{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE TypeFamilies #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.SecurityLake.CreateCustomLogSource -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- -- Adds a third-party custom source in Amazon Security Lake, from the -- Amazon Web Services Region where you want to create a custom source. -- Security Lake can collect logs and events from third-party custom -- sources. After creating the appropriate IAM role to invoke Glue crawler, -- use this API to add a custom source name in Security Lake. This -- operation creates a partition in the Amazon S3 bucket for Security Lake -- as the target location for log files from the custom source in addition -- to an associated Glue table and an Glue crawler. module Amazonka.SecurityLake.CreateCustomLogSource ( -- * Creating a Request CreateCustomLogSource (..), newCreateCustomLogSource, -- * Request Lenses createCustomLogSource_customSourceName, createCustomLogSource_eventClass, createCustomLogSource_glueInvocationRoleArn, createCustomLogSource_logProviderAccountId, -- * Destructuring the Response CreateCustomLogSourceResponse (..), newCreateCustomLogSourceResponse, -- * Response Lenses createCustomLogSourceResponse_httpStatus, createCustomLogSourceResponse_customDataLocation, createCustomLogSourceResponse_glueCrawlerName, createCustomLogSourceResponse_glueDatabaseName, createCustomLogSourceResponse_glueTableName, createCustomLogSourceResponse_logProviderAccessRoleArn, ) where import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import qualified Amazonka.Prelude as Prelude import qualified Amazonka.Request as Request import qualified Amazonka.Response as Response import Amazonka.SecurityLake.Types -- | /See:/ 'newCreateCustomLogSource' smart constructor. data CreateCustomLogSource = CreateCustomLogSource' { -- | The name for a third-party custom source. This must be a Regionally -- unique value. customSourceName :: Prelude.Text, -- | The Open Cybersecurity Schema Framework (OCSF) event class which -- describes the type of data that the custom source will send to Security -- Lake. eventClass :: OcsfEventClass, -- | The Amazon Resource Name (ARN) of the Identity and Access Management -- (IAM) role to be used by the Glue crawler. The recommended IAM policies -- are: -- -- - The managed policy @AWSGlueServiceRole@ -- -- - A custom policy granting access to your Amazon S3 Data Lake glueInvocationRoleArn :: Prelude.Text, -- | The Amazon Web Services account ID of the custom source that will write -- logs and events into the Amazon S3 Data Lake. logProviderAccountId :: Prelude.Text } deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic) -- | -- Create a value of 'CreateCustomLogSource' with all optional fields omitted. -- -- Use or to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'customSourceName', 'createCustomLogSource_customSourceName' - The name for a third-party custom source. This must be a Regionally -- unique value. -- -- 'eventClass', 'createCustomLogSource_eventClass' - The Open Cybersecurity Schema Framework (OCSF) event class which -- describes the type of data that the custom source will send to Security -- Lake. -- -- 'glueInvocationRoleArn', 'createCustomLogSource_glueInvocationRoleArn' - The Amazon Resource Name (ARN) of the Identity and Access Management -- (IAM) role to be used by the Glue crawler. The recommended IAM policies -- are: -- -- - The managed policy @AWSGlueServiceRole@ -- -- - A custom policy granting access to your Amazon S3 Data Lake -- -- 'logProviderAccountId', 'createCustomLogSource_logProviderAccountId' - The Amazon Web Services account ID of the custom source that will write -- logs and events into the Amazon S3 Data Lake. newCreateCustomLogSource :: -- | 'customSourceName' Prelude.Text -> -- | 'eventClass' OcsfEventClass -> -- | 'glueInvocationRoleArn' Prelude.Text -> -- | 'logProviderAccountId' Prelude.Text -> CreateCustomLogSource newCreateCustomLogSource pCustomSourceName_ pEventClass_ pGlueInvocationRoleArn_ pLogProviderAccountId_ = CreateCustomLogSource' { customSourceName = pCustomSourceName_, eventClass = pEventClass_, glueInvocationRoleArn = pGlueInvocationRoleArn_, logProviderAccountId = pLogProviderAccountId_ } -- | The name for a third-party custom source. This must be a Regionally -- unique value. createCustomLogSource_customSourceName :: Lens.Lens' CreateCustomLogSource Prelude.Text createCustomLogSource_customSourceName = Lens.lens (\CreateCustomLogSource' {customSourceName} -> customSourceName) (\s@CreateCustomLogSource' {} a -> s {customSourceName = a} :: CreateCustomLogSource) -- | The Open Cybersecurity Schema Framework (OCSF) event class which -- describes the type of data that the custom source will send to Security -- Lake. createCustomLogSource_eventClass :: Lens.Lens' CreateCustomLogSource OcsfEventClass createCustomLogSource_eventClass = Lens.lens (\CreateCustomLogSource' {eventClass} -> eventClass) (\s@CreateCustomLogSource' {} a -> s {eventClass = a} :: CreateCustomLogSource) -- | The Amazon Resource Name (ARN) of the Identity and Access Management -- (IAM) role to be used by the Glue crawler. The recommended IAM policies -- are: -- -- - The managed policy @AWSGlueServiceRole@ -- -- - A custom policy granting access to your Amazon S3 Data Lake createCustomLogSource_glueInvocationRoleArn :: Lens.Lens' CreateCustomLogSource Prelude.Text createCustomLogSource_glueInvocationRoleArn = Lens.lens (\CreateCustomLogSource' {glueInvocationRoleArn} -> glueInvocationRoleArn) (\s@CreateCustomLogSource' {} a -> s {glueInvocationRoleArn = a} :: CreateCustomLogSource) -- | The Amazon Web Services account ID of the custom source that will write -- logs and events into the Amazon S3 Data Lake. createCustomLogSource_logProviderAccountId :: Lens.Lens' CreateCustomLogSource Prelude.Text createCustomLogSource_logProviderAccountId = Lens.lens (\CreateCustomLogSource' {logProviderAccountId} -> logProviderAccountId) (\s@CreateCustomLogSource' {} a -> s {logProviderAccountId = a} :: CreateCustomLogSource) instance Core.AWSRequest CreateCustomLogSource where type AWSResponse CreateCustomLogSource = CreateCustomLogSourceResponse request overrides = Request.postJSON (overrides defaultService) response = Response.receiveJSON ( \s h x -> CreateCustomLogSourceResponse' Prelude.<$> (Prelude.pure (Prelude.fromEnum s)) Prelude.<*> (x Data..:> "customDataLocation") Prelude.<*> (x Data..:> "glueCrawlerName") Prelude.<*> (x Data..:> "glueDatabaseName") Prelude.<*> (x Data..:> "glueTableName") Prelude.<*> (x Data..:> "logProviderAccessRoleArn") ) instance Prelude.Hashable CreateCustomLogSource where hashWithSalt _salt CreateCustomLogSource' {..} = _salt `Prelude.hashWithSalt` customSourceName `Prelude.hashWithSalt` eventClass `Prelude.hashWithSalt` glueInvocationRoleArn `Prelude.hashWithSalt` logProviderAccountId instance Prelude.NFData CreateCustomLogSource where rnf CreateCustomLogSource' {..} = Prelude.rnf customSourceName `Prelude.seq` Prelude.rnf eventClass `Prelude.seq` Prelude.rnf glueInvocationRoleArn `Prelude.seq` Prelude.rnf logProviderAccountId instance Data.ToHeaders CreateCustomLogSource where toHeaders = Prelude.const ( Prelude.mconcat [ "Content-Type" Data.=# ( "application/x-amz-json-1.1" :: Prelude.ByteString ) ] ) instance Data.ToJSON CreateCustomLogSource where toJSON CreateCustomLogSource' {..} = Data.object ( Prelude.catMaybes [ Prelude.Just ("customSourceName" Data..= customSourceName), Prelude.Just ("eventClass" Data..= eventClass), Prelude.Just ( "glueInvocationRoleArn" Data..= glueInvocationRoleArn ), Prelude.Just ( "logProviderAccountId" Data..= logProviderAccountId ) ] ) instance Data.ToPath CreateCustomLogSource where toPath = Prelude.const "/v1/logsources/custom" instance Data.ToQuery CreateCustomLogSource where toQuery = Prelude.const Prelude.mempty -- | /See:/ 'newCreateCustomLogSourceResponse' smart constructor. data CreateCustomLogSourceResponse = CreateCustomLogSourceResponse' { -- | The response's http status code. httpStatus :: Prelude.Int, -- | The location of the partition in the Amazon S3 bucket for Security Lake. customDataLocation :: Prelude.Text, -- | The name of the Glue crawler. glueCrawlerName :: Prelude.Text, -- | The Glue database where results are written, such as: -- @arn:aws:daylight:us-east-1::database\/sometable\/*@. glueDatabaseName :: Prelude.Text, -- | The table name of the Glue crawler. glueTableName :: Prelude.Text, -- | The ARN of the IAM role to be used by the entity putting logs into your -- custom source partition. Security Lake will apply the correct access -- policies to this role, but you must first manually create the trust -- policy for this role. The IAM role name must start with the text -- \'Security Lake\'. The IAM role must trust the @logProviderAccountId@ to -- assume the role. logProviderAccessRoleArn :: Prelude.Text } deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic) -- | -- Create a value of 'CreateCustomLogSourceResponse' with all optional fields omitted. -- -- Use or to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'httpStatus', 'createCustomLogSourceResponse_httpStatus' - The response's http status code. -- -- 'customDataLocation', 'createCustomLogSourceResponse_customDataLocation' - The location of the partition in the Amazon S3 bucket for Security Lake. -- -- 'glueCrawlerName', 'createCustomLogSourceResponse_glueCrawlerName' - The name of the Glue crawler. -- -- 'glueDatabaseName', 'createCustomLogSourceResponse_glueDatabaseName' - The Glue database where results are written, such as: -- @arn:aws:daylight:us-east-1::database\/sometable\/*@. -- -- 'glueTableName', 'createCustomLogSourceResponse_glueTableName' - The table name of the Glue crawler. -- -- 'logProviderAccessRoleArn', 'createCustomLogSourceResponse_logProviderAccessRoleArn' - The ARN of the IAM role to be used by the entity putting logs into your -- custom source partition. Security Lake will apply the correct access -- policies to this role, but you must first manually create the trust -- policy for this role. The IAM role name must start with the text -- \'Security Lake\'. The IAM role must trust the @logProviderAccountId@ to -- assume the role. newCreateCustomLogSourceResponse :: -- | 'httpStatus' Prelude.Int -> -- | 'customDataLocation' Prelude.Text -> -- | 'glueCrawlerName' Prelude.Text -> -- | 'glueDatabaseName' Prelude.Text -> -- | 'glueTableName' Prelude.Text -> -- | 'logProviderAccessRoleArn' Prelude.Text -> CreateCustomLogSourceResponse newCreateCustomLogSourceResponse pHttpStatus_ pCustomDataLocation_ pGlueCrawlerName_ pGlueDatabaseName_ pGlueTableName_ pLogProviderAccessRoleArn_ = CreateCustomLogSourceResponse' { httpStatus = pHttpStatus_, customDataLocation = pCustomDataLocation_, glueCrawlerName = pGlueCrawlerName_, glueDatabaseName = pGlueDatabaseName_, glueTableName = pGlueTableName_, logProviderAccessRoleArn = pLogProviderAccessRoleArn_ } -- | The response's http status code. createCustomLogSourceResponse_httpStatus :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Int createCustomLogSourceResponse_httpStatus = Lens.lens (\CreateCustomLogSourceResponse' {httpStatus} -> httpStatus) (\s@CreateCustomLogSourceResponse' {} a -> s {httpStatus = a} :: CreateCustomLogSourceResponse) -- | The location of the partition in the Amazon S3 bucket for Security Lake. createCustomLogSourceResponse_customDataLocation :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text createCustomLogSourceResponse_customDataLocation = Lens.lens (\CreateCustomLogSourceResponse' {customDataLocation} -> customDataLocation) (\s@CreateCustomLogSourceResponse' {} a -> s {customDataLocation = a} :: CreateCustomLogSourceResponse) -- | The name of the Glue crawler. createCustomLogSourceResponse_glueCrawlerName :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text createCustomLogSourceResponse_glueCrawlerName = Lens.lens (\CreateCustomLogSourceResponse' {glueCrawlerName} -> glueCrawlerName) (\s@CreateCustomLogSourceResponse' {} a -> s {glueCrawlerName = a} :: CreateCustomLogSourceResponse) -- | The Glue database where results are written, such as: -- @arn:aws:daylight:us-east-1::database\/sometable\/*@. createCustomLogSourceResponse_glueDatabaseName :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text createCustomLogSourceResponse_glueDatabaseName = Lens.lens (\CreateCustomLogSourceResponse' {glueDatabaseName} -> glueDatabaseName) (\s@CreateCustomLogSourceResponse' {} a -> s {glueDatabaseName = a} :: CreateCustomLogSourceResponse) -- | The table name of the Glue crawler. createCustomLogSourceResponse_glueTableName :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text createCustomLogSourceResponse_glueTableName = Lens.lens (\CreateCustomLogSourceResponse' {glueTableName} -> glueTableName) (\s@CreateCustomLogSourceResponse' {} a -> s {glueTableName = a} :: CreateCustomLogSourceResponse) -- | The ARN of the IAM role to be used by the entity putting logs into your -- custom source partition. Security Lake will apply the correct access -- policies to this role, but you must first manually create the trust -- policy for this role. The IAM role name must start with the text -- \'Security Lake\'. The IAM role must trust the @logProviderAccountId@ to -- assume the role. createCustomLogSourceResponse_logProviderAccessRoleArn :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text createCustomLogSourceResponse_logProviderAccessRoleArn = Lens.lens (\CreateCustomLogSourceResponse' {logProviderAccessRoleArn} -> logProviderAccessRoleArn) (\s@CreateCustomLogSourceResponse' {} a -> s {logProviderAccessRoleArn = a} :: CreateCustomLogSourceResponse) instance Prelude.NFData CreateCustomLogSourceResponse where rnf CreateCustomLogSourceResponse' {..} = Prelude.rnf httpStatus `Prelude.seq` Prelude.rnf customDataLocation `Prelude.seq` Prelude.rnf glueCrawlerName `Prelude.seq` Prelude.rnf glueDatabaseName `Prelude.seq` Prelude.rnf glueTableName `Prelude.seq` Prelude.rnf logProviderAccessRoleArn