feat(client-securitylake): Add capability to update the Data Lake's MetaStoreManager Role in order to perform required data lake updates to use Iceberg table format in their data lake or update the role for any other reason.

Author: awstools

clients/client-securitylake/src/commands/CreateAwsLogSourceCommand.ts

@@ -50,7 +50,7 @@ export interface CreateAwsLogSourceCommandOutput extends CreateAwsLogSourceRespo
  *       regions: [ // RegionList // required
  *         "STRING_VALUE",
  *       ],
- *       sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", // required
+ *       sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF", // required
  *       sourceVersion: "STRING_VALUE",
  *     },
  *   ],

clients/client-securitylake/src/commands/CreateDataLakeOrganizationConfigurationCommand.ts

@@ -47,12 +47,12 @@ export interface CreateDataLakeOrganizationConfigurationCommandOutput
  * // const { SecurityLakeClient, CreateDataLakeOrganizationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import
  * const client = new SecurityLakeClient(config);
  * const input = { // CreateDataLakeOrganizationConfigurationRequest
- *   autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList // required
+ *   autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList
  *     { // DataLakeAutoEnableNewAccountConfiguration
  *       region: "STRING_VALUE", // required
  *       sources: [ // AwsLogSourceResourceList // required
  *         { // AwsLogSourceResource
- *           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ *           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  *           sourceVersion: "STRING_VALUE",
  *         },
  *       ],

clients/client-securitylake/src/commands/CreateSubscriberCommand.ts

@@ -46,7 +46,7 @@ export interface CreateSubscriberCommandOutput extends CreateSubscriberResponse,
  *   sources: [ // LogSourceResourceList // required
  *     { // LogSourceResource Union: only one key present
  *       awsLogSource: { // AwsLogSourceResource
- *         sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ *         sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  *         sourceVersion: "STRING_VALUE",
  *       },
  *       customLogSource: { // CustomLogSourceResource
@@ -89,7 +89,7 @@ export interface CreateSubscriberCommandOutput extends CreateSubscriberResponse,
  * //     sources: [ // LogSourceResourceList // required
  * //       { // LogSourceResource Union: only one key present
  * //         awsLogSource: { // AwsLogSourceResource
- * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  * //           sourceVersion: "STRING_VALUE",
  * //         },
  * //         customLogSource: { // CustomLogSourceResource

clients/client-securitylake/src/commands/DeleteAwsLogSourceCommand.ts

@@ -50,7 +50,7 @@ export interface DeleteAwsLogSourceCommandOutput extends DeleteAwsLogSourceRespo
  *       regions: [ // RegionList // required
  *         "STRING_VALUE",
  *       ],
- *       sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA", // required
+ *       sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF", // required
  *       sourceVersion: "STRING_VALUE",
  *     },
  *   ],

clients/client-securitylake/src/commands/DeleteDataLakeOrganizationConfigurationCommand.ts

@@ -47,12 +47,12 @@ export interface DeleteDataLakeOrganizationConfigurationCommandOutput
  * // const { SecurityLakeClient, DeleteDataLakeOrganizationConfigurationCommand } = require("@aws-sdk/client-securitylake"); // CommonJS import
  * const client = new SecurityLakeClient(config);
  * const input = { // DeleteDataLakeOrganizationConfigurationRequest
- *   autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList // required
+ *   autoEnableNewAccount: [ // DataLakeAutoEnableNewAccountConfigurationList
  *     { // DataLakeAutoEnableNewAccountConfiguration
  *       region: "STRING_VALUE", // required
  *       sources: [ // AwsLogSourceResourceList // required
  *         { // AwsLogSourceResource
- *           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ *           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  *           sourceVersion: "STRING_VALUE",
  *         },
  *       ],

clients/client-securitylake/src/commands/GetDataLakeOrganizationConfigurationCommand.ts

@@ -54,7 +54,7 @@ export interface GetDataLakeOrganizationConfigurationCommandOutput
  * //       region: "STRING_VALUE", // required
  * //       sources: [ // AwsLogSourceResourceList // required
  * //         { // AwsLogSourceResource
- * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  * //           sourceVersion: "STRING_VALUE",
  * //         },
  * //       ],

clients/client-securitylake/src/commands/GetSubscriberCommand.ts

@@ -54,7 +54,7 @@ export interface GetSubscriberCommandOutput extends GetSubscriberResponse, __Met
  * //     sources: [ // LogSourceResourceList // required
  * //       { // LogSourceResource Union: only one key present
  * //         awsLogSource: { // AwsLogSourceResource
- * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  * //           sourceVersion: "STRING_VALUE",
  * //         },
  * //         customLogSource: { // CustomLogSourceResource

clients/client-securitylake/src/commands/ListLogSourcesCommand.ts

@@ -45,7 +45,7 @@ export interface ListLogSourcesCommandOutput extends ListLogSourcesResponse, __M
  *   sources: [ // LogSourceResourceList
  *     { // LogSourceResource Union: only one key present
  *       awsLogSource: { // AwsLogSourceResource
- *         sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ *         sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  *         sourceVersion: "STRING_VALUE",
  *       },
  *       customLogSource: { // CustomLogSourceResource
@@ -76,7 +76,7 @@ export interface ListLogSourcesCommandOutput extends ListLogSourcesResponse, __M
  * //       sources: [ // LogSourceResourceList
  * //         { // LogSourceResource Union: only one key present
  * //           awsLogSource: { // AwsLogSourceResource
- * //             sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ * //             sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  * //             sourceVersion: "STRING_VALUE",
  * //           },
  * //           customLogSource: { // CustomLogSourceResource

clients/client-securitylake/src/commands/ListSubscribersCommand.ts

@@ -56,7 +56,7 @@ export interface ListSubscribersCommandOutput extends ListSubscribersResponse, _
  * //       sources: [ // LogSourceResourceList // required
  * //         { // LogSourceResource Union: only one key present
  * //           awsLogSource: { // AwsLogSourceResource
- * //             sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ * //             sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  * //             sourceVersion: "STRING_VALUE",
  * //           },
  * //           customLogSource: { // CustomLogSourceResource

clients/client-securitylake/src/commands/UpdateDataLakeCommand.ts

@@ -62,6 +62,7 @@ export interface UpdateDataLakeCommandOutput extends UpdateDataLakeResponse, __M
  *       },
  *     },
  *   ],
+ *   metaStoreManagerRoleArn: "STRING_VALUE",
  * };
  * const command = new UpdateDataLakeCommand(input);
  * const response = await client.send(command);

clients/client-securitylake/src/commands/UpdateSubscriberCommand.ts

@@ -47,7 +47,7 @@ export interface UpdateSubscriberCommandOutput extends UpdateSubscriberResponse,
  *   sources: [ // LogSourceResourceList
  *     { // LogSourceResource Union: only one key present
  *       awsLogSource: { // AwsLogSourceResource
- *         sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ *         sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  *         sourceVersion: "STRING_VALUE",
  *       },
  *       customLogSource: { // CustomLogSourceResource
@@ -81,7 +81,7 @@ export interface UpdateSubscriberCommandOutput extends UpdateSubscriberResponse,
  * //     sources: [ // LogSourceResourceList // required
  * //       { // LogSourceResource Union: only one key present
  * //         awsLogSource: { // AwsLogSourceResource
- * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA",
+ * //           sourceName: "ROUTE53" || "VPC_FLOW" || "SH_FINDINGS" || "CLOUD_TRAIL_MGMT" || "LAMBDA_EXECUTION" || "S3_DATA" || "EKS_AUDIT" || "WAF",
  * //           sourceVersion: "STRING_VALUE",
  * //         },
  * //         customLogSource: { // CustomLogSourceResource

clients/client-securitylake/src/models/models_0.ts

@@ -71,11 +71,13 @@ export interface AwsIdentity {
  */
 export const AwsLogSourceName = {
   CLOUD_TRAIL_MGMT: "CLOUD_TRAIL_MGMT",
+  EKS_AUDIT: "EKS_AUDIT",
   LAMBDA_EXECUTION: "LAMBDA_EXECUTION",
   ROUTE53: "ROUTE53",
   S3_DATA: "S3_DATA",
   SH_FINDINGS: "SH_FINDINGS",
   VPC_FLOW: "VPC_FLOW",
+  WAF: "WAF",
 } as const;
 
 /**
@@ -529,7 +531,7 @@ export interface CreateCustomLogSourceRequest {
    * @public
    * <p>The configuration for the third-party custom source.</p>
    */
-  configuration?: CustomLogSourceConfiguration;
+  configuration: CustomLogSourceConfiguration | undefined;
 }
 
 /**
@@ -984,7 +986,7 @@ export interface CreateDataLakeOrganizationConfigurationRequest {
    * <p>Enable Security Lake with the specified configuration settings, to begin collecting security
    *          data for new accounts in your organization.</p>
    */
-  autoEnableNewAccount: DataLakeAutoEnableNewAccountConfiguration[] | undefined;
+  autoEnableNewAccount?: DataLakeAutoEnableNewAccountConfiguration[];
 }
 
 /**
@@ -1444,7 +1446,7 @@ export interface DeleteDataLakeOrganizationConfigurationRequest {
    * @public
    * <p>Turns off automatic enablement of Security Lake for member accounts that are added to an organization.</p>
    */
-  autoEnableNewAccount: DataLakeAutoEnableNewAccountConfiguration[] | undefined;
+  autoEnableNewAccount?: DataLakeAutoEnableNewAccountConfiguration[];
 }
 
 /**
@@ -1846,6 +1848,14 @@ export interface UpdateDataLakeRequest {
    * <p>Specify the Region or Regions that will contribute data to the rollup region.</p>
    */
   configurations: DataLakeConfiguration[] | undefined;
+
+  /**
+   * @public
+   * <p>The Amazon Resource Name (ARN) used to create and update the Glue table.
+   *          This table contains partitions generated by the ingestion and normalization of
+   *          Amazon Web Services log sources and custom sources.</p>
+   */
+  metaStoreManagerRoleArn?: string;
 }
 
 /**
@@ -2082,7 +2092,7 @@ export interface ListSubscribersResponse {
 export interface ListTagsForResourceRequest {
   /**
    * @public
-   * <p>The Amazon Resource Name (ARN) of the Amazon Security Lake resource to retrieve the tags for.</p>
+   * <p>The Amazon Resource Name (ARN) of the Amazon Security Lake resource for which you want to retrieve the tags.</p>
    */
   resourceArn: string | undefined;
 }

clients/client-securitylake/src/protocols/Aws_restJson1.ts

@@ -717,6 +717,7 @@ export const se_UpdateDataLakeCommand = async (
   body = JSON.stringify(
     take(input, {
       configurations: (_) => _json(_),
+      metaStoreManagerRoleArn: [],
     })
   );
   b.m("PUT").h(headers).b(body);

codegen/sdk-codegen/aws-models/securitylake.json

@@ -137,7 +137,7 @@
       },
       "traits": {
         "smithy.api#length": {
-          "min": 0,
+          "min": 1,
           "max": 50
         }
       }
@@ -180,6 +180,18 @@
           "traits": {
             "smithy.api#enumValue": "S3_DATA"
           }
+        },
+        "EKS_AUDIT": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "EKS_AUDIT"
+          }
+        },
+        "WAF": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "WAF"
+          }
         }
       }
     },
@@ -207,6 +219,11 @@
       "type": "list",
       "member": {
         "target": "com.amazonaws.securitylake#AwsLogSourceResource"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 1
+        }
       }
     },
     "com.amazonaws.securitylake#AwsLogSourceVersion": {
@@ -416,7 +433,8 @@
         "configuration": {
           "target": "com.amazonaws.securitylake#CustomLogSourceConfiguration",
           "traits": {
-            "smithy.api#documentation": "<p>The configuration for the third-party custom source.</p>"
+            "smithy.api#documentation": "<p>The configuration for the third-party custom source.</p>",
+            "smithy.api#required": {}
           }
         }
       },
@@ -623,8 +641,7 @@
         "autoEnableNewAccount": {
           "target": "com.amazonaws.securitylake#DataLakeAutoEnableNewAccountConfigurationList",
           "traits": {
-            "smithy.api#documentation": "<p>Enable Security Lake with the specified configuration settings, to begin collecting security\n         data for new accounts in your organization.</p>",
-            "smithy.api#required": {}
+            "smithy.api#documentation": "<p>Enable Security Lake with the specified configuration settings, to begin collecting security\n         data for new accounts in your organization.</p>"
           }
         }
       },
@@ -1107,6 +1124,11 @@
       "type": "list",
       "member": {
         "target": "com.amazonaws.securitylake#DataLakeAutoEnableNewAccountConfiguration"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 1
+        }
       }
     },
     "com.amazonaws.securitylake#DataLakeConfiguration": {
@@ -1146,6 +1168,11 @@
       "type": "list",
       "member": {
         "target": "com.amazonaws.securitylake#DataLakeConfiguration"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 1
+        }
       }
     },
     "com.amazonaws.securitylake#DataLakeEncryptionConfiguration": {
@@ -1771,8 +1798,7 @@
         "autoEnableNewAccount": {
           "target": "com.amazonaws.securitylake#DataLakeAutoEnableNewAccountConfigurationList",
           "traits": {
-            "smithy.api#documentation": "<p>Turns off automatic enablement of Security Lake for member accounts that are added to an organization.</p>",
-            "smithy.api#required": {}
+            "smithy.api#documentation": "<p>Turns off automatic enablement of Security Lake for member accounts that are added to an organization.</p>"
           }
         }
       },
@@ -2807,7 +2833,7 @@
         "resourceArn": {
           "target": "com.amazonaws.securitylake#AmazonResourceName",
           "traits": {
-            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Security Lake resource to retrieve the tags for.</p>",
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Security Lake resource for which you want to retrieve the tags.</p>",
             "smithy.api#httpLabel": {},
             "smithy.api#required": {}
           }
@@ -3063,7 +3089,7 @@
     "com.amazonaws.securitylake#RoleArn": {
       "type": "string",
       "traits": {
-        "smithy.api#pattern": "^arn:.*$"
+        "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$"
       }
     },
     "com.amazonaws.securitylake#S3BucketArn": {
@@ -4466,6 +4492,12 @@
             "smithy.api#documentation": "<p>Specify the Region or Regions that will contribute data to the rollup region.</p>",
             "smithy.api#required": {}
           }
+        },
+        "metaStoreManagerRoleArn": {
+          "target": "com.amazonaws.securitylake#RoleArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) used to create and update the Glue table.\n         This table contains partitions generated by the ingestion and normalization of\n         Amazon Web Services log sources and custom sources.</p>"
+          }
         }
       },
       "traits": {