File: types.go

package info (click to toggle)
golang-github-aws-aws-sdk-go-v2 1.24.1-2~bpo12%2B1
links: PTS, VCS
area: main
in suites: bookworm-backports
size: 554,032 kB
sloc: java: 15,941; makefile: 419; sh: 175
file content (646 lines) | stat: -rw-r--r-- 20,701 bytes
// Code generated by smithy-go-codegen DO NOT EDIT.

package types

import (
	smithydocument "github.com/aws/smithy-go/document"
	"time"
)

// The AWS identity.
type AwsIdentity struct {

	// The external ID used to estalish trust relationship with the AWS identity.
	//
	// This member is required.
	ExternalId *string

	// The AWS identity principal.
	//
	// This member is required.
	Principal *string

	noSmithyDocumentSerde
}

// The Security Lake logs source configuration file describes the information
// needed to generate Security Lake logs.
type AwsLogSourceConfiguration struct {

	// Specify the Regions where you want to enable Security Lake.
	//
	// This member is required.
	Regions []string

	// The name for a Amazon Web Services source. This must be a Regionally unique
	// value.
	//
	// This member is required.
	SourceName AwsLogSourceName

	// Specify the Amazon Web Services account information where you want to enable
	// Security Lake.
	Accounts []string

	// The version for a Amazon Web Services source. This must be a Regionally unique
	// value.
	SourceVersion *string

	noSmithyDocumentSerde
}

// Amazon Security Lake can collect logs and events from natively-supported Amazon
// Web Services services.
type AwsLogSourceResource struct {

	// The name for a Amazon Web Services source. This must be a Regionally unique
	// value.
	SourceName AwsLogSourceName

	// The version for a Amazon Web Services source. This must be a Regionally unique
	// value.
	SourceVersion *string

	noSmithyDocumentSerde
}

// The attributes of a third-party custom source.
type CustomLogSourceAttributes struct {

	// The ARN of the Glue crawler.
	CrawlerArn *string

	// The ARN of the Glue database where results are written, such as:
	// arn:aws:daylight:us-east-1::database/sometable/* .
	DatabaseArn *string

	// The ARN of the Glue table.
	TableArn *string

	noSmithyDocumentSerde
}

// The configuration for the third-party custom source.
type CustomLogSourceConfiguration struct {

	// The configuration for the Glue Crawler for the third-party custom source.
	//
	// This member is required.
	CrawlerConfiguration *CustomLogSourceCrawlerConfiguration

	// The identity of the log provider for the third-party custom source.
	//
	// This member is required.
	ProviderIdentity *AwsIdentity

	noSmithyDocumentSerde
}

// The configuration for the Glue Crawler for the third-party custom source.
type CustomLogSourceCrawlerConfiguration struct {

	// The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role
	// to be used by the Glue crawler. The recommended IAM policies are:
	//   - The managed policy AWSGlueServiceRole
	//   - A custom policy granting access to your Amazon S3 Data Lake
	//
	// This member is required.
	RoleArn *string

	noSmithyDocumentSerde
}

// The details of the log provider for a third-party custom source.
type CustomLogSourceProvider struct {

	// The location of the partition in the Amazon S3 bucket for Security Lake.
	Location *string

	// The ARN of the IAM role to be used by the entity putting logs into your custom
	// source partition. Security Lake will apply the correct access policies to this
	// role, but you must first manually create the trust policy for this role. The IAM
	// role name must start with the text 'Security Lake'. The IAM role must trust the
	// logProviderAccountId to assume the role.
	RoleArn *string

	noSmithyDocumentSerde
}

// Amazon Security Lake can collect logs and events from third-party custom
// sources.
type CustomLogSourceResource struct {

	// The attributes of a third-party custom source.
	Attributes *CustomLogSourceAttributes

	// The details of the log provider for a third-party custom source.
	Provider *CustomLogSourceProvider

	// The name for a third-party custom source. This must be a Regionally unique
	// value.
	SourceName *string

	// The version for a third-party custom source. This must be a Regionally unique
	// value.
	SourceVersion *string

	noSmithyDocumentSerde
}

// Automatically enable new organization accounts as member accounts from an
// Amazon Security Lake administrator account.
type DataLakeAutoEnableNewAccountConfiguration struct {

	// The Amazon Web Services Regions where Security Lake is automatically enabled.
	//
	// This member is required.
	Region *string

	// The Amazon Web Services sources that are automatically enabled in Security Lake.
	//
	// This member is required.
	Sources []AwsLogSourceResource

	noSmithyDocumentSerde
}

// Provides details of Amazon Security Lake object.
type DataLakeConfiguration struct {

	// The Amazon Web Services Regions where Security Lake is automatically enabled.
	//
	// This member is required.
	Region *string

	// Provides encryption details of Amazon Security Lake object.
	EncryptionConfiguration *DataLakeEncryptionConfiguration

	// Provides lifecycle details of Amazon Security Lake object.
	LifecycleConfiguration *DataLakeLifecycleConfiguration

	// Provides replication details of Amazon Security Lake object.
	ReplicationConfiguration *DataLakeReplicationConfiguration

	noSmithyDocumentSerde
}

// Provides encryption details of Amazon Security Lake object.
type DataLakeEncryptionConfiguration struct {

	// The id of KMS encryption key used by Amazon Security Lake to encrypt the
	// Security Lake object.
	KmsKeyId *string

	noSmithyDocumentSerde
}

// The details for an Amazon Security Lake exception.
type DataLakeException struct {

	// The underlying exception of a Security Lake exception.
	Exception *string

	// The Amazon Web Services Regions where the exception occurred.
	Region *string

	// List of all remediation steps for a Security Lake exception.
	Remediation *string

	// This error can occur if you configure the wrong timestamp format, or if the
	// subset of entries used for validation had errors or missing values.
	Timestamp *time.Time

	noSmithyDocumentSerde
}

// Provides lifecycle details of Amazon Security Lake object.
type DataLakeLifecycleConfiguration struct {

	// Provides data expiration details of Amazon Security Lake object.
	Expiration *DataLakeLifecycleExpiration

	// Provides data storage transition details of Amazon Security Lake object.
	Transitions []DataLakeLifecycleTransition

	noSmithyDocumentSerde
}

// Provide expiration lifecycle details of Amazon Security Lake object.
type DataLakeLifecycleExpiration struct {

	// Number of days before data expires in the Amazon Security Lake object.
	Days *int32

	noSmithyDocumentSerde
}

// Provide transition lifecycle details of Amazon Security Lake object.
type DataLakeLifecycleTransition struct {

	// Number of days before data transitions to a different S3 Storage Class in the
	// Amazon Security Lake object.
	Days *int32

	// The range of storage classes that you can choose from based on the data access,
	// resiliency, and cost requirements of your workloads.
	StorageClass *string

	noSmithyDocumentSerde
}

// Provides replication details of Amazon Security Lake object.
type DataLakeReplicationConfiguration struct {

	// Replication enables automatic, asynchronous copying of objects across Amazon S3
	// buckets. Amazon S3 buckets that are configured for object replication can be
	// owned by the same Amazon Web Services account or by different accounts. You can
	// replicate objects to a single destination bucket or to multiple destination
	// buckets. The destination buckets can be in different Amazon Web Services Regions
	// or within the same Region as the source bucket. Set up one or more rollup
	// Regions by providing the Region or Regions that should contribute to the central
	// rollup Region.
	Regions []string

	// Replication settings for the Amazon S3 buckets. This parameter uses the
	// Identity and Access Management (IAM) role you created that is managed by
	// Security Lake, to ensure the replication setting is correct.
	RoleArn *string

	noSmithyDocumentSerde
}

// Provides details of Amazon Security Lake object.
type DataLakeResource struct {

	// The Amazon Resource Name (ARN) created by you to provide to the subscriber. For
	// more information about ARNs and how to use them in policies, see the Amazon
	// Security Lake User Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)
	// .
	//
	// This member is required.
	DataLakeArn *string

	// The Amazon Web Services Regions where Security Lake is enabled.
	//
	// This member is required.
	Region *string

	// Retrieves the status of the configuration operation for an account in Amazon
	// Security Lake.
	CreateStatus DataLakeStatus

	// Provides encryption details of Amazon Security Lake object.
	EncryptionConfiguration *DataLakeEncryptionConfiguration

	// Provides lifecycle details of Amazon Security Lake object.
	LifecycleConfiguration *DataLakeLifecycleConfiguration

	// Provides replication details of Amazon Security Lake object.
	ReplicationConfiguration *DataLakeReplicationConfiguration

	// The ARN for the Amazon Security Lake Amazon S3 bucket.
	S3BucketArn *string

	// The status of the last UpdateDataLake or DeleteDataLake API request.
	UpdateStatus *DataLakeUpdateStatus

	noSmithyDocumentSerde
}

// Amazon Security Lake collects logs and events from supported Amazon Web
// Services and custom sources. For the list of supported Amazon Web Services, see
// the Amazon Security Lake User Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html)
// .
type DataLakeSource struct {

	// The ID of the Security Lake account for which logs are collected.
	Account *string

	// The Open Cybersecurity Schema Framework (OCSF) event classes which describes
	// the type of data that the custom source will send to Security Lake. The
	// supported event classes are:
	//   - ACCESS_ACTIVITY
	//   - FILE_ACTIVITY
	//   - KERNEL_ACTIVITY
	//   - KERNEL_EXTENSION
	//   - MEMORY_ACTIVITY
	//   - MODULE_ACTIVITY
	//   - PROCESS_ACTIVITY
	//   - REGISTRY_KEY_ACTIVITY
	//   - REGISTRY_VALUE_ACTIVITY
	//   - RESOURCE_ACTIVITY
	//   - SCHEDULED_JOB_ACTIVITY
	//   - SECURITY_FINDING
	//   - ACCOUNT_CHANGE
	//   - AUTHENTICATION
	//   - AUTHORIZATION
	//   - ENTITY_MANAGEMENT_AUDIT
	//   - DHCP_ACTIVITY
	//   - NETWORK_ACTIVITY
	//   - DNS_ACTIVITY
	//   - FTP_ACTIVITY
	//   - HTTP_ACTIVITY
	//   - RDP_ACTIVITY
	//   - SMB_ACTIVITY
	//   - SSH_ACTIVITY
	//   - CONFIG_STATE
	//   - INVENTORY_INFO
	//   - EMAIL_ACTIVITY
	//   - API_ACTIVITY
	//   - CLOUD_API
	EventClasses []string

	// The supported Amazon Web Services from which logs and events are collected.
	// Amazon Security Lake supports log and event collection for natively supported
	// Amazon Web Services.
	SourceName *string

	// The log status for the Security Lake account.
	SourceStatuses []DataLakeSourceStatus

	noSmithyDocumentSerde
}

// Retrieves the Logs status for the Amazon Security Lake account.
type DataLakeSourceStatus struct {

	// Defines path the stored logs are available which has information on your
	// systems, applications, and services.
	Resource *string

	// The health status of services, including error codes and patterns.
	Status SourceCollectionStatus

	noSmithyDocumentSerde
}

// The details of the last UpdateDataLake or DeleteDataLake API request which
// failed.
type DataLakeUpdateException struct {

	// The reason code for the exception of the last UpdateDataLake or DeleteDataLake
	// API request.
	Code *string

	// The reason for the exception of the last UpdateDataLake or DeleteDataLake API
	// request.
	Reason *string

	noSmithyDocumentSerde
}

// The status of the last UpdateDataLake or DeleteDataLake API request. This is
// set to Completed after the configuration is updated, or removed if deletion of
// the data lake is successful.
type DataLakeUpdateStatus struct {

	// The details of the last UpdateDataLake or DeleteDataLake API request which
	// failed.
	Exception *DataLakeUpdateException

	// The unique ID for the last UpdateDataLake or DeleteDataLake API request.
	RequestId *string

	// The status of the last UpdateDataLake or DeleteDataLake API request that was
	// requested.
	Status DataLakeStatus

	noSmithyDocumentSerde
}

// The configurations for HTTPS subscriber notification.
type HttpsNotificationConfiguration struct {

	// The subscription endpoint in Security Lake. If you prefer notification with an
	// HTTPs endpoint, populate this field.
	//
	// This member is required.
	Endpoint *string

	// The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role
	// that you created. For more information about ARNs and how to use them in
	// policies, see Managing data access (https://docs.aws.amazon.com//security-lake/latest/userguide/subscriber-data-access.html)
	// and Amazon Web Services Managed Policies (https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html)
	// in the Amazon Security Lake User Guide.
	//
	// This member is required.
	TargetRoleArn *string

	// The key name for the notification subscription.
	AuthorizationApiKeyName *string

	// The key value for the notification subscription.
	AuthorizationApiKeyValue *string

	// The HTTPS method used for the notification subscription.
	HttpMethod HttpMethod

	noSmithyDocumentSerde
}

// Amazon Security Lake can collect logs and events from natively-supported Amazon
// Web Services services and custom sources.
type LogSource struct {

	// Specify the account from which you want to collect logs.
	Account *string

	// Specify the Regions from which you want to collect logs.
	Region *string

	// Specify the sources from which you want to collect logs.
	Sources []LogSourceResource

	noSmithyDocumentSerde
}

// The supported source types from which logs and events are collected in Amazon
// Security Lake. For a list of supported Amazon Web Services, see the Amazon
// Security Lake User Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html)
// .
//
// The following types satisfy this interface:
//
//	LogSourceResourceMemberAwsLogSource
//	LogSourceResourceMemberCustomLogSource
type LogSourceResource interface {
	isLogSourceResource()
}

// Amazon Security Lake supports log and event collection for natively supported
// Amazon Web Services. For more information, see the Amazon Security Lake User
// Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html)
// .
type LogSourceResourceMemberAwsLogSource struct {
	Value AwsLogSourceResource

	noSmithyDocumentSerde
}

func (*LogSourceResourceMemberAwsLogSource) isLogSourceResource() {}

// Amazon Security Lake supports custom source types. For more information, see
// the Amazon Security Lake User Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/custom-sources.html)
// .
type LogSourceResourceMemberCustomLogSource struct {
	Value CustomLogSourceResource

	noSmithyDocumentSerde
}

func (*LogSourceResourceMemberCustomLogSource) isLogSourceResource() {}

// Specify the configurations you want to use for subscriber notification to
// notify the subscriber when new data is written to the data lake for sources that
// the subscriber consumes in Security Lake.
//
// The following types satisfy this interface:
//
//	NotificationConfigurationMemberHttpsNotificationConfiguration
//	NotificationConfigurationMemberSqsNotificationConfiguration
type NotificationConfiguration interface {
	isNotificationConfiguration()
}

// The configurations for HTTPS subscriber notification.
type NotificationConfigurationMemberHttpsNotificationConfiguration struct {
	Value HttpsNotificationConfiguration

	noSmithyDocumentSerde
}

func (*NotificationConfigurationMemberHttpsNotificationConfiguration) isNotificationConfiguration() {}

// The configurations for SQS subscriber notification.
type NotificationConfigurationMemberSqsNotificationConfiguration struct {
	Value SqsNotificationConfiguration

	noSmithyDocumentSerde
}

func (*NotificationConfigurationMemberSqsNotificationConfiguration) isNotificationConfiguration() {}

// The configurations for SQS subscriber notification.
type SqsNotificationConfiguration struct {
	noSmithyDocumentSerde
}

// Provides details about the Amazon Security Lake account subscription.
// Subscribers are notified of new objects for a source as the data is written to
// your Amazon S3 bucket for Security Lake.
type SubscriberResource struct {

	// Amazon Security Lake supports log and event collection for natively supported
	// Amazon Web Services. For more information, see the Amazon Security Lake User
	// Guide (https://docs.aws.amazon.com/security-lake/latest/userguide/source-management.html)
	// .
	//
	// This member is required.
	Sources []LogSourceResource

	// The subscriber ARN of the Amazon Security Lake subscriber account.
	//
	// This member is required.
	SubscriberArn *string

	// The subscriber ID of the Amazon Security Lake subscriber account.
	//
	// This member is required.
	SubscriberId *string

	// The AWS identity used to access your data.
	//
	// This member is required.
	SubscriberIdentity *AwsIdentity

	// The name of your Amazon Security Lake subscriber account.
	//
	// This member is required.
	SubscriberName *string

	// You can choose to notify subscribers of new objects with an Amazon Simple Queue
	// Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by
	// the subscriber. Subscribers can consume data by directly querying Lake Formation
	// tables in your Amazon S3 bucket through services like Amazon Athena. This
	// subscription type is defined as LAKEFORMATION .
	AccessTypes []AccessType

	// The date and time when the subscriber was created.
	CreatedAt *time.Time

	// The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource
	// share. Before accepting the RAM resource share invitation, you can view details
	// related to the RAM resource share. This field is available only for Lake
	// Formation subscribers created after March 8, 2023.
	ResourceShareArn *string

	// The name of the resource share.
	ResourceShareName *string

	// The Amazon Resource Name (ARN) specifying the role of the subscriber.
	RoleArn *string

	// The ARN for the Amazon S3 bucket.
	S3BucketArn *string

	// The subscriber descriptions for a subscriber account. The description for a
	// subscriber includes subscriberName , accountID , externalID , and subscriberId .
	SubscriberDescription *string

	// The subscriber endpoint to which exception messages are posted.
	SubscriberEndpoint *string

	// The subscriber status of the Amazon Security Lake subscriber account.
	SubscriberStatus SubscriberStatus

	// The date and time when the subscriber was last updated.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// A tag is a label that you can define and associate with Amazon Web Services
// resources, including certain types of Amazon Security Lake resources. Tags can
// help you identify, categorize, and manage resources in different ways, such as
// by owner, environment, or other criteria. You can associate tags with the
// following types of Security Lake resources: subscribers, and the data lake
// configuration for your Amazon Web Services account in individual Amazon Web
// Services Regions. A resource can have up to 50 tags. Each tag consists of a
// required tag key and an associated tag value. A tag key is a general label that
// acts as a category for a more specific tag value. Each tag key must be unique
// and it can have only one tag value. A tag value acts as a descriptor for a tag
// key. Tag keys and values are case sensitive. They can contain letters, numbers,
// spaces, or the following symbols: _ . : / = + @ - For more information, see
// Tagging Amazon Security Lake resources (https://docs.aws.amazon.com/security-lake/latest/userguide/tagging-resources.html)
// in the Amazon Security Lake User Guide.
type Tag struct {

	// The name of the tag. This is a general label that acts as a category for a more
	// specific tag value ( value ).
	//
	// This member is required.
	Key *string

	// The value that’s associated with the specified tag key ( key ). This value acts
	// as a descriptor for the tag key. A tag value cannot be null, but it can be an
	// empty string.
	//
	// This member is required.
	Value *string

	noSmithyDocumentSerde
}

type noSmithyDocumentSerde = smithydocument.NoSerde

// UnknownUnionMember is returned when a union member is returned over the wire,
// but has an unknown tag.
type UnknownUnionMember struct {
	Tag   string
	Value []byte

	noSmithyDocumentSerde
}

func (*UnknownUnionMember) isLogSourceResource()         {}
func (*UnknownUnionMember) isNotificationConfiguration() {}