLOW, CLOUD_TRAIL, SH_FINDINGS
1594
- # custom_source_type: "CustomSourceType",
1656
+ # aws_log_source: {
1657
+ # source_name: "ROUTE53", # accepts ROUTE53, VPC_FLOW, SH_FINDINGS, CLOUD_TRAIL_MGMT, LAMBDA_EXECUTION, S3_DATA
1658
+ # source_version: "AwsLogSourceVersion",
1659
+ # },
1660
+ # custom_log_source: {
1661
+ # attributes: {
1662
+ # crawler_arn: "AmazonResourceName",
1663
+ # database_arn: "AmazonResourceName",
1664
+ # table_arn: "AmazonResourceName",
1665
+ # },
1666
+ # provider: {
1667
+ # location: "S3URI",
1668
+ # role_arn: "RoleArn",
1669
+ # },
1670
+ # source_name: "CustomLogSourceName",
1671
+ # source_version: "CustomLogSourceVersion",
1672
+ # },
1595
1673
  # },
1596
1674
  # ],
1597
1675
  # subscriber_description: "DescriptionString",
1676
+ # subscriber_id: "UUID", # required
1677
+ # subscriber_identity: {
1678
+ # external_id: "ExternalId", # required
1679
+ # principal: "AwsPrincipal", # required
1680
+ # },
1598
1681
  # subscriber_name: "UpdateSubscriberRequestSubscriberNameString",
1599
1682
  # })
1600
1683
  #
@@ -1602,23 +1685,29 @@ module Aws::SecurityLake
1602
1685
  #
1603
1686
  # resp.subscriber.access_types #=> Array
1604
1687
  # resp.subscriber.access_types[0] #=> String, one of "LAKEFORMATION", "S3"
1605
- # resp.subscriber.account_id #=> String
1606
1688
  # resp.subscriber.created_at #=> Time
1607
- # resp.subscriber.external_id #=> String
1608
1689
  # resp.subscriber.resource_share_arn #=> String
1609
1690
  # resp.subscriber.resource_share_name #=> String
1610
1691
  # resp.subscriber.role_arn #=> String
1611
1692
  # resp.subscriber.s3_bucket_arn #=> String
1612
- # resp.subscriber.sns_arn #=> String
1613
- # resp.subscriber.source_types #=> Array
1614
- # resp.subscriber.source_types[0].aws_source_type #=> String, one of "ROUTE53", "VPC_FLOW", "CLOUD_TRAIL", "SH_FINDINGS"
1615
- # resp.subscriber.source_types[0].custom_source_type #=> String
1693
+ # resp.subscriber.sources #=> Array
1694
+ # resp.subscriber.sources[0].aws_log_source.source_name #=> String, one of "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA"
1695
+ # resp.subscriber.sources[0].aws_log_source.source_version #=> String
1696
+ # resp.subscriber.sources[0].custom_log_source.attributes.crawler_arn #=> String
1697
+ # resp.subscriber.sources[0].custom_log_source.attributes.database_arn #=> String
1698
+ # resp.subscriber.sources[0].custom_log_source.attributes.table_arn #=> String
1699
+ # resp.subscriber.sources[0].custom_log_source.provider.location #=> String
1700
+ # resp.subscriber.sources[0].custom_log_source.provider.role_arn #=> String
1701
+ # resp.subscriber.sources[0].custom_log_source.source_name #=> String
1702
+ # resp.subscriber.sources[0].custom_log_source.source_version #=> String
1703
+ # resp.subscriber.subscriber_arn #=> String
1616
1704
  # resp.subscriber.subscriber_description #=> String
1705
+ # resp.subscriber.subscriber_endpoint #=> String
1706
+ # resp.subscriber.subscriber_id #=> String
1707
+ # resp.subscriber.subscriber_identity.external_id #=> String
1708
+ # resp.subscriber.subscriber_identity.principal #=> String
1617
1709
  # resp.subscriber.subscriber_name #=> String
1618
- # resp.subscriber.subscription_endpoint #=> String
1619
- # resp.subscriber.subscription_id #=> String
1620
- # resp.subscriber.subscription_protocol #=> String, one of "HTTPS", "SQS"
1621
- # resp.subscriber.subscription_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
1710
+ # resp.subscriber.subscriber_status #=> String, one of "ACTIVE", "DEACTIVATED", "PENDING", "READY"
1622
1711
  # resp.subscriber.updated_at #=> Time
1623
1712
  #
1624
1713
  # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriber AWS API Documentation
@@ -1634,63 +1723,44 @@ module Aws::SecurityLake
1634
1723
  # HTTPs endpoint) or switches the notification subscription endpoint for
1635
1724
  # a subscriber.
1636
1725
  #
1637
- # @option params [Boolean] :create_sqs
1638
- # Create a new subscription notification for the specified subscription
1639
- # ID in Amazon Security Lake.
1640
- #
1641
- # @option params [String] :https_api_key_name
1642
- # The key name for the subscription notification.
1643
- #
1644
- # @option params [String] :https_api_key_value
1645
- # The key value for the subscription notification.
1726
+ # @option params [required, Types::NotificationConfiguration] :configuration
1727
+ # The configuration for subscriber notification.
1646
1728
  #
1647
- # @option params [String] :https_method
1648
- # The HTTPS method used for the subscription notification.
1649
- #
1650
- # @option params [String] :role_arn
1651
- # The Amazon Resource Name (ARN) specifying the role of the subscriber.
1652
- # For more information about ARNs and how to use them in policies, see,
1653
- # see the [Managing data access][1] and [Amazon Web Services Managed
1654
- # Policies][2]in the Amazon Security Lake User Guide.
1655
- #
1656
- #
1657
- #
1658
- # [1]: https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html
1659
- # [2]: https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html
1660
- #
1661
- # @option params [String] :subscription_endpoint
1662
- # The subscription endpoint in Security Lake.
1663
- #
1664
- # @option params [required, String] :subscription_id
1729
+ # @option params [required, String] :subscriber_id
1665
1730
  # The subscription ID for which the subscription notification is
1666
1731
  # specified.
1667
1732
  #
1668
- # @return [Types::UpdateSubscriptionNotificationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1733
+ # @return [Types::UpdateSubscriberNotificationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1669
1734
  #
1670
- # * {Types::UpdateSubscriptionNotificationConfigurationResponse#queue_arn #queue_arn} => String
1735
+ # * {Types::UpdateSubscriberNotificationResponse#subscriber_endpoint #subscriber_endpoint} => String
1671
1736
  #
1672
1737
  # @example Request syntax with placeholder values
1673
1738
  #
1674
- # resp = client.update_subscription_notification_configuration({
1675
- # create_sqs: false,
1676
- # https_api_key_name: "String",
1677
- # https_api_key_value: "String",
1678
- # https_method: "POST", # accepts POST, PUT
1679
- # role_arn: "RoleArn",
1680
- # subscription_endpoint: "UpdateSubscriptionNotificationConfigurationRequestSubscriptionEndpointString",
1681
- # subscription_id: "UUID", # required
1739
+ # resp = client.update_subscriber_notification({
1740
+ # configuration: { # required
1741
+ # https_notification_configuration: {
1742
+ # authorization_api_key_name: "String",
1743
+ # authorization_api_key_value: "String",
1744
+ # endpoint: "HttpsNotificationConfigurationEndpointString", # required
1745
+ # http_method: "POST", # accepts POST, PUT
1746
+ # target_role_arn: "RoleArn", # required
1747
+ # },
1748
+ # sqs_notification_configuration: {
1749
+ # },
1750
+ # },
1751
+ # subscriber_id: "UUID", # required
1682
1752
  # })
1683
1753
  #
1684
1754
  # @example Response structure
1685
1755
  #
1686
- # resp.queue_arn #=> String
1756
+ # resp.subscriber_endpoint #=> String
1687
1757
  #
1688
- # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriptionNotificationConfiguration AWS API Documentation
1758
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securitylake-2018-05-10/UpdateSubscriberNotification AWS API Documentation
1689
1759
  #
1690
- # @overload update_subscription_notification_configuration(params = {})
1760
+ # @overload update_subscriber_notification(params = {})
1691
1761
  # @param [Hash] params ({})
1692
- def update_subscription_notification_configuration(params = {}, options = {})
1693
- req = build_request(:update_subscription_notification_configuration, params)
1762
+ def update_subscriber_notification(params = {}, options = {})
1763
+ req = build_request(:update_subscriber_notification, params)
1694
1764
  req.send_request(options)
1695
1765
  end
1696
1766
 
@@ -1707,7 +1777,7 @@ module Aws::SecurityLake
1707
1777
  params: params,
1708
1778
  config: config)
1709
1779
  context[:gem_name] = 'aws-sdk-securitylake'
1710
- context[:gem_version] = '1.3.0'
1780
+ context[:gem_version] = '1.5.0'
1711
1781
  Seahorse::Client::Request.new(handlers, context)
1712
1782
  end
1713
1783