feat(client-cloudtrail): CloudTrail Lake now supports federating event data stores. giving users the ability to run queries against their event data using Amazon Athena.

Author: awstools

clients/client-cloudtrail/README.md

@@ -314,6 +314,22 @@ DescribeTrails
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cloudtrail/command/DescribeTrailsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/DescribeTrailsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/DescribeTrailsCommandOutput/)
 
+</details>
+<details>
+<summary>
+DisableFederation
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cloudtrail/command/DisableFederationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/DisableFederationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/DisableFederationCommandOutput/)
+
+</details>
+<details>
+<summary>
+EnableFederation
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/cloudtrail/command/EnableFederationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/EnableFederationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-cloudtrail/Interface/EnableFederationCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-cloudtrail/src/CloudTrail.ts

@@ -47,6 +47,16 @@ import {
   DescribeTrailsCommandInput,
   DescribeTrailsCommandOutput,
 } from "./commands/DescribeTrailsCommand";
+import {
+  DisableFederationCommand,
+  DisableFederationCommandInput,
+  DisableFederationCommandOutput,
+} from "./commands/DisableFederationCommand";
+import {
+  EnableFederationCommand,
+  EnableFederationCommandInput,
+  EnableFederationCommandOutput,
+} from "./commands/EnableFederationCommand";
 import { GetChannelCommand, GetChannelCommandInput, GetChannelCommandOutput } from "./commands/GetChannelCommand";
 import {
   GetEventDataStoreCommand,
@@ -179,6 +189,8 @@ const commands = {
   DeregisterOrganizationDelegatedAdminCommand,
   DescribeQueryCommand,
   DescribeTrailsCommand,
+  DisableFederationCommand,
+  EnableFederationCommand,
   GetChannelCommand,
   GetEventDataStoreCommand,
   GetEventSelectorsCommand,
@@ -375,6 +387,40 @@ export interface CloudTrail {
     cb: (err: any, data?: DescribeTrailsCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link DisableFederationCommand}
+   */
+  disableFederation(
+    args: DisableFederationCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<DisableFederationCommandOutput>;
+  disableFederation(
+    args: DisableFederationCommandInput,
+    cb: (err: any, data?: DisableFederationCommandOutput) => void
+  ): void;
+  disableFederation(
+    args: DisableFederationCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: DisableFederationCommandOutput) => void
+  ): void;
+
+  /**
+   * @see {@link EnableFederationCommand}
+   */
+  enableFederation(
+    args: EnableFederationCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<EnableFederationCommandOutput>;
+  enableFederation(
+    args: EnableFederationCommandInput,
+    cb: (err: any, data?: EnableFederationCommandOutput) => void
+  ): void;
+  enableFederation(
+    args: EnableFederationCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: EnableFederationCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link GetChannelCommand}
    */

clients/client-cloudtrail/src/CloudTrailClient.ts

@@ -74,6 +74,8 @@ import {
 } from "./commands/DeregisterOrganizationDelegatedAdminCommand";
 import { DescribeQueryCommandInput, DescribeQueryCommandOutput } from "./commands/DescribeQueryCommand";
 import { DescribeTrailsCommandInput, DescribeTrailsCommandOutput } from "./commands/DescribeTrailsCommand";
+import { DisableFederationCommandInput, DisableFederationCommandOutput } from "./commands/DisableFederationCommand";
+import { EnableFederationCommandInput, EnableFederationCommandOutput } from "./commands/EnableFederationCommand";
 import { GetChannelCommandInput, GetChannelCommandOutput } from "./commands/GetChannelCommand";
 import { GetEventDataStoreCommandInput, GetEventDataStoreCommandOutput } from "./commands/GetEventDataStoreCommand";
 import { GetEventSelectorsCommandInput, GetEventSelectorsCommandOutput } from "./commands/GetEventSelectorsCommand";
@@ -159,6 +161,8 @@ export type ServiceInputTypes =
   | DeregisterOrganizationDelegatedAdminCommandInput
   | DescribeQueryCommandInput
   | DescribeTrailsCommandInput
+  | DisableFederationCommandInput
+  | EnableFederationCommandInput
   | GetChannelCommandInput
   | GetEventDataStoreCommandInput
   | GetEventSelectorsCommandInput
@@ -210,6 +214,8 @@ export type ServiceOutputTypes =
   | DeregisterOrganizationDelegatedAdminCommandOutput
   | DescribeQueryCommandOutput
   | DescribeTrailsCommandOutput
+  | DisableFederationCommandOutput
+  | EnableFederationCommandOutput
   | GetChannelCommandOutput
   | GetEventDataStoreCommandOutput
   | GetEventSelectorsCommandOutput

clients/client-cloudtrail/src/commands/DeleteEventDataStoreCommand.ts

@@ -41,8 +41,9 @@ export interface DeleteEventDataStoreCommandOutput extends DeleteEventDataStoreR
  *          event data store ARN. After you run <code>DeleteEventDataStore</code>, the event data store
  *          enters a <code>PENDING_DELETION</code> state, and is automatically deleted after a wait
  *          period of seven days. <code>TerminationProtectionEnabled</code> must be set to
- *             <code>False</code> on the event data store; this operation cannot work if
- *             <code>TerminationProtectionEnabled</code> is <code>True</code>.</p>
+ *             <code>False</code> on the event data store and the <code>FederationStatus</code> must be <code>DISABLED</code>.
+ *          You cannot delete an event data store if <code>TerminationProtectionEnabled</code>
+ *          is <code>True</code> or the <code>FederationStatus</code> is <code>ENABLED</code>.</p>
  *          <p>After you run <code>DeleteEventDataStore</code> on an event data store, you cannot run
  *             <code>ListQueries</code>, <code>DescribeQuery</code>, or <code>GetQueryResults</code> on
  *          queries that are using an event data store in a <code>PENDING_DELETION</code> state. An
@@ -72,10 +73,22 @@ export interface DeleteEventDataStoreCommandOutput extends DeleteEventDataStoreR
  *  <p>This exception is thrown when the specified event data store cannot yet be deleted because it
  *          is in use by a channel.</p>
  *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This exception is thrown when the specified resource is not ready for an operation. This
+ *          can occur when you try to run an operation on a resource before CloudTrail has time
+ *          to fully load the resource, or because another operation is modifying the resource. If this exception occurs, wait a few minutes, and then try the
+ *          operation again.</p>
+ *
  * @throws {@link EventDataStoreARNInvalidException} (client fault)
  *  <p>The specified event data store ARN is not valid or does not map to an event data store
  *          in your account.</p>
  *
+ * @throws {@link EventDataStoreFederationEnabledException} (client fault)
+ *  <p>
+ *         You cannot delete the event data store because Lake query federation is enabled. To delete the event data store, run the <code>DisableFederation</code> operation to
+ *          disable Lake query federation on the event data store.
+ *       </p>
+ *
  * @throws {@link EventDataStoreHasOngoingImportException} (client fault)
  *  <p> This exception is thrown when you try to update or delete an event data store that
  *          currently has an import in progress. </p>

clients/client-cloudtrail/src/commands/DisableFederationCommand.ts

@@ -0,0 +1,201 @@
+// smithy-typescript generated code
+import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http";
+import { Command as $Command } from "@smithy/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+  SMITHY_CONTEXT_KEY,
+} from "@smithy/types";
+
+import { CloudTrailClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CloudTrailClient";
+import { DisableFederationRequest, DisableFederationResponse } from "../models/models_0";
+import { de_DisableFederationCommand, se_DisableFederationCommand } from "../protocols/Aws_json1_1";
+
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link DisableFederationCommand}.
+ */
+export interface DisableFederationCommandInput extends DisableFederationRequest {}
+/**
+ * @public
+ *
+ * The output of {@link DisableFederationCommand}.
+ */
+export interface DisableFederationCommandOutput extends DisableFederationResponse, __MetadataBearer {}
+
+/**
+ * @public
+ * <p>
+ *          Disables Lake query federation on the specified event data store. When you disable federation, CloudTrail
+ *          removes the metadata associated with the federated event data store in the Glue Data Catalog and removes registration for
+ *          the federation role ARN and event data store in Lake Formation. No CloudTrail Lake data is deleted
+ *          when you disable federation.
+ *       </p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { CloudTrailClient, DisableFederationCommand } from "@aws-sdk/client-cloudtrail"; // ES Modules import
+ * // const { CloudTrailClient, DisableFederationCommand } = require("@aws-sdk/client-cloudtrail"); // CommonJS import
+ * const client = new CloudTrailClient(config);
+ * const input = { // DisableFederationRequest
+ *   EventDataStore: "STRING_VALUE", // required
+ * };
+ * const command = new DisableFederationCommand(input);
+ * const response = await client.send(command);
+ * // { // DisableFederationResponse
+ * //   EventDataStoreArn: "STRING_VALUE",
+ * //   FederationStatus: "ENABLING" || "ENABLED" || "DISABLING" || "DISABLED",
+ * // };
+ *
+ * ```
+ *
+ * @param DisableFederationCommandInput - {@link DisableFederationCommandInput}
+ * @returns {@link DisableFederationCommandOutput}
+ * @see {@link DisableFederationCommandInput} for command's `input` shape.
+ * @see {@link DisableFederationCommandOutput} for command's `response` shape.
+ * @see {@link CloudTrailClientResolvedConfig | config} for CloudTrailClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>
+ *          You do not have sufficient access to perform this action.
+ *       </p>
+ *
+ * @throws {@link CloudTrailAccessNotEnabledException} (client fault)
+ *  <p>This exception is thrown when trusted access has not been enabled between CloudTrail and Organizations. For more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html">Enabling Trusted Access with Other Amazon Web Services Services</a> and <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html">Prepare For Creating a Trail For Your Organization</a>. </p>
+ *
+ * @throws {@link ConcurrentModificationException} (client fault)
+ *  <p>
+ *          You are trying to update a resource when another request is in progress. Allow sufficient wait time for the previous request to complete, then retry your request.
+ *       </p>
+ *
+ * @throws {@link EventDataStoreARNInvalidException} (client fault)
+ *  <p>The specified event data store ARN is not valid or does not map to an event data store
+ *          in your account.</p>
+ *
+ * @throws {@link EventDataStoreNotFoundException} (client fault)
+ *  <p>The specified event data store was not found.</p>
+ *
+ * @throws {@link InactiveEventDataStoreException} (client fault)
+ *  <p>The event data store is inactive.</p>
+ *
+ * @throws {@link InsufficientDependencyServiceAccessPermissionException} (client fault)
+ *  <p>This exception is thrown when the IAM identity that is used to create
+ *          the organization resource lacks one or more required permissions for creating an
+ *          organization resource in a required service.</p>
+ *
+ * @throws {@link InvalidParameterException} (client fault)
+ *  <p>The request includes a parameter that is not valid.</p>
+ *
+ * @throws {@link NoManagementAccountSLRExistsException} (client fault)
+ *  <p> This exception is thrown when the management account does not have a service-linked
+ *          role. </p>
+ *
+ * @throws {@link NotOrganizationMasterAccountException} (client fault)
+ *  <p>This exception is thrown when the Amazon Web Services account making the request to
+ *          create or update an organization trail or event data store is not the management account
+ *          for an organization in Organizations. For more information, see <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-an-organizational-trail-prepare.html">Prepare For Creating a Trail For Your Organization</a> or <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html">Create an event data store</a>.</p>
+ *
+ * @throws {@link OperationNotPermittedException} (client fault)
+ *  <p>This exception is thrown when the requested operation is not permitted.</p>
+ *
+ * @throws {@link OrganizationNotInAllFeaturesModeException} (client fault)
+ *  <p>This exception is thrown when Organizations is not configured to support all
+ *          features. All features must be enabled in Organizations to support creating an
+ *          organization trail or event data store.</p>
+ *
+ * @throws {@link OrganizationsNotInUseException} (client fault)
+ *  <p>This exception is thrown when the request is made from an Amazon Web Services account
+ *          that is not a member of an organization. To make this request, sign in using the
+ *          credentials of an account that belongs to an organization.</p>
+ *
+ * @throws {@link UnsupportedOperationException} (client fault)
+ *  <p>This exception is thrown when the requested operation is not supported.</p>
+ *
+ * @throws {@link CloudTrailServiceException}
+ * <p>Base exception class for all service exceptions from CloudTrail service.</p>
+ *
+ */
+export class DisableFederationCommand extends $Command<
+  DisableFederationCommandInput,
+  DisableFederationCommandOutput,
+  CloudTrailClientResolvedConfig
+> {
+  public static getEndpointParameterInstructions(): EndpointParameterInstructions {
+    return {
+      UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
+      Endpoint: { type: "builtInParams", name: "endpoint" },
+      Region: { type: "builtInParams", name: "region" },
+      UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
+    };
+  }
+
+  /**
+   * @public
+   */
+  constructor(readonly input: DisableFederationCommandInput) {
+    super();
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: CloudTrailClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<DisableFederationCommandInput, DisableFederationCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+    this.middlewareStack.use(
+      getEndpointPlugin(configuration, DisableFederationCommand.getEndpointParameterInstructions())
+    );
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "CloudTrailClient";
+    const commandName = "DisableFederationCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: (_: any) => _,
+      outputFilterSensitiveLog: (_: any) => _,
+      [SMITHY_CONTEXT_KEY]: {
+        service: "CloudTrail_20131101",
+        operation: "DisableFederation",
+      },
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  /**
+   * @internal
+   */
+  private serialize(input: DisableFederationCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return se_DisableFederationCommand(input, context);
+  }
+
+  /**
+   * @internal
+   */
+  private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<DisableFederationCommandOutput> {
+    return de_DisableFederationCommand(output, context);
+  }
+}