diff --git a/awscli/examples/accessanalyzer/check-access-not-granted.rst b/awscli/examples/accessanalyzer/check-access-not-granted.rst index 559fd63e30fd..7ca8a0f13c7a 100644 --- a/awscli/examples/accessanalyzer/check-access-not-granted.rst +++ b/awscli/examples/accessanalyzer/check-access-not-granted.rst @@ -30,7 +30,7 @@ Output:: { "result": "PASS", - "message": "The policy document does not grant access to perform the listed actions." + "message": "The policy document does not grant access to perform one or more of the listed actions." } For more information, see `Previewing access with IAM Access Analyzer APIs `__ in the *AWS IAM User Guide*. \ No newline at end of file diff --git a/awscli/examples/accessanalyzer/check-no-public-access.rst b/awscli/examples/accessanalyzer/check-no-public-access.rst new file mode 100644 index 000000000000..bcba8b657f69 --- /dev/null +++ b/awscli/examples/accessanalyzer/check-no-public-access.rst @@ -0,0 +1,32 @@ +**To check whether a resource policy can grant public access to the specified resource type** + +The following ``check-no-public-access`` example checks whether a resource policy can grant public access to the specified resource type. :: + + aws accessanalyzer check-no-public-access \ + --policy-document file://check-no-public-access-myfile.json \ + --resource-type AWS::S3::Bucket + +Contents of ``myfile.json``:: + + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "CheckNoPublicAccess", + "Effect": "Allow", + "Principal": { "AWS": "arn:aws:iam::111122223333:user/JohnDoe" }, + "Action": [ + "s3:GetObject" + ] + } + ] + } + +Output:: + + { + "result": "PASS", + "message": "The resource policy does not grant public access for the given resource type." + } + +For more information, see `Previewing access with IAM Access Analyzer APIs `__ in the *AWS IAM User Guide*. diff --git a/awscli/examples/cognito-idp/update-user-pool.rst b/awscli/examples/cognito-idp/update-user-pool.rst index a3948e59122b..c47d6fd436e4 100644 --- a/awscli/examples/cognito-idp/update-user-pool.rst +++ b/awscli/examples/cognito-idp/update-user-pool.rst @@ -1,7 +1,25 @@ -**To update a user pool** - -This example adds tags to a user pool. - -Command:: - - aws cognito-idp update-user-pool --user-pool-id us-west-2_aaaaaaaaa --user-pool-tags Team=Blue,Area=West +**To update a user pool** + +The following ``update-user-pool`` example modifies a user pool with example syntax for each of the available configuration options. To update a user pool, you must specify all previously-configured options or they will reset to a default value. :: + + aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \ + --policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \ + --deletion-protection ACTIVE \ + --lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \ + --auto-verified-attributes "phone_number" "email" \ + --verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \ + --sms-authentication-message "Your code is {####}" \ + --user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \ + --mfa-configuration "OPTIONAL" \ + --device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \ + --email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \ + --sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \ + --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ + --user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \ + --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ + --user-pool-add-ons AdvancedSecurityMode="AUDIT" \ + --account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\] + +This command produces no output. + +For more information, see `Updating user pool configuration `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file diff --git a/awscli/examples/ec2/describe-store-image-tasks.rst b/awscli/examples/ec2/describe-store-image-tasks.rst index c0aa6f8ae2d1..ad62ec8e81ef 100644 --- a/awscli/examples/ec2/describe-store-image-tasks.rst +++ b/awscli/examples/ec2/describe-store-image-tasks.rst @@ -7,13 +7,17 @@ The following ``describe-store-image-tasks`` example describes the progress of a Output:: { - "AmiId": "ami-1234567890abcdef0", - "Bucket": "my-ami-bucket", - "ProgressPercentage": 17, - "S3ObjectKey": "ami-1234567890abcdef0.bin", - "StoreTaskState": "InProgress", - "StoreTaskFailureReason": null, - "TaskStartTime": "2022-01-01T01:01:01.001Z" + "StoreImageTaskResults": [ + { + "AmiId": "ami-1234567890abcdef0", + "Bucket": "my-ami-bucket", + "ProgressPercentage": 17, + "S3objectKey": "ami-1234567890abcdef0.bin", + "StoreTaskState": "InProgress", + "StoreTaskFailureReason": null, + "TaskStartTime": "2022-01-01T01:01:01.001Z" + } + ] } For more information about storing and restoring an AMI using S3, see `Store and restore an AMI using S3 ` in the *Amazon EC2 User Guide*. \ No newline at end of file diff --git a/awscli/examples/ecr-public/create-repository.rst b/awscli/examples/ecr-public/create-repository.rst new file mode 100644 index 000000000000..cc18a72f72f2 --- /dev/null +++ b/awscli/examples/ecr-public/create-repository.rst @@ -0,0 +1,122 @@ +**Example 1: To create a repository in a public registry** + +The following ``create-repository`` example creates a repository named ``project-a/nginx-web-app`` in a public registry. :: + + aws ecr-public create-repository \ + --repository-name project-a/nginx-web-app + +Output:: + + { + "repository": { + "repositoryArn": "arn:aws:ecr-public::123456789012:repository/project-a/nginx-web-app", + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "repositoryUri": "public.ecr.aws/public-registry-custom-alias/project-a/nginx-web-app", + "createdAt": "2024-07-01T21:08:55.131000+00:00" + }, + "catalogData": {} + } + +For more information, see `Creating a public repository `__ in the *Amazon ECR Public User Guide*. + +**Example 2: To create a repository in a public registry with short description of the contents of the repository, system and operating architecture that the images in the repository are compatible with** + +The following ``create-repository`` example creates a repository named ``project-a/nginx-web-app`` in a public registry with short description of the contents of the repository, system and operating architecture that the images in the repository are compatible with. :: + + aws ecr-public create-repository \ + --repository-name project-a/nginx-web-app \ + --catalog-data 'description=My project-a ECR Public Repository,architectures=ARM,ARM 64,x86,x86-64,operatingSystems=Linux' + +Output:: + + { + "repository": { + "repositoryArn": "arn:aws:ecr-public::123456789012:repository/project-a/nginx-web-app", + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "repositoryUri": "public.ecr.aws/public-registry-custom-alias/project-a/nginx-web-app", + "createdAt": "2024-07-01T21:23:20.455000+00:00" + }, + "catalogData": { + "description": "My project-a ECR Public Repository", + "architectures": [ + "ARM", + "ARM 64", + "x86", + "x86-64" + ], + "operatingSystems": [ + "Linux" + ] + } + } + +For more information, see `Creating a public repository `__ in the *Amazon ECR Public User Guide*. + +**Example 3: To create a repository in a public registry, along with logoImageBlob, aboutText, usageText and tags information** + +The following ``create-repository`` example creates a repository named `project-a/nginx-web-app` in a public registry, along with logoImageBlob, aboutText, usageText and tags information. :: + + aws ecr-public create-repository \ + --cli-input-json file://myfile.json + +Contents of ``myfile.json``:: + + { + "repositoryName": "project-a/nginx-web-app", + "catalogData": { + "description": "My project-a ECR Public Repository", + "architectures": [ + "ARM", + "ARM 64", + "x86", + "x86-64" + ], + "operatingSystems": [ + "Linux" + ], + "logoImageBlob": "iVBORw0KGgoA<>ErkJggg==", + "aboutText": "## Quick reference\n\nMaintained by: [the Amazon Linux Team](https://github.com/aws/amazon-linux-docker-images)\n\nWhere to get help: [the Docker Community Forums](https://forums.docker.com/), [the Docker Community Slack](https://dockr.ly/slack), or [Stack Overflow](https://stackoverflow.com/search?tab=newest&q=docker)\n\n## Supported tags and respective `dockerfile` links\n\n* [`2.0.20200722.0`, `2`, `latest`](https://github.com/amazonlinux/container-images/blob/03d54f8c4d522bf712cffd6c8f9aafba0a875e78/Dockerfile)\n* [`2.0.20200722.0-with-sources`, `2-with-sources`, `with-sources`](https://github.com/amazonlinux/container-images/blob/1e7349845e029a2e6afe6dc473ef17d052e3546f/Dockerfile)\n* [`2018.03.0.20200602.1`, `2018.03`, `1`](https://github.com/amazonlinux/container-images/blob/f10932e08c75457eeb372bf1cc47ea2a4b8e98c8/Dockerfile)\n* [`2018.03.0.20200602.1-with-sources`, `2018.03-with-sources`, `1-with-sources`](https://github.com/amazonlinux/container-images/blob/8c9ee491689d901aa72719be0ec12087a5fa8faf/Dockerfile)\n\n## What is Amazon Linux?\n\nAmazon Linux is provided by Amazon Web Services (AWS). It is designed to provide a stable, secure, and high-performance execution environment for applications running on Amazon EC2. The full distribution includes packages that enable easy integration with AWS, including launch configuration tools and many popular AWS libraries and tools. AWS provides ongoing security and maintenance updates to all instances running Amazon Linux.\n\nThe Amazon Linux container image contains a minimal set of packages. To install additional packages, [use `yum`](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-software.html).\n\nAWS provides two versions of Amazon Linux: [Amazon Linux 2](https://aws.amazon.com/amazon-linux-2/) and [Amazon Linux AMI](https://aws.amazon.com/amazon-linux-ami/).\n\nFor information on security updates for Amazon Linux, please refer to [Amazon Linux 2 Security Advisories](https://alas.aws.amazon.com/alas2.html) and [Amazon Linux AMI Security Advisories](https://alas.aws.amazon.com/). Note that Docker Hub's vulnerability scanning for Amazon Linux is currently based on RPM versions, which does not reflect the state of backported patches for vulnerabilities.\n\n## Where can I run Amazon Linux container images?\n\nYou can run Amazon Linux container images in any Docker based environment. Examples include, your laptop, in Amazon EC2 instances, and Amazon ECS clusters.\n\n## License\n\nAmazon Linux is available under the [GNU General Public License, version 2.0](https://github.com/aws/amazon-linux-docker-images/blob/master/LICENSE). Individual software packages are available under their own licenses; run `rpm -qi [package name]` or check `/usr/share/doc/[package name]-*` and `/usr/share/licenses/[package name]-*` for details.\n\nAs with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).\n\nSome additional license information which was able to be auto-detected might be found in [the `repo-info` repository's `amazonlinux/` directory](https://github.com/docker-library/repo-info/tree/master/repos/amazonlinux).\n\n## Security\n\nFor information on security updates for Amazon Linux, please refer to [Amazon Linux 2 Security Advisories](https://alas.aws.amazon.com/alas2.html) and [Amazon Linux AMI Security Advisories](https://alas.aws.amazon.com/). Note that Docker Hub's vulnerability scanning for Amazon Linux is currently based on RPM versions, which does not reflect the state of backported patches for vulnerabilities.", + "usageText": "## Supported architectures\n\namd64, arm64v8\n\n## Where can I run Amazon Linux container images?\n\nYou can run Amazon Linux container images in any Docker based environment. Examples include, your laptop, in Amazon EC2 instances, and ECS clusters.\n\n## How do I install a software package from Extras repository in Amazon Linux 2?\n\nAvailable packages can be listed with the `amazon-linux-extras` command. Packages can be installed with the `amazon-linux-extras install ` command. Example: `amazon-linux-extras install rust1`\n\n## Will updates be available for Amazon Linux containers?\n\nSimilar to the Amazon Linux images for Amazon EC2 and on-premises use, Amazon Linux container images will get ongoing updates from Amazon in the form of security updates, bug fix updates, and other enhancements. Security bulletins for Amazon Linux are available at https://alas.aws.amazon.com/\n\n## Will AWS Support the current version of Amazon Linux going forward?\n\nYes; in order to avoid any disruption to your existing applications and to facilitate migration to Amazon Linux 2, AWS will provide regular security updates for Amazon Linux 2018.03 AMI and container image for 2 years after the final LTS build is announced. You can also use all your existing support channels such as AWS Support and Amazon Linux Discussion Forum to continue to submit support requests." + }, + "tags": [ + { + "Key": "Name", + "Value": "project-a/nginx-web-app" + }, + { + "Key": "Environment", + "Value": "Prod" + } + ] + } + +Output:: + + { + "repository": { + "repositoryArn": "arn:aws:ecr-public::123456789012:repository/project-a/nginx-web-app", + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "repositoryUri": "public.ecr.aws/public-registry-custom-alias/project-a/nginx-web-app", + "createdAt": "2024-07-01T21:53:05.749000+00:00" + }, + "catalogData": { + "description": "My project-a ECR Public Repository", + "architectures": [ + "ARM", + "ARM 64", + "x86", + "x86-64" + ], + "operatingSystems": [ + "Linux" + ], + "logoUrl": "https://d3g9o9u8re44ak.cloudfront.net/logo/23861450-4b9b-403c-9a4c-7aa0ef140bb8/2f9bf5a7-a32f-45b4-b5cd-c5770a35e6d7.png", + "aboutText": "## Quick reference\n\nMaintained by: [the Amazon Linux Team](https://github.com/aws/amazon-linux-docker-images)\n\nWhere to get help: [the Docker Community Forums](https://forums.docker.com/), [the Docker Community Slack](https://dockr.ly/slack), or [Stack Overflow](https://stackoverflow.com/search?tab=newest&q=docker)\n\n## Supported tags and respective `dockerfile` links\n\n* [`2.0.20200722.0`, `2`, `latest`](https://github.com/amazonlinux/container-images/blob/03d54f8c4d522bf712cffd6c8f9aafba0a875e78/Dockerfile)\n* [`2.0.20200722.0-with-sources`, `2-with-sources`, `with-sources`](https://github.com/amazonlinux/container-images/blob/1e7349845e029a2e6afe6dc473ef17d052e3546f/Dockerfile)\n* [`2018.03.0.20200602.1`, `2018.03`, `1`](https://github.com/amazonlinux/container-images/blob/f10932e08c75457eeb372bf1cc47ea2a4b8e98c8/Dockerfile)\n* [`2018.03.0.20200602.1-with-sources`, `2018.03-with-sources`, `1-with-sources`](https://github.com/amazonlinux/container-images/blob/8c9ee491689d901aa72719be0ec12087a5fa8faf/Dockerfile)\n\n## What is Amazon Linux?\n\nAmazon Linux is provided by Amazon Web Services (AWS). It is designed to provide a stable, secure, and high-performance execution environment for applications running on Amazon EC2. The full distribution includes packages that enable easy integration with AWS, including launch configuration tools and many popular AWS libraries and tools. AWS provides ongoing security and maintenance updates to all instances running Amazon Linux.\n\nThe Amazon Linux container image contains a minimal set of packages. To install additional packages, [use `yum`](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-software.html).\n\nAWS provides two versions of Amazon Linux: [Amazon Linux 2](https://aws.amazon.com/amazon-linux-2/) and [Amazon Linux AMI](https://aws.amazon.com/amazon-linux-ami/).\n\nFor information on security updates for Amazon Linux, please refer to [Amazon Linux 2 Security Advisories](https://alas.aws.amazon.com/alas2.html) and [Amazon Linux AMI Security Advisories](https://alas.aws.amazon.com/). Note that Docker Hub's vulnerability scanning for Amazon Linux is currently based on RPM versions, which does not reflect the state of backported patches for vulnerabilities.\n\n## Where can I run Amazon Linux container images?\n\nYou can run Amazon Linux container images in any Docker based environment. Examples include, your laptop, in Amazon EC2 instances, and Amazon ECS clusters.\n\n## License\n\nAmazon Linux is available under the [GNU General Public License, version 2.0](https://github.com/aws/amazon-linux-docker-images/blob/master/LICENSE). Individual software packages are available under their own licenses; run `rpm -qi [package name]` or check `/usr/share/doc/[package name]-*` and `/usr/share/licenses/[package name]-*` for details.\n\nAs with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).\n\nSome additional license information which was able to be auto-detected might be found in [the `repo-info` repository's `amazonlinux/` directory](https://github.com/docker-library/repo-info/tree/master/repos/amazonlinux).\n\n## Security\n\nFor information on security updates for Amazon Linux, please refer to [Amazon Linux 2 Security Advisories](https://alas.aws.amazon.com/alas2.html) and [Amazon Linux AMI Security Advisories](https://alas.aws.amazon.com/). Note that Docker Hub's vulnerability scanning for Amazon Linux is currently based on RPM versions, which does not reflect the state of backported patches for vulnerabilities.", + "usageText": "## Supported architectures\n\namd64, arm64v8\n\n## Where can I run Amazon Linux container images?\n\nYou can run Amazon Linux container images in any Docker based environment. Examples include, your laptop, in Amazon EC2 instances, and ECS clusters.\n\n## How do I install a software package from Extras repository in Amazon Linux 2?\n\nAvailable packages can be listed with the `amazon-linux-extras` command. Packages can be installed with the `amazon-linux-extras install ` command. Example: `amazon-linux-extras install rust1`\n\n## Will updates be available for Amazon Linux containers?\n\nSimilar to the Amazon Linux images for Amazon EC2 and on-premises use, Amazon Linux container images will get ongoing updates from Amazon in the form of security updates, bug fix updates, and other enhancements. Security bulletins for Amazon Linux are available at https://alas.aws.amazon.com/\n\n## Will AWS Support the current version of Amazon Linux going forward?\n\nYes; in order to avoid any disruption to your existing applications and to facilitate migration to Amazon Linux 2, AWS will provide regular security updates for Amazon Linux 2018.03 AMI and container image for 2 years after the final LTS build is announced. You can also use all your existing support channels such as AWS Support and Amazon Linux Discussion Forum to continue to submit support requests." + } + } + +For more information, see `Creating a public repository `__ in the *Amazon ECR Public User Guide* and `Repository catalog data `__ in the *Amazon ECR Public User Guide*. diff --git a/awscli/examples/ecr-public/delete-repository.rst b/awscli/examples/ecr-public/delete-repository.rst new file mode 100644 index 000000000000..5f041e759c2a --- /dev/null +++ b/awscli/examples/ecr-public/delete-repository.rst @@ -0,0 +1,20 @@ +**To delete a repository in a public registry** + +The following ``delete-repository`` example deletes a repository named ``project-a/nginx-web-app`` from your public registry. :: + + aws ecr-public delete-repository \ + --repository-name project-a/nginx-web-app + +Output:: + + { + "repository": { + "repositoryArn": "arn:aws:ecr-public::123456789012:repository/project-a/nginx-web-app", + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "repositoryUri": "public.ecr.aws/public-registry-custom-alias/project-a/nginx-web-app", + "createdAt": "2024-07-01T22:14:50.103000+00:00" + } + } + +For more information, see `Deleting a public repository `__ in the *Amazon ECR Public User Guide*. diff --git a/awscli/examples/ecr/create-repository.rst b/awscli/examples/ecr/create-repository.rst index 343d4b52d44b..805ab39b5598 100644 --- a/awscli/examples/ecr/create-repository.rst +++ b/awscli/examples/ecr/create-repository.rst @@ -3,15 +3,15 @@ The following ``create-repository`` example creates a repository inside the specified namespace in the default registry for an account. :: aws ecr create-repository \ - --repository-name project-a/nginx-web-app + --repository-name project-a/sample-repo Output:: { "repository": { "registryId": "123456789012", - "repositoryName": "sample-repo", - "repositoryArn": "arn:aws:ecr:us-west-2:123456789012:repository/project-a/nginx-web-app" + "repositoryName": "project-a/sample-repo", + "repositoryArn": "arn:aws:ecr:us-west-2:123456789012:repository/project-a/sample-repo" } } @@ -22,7 +22,7 @@ For more information, see `Creating a Repository `_ in the *Amazon ECS Developer Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/create-stage.rst b/awscli/examples/ivs-realtime/create-stage.rst index 788be13f844d..9731071deff0 100644 --- a/awscli/examples/ivs-realtime/create-stage.rst +++ b/awscli/examples/ivs-realtime/create-stage.rst @@ -1,4 +1,4 @@ -**To create a stage** +**Example 1: To create a stage** The following ``create-stage`` example creates a stage and stage participant token for a specified user. :: @@ -19,9 +19,44 @@ Output:: "stage": { "activeSessionId": "st-a1b2c3d4e5f6g", "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "endpoints": { + "events": "wss://global.events.live-video.net", + "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + }, "name": "stage1", "tags": {} } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. + +**Example 2: To create a stage and configure individial participant recording** + +The following ``create-stage`` example creates a stage and configures individual participant recording. :: + + aws ivs-realtime create-stage \ + --name stage1 \ + --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh"}' + +Output:: + + { + "stage": { + "activeSessionId": "st-a1b2c3d4e5f6g", + "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "autoParticipantRecordingConfiguration": { + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + }, + "endpoints": { + "events": "wss://global.events.live-video.net", + "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + }, + "name": "stage1", + "tags": {} + } + } + +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/delete-public-key.rst b/awscli/examples/ivs-realtime/delete-public-key.rst new file mode 100644 index 000000000000..b4764d74be46 --- /dev/null +++ b/awscli/examples/ivs-realtime/delete-public-key.rst @@ -0,0 +1,10 @@ +**To delete a public key** + +The following ``delete-public-key`` deletes the specified public key. :: + + aws ivs-realtime delete-public-key \ + --arn arn:aws:ivs:us-west-2:123456789012:public-key/abcdABC1efg2 + +This command produces no output. + +For more information, see `Distribute Participant Tokens `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/get-participant.rst b/awscli/examples/ivs-realtime/get-participant.rst index 54dd789a775d..55d98715863f 100644 --- a/awscli/examples/ivs-realtime/get-participant.rst +++ b/awscli/examples/ivs-realtime/get-participant.rst @@ -16,13 +16,16 @@ Output:: "firstJoinTime": "2023-04-26T20:30:34+00:00", "ispName", "Comcast", "osName", "Microsoft Windows 10 Pro", - "osVersion", "10.0.19044", + "osVersion", "10.0.19044" "participantId": "abCDEf12GHIj", "published": true, + "recordingS3BucketName": "bucket-name", + "recordingS3Prefix": "abcdABCDefgh/st-a1b2c3d4e5f6g/abCDEf12GHIj/1234567890", + "recordingState": "ACTIVE", "sdkVersion", "", - "state": "DISCONNECTED", - "userId": "" + "state": "CONNECTED", + "userId": "", } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/get-public-key.rst b/awscli/examples/ivs-realtime/get-public-key.rst new file mode 100644 index 000000000000..642d0fb4c931 --- /dev/null +++ b/awscli/examples/ivs-realtime/get-public-key.rst @@ -0,0 +1,20 @@ +**To get an existing public key used to sign stage participant tokens** + +The following ``get-public-key`` example gets a public key specified by the provided ARN, for sigining stage participant tokens. :: + + aws ivs-realtime get-public-key \ + --arn arn:aws:ivs:us-west-2:123456789012:public-key/abcdABC1efg2 + +Output:: + + { + "publicKey": { + "arn": "arn:aws:ivs:us-west-2:123456789012:public-key/abcdABC1efg2", + "name": "", + "publicKeyMaterial": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqVWUtqs6EktQMR1sCYmEzGvRwtaycI16\n9pmzcpiWu/uhNStGlteJ5odRfRwVkoQUMnSZXTCcbn9bBTTmiWo4mJcFOOAzsthH\n0UAb8NdD4tUE0At4a9hYP9IETEXAMPLE\n-----END PUBLIC KEY-----", + "fingerprint": "12:a3:44:56:bc:7d:e8:9f:10:2g:34:hi:56:78:90:12", + "tags": {} + } + } + +For more information, see `Distribute Participant Tokens `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/get-stage.rst b/awscli/examples/ivs-realtime/get-stage.rst index 72289f44ae8e..5aa92d4b1c2a 100644 --- a/awscli/examples/ivs-realtime/get-stage.rst +++ b/awscli/examples/ivs-realtime/get-stage.rst @@ -11,9 +11,19 @@ Output:: "stage": { "activeSessionId": "st-a1b2c3d4e5f6g", "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "autoParticipantRecordingConfiguration": { + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + }, + "endpoints": { + "events": "wss://global.events.live-video.net", + "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + }, "name": "test", "tags": {} } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/import-public-key.rst b/awscli/examples/ivs-realtime/import-public-key.rst new file mode 100644 index 000000000000..ff6e78fee0ab --- /dev/null +++ b/awscli/examples/ivs-realtime/import-public-key.rst @@ -0,0 +1,20 @@ +**To import an existing public key to be used to sign stage participant tokens** + +The following ``import-public-key`` example imports a public key from a material file, to be used for sigining stage participant tokens. :: + + aws ivs-realtime import-public-key \ + --public-key-material="`cat public.pem`" + +Output:: + + { + "publicKey": { + "arn": "arn:aws:ivs:us-west-2:123456789012:public-key/abcdABC1efg2", + "name": "", + "publicKeyMaterial": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqVWUtqs6EktQMR1sCYmEzGvRwtaycI16\n9pmzcpiWu/uhNStGlteJ5odRfRwVkoQUMnSZXTCcbn9bBTTmiWo4mJcFOOAzsthH\n0UAb8NdD4tUE0At4a9hYP9IETEXAMPLE\n-----END PUBLIC KEY-----", + "fingerprint": "12:a3:44:56:bc:7d:e8:9f:10:2g:34:hi:56:78:90:12", + "tags": {} + } + } + +For more information, see `Distribute Participant Tokens `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/list-participants.rst b/awscli/examples/ivs-realtime/list-participants.rst index ddfefef98429..80cb7c8a21d2 100644 --- a/awscli/examples/ivs-realtime/list-participants.rst +++ b/awscli/examples/ivs-realtime/list-participants.rst @@ -14,10 +14,11 @@ Output:: "firstJoinTime": "2023-04-26T20:30:34+00:00", "participantId": "abCDEf12GHIj" "published": true, + "recordingState": "STOPPED", "state": "DISCONNECTED", "userId": "" } ] } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/list-public-keys.rst b/awscli/examples/ivs-realtime/list-public-keys.rst new file mode 100644 index 000000000000..c2d45027e01a --- /dev/null +++ b/awscli/examples/ivs-realtime/list-public-keys.rst @@ -0,0 +1,24 @@ +**To list existing public keys available to sign stage participant tokens** + +The following ``list-public-keys`` example lists all public keys available for sigining stage participant tokens, in the AWS region where the API request is processed. :: + + aws ivs-realtime list-public-keys + +Output:: + + { + "publicKeys": [ + { + "arn": "arn:aws:ivs:us-west-2:123456789012:public-key/abcdABC1efg2", + "name": "", + "tags": {} + }, + { + "arn": "arn:aws:ivs:us-west-2:123456789012:public-key/3bcdABCDefg4", + "name": "", + "tags": {} + } + ] + } + +For more information, see `Distribute Participant Tokens `__ in the *Amazon IVS Real-Time Streaming User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/update-stage.rst b/awscli/examples/ivs-realtime/update-stage.rst index 9ae116b18e91..f06f5d2ebc37 100644 --- a/awscli/examples/ivs-realtime/update-stage.rst +++ b/awscli/examples/ivs-realtime/update-stage.rst @@ -1,9 +1,10 @@ **To update a stage's configuration** -The following ``update-stage`` example updates a stage for a specified stage ARN to update the stage name. :: +The following ``update-stage`` example updates a stage for a specified stage ARN to update the stage name and configure individual participant recording. :: aws ivs-realtime update-stage \ --arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh \ + --auto-participant-recording-configuration '{"mediaTypes": ["AUDIO_VIDEO"],"storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh"}' \ --name stage1a Output:: @@ -11,8 +12,19 @@ Output:: { "stage": { "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", - "name": "stage1a" + "autoParticipantRecordingConfiguration": { + "mediaTypes": [ + "AUDIO_VIDEO" + ], + "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", + }, + "endpoints": { + "events": "wss://global.events.live-video.net", + "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" + }, + "name": "stage1a", + "tags": {} } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff --git a/awscli/examples/kms/derive-shared-secret.rst b/awscli/examples/kms/derive-shared-secret.rst new file mode 100644 index 000000000000..80f9ccc660be --- /dev/null +++ b/awscli/examples/kms/derive-shared-secret.rst @@ -0,0 +1,21 @@ +**To derive a shared secret** + +The following ``derive-shared-secret`` example derives a shared secret using a key agreement algorithm. + +You must use an asymmetric NIST-recommended elliptic curve (ECC) or SM2 (China Regions only) KMS key pair with a ``KeyUsage`` value of ``KEY_AGREEMENT`` to call DeriveSharedSecret. :: + + aws kms derive-shared-secret \ + --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ + --key-agreement-algorithm ECDH \ + --public-key "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH3Yj0wbkLEpUl95Cv1cJVjsVNSjwGq3tCLnzXfhVwVvmzGN8pYj3U8nKwgouaHbBWNJYjP5VutbbkKS4Kv4GojwZBJyHN17kmxo8yTjRmjR15SKIQ8cqRA2uaERMLnpztIXdZp232PQPbWGxDyXYJ0aJ5EFSag" + +Output:: + + { + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "SharedSecret": "MEYCIQCKZLWyTk5runarx6XiAkU9gv3lbwPO/pHa+DXFehzdDwIhANwpsIV2g/9SPWLLsF6p/hiSskuIXMTRwqrMdVKWTMHG", + "KeyAgreementAlgorithm": "ECDH", + "KeyOrigin": "AWS_KMS" + } + +For more information, see `DeriveSharedSecret `__ in the *AWS Key Management Service API Reference*. \ No newline at end of file diff --git a/awscli/examples/secretsmanager/create-secret.rst b/awscli/examples/secretsmanager/create-secret.rst index 56465559a2cf..63447d9e32d6 100755 --- a/awscli/examples/secretsmanager/create-secret.rst +++ b/awscli/examples/secretsmanager/create-secret.rst @@ -1,23 +1,4 @@ -**Example 1: To create a secret** - -The following ``create-secret`` example creates a secret with two key-value pairs. :: - - aws secretsmanager create-secret \ - --name MyTestSecret \ - --description "My test secret created with the CLI." \ - --secret-string "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}" - -Output:: - - { - "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3", - "Name": "MyTestSecret", - "VersionId": "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE" - } - -For more information, see `Create a secret `__ in the *Secrets Manager User Guide*. - -**Example 2: To create a secret from credentials in a JSON file** +**Example 1: To create a secret from credentials in a JSON file** The following ``create-secret`` example creates a secret from credentials in a file. For more information, see `Loading AWS CLI parameters from a file `__ in the *AWS CLI User Guide*. :: @@ -44,4 +25,23 @@ Output:: "VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } +For more information, see `Create a secret `__ in the *Secrets Manager User Guide*. + +**Example 2: To create a secret** + +The following ``create-secret`` example creates a secret with two key-value pairs. When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. This is a concern if the command includes the value of a secret. For more information, see `Mitigate the risks of using command-line tools to store secrets `__ in the *Secrets Manager User Guide*. :: + + aws secretsmanager create-secret \ + --name MyTestSecret \ + --description "My test secret created with the CLI." \ + --secret-string "{\"user\":\"diegor\",\"password\":\"EXAMPLE-PASSWORD\"}" + +Output:: + + { + "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestSecret-a1b2c3", + "Name": "MyTestSecret", + "VersionId": "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE" + } + For more information, see `Create a secret `__ in the *Secrets Manager User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-aws-logsource.rst b/awscli/examples/securitylake/create-aws-logsource.rst new file mode 100644 index 000000000000..5bf14da2ec88 --- /dev/null +++ b/awscli/examples/securitylake/create-aws-logsource.rst @@ -0,0 +1,16 @@ +**To add a natively supported Amazon Web Service as an Amazon Security Lake source** + +The following ``create-aws-logsource`` example adds VPC Flow Logs as a Security Lake source in the designated accounts and Regions. :: + + aws securitylake create-aws-log-source \ + --sources '[{"regions": ["us-east-1"], "accounts": ["123456789012"], "sourceName": "SH_FINDINGS", "sourceVersion": "2.0"}]' + +Output:: + + { + "failed": [ + "123456789012" + ] + } + +For more information, see `Adding an AWS service as a source `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-custom-logsource.rst b/awscli/examples/securitylake/create-custom-logsource.rst new file mode 100644 index 000000000000..2e15b97bef2b --- /dev/null +++ b/awscli/examples/securitylake/create-custom-logsource.rst @@ -0,0 +1,28 @@ +**To add a custom source as an Amazon Security Lake source** + +The following ``create-custom-logsource`` example adds a custom source as a Security Lake source in the designated log provider account and the designated Region. :: + + aws securitylake create-custom-log-source \ + --source-name "VPC_FLOW" \ + --event-classes '["DNS_ACTIVITY", "NETWORK_ACTIVITY"]' \ + --configuration '{"crawlerConfiguration": {"roleArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4"},"providerIdentity": {"principal": "029189416600","externalId": "123456789012"}}' --region "us-east-1" + +Output:: + + { + "customLogSource": { + "attributes": { + "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4", + "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4", + "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4" + }, + "provider": { + "location": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", + "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-testCustom2-eu-west-2" + }, + "sourceName": "testCustom2" + "sourceVersion": "2.0" + } + } + +For more information, see `Adding a custom source `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-data-lake-exception-subscription.rst b/awscli/examples/securitylake/create-data-lake-exception-subscription.rst new file mode 100644 index 000000000000..a08894ade3a0 --- /dev/null +++ b/awscli/examples/securitylake/create-data-lake-exception-subscription.rst @@ -0,0 +1,12 @@ +**To send notifications of Security Lake exceptions** + +The following ``create-data-lake-exception-subscription`` example sends notifications of Security Lake exceptions to the specified account through SMS delivery. The exception message remains for the specified time period. :: + + aws securitylake create-data-lake-exception-subscription \ + --notification-endpoint "123456789012" \ + --exception-time-to-live 30 \ + --subscription-protocol "sms" + +This command produces no output. + +For more information, see `Troubleshooting Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-data-lake-organization-configuration.rst b/awscli/examples/securitylake/create-data-lake-organization-configuration.rst new file mode 100644 index 000000000000..cc1629bb9fc5 --- /dev/null +++ b/awscli/examples/securitylake/create-data-lake-organization-configuration.rst @@ -0,0 +1,10 @@ +**To configure Security Lake in new organization accounts** + +The following ``create-data-lake-organization-configuration`` example enables Security Lake and the collection of the specified source events and logs in new organization accounts. :: + + aws securitylake create-data-lake-organization-configuration \ + --auto-enable-new-account '[{"region":"us-east-1","sources":[{"sourceName":"SH_FINDINGS","sourceVersion": "1.0"}]}]' + +This command produces no output. + +For more information, see `Managing multiple accounts with AWS Organizations `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-data-lake.rst b/awscli/examples/securitylake/create-data-lake.rst new file mode 100644 index 000000000000..27e18643e3c1 --- /dev/null +++ b/awscli/examples/securitylake/create-data-lake.rst @@ -0,0 +1,126 @@ +**Example 1: To configure your data lake in multiple Regions** + +The following ``create-data-lake`` example enables Amazon Security Lake in multiple AWS Regions and configures your data lake. :: + + aws securitylake create-data-lake \ + --configurations '[{"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-1","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}, {"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}]' \ + --meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager" + +Output:: + + { + "dataLakes": [ + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-1:522481757177:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "S3_MANAGED_KEY" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 365 + }, + "transitions": [ + { + "days": 60, + "storageClass": "ONEZONE_IA" + } + ] + }, + "region": "us-east-1", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-gnevt6s8z7bzby8oi3uiaysbr8v2ml", + "updateStatus": { + "exception": {}, + "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", + "status": "INITIALIZED" + } + }, + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "S3_MANAGED_KEY" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 365 + }, + "transitions": [ + { + "days": 60, + "storageClass": "ONEZONE_IA" + } + ] + }, + "region": "us-east-2", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", + "updateStatus": { + "exception": {}, + "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", + "status": "INITIALIZED" + } + } + ] + } + +For more information, see `Getting started with Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. + +**Example 2: To configure your data lake in a single Region** + +The following ``create-data-lake`` example enables Amazon Security Lake in a single AWS Region and configures your data lake. :: + + aws securitylake create-data-lake \ + --configurations '[{"encryptionConfiguration": {"kmsKeyId":"1234abcd-12ab-34cd-56ef-1234567890ab"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":500},"transitions":[{"days":30,"storageClass":"GLACIER"}]}}]' \ + --meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager" + +Output:: + + { + "dataLakes": [ + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 500 + }, + "transitions": [ + { + "days": 30, + "storageClass": "GLACIER" + } + ] + }, + "region": "us-east-2", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", + "updateStatus": { + "exception": {}, + "requestId": "77702a53-dcbf-493e-b8ef-518e362f3003", + "status": "INITIALIZED" + } + } + ] + } + +For more information, see `Getting started with Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-subscriber-data-access.rst b/awscli/examples/securitylake/create-subscriber-data-access.rst new file mode 100644 index 000000000000..6ee467ea17a9 --- /dev/null +++ b/awscli/examples/securitylake/create-subscriber-data-access.rst @@ -0,0 +1,41 @@ +**To create a subscriber with data access** + +The following ``create-subscriber`` example creates a subscriber in Security Lake with access to data in the current AWS Region for the specified subscriber identity for an AWS source. :: + + aws securitylake create-subscriber \ + --access-types "S3" \ + --sources '[{"awsLogSource": {"sourceName": "VPC_FLOW","sourceVersion": "2.0"}}]' \ + --subscriber-name "opensearch-s3" \ + --subscriber-identity '{"principal": "029189416600","externalId": "123456789012"}' + +Output:: + + { + "subscriber": { + "accessTypes": [ + "S3" + ], + "createdAt": "2024-07-17T19:08:26.787000+00:00", + "roleArn": "arn:aws:iam::773172568199:role/AmazonSecurityLake-896f218b-cfba-40be-a255-8b49a65d0407", + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-um632ufwpvxkyz0bc5hkb64atycnf3", + "sources": [ + { + "awsLogSource": { + "sourceName": "VPC_FLOW", + "sourceVersion": "2.0" + } + } + ], + "subscriberArn": "arn:aws:securitylake:us-east-1:773172568199:subscriber/896f218b-cfba-40be-a255-8b49a65d0407", + "subscriberId": "896f218b-cfba-40be-a255-8b49a65d0407", + "subscriberIdentity": { + "externalId": "123456789012", + "principal": "029189416600" + }, + "subscriberName": "opensearch-s3", + "subscriberStatus": "ACTIVE", + "updatedAt": "2024-07-17T19:08:27.133000+00:00" + } + } + +For more information, see `Creating a subscriber with data access `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-subscriber-notification.rst b/awscli/examples/securitylake/create-subscriber-notification.rst new file mode 100644 index 000000000000..bdb701b9f9d2 --- /dev/null +++ b/awscli/examples/securitylake/create-subscriber-notification.rst @@ -0,0 +1,17 @@ +**To create a subscriber notification** + +The following ``create-subscriber-notification`` example shows how to specify subscriber notification to create a notification when new data is written to the data lake. :: + + aws securitylake create-subscriber-notification \ + --subscriber-id "12345ab8-1a34-1c34-1bd4-12345ab9012" \ + --configuration '{"httpsNotificationConfiguration": {"targetRoleArn":"arn:aws:iam::XXX:role/service-role/RoleName", "endpoint":"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"}}' + +Output:: + + { + "subscriberEndpoint": [ + "https://account-management.$3.$2.securitylake.aws.dev/v1/datalake" + ] + } + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/create-subscriber-query-access.rst b/awscli/examples/securitylake/create-subscriber-query-access.rst new file mode 100644 index 000000000000..6fa3e93ae127 --- /dev/null +++ b/awscli/examples/securitylake/create-subscriber-query-access.rst @@ -0,0 +1,41 @@ +**To create a subscriber with query access** + +The following ``create-subscriber`` example creates a subscriber in Security Lake with query access in the current AWS Region for the specified subscriber identity. :: + + aws securitylake create-subscriber \ + --access-types "LAKEFORMATION" \ + --sources '[{"awsLogSource": {"sourceName": "VPC_FLOW","sourceVersion": "2.0"}}]' \ + --subscriber-name "opensearch-s3" \ + --subscriber-identity '{"principal": "029189416600","externalId": "123456789012"}' + +Output:: + + { + "subscriber": { + "accessTypes": [ + "LAKEFORMATION" + ], + "createdAt": "2024-07-18T01:05:55.853000+00:00", + "resourceShareArn": "arn:aws:ram:us-east-1:123456789012:resource-share/8c31da49-c224-4f1e-bb12-37ab756d6d8a", + "resourceShareName": "LakeFormation-V2-NAMENAMENA-123456789012", + "sources": [ + { + "awsLogSource": { + "sourceName": "VPC_FLOW", + "sourceVersion": "2.0" + } + } + ], + "subscriberArn": "arn:aws:securitylake:us-east-1:123456789012:subscriber/e762aabb-ce3d-4585-beab-63474597845d", + "subscriberId": "e762aabb-ce3d-4585-beab-63474597845d", + "subscriberIdentity": { + "externalId": "123456789012", + "principal": "029189416600" + }, + "subscriberName": "opensearch-s3", + "subscriberStatus": "ACTIVE", + "updatedAt": "2024-07-18T01:05:58.393000+00:00" + } + } + +For more information, see `Creating a subscriber with query access `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/delete-aws-logsource.rst b/awscli/examples/securitylake/delete-aws-logsource.rst new file mode 100644 index 000000000000..5d99d761d0c3 --- /dev/null +++ b/awscli/examples/securitylake/delete-aws-logsource.rst @@ -0,0 +1,16 @@ +**To remove a natively-supported AWS service.** + +The following ``delete-aws-logsource`` example deletes VPC Flow Logs as a Security Lake source in the designated accounts and Regions. :: + + aws securitylake delete-aws-log-source \ + --sources '[{"regions": ["us-east-1"], "accounts": ["123456789012"], "sourceName": "SH_FINDINGS", "sourceVersion": "2.0"}]' + +Output:: + + { + "failed": [ + "123456789012" + ] + } + +For more information, see `Removing an AWS service as a source `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/delete-custom-logsource.rst b/awscli/examples/securitylake/delete-custom-logsource.rst new file mode 100644 index 000000000000..41aeb46b9ad0 --- /dev/null +++ b/awscli/examples/securitylake/delete-custom-logsource.rst @@ -0,0 +1,10 @@ +**To remove a custom source.** + +The following ``delete-custom-logsource`` example deletes a custom source in the designated log provider account in the designated Region. :: + + aws securitylake delete-custom-log-source \ + --source-name "CustomSourceName" + +This command produces no output. + +For more information, see `Deleting a custom source `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/delete-data-lake-organization-configuration.rst b/awscli/examples/securitylake/delete-data-lake-organization-configuration.rst new file mode 100644 index 000000000000..9118049d528c --- /dev/null +++ b/awscli/examples/securitylake/delete-data-lake-organization-configuration.rst @@ -0,0 +1,10 @@ +**To stop automatic source collection in member accounts** + +The following ``delete-data-lake-organization-configuration`` example stops the automatic collection of AWS Security Hub findings from new member accounts that join the organization. Only the delegated Security Lake administrator can run this command. It prevents new member accounts from automatically contributing data to the data lake. :: + + aws securitylake delete-data-lake-organization-configuration \ + --auto-enable-new-account '[{"region":"us-east-1","sources":[{"sourceName":"SH_FINDINGS"}]}]' + +This command produces no output. + +For more information, see `Managing multiple accounts with AWS Organizations `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/delete-data-lake.rst b/awscli/examples/securitylake/delete-data-lake.rst new file mode 100644 index 000000000000..e8d3a6baef18 --- /dev/null +++ b/awscli/examples/securitylake/delete-data-lake.rst @@ -0,0 +1,10 @@ +**To disable your data lake** + +The following ``delete-data-lake`` example disables your data lake in the specified AWS Regions. In the specified Regions, sources no longer contribute data to the data lake. For a Security Lake deployment utilizing AWS Organizations, only the delegated Security Lake administrator for the organization can disable Security Lake for accounts in the organization. :: + + aws securitylake delete-data-lake \ + --regions "ap-northeast-1" "eu-central-1" + +This command produces no output. + +For more information, see `Disabling Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/delete-subscriber-notification.rst b/awscli/examples/securitylake/delete-subscriber-notification.rst new file mode 100644 index 000000000000..dd98ca339058 --- /dev/null +++ b/awscli/examples/securitylake/delete-subscriber-notification.rst @@ -0,0 +1,10 @@ +**To delete a subscriber notification** + +The following ``delete-subscriber-notification`` example shows how to delete the subscriber notification for specific Security Lake subscriber. :: + + aws securitylake delete-subscriber-notification \ + --subscriber-id "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + +This command produces no output. + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/delete-subscriber.rst b/awscli/examples/securitylake/delete-subscriber.rst new file mode 100644 index 000000000000..d5839d72ae93 --- /dev/null +++ b/awscli/examples/securitylake/delete-subscriber.rst @@ -0,0 +1,10 @@ +**To delete a subscriber** + +The following ``delete-subscriber`` example shows how to remove a subscriber if you no longer want a subscriber to consume data from Security Lake. :: + + aws securitylake delete-subscriber \ + --subscriber-id "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + +This command produces no output. + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/get-data-lake-exception-subscription.rst b/awscli/examples/securitylake/get-data-lake-exception-subscription.rst new file mode 100644 index 000000000000..4835bae5ba48 --- /dev/null +++ b/awscli/examples/securitylake/get-data-lake-exception-subscription.rst @@ -0,0 +1,15 @@ +**To get details about an exception subscription** + +The following ``get-data-lake-exception-subscription`` example provides details about a Security Lake exception subscription. In this example, the user of the specified AWS account is notified of errors through SMS delivery. The exception message remains in the account for the specified time period. An exception subscription notifies a Security Lake user about an error through the requester's preferred protocol. :: + + aws securitylake get-data-lake-exception-subscription + +Output:: + + { + "exceptionTimeToLive": 30, + "notificationEndpoint": "123456789012", + "subscriptionProtocol": "sms" + } + +For more information, see `Troubleshooting data lake status `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/get-data-lake-organization-configuration.rst b/awscli/examples/securitylake/get-data-lake-organization-configuration.rst new file mode 100644 index 000000000000..3e9d9029fb98 --- /dev/null +++ b/awscli/examples/securitylake/get-data-lake-organization-configuration.rst @@ -0,0 +1,31 @@ +**To get details about the configuration for new organization accounts** + +The following ``get-data-lake-organization-configuration`` example retrieves details about the source logs that new organization accounts will send after onboarding to Amazon Security Lake. :: + + aws securitylake get-data-lake-organization-configuration + +Output:: + + { + "autoEnableNewAccount": [ + { + "region": "us-east-1", + "sources": [ + { + "sourceName": "VPC_FLOW", + "sourceVersion": "1.0" + }, + { + "sourceName": "ROUTE53", + "sourceVersion": "1.0" + }, + { + "sourceName": "SH_FINDINGS", + "sourceVersion": "1.0" + } + ] + } + ] + } + +For more information, see `Managing multiple accounts with AWS Organizations `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/get-data-lake-sources.rst b/awscli/examples/securitylake/get-data-lake-sources.rst new file mode 100644 index 000000000000..9054de8a432a --- /dev/null +++ b/awscli/examples/securitylake/get-data-lake-sources.rst @@ -0,0 +1,66 @@ +**To get the status of log collection** + +The following ``get-data-lake-sources`` example gets a snapshot of log collection for the specified account in the current AWS Region. The account has Amazon Security Lake enabled. :: + + aws securitylake get-data-lake-sources \ + --accounts "123456789012" + +Output:: + + { + "dataLakeSources": [ + { + "account": "123456789012", + "sourceName": "SH_FINDINGS", + "sourceStatuses": [ + { + "resource": "vpc-1234567890abcdef0", + "status": "COLLECTING" + } + ] + }, + { + "account": "123456789012", + "sourceName": "VPC_FLOW", + "sourceStatuses": [ + { + "resource": "vpc-1234567890abcdef0", + "status": "NOT_COLLECTING" + } + ] + }, + { + "account": "123456789012", + "sourceName": "LAMBDA_EXECUTION", + "sourceStatuses": [ + { + "resource": "vpc-1234567890abcdef0", + "status": "COLLECTING" + } + ] + }, + { + "account": "123456789012", + "sourceName": "ROUTE53", + "sourceStatuses": [ + { + "resource": "vpc-1234567890abcdef0", + "status": "COLLECTING" + } + ] + }, + { + "account": "123456789012", + "sourceName": "CLOUD_TRAIL_MGMT", + "sourceStatuses": [ + { + "resource": "vpc-1234567890abcdef0", + "status": "COLLECTING" + } + ] + } + ], + "dataLakeArn": null + } + +For more information, see `Collecting data from AWS services `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/get-subscriber.rst b/awscli/examples/securitylake/get-subscriber.rst new file mode 100644 index 000000000000..2770a895da9c --- /dev/null +++ b/awscli/examples/securitylake/get-subscriber.rst @@ -0,0 +1,90 @@ +**To retrieve the subscription information** + +The following ``get-subscriber`` example retrieves the subscription information for the specified Securiy Lake subscriber. :: + + aws securitylake get-subscriber \ + --subscriber-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 + +Output:: + + { + "subscriber": { + "accessTypes": [ + "LAKEFORMATION" + ], + "createdAt": "2024-04-19T15:19:44.421803+00:00", + "resourceShareArn": "arn:aws:ram:eu-west-2:123456789012:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "resourceShareName": "LakeFormation-V3-TKJGBHCKTZ-123456789012", + "sources": [ + { + "awsLogSource": { + "sourceName": "LAMBDA_EXECUTION", + "sourceVersion": "1.0" + } + }, + { + "awsLogSource": { + "sourceName": "EKS_AUDIT", + "sourceVersion": "2.0" + } + }, + { + "awsLogSource": { + "sourceName": "ROUTE53", + "sourceVersion": "1.0" + } + }, + { + "awsLogSource": { + "sourceName": "SH_FINDINGS", + "sourceVersion": "1.0" + } + }, + { + "awsLogSource": { + "sourceName": "VPC_FLOW", + "sourceVersion": "1.0" + } + }, + { + "customLogSource": { + "attributes": { + "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/testCustom2", + "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/amazon_security_lake_glue_db_eu_west_2", + "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/amazon_security_lake_table_eu_west_2_ext_testcustom2" + }, + "provider": { + "location": "s3://aws-security-data-lake-eu-west-2-8ugsus4ztnsfpjbldwbgf4vge98av9/ext/testCustom2/", + "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-testCustom2-eu-west-2" + }, + "sourceName": "testCustom2" + } + }, + { + "customLogSource": { + "attributes": { + "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/TestCustom", + "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/amazon_security_lake_glue_db_eu_west_2", + "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/amazon_security_lake_table_eu_west_2_ext_testcustom" + }, + "provider": { + "location": "s3://aws-security-data-lake-eu-west-2-8ugsus4ztnsfpjbldwbgf4vge98av9/ext/TestCustom/", + "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-TestCustom-eu-west-2" + }, + "sourceName": "TestCustom" + } + } + ], + "subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "subscriberIdentity": { + "externalId": "123456789012", + "principal": "123456789012" + }, + "subscriberName": "test", + "subscriberStatus": "ACTIVE", + "updatedAt": "2024-04-19T15:19:55.230588+00:00" + } + } + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/list-data-lake-exceptions.rst b/awscli/examples/securitylake/list-data-lake-exceptions.rst new file mode 100644 index 000000000000..4b9f7d21adc4 --- /dev/null +++ b/awscli/examples/securitylake/list-data-lake-exceptions.rst @@ -0,0 +1,25 @@ +**To list the issues affecting your data lake** + +The following ``list-data-lake-exceptions`` example lists the issues that are affecting your data lake in the last 14 days in the specified AWS Regions. :: + + aws securitylake list-data-lake-exceptions \ + --regions "us-east-1" "eu-west-3" + +Output:: + + { + "exceptions": [ + { + "exception": "The account does not have the required role permissions. Update your role permissions to use the new data source version.", + "region": "us-east-1", + "timestamp": "2024-02-29T12:24:15.641725+00:00" + }, + { + "exception": "The account does not have the required role permissions. Update your role permissions to use the new data source version.", + "region": "eu-west-3", + "timestamp": "2024-02-29T12:24:15.641725+00:00" + } + ] + } + +For more information, see `Troubleshooting Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/list-data-lakes.rst b/awscli/examples/securitylake/list-data-lakes.rst new file mode 100644 index 000000000000..4f9a200a27ab --- /dev/null +++ b/awscli/examples/securitylake/list-data-lakes.rst @@ -0,0 +1,49 @@ +**To list the Security Lake configuration object** + +The following ``list-data-lakes`` example lists the Amazon Security Lake configuration object for the specified AWS Region. You can use this command to determine whether Security Lake is enabled in a specified Region or Regions. :: + + aws securitylake list-data-lakes \ + --regions "us-east-1" + +Output:: + + { + "dataLakes": [ + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-1:123456789012:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "S3_MANAGED_KEY" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 365 + }, + "transitions": [ + { + "days": 60, + "storageClass": "ONEZONE_IA" + } + ] + }, + "region": "us-east-1", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:123456789012:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-1234567890abcdef0", + "updateStatus": { + "exception": { + "code": "software.amazon.awssdk.services.s3.model.S3Exception", + "reason": "" + }, + "requestId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "status": "FAILED" + } + } + ] + } + +For more information, see `Checking Region status `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/list-log-sources.rst b/awscli/examples/securitylake/list-log-sources.rst new file mode 100644 index 000000000000..3875ad94dd96 --- /dev/null +++ b/awscli/examples/securitylake/list-log-sources.rst @@ -0,0 +1,29 @@ +**To retrieve the Amazon Security Lake log sources** + +The following ``list-log-sources`` example lists the Amazon Security Lake log sources in a specified account. :: + + aws securitylake list-log-sources \ + --accounts "123456789012" + +Output:: + + { + "account": "123456789012", + "region": "xy-region-1", + "sources": [ + { + "awsLogSource": { + "sourceName": "VPC_FLOW", + "sourceVersion": "2.0" + } + }, + { + "awsLogSource": { + "sourceName": "SH_FINDINGS", + "sourceVersion": "2.0" + } + } + ] + } + +For more information, see `Source management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/list-subscribers.rst b/awscli/examples/securitylake/list-subscribers.rst new file mode 100644 index 000000000000..a320af556095 --- /dev/null +++ b/awscli/examples/securitylake/list-subscribers.rst @@ -0,0 +1,60 @@ +**To retrieve the Amazon Security Lake subscribers** + +The following ``list-subscribers`` example lists all the Amazon Security Lake subscribers in a specific account. :: + + aws securitylake list-subscribers + +Output:: + + { + "subscribers": [ + { + "accessTypes": [ + "S3" + ], + "createdAt": "2024-06-04T15:02:28.921000+00:00", + "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4", + "s3BucketArn": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", + "sources": [ + { + "awsLogSource": { + "sourceName": "CLOUD_TRAIL_MGMT", + "sourceVersion": "2.0" + } + }, + { + "awsLogSource": { + "sourceName": "LAMBDA_EXECUTION", + "sourceVersion": "1.0" + } + }, + { + "customLogSource": { + "attributes": { + "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4", + "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4", + "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4" + }, + "provider": { + "location": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", + "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4" + }, + "sourceName": "testCustom2" + } + } + ], + "subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/E1WG1ZNPRXT0D4", + "subscriberEndpoint": "arn:aws:sqs:eu-west-2:123456789012:AmazonSecurityLake-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111-Main-Queue", + "subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "subscriberIdentity": { + "externalId": "ext123456789012", + "principal": "123456789012" + }, + "subscriberName": "Test", + "subscriberStatus": "ACTIVE", + "updatedAt": "2024-06-04T15:02:35.617000+00:00" + } + ] + } + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/list-tags-for-resource.rst b/awscli/examples/securitylake/list-tags-for-resource.rst new file mode 100644 index 000000000000..91382761d590 --- /dev/null +++ b/awscli/examples/securitylake/list-tags-for-resource.rst @@ -0,0 +1,27 @@ +**To list tags for an existing resource** + +The following ``list-tags-for-resource`` example lists tags for the specified Amazon Security Lake subscriber. In this example, the Owner tag key doesn't have an associated tag value. You can use this operation to list tags for other existing Security Lake resources as well. :: + + aws securitylake list-tags-for-resource \ + --resource-arn "arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab" + +Output:: + + { + "tags": [ + { + "key": "Environment", + "value": "Cloud" + }, + { + "key": "CostCenter", + "value": "12345" + }, + { + "key": "Owner", + "value": "" + } + ] + } + +For more information, see `Tagging Amazon Security Lake resources `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/register-data-lake-delegated-administrator.rst b/awscli/examples/securitylake/register-data-lake-delegated-administrator.rst new file mode 100644 index 000000000000..be008ea565f0 --- /dev/null +++ b/awscli/examples/securitylake/register-data-lake-delegated-administrator.rst @@ -0,0 +1,10 @@ +**To designate the delegated administratore** + +The following ``register-data-lake-delegated-administrator`` example designates the specified AWS account as the delegated Amazon Security Lake administrator. :: + + aws securitylake register-data-lake-delegated-administrator \ + --account-id 123456789012 + +This command produces no output. + +For more information, see `Managing multiple accounts with AWS Organizations `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/tag-resource.rst b/awscli/examples/securitylake/tag-resource.rst new file mode 100644 index 000000000000..5512262112ad --- /dev/null +++ b/awscli/examples/securitylake/tag-resource.rst @@ -0,0 +1,11 @@ +**To add tags to an existing resource** + +The following ``tag-resource`` example add tags to an existing subscriber resource. To create a new resource and add one or more tags to it, don't use this operation. Instead, use the appropriate Create operation for the the type of resource that you want to create. :: + + aws securitylake tag-resource \ + --resource-arn "arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab" \ + --tags key=Environment,value=Cloud + +This command produces no output. + +For more information, see `Tagging Amazon Security Lake resources `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/untag-resource.rst b/awscli/examples/securitylake/untag-resource.rst new file mode 100644 index 000000000000..15d3bab171ed --- /dev/null +++ b/awscli/examples/securitylake/untag-resource.rst @@ -0,0 +1,11 @@ +**To remove tags from an existing resource** + +The following ``untag-resource`` example removes the specified tags from an existing subscriber resource. :: + + aws securitylake untag-resource \ + --resource-arn "arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab" \ + --tags Environment Owner + +This command produces no output. + +For more information, see `Tagging Amazon Security Lake resources `__ in the *Amazon Security Lake User Guide*. diff --git a/awscli/examples/securitylake/update-data-lake-exception-subscription.rst b/awscli/examples/securitylake/update-data-lake-exception-subscription.rst new file mode 100644 index 000000000000..0070f99edcb9 --- /dev/null +++ b/awscli/examples/securitylake/update-data-lake-exception-subscription.rst @@ -0,0 +1,12 @@ +**To update notification subscription for Security Lake exceptions** + +The following ``update-data-lake-exception-subscription`` example updates the notification subscription that notifies users of Security Lake exceptions. :: + + aws securitylake update-data-lake-exception-subscription \ + --notification-endpoint "123456789012" \ + --exception-time-to-live 30 \ + --subscription-protocol "email" + +This command produces no output. + +For more information, see `Troubleshooting Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/update-data-lake.rst b/awscli/examples/securitylake/update-data-lake.rst new file mode 100644 index 000000000000..209541e0c643 --- /dev/null +++ b/awscli/examples/securitylake/update-data-lake.rst @@ -0,0 +1,126 @@ +**Example 1: To update your data lake settings** + +The following ``update-data-lake`` example updates the settings of your Amazon Security Lake data lake. You can use this operation to specify data encryption, storage, and rollup Region settings. :: + + aws securitylake update-data-lake \ + --configurations '[{"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-1","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}, {"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}]' \ + --meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager" + +Output:: + + { + "dataLakes": [ + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-1:522481757177:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "S3_MANAGED_KEY" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 365 + }, + "transitions": [ + { + "days": 60, + "storageClass": "ONEZONE_IA" + } + ] + }, + "region": "us-east-1", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-gnevt6s8z7bzby8oi3uiaysbr8v2ml", + "updateStatus": { + "exception": {}, + "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", + "status": "INITIALIZED" + } + }, + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "S3_MANAGED_KEY" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 365 + }, + "transitions": [ + { + "days": 60, + "storageClass": "ONEZONE_IA" + } + ] + }, + "region": "us-east-2", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", + "updateStatus": { + "exception": {}, + "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", + "status": "INITIALIZED" + } + } + ] + } + +For more information, see `Getting started with Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. + +**Example 2: To configure your data lake in a single Region** + +The following ``create-data-lake`` example enables Amazon Security Lake in a single AWS Region and configures your data lake. :: + + aws securitylake create-data-lake \ + --configurations '[{"encryptionConfiguration": {"kmsKeyId":"1234abcd-12ab-34cd-56ef-1234567890ab"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":500},"transitions":[{"days":30,"storageClass":"GLACIER"}]}}]' \ + --meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager" + +Output:: + + { + "dataLakes": [ + { + "createStatus": "COMPLETED", + "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", + "encryptionConfiguration": { + "kmsKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "lifecycleConfiguration": { + "expiration": { + "days": 500 + }, + "transitions": [ + { + "days": 30, + "storageClass": "GLACIER" + } + ] + }, + "region": "us-east-2", + "replicationConfiguration": { + "regions": [ + "ap-northeast-3" + ], + "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" + }, + "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", + "updateStatus": { + "exception": {}, + "requestId": "77702a53-dcbf-493e-b8ef-518e362f3003", + "status": "INITIALIZED" + } + } + ] + } + +For more information, see `Getting started with Amazon Security Lake `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/update-subscriber-notification.rst b/awscli/examples/securitylake/update-subscriber-notification.rst new file mode 100644 index 000000000000..f41338d4a6bf --- /dev/null +++ b/awscli/examples/securitylake/update-subscriber-notification.rst @@ -0,0 +1,17 @@ +**To update a subscriber notification** + +The following ``update-subscriber-notification`` example shows how you can update the notification method for a subscriber. :: + + aws securitylake update-subscriber-notification \ + --subscriber-id "12345ab8-1a34-1c34-1bd4-12345ab9012" \ + --configuration '{"httpsNotificationConfiguration": {"targetRoleArn":"arn:aws:iam::XXX:role/service-role/RoleName", "endpoint":"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"}}' + +Output:: + + { + "subscriberEndpoint": [ + "https://account-management.$3.$2.securitylake.aws.dev/v1/datalake" + ] + } + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file diff --git a/awscli/examples/securitylake/update-subscriber.rst b/awscli/examples/securitylake/update-subscriber.rst new file mode 100644 index 000000000000..b991f2f14c40 --- /dev/null +++ b/awscli/examples/securitylake/update-subscriber.rst @@ -0,0 +1,76 @@ +**To update an Amazon Security Lake subscriber.** + +The following ``update-subscriber`` example updates the security lake data access sources for a specific Security Lake subscriber. :: + + aws securitylake update-subscriber \ + --subscriber-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 + +Output:: + + { + "subscriber": { + "accessTypes": [ + "LAKEFORMATION" + ], + "createdAt": "2024-04-19T15:19:44.421803+00:00", + "resourceShareArn": "arn:aws:ram:eu-west-2:123456789012:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "resourceShareName": "LakeFormation-V3-TKJGBHCKTZ-123456789012", + "sources": [ + { + "awsLogSource": { + "sourceName": "LAMBDA_EXECUTION", + "sourceVersion": "1.0" + } + }, + { + "awsLogSource": { + "sourceName": "EKS_AUDIT", + "sourceVersion": "2.0" + } + }, + { + "awsLogSource": { + "sourceName": "ROUTE53", + "sourceVersion": "1.0" + } + }, + { + "awsLogSource": { + "sourceName": "SH_FINDINGS", + "sourceVersion": "1.0" + } + }, + { + "awsLogSource": { + "sourceName": "VPC_FLOW", + "sourceVersion": "1.0" + } + }, + { + "customLogSource": { + "attributes": { + "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4", + "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4", + "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4" + }, + "provider": { + "location": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", + "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4" + }, + "sourceName": "testCustom2" + } + } + ], + "subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "subscriberIdentity": { + "externalId": "123456789012", + "principal": "123456789012" + }, + "subscriberName": "test", + "subscriberStatus": "ACTIVE", + "updatedAt": "2024-07-18T20:47:37.098000+00:00" + } + } + +For more information, see `Subscriber management `__ in the *Amazon Security Lake User Guide*. \ No newline at end of file