securitylake

package module
v1.19.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2024 License: Apache-2.0 Imports: 43 Imported by: 9

Documentation

Overview

Package securitylake provides the API client, operations, and parameter types for Amazon Security Lake.

Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to automatically centralize security data from cloud, on-premises, and custom sources into a data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations is an account management service that lets you consolidate multiple Amazon Web Services accounts into an organization that you create and centrally manage. With Organizations, you can create member accounts and invite existing accounts to join your organization. Security Lake helps you analyze security data for a more complete understanding of your security posture across the entire organization. It can also help you improve the protection of your workloads, applications, and data.

The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you retain ownership over your data.

Amazon Security Lake integrates with CloudTrail, a service that provides a record of actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls from the Security Lake console and code calls to the Security Lake API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail you can determine the request that was made to Security Lake, the IP address from which the request was made, who made the request, when it was made, and additional details. To learn more about Security Lake information in CloudTrail, see the Amazon Security Lake User Guide.

Security Lake automates the collection of security-related log and event data from integrated Amazon Web Services services and third-party services. It also helps you manage the lifecycle of data with customizable retention and replication settings. Security Lake converts ingested data into Apache Parquet format and a standard open-source schema called the Open Cybersecurity Schema Framework (OCSF).

Other Amazon Web Services services and third-party services can subscribe to the data that's stored in Security Lake for incident response and security data analytics.

Index

Constants

View Source 
const ServiceAPIVersion = "2018-05-10"
View Source 
const ServiceID = "SecurityLake"

Variables

This section is empty.

Functions

func NewDefaultEndpointResolver 

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func WithAPIOptions 

func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)

WithAPIOptions returns a functional option for setting the Client's APIOptions option.

func WithEndpointResolver deprecated 

func WithEndpointResolver(v EndpointResolver) func(*Options)

Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint.

To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.

func WithEndpointResolverV2 added in v1.6.0 

func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)

WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.

func WithSigV4SigningName added in v1.9.2 

func WithSigV4SigningName(name string) func(*Options)

WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.

func WithSigV4SigningRegion added in v1.9.2 

func WithSigV4SigningRegion(region string) func(*Options)

WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.

Types

type AuthResolverParameters added in v1.9.2 

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.

type AuthSchemeResolver added in v1.9.2 

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

AuthSchemeResolver returns a set of possible authentication options for an operation.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client provides the API client to make operations call for Amazon Security Lake.

func New 

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig 

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) CreateAwsLogSource 

func (c *Client) CreateAwsLogSource(ctx context.Context, params *CreateAwsLogSourceInput, optFns ...func(*Options)) (*CreateAwsLogSourceOutput, error)

Adds a natively supported Amazon Web Services service as an Amazon Security Lake source. Enables source types for member accounts in required Amazon Web Services Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an Amazon Web Services service as a source, Security Lake starts collecting logs and events from it.

You can use this API only to enable natively supported Amazon Web Services services as a source. Use CreateCustomLogSource to enable data collection from a custom source.

func (*Client) CreateCustomLogSource 

func (c *Client) CreateCustomLogSource(ctx context.Context, params *CreateCustomLogSourceInput, optFns ...func(*Options)) (*CreateCustomLogSourceOutput, error)

Adds a third-party custom source in Amazon Security Lake, from the Amazon Web Services Region where you want to create a custom source. Security Lake can collect logs and events from third-party custom sources. After creating the appropriate IAM role to invoke Glue crawler, use this API to add a custom source name in Security Lake. This operation creates a partition in the Amazon S3 bucket for Security Lake as the target location for log files from the custom source. In addition, this operation also creates an associated Glue table and an Glue crawler.

func (*Client) CreateDataLake added in v1.4.0 

func (c *Client) CreateDataLake(ctx context.Context, params *CreateDataLakeInput, optFns ...func(*Options)) (*CreateDataLakeOutput, error)

Initializes an Amazon Security Lake instance with the provided (or default) configuration. You can enable Security Lake in Amazon Web Services Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the configurations parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.

When you enable Security Lake, it starts ingesting security data after the CreateAwsLogSource call and after you create subscribers using the CreateSubscriber API. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your Amazon Web Services account in the current Region, including security log and event data. For more information, see the Amazon Security Lake User Guide.

func (*Client) CreateDataLakeExceptionSubscription added in v1.4.0 

func (c *Client) CreateDataLakeExceptionSubscription(ctx context.Context, params *CreateDataLakeExceptionSubscriptionInput, optFns ...func(*Options)) (*CreateDataLakeExceptionSubscriptionOutput, error)

Creates the specified notification subscription in Amazon Security Lake for the organization you specify. The notification subscription is created for exceptions that cannot be resolved by Security Lake automatically.

func (*Client) CreateDataLakeOrganizationConfiguration added in v1.4.0 

func (c *Client) CreateDataLakeOrganizationConfiguration(ctx context.Context, params *CreateDataLakeOrganizationConfigurationInput, optFns ...func(*Options)) (*CreateDataLakeOrganizationConfigurationOutput, error)

Automatically enables Amazon Security Lake for new member accounts in your organization. Security Lake is not automatically enabled for any existing member accounts in your organization.

func (*Client) CreateSubscriber 

func (c *Client) CreateSubscriber(ctx context.Context, params *CreateSubscriberInput, optFns ...func(*Options)) (*CreateSubscriberOutput, error)

Creates a subscriber for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current Amazon Web Services Region.

func (*Client) CreateSubscriberNotification added in v1.4.0 

func (c *Client) CreateSubscriberNotification(ctx context.Context, params *CreateSubscriberNotificationInput, optFns ...func(*Options)) (*CreateSubscriberNotificationOutput, error)

Notifies the subscriber when new data is written to the data lake for the sources that the subscriber consumes in Security Lake. You can create only one subscriber notification per subscriber.

func (*Client) DeleteAwsLogSource 

func (c *Client) DeleteAwsLogSource(ctx context.Context, params *DeleteAwsLogSourceInput, optFns ...func(*Options)) (*DeleteAwsLogSourceOutput, error)

Removes a natively supported Amazon Web Services service as an Amazon Security Lake source. You can remove a source for one or more Regions. When you remove the source, Security Lake stops collecting data from that source in the specified Regions and accounts, and subscribers can no longer consume new data from the source. However, subscribers can still consume data that Security Lake collected from the source before removal.

You can choose any source type in any Amazon Web Services Region for either accounts that are part of a trusted organization or standalone accounts.

func (*Client) DeleteCustomLogSource 

func (c *Client) DeleteCustomLogSource(ctx context.Context, params *DeleteCustomLogSourceInput, optFns ...func(*Options)) (*DeleteCustomLogSourceOutput, error)

Removes a custom log source from Amazon Security Lake, to stop sending data from the custom source to Security Lake.

func (*Client) DeleteDataLake added in v1.4.0 

func (c *Client) DeleteDataLake(ctx context.Context, params *DeleteDataLakeInput, optFns ...func(*Options)) (*DeleteDataLakeOutput, error)

When you disable Amazon Security Lake from your account, Security Lake is disabled in all Amazon Web Services Regions and it stops collecting data from your sources. Also, this API automatically takes steps to remove the account from Security Lake. However, Security Lake retains all of your existing settings and the resources that it created in your Amazon Web Services account in the current Amazon Web Services Region.

The DeleteDataLake operation does not delete the data that is stored in your Amazon S3 bucket, which is owned by your Amazon Web Services account. For more information, see the Amazon Security Lake User Guide.

func (*Client) DeleteDataLakeExceptionSubscription added in v1.4.0 

func (c *Client) DeleteDataLakeExceptionSubscription(ctx context.Context, params *DeleteDataLakeExceptionSubscriptionInput, optFns ...func(*Options)) (*DeleteDataLakeExceptionSubscriptionOutput, error)

Deletes the specified notification subscription in Amazon Security Lake for the organization you specify.

func (*Client) DeleteDataLakeOrganizationConfiguration added in v1.4.0 

func (c *Client) DeleteDataLakeOrganizationConfiguration(ctx context.Context, params *DeleteDataLakeOrganizationConfigurationInput, optFns ...func(*Options)) (*DeleteDataLakeOrganizationConfigurationOutput, error)

Turns off automatic enablement of Amazon Security Lake for member accounts that are added to an organization in Organizations. Only the delegated Security Lake administrator for an organization can perform this operation. If the delegated Security Lake administrator performs this operation, new member accounts won't automatically contribute data to the data lake.

func (*Client) DeleteSubscriber 

func (c *Client) DeleteSubscriber(ctx context.Context, params *DeleteSubscriberInput, optFns ...func(*Options)) (*DeleteSubscriberOutput, error)

Deletes the subscription permission and all notification settings for accounts that are already enabled in Amazon Security Lake. When you run DeleteSubscriber , the subscriber will no longer consume data from Security Lake and the subscriber is removed. This operation deletes the subscriber and removes access to data in the current Amazon Web Services Region.

func (*Client) DeleteSubscriberNotification added in v1.4.0 

func (c *Client) DeleteSubscriberNotification(ctx context.Context, params *DeleteSubscriberNotificationInput, optFns ...func(*Options)) (*DeleteSubscriberNotificationOutput, error)

Deletes the specified subscription notification in Amazon Security Lake for the organization you specify.

func (*Client) DeregisterDataLakeDelegatedAdministrator added in v1.4.0 

func (c *Client) DeregisterDataLakeDelegatedAdministrator(ctx context.Context, params *DeregisterDataLakeDelegatedAdministratorInput, optFns ...func(*Options)) (*DeregisterDataLakeDelegatedAdministratorOutput, error)

Deletes the Amazon Security Lake delegated administrator account for the organization. This API can only be called by the organization management account. The organization management account cannot be the delegated administrator account.

func (*Client) GetDataLakeExceptionSubscription added in v1.4.0 

func (c *Client) GetDataLakeExceptionSubscription(ctx context.Context, params *GetDataLakeExceptionSubscriptionInput, optFns ...func(*Options)) (*GetDataLakeExceptionSubscriptionOutput, error)

Retrieves the protocol and endpoint that were provided when subscribing to Amazon SNS topics for exception notifications.

func (*Client) GetDataLakeOrganizationConfiguration added in v1.4.0 

func (c *Client) GetDataLakeOrganizationConfiguration(ctx context.Context, params *GetDataLakeOrganizationConfigurationInput, optFns ...func(*Options)) (*GetDataLakeOrganizationConfigurationOutput, error)

Retrieves the configuration that will be automatically set up for accounts added to the organization after the organization has onboarded to Amazon Security Lake. This API does not take input parameters.

func (*Client) GetDataLakeSources added in v1.4.0 

func (c *Client) GetDataLakeSources(ctx context.Context, params *GetDataLakeSourcesInput, optFns ...func(*Options)) (*GetDataLakeSourcesOutput, error)

Retrieves a snapshot of the current Region, including whether Amazon Security Lake is enabled for those accounts and which sources Security Lake is collecting data from.

func (*Client) GetSubscriber 

func (c *Client) GetSubscriber(ctx context.Context, params *GetSubscriberInput, optFns ...func(*Options)) (*GetSubscriberOutput, error)

Retrieves the subscription information for the specified subscription ID. You can get information about a specific subscriber.

func (*Client) ListDataLakeExceptions added in v1.4.0 

func (c *Client) ListDataLakeExceptions(ctx context.Context, params *ListDataLakeExceptionsInput, optFns ...func(*Options)) (*ListDataLakeExceptionsOutput, error)

Lists the Amazon Security Lake exceptions that you can use to find the source of problems and fix them.

func (*Client) ListDataLakes added in v1.4.0 

func (c *Client) ListDataLakes(ctx context.Context, params *ListDataLakesInput, optFns ...func(*Options)) (*ListDataLakesOutput, error)

Retrieves the Amazon Security Lake configuration object for the specified Amazon Web Services Regions. You can use this operation to determine whether Security Lake is enabled for a Region.

func (*Client) ListLogSources 

func (c *Client) ListLogSources(ctx context.Context, params *ListLogSourcesInput, optFns ...func(*Options)) (*ListLogSourcesOutput, error)

Retrieves the log sources.

func (*Client) ListSubscribers 

func (c *Client) ListSubscribers(ctx context.Context, params *ListSubscribersInput, optFns ...func(*Options)) (*ListSubscribersOutput, error)

Lists all subscribers for the specific Amazon Security Lake account ID. You can retrieve a list of subscriptions associated with a specific organization or Amazon Web Services account.

func (*Client) ListTagsForResource added in v1.5.0 

func (c *Client) ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)

Retrieves the tags (keys and values) that are associated with an Amazon Security Lake resource: a subscriber, or the data lake configuration for your Amazon Web Services account in a particular Amazon Web Services Region.

func (*Client) Options added in v1.10.0 

func (c *Client) Options() Options

Options returns a copy of the client configuration.

Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.

func (*Client) RegisterDataLakeDelegatedAdministrator added in v1.4.0 

func (c *Client) RegisterDataLakeDelegatedAdministrator(ctx context.Context, params *RegisterDataLakeDelegatedAdministratorInput, optFns ...func(*Options)) (*RegisterDataLakeDelegatedAdministratorOutput, error)

Designates the Amazon Security Lake delegated administrator account for the organization. This API can only be called by the organization management account. The organization management account cannot be the delegated administrator account.

func (*Client) TagResource added in v1.5.0 

func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)

Adds or updates one or more tags that are associated with an Amazon Security Lake resource: a subscriber, or the data lake configuration for your Amazon Web Services account in a particular Amazon Web Services Region. A tag is a label that you can define and associate with Amazon Web Services resources. Each tag consists of a required tag key and an associated tag value. A tag key is a general label that acts as a category for a more specific tag value. A tag value acts as a descriptor for a tag key. Tags can help you identify, categorize, and manage resources in different ways, such as by owner, environment, or other criteria. For more information, see Tagging Amazon Security Lake resourcesin the Amazon Security Lake User Guide.

func (*Client) UntagResource added in v1.5.0 

func (c *Client) UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)

Removes one or more tags (keys and values) from an Amazon Security Lake resource: a subscriber, or the data lake configuration for your Amazon Web Services account in a particular Amazon Web Services Region.

func (*Client) UpdateDataLake added in v1.4.0 

func (c *Client) UpdateDataLake(ctx context.Context, params *UpdateDataLakeInput, optFns ...func(*Options)) (*UpdateDataLakeOutput, error)

You can use UpdateDataLake to specify where to store your security data, how it should be encrypted at rest and for how long. You can add a Rollup Regionto consolidate data from multiple Amazon Web Services Regions, replace default encryption (SSE-S3) with Customer Manged Key, or specify transition and expiration actions through storage Lifecycle management. The UpdateDataLake API works as an "upsert" operation that performs an insert if the specified item or record does not exist, or an update if it already exists. Security Lake securely stores your data at rest using Amazon Web Services encryption solutions. For more details, see Data protection in Amazon Security Lake.

For example, omitting the key encryptionConfiguration from a Region that is included in an update call that currently uses KMS will leave that Region's KMS key in place, but specifying encryptionConfiguration: {kmsKeyId: 'S3_MANAGED_KEY'} for that same Region will reset the key to S3-managed .

For more details about lifecycle management and how to update retention settings for one or more Regions after enabling Security Lake, see the Amazon Security Lake User Guide.

func (*Client) UpdateDataLakeExceptionSubscription added in v1.4.0 

func (c *Client) UpdateDataLakeExceptionSubscription(ctx context.Context, params *UpdateDataLakeExceptionSubscriptionInput, optFns ...func(*Options)) (*UpdateDataLakeExceptionSubscriptionOutput, error)

Updates the specified notification subscription in Amazon Security Lake for the organization you specify.

func (*Client) UpdateSubscriber 

func (c *Client) UpdateSubscriber(ctx context.Context, params *UpdateSubscriberInput, optFns ...func(*Options)) (*UpdateSubscriberOutput, error)

Updates an existing subscription for the given Amazon Security Lake account ID. You can update a subscriber by changing the sources that the subscriber consumes data from.

func (*Client) UpdateSubscriberNotification added in v1.4.0 

func (c *Client) UpdateSubscriberNotification(ctx context.Context, params *UpdateSubscriberNotificationInput, optFns ...func(*Options)) (*UpdateSubscriberNotificationOutput, error)

Updates an existing notification method for the subscription (SQS or HTTPs endpoint) or switches the notification subscription endpoint for a subscriber.

type CreateAwsLogSourceInput 

type CreateAwsLogSourceInput struct {

	// Specify the natively-supported Amazon Web Services service to add as a source
	// in Security Lake.
	//
	// This member is required.
	Sources []types.AwsLogSourceConfiguration
	// contains filtered or unexported fields
}

type CreateAwsLogSourceOutput 

type CreateAwsLogSourceOutput struct {

	// Lists all accounts in which enabling a natively supported Amazon Web Services
	// service as a Security Lake source failed. The failure occurred as these accounts
	// are not part of an organization.
	Failed []string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateCustomLogSourceInput 

type CreateCustomLogSourceInput struct {

	// The configuration used for the third-party custom source.
	//
	// This member is required.
	Configuration *types.CustomLogSourceConfiguration

	// Specify the name for a third-party custom source. This must be a Regionally
	// unique value. The sourceName you enter here, is used in the LogProviderRole
	// name which follows the convention AmazonSecurityLake-Provider-{name of the
	// custom source}-{region} . You must use a CustomLogSource name that is shorter
	// than or equal to 20 characters. This ensures that the LogProviderRole name is
	// below the 64 character limit.
	//
	// This member is required.
	SourceName *string

	// The Open Cybersecurity Schema Framework (OCSF) event classes which describes
	// the type of data that the custom source will send to Security Lake. The
	// supported event classes are:
	//
	//   - ACCESS_ACTIVITY
	//
	//   - FILE_ACTIVITY
	//
	//   - KERNEL_ACTIVITY
	//
	//   - KERNEL_EXTENSION
	//
	//   - MEMORY_ACTIVITY
	//
	//   - MODULE_ACTIVITY
	//
	//   - PROCESS_ACTIVITY
	//
	//   - REGISTRY_KEY_ACTIVITY
	//
	//   - REGISTRY_VALUE_ACTIVITY
	//
	//   - RESOURCE_ACTIVITY
	//
	//   - SCHEDULED_JOB_ACTIVITY
	//
	//   - SECURITY_FINDING
	//
	//   - ACCOUNT_CHANGE
	//
	//   - AUTHENTICATION
	//
	//   - AUTHORIZATION
	//
	//   - ENTITY_MANAGEMENT_AUDIT
	//
	//   - DHCP_ACTIVITY
	//
	//   - NETWORK_ACTIVITY
	//
	//   - DNS_ACTIVITY
	//
	//   - FTP_ACTIVITY
	//
	//   - HTTP_ACTIVITY
	//
	//   - RDP_ACTIVITY
	//
	//   - SMB_ACTIVITY
	//
	//   - SSH_ACTIVITY
	//
	//   - CONFIG_STATE
	//
	//   - INVENTORY_INFO
	//
	//   - EMAIL_ACTIVITY
	//
	//   - API_ACTIVITY
	//
	//   - CLOUD_API
	EventClasses []string

	// Specify the source version for the third-party custom source, to limit log
	// collection to a specific version of custom data source.
	SourceVersion *string
	// contains filtered or unexported fields
}

type CreateCustomLogSourceOutput 

type CreateCustomLogSourceOutput struct {

	// The third-party custom source that was created.
	Source *types.CustomLogSourceResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateDataLakeExceptionSubscriptionInput added in v1.4.0 

type CreateDataLakeExceptionSubscriptionInput struct {

	// The Amazon Web Services account where you want to receive exception
	// notifications.
	//
	// This member is required.
	NotificationEndpoint *string

	// The subscription protocol to which exception notifications are posted.
	//
	// This member is required.
	SubscriptionProtocol *string

	// The expiration period and time-to-live (TTL). It is the duration of time until
	// which the exception message remains.
	ExceptionTimeToLive *int64
	// contains filtered or unexported fields
}

type CreateDataLakeExceptionSubscriptionOutput added in v1.4.0 

type CreateDataLakeExceptionSubscriptionOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateDataLakeInput added in v1.4.0 

type CreateDataLakeInput struct {

	// Specify the Region or Regions that will contribute data to the rollup region.
	//
	// This member is required.
	Configurations []types.DataLakeConfiguration

	// The Amazon Resource Name (ARN) used to create and update the Glue table. This
	// table contains partitions generated by the ingestion and normalization of Amazon
	// Web Services log sources and custom sources.
	//
	// This member is required.
	MetaStoreManagerRoleArn *string

	// An array of objects, one for each tag to associate with the data lake
	// configuration. For each tag, you must specify both a tag key and a tag value. A
	// tag value cannot be null, but it can be an empty string.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateDataLakeOrganizationConfigurationInput added in v1.4.0 

type CreateDataLakeOrganizationConfigurationInput struct {

	// Enable Security Lake with the specified configuration settings, to begin
	// collecting security data for new accounts in your organization.
	AutoEnableNewAccount []types.DataLakeAutoEnableNewAccountConfiguration
	// contains filtered or unexported fields
}

type CreateDataLakeOrganizationConfigurationOutput added in v1.4.0 

type CreateDataLakeOrganizationConfigurationOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateDataLakeOutput added in v1.4.0 

type CreateDataLakeOutput struct {

	// The created Security Lake configuration object.
	DataLakes []types.DataLakeResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateSubscriberInput 

type CreateSubscriberInput struct {

	// The supported Amazon Web Services services from which logs and events are
	// collected. Security Lake supports log and event collection for natively
	// supported Amazon Web Services services.
	//
	// This member is required.
	Sources []types.LogSourceResource

	// The Amazon Web Services identity used to access your data.
	//
	// This member is required.
	SubscriberIdentity *types.AwsIdentity

	// The name of your Security Lake subscriber account.
	//
	// This member is required.
	SubscriberName *string

	// The Amazon S3 or Lake Formation access type.
	AccessTypes []types.AccessType

	// The description for your subscriber account in Security Lake.
	SubscriberDescription *string

	// An array of objects, one for each tag to associate with the subscriber. For
	// each tag, you must specify both a tag key and a tag value. A tag value cannot be
	// null, but it can be an empty string.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateSubscriberNotificationInput added in v1.4.0 

type CreateSubscriberNotificationInput struct {

	// Specify the configuration using which you want to create the subscriber
	// notification.
	//
	// This member is required.
	Configuration types.NotificationConfiguration

	// The subscriber ID for the notification subscription.
	//
	// This member is required.
	SubscriberId *string
	// contains filtered or unexported fields
}

type CreateSubscriberNotificationOutput added in v1.4.0 

type CreateSubscriberNotificationOutput struct {

	// The subscriber endpoint to which exception messages are posted.
	SubscriberEndpoint *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateSubscriberOutput 

type CreateSubscriberOutput struct {

	// Retrieve information about the subscriber created using the CreateSubscriber
	// API.
	Subscriber *types.SubscriberResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteAwsLogSourceInput 

type DeleteAwsLogSourceInput struct {

	// Specify the natively-supported Amazon Web Services service to remove as a
	// source in Security Lake.
	//
	// This member is required.
	Sources []types.AwsLogSourceConfiguration
	// contains filtered or unexported fields
}

type DeleteAwsLogSourceOutput 

type DeleteAwsLogSourceOutput struct {

	// Deletion of the Amazon Web Services sources failed as the account is not a part
	// of the organization.
	Failed []string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteCustomLogSourceInput 

type DeleteCustomLogSourceInput struct {

	// The source name of custom log source that you want to delete.
	//
	// This member is required.
	SourceName *string

	// The source version for the third-party custom source. You can limit the custom
	// source removal to the specified source version.
	SourceVersion *string
	// contains filtered or unexported fields
}

type DeleteCustomLogSourceOutput 

type DeleteCustomLogSourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteDataLakeExceptionSubscriptionInput added in v1.4.0 

type DeleteDataLakeExceptionSubscriptionInput struct {
	// contains filtered or unexported fields
}

type DeleteDataLakeExceptionSubscriptionOutput added in v1.4.0 

type DeleteDataLakeExceptionSubscriptionOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteDataLakeInput added in v1.4.0 

type DeleteDataLakeInput struct {

	// The list of Regions where Security Lake is enabled.
	//
	// This member is required.
	Regions []string
	// contains filtered or unexported fields
}

type DeleteDataLakeOrganizationConfigurationInput added in v1.4.0 

type DeleteDataLakeOrganizationConfigurationInput struct {

	// Turns off automatic enablement of Security Lake for member accounts that are
	// added to an organization.
	AutoEnableNewAccount []types.DataLakeAutoEnableNewAccountConfiguration
	// contains filtered or unexported fields
}

type DeleteDataLakeOrganizationConfigurationOutput added in v1.4.0 

type DeleteDataLakeOrganizationConfigurationOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteDataLakeOutput added in v1.4.0 

type DeleteDataLakeOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteSubscriberInput 

type DeleteSubscriberInput struct {

	// A value created by Security Lake that uniquely identifies your DeleteSubscriber
	// API request.
	//
	// This member is required.
	SubscriberId *string
	// contains filtered or unexported fields
}

type DeleteSubscriberNotificationInput added in v1.4.0 

type DeleteSubscriberNotificationInput struct {

	// The ID of the Security Lake subscriber account.
	//
	// This member is required.
	SubscriberId *string
	// contains filtered or unexported fields
}

type DeleteSubscriberNotificationOutput added in v1.4.0 

type DeleteSubscriberNotificationOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteSubscriberOutput 

type DeleteSubscriberOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeregisterDataLakeDelegatedAdministratorInput added in v1.4.0 

type DeregisterDataLakeDelegatedAdministratorInput struct {
	// contains filtered or unexported fields
}

type DeregisterDataLakeDelegatedAdministratorOutput added in v1.4.0 

type DeregisterDataLakeDelegatedAdministratorOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters added in v1.6.0 

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

EndpointParameters provides the parameters that influence how endpoints are resolved.

func (EndpointParameters) ValidateRequired added in v1.6.0 

func (p EndpointParameters) ValidateRequired() error

ValidateRequired validates required parameters are set.

func (EndpointParameters) WithDefaults added in v1.6.0 

func (p EndpointParameters) WithDefaults() EndpointParameters

WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.

type EndpointResolver 

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func EndpointResolverFromURL 

func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver

EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.

type EndpointResolverFunc 

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint 

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)

type EndpointResolverOptions 

type EndpointResolverOptions = internalendpoints.Options

EndpointResolverOptions is the service endpoint resolver options

type EndpointResolverV2 added in v1.6.0 

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

EndpointResolverV2 provides the interface for resolving service endpoints.

func NewDefaultEndpointResolverV2 added in v1.6.0 

func NewDefaultEndpointResolverV2() EndpointResolverV2

type GetDataLakeExceptionSubscriptionInput added in v1.4.0 

type GetDataLakeExceptionSubscriptionInput struct {
	// contains filtered or unexported fields
}

type GetDataLakeExceptionSubscriptionOutput added in v1.4.0 

type GetDataLakeExceptionSubscriptionOutput struct {

	// The expiration period and time-to-live (TTL). It is the duration of time until
	// which the exception message remains.
	ExceptionTimeToLive *int64

	// The Amazon Web Services account where you receive exception notifications.
	NotificationEndpoint *string

	// The subscription protocol to which exception notifications are posted.
	SubscriptionProtocol *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetDataLakeOrganizationConfigurationInput added in v1.4.0 

type GetDataLakeOrganizationConfigurationInput struct {
	// contains filtered or unexported fields
}

type GetDataLakeOrganizationConfigurationOutput added in v1.4.0 

type GetDataLakeOrganizationConfigurationOutput struct {

	// The configuration used for new accounts in Security Lake.
	AutoEnableNewAccount []types.DataLakeAutoEnableNewAccountConfiguration

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetDataLakeSourcesAPIClient added in v1.4.0 

type GetDataLakeSourcesAPIClient interface {
	GetDataLakeSources(context.Context, *GetDataLakeSourcesInput, ...func(*Options)) (*GetDataLakeSourcesOutput, error)
}

GetDataLakeSourcesAPIClient is a client that implements the GetDataLakeSources operation.

type GetDataLakeSourcesInput added in v1.4.0 

type GetDataLakeSourcesInput struct {

	// The Amazon Web Services account ID for which a static snapshot of the current
	// Amazon Web Services Region, including enabled accounts and log sources, is
	// retrieved.
	Accounts []string

	// The maximum limit of accounts for which the static snapshot of the current
	// Region, including enabled accounts and log sources, is retrieved.
	MaxResults *int32

	// Lists if there are more results available. The value of nextToken is a unique
	// pagination token for each page. Repeat the call using the returned token to
	// retrieve the next page. Keep all other arguments unchanged.
	//
	// Each pagination token expires after 24 hours. Using an expired pagination token
	// will return an HTTP 400 InvalidToken error.
	NextToken *string
	// contains filtered or unexported fields
}

type GetDataLakeSourcesOutput added in v1.4.0 

type GetDataLakeSourcesOutput struct {

	// The Amazon Resource Name (ARN) created by you to provide to the subscriber. For
	// more information about ARNs and how to use them in policies, see the [Amazon Security Lake User Guide].
	//
	// [Amazon Security Lake User Guide]: https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html
	DataLakeArn *string

	// The list of enabled accounts and enabled sources.
	DataLakeSources []types.DataLakeSource

	// Lists if there are more results available. The value of nextToken is a unique
	// pagination token for each page. Repeat the call using the returned token to
	// retrieve the next page. Keep all other arguments unchanged.
	//
	// Each pagination token expires after 24 hours. Using an expired pagination token
	// will return an HTTP 400 InvalidToken error.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetDataLakeSourcesPaginator added in v1.4.0 

type GetDataLakeSourcesPaginator struct {
	// contains filtered or unexported fields
}

GetDataLakeSourcesPaginator is a paginator for GetDataLakeSources

func NewGetDataLakeSourcesPaginator added in v1.4.0 

func NewGetDataLakeSourcesPaginator(client GetDataLakeSourcesAPIClient, params *GetDataLakeSourcesInput, optFns ...func(*GetDataLakeSourcesPaginatorOptions)) *GetDataLakeSourcesPaginator

NewGetDataLakeSourcesPaginator returns a new GetDataLakeSourcesPaginator

func (*GetDataLakeSourcesPaginator) HasMorePages added in v1.4.0 

func (p *GetDataLakeSourcesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*GetDataLakeSourcesPaginator) NextPage added in v1.4.0 

func (p *GetDataLakeSourcesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*GetDataLakeSourcesOutput, error)

NextPage retrieves the next GetDataLakeSources page.

type GetDataLakeSourcesPaginatorOptions added in v1.4.0 

type GetDataLakeSourcesPaginatorOptions struct {
	// The maximum limit of accounts for which the static snapshot of the current
	// Region, including enabled accounts and log sources, is retrieved.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

GetDataLakeSourcesPaginatorOptions is the paginator options for GetDataLakeSources

type GetSubscriberInput 

type GetSubscriberInput struct {

	// A value created by Amazon Security Lake that uniquely identifies your
	// GetSubscriber API request.
	//
	// This member is required.
	SubscriberId *string
	// contains filtered or unexported fields
}

type GetSubscriberOutput 

type GetSubscriberOutput struct {

	// The subscriber information for the specified subscriber ID.
	Subscriber *types.SubscriberResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type ListDataLakeExceptionsAPIClient added in v1.4.0 

type ListDataLakeExceptionsAPIClient interface {
	ListDataLakeExceptions(context.Context, *ListDataLakeExceptionsInput, ...func(*Options)) (*ListDataLakeExceptionsOutput, error)
}

ListDataLakeExceptionsAPIClient is a client that implements the ListDataLakeExceptions operation.

type ListDataLakeExceptionsInput added in v1.4.0 

type ListDataLakeExceptionsInput struct {

	// Lists the maximum number of failures in Security Lake.
	MaxResults *int32

	// Lists if there are more results available. The value of nextToken is a unique
	// pagination token for each page. Repeat the call using the returned token to
	// retrieve the next page. Keep all other arguments unchanged.
	//
	// Each pagination token expires after 24 hours. Using an expired pagination token
	// will return an HTTP 400 InvalidToken error.
	NextToken *string

	// The Amazon Web Services Regions from which exceptions are retrieved.
	Regions []string
	// contains filtered or unexported fields
}

type ListDataLakeExceptionsOutput added in v1.4.0 

type ListDataLakeExceptionsOutput struct {

	// Lists the failures that cannot be retried.
	Exceptions []types.DataLakeException

	// Lists if there are more results available. The value of nextToken is a unique
	// pagination token for each page. Repeat the call using the returned token to
	// retrieve the next page. Keep all other arguments unchanged.
	//
	// Each pagination token expires after 24 hours. Using an expired pagination token
	// will return an HTTP 400 InvalidToken error.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListDataLakeExceptionsPaginator added in v1.4.0 

type ListDataLakeExceptionsPaginator struct {
	// contains filtered or unexported fields
}

ListDataLakeExceptionsPaginator is a paginator for ListDataLakeExceptions

func NewListDataLakeExceptionsPaginator added in v1.4.0 

func NewListDataLakeExceptionsPaginator(client ListDataLakeExceptionsAPIClient, params *ListDataLakeExceptionsInput, optFns ...func(*ListDataLakeExceptionsPaginatorOptions)) *ListDataLakeExceptionsPaginator

NewListDataLakeExceptionsPaginator returns a new ListDataLakeExceptionsPaginator

func (*ListDataLakeExceptionsPaginator) HasMorePages added in v1.4.0 

func (p *ListDataLakeExceptionsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListDataLakeExceptionsPaginator) NextPage added in v1.4.0 

func (p *ListDataLakeExceptionsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListDataLakeExceptionsOutput, error)

NextPage retrieves the next ListDataLakeExceptions page.

type ListDataLakeExceptionsPaginatorOptions added in v1.4.0 

type ListDataLakeExceptionsPaginatorOptions struct {
	// Lists the maximum number of failures in Security Lake.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListDataLakeExceptionsPaginatorOptions is the paginator options for ListDataLakeExceptions

type ListDataLakesInput added in v1.4.0 

type ListDataLakesInput struct {

	// The list of Regions where Security Lake is enabled.
	Regions []string
	// contains filtered or unexported fields
}

type ListDataLakesOutput added in v1.4.0 

type ListDataLakesOutput struct {

	// Retrieves the Security Lake configuration object.
	DataLakes []types.DataLakeResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListLogSourcesAPIClient 

type ListLogSourcesAPIClient interface {
	ListLogSources(context.Context, *ListLogSourcesInput, ...func(*Options)) (*ListLogSourcesOutput, error)
}

ListLogSourcesAPIClient is a client that implements the ListLogSources operation.

type ListLogSourcesInput 

type ListLogSourcesInput struct {

	// The list of Amazon Web Services accounts for which log sources are displayed.
	Accounts []string

	// The maximum number of accounts for which the log sources are displayed.
	MaxResults *int32

	// If nextToken is returned, there are more results available. You can repeat the
	// call using the returned token to retrieve the next page.
	NextToken *string

	// The list of Regions for which log sources are displayed.
	Regions []string

	// The list of sources for which log sources are displayed.
	Sources []types.LogSourceResource
	// contains filtered or unexported fields
}

type ListLogSourcesOutput 

type ListLogSourcesOutput struct {

	// If nextToken is returned, there are more results available. You can repeat the
	// call using the returned token to retrieve the next page.
	NextToken *string

	// The list of log sources in your organization that send data to the data lake.
	Sources []types.LogSource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListLogSourcesPaginator 

type ListLogSourcesPaginator struct {
	// contains filtered or unexported fields
}

ListLogSourcesPaginator is a paginator for ListLogSources

func NewListLogSourcesPaginator 

func NewListLogSourcesPaginator(client ListLogSourcesAPIClient, params *ListLogSourcesInput, optFns ...func(*ListLogSourcesPaginatorOptions)) *ListLogSourcesPaginator

NewListLogSourcesPaginator returns a new ListLogSourcesPaginator

func (*ListLogSourcesPaginator) HasMorePages 

func (p *ListLogSourcesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListLogSourcesPaginator) NextPage 

func (p *ListLogSourcesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListLogSourcesOutput, error)

NextPage retrieves the next ListLogSources page.

type ListLogSourcesPaginatorOptions 

type ListLogSourcesPaginatorOptions struct {
	// The maximum number of accounts for which the log sources are displayed.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListLogSourcesPaginatorOptions is the paginator options for ListLogSources

type ListSubscribersAPIClient 

type ListSubscribersAPIClient interface {
	ListSubscribers(context.Context, *ListSubscribersInput, ...func(*Options)) (*ListSubscribersOutput, error)
}

ListSubscribersAPIClient is a client that implements the ListSubscribers operation.

type ListSubscribersInput 

type ListSubscribersInput struct {

	// The maximum number of accounts for which the configuration is displayed.
	MaxResults *int32

	// If nextToken is returned, there are more results available. You can repeat the
	// call using the returned token to retrieve the next page.
	NextToken *string
	// contains filtered or unexported fields
}

type ListSubscribersOutput 

type ListSubscribersOutput struct {

	// If nextToken is returned, there are more results available. You can repeat the
	// call using the returned token to retrieve the next page.
	NextToken *string

	// The subscribers available for the specified Security Lake account ID.
	Subscribers []types.SubscriberResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListSubscribersPaginator 

type ListSubscribersPaginator struct {
	// contains filtered or unexported fields
}

ListSubscribersPaginator is a paginator for ListSubscribers

func NewListSubscribersPaginator 

func NewListSubscribersPaginator(client ListSubscribersAPIClient, params *ListSubscribersInput, optFns ...func(*ListSubscribersPaginatorOptions)) *ListSubscribersPaginator

NewListSubscribersPaginator returns a new ListSubscribersPaginator

func (*ListSubscribersPaginator) HasMorePages 

func (p *ListSubscribersPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListSubscribersPaginator) NextPage 

func (p *ListSubscribersPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListSubscribersOutput, error)

NextPage retrieves the next ListSubscribers page.

type ListSubscribersPaginatorOptions 

type ListSubscribersPaginatorOptions struct {
	// The maximum number of accounts for which the configuration is displayed.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListSubscribersPaginatorOptions is the paginator options for ListSubscribers

type ListTagsForResourceInput added in v1.5.0 

type ListTagsForResourceInput struct {

	// The Amazon Resource Name (ARN) of the Amazon Security Lake resource for which
	// you want to retrieve the tags.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

type ListTagsForResourceOutput added in v1.5.0 

type ListTagsForResourceOutput struct {

	// An array of objects, one for each tag (key and value) that’s associated with
	// the Amazon Security Lake resource.
	Tags []types.Tag

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type Options 

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The optional application specific identifier appended to the User-Agent header.
	AppID string

	// This endpoint will be given as input to an EndpointResolverV2. It is used for
	// providing a custom base endpoint that is subject to modifications by the
	// processing EndpointResolverV2.
	BaseEndpoint *string

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The configuration DefaultsMode that the SDK should use when constructing the
	// clients initial default settings.
	DefaultsMode aws.DefaultsMode

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	//
	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
	// value for this field will likely prevent you from using any endpoint-related
	// service features released after the introduction of EndpointResolverV2 and
	// BaseEndpoint.
	//
	// To migrate an EndpointResolver implementation that uses a custom endpoint, set
	// the client option BaseEndpoint instead.
	EndpointResolver EndpointResolver

	// Resolves the endpoint used for a particular service operation. This should be
	// used over the deprecated EndpointResolver.
	EndpointResolverV2 EndpointResolverV2

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The client meter provider.
	MeterProvider metrics.MeterProvider

	// The region to send requests to. (Required)
	Region string

	// RetryMaxAttempts specifies the maximum number attempts an API client will call
	// an operation that fails with a retryable error. A value of 0 is ignored, and
	// will not be used to configure the API client created default retryer, or modify
	// per operation call's retry max attempts.
	//
	// If specified in an operation call's functional options with a value that is
	// different than the constructed client's Options, the Client's Retryer will be
	// wrapped to use the operation's specific RetryMaxAttempts value.
	RetryMaxAttempts int

	// RetryMode specifies the retry mode the API client will be created with, if
	// Retryer option is not also specified.
	//
	// When creating a new API Clients this member will only be used if the Retryer
	// Options member is nil. This value will be ignored if Retryer is not nil.
	//
	// Currently does not support per operation call overrides, may in the future.
	RetryMode aws.RetryMode

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer. The kind of
	// default retry created by the API client can be changed with the RetryMode
	// option.
	Retryer aws.Retryer

	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
	// should not populate this structure programmatically, or rely on the values here
	// within your applications.
	RuntimeEnvironment aws.RuntimeEnvironment

	// The client tracer provider.
	TracerProvider tracing.TracerProvider

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient

	// The auth scheme resolver which determines how to authenticate for each
	// operation.
	AuthSchemeResolver AuthSchemeResolver

	// The list of auth schemes supported by the client.
	AuthSchemes []smithyhttp.AuthScheme
	// contains filtered or unexported fields
}

func (Options) Copy 

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetIdentityResolver added in v1.9.2 

func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver

type RegisterDataLakeDelegatedAdministratorInput added in v1.4.0 

type RegisterDataLakeDelegatedAdministratorInput struct {

	// The Amazon Web Services account ID of the Security Lake delegated administrator.
	//
	// This member is required.
	AccountId *string
	// contains filtered or unexported fields
}

type RegisterDataLakeDelegatedAdministratorOutput added in v1.4.0 

type RegisterDataLakeDelegatedAdministratorOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResolveEndpoint 

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

func (*ResolveEndpoint) HandleSerialize 

func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
)

func (*ResolveEndpoint) ID 

func (*ResolveEndpoint) ID() string

type TagResourceInput added in v1.5.0 

type TagResourceInput struct {

	// The Amazon Resource Name (ARN) of the Amazon Security Lake resource to add or
	// update the tags for.
	//
	// This member is required.
	ResourceArn *string

	// An array of objects, one for each tag (key and value) to associate with the
	// Amazon Security Lake resource. For each tag, you must specify both a tag key and
	// a tag value. A tag value cannot be null, but it can be an empty string.
	//
	// This member is required.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type TagResourceOutput added in v1.5.0 

type TagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UntagResourceInput added in v1.5.0 

type UntagResourceInput struct {

	// The Amazon Resource Name (ARN) of the Amazon Security Lake resource to remove
	// one or more tags from.
	//
	// This member is required.
	ResourceArn *string

	// A list of one or more tag keys. For each value in the list, specify the tag key
	// for a tag to remove from the Amazon Security Lake resource.
	//
	// This member is required.
	TagKeys []string
	// contains filtered or unexported fields
}

type UntagResourceOutput added in v1.5.0 

type UntagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateDataLakeExceptionSubscriptionInput added in v1.4.0 

type UpdateDataLakeExceptionSubscriptionInput struct {

	// The account that is subscribed to receive exception notifications.
	//
	// This member is required.
	NotificationEndpoint *string

	// The subscription protocol to which exception messages are posted.
	//
	// This member is required.
	SubscriptionProtocol *string

	// The time-to-live (TTL) for the exception message to remain. It is the duration
	// of time until which the exception message remains.
	ExceptionTimeToLive *int64
	// contains filtered or unexported fields
}

type UpdateDataLakeExceptionSubscriptionOutput added in v1.4.0 

type UpdateDataLakeExceptionSubscriptionOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateDataLakeInput added in v1.4.0 

type UpdateDataLakeInput struct {

	// Specifies the Region or Regions that will contribute data to the rollup region.
	//
	// This member is required.
	Configurations []types.DataLakeConfiguration

	// The Amazon Resource Name (ARN) used to create and update the Glue table. This
	// table contains partitions generated by the ingestion and normalization of Amazon
	// Web Services log sources and custom sources.
	MetaStoreManagerRoleArn *string
	// contains filtered or unexported fields
}

type UpdateDataLakeOutput added in v1.4.0 

type UpdateDataLakeOutput struct {

	// The created Security Lake configuration object.
	DataLakes []types.DataLakeResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateSubscriberInput 

type UpdateSubscriberInput struct {

	// A value created by Security Lake that uniquely identifies your subscription.
	//
	// This member is required.
	SubscriberId *string

	// The supported Amazon Web Services services from which logs and events are
	// collected. For the list of supported Amazon Web Services services, see the [Amazon Security Lake User Guide].
	//
	// [Amazon Security Lake User Guide]: https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html
	Sources []types.LogSourceResource

	// The description of the Security Lake account subscriber.
	SubscriberDescription *string

	// The Amazon Web Services identity used to access your data.
	SubscriberIdentity *types.AwsIdentity

	// The name of the Security Lake account subscriber.
	SubscriberName *string
	// contains filtered or unexported fields
}

type UpdateSubscriberNotificationInput added in v1.4.0 

type UpdateSubscriberNotificationInput struct {

	// The configuration for subscriber notification.
	//
	// This member is required.
	Configuration types.NotificationConfiguration

	// The subscription ID for which the subscription notification is specified.
	//
	// This member is required.
	SubscriberId *string
	// contains filtered or unexported fields
}

type UpdateSubscriberNotificationOutput added in v1.4.0 

type UpdateSubscriberNotificationOutput struct {

	// The subscriber endpoint to which exception messages are posted.
	SubscriberEndpoint *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateSubscriberOutput 

type UpdateSubscriberOutput struct {

	// The updated subscriber information.
	Subscriber *types.SubscriberResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis
internal
endpoints

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.