From 93b16b263265825a3a8afb39247d3d7355fd5b7d Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 13 Nov 2024 23:18:58 +0000 Subject: [PATCH] feat(client-cloudtrail): This release adds a new API GenerateQuery that generates a query from a natural language prompt about the event data in your event data store. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt. --- clients/client-cloudtrail/README.md | 8 + clients/client-cloudtrail/src/CloudTrail.ts | 17 + .../client-cloudtrail/src/CloudTrailClient.ts | 3 + .../src/commands/DescribeQueryCommand.ts | 1 + .../src/commands/GenerateQueryCommand.ts | 139 +++++ .../src/commands/RemoveTagsCommand.ts | 6 + .../client-cloudtrail/src/commands/index.ts | 1 + .../client-cloudtrail/src/models/models_0.ts | 563 ++++++------------ .../src/protocols/Aws_json1_1.ts | 64 ++ .../sdk-codegen/aws-models/cloudtrail.json | 141 ++++- 10 files changed, 554 insertions(+), 389 deletions(-) create mode 100644 clients/client-cloudtrail/src/commands/GenerateQueryCommand.ts diff --git a/clients/client-cloudtrail/README.md b/clients/client-cloudtrail/README.md index bb60f6685746..8b19d66556c9 100644 --- a/clients/client-cloudtrail/README.md +++ b/clients/client-cloudtrail/README.md @@ -330,6 +330,14 @@ EnableFederation [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cloudtrail/command/EnableFederationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/EnableFederationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/EnableFederationCommandOutput/) + +
+ +GenerateQuery + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cloudtrail/command/GenerateQueryCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/GenerateQueryCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/GenerateQueryCommandOutput/) +
diff --git a/clients/client-cloudtrail/src/CloudTrail.ts b/clients/client-cloudtrail/src/CloudTrail.ts index bef24d9cfa00..fa105460b4fe 100644 --- a/clients/client-cloudtrail/src/CloudTrail.ts +++ b/clients/client-cloudtrail/src/CloudTrail.ts @@ -57,6 +57,11 @@ import { EnableFederationCommandInput, EnableFederationCommandOutput, } from "./commands/EnableFederationCommand"; +import { + GenerateQueryCommand, + GenerateQueryCommandInput, + GenerateQueryCommandOutput, +} from "./commands/GenerateQueryCommand"; import { GetChannelCommand, GetChannelCommandInput, GetChannelCommandOutput } from "./commands/GetChannelCommand"; import { GetEventDataStoreCommand, @@ -196,6 +201,7 @@ const commands = { DescribeTrailsCommand, DisableFederationCommand, EnableFederationCommand, + GenerateQueryCommand, GetChannelCommand, GetEventDataStoreCommand, GetEventSelectorsCommand, @@ -429,6 +435,17 @@ export interface CloudTrail { cb: (err: any, data?: EnableFederationCommandOutput) => void ): void; + /** + * @see {@link GenerateQueryCommand} + */ + generateQuery(args: GenerateQueryCommandInput, options?: __HttpHandlerOptions): Promise; + generateQuery(args: GenerateQueryCommandInput, cb: (err: any, data?: GenerateQueryCommandOutput) => void): void; + generateQuery( + args: GenerateQueryCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: GenerateQueryCommandOutput) => void + ): void; + /** * @see {@link GetChannelCommand} */ diff --git a/clients/client-cloudtrail/src/CloudTrailClient.ts b/clients/client-cloudtrail/src/CloudTrailClient.ts index 6e2ff7350f52..6bf4b657813c 100644 --- a/clients/client-cloudtrail/src/CloudTrailClient.ts +++ b/clients/client-cloudtrail/src/CloudTrailClient.ts @@ -79,6 +79,7 @@ import { DescribeQueryCommandInput, DescribeQueryCommandOutput } from "./command import { DescribeTrailsCommandInput, DescribeTrailsCommandOutput } from "./commands/DescribeTrailsCommand"; import { DisableFederationCommandInput, DisableFederationCommandOutput } from "./commands/DisableFederationCommand"; import { EnableFederationCommandInput, EnableFederationCommandOutput } from "./commands/EnableFederationCommand"; +import { GenerateQueryCommandInput, GenerateQueryCommandOutput } from "./commands/GenerateQueryCommand"; import { GetChannelCommandInput, GetChannelCommandOutput } from "./commands/GetChannelCommand"; import { GetEventDataStoreCommandInput, GetEventDataStoreCommandOutput } from "./commands/GetEventDataStoreCommand"; import { GetEventSelectorsCommandInput, GetEventSelectorsCommandOutput } from "./commands/GetEventSelectorsCommand"; @@ -170,6 +171,7 @@ export type ServiceInputTypes = | DescribeTrailsCommandInput | DisableFederationCommandInput | EnableFederationCommandInput + | GenerateQueryCommandInput | GetChannelCommandInput | GetEventDataStoreCommandInput | GetEventSelectorsCommandInput @@ -224,6 +226,7 @@ export type ServiceOutputTypes = | DescribeTrailsCommandOutput | DisableFederationCommandOutput | EnableFederationCommandOutput + | GenerateQueryCommandOutput | GetChannelCommandOutput | GetEventDataStoreCommandOutput | GetEventSelectorsCommandOutput diff --git a/clients/client-cloudtrail/src/commands/DescribeQueryCommand.ts b/clients/client-cloudtrail/src/commands/DescribeQueryCommand.ts index 3deb71023574..ce533f36ed63 100644 --- a/clients/client-cloudtrail/src/commands/DescribeQueryCommand.ts +++ b/clients/client-cloudtrail/src/commands/DescribeQueryCommand.ts @@ -61,6 +61,7 @@ export interface DescribeQueryCommandOutput extends DescribeQueryResponse, __Met * // ErrorMessage: "STRING_VALUE", * // DeliveryS3Uri: "STRING_VALUE", * // DeliveryStatus: "SUCCESS" || "FAILED" || "FAILED_SIGNING_FILE" || "PENDING" || "RESOURCE_NOT_FOUND" || "ACCESS_DENIED" || "ACCESS_DENIED_SIGNING_FILE" || "CANCELLED" || "UNKNOWN", + * // Prompt: "STRING_VALUE", * // }; * * ``` diff --git a/clients/client-cloudtrail/src/commands/GenerateQueryCommand.ts b/clients/client-cloudtrail/src/commands/GenerateQueryCommand.ts new file mode 100644 index 000000000000..be7b2f05bbff --- /dev/null +++ b/clients/client-cloudtrail/src/commands/GenerateQueryCommand.ts @@ -0,0 +1,139 @@ +// smithy-typescript generated code +import { getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { Command as $Command } from "@smithy/smithy-client"; +import { MetadataBearer as __MetadataBearer } from "@smithy/types"; + +import { CloudTrailClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CloudTrailClient"; +import { commonParams } from "../endpoint/EndpointParameters"; +import { GenerateQueryRequest, GenerateQueryResponse } from "../models/models_0"; +import { de_GenerateQueryCommand, se_GenerateQueryCommand } from "../protocols/Aws_json1_1"; + +/** + * @public + */ +export type { __MetadataBearer }; +export { $Command }; +/** + * @public + * + * The input for {@link GenerateQueryCommand}. + */ +export interface GenerateQueryCommandInput extends GenerateQueryRequest {} +/** + * @public + * + * The output of {@link GenerateQueryCommand}. + */ +export interface GenerateQueryCommandOutput extends GenerateQueryResponse, __MetadataBearer {} + +/** + *

+ * Generates a query from a natural language prompt. This operation uses generative artificial intelligence + * (generative AI) to produce a ready-to-use SQL query from the prompt. + *

+ *

The prompt can be a question or a statement about the event data + * in your event data store. For example, you can enter prompts like "What are my + * top errors in the past month?" and “Give me a list of users that used SNS.”

+ *

The prompt must be in English. For information about limitations, permissions, and supported Regions, see + * Create CloudTrail Lake queries from natural language prompts + * in the CloudTrail user guide.

+ * + *

Do not include any personally identifying, confidential, or sensitive information + * in your prompts.

+ *

This feature uses generative AI large language models (LLMs); we recommend double-checking the + * LLM response.

+ * + * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { CloudTrailClient, GenerateQueryCommand } from "@aws-sdk/client-cloudtrail"; // ES Modules import + * // const { CloudTrailClient, GenerateQueryCommand } = require("@aws-sdk/client-cloudtrail"); // CommonJS import + * const client = new CloudTrailClient(config); + * const input = { // GenerateQueryRequest + * EventDataStores: [ // EventDataStoreList // required + * "STRING_VALUE", + * ], + * Prompt: "STRING_VALUE", // required + * }; + * const command = new GenerateQueryCommand(input); + * const response = await client.send(command); + * // { // GenerateQueryResponse + * // QueryStatement: "STRING_VALUE", + * // QueryAlias: "STRING_VALUE", + * // }; + * + * ``` + * + * @param GenerateQueryCommandInput - {@link GenerateQueryCommandInput} + * @returns {@link GenerateQueryCommandOutput} + * @see {@link GenerateQueryCommandInput} for command's `input` shape. + * @see {@link GenerateQueryCommandOutput} for command's `response` shape. + * @see {@link CloudTrailClientResolvedConfig | config} for CloudTrailClient's `config` shape. + * + * @throws {@link EventDataStoreARNInvalidException} (client fault) + *

The specified event data store ARN is not valid or does not map to an event data store + * in your account.

+ * + * @throws {@link EventDataStoreNotFoundException} (client fault) + *

The specified event data store was not found.

+ * + * @throws {@link GenerateResponseException} (client fault) + *

+ * This exception is thrown when a valid query could not be generated for the provided prompt. + *

+ * + * @throws {@link InactiveEventDataStoreException} (client fault) + *

The event data store is inactive.

+ * + * @throws {@link InvalidParameterException} (client fault) + *

The request includes a parameter that is not valid.

+ * + * @throws {@link NoManagementAccountSLRExistsException} (client fault) + *

This exception is thrown when the management account does not have a service-linked + * role.

+ * + * @throws {@link OperationNotPermittedException} (client fault) + *

This exception is thrown when the requested operation is not permitted.

+ * + * @throws {@link UnsupportedOperationException} (client fault) + *

This exception is thrown when the requested operation is not supported.

+ * + * @throws {@link CloudTrailServiceException} + *

Base exception class for all service exceptions from CloudTrail service.

+ * + * @public + */ +export class GenerateQueryCommand extends $Command + .classBuilder< + GenerateQueryCommandInput, + GenerateQueryCommandOutput, + CloudTrailClientResolvedConfig, + ServiceInputTypes, + ServiceOutputTypes + >() + .ep(commonParams) + .m(function (this: any, Command: any, cs: any, config: CloudTrailClientResolvedConfig, o: any) { + return [ + getSerdePlugin(config, this.serialize, this.deserialize), + getEndpointPlugin(config, Command.getEndpointParameterInstructions()), + ]; + }) + .s("CloudTrail_20131101", "GenerateQuery", {}) + .n("CloudTrailClient", "GenerateQueryCommand") + .f(void 0, void 0) + .ser(se_GenerateQueryCommand) + .de(de_GenerateQueryCommand) + .build() { + /** @internal type navigation helper, not in runtime. */ + protected declare static __types: { + api: { + input: GenerateQueryRequest; + output: GenerateQueryResponse; + }; + sdk: { + input: GenerateQueryCommandInput; + output: GenerateQueryCommandOutput; + }; + }; +} diff --git a/clients/client-cloudtrail/src/commands/RemoveTagsCommand.ts b/clients/client-cloudtrail/src/commands/RemoveTagsCommand.ts index b09d489e61dc..fe79cd41f044 100644 --- a/clients/client-cloudtrail/src/commands/RemoveTagsCommand.ts +++ b/clients/client-cloudtrail/src/commands/RemoveTagsCommand.ts @@ -74,6 +74,12 @@ export interface RemoveTagsCommandOutput extends RemoveTagsResponse, __MetadataB * arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890 *

* + * @throws {@link ConflictException} (client fault) + *

This exception is thrown when the specified resource is not ready for an operation. This + * can occur when you try to run an operation on a resource before CloudTrail has time + * to fully load the resource, or because another operation is modifying the resource. If this exception occurs, wait a few minutes, and then try the + * operation again.

+ * * @throws {@link EventDataStoreARNInvalidException} (client fault) *

The specified event data store ARN is not valid or does not map to an event data store * in your account.

diff --git a/clients/client-cloudtrail/src/commands/index.ts b/clients/client-cloudtrail/src/commands/index.ts index 182859f7efae..3f139798b60f 100644 --- a/clients/client-cloudtrail/src/commands/index.ts +++ b/clients/client-cloudtrail/src/commands/index.ts @@ -13,6 +13,7 @@ export * from "./DescribeQueryCommand"; export * from "./DescribeTrailsCommand"; export * from "./DisableFederationCommand"; export * from "./EnableFederationCommand"; +export * from "./GenerateQueryCommand"; export * from "./GetChannelCommand"; export * from "./GetEventDataStoreCommand"; export * from "./GetEventSelectorsCommand"; diff --git a/clients/client-cloudtrail/src/models/models_0.ts b/clients/client-cloudtrail/src/models/models_0.ts index 18eb02dd86e0..455a90525574 100644 --- a/clients/client-cloudtrail/src/models/models_0.ts +++ b/clients/client-cloudtrail/src/models/models_0.ts @@ -656,9 +656,16 @@ export interface AdvancedFieldSelector { *

A field in a CloudTrail event record on which to filter events to be logged. For * event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for * selecting events as filtering is not supported.

- *

For CloudTrail management events, supported fields include eventCategory (required), eventSource, and readOnly.

- *

For CloudTrail data events, supported fields include eventCategory (required), resources.type (required), eventName, readOnly, - * and resources.ARN.

+ *

For CloudTrail management events, supported fields include + * eventCategory (required), eventSource, and + * readOnly. The following additional fields are available for event data + * stores: eventName, eventType, + * sessionCredentialFromConsole, and userIdentity.arn.

+ *

For CloudTrail data events, supported fields include eventCategory + * (required), resources.type (required), eventName, + * readOnly, and resources.ARN. The following additional fields + * are available for event data stores: eventSource, eventType, + * sessionCredentialFromConsole, and userIdentity.arn.

*

For CloudTrail network activity events, supported fields include eventCategory (required), eventSource (required), eventName, * errorCode, and vpcEndpointId.

*

For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is @@ -679,10 +686,12 @@ export interface AdvancedFieldSelector { *

* * eventSource - * - This field is only used for management events and network activity events.

- *

For management events, this is an optional field that can be set to NotEquals + * - This field is only used for management events, data events (for event data stores only), and network activity events.

+ *

For management events for trails, this is an optional field that can be set to NotEquals * kms.amazonaws.com to exclude KMS management events, or NotEquals * rdsdata.amazonaws.com to exclude RDS management events.

+ *

For management and data events for event data stores, you can use it to include or + * exclude any event source and can use any operator.

*

For network activity events, this is a required field that only uses the * Equals operator. Set this field to the event source for which you want to * log network activity events. If you want to log network activity events for multiple @@ -716,7 +725,7 @@ export interface AdvancedFieldSelector { *

* * eventName - * - This is an optional field that is only used for data events and network activity events. You can use any operator with + * - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with * eventName. You can use it to filter in or filter out specific events. You can have * multiple values for this field, separated by commas.

* @@ -768,7 +777,7 @@ export interface AdvancedFieldSelector { * *
  • *

    - * For non-Amazon Web Services events, the value must be ActivityAuditLog. + * For events outside of Amazon Web Services, the value must be ActivityAuditLog. *

    *
    • * @@ -776,6 +785,16 @@ export interface AdvancedFieldSelector { *
  • *

    * + * eventType + * - This is an optional + * field available only for event data stores, which is used to filter management and + * data events on the event type. For information about available event types, see + * CloudTrail record contents in the CloudTrail user + * guide.

    + *
    • + *
  • + *

    + * * errorCode * - This field is only used to filter CloudTrail network activity events * and is optional. This is the error code to filter on. Currently, the only valid errorCode is VpceAccessDenied. @@ -784,388 +803,20 @@ export interface AdvancedFieldSelector { *

  • *

    * + * sessionCredentialFromConsole + * - This + * is an optional field available only for event data stores, which is used to filter + * management and data events based on whether the events originated from an Amazon Web Services Management Console session. sessionCredentialFromConsole can only use the + * Equals and NotEquals operators.

    + *
    • + *
  • + *

    + * * resources.type * - This field is * required for CloudTrail data events. resources.type can only * use the Equals operator.

    - *

    The value can be one of the following:

    - *
      - *
    • - *

      - * AWS::AppConfig::Configuration - *

      - *
      • - *
    • - *

      - * AWS::B2BI::Transformer - *

      - *
      • - *
    • - *

      - * AWS::Bedrock::AgentAlias - *

      - *
      • - *
    • - *

      - * AWS::Bedrock::FlowAlias - *

      - *
      • - *
    • - *

      - * AWS::Bedrock::Guardrail - *

      - *
      • - *
    • - *

      - * AWS::Bedrock::KnowledgeBase - *

      - *
      • - *
    • - *

      - * AWS::Cassandra::Table - *

      - *
      • - *
    • - *

      - * AWS::CloudFront::KeyValueStore - *

      - *
      • - *
    • - *

      - * AWS::CloudTrail::Channel - *

      - *
      • - *
    • - *

      - * AWS::CloudWatch::Metric - *

      - *
      • - *
    • - *

      - * AWS::CodeWhisperer::Customization - *

      - *
      • - *
    • - *

      - * AWS::CodeWhisperer::Profile - *

      - *
      • - *
    • - *

      - * AWS::Cognito::IdentityPool - *

      - *
      • - *
    • - *

      - * AWS::DynamoDB::Stream - *

      - *
      • - *
    • - *

      - * AWS::DynamoDB::Table - *

      - *
      • - *
    • - *

      - * AWS::EC2::Snapshot - *

      - *
      • - *
    • - *

      - * AWS::EMRWAL::Workspace - *

      - *
      • - *
    • - *

      - * AWS::FinSpace::Environment - *

      - *
      • - *
    • - *

      - * AWS::Glue::Table - *

      - *
      • - *
    • - *

      - * AWS::GreengrassV2::ComponentVersion - *

      - *
      • - *
    • - *

      - * AWS::GreengrassV2::Deployment - *

      - *
      • - *
    • - *

      - * AWS::GuardDuty::Detector - *

      - *
      • - *
    • - *

      - * AWS::IoT::Certificate - *

      - *
      • - *
    • - *

      - * AWS::IoT::Thing - *

      - *
      • - *
    • - *

      - * AWS::IoTSiteWise::Asset - *

      - *
      • - *
    • - *

      - * AWS::IoTSiteWise::TimeSeries - *

      - *
      • - *
    • - *

      - * AWS::IoTTwinMaker::Entity - *

      - *
      • - *
    • - *

      - * AWS::IoTTwinMaker::Workspace - *

      - *
      • - *
    • - *

      - * AWS::KendraRanking::ExecutionPlan - *

      - *
      • - *
    • - *

      - * AWS::Kinesis::Stream - *

      - *
      • - *
    • - *

      - * AWS::Kinesis::StreamConsumer - *

      - *
      • - *
    • - *

      - * AWS::KinesisVideo::Stream - *

      - *
      • - *
    • - *

      - * AWS::Lambda::Function - *

      - *
      • - *
    • - *

      - * AWS::MachineLearning::MlModel - *

      - *
      • - *
    • - *

      - * AWS::ManagedBlockchain::Network - *

      - *
      • - *
    • - *

      - * AWS::ManagedBlockchain::Node - *

      - *
      • - *
    • - *

      - * AWS::MedicalImaging::Datastore - *

      - *
      • - *
    • - *

      - * AWS::NeptuneGraph::Graph - *

      - *
      • - *
    • - *

      - * AWS::One::UKey - *

      - *
      • - *
    • - *

      - * AWS::One::User - *

      - *
      • - *
    • - *

      - * AWS::PaymentCryptography::Alias - *

      - *
      • - *
    • - *

      - * AWS::PaymentCryptography::Key - *

      - *
      • - *
    • - *

      - * AWS::PCAConnectorAD::Connector - *

      - *
      • - *
    • - *

      - * AWS::PCAConnectorSCEP::Connector - *

      - *
      • - *
    • - *

      - * AWS::QApps:QApp - *

      - *
      • - *
    • - *

      - * AWS::QBusiness::Application - *

      - *
      • - *
    • - *

      - * AWS::QBusiness::DataSource - *

      - *
      • - *
    • - *

      - * AWS::QBusiness::Index - *

      - *
      • - *
    • - *

      - * AWS::QBusiness::WebExperience - *

      - *
      • - *
    • - *

      - * AWS::RDS::DBCluster - *

      - *
      • - *
    • - *

      - * AWS::RUM::AppMonitor - *

      - *
      • - *
    • - *

      - * AWS::S3::AccessPoint - *

      - *
      • - *
    • - *

      - * AWS::S3::Object - *

      - *
      • - *
    • - *

      - * AWS::S3Express::Object - *

      - *
      • - *
    • - *

      - * AWS::S3ObjectLambda::AccessPoint - *

      - *
      • - *
    • - *

      - * AWS::S3Outposts::Object - *

      - *
      • - *
    • - *

      - * AWS::SageMaker::Endpoint - *

      - *
      • - *
    • - *

      - * AWS::SageMaker::ExperimentTrialComponent - *

      - *
      • - *
    • - *

      - * AWS::SageMaker::FeatureGroup - *

      - *
      • - *
    • - *

      - * AWS::ServiceDiscovery::Namespace - *

      - *
      • - *
    • - *

      - * AWS::ServiceDiscovery::Service - *

      - *
      • - *
    • - *

      - * AWS::SCN::Instance - *

      - *
      • - *
    • - *

      - * AWS::SNS::PlatformEndpoint - *

      - *
      • - *
    • - *

      - * AWS::SNS::Topic - *

      - *
      • - *
    • - *

      - * AWS::SQS::Queue - *

      - *
      • - *
    • - *

      - * AWS::SSM::ManagedNode - *

      - *
      • - *
    • - *

      - * AWS::SSMMessages::ControlChannel - *

      - *
      • - *
    • - *

      - * AWS::StepFunctions::StateMachine - *

      - *
      • - *
    • - *

      - * AWS::SWF::Domain - *

      - *
      • - *
    • - *

      - * AWS::ThinClient::Device - *

      - *
      • - *
    • - *

      - * AWS::ThinClient::Environment - *

      - *
      • - *
    • - *

      - * AWS::Timestream::Database - *

      - *
      • - *
    • - *

      - * AWS::Timestream::Table - *

      - *
      • - *
    • - *

      - * AWS::VerifiedPermissions::PolicyStore - *

      - *
      • - *
    • - *

      - * AWS::XRay::Trace - *

      - *
      • - *
    + *

    For a list of available resource types for data events, see Data events in the CloudTrail User Guide.

    *

    You can have only one resources.type field per selector. To log events on more than one resource type, add another selector.

    *
    • *
  • @@ -1188,6 +839,16 @@ export interface AdvancedFieldSelector { *
  • *

    * + * userIdentity.arn + * - This is an + * optional field available only for event data stores, which is used to filter + * management and data events on the userIdentity ARN. You can use any operator with + * userIdentity.arn. For more information on the userIdentity element, + * see CloudTrail userIdentity element in the CloudTrail User Guide.

    + *
    • + *
  • + *

    + * * vpcEndpointId * - This field is only used to filter CloudTrail network activity events * and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with vpcEndpointId.

    @@ -1266,6 +927,29 @@ export interface AdvancedFieldSelector { *

    *
    • * + *

    The following additional fields are available for event data stores:

    + *
      + *
    • + *

      + * eventName + *

      + *
      • + *
    • + *

      + * eventType + *

      + *
      • + *
    • + *

      + * sessionCredentialFromConsole + *

      + *
      • + *
    • + *

      + * userIdentity.arn + *

      + *
      • + *
    *

    * Supported CloudTrail event record fields for data events *

    @@ -1294,6 +978,29 @@ export interface AdvancedFieldSelector { *

    * * + *

    The following additional fields are available for event data stores:

    + *
      + *
    • + *

      + * eventSource + *

      + *
      • + *
    • + *

      + * eventType + *

      + *
      • + *
    • + *

      + * sessionCredentialFromConsole + *

      + *
      • + *
    • + *

      + * userIdentity.arn + *

      + *
      • + *
    *

    * Supported CloudTrail event record fields for network activity events *

    @@ -3491,6 +3198,16 @@ export interface DescribeQueryResponse { * @public */ DeliveryStatus?: DeliveryStatus | undefined; + + /** + *

    + * The prompt used for a generated query. For information about generated queries, see + * Create CloudTrail Lake queries from natural language prompts + * in the CloudTrail user guide. + *

    + * @public + */ + Prompt?: string | undefined; } /** @@ -3808,6 +3525,80 @@ export interface EnableFederationResponse { FederationRoleArn?: string | undefined; } +/** + * @public + */ +export interface GenerateQueryRequest { + /** + *

    + * The ARN (or ID suffix of the ARN) of the event data store + * that you want to query. You can only specify one event data store. + *

    + * @public + */ + EventDataStores: string[] | undefined; + + /** + *

    + * The prompt that you want to use to generate the query. The prompt must be in English. For example prompts, see + * Example prompts + * in the CloudTrail user guide. + *

    + * @public + */ + Prompt: string | undefined; +} + +/** + * @public + */ +export interface GenerateQueryResponse { + /** + *

    + * The SQL query statement generated from the prompt. + *

    + * @public + */ + QueryStatement?: string | undefined; + + /** + *

    + * An alias that identifies the prompt. When you run the StartQuery operation, you can pass in either the QueryAlias or + * QueryStatement parameter. + *

    + * @public + */ + QueryAlias?: string | undefined; +} + +/** + *

    + * This exception is thrown when a valid query could not be generated for the provided prompt. + *

    + * @public + */ +export class GenerateResponseException extends __BaseException { + readonly name: "GenerateResponseException" = "GenerateResponseException"; + readonly $fault: "client" = "client"; + /** + *

    Brief description of the exception returned by the request.

    + * @public + */ + Message?: string | undefined; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "GenerateResponseException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, GenerateResponseException.prototype); + this.Message = opts.Message; + } +} + /** * @public */ @@ -4198,7 +3989,7 @@ export interface DataResource { * *

    Additional resource types are available through advanced * event selectors. For more - * information about these additional resource types, see AdvancedFieldSelector.

    + * information, see AdvancedEventSelector.

    * @public */ Type?: string | undefined; diff --git a/clients/client-cloudtrail/src/protocols/Aws_json1_1.ts b/clients/client-cloudtrail/src/protocols/Aws_json1_1.ts index bf435f5651c4..ae442fc61ccd 100644 --- a/clients/client-cloudtrail/src/protocols/Aws_json1_1.ts +++ b/clients/client-cloudtrail/src/protocols/Aws_json1_1.ts @@ -49,6 +49,7 @@ import { DescribeQueryCommandInput, DescribeQueryCommandOutput } from "../comman import { DescribeTrailsCommandInput, DescribeTrailsCommandOutput } from "../commands/DescribeTrailsCommand"; import { DisableFederationCommandInput, DisableFederationCommandOutput } from "../commands/DisableFederationCommand"; import { EnableFederationCommandInput, EnableFederationCommandOutput } from "../commands/EnableFederationCommand"; +import { GenerateQueryCommandInput, GenerateQueryCommandOutput } from "../commands/GenerateQueryCommand"; import { GetChannelCommandInput, GetChannelCommandOutput } from "../commands/GetChannelCommand"; import { GetEventDataStoreCommandInput, GetEventDataStoreCommandOutput } from "../commands/GetEventDataStoreCommand"; import { GetEventSelectorsCommandInput, GetEventSelectorsCommandOutput } from "../commands/GetEventSelectorsCommand"; @@ -161,6 +162,8 @@ import { EventDataStoreNotFoundException, EventDataStoreTerminationProtectedException, EventSelector, + GenerateQueryRequest, + GenerateResponseException, GetChannelRequest, GetChannelResponse, GetEventDataStoreRequest, @@ -464,6 +467,19 @@ export const se_EnableFederationCommand = async ( return buildHttpRpcRequest(context, headers, "/", undefined, body); }; +/** + * serializeAws_json1_1GenerateQueryCommand + */ +export const se_GenerateQueryCommand = async ( + input: GenerateQueryCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const headers: __HeaderBag = sharedHeaders("GenerateQuery"); + let body: any; + body = JSON.stringify(_json(input)); + return buildHttpRpcRequest(context, headers, "/", undefined, body); +}; + /** * serializeAws_json1_1GetChannelCommand */ @@ -1199,6 +1215,26 @@ export const de_EnableFederationCommand = async ( return response; }; +/** + * deserializeAws_json1_1GenerateQueryCommand + */ +export const de_GenerateQueryCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode >= 300) { + return de_CommandError(output, context); + } + const data: any = await parseBody(output.body, context); + let contents: any = {}; + contents = _json(data); + const response: GenerateQueryCommandOutput = { + $metadata: deserializeMetadata(output), + ...contents, + }; + return response; +}; + /** * deserializeAws_json1_1GetChannelCommand */ @@ -2098,6 +2134,9 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): case "ConcurrentModificationException": case "com.amazonaws.cloudtrail#ConcurrentModificationException": throw await de_ConcurrentModificationExceptionRes(parsedOutput, context); + case "GenerateResponseException": + case "com.amazonaws.cloudtrail#GenerateResponseException": + throw await de_GenerateResponseExceptionRes(parsedOutput, context); case "ImportNotFoundException": case "com.amazonaws.cloudtrail#ImportNotFoundException": throw await de_ImportNotFoundExceptionRes(parsedOutput, context); @@ -2565,6 +2604,22 @@ const de_EventDataStoreTerminationProtectedExceptionRes = async ( return __decorateServiceException(exception, body); }; +/** + * deserializeAws_json1_1GenerateResponseExceptionRes + */ +const de_GenerateResponseExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const body = parsedOutput.body; + const deserialized: any = _json(body); + const exception = new GenerateResponseException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized, + }); + return __decorateServiceException(exception, body); +}; + /** * deserializeAws_json1_1ImportNotFoundExceptionRes */ @@ -3533,12 +3588,16 @@ const de_UnsupportedOperationExceptionRes = async ( // se_EnableFederationRequest omitted. +// se_EventDataStoreList omitted. + // se_EventSelector omitted. // se_EventSelectors omitted. // se_ExcludeManagementEventSources omitted. +// se_GenerateQueryRequest omitted. + // se_GetChannelRequest omitted. // se_GetEventDataStoreRequest omitted. @@ -3796,6 +3855,7 @@ const de_DescribeQueryResponse = (output: any, context: __SerdeContext): Describ DeliveryS3Uri: __expectString, DeliveryStatus: __expectString, ErrorMessage: __expectString, + Prompt: __expectString, QueryId: __expectString, QueryStatistics: (_: any) => de_QueryStatisticsForDescribeQuery(_, context), QueryStatus: __expectString, @@ -3892,6 +3952,10 @@ const de_EventsList = (output: any, context: __SerdeContext): Event[] => { // de_ExcludeManagementEventSources omitted. +// de_GenerateQueryResponse omitted. + +// de_GenerateResponseException omitted. + /** * deserializeAws_json1_1GetChannelResponse */ diff --git a/codegen/sdk-codegen/aws-models/cloudtrail.json b/codegen/sdk-codegen/aws-models/cloudtrail.json index cca59e1397cf..5437a95ed93c 100644 --- a/codegen/sdk-codegen/aws-models/cloudtrail.json +++ b/codegen/sdk-codegen/aws-models/cloudtrail.json @@ -251,7 +251,7 @@ } }, "traits": { - "smithy.api#documentation": "

    Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those\n events that are important to you. For more information about configuring advanced event selectors, see\n the Logging data events, Logging network activity events, and Logging management events topics in the CloudTrail User Guide.

    \n

    You cannot apply both event selectors and advanced event selectors to a trail.

    \n

    \n Supported CloudTrail event record fields for management events\n

    \n
      \n
    • \n

      \n eventCategory (required)

      \n
      • \n
    • \n

      \n eventSource\n

      \n
      • \n
    • \n

      \n readOnly\n

      \n
      • \n
    \n

    \n Supported CloudTrail event record fields for data events\n

    \n
      \n
    • \n

      \n eventCategory (required)

      \n
      • \n
    • \n

      \n resources.type (required)

      \n
      • \n
    • \n

      \n readOnly\n

      \n
      • \n
    • \n

      \n eventName\n

      \n
      • \n
    • \n

      \n resources.ARN\n

      \n
      • \n
    \n

    \n Supported CloudTrail event record fields for network activity events\n

    \n \n

    Network activity events is in preview release for CloudTrail and is subject to change.

    \n     \n
      \n
    • \n

      \n eventCategory (required)

      \n
      • \n
    • \n

      \n eventSource (required)

      \n
      • \n
    • \n

      \n eventName\n

      \n
      • \n
    • \n

      \n errorCode - The only valid value for errorCode is VpceAccessDenied.

      \n
      • \n
    • \n

      \n vpcEndpointId\n

      \n
      • \n
    \n \n

    For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.

    \n     " + "smithy.api#documentation": "

    Advanced event selectors let you create fine-grained selectors for CloudTrail management, data, and network activity events. They help you control costs by logging only those\n events that are important to you. For more information about configuring advanced event selectors, see\n the Logging data events, Logging network activity events, and Logging management events topics in the CloudTrail User Guide.

    \n

    You cannot apply both event selectors and advanced event selectors to a trail.

    \n

    \n Supported CloudTrail event record fields for management events\n

    \n
      \n
    • \n

      \n eventCategory (required)

      \n
      • \n
    • \n

      \n eventSource\n

      \n
      • \n
    • \n

      \n readOnly\n

      \n
      • \n
    \n

    The following additional fields are available for event data stores:

    \n
      \n
    • \n

      \n eventName\n

      \n
      • \n
    • \n

      \n eventType\n

      \n
      • \n
    • \n

      \n sessionCredentialFromConsole\n

      \n
      • \n
    • \n

      \n userIdentity.arn\n

      \n
      • \n
    \n

    \n Supported CloudTrail event record fields for data events\n

    \n
      \n
    • \n

      \n eventCategory (required)

      \n
      • \n
    • \n

      \n resources.type (required)

      \n
      • \n
    • \n

      \n readOnly\n

      \n
      • \n
    • \n

      \n eventName\n

      \n
      • \n
    • \n

      \n resources.ARN\n

      \n
      • \n
    \n

    The following additional fields are available for event data stores:

    \n
      \n
    • \n

      \n eventSource\n

      \n
      • \n
    • \n

      \n eventType\n

      \n
      • \n
    • \n

      \n sessionCredentialFromConsole\n

      \n
      • \n
    • \n

      \n userIdentity.arn\n

      \n
      • \n
    \n

    \n Supported CloudTrail event record fields for network activity events\n

    \n \n

    Network activity events is in preview release for CloudTrail and is subject to change.

    \n     \n
      \n
    • \n

      \n eventCategory (required)

      \n
      • \n
    • \n

      \n eventSource (required)

      \n
      • \n
    • \n

      \n eventName\n

      \n
      • \n
    • \n

      \n errorCode - The only valid value for errorCode is VpceAccessDenied.

      \n
      • \n
    • \n

      \n vpcEndpointId\n

      \n
      • \n
    \n \n

    For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.

    \n     " } }, "com.amazonaws.cloudtrail#AdvancedEventSelectors": { @@ -266,7 +266,7 @@ "Field": { "target": "com.amazonaws.cloudtrail#SelectorField", "traits": { - "smithy.api#documentation": "

    A field in a CloudTrail event record on which to filter events to be logged. For\n event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for\n selecting events as filtering is not supported.

    \n

    For CloudTrail management events, supported fields include eventCategory (required), eventSource, and readOnly.

    \n

    For CloudTrail data events, supported fields include eventCategory (required), resources.type (required), eventName, readOnly,\n and resources.ARN.

    \n

    For CloudTrail network activity events, supported fields include eventCategory (required), eventSource (required), eventName,\n errorCode, and vpcEndpointId.

    \n

    For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.

    \n
      \n
    • \n

      \n \n readOnly\n - This is an optional field that is only used for management events and data events. This field can be set to\n Equals with a value of true or false. If you do\n not add this field, CloudTrail logs both read and\n write events. A value of true logs only\n read events. A value of false logs only\n write events.

      \n
      • \n
    • \n

      \n \n eventSource\n - This field is only used for management events and network activity events.

      \n

      For management events, this is an optional field that can be set to NotEquals\n kms.amazonaws.com to exclude KMS management events, or NotEquals\n rdsdata.amazonaws.com to exclude RDS management events.

      \n

      For network activity events, this is a required field that only uses the\n Equals operator. Set this field to the event source for which you want to\n log network activity events. If you want to log network activity events for multiple\n event sources, you must create a separate field selector for each event\n source.

      \n

      The following are valid values for network activity events:

      \n
        \n
      • \n

        \n cloudtrail.amazonaws.com\n

        \n
        • \n
      • \n

        \n ec2.amazonaws.com\n

        \n
        • \n
      • \n

        \n kms.amazonaws.com\n

        \n
        • \n
      • \n

        \n secretsmanager.amazonaws.com\n

        \n
        • \n
      \n
      • \n
    • \n

      \n \n eventName\n - This is an optional field that is only used for data events and network activity events. You can use any operator with \n eventName. You can use it to filter in or filter out specific events. You can have\n multiple values for this field, separated by commas.

      \n
      • \n
    • \n

      \n \n eventCategory\n - This field is required and\n must be set to Equals. \n

      \n
        \n
      • \n

        \n For CloudTrail management events, the value\n must be Management. \n

        \n
        • \n
      • \n

        \n For CloudTrail data events, the value\n must be Data. \n

        \n
        • \n
      • \n

        \n For CloudTrail network activity events, the value\n must be NetworkActivity. \n

        \n
        • \n
      \n

      The following are used only for event data stores:

      \n
        \n
      • \n

        \n For CloudTrail Insights events, the value\n must be Insight. \n

        \n
        • \n
      • \n

        \n For Config\n configuration items, the value must be ConfigurationItem.\n

        \n
        • \n
      • \n

        \n For Audit Manager evidence, the value must be Evidence.\n

        \n
        • \n
      • \n

        \n For non-Amazon Web Services events, the value must be ActivityAuditLog.\n

        \n
        • \n
      \n
      • \n
    • \n

      \n \n errorCode\n - This field is only used to filter CloudTrail network activity events\n and is optional. This is the error code to filter on. Currently, the only valid errorCode is VpceAccessDenied. \n errorCode can only use the Equals operator.

      \n
      • \n
    • \n

      \n \n resources.type\n - This field is\n required for CloudTrail data events. resources.type can only\n use the Equals operator.

      \n

      The value can be one of the following:

      \n
        \n
      • \n

        \n AWS::AppConfig::Configuration\n

        \n
        • \n
      • \n

        \n AWS::B2BI::Transformer\n

        \n
        • \n
      • \n

        \n AWS::Bedrock::AgentAlias\n

        \n
        • \n
      • \n

        \n AWS::Bedrock::FlowAlias\n

        \n
        • \n
      • \n

        \n AWS::Bedrock::Guardrail\n

        \n
        • \n
      • \n

        \n AWS::Bedrock::KnowledgeBase\n

        \n
        • \n
      • \n

        \n AWS::Cassandra::Table\n

        \n
        • \n
      • \n

        \n AWS::CloudFront::KeyValueStore\n

        \n
        • \n
      • \n

        \n AWS::CloudTrail::Channel\n

        \n
        • \n
      • \n

        \n AWS::CloudWatch::Metric\n

        \n
        • \n
      • \n

        \n AWS::CodeWhisperer::Customization\n

        \n
        • \n
      • \n

        \n AWS::CodeWhisperer::Profile\n

        \n
        • \n
      • \n

        \n AWS::Cognito::IdentityPool\n

        \n
        • \n
      • \n

        \n AWS::DynamoDB::Stream\n

        \n
        • \n
      • \n

        \n AWS::DynamoDB::Table\n

        \n
        • \n
      • \n

        \n AWS::EC2::Snapshot\n

        \n
        • \n
      • \n

        \n AWS::EMRWAL::Workspace\n

        \n
        • \n
      • \n

        \n AWS::FinSpace::Environment\n

        \n
        • \n
      • \n

        \n AWS::Glue::Table\n

        \n
        • \n
      • \n

        \n AWS::GreengrassV2::ComponentVersion\n

        \n
        • \n
      • \n

        \n AWS::GreengrassV2::Deployment\n

        \n
        • \n
      • \n

        \n AWS::GuardDuty::Detector\n

        \n
        • \n
      • \n

        \n AWS::IoT::Certificate\n

        \n
        • \n
      • \n

        \n AWS::IoT::Thing\n

        \n
        • \n
      • \n

        \n AWS::IoTSiteWise::Asset\n

        \n
        • \n
      • \n

        \n AWS::IoTSiteWise::TimeSeries\n

        \n
        • \n
      • \n

        \n AWS::IoTTwinMaker::Entity\n

        \n
        • \n
      • \n

        \n AWS::IoTTwinMaker::Workspace\n

        \n
        • \n
      • \n

        \n AWS::KendraRanking::ExecutionPlan\n

        \n
        • \n
      • \n

        \n AWS::Kinesis::Stream\n

        \n
        • \n
      • \n

        \n AWS::Kinesis::StreamConsumer\n

        \n
        • \n
      • \n

        \n AWS::KinesisVideo::Stream\n

        \n
        • \n
      • \n

        \n AWS::Lambda::Function\n

        \n
        • \n
      • \n

        \n AWS::MachineLearning::MlModel\n

        \n
        • \n
      • \n

        \n AWS::ManagedBlockchain::Network\n

        \n
        • \n
      • \n

        \n AWS::ManagedBlockchain::Node\n

        \n
        • \n
      • \n

        \n AWS::MedicalImaging::Datastore\n

        \n
        • \n
      • \n

        \n AWS::NeptuneGraph::Graph\n

        \n
        • \n
      • \n

        \n AWS::One::UKey\n

        \n
        • \n
      • \n

        \n AWS::One::User\n

        \n
        • \n
      • \n

        \n AWS::PaymentCryptography::Alias\n

        \n
        • \n
      • \n

        \n AWS::PaymentCryptography::Key\n

        \n
        • \n
      • \n

        \n AWS::PCAConnectorAD::Connector\n

        \n
        • \n
      • \n

        \n AWS::PCAConnectorSCEP::Connector\n

        \n
        • \n
      • \n

        \n AWS::QApps:QApp\n

        \n
        • \n
      • \n

        \n AWS::QBusiness::Application\n

        \n
        • \n
      • \n

        \n AWS::QBusiness::DataSource\n

        \n
        • \n
      • \n

        \n AWS::QBusiness::Index\n

        \n
        • \n
      • \n

        \n AWS::QBusiness::WebExperience\n

        \n
        • \n
      • \n

        \n AWS::RDS::DBCluster\n

        \n
        • \n
      • \n

        \n AWS::RUM::AppMonitor\n

        \n
        • \n
      • \n

        \n AWS::S3::AccessPoint\n

        \n
        • \n
      • \n

        \n AWS::S3::Object\n

        \n
        • \n
      • \n

        \n AWS::S3Express::Object\n

        \n
        • \n
      • \n

        \n AWS::S3ObjectLambda::AccessPoint\n

        \n
        • \n
      • \n

        \n AWS::S3Outposts::Object\n

        \n
        • \n
      • \n

        \n AWS::SageMaker::Endpoint\n

        \n
        • \n
      • \n

        \n AWS::SageMaker::ExperimentTrialComponent\n

        \n
        • \n
      • \n

        \n AWS::SageMaker::FeatureGroup\n

        \n
        • \n
      • \n

        \n AWS::ServiceDiscovery::Namespace \n

        \n
        • \n
      • \n

        \n AWS::ServiceDiscovery::Service\n

        \n
        • \n
      • \n

        \n AWS::SCN::Instance\n

        \n
        • \n
      • \n

        \n AWS::SNS::PlatformEndpoint\n

        \n
        • \n
      • \n

        \n AWS::SNS::Topic\n

        \n
        • \n
      • \n

        \n AWS::SQS::Queue\n

        \n
        • \n
      • \n

        \n AWS::SSM::ManagedNode\n

        \n
        • \n
      • \n

        \n AWS::SSMMessages::ControlChannel\n

        \n
        • \n
      • \n

        \n AWS::StepFunctions::StateMachine\n

        \n
        • \n
      • \n

        \n AWS::SWF::Domain\n

        \n
        • \n
      • \n

        \n AWS::ThinClient::Device\n

        \n
        • \n
      • \n

        \n AWS::ThinClient::Environment\n

        \n
        • \n
      • \n

        \n AWS::Timestream::Database\n

        \n
        • \n
      • \n

        \n AWS::Timestream::Table\n

        \n
        • \n
      • \n

        \n AWS::VerifiedPermissions::PolicyStore\n

        \n
        • \n
      • \n

        \n AWS::XRay::Trace\n

        \n
        • \n
      \n

      You can have only one resources.type field per selector. To log events on more than one resource type, add another selector.

      \n
      • \n
    • \n

      \n \n resources.ARN\n - The resources.ARN is an optional field for \n data events. You can use any\n operator with resources.ARN, but if you use Equals or\n NotEquals, the value must exactly match the ARN of a valid resource\n of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, \n use the StartsWith operator, and include only the bucket ARN as the matching value.

      \n

      For information about filtering data events on the resources.ARN field, see \n Filtering data \n events by resources.ARN in the CloudTrail User Guide.

      \n \n

      You can't use the resources.ARN field to filter resource types that do not have ARNs.

      \n       \n
      • \n
    • \n

      \n \n vpcEndpointId\n - This field is only used to filter CloudTrail network activity events\n and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with vpcEndpointId.

      \n
      • \n
    ", + "smithy.api#documentation": "

    A field in a CloudTrail event record on which to filter events to be logged. For\n event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for\n selecting events as filtering is not supported.

    \n

    For CloudTrail management events, supported fields include\n eventCategory (required), eventSource, and\n readOnly. The following additional fields are available for event data\n stores: eventName, eventType,\n sessionCredentialFromConsole, and userIdentity.arn.

    \n

    For CloudTrail data events, supported fields include eventCategory\n (required), resources.type (required), eventName,\n readOnly, and resources.ARN. The following additional fields\n are available for event data stores: eventSource, eventType,\n sessionCredentialFromConsole, and userIdentity.arn.

    \n

    For CloudTrail network activity events, supported fields include eventCategory (required), eventSource (required), eventName,\n errorCode, and vpcEndpointId.

    \n

    For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is\n eventCategory.

    \n
      \n
    • \n

      \n \n readOnly\n - This is an optional field that is only used for management events and data events. This field can be set to\n Equals with a value of true or false. If you do\n not add this field, CloudTrail logs both read and\n write events. A value of true logs only\n read events. A value of false logs only\n write events.

      \n
      • \n
    • \n

      \n \n eventSource\n - This field is only used for management events, data events (for event data stores only), and network activity events.

      \n

      For management events for trails, this is an optional field that can be set to NotEquals\n kms.amazonaws.com to exclude KMS management events, or NotEquals\n rdsdata.amazonaws.com to exclude RDS management events.

      \n

      For management and data events for event data stores, you can use it to include or\n exclude any event source and can use any operator.

      \n

      For network activity events, this is a required field that only uses the\n Equals operator. Set this field to the event source for which you want to\n log network activity events. If you want to log network activity events for multiple\n event sources, you must create a separate field selector for each event\n source.

      \n

      The following are valid values for network activity events:

      \n
        \n
      • \n

        \n cloudtrail.amazonaws.com\n

        \n
        • \n
      • \n

        \n ec2.amazonaws.com\n

        \n
        • \n
      • \n

        \n kms.amazonaws.com\n

        \n
        • \n
      • \n

        \n secretsmanager.amazonaws.com\n

        \n
        • \n
      \n
      • \n
    • \n

      \n \n eventName\n - This is an optional field that is only used for data events, management events (for event data stores only), and network activity events. You can use any operator with \n eventName. You can use it to filter in or filter out specific events. You can have\n multiple values for this field, separated by commas.

      \n
      • \n
    • \n

      \n \n eventCategory\n - This field is required and\n must be set to Equals. \n

      \n
        \n
      • \n

        \n For CloudTrail management events, the value\n must be Management. \n

        \n
        • \n
      • \n

        \n For CloudTrail data events, the value\n must be Data. \n

        \n
        • \n
      • \n

        \n For CloudTrail network activity events, the value\n must be NetworkActivity. \n

        \n
        • \n
      \n

      The following are used only for event data stores:

      \n
        \n
      • \n

        \n For CloudTrail Insights events, the value\n must be Insight. \n

        \n
        • \n
      • \n

        \n For Config\n configuration items, the value must be ConfigurationItem.\n

        \n
        • \n
      • \n

        \n For Audit Manager evidence, the value must be Evidence.\n

        \n
        • \n
      • \n

        \n For events outside of Amazon Web Services, the value must be ActivityAuditLog.\n

        \n
        • \n
      \n
      • \n
    • \n

      \n \n eventType\n - This is an optional\n field available only for event data stores, which is used to filter management and\n data events on the event type. For information about available event types, see\n CloudTrail record contents in the CloudTrail user\n guide.

      \n
      • \n
    • \n

      \n \n errorCode\n - This field is only used to filter CloudTrail network activity events\n and is optional. This is the error code to filter on. Currently, the only valid errorCode is VpceAccessDenied. \n errorCode can only use the Equals operator.

      \n
      • \n
    • \n

      \n \n sessionCredentialFromConsole\n - This\n is an optional field available only for event data stores, which is used to filter\n management and data events based on whether the events originated from an Amazon Web Services Management Console session. sessionCredentialFromConsole can only use the\n Equals and NotEquals operators.

      \n
      • \n
    • \n

      \n \n resources.type\n - This field is\n required for CloudTrail data events. resources.type can only\n use the Equals operator.

      \n

      For a list of available resource types for data events, see Data events in the CloudTrail User Guide.

      \n

      You can have only one resources.type field per selector. To log events on more than one resource type, add another selector.

      \n
      • \n
    • \n

      \n \n resources.ARN\n - The resources.ARN is an optional field for \n data events. You can use any\n operator with resources.ARN, but if you use Equals or\n NotEquals, the value must exactly match the ARN of a valid resource\n of the type you've specified in the template as the value of resources.type. To log all data events for all objects in a specific S3 bucket, \n use the StartsWith operator, and include only the bucket ARN as the matching value.

      \n

      For information about filtering data events on the resources.ARN field, see \n Filtering data \n events by resources.ARN in the CloudTrail User Guide.

      \n \n

      You can't use the resources.ARN field to filter resource types that do not have ARNs.

      \n       \n
      • \n
    • \n

      \n \n userIdentity.arn\n - This is an\n optional field available only for event data stores, which is used to filter\n management and data events on the userIdentity ARN. You can use any operator with\n userIdentity.arn. For more information on the userIdentity element,\n see CloudTrail userIdentity element in the CloudTrail User Guide.

      \n
      • \n
    • \n

      \n \n vpcEndpointId\n - This field is only used to filter CloudTrail network activity events\n and is optional. This field identifies the VPC endpoint that the request passed through. You can use any operator with vpcEndpointId.

      \n
      • \n
    ", "smithy.api#required": {} } }, @@ -708,6 +708,9 @@ { "target": "com.amazonaws.cloudtrail#EnableFederation" }, + { + "target": "com.amazonaws.cloudtrail#GenerateQuery" + }, { "target": "com.amazonaws.cloudtrail#GetChannel" }, @@ -2545,7 +2548,7 @@ "Type": { "target": "com.amazonaws.cloudtrail#String", "traits": { - "smithy.api#documentation": "

    The resource type in which you want to log data events. You can specify the following\n basic event selector resource types:

    \n
      \n
    • \n

      \n AWS::DynamoDB::Table\n

      \n
      • \n
    • \n

      \n AWS::Lambda::Function\n

      \n
      • \n
    • \n

      \n AWS::S3::Object\n

      \n
      • \n
    \n

    Additional resource types are available through advanced\n event selectors. For more\n information about these additional resource types, see AdvancedFieldSelector.

    " + "smithy.api#documentation": "

    The resource type in which you want to log data events. You can specify the following\n basic event selector resource types:

    \n
      \n
    • \n

      \n AWS::DynamoDB::Table\n

      \n
      • \n
    • \n

      \n AWS::Lambda::Function\n

      \n
      • \n
    • \n

      \n AWS::S3::Object\n

      \n
      • \n
    \n

    Additional resource types are available through advanced\n event selectors. For more\n information, see AdvancedEventSelector.

    " } }, "Values": { @@ -3100,6 +3103,12 @@ "traits": { "smithy.api#documentation": "

    The delivery status.

    " } + }, + "Prompt": { + "target": "com.amazonaws.cloudtrail#Prompt", + "traits": { + "smithy.api#documentation": "

    \n The prompt used for a generated query. For information about generated queries, see \n Create CloudTrail Lake queries from natural language prompts \n in the CloudTrail user guide.\n

    " + } } }, "traits": { @@ -3722,6 +3731,18 @@ "smithy.api#pattern": "^[a-zA-Z0-9._/\\-:]+$" } }, + "com.amazonaws.cloudtrail#EventDataStoreList": { + "type": "list", + "member": { + "target": "com.amazonaws.cloudtrail#EventDataStoreArn" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 1 + } + } + }, "com.amazonaws.cloudtrail#EventDataStoreMaxLimitExceededException": { "type": "structure", "members": { @@ -3948,6 +3969,107 @@ } } }, + "com.amazonaws.cloudtrail#GenerateQuery": { + "type": "operation", + "input": { + "target": "com.amazonaws.cloudtrail#GenerateQueryRequest" + }, + "output": { + "target": "com.amazonaws.cloudtrail#GenerateQueryResponse" + }, + "errors": [ + { + "target": "com.amazonaws.cloudtrail#EventDataStoreARNInvalidException" + }, + { + "target": "com.amazonaws.cloudtrail#EventDataStoreNotFoundException" + }, + { + "target": "com.amazonaws.cloudtrail#GenerateResponseException" + }, + { + "target": "com.amazonaws.cloudtrail#InactiveEventDataStoreException" + }, + { + "target": "com.amazonaws.cloudtrail#InvalidParameterException" + }, + { + "target": "com.amazonaws.cloudtrail#NoManagementAccountSLRExistsException" + }, + { + "target": "com.amazonaws.cloudtrail#OperationNotPermittedException" + }, + { + "target": "com.amazonaws.cloudtrail#UnsupportedOperationException" + } + ], + "traits": { + "smithy.api#documentation": "

    \n Generates a query from a natural language prompt. This operation uses generative artificial intelligence\n (generative AI) to produce a ready-to-use SQL query from the prompt.\n

    \n

    The prompt can be a question or a statement about the event data\n in your event data store. For example, you can enter prompts like \"What are my\n top errors in the past month?\" and “Give me a list of users that used SNS.”

    \n

    The prompt must be in English. For information about limitations, permissions, and supported Regions, see \n Create CloudTrail Lake queries from natural language prompts \n in the CloudTrail user guide.

    \n \n

    Do not include any personally identifying, confidential, or sensitive information\n in your prompts.

    \n

    This feature uses generative AI large language models (LLMs); we recommend double-checking the\n LLM response.

    \n     ", + "smithy.api#idempotent": {} + } + }, + "com.amazonaws.cloudtrail#GenerateQueryRequest": { + "type": "structure", + "members": { + "EventDataStores": { + "target": "com.amazonaws.cloudtrail#EventDataStoreList", + "traits": { + "smithy.api#documentation": "

    \n The ARN (or ID suffix of the ARN) of the event data store\n that you want to query. You can only specify one event data store.\n

    ", + "smithy.api#required": {} + } + }, + "Prompt": { + "target": "com.amazonaws.cloudtrail#Prompt", + "traits": { + "smithy.api#documentation": "

    \n The prompt that you want to use to generate the query. The prompt must be in English. For example prompts, see \n Example prompts \n in the CloudTrail user guide.\n

    ", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.cloudtrail#GenerateQueryResponse": { + "type": "structure", + "members": { + "QueryStatement": { + "target": "com.amazonaws.cloudtrail#QueryStatement", + "traits": { + "smithy.api#documentation": "

    \n The SQL query statement generated from the prompt.\n

    " + } + }, + "QueryAlias": { + "target": "com.amazonaws.cloudtrail#QueryAlias", + "traits": { + "smithy.api#documentation": "

    \n An alias that identifies the prompt. When you run the StartQuery operation, you can pass in either the QueryAlias or \n QueryStatement parameter.\n

    " + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.cloudtrail#GenerateResponseException": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.cloudtrail#ErrorMessage", + "traits": { + "smithy.api#documentation": "

    Brief description of the exception returned by the request.

    " + } + } + }, + "traits": { + "aws.protocols#awsQueryError": { + "code": "GenerateResponse", + "httpResponseCode": 400 + }, + "smithy.api#documentation": "

    \n This exception is thrown when a valid query could not be generated for the provided prompt. \n

    ", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, "com.amazonaws.cloudtrail#GetChannel": { "type": "operation", "input": { @@ -7281,6 +7403,16 @@ "smithy.api#pattern": "^[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*$" } }, + "com.amazonaws.cloudtrail#Prompt": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 3, + "max": 500 + }, + "smithy.api#pattern": "^[ -~\\n]*$" + } + }, "com.amazonaws.cloudtrail#PublicKey": { "type": "structure", "members": { @@ -7971,6 +8103,9 @@ { "target": "com.amazonaws.cloudtrail#CloudTrailARNInvalidException" }, + { + "target": "com.amazonaws.cloudtrail#ConflictException" + }, { "target": "com.amazonaws.cloudtrail#EventDataStoreARNInvalidException" },