diff --git a/clients/client-cloudwatch-logs/README.md b/clients/client-cloudwatch-logs/README.md
index d744eaa0d2c4..88e9c0bbe2ac 100644
--- a/clients/client-cloudwatch-logs/README.md
+++ b/clients/client-cloudwatch-logs/README.md
@@ -276,6 +276,14 @@ CreateLogStream
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/classes/createlogstreamcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/createlogstreamcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/createlogstreamcommandoutput.html)
+
+
+DeleteAccountPolicy
+
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/classes/deleteaccountpolicycommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/deleteaccountpolicycommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/deleteaccountpolicycommandoutput.html)
+
@@ -348,6 +356,14 @@ DeleteSubscriptionFilter
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/classes/deletesubscriptionfiltercommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/deletesubscriptionfiltercommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/deletesubscriptionfiltercommandoutput.html)
+
+DescribeAccountPolicies
+
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/classes/describeaccountpoliciescommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/describeaccountpoliciescommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/describeaccountpoliciescommandoutput.html)
+
@@ -492,6 +508,14 @@ ListTagsLogGroup
[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/classes/listtagsloggroupcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/listtagsloggroupcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/listtagsloggroupcommandoutput.html)
+
+PutAccountPolicy
+
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/classes/putaccountpolicycommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/putaccountpolicycommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-cloudwatch-logs/interfaces/putaccountpolicycommandoutput.html)
+
diff --git a/clients/client-cloudwatch-logs/src/CloudWatchLogs.ts b/clients/client-cloudwatch-logs/src/CloudWatchLogs.ts
index 16dd9f0ad06f..869801ee7ba3 100644
--- a/clients/client-cloudwatch-logs/src/CloudWatchLogs.ts
+++ b/clients/client-cloudwatch-logs/src/CloudWatchLogs.ts
@@ -28,6 +28,11 @@ import {
CreateLogStreamCommandInput,
CreateLogStreamCommandOutput,
} from "./commands/CreateLogStreamCommand";
+import {
+ DeleteAccountPolicyCommand,
+ DeleteAccountPolicyCommandInput,
+ DeleteAccountPolicyCommandOutput,
+} from "./commands/DeleteAccountPolicyCommand";
import {
DeleteDataProtectionPolicyCommand,
DeleteDataProtectionPolicyCommandInput,
@@ -73,6 +78,11 @@ import {
DeleteSubscriptionFilterCommandInput,
DeleteSubscriptionFilterCommandOutput,
} from "./commands/DeleteSubscriptionFilterCommand";
+import {
+ DescribeAccountPoliciesCommand,
+ DescribeAccountPoliciesCommandInput,
+ DescribeAccountPoliciesCommandOutput,
+} from "./commands/DescribeAccountPoliciesCommand";
import {
DescribeDestinationsCommand,
DescribeDestinationsCommandInput,
@@ -163,6 +173,11 @@ import {
ListTagsLogGroupCommandInput,
ListTagsLogGroupCommandOutput,
} from "./commands/ListTagsLogGroupCommand";
+import {
+ PutAccountPolicyCommand,
+ PutAccountPolicyCommandInput,
+ PutAccountPolicyCommandOutput,
+} from "./commands/PutAccountPolicyCommand";
import {
PutDataProtectionPolicyCommand,
PutDataProtectionPolicyCommandInput,
@@ -234,6 +249,7 @@ const commands = {
CreateExportTaskCommand,
CreateLogGroupCommand,
CreateLogStreamCommand,
+ DeleteAccountPolicyCommand,
DeleteDataProtectionPolicyCommand,
DeleteDestinationCommand,
DeleteLogGroupCommand,
@@ -243,6 +259,7 @@ const commands = {
DeleteResourcePolicyCommand,
DeleteRetentionPolicyCommand,
DeleteSubscriptionFilterCommand,
+ DescribeAccountPoliciesCommand,
DescribeDestinationsCommand,
DescribeExportTasksCommand,
DescribeLogGroupsCommand,
@@ -261,6 +278,7 @@ const commands = {
GetQueryResultsCommand,
ListTagsForResourceCommand,
ListTagsLogGroupCommand,
+ PutAccountPolicyCommand,
PutDataProtectionPolicyCommand,
PutDestinationCommand,
PutDestinationPolicyCommand,
@@ -356,6 +374,23 @@ export interface CloudWatchLogs {
cb: (err: any, data?: CreateLogStreamCommandOutput) => void
): void;
+ /**
+ * @see {@link DeleteAccountPolicyCommand}
+ */
+ deleteAccountPolicy(
+ args: DeleteAccountPolicyCommandInput,
+ options?: __HttpHandlerOptions
+ ): Promise
If you attempt to associate a KMS key with the log group but the KMS keydoes not exist or the KMS key is disabled, you receive an + *
If you attempt to associate a KMS key with the log group but the KMS key does not exist or the KMS key is disabled, you receive an
* InvalidParameterException
error.
CloudWatch Logs supports only symmetric KMS keys. Do not associate an diff --git a/clients/client-cloudwatch-logs/src/commands/DeleteAccountPolicyCommand.ts b/clients/client-cloudwatch-logs/src/commands/DeleteAccountPolicyCommand.ts new file mode 100644 index 000000000000..f538e9b6fc64 --- /dev/null +++ b/clients/client-cloudwatch-logs/src/commands/DeleteAccountPolicyCommand.ts @@ -0,0 +1,155 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint"; +import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { Command as $Command } from "@aws-sdk/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, +} from "@aws-sdk/types"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { SerdeContext as __SerdeContext } from "@smithy/types"; + +import { CloudWatchLogsClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CloudWatchLogsClient"; +import { DeleteAccountPolicyRequest } from "../models/models_0"; +import { de_DeleteAccountPolicyCommand, se_DeleteAccountPolicyCommand } from "../protocols/Aws_json1_1"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link DeleteAccountPolicyCommand}. + */ +export interface DeleteAccountPolicyCommandInput extends DeleteAccountPolicyRequest {} +/** + * @public + * + * The output of {@link DeleteAccountPolicyCommand}. + */ +export interface DeleteAccountPolicyCommandOutput extends __MetadataBearer {} + +/** + * @public + *
Deletes a CloudWatch Logs account policy.
+ *To use this operation, you must be signed on with the logs:DeleteDataProtectionPolicy
and
+ * logs:DeleteAccountPolicy
permissions.
A parameter is specified incorrectly.
+ * + * @throws {@link OperationAbortedException} (client fault) + *Multiple concurrent requests to update the same resource were in conflict.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The specified resource does not exist.
+ * + * @throws {@link ServiceUnavailableException} (server fault) + *The service cannot complete the request.
+ * + * @throws {@link CloudWatchLogsServiceException} + *Base exception class for all service exceptions from CloudWatchLogs service.
+ * + */ +export class DeleteAccountPolicyCommand extends $Command< + DeleteAccountPolicyCommandInput, + DeleteAccountPolicyCommandOutput, + CloudWatchLogsClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: DeleteAccountPolicyCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackReturns a list of all CloudWatch Logs account policies in the account.
+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { CloudWatchLogsClient, DescribeAccountPoliciesCommand } from "@aws-sdk/client-cloudwatch-logs"; // ES Modules import + * // const { CloudWatchLogsClient, DescribeAccountPoliciesCommand } = require("@aws-sdk/client-cloudwatch-logs"); // CommonJS import + * const client = new CloudWatchLogsClient(config); + * const input = { // DescribeAccountPoliciesRequest + * policyType: "DATA_PROTECTION_POLICY", // required + * policyName: "STRING_VALUE", + * accountIdentifiers: [ // AccountIds + * "STRING_VALUE", + * ], + * }; + * const command = new DescribeAccountPoliciesCommand(input); + * const response = await client.send(command); + * // { // DescribeAccountPoliciesResponse + * // accountPolicies: [ // AccountPolicies + * // { // AccountPolicy + * // policyName: "STRING_VALUE", + * // policyDocument: "STRING_VALUE", + * // lastUpdatedTime: Number("long"), + * // policyType: "DATA_PROTECTION_POLICY", + * // scope: "ALL", + * // accountId: "STRING_VALUE", + * // }, + * // ], + * // }; + * + * ``` + * + * @param DescribeAccountPoliciesCommandInput - {@link DescribeAccountPoliciesCommandInput} + * @returns {@link DescribeAccountPoliciesCommandOutput} + * @see {@link DescribeAccountPoliciesCommandInput} for command's `input` shape. + * @see {@link DescribeAccountPoliciesCommandOutput} for command's `response` shape. + * @see {@link CloudWatchLogsClientResolvedConfig | config} for CloudWatchLogsClient's `config` shape. + * + * @throws {@link InvalidParameterException} (client fault) + *A parameter is specified incorrectly.
+ * + * @throws {@link OperationAbortedException} (client fault) + *Multiple concurrent requests to update the same resource were in conflict.
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *The specified resource does not exist.
+ * + * @throws {@link ServiceUnavailableException} (server fault) + *The service cannot complete the request.
+ * + * @throws {@link CloudWatchLogsServiceException} + *Base exception class for all service exceptions from CloudWatchLogs service.
+ * + */ +export class DescribeAccountPoliciesCommand extends $Command< + DescribeAccountPoliciesCommandInput, + DescribeAccountPoliciesCommandOutput, + CloudWatchLogsClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: DescribeAccountPoliciesCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackLists log events from the specified log group. You can list all the log events or filter the results * using a filter pattern, a time range, and the name of the log stream.
- *You must have the logs;FilterLogEvents
permission to perform this operation.
You must have the logs:FilterLogEvents
permission to perform this operation.
You can specify the log group to search by using either logGroupIdentifier
or logGroupName
.
* You must include one of these two parameters, but you can't include both.
*
Creates an account-level data protection policy that applies to all log groups in the account. A data protection policy can help safeguard sensitive + * data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only + * one account-level policy.
+ *Sensitive data is detected and masked when it is ingested into a log group. When you set a + * data protection policy, log events ingested into the log groups before that time are not masked.
+ *If you use PutAccountPolicy
to create a data protection policy for your whole account, it applies to both existing log groups
+ * and all log groups that are created later in this account. The account policy is applied to existing log groups
+ * with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks.
+ * A user who has the logs:Unmask
permission can use a
+ * GetLogEvents or
+ * FilterLogEvents
+ * operation with the unmask
parameter set to true
to view the unmasked
+ * log events. Users with the logs:Unmask
can also view unmasked data in the CloudWatch Logs
+ * console by running a CloudWatch Logs Insights query with the unmask
query command.
For more information, including a list of types of data that can be audited and masked, see + * Protect sensitive log data with masking.
+ *To use the PutAccountPolicy
operation, you must be signed on with the logs:PutDataProtectionPolicy
+ * and logs:PutAccountPolicy
permissions.
The PutAccountPolicy
operation applies to all log groups in the account. You can also use
+ * PutDataProtectionPolicy
+ * to create a data protection policy that applies to just one log group.
+ * If a log group has its own data protection policy and
+ * the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term
+ * specified in either policy is masked.
A parameter is specified incorrectly.
+ * + * @throws {@link LimitExceededException} (client fault) + *You have reached the maximum number of resources that can be created.
+ * + * @throws {@link OperationAbortedException} (client fault) + *Multiple concurrent requests to update the same resource were in conflict.
+ * + * @throws {@link ServiceUnavailableException} (server fault) + *The service cannot complete the request.
+ * + * @throws {@link CloudWatchLogsServiceException} + *Base exception class for all service exceptions from CloudWatchLogs service.
+ * + */ +export class PutAccountPolicyCommand extends $Command< + PutAccountPolicyCommandInput, + PutAccountPolicyCommandOutput, + CloudWatchLogsClientResolvedConfig +> { + // Start section: command_properties + // End section: command_properties + + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: PutAccountPolicyCommandInput) { + // Start section: command_constructor + super(); + // End section: command_constructor + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStackunmask
query command.
* For more information, including a list of types of data that can be audited and masked, see * Protect sensitive log data with masking.
+ *The PutDataProtectionPolicy
operation applies to only the specified log group. You can also use
+ * PutAccountPolicy
+ * to create an account-level data protection policy that applies to all log groups in the account,
+ * including both existing log groups and log groups that are created level. If a log group has its own data protection policy and
+ * the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term
+ * specified in either policy is masked.
A batch of log events in a single request cannot span more than 24 hours. Otherwise, the operation fails.
* *Each log event can be no larger than 256 KB.
+ *The maximum number of log events in a batch is 10,000.
*Each log group can have up to two subscription filters associated with it. If you are
* updating an existing filter, you must specify the correct name in filterName
.
*
To perform a PutSubscriptionFilter
operation, you must also have the
+ *
To perform a PutSubscriptionFilter
operation for any destination except a Lambda function,
+ * you must also have the
* iam:PassRole
permission.
Schedules a query of a log group using CloudWatch Logs Insights. You specify the log group * and time range to query and the query string to use.
*For more information, see CloudWatch Logs Insights Query Syntax.
- *Queries time out after 15 minutes of runtime. If your queries are timing out, reduce the + *
Queries time out after 60 minutes of runtime. If your queries are timing out, reduce the * time range being searched or partition your query into a number of queries.
*If you are using CloudWatch cross-account observability, you can use this operation in a
* monitoring account to start a query in a linked source account. For more information, see
* CloudWatch
* cross-account observability. For a cross-account StartQuery
operation,
* the query definition must be defined in the monitoring account.
You can have up to 20 concurrent CloudWatch Logs insights queries, including queries + *
You can have up to 30 concurrent CloudWatch Logs insights queries, including queries * that have been added to dashboards.
* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-cloudwatch-logs/src/commands/index.ts b/clients/client-cloudwatch-logs/src/commands/index.ts index e91e3bcdf908..5b8a0444e2e3 100644 --- a/clients/client-cloudwatch-logs/src/commands/index.ts +++ b/clients/client-cloudwatch-logs/src/commands/index.ts @@ -4,6 +4,7 @@ export * from "./CancelExportTaskCommand"; export * from "./CreateExportTaskCommand"; export * from "./CreateLogGroupCommand"; export * from "./CreateLogStreamCommand"; +export * from "./DeleteAccountPolicyCommand"; export * from "./DeleteDataProtectionPolicyCommand"; export * from "./DeleteDestinationCommand"; export * from "./DeleteLogGroupCommand"; @@ -13,6 +14,7 @@ export * from "./DeleteQueryDefinitionCommand"; export * from "./DeleteResourcePolicyCommand"; export * from "./DeleteRetentionPolicyCommand"; export * from "./DeleteSubscriptionFilterCommand"; +export * from "./DescribeAccountPoliciesCommand"; export * from "./DescribeDestinationsCommand"; export * from "./DescribeExportTasksCommand"; export * from "./DescribeLogGroupsCommand"; @@ -31,6 +33,7 @@ export * from "./GetLogRecordCommand"; export * from "./GetQueryResultsCommand"; export * from "./ListTagsForResourceCommand"; export * from "./ListTagsLogGroupCommand"; +export * from "./PutAccountPolicyCommand"; export * from "./PutDataProtectionPolicyCommand"; export * from "./PutDestinationCommand"; export * from "./PutDestinationPolicyCommand"; diff --git a/clients/client-cloudwatch-logs/src/endpoint/EndpointParameters.ts b/clients/client-cloudwatch-logs/src/endpoint/EndpointParameters.ts index 482d82dc2ac3..c7172f10c3da 100644 --- a/clients/client-cloudwatch-logs/src/endpoint/EndpointParameters.ts +++ b/clients/client-cloudwatch-logs/src/endpoint/EndpointParameters.ts @@ -25,7 +25,7 @@ export const resolveClientEndpointParameters =A structure that contains information about one CloudWatch Logs account policy.
+ */ +export interface AccountPolicy { + /** + *The name of the account policy.
+ */ + policyName?: string; + + /** + *The policy document for this account policy.
+ *The JSON specified in policyDocument
can be up to 30,720 characters.
The date and time that this policy was most recently updated.
+ */ + lastUpdatedTime?: number; + + /** + *The type of policy for this account policy.
+ */ + policyType?: PolicyType | string; + + /** + *The scope of the account policy.
+ */ + scope?: Scope | string; + + /** + *The Amazon Web Services account ID that the policy applies to.
+ */ + accountId?: string; +} + /** * @public */ @@ -316,6 +379,21 @@ export const DataProtectionStatus = { */ export type DataProtectionStatus = (typeof DataProtectionStatus)[keyof typeof DataProtectionStatus]; +/** + * @public + */ +export interface DeleteAccountPolicyRequest { + /** + *The name of the policy to delete.
+ */ + policyName: string | undefined; + + /** + *The type of policy to delete. Currently, the only valid value is DATA_PROTECTION_POLICY
.
Use this parameter to limit the returned policies to only the policies that match the policy type that you
+ * specify. Currently, the only valid value is DATA_PROTECTION_POLICY
.
Use this parameter to limit the returned policies to only the policy with the name that you specify.
+ */ + policyName?: string; + + /** + *If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account + * observability, you can use this to specify the account ID of a source account. If you do, + * the operation returns the account policy for the specified account. Currently, you can specify only + * one account ID in this parameter.
+ *If you + * omit this parameter, only the policy in the current account is returned.
+ */ + accountIdentifiers?: string[]; +} + +/** + * @public + */ +export interface DescribeAccountPoliciesResponse { + /** + *An array of structures that contain information about the CloudWatch Logs account policies that match + * the specified filters.
+ */ + accountPolicies?: AccountPolicy[]; +} + /** * @public */ @@ -681,6 +796,9 @@ export interface DescribeLogGroupsRequest { * that match the string based on a case-sensitive substring search. For example, if you specifyFoo
, log groups
* named FooBar
, aws/Foo
, and GroupFoo
would match, but foo
,
* F/o/o
and Froo
would not match.
+ * If you specify logGroupNamePattern
in your request, then only
+ * arn
, creationTime
, and logGroupName
+ * are included in the response.
* logGroupNamePattern
and logGroupNamePrefix
are mutually exclusive.
@@ -709,15 +827,23 @@ export interface DescribeLogGroupsRequest {
*
* contains a null value, the operation returns all log groups in the monitoring account
* and all log groups in all source accounts that are linked to the monitoring account.
If you specify includeLinkedAccounts
in your request, then
- * metricFilterCount
, retentionInDays
, and storedBytes
- * are not included in the response.
Represents a log group.
@@ -736,7 +862,7 @@ export interface LogGroup { /** *The number of days to retain the log events in the specified log group. - * Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
+ * Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. *To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
*/ retentionInDays?: number; @@ -767,6 +893,12 @@ export interface LogGroup { * PutDataProtectionPolicy. */ dataProtectionStatus?: DataProtectionStatus | string; + + /** + *Displays all the properties that this log group has inherited from account-level + * settings.
+ */ + inheritedProperties?: (InheritedProperty | string)[]; } /** @@ -1941,7 +2073,7 @@ export interface GetQueryResultsResponse { *The status of the most recent running of the query. Possible values are Cancelled
,
* Complete
, Failed
, Running
, Scheduled
,
* Timeout
, and Unknown
.
Queries time out after 15 minutes of runtime. To avoid having your queries time out, + *
Queries time out after 60 minutes of runtime. To avoid having your queries time out, * reduce the time range being searched or partition your query into a number of queries.
*/ status?: QueryStatus | string; @@ -1960,7 +2092,7 @@ export interface InputLogEvent { timestamp: number | undefined; /** - *The raw event message.
+ *The raw event message. Each log event can be no larger than 256 KB.
*/ message: string | undefined; } @@ -2045,6 +2177,77 @@ export interface ListTagsLogGroupResponse { tags?: RecordA name for the policy. This must be unique within the account.
+ */ + policyName: string | undefined; + + /** + *Specify the data protection policy, in JSON.
+ *This policy must include two JSON blocks:
+ *The first block must include both a DataIdentifer
array and an
+ * Operation
property with an Audit
action. The DataIdentifer
array lists the types of sensitive data that
+ * you want to mask. For more information about the available options, see
+ * Types of data that you can mask.
The Operation
property with an Audit
action is required to find the
+ * sensitive data terms. This Audit
action must contain a FindingsDestination
+ * object. You can optionally use that FindingsDestination
object to list one or more
+ * destinations to send audit findings to. If you specify destinations such as log groups,
+ * Kinesis Data Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an
+ * Operation
property with an Deidentify
action. The
+ * DataIdentifer
array must exactly match the DataIdentifer
array
+ * in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the
+ * data, and it must
+ * contain the
+ * "MaskConfig": \{\}
object. The
+ * "MaskConfig": \{\}
object must be empty.
For an example data protection policy, see the Examples section on this page.
+ *The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
+ * Description
, and Version
fields. The Name
is different than the
+ * operation's policyName
parameter, and is used as a dimension when
+ * CloudWatch Logs reports audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters.
Currently the only valid value for this parameter is DATA_PROTECTION_POLICY
.
Currently the only valid value for this parameter is GLOBAL
, which specifies that the data
+ * protection policy applies to all log groups in the account. If you omit this parameter, the default
+ * of GLOBAL
is used.
The account policy that you created.
+ */ + accountPolicy?: AccountPolicy; +} + /** * @public */ @@ -2083,8 +2286,12 @@ export interface PutDataProtectionPolicyRequest { * *For an example data protection policy, see the Examples section on this page.
*The contents of two DataIdentifer
arrays must match exactly.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
+ * Description
, and Version
fields. The Name
is used as a dimension when
+ * CloudWatch Logs reports audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters.
Specify true if you are updating an existing destination policy to grant permission to
- * an organization ID instead of granting permission to individual AWS accounts. Before
+ * an organization ID instead of granting permission to individual Amazon Web Services accounts. Before
* you update a destination policy this way, you must first update the subscription
* filters in the accounts that send logs to this destination. If you do not, the subscription
* filters might stop working. By specifying true
@@ -2421,7 +2628,7 @@ export interface PutRetentionPolicyRequest {
/**
*
The number of days to retain the log events in the specified log group. - * Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
+ * Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. *To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
*/ retentionInDays: number | undefined; diff --git a/clients/client-cloudwatch-logs/src/protocols/Aws_json1_1.ts b/clients/client-cloudwatch-logs/src/protocols/Aws_json1_1.ts index 885d2de03fc7..e40614372ad0 100644 --- a/clients/client-cloudwatch-logs/src/protocols/Aws_json1_1.ts +++ b/clients/client-cloudwatch-logs/src/protocols/Aws_json1_1.ts @@ -18,6 +18,10 @@ import { CancelExportTaskCommandInput, CancelExportTaskCommandOutput } from "../ import { CreateExportTaskCommandInput, CreateExportTaskCommandOutput } from "../commands/CreateExportTaskCommand"; import { CreateLogGroupCommandInput, CreateLogGroupCommandOutput } from "../commands/CreateLogGroupCommand"; import { CreateLogStreamCommandInput, CreateLogStreamCommandOutput } from "../commands/CreateLogStreamCommand"; +import { + DeleteAccountPolicyCommandInput, + DeleteAccountPolicyCommandOutput, +} from "../commands/DeleteAccountPolicyCommand"; import { DeleteDataProtectionPolicyCommandInput, DeleteDataProtectionPolicyCommandOutput, @@ -42,6 +46,10 @@ import { DeleteSubscriptionFilterCommandInput, DeleteSubscriptionFilterCommandOutput, } from "../commands/DeleteSubscriptionFilterCommand"; +import { + DescribeAccountPoliciesCommandInput, + DescribeAccountPoliciesCommandOutput, +} from "../commands/DescribeAccountPoliciesCommand"; import { DescribeDestinationsCommandInput, DescribeDestinationsCommandOutput, @@ -84,6 +92,7 @@ import { ListTagsForResourceCommandOutput, } from "../commands/ListTagsForResourceCommand"; import { ListTagsLogGroupCommandInput, ListTagsLogGroupCommandOutput } from "../commands/ListTagsLogGroupCommand"; +import { PutAccountPolicyCommandInput, PutAccountPolicyCommandOutput } from "../commands/PutAccountPolicyCommand"; import { PutDataProtectionPolicyCommandInput, PutDataProtectionPolicyCommandOutput, @@ -117,6 +126,7 @@ import { CreateLogGroupRequest, CreateLogStreamRequest, DataAlreadyAcceptedException, + DeleteAccountPolicyRequest, DeleteDataProtectionPolicyRequest, DeleteDestinationRequest, DeleteLogGroupRequest, @@ -126,6 +136,7 @@ import { DeleteResourcePolicyRequest, DeleteRetentionPolicyRequest, DeleteSubscriptionFilterRequest, + DescribeAccountPoliciesRequest, DescribeDestinationsRequest, DescribeExportTasksRequest, DescribeLogGroupsRequest, @@ -155,6 +166,7 @@ import { MetricFilter, MetricTransformation, OperationAbortedException, + PutAccountPolicyRequest, PutDataProtectionPolicyRequest, PutDestinationPolicyRequest, PutDestinationRequest, @@ -244,6 +256,19 @@ export const se_CreateLogStreamCommand = async ( return buildHttpRpcRequest(context, headers, "/", undefined, body); }; +/** + * serializeAws_json1_1DeleteAccountPolicyCommand + */ +export const se_DeleteAccountPolicyCommand = async ( + input: DeleteAccountPolicyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const headers: __HeaderBag = sharedHeaders("DeleteAccountPolicy"); + let body: any; + body = JSON.stringify(_json(input)); + return buildHttpRpcRequest(context, headers, "/", undefined, body); +}; + /** * serializeAws_json1_1DeleteDataProtectionPolicyCommand */ @@ -361,6 +386,19 @@ export const se_DeleteSubscriptionFilterCommand = async ( return buildHttpRpcRequest(context, headers, "/", undefined, body); }; +/** + * serializeAws_json1_1DescribeAccountPoliciesCommand + */ +export const se_DescribeAccountPoliciesCommand = async ( + input: DescribeAccountPoliciesCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const headers: __HeaderBag = sharedHeaders("DescribeAccountPolicies"); + let body: any; + body = JSON.stringify(_json(input)); + return buildHttpRpcRequest(context, headers, "/", undefined, body); +}; + /** * serializeAws_json1_1DescribeDestinationsCommand */ @@ -595,6 +633,19 @@ export const se_ListTagsLogGroupCommand = async ( return buildHttpRpcRequest(context, headers, "/", undefined, body); }; +/** + * serializeAws_json1_1PutAccountPolicyCommand + */ +export const se_PutAccountPolicyCommand = async ( + input: PutAccountPolicyCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const headers: __HeaderBag = sharedHeaders("PutAccountPolicy"); + let body: any; + body = JSON.stringify(_json(input)); + return buildHttpRpcRequest(context, headers, "/", undefined, body); +}; + /** * serializeAws_json1_1PutDataProtectionPolicyCommand */ @@ -1075,6 +1126,58 @@ const de_CreateLogStreamCommandError = async ( } }; +/** + * deserializeAws_json1_1DeleteAccountPolicyCommand + */ +export const de_DeleteAccountPolicyCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): PromiseThe name of the account policy.
" + } + }, + "policyDocument": { + "target": "com.amazonaws.cloudwatchlogs#AccountPolicyDocument", + "traits": { + "smithy.api#documentation": "The policy document for this account policy.
\nThe JSON specified in policyDocument
can be up to 30,720 characters.
The date and time that this policy was most recently updated.
" + } + }, + "policyType": { + "target": "com.amazonaws.cloudwatchlogs#PolicyType", + "traits": { + "smithy.api#documentation": "The type of policy for this account policy.
" + } + }, + "scope": { + "target": "com.amazonaws.cloudwatchlogs#Scope", + "traits": { + "smithy.api#documentation": "The scope of the account policy.
" + } + }, + "accountId": { + "target": "com.amazonaws.cloudwatchlogs#AccountId", + "traits": { + "smithy.api#documentation": "The Amazon Web Services account ID that the policy applies to.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A structure that contains information about one CloudWatch Logs account policy.
" + } + }, + "com.amazonaws.cloudwatchlogs#AccountPolicyDocument": { + "type": "string" + }, "com.amazonaws.cloudwatchlogs#AmazonResourceName": { "type": "string", "traits": { @@ -115,6 +168,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#CancelExportTask": { @@ -153,6 +209,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#CreateExportTask": { @@ -236,6 +295,9 @@ "smithy.api#documentation": "The prefix used as the start of the key for every object exported. If you don't\n specify a value, the default is exportedlogs
.
The ID of the export task.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#CreateLogGroup": { @@ -275,7 +340,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a log group with the specified name. You can create up to 20,000 log groups per account.
\nYou must use the following guidelines when naming a log group:
\nLog group names must be unique within a Region for an Amazon Web Services\n account.
\nLog group names can be between 1 and 512 characters long.
\nLog group names consist of the following characters: a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), \n '/' (forward slash), '.' (period), and '#' (number sign)
\nWhen you create a log group, by default the log events in the log group do not expire.\n To set a retention policy so that events expire and are deleted after a specified time, use\n PutRetentionPolicy.
\nIf you associate an KMS key with the log group, ingested data is\n encrypted using the KMS key. This association is stored as long as the data\n encrypted with the KMS key is still within CloudWatch Logs. This enables\n CloudWatch Logs to decrypt this data whenever it is requested.
\nIf you attempt to associate a KMS key with the log group but the KMS keydoes not exist or the KMS key is disabled, you receive an\n InvalidParameterException
error.
CloudWatch Logs supports only symmetric KMS keys. Do not associate an\n asymmetric KMS key with your log group. For more information, see Using\n Symmetric and Asymmetric Keys.
\nCreates a log group with the specified name. You can create up to 20,000 log groups per account.
\nYou must use the following guidelines when naming a log group:
\nLog group names must be unique within a Region for an Amazon Web Services\n account.
\nLog group names can be between 1 and 512 characters long.
\nLog group names consist of the following characters: a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), \n '/' (forward slash), '.' (period), and '#' (number sign)
\nWhen you create a log group, by default the log events in the log group do not expire.\n To set a retention policy so that events expire and are deleted after a specified time, use\n PutRetentionPolicy.
\nIf you associate an KMS key with the log group, ingested data is\n encrypted using the KMS key. This association is stored as long as the data\n encrypted with the KMS key is still within CloudWatch Logs. This enables\n CloudWatch Logs to decrypt this data whenever it is requested.
\nIf you attempt to associate a KMS key with the log group but the KMS key does not exist or the KMS key is disabled, you receive an\n InvalidParameterException
error.
CloudWatch Logs supports only symmetric KMS keys. Do not associate an\n asymmetric KMS key with your log group. For more information, see Using\n Symmetric and Asymmetric Keys.
\nThe key-value pairs to use for the tags.
\nYou can grant users access to certain log groups while preventing them from accessing other log groups.\n To do so, tag your groups and use IAM policies that refer to those tags. To assign tags when \n you create a log group, you must have either the logs:TagResource
or logs:TagLogGroup
\n permission. For more information about tagging, see \n Tagging Amazon Web Services resources.\n For more information about using tags to control access, see \n Controlling access to Amazon Web Services resources using tags.
The number of days to retain the log events in the specified log group.\n Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, and 3653.
\nTo set a log group so that its log events do not expire, use DeleteRetentionPolicy.
" + "smithy.api#documentation": "The number of days to retain the log events in the specified log group.\n Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653.
\nTo set a log group so that its log events do not expire, use DeleteRetentionPolicy.
" } }, "com.amazonaws.cloudwatchlogs#DefaultValue": { "type": "double" }, + "com.amazonaws.cloudwatchlogs#DeleteAccountPolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DeleteAccountPolicyRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#InvalidParameterException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#OperationAbortedException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + } + ], + "traits": { + "smithy.api#documentation": "Deletes a CloudWatch Logs account policy.
\nTo use this operation, you must be signed on with the logs:DeleteDataProtectionPolicy
and \n logs:DeleteAccountPolicy
permissions.
The name of the policy to delete.
", + "smithy.api#required": {} + } + }, + "policyType": { + "target": "com.amazonaws.cloudwatchlogs#PolicyType", + "traits": { + "smithy.api#documentation": "The type of policy to delete. Currently, the only valid value is DATA_PROTECTION_POLICY
.
A value of TRUE indicates that the operation succeeded. FALSE indicates that the operation\n failed.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#DeleteResourcePolicy": { @@ -686,6 +826,9 @@ "smithy.api#documentation": "The name of the policy to be revoked. This parameter is required.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DeleteRetentionPolicy": { @@ -724,6 +867,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DeleteSubscriptionFilter": { @@ -769,11 +915,81 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#Descending": { "type": "boolean" }, + "com.amazonaws.cloudwatchlogs#DescribeAccountPolicies": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#InvalidParameterException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#OperationAbortedException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + } + ], + "traits": { + "smithy.api#documentation": "Returns a list of all CloudWatch Logs account policies in the account.
" + } + }, + "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesRequest": { + "type": "structure", + "members": { + "policyType": { + "target": "com.amazonaws.cloudwatchlogs#PolicyType", + "traits": { + "smithy.api#documentation": "Use this parameter to limit the returned policies to only the policies that match the policy type that you\n specify. Currently, the only valid value is DATA_PROTECTION_POLICY
.
Use this parameter to limit the returned policies to only the policy with the name that you specify.
" + } + }, + "accountIdentifiers": { + "target": "com.amazonaws.cloudwatchlogs#AccountIds", + "traits": { + "smithy.api#documentation": "If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account\n observability, you can use this to specify the account ID of a source account. If you do, \n the operation returns the account policy for the specified account. Currently, you can specify only\n one account ID in this parameter.
\nIf you\n omit this parameter, only the policy in the current account is returned.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudwatchlogs#DescribeAccountPoliciesResponse": { + "type": "structure", + "members": { + "accountPolicies": { + "target": "com.amazonaws.cloudwatchlogs#AccountPolicies", + "traits": { + "smithy.api#documentation": "An array of structures that contain information about the CloudWatch Logs account policies that match \n the specified filters.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.cloudwatchlogs#DescribeDestinations": { "type": "operation", "input": { @@ -821,6 +1037,9 @@ "smithy.api#documentation": "The maximum number of items returned. If you don't specify a value, the default maximum value of \n 50 items is used.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DescribeDestinationsResponse": { @@ -835,6 +1054,9 @@ "nextToken": { "target": "com.amazonaws.cloudwatchlogs#NextToken" } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#DescribeExportTasks": { @@ -884,6 +1106,9 @@ "smithy.api#documentation": "The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DescribeExportTasksResponse": { @@ -898,6 +1123,9 @@ "nextToken": { "target": "com.amazonaws.cloudwatchlogs#NextToken" } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#DescribeLimit": { @@ -953,7 +1181,7 @@ "logGroupNamePattern": { "target": "com.amazonaws.cloudwatchlogs#LogGroupNamePattern", "traits": { - "smithy.api#documentation": "If you specify a string for this parameter, the operation returns only log groups that have names\nthat match the string based on a case-sensitive substring search. For example, if you specify Foo
, log groups\nnamed FooBar
, aws/Foo
, and GroupFoo
would match, but foo
, \nF/o/o
and Froo
would not match.
\n logGroupNamePattern
and logGroupNamePrefix
are mutually exclusive. \n Only one \n of these parameters can be passed.\n
If you specify a string for this parameter, the operation returns only log groups that have names\nthat match the string based on a case-sensitive substring search. For example, if you specify Foo
, log groups\nnamed FooBar
, aws/Foo
, and GroupFoo
would match, but foo
, \nF/o/o
and Froo
would not match.
If you specify logGroupNamePattern
in your request, then only\n arn
, creationTime
, and logGroupName
\n are included in the response.
\n logGroupNamePattern
and logGroupNamePrefix
are mutually exclusive. \n Only one \n of these parameters can be passed.\n
If you are using a monitoring account, set this to True
to have the operation\n return log groups in \n the accounts listed in accountIdentifiers
.
If this parameter is set to true
and accountIdentifiers
\n\n contains a null value, the operation returns all log groups in the monitoring account\n and all log groups in all source accounts that are linked to the monitoring account.
If you specify includeLinkedAccounts
in your request, then\n metricFilterCount
, retentionInDays
, and storedBytes
\n are not included in the response.
If you are using a monitoring account, set this to True
to have the operation\n return log groups in \n the accounts listed in accountIdentifiers
.
If this parameter is set to true
and accountIdentifiers
\n\n contains a null value, the operation returns all log groups in the monitoring account\n and all log groups in all source accounts that are linked to the monitoring account.
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DescribeLogStreamsResponse": { @@ -1078,6 +1315,9 @@ "nextToken": { "target": "com.amazonaws.cloudwatchlogs#NextToken" } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#DescribeMetricFilters": { @@ -1148,6 +1388,9 @@ "smithy.api#documentation": "Filters results to include only those in the specified namespace. If you include this parameter in your request, you \n must also include the metricName
parameter.
The maximum number of resource policies to be displayed with one call of this API.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DescribeResourcePoliciesResponse": { @@ -1336,6 +1597,9 @@ "nextToken": { "target": "com.amazonaws.cloudwatchlogs#NextToken" } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#DescribeSubscriptionFilters": { @@ -1395,6 +1659,9 @@ "smithy.api#documentation": "The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#DescribeSubscriptionFiltersResponse": { @@ -1409,6 +1676,9 @@ "nextToken": { "target": "com.amazonaws.cloudwatchlogs#NextToken" } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#Destination": { @@ -1542,6 +1812,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#Distribution": { @@ -1807,7 +2080,7 @@ } ], "traits": { - "smithy.api#documentation": "Lists log events from the specified log group. You can list all the log events or filter the results\n using a filter pattern, a time range, and the name of the log stream.
\nYou must have the logs;FilterLogEvents
permission to perform this operation.
You can specify the log group to search by using either logGroupIdentifier
or logGroupName
.\n You must include one of these two parameters, but you can't include both.\n
By default, this operation returns as many log events as can fit in 1 MB (up to 10,000\n log events) or all the events found within the specified time range. If the results include a\n token, that means there are more log events available. You can get additional results by\n specifying the token in a subsequent call. This operation can return empty results while there\n are more log events available through the token.
\nThe returned log events are sorted by event timestamp, the timestamp when the event was ingested\n by CloudWatch Logs, and the ID of the PutLogEvents
request.
If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and \n view data from the linked source accounts. For more information, see \n CloudWatch cross-account observability.
", + "smithy.api#documentation": "Lists log events from the specified log group. You can list all the log events or filter the results\n using a filter pattern, a time range, and the name of the log stream.
\nYou must have the logs:FilterLogEvents
permission to perform this operation.
You can specify the log group to search by using either logGroupIdentifier
or logGroupName
.\n You must include one of these two parameters, but you can't include both.\n
By default, this operation returns as many log events as can fit in 1 MB (up to 10,000\n log events) or all the events found within the specified time range. If the results include a\n token, that means there are more log events available. You can get additional results by\n specifying the token in a subsequent call. This operation can return empty results while there\n are more log events available through the token.
\nThe returned log events are sorted by event timestamp, the timestamp when the event was ingested\n by CloudWatch Logs, and the ID of the PutLogEvents
request.
If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and \n view data from the linked source accounts. For more information, see \n CloudWatch cross-account observability.
", "smithy.api#paginated": { "inputToken": "nextToken", "outputToken": "nextToken", @@ -1888,6 +2161,9 @@ "smithy.api#documentation": "Specify true
to display the log event fields with all sensitive data unmasked and visible.\n The default is false
.
To use this operation with this parameter, you must be signed into an account with the logs:Unmask
\n permission.
The token to use when requesting the next set of items. The token expires after 24 hours.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#FilterName": { @@ -2016,6 +2295,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#GetDataProtectionPolicyResponse": { @@ -2039,6 +2321,9 @@ "smithy.api#documentation": "The date and time that this policy was most recently updated.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#GetLogEvents": { @@ -2129,6 +2414,9 @@ "smithy.api#documentation": "Specify true
to display the log event fields with all sensitive data unmasked and visible.\n The default is false
.
To use this operation with this parameter, you must be signed into an account with the logs:Unmask
\n permission.
The token for the next set of items in the backward direction. The token expires after\n 24 hours. This token is not null. If you have reached the end of the stream, it returns the\n same token you passed in.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#GetLogGroupFields": { @@ -2201,6 +2492,9 @@ "smithy.api#documentation": "Specify either the name or ARN of the log group to view. If the log group is in a source account and\n you are using a monitoring account, you must specify the ARN.
\n\n You must include either logGroupIdentifier
or logGroupName
, but not \n both.\n
The array of fields found in the query. Each object in the array contains the name of the\n field, along with the percentage of time it appeared in the log events that were\n queried.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#GetLogRecord": { @@ -2257,6 +2554,9 @@ "smithy.api#documentation": "Specify true
to display the log event fields with all sensitive data unmasked and visible.\n The default is false
.
To use this operation with this parameter, you must be signed into an account with the logs:Unmask
\n permission.
The requested log event, as a JSON string.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#GetQueryResults": { @@ -2303,6 +2606,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#GetQueryResultsResponse": { @@ -2323,14 +2629,34 @@ "status": { "target": "com.amazonaws.cloudwatchlogs#QueryStatus", "traits": { - "smithy.api#documentation": "The status of the most recent running of the query. Possible values are Cancelled
, \n Complete
, Failed
, Running
, Scheduled
, \n Timeout
, and Unknown
.
Queries time out after 15 minutes of runtime. To avoid having your queries time out,\n reduce the time range being searched or partition your query into a number of queries.
" + "smithy.api#documentation": "The status of the most recent running of the query. Possible values are Cancelled
, \n Complete
, Failed
, Running
, Scheduled
, \n Timeout
, and Unknown
.
Queries time out after 60 minutes of runtime. To avoid having your queries time out,\n reduce the time range being searched or partition your query into a number of queries.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#IncludeLinkedAccounts": { "type": "boolean" }, + "com.amazonaws.cloudwatchlogs#InheritedProperties": { + "type": "list", + "member": { + "target": "com.amazonaws.cloudwatchlogs#InheritedProperty" + } + }, + "com.amazonaws.cloudwatchlogs#InheritedProperty": { + "type": "enum", + "members": { + "ACCOUNT_DATA_PROTECTION": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ACCOUNT_DATA_PROTECTION" + } + } + } + }, "com.amazonaws.cloudwatchlogs#InputLogEvent": { "type": "structure", "members": { @@ -2344,7 +2670,7 @@ "message": { "target": "com.amazonaws.cloudwatchlogs#EventMessage", "traits": { - "smithy.api#documentation": "The raw event message.
", + "smithy.api#documentation": "The raw event message. Each log event can be no larger than 256 KB.
", "smithy.api#required": {} } } @@ -2473,6 +2799,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#ListTagsForResourceResponse": { @@ -2484,6 +2813,9 @@ "smithy.api#documentation": "The list of tags associated with the requested resource.>
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#ListTagsLogGroup": { @@ -2523,7 +2855,8 @@ "traits": { "smithy.api#deprecated": { "message": "Please use the generic tagging API model ListTagsForResourceRequest and ListTagsForResourceResponse" - } + }, + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#ListTagsLogGroupResponse": { @@ -2539,7 +2872,8 @@ "traits": { "smithy.api#deprecated": { "message": "Please use the generic tagging API model ListTagsForResourceRequest and ListTagsForResourceResponse" - } + }, + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#LogEventIndex": { @@ -2592,6 +2926,12 @@ "traits": { "smithy.api#documentation": "Displays whether this log group has a protection policy, or whether it had one in the past. For more information, see \n PutDataProtectionPolicy.
" } + }, + "inheritedProperties": { + "target": "com.amazonaws.cloudwatchlogs#InheritedProperties", + "traits": { + "smithy.api#documentation": "Displays all the properties that this log group has inherited from account-level \n settings.
" + } } }, "traits": { @@ -2782,6 +3122,9 @@ { "target": "com.amazonaws.cloudwatchlogs#CreateLogStream" }, + { + "target": "com.amazonaws.cloudwatchlogs#DeleteAccountPolicy" + }, { "target": "com.amazonaws.cloudwatchlogs#DeleteDataProtectionPolicy" }, @@ -2809,6 +3152,9 @@ { "target": "com.amazonaws.cloudwatchlogs#DeleteSubscriptionFilter" }, + { + "target": "com.amazonaws.cloudwatchlogs#DescribeAccountPolicies" + }, { "target": "com.amazonaws.cloudwatchlogs#DescribeDestinations" }, @@ -2863,6 +3209,9 @@ { "target": "com.amazonaws.cloudwatchlogs#ListTagsLogGroup" }, + { + "target": "com.amazonaws.cloudwatchlogs#PutAccountPolicy" + }, { "target": "com.amazonaws.cloudwatchlogs#PutDataProtectionPolicy" }, @@ -2934,7 +3283,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -2963,13 +3312,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -2977,14 +3325,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -2993,67 +3347,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -3062,1240 +3391,307 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsDualStack" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://logs-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://logs-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ + true, { - "ref": "Region" - }, - "us-gov-east-1" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] } ], - "endpoint": { - "url": "https://logs.us-gov-east-1.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ + "type": "tree", + "rules": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [], + "type": "tree", + "rules": [ { - "ref": "Region" + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-east-1" + ] + } + ], + "endpoint": { + "url": "https://logs.us-gov-east-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, - "us-gov-west-1" + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-west-1" + ] + } + ], + "endpoint": { + "url": "https://logs.us-gov-west-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://logs-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } ] } - ], - "endpoint": { - "url": "https://logs.us-gov-west-1.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + ] }, { "conditions": [], - "endpoint": { - "url": "https://logs-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://logs.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" - } - ] - }, - { - "conditions": [], - "endpoint": { - "url": "https://logs.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, - "smithy.rules#endpointTests": { - "testCases": [ - { - "documentation": "For region ap-south-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-south-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-south-2" - } - }, - { - "documentation": "For region ap-south-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-south-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-south-2" - } - }, - { - "documentation": "For region ap-south-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-south-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-south-2" - } - }, - { - "documentation": "For region ap-south-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-south-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-south-2" - } - }, - { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-south-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-south-2" - } - }, - { - "documentation": "For region eu-south-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-south-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-south-2" - } - }, - { - "documentation": "For region eu-south-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-south-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-south-2" - } - }, - { - "documentation": "For region eu-south-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-south-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-south-2" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-gov-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.us-gov-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.me-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "me-central-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.me-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "me-central-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.me-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "me-central-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.me-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "me-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ca-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.ca-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "error": "FIPS and DualStack are enabled, but this partition does not support one or both" - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-iso-west-1" - } - }, - { - "documentation": "For region us-iso-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-iso-west-1.c2s.ic.gov" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-iso-west-1" - } - }, - { - "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "error": "DualStack is enabled but this partition does not support DualStack" - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-iso-west-1" - } - }, - { - "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.us-iso-west-1.c2s.ic.gov" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-iso-west-1" - } - }, - { - "documentation": "For region eu-central-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-central-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region eu-central-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-central-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region eu-central-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-central-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region eu-central-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-central-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.us-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.af-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.af-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.af-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.af-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-north-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-north-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-west-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-west-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-northeast-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-northeast-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-northeast-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-northeast-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-northeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-northeast-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs.ap-northeast-2.api.aws" + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://logs.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://logs.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + } + ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-northeast-2" - } - }, + ] + } + ] + }, + "smithy.rules#endpointTests": { + "testCases": [ { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-northeast-2.amazonaws.com" + "url": "https://logs.af-south-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "af-south-1", "UseFIPS": false, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-northeast-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-northeast-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-northeast-1.api.aws" + "url": "https://logs.ap-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "ap-east-1", "UseFIPS": false, - "Region": "ap-northeast-1" + "UseDualStack": false } }, { @@ -4306,681 +3702,551 @@ } }, "params": { - "UseDualStack": false, + "Region": "ap-northeast-1", "UseFIPS": false, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.me-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "me-south-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.me-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "me-south-1" + "UseDualStack": false } }, { - "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.me-south-1.api.aws" + "url": "https://logs.ap-northeast-2.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "ap-northeast-2", "UseFIPS": false, - "Region": "me-south-1" + "UseDualStack": false } }, { - "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.me-south-1.amazonaws.com" + "url": "https://logs.ap-northeast-3.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-northeast-3", "UseFIPS": false, - "Region": "me-south-1" - } - }, - { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.sa-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "sa-east-1" - } - }, - { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.sa-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "sa-east-1" + "UseDualStack": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.sa-east-1.api.aws" + "url": "https://logs.ap-south-1.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "ap-south-1", "UseFIPS": false, - "Region": "sa-east-1" + "UseDualStack": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.sa-east-1.amazonaws.com" + "url": "https://logs.ap-southeast-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-southeast-1", "UseFIPS": false, - "Region": "sa-east-1" - } - }, - { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-east-1" - } - }, - { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.ap-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-east-1.api.aws" + "url": "https://logs.ap-southeast-2.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "ap-southeast-2", "UseFIPS": false, - "Region": "ap-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-east-1.amazonaws.com" + "url": "https://logs.ap-southeast-3.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "ap-southeast-3", "UseFIPS": false, - "Region": "ap-east-1" - } - }, - { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.cn-north-1.api.amazonwebservices.com.cn" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "cn-north-1" - } - }, - { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.cn-north-1.amazonaws.com.cn" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "cn-north-1" + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://logs.ca-central-1.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "ca-central-1", "UseFIPS": false, - "Region": "cn-north-1" + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.cn-north-1.amazonaws.com.cn" + "url": "https://logs.eu-central-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "eu-central-1", "UseFIPS": false, - "Region": "cn-north-1" - } - }, - { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://logs-fips.us-gov-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-gov-west-1.amazonaws.com" + "url": "https://logs.eu-north-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-gov-west-1" + "Region": "eu-north-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-gov-west-1.api.aws" + "url": "https://logs.eu-south-1.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "eu-south-1", "UseFIPS": false, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-gov-west-1.amazonaws.com" + "url": "https://logs.eu-west-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "eu-west-1", "UseFIPS": false, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-1.api.aws" + "url": "https://logs.eu-west-2.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-1" + "Region": "eu-west-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-1.amazonaws.com" + "url": "https://logs.eu-west-3.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-southeast-1" + "Region": "eu-west-3", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-1.api.aws" + "url": "https://logs.me-south-1.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "me-south-1", "UseFIPS": false, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-1.amazonaws.com" + "url": "https://logs.sa-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "sa-east-1", "UseFIPS": false, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-2.api.aws" + "url": "https://logs.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-2" + "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-2.amazonaws.com" + "url": "https://logs-fips.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": true, - "Region": "ap-southeast-2" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-2.api.aws" + "url": "https://logs.us-east-2.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "us-east-2", "UseFIPS": false, - "Region": "ap-southeast-2" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-2.amazonaws.com" + "url": "https://logs-fips.us-east-2.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-southeast-2" - } - }, - { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "error": "FIPS and DualStack are enabled, but this partition does not support one or both" - }, - "params": { - "UseDualStack": true, + "Region": "us-east-2", "UseFIPS": true, - "Region": "us-iso-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.us-iso-east-1.c2s.ic.gov" + "url": "https://logs.us-west-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "us-west-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", "expect": { - "error": "DualStack is enabled but this partition does not support DualStack" + "endpoint": { + "url": "https://logs-fips.us-west-1.amazonaws.com" + } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-west-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-iso-east-1.c2s.ic.gov" + "url": "https://logs.us-west-2.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-west-2", "UseFIPS": false, - "Region": "us-iso-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-3.api.aws" + "url": "https://logs-fips.us-west-2.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "us-west-2", "UseFIPS": true, - "Region": "ap-southeast-3" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-3.amazonaws.com" + "url": "https://logs-fips.us-east-1.api.aws" } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": true, - "Region": "ap-southeast-3" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-3.api.aws" + "url": "https://logs.us-east-1.api.aws" } }, "params": { - "UseDualStack": true, + "Region": "us-east-1", "UseFIPS": false, - "Region": "ap-southeast-3" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-3.amazonaws.com" + "url": "https://logs.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": false, + "Region": "cn-north-1", "UseFIPS": false, - "Region": "ap-southeast-3" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-4.api.aws" + "url": "https://logs.cn-northwest-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-4" + "Region": "cn-northwest-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-4 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://logs-fips.ap-southeast-4.amazonaws.com" + "url": "https://logs-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseDualStack": false, + "Region": "cn-north-1", "UseFIPS": true, - "Region": "ap-southeast-4" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-4.api.aws" + "url": "https://logs-fips.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-southeast-4" + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-4 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://logs.ap-southeast-4.amazonaws.com" + "url": "https://logs.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseDualStack": false, + "Region": "cn-north-1", "UseFIPS": false, - "Region": "ap-southeast-4" + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.us-east-1.api.aws" + "url": "https://logs.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.us-east-1.amazonaws.com" + "url": "https://logs.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": false, + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-east-1.api.aws" + "url": "https://logs.us-gov-west-1.amazonaws.com" } }, "params": { - "UseDualStack": true, + "Region": "us-gov-west-1", "UseFIPS": false, - "Region": "us-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-east-1.amazonaws.com" + "url": "https://logs.us-gov-west-1.amazonaws.com" } }, "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-gov-west-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://logs-fips.us-east-2.api.aws" + "url": "https://logs-fips.us-gov-east-1.api.aws" } }, "params": { - "UseDualStack": true, + "Region": "us-gov-east-1", "UseFIPS": true, - "Region": "us-east-2" + "UseDualStack": true } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://logs-fips.us-east-2.amazonaws.com" + "url": "https://logs.us-gov-east-1.api.aws" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-east-2" + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-east-2.api.aws" + "url": "https://logs.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": true, + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "us-east-2" + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.us-east-2.amazonaws.com" + "url": "https://logs.us-iso-west-1.c2s.ic.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-iso-west-1", "UseFIPS": false, - "Region": "us-east-2" + "UseDualStack": false } }, { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://logs-fips.cn-northwest-1.api.amazonwebservices.com.cn" - } + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, + "Region": "us-iso-east-1", "UseFIPS": true, - "Region": "cn-northwest-1" + "UseDualStack": true } }, { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs-fips.cn-northwest-1.amazonaws.com.cn" + "url": "https://logs-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-iso-east-1", "UseFIPS": true, - "Region": "cn-northwest-1" + "UseDualStack": false } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", "expect": { - "endpoint": { - "url": "https://logs.cn-northwest-1.api.amazonwebservices.com.cn" - } + "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseDualStack": true, + "Region": "us-iso-east-1", "UseFIPS": false, - "Region": "cn-northwest-1" + "UseDualStack": true } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://logs.cn-northwest-1.amazonaws.com.cn" + "url": "https://logs.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": false, + "Region": "us-isob-east-1", "UseFIPS": false, - "Region": "cn-northwest-1" + "UseDualStack": false } }, { @@ -4989,9 +4255,9 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, + "Region": "us-isob-east-1", "UseFIPS": true, - "Region": "us-isob-east-1" + "UseDualStack": true } }, { @@ -5002,9 +4268,9 @@ } }, "params": { - "UseDualStack": false, + "Region": "us-isob-east-1", "UseFIPS": true, - "Region": "us-isob-east-1" + "UseDualStack": false } }, { @@ -5013,35 +4279,35 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseDualStack": true, + "Region": "us-isob-east-1", "UseFIPS": false, - "Region": "us-isob-east-1" + "UseDualStack": true } }, { - "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://logs.us-isob-east-1.sc2s.sgov.gov" + "url": "https://example.com" } }, "params": { - "UseDualStack": false, + "Region": "us-east-1", "UseFIPS": false, - "Region": "us-isob-east-1" + "UseDualStack": false, + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -5051,9 +4317,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, - "UseFIPS": true, "Region": "us-east-1", + "UseFIPS": true, + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -5063,11 +4329,17 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, - "UseFIPS": false, "Region": "us-east-1", + "UseFIPS": false, + "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" @@ -5348,6 +4620,92 @@ "com.amazonaws.cloudwatchlogs#PolicyName": { "type": "string" }, + "com.amazonaws.cloudwatchlogs#PolicyType": { + "type": "enum", + "members": { + "DATA_PROTECTION_POLICY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DATA_PROTECTION_POLICY" + } + } + } + }, + "com.amazonaws.cloudwatchlogs#PutAccountPolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudwatchlogs#PutAccountPolicyRequest" + }, + "output": { + "target": "com.amazonaws.cloudwatchlogs#PutAccountPolicyResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudwatchlogs#InvalidParameterException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#LimitExceededException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#OperationAbortedException" + }, + { + "target": "com.amazonaws.cloudwatchlogs#ServiceUnavailableException" + } + ], + "traits": { + "smithy.api#documentation": "Creates an account-level data protection policy that applies to all log groups in the account. A data protection policy can help safeguard sensitive \n data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only\n one account-level policy.
\nSensitive data is detected and masked when it is ingested into a log group. When you set a \n data protection policy, log events ingested into the log groups before that time are not masked.
\nIf you use PutAccountPolicy
to create a data protection policy for your whole account, it applies to both existing log groups\n and all log groups that are created later in this account. The account policy is applied to existing log groups\n with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks.\n A user who has the logs:Unmask
permission can use a \n GetLogEvents or \n FilterLogEvents\n operation with the unmask
parameter set to true
to view the unmasked \n log events. Users with the logs:Unmask
can also view unmasked data in the CloudWatch Logs\n console by running a CloudWatch Logs Insights query with the unmask
query command.
For more information, including a list of types of data that can be audited and masked, see\n Protect sensitive log data with masking.
\nTo use the PutAccountPolicy
operation, you must be signed on with the logs:PutDataProtectionPolicy
\n and logs:PutAccountPolicy
permissions.
The PutAccountPolicy
operation applies to all log groups in the account. You can also use \n PutDataProtectionPolicy\n to create a data protection policy that applies to just one log group. \n If a log group has its own data protection policy and \n the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term\n specified in either policy is masked.
A name for the policy. This must be unique within the account.
", + "smithy.api#required": {} + } + }, + "policyDocument": { + "target": "com.amazonaws.cloudwatchlogs#AccountPolicyDocument", + "traits": { + "smithy.api#documentation": "Specify the data protection policy, in JSON.
\nThis policy must include two JSON blocks:
\nThe first block must include both a DataIdentifer
array and an \n Operation
property with an Audit
action. The DataIdentifer
array lists the types of sensitive data that\n you want to mask. For more information about the available options, see \n Types of data that you can mask.
The Operation
property with an Audit
action is required to find the \n sensitive data terms. This Audit
action must contain a FindingsDestination
\n object. You can optionally use that FindingsDestination
object to list one or more \n destinations to send audit findings to. If you specify destinations such as log groups, \n Kinesis Data Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an\n Operation
property with an Deidentify
action. The\n DataIdentifer
array must exactly match the DataIdentifer
array\n in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the \n data, and it must \n contain the \n \"MaskConfig\": {}
object. The \n \"MaskConfig\": {}
object must be empty.
For an example data protection policy, see the Examples section on this page.
\nThe contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,\n Description
, and Version
fields. The Name
is different than the \n operation's policyName
parameter, and is used as a dimension when\n CloudWatch Logs reports audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters.
Currently the only valid value for this parameter is DATA_PROTECTION_POLICY
.
Currently the only valid value for this parameter is GLOBAL
, which specifies that the data \n protection policy applies to all log groups in the account. If you omit this parameter, the default\n of GLOBAL
is used.
The account policy that you created.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.cloudwatchlogs#PutDataProtectionPolicy": { "type": "operation", "input": { @@ -5374,7 +4732,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a data protection policy for the specified log group. A data protection policy can help safeguard sensitive \n data that's ingested by the log group by auditing and masking the sensitive log data.
\nSensitive data is detected and masked when it is ingested into the log group. When you set a \n data protection policy, log events ingested into the log group before that time are not masked.
\nBy default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks.\n A user who has the logs:Unmask
permission can use a \n GetLogEvents or \n FilterLogEvents\n operation with the unmask
parameter set to true
to view the unmasked \n log events. Users with the logs:Unmask
can also view unmasked data in the CloudWatch Logs\n console by running a CloudWatch Logs Insights query with the unmask
query command.
For more information, including a list of types of data that can be audited and masked, see\n Protect sensitive log data with masking.
" + "smithy.api#documentation": "Creates a data protection policy for the specified log group. A data protection policy can help safeguard sensitive \n data that's ingested by the log group by auditing and masking the sensitive log data.
\nSensitive data is detected and masked when it is ingested into the log group. When you set a \n data protection policy, log events ingested into the log group before that time are not masked.
\nBy default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks.\n A user who has the logs:Unmask
permission can use a \n GetLogEvents or \n FilterLogEvents\n operation with the unmask
parameter set to true
to view the unmasked \n log events. Users with the logs:Unmask
can also view unmasked data in the CloudWatch Logs\n console by running a CloudWatch Logs Insights query with the unmask
query command.
For more information, including a list of types of data that can be audited and masked, see\n Protect sensitive log data with masking.
\nThe PutDataProtectionPolicy
operation applies to only the specified log group. You can also use \n PutAccountPolicy\n to create an account-level data protection policy that applies to all log groups in the account, \n including both existing log groups and log groups that are created level. If a log group has its own data protection policy and \n the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term\n specified in either policy is masked.
Specify the data protection policy, in JSON.
\nThis policy must include two JSON blocks:
\nThe first block must include both a DataIdentifer
array and an \n Operation
property with an Audit
action. The DataIdentifer
array lists the types of sensitive data that\n you want to mask. For more information about the available options, see \n Types of data that you can mask.
The Operation
property with an Audit
action is required to find the \n sensitive data terms. This Audit
action must contain a FindingsDestination
\n object. You can optionally use that FindingsDestination
object to list one or more \n destinations to send audit findings to. If you specify destinations such as log groups, \n Kinesis Data Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an\n Operation
property with an Deidentify
action. The\n DataIdentifer
array must exactly match the DataIdentifer
array\n in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the \n data, and it must \n contain the \n \"MaskConfig\": {}
object. The \n \"MaskConfig\": {}
object must be empty.
For an example data protection policy, see the Examples section on this page.
\nThe contents of two DataIdentifer
arrays must match exactly.
Specify the data protection policy, in JSON.
\nThis policy must include two JSON blocks:
\nThe first block must include both a DataIdentifer
array and an \n Operation
property with an Audit
action. The DataIdentifer
array lists the types of sensitive data that\n you want to mask. For more information about the available options, see \n Types of data that you can mask.
The Operation
property with an Audit
action is required to find the \n sensitive data terms. This Audit
action must contain a FindingsDestination
\n object. You can optionally use that FindingsDestination
object to list one or more \n destinations to send audit findings to. If you specify destinations such as log groups, \n Kinesis Data Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an\n Operation
property with an Deidentify
action. The\n DataIdentifer
array must exactly match the DataIdentifer
array\n in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the \n data, and it must \n contain the \n \"MaskConfig\": {}
object. The \n \"MaskConfig\": {}
object must be empty.
For an example data protection policy, see the Examples section on this page.
\nThe contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,\n Description
, and Version
fields. The Name
is used as a dimension when\n CloudWatch Logs reports audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters.
The date and time that this policy was most recently updated.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#PutDestination": { @@ -5485,9 +4849,12 @@ "forceUpdate": { "target": "com.amazonaws.cloudwatchlogs#ForceUpdate", "traits": { - "smithy.api#documentation": "Specify true if you are updating an existing destination policy to grant permission to\n an organization ID instead of granting permission to individual AWS accounts. Before\n you update a destination policy this way, you must first update the subscription\n filters in the accounts that send logs to this destination. If you do not, the subscription\n filters might stop working. By specifying true
\n for forceUpdate
, you are affirming that you have already updated the subscription \n filters.\n For more information, see \n Updating an existing cross-account subscription\n
If you omit this parameter, the default of false
is used.
Specify true if you are updating an existing destination policy to grant permission to\n an organization ID instead of granting permission to individual Amazon Web Services accounts. Before\n you update a destination policy this way, you must first update the subscription\n filters in the accounts that send logs to this destination. If you do not, the subscription\n filters might stop working. By specifying true
\n for forceUpdate
, you are affirming that you have already updated the subscription \n filters.\n For more information, see \n Updating an existing cross-account subscription\n
If you omit this parameter, the default of false
is used.
An optional list of key-value pairs to associate with the resource.
\nFor more information about tagging, see \n Tagging Amazon Web Services resources\n
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#PutDestinationResponse": { @@ -5531,6 +4901,9 @@ "smithy.api#documentation": "The destination.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#PutLogEvents": { @@ -5562,7 +4935,7 @@ } ], "traits": { - "smithy.api#documentation": "Uploads a batch of log events to the specified log stream.
\nThe sequence token is now ignored in PutLogEvents
\n actions. PutLogEvents
\n actions are always accepted and never return InvalidSequenceTokenException
or\n DataAlreadyAcceptedException
even if the sequence token is not valid. You can use\n parallel PutLogEvents
actions on the same log stream.
The batch of events must satisfy the following constraints:
\nThe maximum batch size is 1,048,576 bytes. This size is calculated as the sum of\n all event messages in UTF-8, plus 26 bytes for each log event.
\nNone of the log events in the batch can be more than 2 hours in the future.
\nNone of the log events in the batch can be more than 14 days in the past. Also,\n none of the log events can be from earlier than the retention period of the log\n group.
\nThe log events in the batch must be in chronological order by their timestamp. The\n timestamp is the time that the event occurred, expressed as the number of milliseconds\n after Jan 1, 1970 00:00:00 UTC
. (In Amazon Web Services Tools for PowerShell\n and the Amazon Web Services SDK for .NET, the timestamp is specified in .NET format:\n yyyy-mm-ddThh:mm:ss
. For example, 2017-09-15T13:45:30
.)
A batch of log events in a single request cannot span more than 24 hours. Otherwise, the operation fails.
\nThe maximum number of log events in a batch is 10,000.
\nThe quota of five requests per second per log stream\n has been removed. Instead, PutLogEvents
actions are throttled based on a \n per-second per-account quota. You can request an increase to the per-second throttling\n quota by using the Service Quotas service.
If a call to PutLogEvents
returns \"UnrecognizedClientException\" the most\n likely cause is a non-valid Amazon Web Services access key ID or secret key.
Uploads a batch of log events to the specified log stream.
\nThe sequence token is now ignored in PutLogEvents
\n actions. PutLogEvents
\n actions are always accepted and never return InvalidSequenceTokenException
or\n DataAlreadyAcceptedException
even if the sequence token is not valid. You can use\n parallel PutLogEvents
actions on the same log stream.
The batch of events must satisfy the following constraints:
\nThe maximum batch size is 1,048,576 bytes. This size is calculated as the sum of\n all event messages in UTF-8, plus 26 bytes for each log event.
\nNone of the log events in the batch can be more than 2 hours in the future.
\nNone of the log events in the batch can be more than 14 days in the past. Also,\n none of the log events can be from earlier than the retention period of the log\n group.
\nThe log events in the batch must be in chronological order by their timestamp. The\n timestamp is the time that the event occurred, expressed as the number of milliseconds\n after Jan 1, 1970 00:00:00 UTC
. (In Amazon Web Services Tools for PowerShell\n and the Amazon Web Services SDK for .NET, the timestamp is specified in .NET format:\n yyyy-mm-ddThh:mm:ss
. For example, 2017-09-15T13:45:30
.)
A batch of log events in a single request cannot span more than 24 hours. Otherwise, the operation fails.
\nEach log event can be no larger than 256 KB.
\nThe maximum number of log events in a batch is 10,000.
\nThe quota of five requests per second per log stream\n has been removed. Instead, PutLogEvents
actions are throttled based on a \n per-second per-account quota. You can request an increase to the per-second throttling\n quota by using the Service Quotas service.
If a call to PutLogEvents
returns \"UnrecognizedClientException\" the most\n likely cause is a non-valid Amazon Web Services access key ID or secret key.
The sequence token obtained from the response of the previous PutLogEvents
\n call.
The sequenceToken
parameter is now ignored in PutLogEvents
\n actions. PutLogEvents
\n actions are now accepted and never return InvalidSequenceTokenException
or\n DataAlreadyAcceptedException
even if the sequence token is not valid.
The rejected events.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#PutMetricFilter": { @@ -5674,6 +5053,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#PutQueryDefinition": { @@ -5731,6 +5113,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#PutQueryDefinitionResponse": { @@ -5742,6 +5127,9 @@ "smithy.api#documentation": "The ID of the query definition.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#PutResourcePolicy": { @@ -5782,6 +5170,9 @@ "smithy.api#documentation": "Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string.\n This parameter is required.
\nThe following example creates a resource policy enabling the Route 53 service to put\n DNS query logs in to the specified log group. Replace \"logArn\"
with the ARN of \n your CloudWatch Logs resource, such as a log group or log stream.
CloudWatch Logs also supports aws:SourceArn\n and aws:SourceAccount\ncondition context keys.
\nIn the example resource policy, you would replace the value of SourceArn
with\n the resource making the call from RouteĀ 53 to CloudWatch Logs. You would also\n replace the value of SourceAccount
with the Amazon Web Services account ID making\n that call.
\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Route53LogsToCloudWatchLogs\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"route53.amazonaws.com\"\n ]\n },\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": \"logArn\",\n \"Condition\": {\n \"ArnLike\": {\n \"aws:SourceArn\": \"myRoute53ResourceArn\"\n },\n \"StringEquals\": {\n \"aws:SourceAccount\": \"myAwsAccountId\"\n }\n }\n }\n ]\n}
\n
The new policy.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#PutRetentionPolicy": { @@ -5837,6 +5231,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#PutSubscriptionFilter": { @@ -5865,7 +5262,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates or updates a subscription filter and associates it with the specified log\n group. With subscription filters, you can subscribe to a real-time stream of log events\n ingested through PutLogEvents\n and have them delivered to a specific destination. When log events are sent to the receiving\n service, they are Base64 encoded and compressed with the GZIP format.
\nThe following destinations are supported for subscription filters:
\nAn Amazon Kinesis data stream belonging to the same account as the subscription\n filter, for same-account delivery.
\nA logical destination that belongs to a different account, for cross-account delivery.
\nAn Amazon Kinesis Data Firehose delivery stream that belongs to the same account as\n the subscription filter, for same-account delivery.
\nAn Lambda function that belongs to the same account as the\n subscription filter, for same-account delivery.
\nEach log group can have up to two subscription filters associated with it. If you are\n updating an existing filter, you must specify the correct name in filterName
.\n
To perform a PutSubscriptionFilter
operation, you must also have the \n iam:PassRole
permission.
Creates or updates a subscription filter and associates it with the specified log\n group. With subscription filters, you can subscribe to a real-time stream of log events\n ingested through PutLogEvents\n and have them delivered to a specific destination. When log events are sent to the receiving\n service, they are Base64 encoded and compressed with the GZIP format.
\nThe following destinations are supported for subscription filters:
\nAn Amazon Kinesis data stream belonging to the same account as the subscription\n filter, for same-account delivery.
\nA logical destination that belongs to a different account, for cross-account delivery.
\nAn Amazon Kinesis Data Firehose delivery stream that belongs to the same account as\n the subscription filter, for same-account delivery.
\nAn Lambda function that belongs to the same account as the\n subscription filter, for same-account delivery.
\nEach log group can have up to two subscription filters associated with it. If you are\n updating an existing filter, you must specify the correct name in filterName
.\n
To perform a PutSubscriptionFilter
operation for any destination except a Lambda function, \n you must also have the \n iam:PassRole
permission.
The method used to distribute log data to the destination. By default, log data is\n grouped by log stream, but the grouping can be set to random for a more even distribution.\n This property is only applicable when the destination is an Amazon Kinesis data stream.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#QueryCharOffset": { @@ -6287,6 +5687,17 @@ } } }, + "com.amazonaws.cloudwatchlogs#Scope": { + "type": "enum", + "members": { + "ALL": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ALL" + } + } + } + }, "com.amazonaws.cloudwatchlogs#SearchedLogStream": { "type": "structure", "members": { @@ -6529,7 +5940,7 @@ } ], "traits": { - "smithy.api#documentation": "Schedules a query of a log group using CloudWatch Logs Insights. You specify the log group\n and time range to query and the query string to use.
\nFor more information, see CloudWatch Logs Insights Query Syntax.
\nQueries time out after 15 minutes of runtime. If your queries are timing out, reduce the\n time range being searched or partition your query into a number of queries.
\nIf you are using CloudWatch cross-account observability, you can use this operation in a\n monitoring account to start a query in a linked source account. For more information, see\n CloudWatch\n cross-account observability. For a cross-account StartQuery
operation,\n the query definition must be defined in the monitoring account.
You can have up to 20 concurrent CloudWatch Logs insights queries, including queries\n that have been added to dashboards.
" + "smithy.api#documentation": "Schedules a query of a log group using CloudWatch Logs Insights. You specify the log group\n and time range to query and the query string to use.
\nFor more information, see CloudWatch Logs Insights Query Syntax.
\nQueries time out after 60 minutes of runtime. If your queries are timing out, reduce the\n time range being searched or partition your query into a number of queries.
\nIf you are using CloudWatch cross-account observability, you can use this operation in a\n monitoring account to start a query in a linked source account. For more information, see\n CloudWatch\n cross-account observability. For a cross-account StartQuery
operation,\n the query definition must be defined in the monitoring account.
You can have up to 30 concurrent CloudWatch Logs insights queries, including queries\n that have been added to dashboards.
" } }, "com.amazonaws.cloudwatchlogs#StartQueryRequest": { @@ -6580,6 +5991,9 @@ "smithy.api#documentation": "The maximum number of log events to return in the query. If the query string uses the fields
command,\n only the specified fields and their values are returned. The default is 1000.
The unique ID of the query.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#StatsValue": { @@ -6632,6 +6049,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#StopQueryResponse": { @@ -6644,6 +6064,9 @@ "smithy.api#documentation": "This is true if the query was stopped by the StopQuery
operation.
The matched events.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.cloudwatchlogs#Timestamp": { @@ -7018,7 +6451,8 @@ "traits": { "smithy.api#deprecated": { "message": "Please use the generic tagging API model UntagResourceRequest" - } + }, + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#UntagResource": { @@ -7061,6 +6495,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.cloudwatchlogs#Value": {