feat(client-securitylake): Log sources are now versioned. AWS log sources and custom sources will now come with a version identifier that enables producers to vend multiple schema versions to subscribers. Security Lake API have been refactored to more closely align with AWS API conventions.

Author: awstools

clients/client-securitylake/README.md

@@ -56,82 +56,74 @@ import {
   CreateCustomLogSourceCommandInput,
   CreateCustomLogSourceCommandOutput,
 } from "./commands/CreateCustomLogSourceCommand";
+import { CreateDataLakeCommandInput, CreateDataLakeCommandOutput } from "./commands/CreateDataLakeCommand";
 import {
-  CreateDatalakeAutoEnableCommandInput,
-  CreateDatalakeAutoEnableCommandOutput,
-} from "./commands/CreateDatalakeAutoEnableCommand";
-import { CreateDatalakeCommandInput, CreateDatalakeCommandOutput } from "./commands/CreateDatalakeCommand";
+  CreateDataLakeExceptionSubscriptionCommandInput,
+  CreateDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/CreateDataLakeExceptionSubscriptionCommand";
 import {
-  CreateDatalakeDelegatedAdminCommandInput,
-  CreateDatalakeDelegatedAdminCommandOutput,
-} from "./commands/CreateDatalakeDelegatedAdminCommand";
-import {
-  CreateDatalakeExceptionsSubscriptionCommandInput,
-  CreateDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/CreateDatalakeExceptionsSubscriptionCommand";
+  CreateDataLakeOrganizationConfigurationCommandInput,
+  CreateDataLakeOrganizationConfigurationCommandOutput,
+} from "./commands/CreateDataLakeOrganizationConfigurationCommand";
 import { CreateSubscriberCommandInput, CreateSubscriberCommandOutput } from "./commands/CreateSubscriberCommand";
 import {
-  CreateSubscriptionNotificationConfigurationCommandInput,
-  CreateSubscriptionNotificationConfigurationCommandOutput,
-} from "./commands/CreateSubscriptionNotificationConfigurationCommand";
+  CreateSubscriberNotificationCommandInput,
+  CreateSubscriberNotificationCommandOutput,
+} from "./commands/CreateSubscriberNotificationCommand";
 import { DeleteAwsLogSourceCommandInput, DeleteAwsLogSourceCommandOutput } from "./commands/DeleteAwsLogSourceCommand";
 import {
   DeleteCustomLogSourceCommandInput,
   DeleteCustomLogSourceCommandOutput,
 } from "./commands/DeleteCustomLogSourceCommand";
+import { DeleteDataLakeCommandInput, DeleteDataLakeCommandOutput } from "./commands/DeleteDataLakeCommand";
 import {
-  DeleteDatalakeAutoEnableCommandInput,
-  DeleteDatalakeAutoEnableCommandOutput,
-} from "./commands/DeleteDatalakeAutoEnableCommand";
-import { DeleteDatalakeCommandInput, DeleteDatalakeCommandOutput } from "./commands/DeleteDatalakeCommand";
-import {
-  DeleteDatalakeDelegatedAdminCommandInput,
-  DeleteDatalakeDelegatedAdminCommandOutput,
-} from "./commands/DeleteDatalakeDelegatedAdminCommand";
+  DeleteDataLakeExceptionSubscriptionCommandInput,
+  DeleteDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/DeleteDataLakeExceptionSubscriptionCommand";
 import {
-  DeleteDatalakeExceptionsSubscriptionCommandInput,
-  DeleteDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/DeleteDatalakeExceptionsSubscriptionCommand";
+  DeleteDataLakeOrganizationConfigurationCommandInput,
+  DeleteDataLakeOrganizationConfigurationCommandOutput,
+} from "./commands/DeleteDataLakeOrganizationConfigurationCommand";
 import { DeleteSubscriberCommandInput, DeleteSubscriberCommandOutput } from "./commands/DeleteSubscriberCommand";
 import {
-  DeleteSubscriptionNotificationConfigurationCommandInput,
-  DeleteSubscriptionNotificationConfigurationCommandOutput,
-} from "./commands/DeleteSubscriptionNotificationConfigurationCommand";
+  DeleteSubscriberNotificationCommandInput,
+  DeleteSubscriberNotificationCommandOutput,
+} from "./commands/DeleteSubscriberNotificationCommand";
 import {
-  GetDatalakeAutoEnableCommandInput,
-  GetDatalakeAutoEnableCommandOutput,
-} from "./commands/GetDatalakeAutoEnableCommand";
-import { GetDatalakeCommandInput, GetDatalakeCommandOutput } from "./commands/GetDatalakeCommand";
+  DeregisterDataLakeDelegatedAdministratorCommandInput,
+  DeregisterDataLakeDelegatedAdministratorCommandOutput,
+} from "./commands/DeregisterDataLakeDelegatedAdministratorCommand";
 import {
-  GetDatalakeExceptionsExpiryCommandInput,
-  GetDatalakeExceptionsExpiryCommandOutput,
-} from "./commands/GetDatalakeExceptionsExpiryCommand";
+  GetDataLakeExceptionSubscriptionCommandInput,
+  GetDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/GetDataLakeExceptionSubscriptionCommand";
 import {
-  GetDatalakeExceptionsSubscriptionCommandInput,
-  GetDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/GetDatalakeExceptionsSubscriptionCommand";
-import { GetDatalakeStatusCommandInput, GetDatalakeStatusCommandOutput } from "./commands/GetDatalakeStatusCommand";
+  GetDataLakeOrganizationConfigurationCommandInput,
+  GetDataLakeOrganizationConfigurationCommandOutput,
+} from "./commands/GetDataLakeOrganizationConfigurationCommand";
+import { GetDataLakeSourcesCommandInput, GetDataLakeSourcesCommandOutput } from "./commands/GetDataLakeSourcesCommand";
 import { GetSubscriberCommandInput, GetSubscriberCommandOutput } from "./commands/GetSubscriberCommand";
 import {
-  ListDatalakeExceptionsCommandInput,
-  ListDatalakeExceptionsCommandOutput,
-} from "./commands/ListDatalakeExceptionsCommand";
+  ListDataLakeExceptionsCommandInput,
+  ListDataLakeExceptionsCommandOutput,
+} from "./commands/ListDataLakeExceptionsCommand";
+import { ListDataLakesCommandInput, ListDataLakesCommandOutput } from "./commands/ListDataLakesCommand";
 import { ListLogSourcesCommandInput, ListLogSourcesCommandOutput } from "./commands/ListLogSourcesCommand";
 import { ListSubscribersCommandInput, ListSubscribersCommandOutput } from "./commands/ListSubscribersCommand";
-import { UpdateDatalakeCommandInput, UpdateDatalakeCommandOutput } from "./commands/UpdateDatalakeCommand";
 import {
-  UpdateDatalakeExceptionsExpiryCommandInput,
-  UpdateDatalakeExceptionsExpiryCommandOutput,
-} from "./commands/UpdateDatalakeExceptionsExpiryCommand";
+  RegisterDataLakeDelegatedAdministratorCommandInput,
+  RegisterDataLakeDelegatedAdministratorCommandOutput,
+} from "./commands/RegisterDataLakeDelegatedAdministratorCommand";
+import { UpdateDataLakeCommandInput, UpdateDataLakeCommandOutput } from "./commands/UpdateDataLakeCommand";
 import {
-  UpdateDatalakeExceptionsSubscriptionCommandInput,
-  UpdateDatalakeExceptionsSubscriptionCommandOutput,
-} from "./commands/UpdateDatalakeExceptionsSubscriptionCommand";
+  UpdateDataLakeExceptionSubscriptionCommandInput,
+  UpdateDataLakeExceptionSubscriptionCommandOutput,
+} from "./commands/UpdateDataLakeExceptionSubscriptionCommand";
 import { UpdateSubscriberCommandInput, UpdateSubscriberCommandOutput } from "./commands/UpdateSubscriberCommand";
 import {
-  UpdateSubscriptionNotificationConfigurationCommandInput,
-  UpdateSubscriptionNotificationConfigurationCommandOutput,
-} from "./commands/UpdateSubscriptionNotificationConfigurationCommand";
+  UpdateSubscriberNotificationCommandInput,
+  UpdateSubscriberNotificationCommandOutput,
+} from "./commands/UpdateSubscriberNotificationCommand";
 import {
   ClientInputEndpointParameters,
   ClientResolvedEndpointParameters,
@@ -148,69 +140,65 @@ export { __Client };
 export type ServiceInputTypes =
   | CreateAwsLogSourceCommandInput
   | CreateCustomLogSourceCommandInput
-  | CreateDatalakeAutoEnableCommandInput
-  | CreateDatalakeCommandInput
-  | CreateDatalakeDelegatedAdminCommandInput
-  | CreateDatalakeExceptionsSubscriptionCommandInput
+  | CreateDataLakeCommandInput
+  | CreateDataLakeExceptionSubscriptionCommandInput
+  | CreateDataLakeOrganizationConfigurationCommandInput
   | CreateSubscriberCommandInput
-  | CreateSubscriptionNotificationConfigurationCommandInput
+  | CreateSubscriberNotificationCommandInput
   | DeleteAwsLogSourceCommandInput
   | DeleteCustomLogSourceCommandInput
-  | DeleteDatalakeAutoEnableCommandInput
-  | DeleteDatalakeCommandInput
-  | DeleteDatalakeDelegatedAdminCommandInput
-  | DeleteDatalakeExceptionsSubscriptionCommandInput
+  | DeleteDataLakeCommandInput
+  | DeleteDataLakeExceptionSubscriptionCommandInput
+  | DeleteDataLakeOrganizationConfigurationCommandInput
   | DeleteSubscriberCommandInput
-  | DeleteSubscriptionNotificationConfigurationCommandInput
-  | GetDatalakeAutoEnableCommandInput
-  | GetDatalakeCommandInput
-  | GetDatalakeExceptionsExpiryCommandInput
-  | GetDatalakeExceptionsSubscriptionCommandInput
-  | GetDatalakeStatusCommandInput
+  | DeleteSubscriberNotificationCommandInput
+  | DeregisterDataLakeDelegatedAdministratorCommandInput
+  | GetDataLakeExceptionSubscriptionCommandInput
+  | GetDataLakeOrganizationConfigurationCommandInput
+  | GetDataLakeSourcesCommandInput
   | GetSubscriberCommandInput
-  | ListDatalakeExceptionsCommandInput
+  | ListDataLakeExceptionsCommandInput
+  | ListDataLakesCommandInput
   | ListLogSourcesCommandInput
   | ListSubscribersCommandInput
-  | UpdateDatalakeCommandInput
-  | UpdateDatalakeExceptionsExpiryCommandInput
-  | UpdateDatalakeExceptionsSubscriptionCommandInput
+  | RegisterDataLakeDelegatedAdministratorCommandInput
+  | UpdateDataLakeCommandInput
+  | UpdateDataLakeExceptionSubscriptionCommandInput
   | UpdateSubscriberCommandInput
-  | UpdateSubscriptionNotificationConfigurationCommandInput;
+  | UpdateSubscriberNotificationCommandInput;
 
 /**
  * @public
  */
 export type ServiceOutputTypes =
   | CreateAwsLogSourceCommandOutput
   | CreateCustomLogSourceCommandOutput
-  | CreateDatalakeAutoEnableCommandOutput
-  | CreateDatalakeCommandOutput
-  | CreateDatalakeDelegatedAdminCommandOutput
-  | CreateDatalakeExceptionsSubscriptionCommandOutput
+  | CreateDataLakeCommandOutput
+  | CreateDataLakeExceptionSubscriptionCommandOutput
+  | CreateDataLakeOrganizationConfigurationCommandOutput
   | CreateSubscriberCommandOutput
-  | CreateSubscriptionNotificationConfigurationCommandOutput
+  | CreateSubscriberNotificationCommandOutput
   | DeleteAwsLogSourceCommandOutput
   | DeleteCustomLogSourceCommandOutput
-  | DeleteDatalakeAutoEnableCommandOutput
-  | DeleteDatalakeCommandOutput
-  | DeleteDatalakeDelegatedAdminCommandOutput
-  | DeleteDatalakeExceptionsSubscriptionCommandOutput
+  | DeleteDataLakeCommandOutput
+  | DeleteDataLakeExceptionSubscriptionCommandOutput
+  | DeleteDataLakeOrganizationConfigurationCommandOutput
   | DeleteSubscriberCommandOutput
-  | DeleteSubscriptionNotificationConfigurationCommandOutput
-  | GetDatalakeAutoEnableCommandOutput
-  | GetDatalakeCommandOutput
-  | GetDatalakeExceptionsExpiryCommandOutput
-  | GetDatalakeExceptionsSubscriptionCommandOutput
-  | GetDatalakeStatusCommandOutput
+  | DeleteSubscriberNotificationCommandOutput
+  | DeregisterDataLakeDelegatedAdministratorCommandOutput
+  | GetDataLakeExceptionSubscriptionCommandOutput
+  | GetDataLakeOrganizationConfigurationCommandOutput
+  | GetDataLakeSourcesCommandOutput
   | GetSubscriberCommandOutput
-  | ListDatalakeExceptionsCommandOutput
+  | ListDataLakeExceptionsCommandOutput
+  | ListDataLakesCommandOutput
   | ListLogSourcesCommandOutput
   | ListSubscribersCommandOutput
-  | UpdateDatalakeCommandOutput
-  | UpdateDatalakeExceptionsExpiryCommandOutput
-  | UpdateDatalakeExceptionsSubscriptionCommandOutput
+  | RegisterDataLakeDelegatedAdministratorCommandOutput
+  | UpdateDataLakeCommandOutput
+  | UpdateDataLakeExceptionSubscriptionCommandOutput
   | UpdateSubscriberCommandOutput
-  | UpdateSubscriptionNotificationConfigurationCommandOutput;
+  | UpdateSubscriberNotificationCommandOutput;
 
 /**
  * @public
@@ -376,24 +364,19 @@ export interface SecurityLakeClientResolvedConfig extends SecurityLakeClientReso
 
 /**
  * @public
- * <note>
- *             <p>Amazon Security Lake is in preview release. Your use of the Security Lake preview is subject to
- *             Section 2 of the <a href="http://aws.amazon.com/service-terms/">Amazon Web Services Service
- *                Terms</a>("Betas and Previews").</p>
- *          </note>
- *          <p>Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to
+ * <p>Amazon Security Lake is a fully managed security data lake service. You can use Security Lake to
  *          automatically centralize security data from cloud, on-premises, and custom sources into a
- *          data lake that's stored in your Amazon Web Servicesaccount. Amazon Web Services Organizations
+ *          data lake that's stored in your Amazon Web Services account. Amazon Web Services Organizations
  *          is an account management service that lets you consolidate multiple Amazon Web Services
  *          accounts into an organization that you create and centrally manage. With Organizations, you
  *          can create member accounts and invite existing accounts to join your organization.
  *          Security Lake helps you analyze security data for a more complete understanding of your
  *          security posture across the entire organization. It can also help you improve the
  *          protection of your workloads, applications, and data.</p>
  *          <p>The data lake is backed by Amazon Simple Storage Service (Amazon S3) buckets, and you
- *          retain ownership over your data.   </p>
+ *          retain ownership over your data.</p>
  *          <p>Amazon Security Lake integrates with CloudTrail, a service that provides a record of
- *          actions taken by a user, role, or an Amazon Web Services service in Security Lake CloudTrail captures API calls for Security Lake as events. The calls captured include calls
+ *          actions taken by a user, role, or an Amazon Web Services service. In Security Lake, CloudTrail captures API calls for Security Lake as events. The calls captured include calls
  *          from the Security Lake console and code calls to the Security Lake API operations. If you create a
  *          trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Security Lake. If you don't configure a trail, you can still
  *          view the most recent events in the CloudTrail console in Event history. Using the

clients/client-securitylake/src/SecurityLake.ts

@@ -39,51 +39,34 @@ export interface CreateAwsLogSourceCommandOutput extends CreateAwsLogSourceRespo
  * <p>Adds a natively supported Amazon Web Service as an Amazon Security Lake source. Enables
  *          source types for member accounts in required Amazon Web Services Regions, based on the
  *          parameters you specify. You can choose any source type in any Region for either accounts
- *          that are part of a trusted organization or standalone accounts. At least one of the three
- *          dimensions is a mandatory input to this API. However, you can supply any combination of the
- *          three dimensions to this API. </p>
- *          <p>By default, a dimension refers to the entire set. When you don't provide a dimension,
- *          Security Lake assumes that the missing dimension refers to the entire set. This is overridden
- *          when you supply any one of the inputs. For instance, when you do not specify members, the
- *          API enables all Security Lake member accounts for all sources. Similarly, when you do not
- *          specify Regions, Security Lake is enabled for all the Regions where Security Lake is available as a
- *          service.</p>
+ *          that are part of a trusted organization or standalone accounts. Once you add an Amazon Web Service as a source, Security Lake starts collecting logs and events from it, </p>
  *          <p>You can use this API only to enable natively supported Amazon Web Services as a
  *          source. Use <code>CreateCustomLogSource</code> to enable data collection from a custom
- *          source. </p>
+ *          source.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
  * import { SecurityLakeClient, CreateAwsLogSourceCommand } from "@aws-sdk/client-securitylake"; // ES Modules import
  * // const { SecurityLakeClient, CreateAwsLogSourceCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import
  * const client = new SecurityLakeClient(config);
  * const input = { // CreateAwsLogSourceRequest
- *   inputOrder: [ // DimensionSet // required
- *     "STRING_VALUE",
- *   ],
- *   enableAllDimensions: { // AllDimensionsMap
- *     "<keys>": { // TwoDimensionsMap
- *       "<keys>": [ // ValueSet
+ *   sources: [ // AwsLogSourceConfigurationList // required
+ *     { // AwsLogSourceConfiguration
+ *       accounts: [ // AccountList
+ *         "STRING_VALUE",
+ *       ],
+ *       regions: [ // RegionList // required
  *         "STRING_VALUE",
  *       ],
+ *       sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", // required
+ *       sourceVersion: "STRING_VALUE",
  *     },
- *   },
- *   enableTwoDimensions: {
- *     "<keys>": [
- *       "STRING_VALUE",
- *     ],
- *   },
- *   enableSingleDimension: [ // InputSet
- *     "STRING_VALUE",
  *   ],
  * };
  * const command = new CreateAwsLogSourceCommand(input);
  * const response = await client.send(command);
  * // { // CreateAwsLogSourceResponse
- * //   processing: [ // AccountList
- * //     "STRING_VALUE",
- * //   ],
- * //   failed: [
+ * //   failed: [ // AccountList
  * //     "STRING_VALUE",
  * //   ],
  * // };
@@ -102,26 +85,24 @@ export interface CreateAwsLogSourceCommandOutput extends CreateAwsLogSourceRespo
  *          Amazon Web Services action. An implicit denial occurs when there is no applicable Deny statement and also
  *          no applicable Allow statement.</p>
  *
- * @throws {@link AccountNotFoundException} (client fault)
- *  <p>Amazon Security Lake cannot find an Amazon Web Services account with the accountID that you
- *          specified, or the account whose credentials you used to make this request isn't a member of
- *          an organization.</p>
+ * @throws {@link BadRequestException} (client fault)
+ *  <p>The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>Occurs when a conflict with a previous successful write is detected. This generally
+ *          occurs when the previous write did not have time to propagate to the host serving the
+ *          current request. A retry (with appropriate backoff logic) is the recommended response to
+ *          this exception.</p>
  *
  * @throws {@link InternalServerException} (server fault)
  *  <p>Internal service exceptions are sometimes caused by transient issues. Before you start
- *          troubleshooting, perform the operation again. </p>
+ *          troubleshooting, perform the operation again.</p>
  *
  * @throws {@link ResourceNotFoundException} (client fault)
  *  <p>The resource could not be found.</p>
  *
- * @throws {@link S3Exception} (client fault)
- *  <p>Provides an extension of the AmazonServiceException for errors reported by Amazon S3 while processing a request. In particular, this class provides access to the
- *             Amazon S3 extended request ID. If Amazon S3 is incorrectly handling a
- *          request and you need to contact Amazon, this extended request ID may provide useful
- *          debugging information. </p>
- *
- * @throws {@link ValidationException} (client fault)
- *  <p>Your signing certificate could not be validated. </p>
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The limit on the number of requests per second was exceeded.</p>
  *
  * @throws {@link SecurityLakeServiceException}
  * <p>Base exception class for all service exceptions from SecurityLake service.</p>