Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and - * monitoring accounts by using CloudWatch cross-account observability. With - * CloudWatch cross-account observability, you can monitor and troubleshoot applications that span - * multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, - * logs, traces, and Application Insights applications in any of the linked accounts without account boundaries.
+ * monitoring accounts by using CloudWatch cross-account observability. With + * CloudWatch cross-account observability, you can monitor and troubleshoot applications that span + * multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, + * logs, traces, and Application Insights applications in any of the linked accounts without account boundaries. *Set up one or more Amazon Web Services accounts as monitoring - * accounts and link them with multiple source accounts. A - * monitoring account is a central Amazon Web Services account that can view and interact with - * observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. - * Source accounts share their observability data with the monitoring account. The shared - * observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights.
+ * accounts and link them with multiple source accounts. A + * monitoring account is a central Amazon Web Services account that can view and interact with + * observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. + * Source accounts share their observability data with the monitoring account. The shared + * observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights. * @public */ export class OAM extends OAMClient implements OAM {} diff --git a/clients/client-oam/src/OAMClient.ts b/clients/client-oam/src/OAMClient.ts index 776b450d80c5..fd31824db3c0 100644 --- a/clients/client-oam/src/OAMClient.ts +++ b/clients/client-oam/src/OAMClient.ts @@ -295,16 +295,16 @@ export interface OAMClientResolvedConfig extends OAMClientResolvedConfigType {} /** *Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and - * monitoring accounts by using CloudWatch cross-account observability. With - * CloudWatch cross-account observability, you can monitor and troubleshoot applications that span - * multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, - * logs, traces, and Application Insights applications in any of the linked accounts without account boundaries.
+ * monitoring accounts by using CloudWatch cross-account observability. With + * CloudWatch cross-account observability, you can monitor and troubleshoot applications that span + * multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, + * logs, traces, and Application Insights applications in any of the linked accounts without account boundaries. *Set up one or more Amazon Web Services accounts as monitoring - * accounts and link them with multiple source accounts. A - * monitoring account is a central Amazon Web Services account that can view and interact with - * observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. - * Source accounts share their observability data with the monitoring account. The shared - * observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights.
+ * accounts and link them with multiple source accounts. A + * monitoring account is a central Amazon Web Services account that can view and interact with + * observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. + * Source accounts share their observability data with the monitoring account. The shared + * observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights. * @public */ export class OAMClient extends __Client< diff --git a/clients/client-oam/src/commands/CreateLinkCommand.ts b/clients/client-oam/src/commands/CreateLinkCommand.ts index 10c4067a4cf3..f4be078fb80c 100644 --- a/clients/client-oam/src/commands/CreateLinkCommand.ts +++ b/clients/client-oam/src/commands/CreateLinkCommand.ts @@ -27,14 +27,16 @@ export interface CreateLinkCommandInput extends CreateLinkInput {} export interface CreateLinkCommandOutput extends CreateLinkOutput, __MetadataBearer {} /** - *Creates a link between a source account and a sink that you have created in a monitoring account.
+ *Creates a link between a source account and a sink that you have created in a monitoring account. After the link is created, + * data is sent from the source account to the monitoring account. When you create a link, you can optionally specify filters + * that specify which metric namespaces and which log groups are shared from the source account to the monitoring account.
*Before you create a link, you must create a sink in the monitoring account and create a - * sink policy in that account. The sink policy must permit the source account to link to it. You - * can grant permission to source accounts by granting permission to an entire organization or to - * individual accounts.
+ * sink policy in that account. The sink policy must permit the source account to link to it. You + * can grant permission to source accounts by granting permission to an entire organization or to + * individual accounts. *For more information, see - * CreateSink and - * PutSinkPolicy.
+ * CreateSink and + * PutSinkPolicy. *Each monitoring account can be linked to as many as 100,000 source accounts.
*Each source account can be linked to as many as five monitoring accounts.
* @example @@ -52,6 +54,14 @@ export interface CreateLinkCommandOutput extends CreateLinkOutput, __MetadataBea * Tags: { // TagMapInput * "Use this to create a sink in the current account, so that it can be - * used as a monitoring account in CloudWatch cross-account observability. A sink is a resource that - * represents an attachment point in a monitoring account. Source accounts can link to the sink - * to send observability data.
+ * used as a monitoring account in CloudWatch cross-account observability. A sink is a resource that + * represents an attachment point in a monitoring account. Source accounts can link to the sink + * to send observability data. *After you create a sink, you must create a sink policy that allows source accounts to attach to it. - * For more information, see PutSinkPolicy.
- *Each account can contain one sink. If you delete a sink, you can then create a new one in that account.
+ * For more information, see PutSinkPolicy. + *Each account can contain one sink per Region. If you delete a sink, you can then create a new one in that Region.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-oam/src/commands/DeleteLinkCommand.ts b/clients/client-oam/src/commands/DeleteLinkCommand.ts index fa1113b57d70..44550930bb65 100644 --- a/clients/client-oam/src/commands/DeleteLinkCommand.ts +++ b/clients/client-oam/src/commands/DeleteLinkCommand.ts @@ -28,7 +28,7 @@ export interface DeleteLinkCommandOutput extends DeleteLinkOutput, __MetadataBea /** *Deletes a link between a monitoring account sink and a source account. You must run this operation - * in the source account.
+ * in the source account. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-oam/src/commands/GetLinkCommand.ts b/clients/client-oam/src/commands/GetLinkCommand.ts index 8994c5c3de7f..400d54f786a2 100644 --- a/clients/client-oam/src/commands/GetLinkCommand.ts +++ b/clients/client-oam/src/commands/GetLinkCommand.ts @@ -52,6 +52,14 @@ export interface GetLinkCommandOutput extends GetLinkOutput, __MetadataBearer {} * // Tags: { // TagMapOutput * // "Returns the current sink policy attached to this sink. The sink policy specifies what - * accounts can attach to this sink as source accounts, and what types of data they can share.
+ * accounts can attach to this sink as source accounts, and what types of data they can share. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-oam/src/commands/ListLinksCommand.ts b/clients/client-oam/src/commands/ListLinksCommand.ts index 4f970c802477..86a0cb75f814 100644 --- a/clients/client-oam/src/commands/ListLinksCommand.ts +++ b/clients/client-oam/src/commands/ListLinksCommand.ts @@ -28,7 +28,7 @@ export interface ListLinksCommandOutput extends ListLinksOutput, __MetadataBeare /** *Use this operation in a source account to return a list of links to monitoring account sinks that - * this source account has.
+ * this source account has. *To find a list of links for one monitoring account sink, use ListAttachedLinks from within the monitoring account.
* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-oam/src/commands/PutSinkPolicyCommand.ts b/clients/client-oam/src/commands/PutSinkPolicyCommand.ts index ca1bcb14a5fa..d244cec832ba 100644 --- a/clients/client-oam/src/commands/PutSinkPolicyCommand.ts +++ b/clients/client-oam/src/commands/PutSinkPolicyCommand.ts @@ -28,15 +28,15 @@ export interface PutSinkPolicyCommandOutput extends PutSinkPolicyOutput, __Metad /** *Creates or updates the resource policy that grants permissions to source - * accounts to link to the monitoring account sink. When you create a sink policy, you can grant - * permissions to all accounts in an organization or to individual accounts.
+ * accounts to link to the monitoring account sink. When you create a sink policy, you can grant + * permissions to all accounts in an organization or to individual accounts. *You can also use a sink policy to limit the types of data that is shared. The three types that - * you can allow or deny are:
+ * you can allow or deny are: *
* Metrics - Specify with
- * AWS::CloudWatch::Metric
+ * AWS::CloudWatch::Metric
*
Assigns one or more tags (key-value pairs) to the specified resource. - * Both sinks and links can be tagged.
+ * Both sinks and links can be tagged. *Tags can help you organize and categorize your resources. You can also use them to scope user - * permissions by granting a user - * permission to access or change only resources with certain tag values.
+ * permissions by granting a user + * permission to access or change only resources with certain tag values. *Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
*You can use the TagResource action with a resource that already has tags. If you specify a new tag key for the alarm,
- * this tag is appended to the list of tags associated
- * with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces
- * the previous value for that tag.
You can associate as many as 50 tags with a resource.
*Unlike tagging permissions in other Amazon Web Services services, to tag or untag links and
- * sinks you must have the oam:ResourceTag permission. The
- * iam:ResourceTag permission does not allow you to tag and untag links and
- * sinks.
oam:ResourceTag permission. The
+ * iam:ResourceTag permission does not allow you to tag and untag links and
+ * sinks.
* Removes one or more tags from the specified resource.
*Unlike tagging permissions in other Amazon Web Services services, to tag or untag links and
- * sinks you must have the oam:ResourceTag permission. The
- * iam:TagResource permission does not allow you to tag and untag links and
- * sinks.
oam:ResourceTag permission. The
+ * iam:TagResource permission does not allow you to tag and untag links and
+ * sinks.
* Use this operation to change what types of data are shared from a source account to its linked - * monitoring account sink. You can't change the sink or change the monitoring account with this operation.
+ * monitoring account sink. You can't change the sink or change the monitoring account with this operation. + *When you update a link, you can optionally specify filters + * that specify which metric namespaces and which log groups are shared from the source account to the monitoring account.
*To update the list of tags associated with the sink, use - * TagResource.
+ * TagResource. * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -42,6 +44,14 @@ export interface UpdateLinkCommandOutput extends UpdateLinkOutput, __MetadataBea * ResourceTypes: [ // ResourceTypesInput // required * "AWS::CloudWatch::Metric" || "AWS::Logs::LogGroup" || "AWS::XRay::Trace" || "AWS::ApplicationInsights::Application" || "AWS::InternetMonitor::Monitor", * ], + * LinkConfiguration: { // LinkConfiguration + * LogGroupConfiguration: { // LogGroupConfiguration + * Filter: "STRING_VALUE", // required + * }, + * MetricConfiguration: { // MetricConfiguration + * Filter: "STRING_VALUE", // required + * }, + * }, * }; * const command = new UpdateLinkCommand(input); * const response = await client.send(command); @@ -57,6 +67,14 @@ export interface UpdateLinkCommandOutput extends UpdateLinkOutput, __MetadataBea * // Tags: { // TagMapOutput * // "Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and - * monitoring accounts by using CloudWatch cross-account observability. With - * CloudWatch cross-account observability, you can monitor and troubleshoot applications that span - * multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, - * logs, traces, and Application Insights applications in any of the linked accounts without account boundaries.
+ * monitoring accounts by using CloudWatch cross-account observability. With + * CloudWatch cross-account observability, you can monitor and troubleshoot applications that span + * multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, + * logs, traces, and Application Insights applications in any of the linked accounts without account boundaries. *Set up one or more Amazon Web Services accounts as monitoring - * accounts and link them with multiple source accounts. A - * monitoring account is a central Amazon Web Services account that can view and interact with - * observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. - * Source accounts share their observability data with the monitoring account. The shared - * observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights.
+ * accounts and link them with multiple source accounts. A + * monitoring account is a central Amazon Web Services account that can view and interact with + * observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it. + * Source accounts share their observability data with the monitoring account. The shared + * observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights. * * @packageDocumentation */ diff --git a/clients/client-oam/src/models/models_0.ts b/clients/client-oam/src/models/models_0.ts index 36a4f18292da..c08f143b9a5e 100644 --- a/clients/client-oam/src/models/models_0.ts +++ b/clients/client-oam/src/models/models_0.ts @@ -31,6 +31,152 @@ export class ConflictException extends __BaseException { } } +/** + *This structure contains the Filter parameter which you can use to specify which log groups are to
+ * share log events from this source account to the monitoring account.
Use this field to specify which log groups are to share their log events with the monitoring account. Use the term LogGroupName and one or
+ * more of the following operands. Use single quotation marks (') around log group names. The matching of log group names is case sensitive.
+ * Each filter has a limit of five conditional operands. Conditional operands are AND and OR.
+ * = and !=
+ *
+ * AND
+ *
+ * OR
+ *
+ * LIKE and NOT LIKE. These can be used only as prefix searches. Include a % at the end
+ * of the string that you want to search for and include.
+ * IN and NOT IN, using parentheses ( )
+ *
Examples:
+ *
+ * LogGroupName IN ('This-Log-Group', 'Other-Log-Group') includes only the log groups with names This-Log-Group and
+ * Other-Log-Group.
+ * LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2') includes all log groups except the log groups with names Private-Log-Group and
+ * Private-Log-Group-2.
+ * LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%' includes all log groups that have names that start with aws/lambda/ or
+ * AWSLogs.
If you are updating a link that uses filters, you can specify * as the only value for the
+ * filter parameter to delete the filter and share all log groups with the monitoring account.
This structure contains the Filter parameter which you can use to specify which metric namespaces are to
+ * be shared from this source account to the monitoring account.
Use this field to specify which metrics are to be shared with the monitoring account. Use the term Namespace and one or
+ * more of the following operands. Use single quotation marks (') around namespace names. The matching of namespace names is case sensitive.
+ * Each filter has a limit of five conditional operands. Conditional operands are AND and OR.
+ * = and !=
+ *
+ * AND
+ *
+ * OR
+ *
+ * LIKE and NOT LIKE. These can be used only as prefix searches. Include a % at the end
+ * of the string that you want to search for and include.
+ * IN and NOT IN, using parentheses ( )
+ *
Examples:
+ *
+ * Namespace NOT LIKE 'AWS/%' includes only namespaces that don't start with AWS/, such as custom namespaces.
+ * Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3') includes only the metrics in the EC2, Elastic Load Balancing, and Amazon S3 namespaces.
+ * Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%' includes only the EC2 namespace and your custom namespaces.
If you are updating a link that uses filters, you can specify * as the only value for the
+ * filter parameter to delete the filter and share all metric namespaces with the monitoring account.
Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from + * the source account to the monitoring account.
+ * @public + */ +export interface LinkConfiguration { + /** + *Use this structure to filter which log groups are to send log events from + * the source account to the monitoring account.
+ * @public + */ + LogGroupConfiguration?: LogGroupConfiguration; + + /** + *Use this structure to filter which metric namespaces are to be shared from + * the source account to the monitoring account.
+ * @public + */ + MetricConfiguration?: MetricConfiguration; +} + /** * @public * @enum @@ -54,7 +200,7 @@ export type ResourceType = (typeof ResourceType)[keyof typeof ResourceType]; export interface CreateLinkInput { /** *Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring - * account.
+ * account. *You can use a custom label or use the following variables:
*An array of strings that define which types of data that the source account shares with the monitoring - * account.
+ * account. * @public */ ResourceTypes: ResourceType[] | undefined; @@ -84,7 +230,7 @@ export interface CreateLinkInput { /** *The ARN of the sink to use to create this link. You can use ListSinks to find the ARNs of sinks.
*For more information about sinks, see - * CreateSink.
+ * CreateSink. * @public */ SinkIdentifier: string | undefined; @@ -92,13 +238,20 @@ export interface CreateLinkInput { /** *Assigns one or more tags (key-value pairs) to the link.
*Tags can help you organize and categorize your resources. You can also use them to scope user - * permissions by granting a user - * permission to access or change only resources with certain tag values.
+ * permissions by granting a user + * permission to access or change only resources with certain tag values. *For more information about using tags to control access, see - * Controlling access to Amazon Web Services resources using tags.
+ * Controlling access to Amazon Web Services resources using tags. * @public */ Tags?: RecordUse this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from + * the source account to the monitoring account.
+ * @public + */ + LinkConfiguration?: LinkConfiguration; } /** @@ -119,7 +272,7 @@ export interface CreateLinkOutput { /** *The label that you assigned to this link. If the labelTemplate includes variables,
- * this field displays the variables resolved to their actual values.
This structure includes filters that specify which metric namespaces and which log groups are shared from + * the source account to the monitoring account.
+ * @public + */ + LinkConfiguration?: LinkConfiguration; } /** @@ -272,10 +432,10 @@ export interface CreateSinkInput { /** *Assigns one or more tags (key-value pairs) to the link.
*Tags can help you organize and categorize your resources. You can also use them to scope user - * permissions by granting a user - * permission to access or change only resources with certain tag values.
+ * permissions by granting a user + * permission to access or change only resources with certain tag values. *For more information about using tags to control access, see - * Controlling access to Amazon Web Services resources using tags.
+ * Controlling access to Amazon Web Services resources using tags. * @public */ Tags?: RecordThis structure includes filters that specify which metric namespaces and which log groups are shared from + * the source account to the monitoring account.
+ * @public + */ + LinkConfiguration?: LinkConfiguration; } /** @@ -527,7 +694,7 @@ export interface ListAttachedLinksInput { /** *A structure that contains information about one link attached to this monitoring - * account sink.
+ * account sink. * @public */ export interface ListAttachedLinksItem { @@ -702,20 +869,20 @@ export interface ListTagsForResourceInput { /** *The ARN of the resource that you want to view tags for.
*The ARN format of a sink is
- * arn:aws:oam:Region:account-id:sink/sink-id
+ * arn:aws:oam:Region:account-id:sink/sink-id
*
*
The ARN format of a link is
- * arn:aws:oam:Region:account-id:link/link-id
+ * arn:aws:oam:Region:account-id:link/link-id
*
*
For more information about ARN format, see CloudWatch Logs - * resources and operations.
+ * resources and operations. *Unlike tagging permissions in other Amazon Web Services services, to retrieve the list of tags
- * for links or sinks you must have the oam:RequestTag permission. The
- * aws:ReguestTag permission does not allow you to tag and untag links and
- * sinks.
oam:RequestTag permission. The
+ * aws:ReguestTag permission does not allow you to tag and untag links and
+ * sinks.
* The JSON policy to use. If you are updating an existing policy, the entire existing policy is - * replaced by what you specify here.
+ * replaced by what you specify here. *The policy must be in JSON string format with quotation marks escaped and no newlines.
*For examples of different types of policies, see the Examples section on this page.
* @public @@ -805,15 +972,15 @@ export interface TagResourceInput { /** *The ARN of the resource that you're adding tags to.
*The ARN format of a sink is
- * arn:aws:oam:Region:account-id:sink/sink-id
+ * arn:aws:oam:Region:account-id:sink/sink-id
*
*
The ARN format of a link is
- * arn:aws:oam:Region:account-id:link/link-id
+ * arn:aws:oam:Region:account-id:link/link-id
*
*
For more information about ARN format, see CloudWatch Logs - * resources and operations.
+ * resources and operations. * @public */ ResourceArn: string | undefined; @@ -859,15 +1026,15 @@ export interface UntagResourceInput { /** *The ARN of the resource that you're removing tags from.
*The ARN format of a sink is
- * arn:aws:oam:Region:account-id:sink/sink-id
+ * arn:aws:oam:Region:account-id:sink/sink-id
*
*
The ARN format of a link is
- * arn:aws:oam:Region:account-id:link/link-id
+ * arn:aws:oam:Region:account-id:link/link-id
*
*
For more information about ARN format, see CloudWatch Logs - * resources and operations.
+ * resources and operations. * @public */ ResourceArn: string | undefined; @@ -896,11 +1063,18 @@ export interface UpdateLinkInput { /** *An array of strings that define which types of data that the source account will send to the monitoring - * account.
+ * account. *Your input here replaces the current set of data types that are shared.
* @public */ ResourceTypes: ResourceType[] | undefined; + + /** + *Use this structure to filter which metric namespaces and which log groups are to be shared from + * the source account to the monitoring account.
+ * @public + */ + LinkConfiguration?: LinkConfiguration; } /** @@ -948,4 +1122,11 @@ export interface UpdateLinkOutput { * @public */ Tags?: RecordThis structure includes filters that specify which metric namespaces and which log groups are shared from + * the source account to the monitoring account.
+ * @public + */ + LinkConfiguration?: LinkConfiguration; } diff --git a/clients/client-oam/src/protocols/Aws_restJson1.ts b/clients/client-oam/src/protocols/Aws_restJson1.ts index 97b33c634ef6..fcc0346c39f1 100644 --- a/clients/client-oam/src/protocols/Aws_restJson1.ts +++ b/clients/client-oam/src/protocols/Aws_restJson1.ts @@ -43,6 +43,9 @@ import { ConflictException, InternalServiceFault, InvalidParameterException, + LinkConfiguration, + LogGroupConfiguration, + MetricConfiguration, MissingRequiredParameterException, ResourceNotFoundException, ResourceType, @@ -68,6 +71,7 @@ export const se_CreateLinkCommand = async ( body = JSON.stringify( take(input, { LabelTemplate: [], + LinkConfiguration: (_) => _json(_), ResourceTypes: (_) => _json(_), SinkIdentifier: [], Tags: (_) => _json(_), @@ -380,6 +384,7 @@ export const se_UpdateLinkCommand = async ( body = JSON.stringify( take(input, { Identifier: [], + LinkConfiguration: (_) => _json(_), ResourceTypes: (_) => _json(_), }) ); @@ -406,6 +411,7 @@ export const de_CreateLinkCommand = async ( Id: __expectString, Label: __expectString, LabelTemplate: __expectString, + LinkConfiguration: _json, ResourceTypes: _json, SinkArn: __expectString, Tags: _json, @@ -491,6 +497,7 @@ export const de_GetLinkCommand = async ( Id: __expectString, Label: __expectString, LabelTemplate: __expectString, + LinkConfiguration: _json, ResourceTypes: _json, SinkArn: __expectString, Tags: _json, @@ -709,6 +716,7 @@ export const de_UpdateLinkCommand = async ( Id: __expectString, Label: __expectString, LabelTemplate: __expectString, + LinkConfiguration: _json, ResourceTypes: _json, SinkArn: __expectString, Tags: _json, @@ -928,10 +936,18 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont return __decorateServiceException(exception, parsedOutput.body); }; +// se_LinkConfiguration omitted. + +// se_LogGroupConfiguration omitted. + +// se_MetricConfiguration omitted. + // se_ResourceTypesInput omitted. // se_TagMapInput omitted. +// de_LinkConfiguration omitted. + // de_ListAttachedLinksItem omitted. // de_ListAttachedLinksItems omitted. @@ -944,6 +960,10 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont // de_ListSinksItems omitted. +// de_LogGroupConfiguration omitted. + +// de_MetricConfiguration omitted. + // de_ResourceTypesOutput omitted. // de_TagMapOutput omitted. diff --git a/codegen/sdk-codegen/aws-models/oam.json b/codegen/sdk-codegen/aws-models/oam.json index 6518c4e27aae..3b358800349a 100644 --- a/codegen/sdk-codegen/aws-models/oam.json +++ b/codegen/sdk-codegen/aws-models/oam.json @@ -54,7 +54,7 @@ ], "traits": { "aws.iam#conditionKeys": ["aws:TagKeys", "aws:RequestTag/${TagKey}", "oam:ResourceTypes"], - "smithy.api#documentation": "Creates a link between a source account and a sink that you have created in a monitoring account.
\nBefore you create a link, you must create a sink in the monitoring account and create a\n sink policy in that account. The sink policy must permit the source account to link to it. You\n can grant permission to source accounts by granting permission to an entire organization or to\n individual accounts.
\nFor more information, see\n CreateSink and\n PutSinkPolicy.
\nEach monitoring account can be linked to as many as 100,000 source accounts.
\nEach source account can be linked to as many as five monitoring accounts.
", + "smithy.api#documentation": "Creates a link between a source account and a sink that you have created in a monitoring account. After the link is created, \n data is sent from the source account to the monitoring account. When you create a link, you can optionally specify filters\n that specify which metric namespaces and which log groups are shared from the source account to the monitoring account.
\nBefore you create a link, you must create a sink in the monitoring account and create a\n sink policy in that account. The sink policy must permit the source account to link to it. You\n can grant permission to source accounts by granting permission to an entire organization or to\n individual accounts.
\nFor more information, see \n CreateSink and\n PutSinkPolicy.
\nEach monitoring account can be linked to as many as 100,000 source accounts.
\nEach source account can be linked to as many as five monitoring accounts.
", "smithy.api#http": { "method": "POST", "uri": "/CreateLink" @@ -67,28 +67,34 @@ "LabelTemplate": { "target": "com.amazonaws.oam#LabelTemplate", "traits": { - "smithy.api#documentation": "Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring\n account.
\nYou can use a custom label or use the following variables:
\n\n $AccountName is the name of the account
\n $AccountEmail is the globally unique email address of the account
\n $AccountEmailNoDomain is the email address of the account without the domain name
Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring\n account.
\nYou can use a custom label or use the following variables:
\n\n $AccountName is the name of the account
\n $AccountEmail is the globally unique email address of the account
\n $AccountEmailNoDomain is the email address of the account without the domain name
An array of strings that define which types of data that the source account shares with the monitoring\n account.
", + "smithy.api#documentation": "An array of strings that define which types of data that the source account shares with the monitoring \n account.
", "smithy.api#required": {} } }, "SinkIdentifier": { "target": "com.amazonaws.oam#ResourceIdentifier", "traits": { - "smithy.api#documentation": "The ARN of the sink to use to create this link. You can use ListSinks to find the ARNs of sinks.
\nFor more information about sinks, see\n CreateSink.
", + "smithy.api#documentation": "The ARN of the sink to use to create this link. You can use ListSinks to find the ARNs of sinks.
\nFor more information about sinks, see \n CreateSink.
", "smithy.api#required": {} } }, "Tags": { "target": "com.amazonaws.oam#TagMapInput", "traits": { - "smithy.api#documentation": "Assigns one or more tags (key-value pairs) to the link.
\nTags can help you organize and categorize your resources. You can also use them to scope user\n permissions by granting a user\n permission to access or change only resources with certain tag values.
\nFor more information about using tags to control access, see\n Controlling access to Amazon Web Services resources using tags.
" + "smithy.api#documentation": "Assigns one or more tags (key-value pairs) to the link.
\nTags can help you organize and categorize your resources. You can also use them to scope user\n permissions by granting a user\n permission to access or change only resources with certain tag values.
\nFor more information about using tags to control access, see \n Controlling access to Amazon Web Services resources using tags.
" + } + }, + "LinkConfiguration": { + "target": "com.amazonaws.oam#LinkConfiguration", + "traits": { + "smithy.api#documentation": "Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from \n the source account to the monitoring account.
" } } }, @@ -114,7 +120,7 @@ "Label": { "target": "smithy.api#String", "traits": { - "smithy.api#documentation": "The label that you assigned to this link. If the labelTemplate includes variables,\n this field displays the variables resolved to their actual values.
The label that you assigned to this link. If the labelTemplate includes variables, \n this field displays the variables resolved to their actual values.
The tags assigned to the link.
" } + }, + "LinkConfiguration": { + "target": "com.amazonaws.oam#LinkConfiguration", + "traits": { + "smithy.api#documentation": "This structure includes filters that specify which metric namespaces and which log groups are shared from \n the source account to the monitoring account.
" + } } }, "traits": { @@ -173,7 +185,7 @@ ], "traits": { "aws.iam#conditionKeys": ["aws:TagKeys", "aws:RequestTag/${TagKey}"], - "smithy.api#documentation": "Use this to create a sink in the current account, so that it can be\n used as a monitoring account in CloudWatch cross-account observability. A sink is a resource that\n represents an attachment point in a monitoring account. Source accounts can link to the sink\n to send observability data.
\nAfter you create a sink, you must create a sink policy that allows source accounts to attach to it.\n For more information, see PutSinkPolicy.
\nEach account can contain one sink. If you delete a sink, you can then create a new one in that account.
", + "smithy.api#documentation": "Use this to create a sink in the current account, so that it can be\n used as a monitoring account in CloudWatch cross-account observability. A sink is a resource that\n represents an attachment point in a monitoring account. Source accounts can link to the sink\n to send observability data.
\nAfter you create a sink, you must create a sink policy that allows source accounts to attach to it. \n For more information, see PutSinkPolicy.
\nEach account can contain one sink per Region. If you delete a sink, you can then create a new one in that Region.
", "smithy.api#http": { "method": "POST", "uri": "/CreateSink" @@ -193,7 +205,7 @@ "Tags": { "target": "com.amazonaws.oam#TagMapInput", "traits": { - "smithy.api#documentation": "Assigns one or more tags (key-value pairs) to the link.
\nTags can help you organize and categorize your resources. You can also use them to scope user\n permissions by granting a user\n permission to access or change only resources with certain tag values.
\nFor more information about using tags to control access, see\n Controlling access to Amazon Web Services resources using tags.
" + "smithy.api#documentation": "Assigns one or more tags (key-value pairs) to the link.
\nTags can help you organize and categorize your resources. You can also use them to scope user\n permissions by granting a user\n permission to access or change only resources with certain tag values.
\nFor more information about using tags to control access, see \n Controlling access to Amazon Web Services resources using tags.
" } } }, @@ -257,7 +269,7 @@ ], "traits": { "aws.iam#conditionKeys": ["aws:ResourceTag/${TagKey}"], - "smithy.api#documentation": "Deletes a link between a monitoring account sink and a source account. You must run this operation\n in the source account.
", + "smithy.api#documentation": "Deletes a link between a monitoring account sink and a source account. You must run this operation\n in the source account.
", "smithy.api#http": { "method": "POST", "uri": "/DeleteLink" @@ -433,6 +445,12 @@ "traits": { "smithy.api#documentation": "The tags assigned to the link.
" } + }, + "LinkConfiguration": { + "target": "com.amazonaws.oam#LinkConfiguration", + "traits": { + "smithy.api#documentation": "This structure includes filters that specify which metric namespaces and which log groups are shared from \n the source account to the monitoring account.
" + } } }, "traits": { @@ -542,7 +560,7 @@ ], "traits": { "aws.iam#conditionKeys": ["aws:ResourceTag/${TagKey}"], - "smithy.api#documentation": "Returns the current sink policy attached to this sink. The sink policy specifies what\n accounts can attach to this sink as source accounts, and what types of data they can share.
", + "smithy.api#documentation": "Returns the current sink policy attached to this sink. The sink policy specifies what \n accounts can attach to this sink as source accounts, and what types of data they can share.
", "smithy.api#http": { "method": "POST", "uri": "/GetSinkPolicy" @@ -640,6 +658,26 @@ } } }, + "com.amazonaws.oam#LinkConfiguration": { + "type": "structure", + "members": { + "LogGroupConfiguration": { + "target": "com.amazonaws.oam#LogGroupConfiguration", + "traits": { + "smithy.api#documentation": "Use this structure to filter which log groups are to send log events from \n the source account to the monitoring account.
" + } + }, + "MetricConfiguration": { + "target": "com.amazonaws.oam#MetricConfiguration", + "traits": { + "smithy.api#documentation": "Use this structure to filter which metric namespaces are to be shared from \n the source account to the monitoring account.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Use this structure to optionally create filters that specify that only some metric namespaces or log groups are to be shared from \n the source account to the monitoring account.
" + } + }, "com.amazonaws.oam#ListAttachedLinks": { "type": "operation", "input": { @@ -729,7 +767,7 @@ } }, "traits": { - "smithy.api#documentation": "A structure that contains information about one link attached to this monitoring\n account sink.
" + "smithy.api#documentation": "A structure that contains information about one link attached to this monitoring \n account sink.
" } }, "com.amazonaws.oam#ListAttachedLinksItems": { @@ -788,7 +826,7 @@ } ], "traits": { - "smithy.api#documentation": "Use this operation in a source account to return a list of links to monitoring account sinks that\n this source account has.
\nTo find a list of links for one monitoring account sink, use ListAttachedLinks from within the monitoring account.
", + "smithy.api#documentation": "Use this operation in a source account to return a list of links to monitoring account sinks that\n this source account has.
\nTo find a list of links for one monitoring account sink, use ListAttachedLinks from within the monitoring account.
", "smithy.api#http": { "method": "POST", "uri": "/ListLinks" @@ -1047,7 +1085,7 @@ "ResourceArn": { "target": "com.amazonaws.oam#Arn", "traits": { - "smithy.api#documentation": "The ARN of the resource that you want to view tags for.
\nThe ARN format of a sink is\n arn:aws:oam:Region:account-id:sink/sink-id\n \n
The ARN format of a link is\n arn:aws:oam:Region:account-id:link/link-id\n \n
For more information about ARN format, see CloudWatch Logs\n resources and operations.
\nUnlike tagging permissions in other Amazon Web Services services, to retrieve the list of tags\n for links or sinks you must have the oam:RequestTag permission. The\n aws:ReguestTag permission does not allow you to tag and untag links and\n sinks.
The ARN of the resource that you want to view tags for.
\nThe ARN format of a sink is \n arn:aws:oam:Region:account-id:sink/sink-id\n \n
The ARN format of a link is \n arn:aws:oam:Region:account-id:link/link-id\n \n
For more information about ARN format, see CloudWatch Logs \n resources and operations.
\nUnlike tagging permissions in other Amazon Web Services services, to retrieve the list of tags\n for links or sinks you must have the oam:RequestTag permission. The\n aws:ReguestTag permission does not allow you to tag and untag links and\n sinks.
Use this field to specify which log groups are to share their log events with the monitoring account. Use the term LogGroupName and one or\n more of the following operands. Use single quotation marks (') around log group names. The matching of log group names is case sensitive.\n Each filter has a limit of five conditional operands. Conditional operands are AND and OR.
\n = and !=\n
\n AND\n
\n OR\n
\n LIKE and NOT LIKE. These can be used only as prefix searches. Include a % at the end\n of the string that you want to search for and include.
\n IN and NOT IN, using parentheses ( )\n
Examples:
\n\n LogGroupName IN ('This-Log-Group', 'Other-Log-Group') includes only the log groups with names This-Log-Group and \n Other-Log-Group.
\n LogGroupName NOT IN ('Private-Log-Group', 'Private-Log-Group-2') includes all log groups except the log groups with names Private-Log-Group and \n Private-Log-Group-2.
\n LogGroupName LIKE 'aws/lambda/%' OR LogGroupName LIKE 'AWSLogs%' includes all log groups that have names that start with aws/lambda/ or \n AWSLogs.
If you are updating a link that uses filters, you can specify * as the only value for the \n filter parameter to delete the filter and share all log groups with the monitoring account.
This structure contains the Filter parameter which you can use to specify which log groups are to \n share log events from this source account to the monitoring account.
Use this field to specify which metrics are to be shared with the monitoring account. Use the term Namespace and one or\n more of the following operands. Use single quotation marks (') around namespace names. The matching of namespace names is case sensitive.\n Each filter has a limit of five conditional operands. Conditional operands are AND and OR.
\n = and !=\n
\n AND\n
\n OR\n
\n LIKE and NOT LIKE. These can be used only as prefix searches. Include a % at the end\n of the string that you want to search for and include.
\n IN and NOT IN, using parentheses ( )\n
Examples:
\n\n Namespace NOT LIKE 'AWS/%' includes only namespaces that don't start with AWS/, such as custom namespaces.
\n Namespace IN ('AWS/EC2', 'AWS/ELB', 'AWS/S3') includes only the metrics in the EC2, Elastic Load Balancing, and Amazon S3 namespaces.
\n Namespace = 'AWS/EC2' OR Namespace NOT LIKE 'AWS/%' includes only the EC2 namespace and your custom namespaces.
If you are updating a link that uses filters, you can specify * as the only value for the \n filter parameter to delete the filter and share all metric namespaces with the monitoring account.
This structure contains the Filter parameter which you can use to specify which metric namespaces are to \n be shared from this source account to the monitoring account.
Creates or updates the resource policy that grants permissions to source\n accounts to link to the monitoring account sink. When you create a sink policy, you can grant\n permissions to all accounts in an organization or to individual accounts.
\nYou can also use a sink policy to limit the types of data that is shared. The three types that\n you can allow or deny are:
\n\n Metrics - Specify with\n AWS::CloudWatch::Metric\n
\n Log groups - Specify with AWS::Logs::LogGroup\n
\n Traces - Specify with AWS::XRay::Trace\n
\n Application Insights - Applications - Specify with AWS::ApplicationInsights::Application\n
See the examples in this section to see how to specify permitted source accounts and data types.
", + "smithy.api#documentation": "Creates or updates the resource policy that grants permissions to source\n accounts to link to the monitoring account sink. When you create a sink policy, you can grant\n permissions to all accounts in an organization or to individual accounts.
\nYou can also use a sink policy to limit the types of data that is shared. The three types that \n you can allow or deny are:
\n\n Metrics - Specify with\n AWS::CloudWatch::Metric\n
\n Log groups - Specify with AWS::Logs::LogGroup\n
\n Traces - Specify with AWS::XRay::Trace\n
\n Application Insights - Applications - Specify with AWS::ApplicationInsights::Application\n
See the examples in this section to see how to specify permitted source accounts and data types.
", "smithy.api#http": { "method": "POST", "uri": "/PutSinkPolicy" @@ -1138,7 +1224,7 @@ "Policy": { "target": "com.amazonaws.oam#SinkPolicy", "traits": { - "smithy.api#documentation": "The JSON policy to use. If you are updating an existing policy, the entire existing policy is\n replaced by what you specify here.
\nThe policy must be in JSON string format with quotation marks escaped and no newlines.
\nFor examples of different types of policies, see the Examples section on this page.
", + "smithy.api#documentation": "The JSON policy to use. If you are updating an existing policy, the entire existing policy is\n replaced by what you specify here.
\nThe policy must be in JSON string format with quotation marks escaped and no newlines.
\nFor examples of different types of policies, see the Examples section on this page.
", "smithy.api#required": {} } } @@ -1344,7 +1430,7 @@ "traits": { "aws.iam#actionPermissionDescription": "Grants permission to tag a resource", "aws.iam#conditionKeys": ["aws:TagKeys", "aws:RequestTag/${TagKey}"], - "smithy.api#documentation": "Assigns one or more tags (key-value pairs) to the specified resource.\n Both sinks and links can be tagged.
\nTags can help you organize and categorize your resources. You can also use them to scope user\n permissions by granting a user\n permission to access or change only resources with certain tag values.
\nTags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
\nYou can use the TagResource action with a resource that already has tags. If you specify a new tag key for the alarm,\n this tag is appended to the list of tags associated\n with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces\n the previous value for that tag.
You can associate as many as 50 tags with a resource.
\nUnlike tagging permissions in other Amazon Web Services services, to tag or untag links and\n sinks you must have the oam:ResourceTag permission. The\n iam:ResourceTag permission does not allow you to tag and untag links and\n sinks.
Assigns one or more tags (key-value pairs) to the specified resource. \n Both sinks and links can be tagged.
\nTags can help you organize and categorize your resources. You can also use them to scope user\n permissions by granting a user\n permission to access or change only resources with certain tag values.
\nTags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
\nYou can use the TagResource action with a resource that already has tags. If you specify a new tag key for the alarm, \n this tag is appended to the list of tags associated\n with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces\n the previous value for that tag.
You can associate as many as 50 tags with a resource.
\nUnlike tagging permissions in other Amazon Web Services services, to tag or untag links and\n sinks you must have the oam:ResourceTag permission. The\n iam:ResourceTag permission does not allow you to tag and untag links and\n sinks.
The ARN of the resource that you're adding tags to.
\nThe ARN format of a sink is\n arn:aws:oam:Region:account-id:sink/sink-id\n \n
The ARN format of a link is\n arn:aws:oam:Region:account-id:link/link-id\n \n
For more information about ARN format, see CloudWatch Logs\n resources and operations.
", + "smithy.api#documentation": "The ARN of the resource that you're adding tags to.
\nThe ARN format of a sink is \n arn:aws:oam:Region:account-id:sink/sink-id\n \n
The ARN format of a link is \n arn:aws:oam:Region:account-id:link/link-id\n \n
For more information about ARN format, see CloudWatch Logs \n resources and operations.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -1424,7 +1510,7 @@ "traits": { "aws.iam#actionPermissionDescription": "Grants permission to untag a resource", "aws.iam#conditionKeys": ["aws:TagKeys"], - "smithy.api#documentation": "Removes one or more tags from the specified resource.
\nUnlike tagging permissions in other Amazon Web Services services, to tag or untag links and\n sinks you must have the oam:ResourceTag permission. The\n iam:TagResource permission does not allow you to tag and untag links and\n sinks.
Removes one or more tags from the specified resource.
\nUnlike tagging permissions in other Amazon Web Services services, to tag or untag links and\n sinks you must have the oam:ResourceTag permission. The\n iam:TagResource permission does not allow you to tag and untag links and\n sinks.
The ARN of the resource that you're removing tags from.
\nThe ARN format of a sink is\n arn:aws:oam:Region:account-id:sink/sink-id\n \n
The ARN format of a link is\n arn:aws:oam:Region:account-id:link/link-id\n \n
For more information about ARN format, see CloudWatch Logs\n resources and operations.
", + "smithy.api#documentation": "The ARN of the resource that you're removing tags from.
\nThe ARN format of a sink is \n arn:aws:oam:Region:account-id:sink/sink-id\n \n
The ARN format of a link is \n arn:aws:oam:Region:account-id:link/link-id\n \n
For more information about ARN format, see CloudWatch Logs \n resources and operations.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -1487,7 +1573,7 @@ ], "traits": { "aws.iam#conditionKeys": ["aws:ResourceTag/${TagKey}", "oam:ResourceTypes"], - "smithy.api#documentation": "Use this operation to change what types of data are shared from a source account to its linked\n monitoring account sink. You can't change the sink or change the monitoring account with this operation.
\nTo update the list of tags associated with the sink, use\n TagResource.
", + "smithy.api#documentation": "Use this operation to change what types of data are shared from a source account to its linked\n monitoring account sink. You can't change the sink or change the monitoring account with this operation.
\nWhen you update a link, you can optionally specify filters\n that specify which metric namespaces and which log groups are shared from the source account to the monitoring account.
\nTo update the list of tags associated with the sink, use \n TagResource.
", "smithy.api#http": { "method": "POST", "uri": "/UpdateLink" @@ -1507,9 +1593,15 @@ "ResourceTypes": { "target": "com.amazonaws.oam#ResourceTypesInput", "traits": { - "smithy.api#documentation": "An array of strings that define which types of data that the source account will send to the monitoring\n account.
\nYour input here replaces the current set of data types that are shared.
", + "smithy.api#documentation": "An array of strings that define which types of data that the source account will send to the monitoring \n account.
\nYour input here replaces the current set of data types that are shared.
", "smithy.api#required": {} } + }, + "LinkConfiguration": { + "target": "com.amazonaws.oam#LinkConfiguration", + "traits": { + "smithy.api#documentation": "Use this structure to filter which metric namespaces and which log groups are to be shared from \n the source account to the monitoring account.
" + } } }, "traits": { @@ -1560,6 +1652,12 @@ "traits": { "smithy.api#documentation": "The tags assigned to the link.
" } + }, + "LinkConfiguration": { + "target": "com.amazonaws.oam#LinkConfiguration", + "traits": { + "smithy.api#documentation": "This structure includes filters that specify which metric namespaces and which log groups are shared from \n the source account to the monitoring account.
" + } } }, "traits": { @@ -1665,7 +1763,7 @@ "smithy.api#cors": { "additionalAllowedHeaders": ["Content-Type", "X-Amz-Requested-Operation"] }, - "smithy.api#documentation": "Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and\n monitoring accounts by using CloudWatch cross-account observability. With\n CloudWatch cross-account observability, you can monitor and troubleshoot applications that span\n multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics,\n logs, traces, and Application Insights applications in any of the linked accounts without account boundaries.
\nSet up one or more Amazon Web Services accounts as monitoring\n accounts and link them with multiple source accounts. A\n monitoring account is a central Amazon Web Services account that can view and interact with\n observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it.\n Source accounts share their observability data with the monitoring account. The shared\n observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights.
", + "smithy.api#documentation": "Use Amazon CloudWatch Observability Access Manager to create and manage links between source accounts and\n monitoring accounts by using CloudWatch cross-account observability. With\n CloudWatch cross-account observability, you can monitor and troubleshoot applications that span\n multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics,\n logs, traces, and Application Insights applications in any of the linked accounts without account boundaries.
\nSet up one or more Amazon Web Services accounts as monitoring\n accounts and link them with multiple source accounts. A\n monitoring account is a central Amazon Web Services account that can view and interact with\n observability data generated from source accounts. A source account is an individual Amazon Web Services account that generates observability data for the resources that reside in it.\n Source accounts share their observability data with the monitoring account. The shared\n observability data can include metrics in Amazon CloudWatch, logs in Amazon CloudWatch Logs, traces in X-Ray, and applications in Amazon CloudWatch Application Insights.
", "smithy.api#title": "CloudWatch Observability Access Manager", "smithy.rules#endpointRuleSet": { "version": "1.0",