Amazon Elastic Compute Cloud

2023/06/19 - Amazon Elastic Compute Cloud - 2 updated api methods

Changes  API changes to AWS Verified Access to include data from trust providers in logs

DescribeVerifiedAccessInstanceLoggingConfigurations (updated) Link ¶
Changes (response)
{'LoggingConfigurations': {'AccessLogs': {'IncludeTrustContext': 'boolean',
                                          'LogVersion': 'string'}}}

Describes the specified Amazon Web Services Verified Access instances.

See also: AWS API Documentation

Request Syntax

client.describe_verified_access_instance_logging_configurations(
    VerifiedAccessInstanceIds=[
        'string',
    ],
    MaxResults=123,
    NextToken='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    DryRun=True|False
)
type VerifiedAccessInstanceIds

list

param VerifiedAccessInstanceIds

The IDs of the Verified Access instances.

  • (string) --

type MaxResults

integer

param MaxResults

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

type NextToken

string

param NextToken

The token for the next page of results.

type Filters

list

param Filters

One or more filters. Filter names and values are case-sensitive.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

    If you specify multiple filters, the filters are joined with an AND , and the request returns only results that match all of the specified filters.

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR , and the request returns all results that match any of the specified values.

      • (string) --

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'LoggingConfigurations': [
        {
            'VerifiedAccessInstanceId': 'string',
            'AccessLogs': {
                'S3': {
                    'Enabled': True|False,
                    'DeliveryStatus': {
                        'Code': 'success'|'failed',
                        'Message': 'string'
                    },
                    'BucketName': 'string',
                    'Prefix': 'string',
                    'BucketOwner': 'string'
                },
                'CloudWatchLogs': {
                    'Enabled': True|False,
                    'DeliveryStatus': {
                        'Code': 'success'|'failed',
                        'Message': 'string'
                    },
                    'LogGroup': 'string'
                },
                'KinesisDataFirehose': {
                    'Enabled': True|False,
                    'DeliveryStatus': {
                        'Code': 'success'|'failed',
                        'Message': 'string'
                    },
                    'DeliveryStream': 'string'
                },
                'LogVersion': 'string',
                'IncludeTrustContext': True|False
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • LoggingConfigurations (list) --

      The current logging configuration for the Verified Access instances.

      • (dict) --

        Describes logging options for an Amazon Web Services Verified Access instance.

        • VerifiedAccessInstanceId (string) --

          The ID of the Amazon Web Services Verified Access instance.

        • AccessLogs (dict) --

          Details about the logging options.

          • S3 (dict) --

            Amazon S3 logging options.

            • Enabled (boolean) --

              Indicates whether logging is enabled.

            • DeliveryStatus (dict) --

              The delivery status.

              • Code (string) --

                The status code.

              • Message (string) --

                The status message.

            • BucketName (string) --

              The bucket name.

            • Prefix (string) --

              The bucket prefix.

            • BucketOwner (string) --

              The Amazon Web Services account number that owns the bucket.

          • CloudWatchLogs (dict) --

            CloudWatch Logs logging destination.

            • Enabled (boolean) --

              Indicates whether logging is enabled.

            • DeliveryStatus (dict) --

              The delivery status for access logs.

              • Code (string) --

                The status code.

              • Message (string) --

                The status message.

            • LogGroup (string) --

              The ID of the CloudWatch Logs log group.

          • KinesisDataFirehose (dict) --

            Kinesis logging destination.

            • Enabled (boolean) --

              Indicates whether logging is enabled.

            • DeliveryStatus (dict) --

              The delivery status.

              • Code (string) --

                The status code.

              • Message (string) --

                The status message.

            • DeliveryStream (string) --

              The ID of the delivery stream.

          • LogVersion (string) --

            Describes current setting for the logging version.

          • IncludeTrustContext (boolean) --

            Describes current setting for including trust data into the logs.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

ModifyVerifiedAccessInstanceLoggingConfiguration (updated) Link ¶
Changes (request, response)
Request
{'AccessLogs': {'IncludeTrustContext': 'boolean', 'LogVersion': 'string'}}
Response
{'LoggingConfiguration': {'AccessLogs': {'IncludeTrustContext': 'boolean',
                                         'LogVersion': 'string'}}}

Modifies the logging configuration for the specified Amazon Web Services Verified Access instance.

See also: AWS API Documentation

Request Syntax

client.modify_verified_access_instance_logging_configuration(
    VerifiedAccessInstanceId='string',
    AccessLogs={
        'S3': {
            'Enabled': True|False,
            'BucketName': 'string',
            'Prefix': 'string',
            'BucketOwner': 'string'
        },
        'CloudWatchLogs': {
            'Enabled': True|False,
            'LogGroup': 'string'
        },
        'KinesisDataFirehose': {
            'Enabled': True|False,
            'DeliveryStream': 'string'
        },
        'LogVersion': 'string',
        'IncludeTrustContext': True|False
    },
    DryRun=True|False,
    ClientToken='string'
)
type VerifiedAccessInstanceId

string

param VerifiedAccessInstanceId

[REQUIRED]

The ID of the Verified Access instance.

type AccessLogs

dict

param AccessLogs

[REQUIRED]

The configuration options for Verified Access instances.

  • S3 (dict) --

    Sends Verified Access logs to Amazon S3.

    • Enabled (boolean) -- [REQUIRED]

      Indicates whether logging is enabled.

    • BucketName (string) --

      The bucket name.

    • Prefix (string) --

      The bucket prefix.

    • BucketOwner (string) --

      The ID of the Amazon Web Services account that owns the Amazon S3 bucket.

  • CloudWatchLogs (dict) --

    Sends Verified Access logs to CloudWatch Logs.

    • Enabled (boolean) -- [REQUIRED]

      Indicates whether logging is enabled.

    • LogGroup (string) --

      The ID of the CloudWatch Logs log group.

  • KinesisDataFirehose (dict) --

    Sends Verified Access logs to Kinesis.

    • Enabled (boolean) -- [REQUIRED]

      Indicates whether logging is enabled.

    • DeliveryStream (string) --

      The ID of the delivery stream.

  • LogVersion (string) --

    The logging version to use.

    Valid values: ocsf-0.1 | ocsf-1.0.0-rc.2

  • IncludeTrustContext (boolean) --

    Include trust data sent by trust providers into the logs.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

type ClientToken

string

param ClientToken

A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'LoggingConfiguration': {
        'VerifiedAccessInstanceId': 'string',
        'AccessLogs': {
            'S3': {
                'Enabled': True|False,
                'DeliveryStatus': {
                    'Code': 'success'|'failed',
                    'Message': 'string'
                },
                'BucketName': 'string',
                'Prefix': 'string',
                'BucketOwner': 'string'
            },
            'CloudWatchLogs': {
                'Enabled': True|False,
                'DeliveryStatus': {
                    'Code': 'success'|'failed',
                    'Message': 'string'
                },
                'LogGroup': 'string'
            },
            'KinesisDataFirehose': {
                'Enabled': True|False,
                'DeliveryStatus': {
                    'Code': 'success'|'failed',
                    'Message': 'string'
                },
                'DeliveryStream': 'string'
            },
            'LogVersion': 'string',
            'IncludeTrustContext': True|False
        }
    }
}

Response Structure

  • (dict) --

    • LoggingConfiguration (dict) --

      The logging configuration for the Verified Access instance.

      • VerifiedAccessInstanceId (string) --

        The ID of the Amazon Web Services Verified Access instance.

      • AccessLogs (dict) --

        Details about the logging options.

        • S3 (dict) --

          Amazon S3 logging options.

          • Enabled (boolean) --

            Indicates whether logging is enabled.

          • DeliveryStatus (dict) --

            The delivery status.

            • Code (string) --

              The status code.

            • Message (string) --

              The status message.

          • BucketName (string) --

            The bucket name.

          • Prefix (string) --

            The bucket prefix.

          • BucketOwner (string) --

            The Amazon Web Services account number that owns the bucket.

        • CloudWatchLogs (dict) --

          CloudWatch Logs logging destination.

          • Enabled (boolean) --

            Indicates whether logging is enabled.

          • DeliveryStatus (dict) --

            The delivery status for access logs.

            • Code (string) --

              The status code.

            • Message (string) --

              The status message.

          • LogGroup (string) --

            The ID of the CloudWatch Logs log group.

        • KinesisDataFirehose (dict) --

          Kinesis logging destination.

          • Enabled (boolean) --

            Indicates whether logging is enabled.

          • DeliveryStatus (dict) --

            The delivery status.

            • Code (string) --

              The status code.

            • Message (string) --

              The status message.

          • DeliveryStream (string) --

            The ID of the delivery stream.

        • LogVersion (string) --

          Describes current setting for the logging version.

        • IncludeTrustContext (boolean) --

          Describes current setting for including trust data into the logs.