feat(client-cloudwatch-logs): Updates to support CloudWatch Logs data protection and CloudWatch cross-account observability

Author: awstools

clients/client-cloudwatch-logs/README.md

@@ -11,22 +11,23 @@ AWS SDK for JavaScript CloudWatchLogs Client for Node.js, Browser and React Nati
 
 <p>You can use Amazon CloudWatch Logs to monitor, store, and access your log files from
 EC2 instances, CloudTrail, and other sources. You can then retrieve the associated
-log data from CloudWatch Logs using the CloudWatch console, CloudWatch Logs commands in the
-Amazon Web Services CLI, CloudWatch Logs API, or CloudWatch Logs SDK.</p>
+log data from CloudWatch Logs using the CloudWatch console. Alternatively, you can use
+CloudWatch Logs commands in the Amazon Web Services CLI, CloudWatch Logs API, or CloudWatch
+Logs SDK.</p>
 <p>You can use CloudWatch Logs to:</p>
 <ul>
 <li>
 <p>
-<b>Monitor logs from EC2 instances in real-time</b>: You
+<b>Monitor logs from EC2 instances in real time</b>: You
 can use CloudWatch Logs to monitor applications and systems using log data. For example,
-CloudWatch Logs can track the number of errors that occur in your application logs and
-send you a notification whenever the rate of errors exceeds a threshold that you specify.
-CloudWatch Logs uses your log data for monitoring so no code changes are required. For
-example, you can monitor application logs for specific literal terms (such as
-"NullReferenceException") or count the number of occurrences of a literal term at a
-particular position in log data (such as "404" status codes in an Apache access log). When
-the term you are searching for is found, CloudWatch Logs reports the data to a CloudWatch
-metric that you specify.</p>
+CloudWatch Logs can track the number of errors that occur in your application logs. Then,
+it can send you a notification whenever the rate of errors exceeds a threshold that you
+specify. CloudWatch Logs uses your log data for monitoring so no code changes are
+required. For example, you can monitor application logs for specific literal terms (such
+as "NullReferenceException"). You can also count the number of occurrences of a literal
+term at a particular position in log data (such as "404" status codes in an Apache access
+log). When the term you are searching for is found, CloudWatch Logs reports the data to a
+CloudWatch metric that you specify.</p>
 </li>
 <li>
 <p>
@@ -38,9 +39,9 @@ captured by CloudTrail. You can use the notification to perform troubleshooting.
 <p>
 <b>Archive log data</b>: You can use CloudWatch Logs to
 store your log data in highly durable storage. You can change the log retention setting so
-that any log events older than this setting are automatically deleted. The CloudWatch Logs
-agent makes it easy to quickly send both rotated and non-rotated log data off of a host
-and into the log service. You can then access the raw log data when you need it.</p>
+that any log events earlier than this setting are automatically deleted. The CloudWatch
+Logs agent helps to quickly send both rotated and non-rotated log data off of a host and
+into the log service. You can then access the raw log data when you need it.</p>
 </li>
 </ul>
 

clients/client-cloudwatch-logs/src/CloudWatchLogs.ts

@@ -52,6 +52,10 @@ import { CancelExportTaskCommandInput, CancelExportTaskCommandOutput } from "./c
 import { CreateExportTaskCommandInput, CreateExportTaskCommandOutput } from "./commands/CreateExportTaskCommand";
 import { CreateLogGroupCommandInput, CreateLogGroupCommandOutput } from "./commands/CreateLogGroupCommand";
 import { CreateLogStreamCommandInput, CreateLogStreamCommandOutput } from "./commands/CreateLogStreamCommand";
+import {
+  DeleteDataProtectionPolicyCommandInput,
+  DeleteDataProtectionPolicyCommandOutput,
+} from "./commands/DeleteDataProtectionPolicyCommand";
 import { DeleteDestinationCommandInput, DeleteDestinationCommandOutput } from "./commands/DeleteDestinationCommand";
 import { DeleteLogGroupCommandInput, DeleteLogGroupCommandOutput } from "./commands/DeleteLogGroupCommand";
 import { DeleteLogStreamCommandInput, DeleteLogStreamCommandOutput } from "./commands/DeleteLogStreamCommand";
@@ -101,6 +105,10 @@ import {
 } from "./commands/DescribeSubscriptionFiltersCommand";
 import { DisassociateKmsKeyCommandInput, DisassociateKmsKeyCommandOutput } from "./commands/DisassociateKmsKeyCommand";
 import { FilterLogEventsCommandInput, FilterLogEventsCommandOutput } from "./commands/FilterLogEventsCommand";
+import {
+  GetDataProtectionPolicyCommandInput,
+  GetDataProtectionPolicyCommandOutput,
+} from "./commands/GetDataProtectionPolicyCommand";
 import { GetLogEventsCommandInput, GetLogEventsCommandOutput } from "./commands/GetLogEventsCommand";
 import { GetLogGroupFieldsCommandInput, GetLogGroupFieldsCommandOutput } from "./commands/GetLogGroupFieldsCommand";
 import { GetLogRecordCommandInput, GetLogRecordCommandOutput } from "./commands/GetLogRecordCommand";
@@ -110,6 +118,10 @@ import {
   ListTagsForResourceCommandOutput,
 } from "./commands/ListTagsForResourceCommand";
 import { ListTagsLogGroupCommandInput, ListTagsLogGroupCommandOutput } from "./commands/ListTagsLogGroupCommand";
+import {
+  PutDataProtectionPolicyCommandInput,
+  PutDataProtectionPolicyCommandOutput,
+} from "./commands/PutDataProtectionPolicyCommand";
 import { PutDestinationCommandInput, PutDestinationCommandOutput } from "./commands/PutDestinationCommand";
 import {
   PutDestinationPolicyCommandInput,
@@ -145,6 +157,7 @@ export type ServiceInputTypes =
   | CreateExportTaskCommandInput
   | CreateLogGroupCommandInput
   | CreateLogStreamCommandInput
+  | DeleteDataProtectionPolicyCommandInput
   | DeleteDestinationCommandInput
   | DeleteLogGroupCommandInput
   | DeleteLogStreamCommandInput
@@ -164,12 +177,14 @@ export type ServiceInputTypes =
   | DescribeSubscriptionFiltersCommandInput
   | DisassociateKmsKeyCommandInput
   | FilterLogEventsCommandInput
+  | GetDataProtectionPolicyCommandInput
   | GetLogEventsCommandInput
   | GetLogGroupFieldsCommandInput
   | GetLogRecordCommandInput
   | GetQueryResultsCommandInput
   | ListTagsForResourceCommandInput
   | ListTagsLogGroupCommandInput
+  | PutDataProtectionPolicyCommandInput
   | PutDestinationCommandInput
   | PutDestinationPolicyCommandInput
   | PutLogEventsCommandInput
@@ -192,6 +207,7 @@ export type ServiceOutputTypes =
   | CreateExportTaskCommandOutput
   | CreateLogGroupCommandOutput
   | CreateLogStreamCommandOutput
+  | DeleteDataProtectionPolicyCommandOutput
   | DeleteDestinationCommandOutput
   | DeleteLogGroupCommandOutput
   | DeleteLogStreamCommandOutput
@@ -211,12 +227,14 @@ export type ServiceOutputTypes =
   | DescribeSubscriptionFiltersCommandOutput
   | DisassociateKmsKeyCommandOutput
   | FilterLogEventsCommandOutput
+  | GetDataProtectionPolicyCommandOutput
   | GetLogEventsCommandOutput
   | GetLogGroupFieldsCommandOutput
   | GetLogRecordCommandOutput
   | GetQueryResultsCommandOutput
   | ListTagsForResourceCommandOutput
   | ListTagsLogGroupCommandOutput
+  | PutDataProtectionPolicyCommandOutput
   | PutDestinationCommandOutput
   | PutDestinationPolicyCommandOutput
   | PutLogEventsCommandOutput
@@ -385,22 +403,23 @@ export interface CloudWatchLogsClientResolvedConfig extends CloudWatchLogsClient
 /**
  * <p>You can use Amazon CloudWatch Logs to monitor, store, and access your log files from
  *       EC2 instances, CloudTrail, and other sources. You can then retrieve the associated
- *       log data from CloudWatch Logs using the CloudWatch console, CloudWatch Logs commands in the
- *       Amazon Web Services CLI, CloudWatch Logs API, or CloudWatch Logs SDK.</p>
+ *       log data from CloudWatch Logs using the CloudWatch console. Alternatively, you can use
+ *       CloudWatch Logs commands in the Amazon Web Services CLI, CloudWatch Logs API, or CloudWatch
+ *       Logs SDK.</p>
  *          <p>You can use CloudWatch Logs to:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <b>Monitor logs from EC2 instances in real-time</b>: You
+ *                   <b>Monitor logs from EC2 instances in real time</b>: You
  *           can use CloudWatch Logs to monitor applications and systems using log data. For example,
- *           CloudWatch Logs can track the number of errors that occur in your application logs and
- *           send you a notification whenever the rate of errors exceeds a threshold that you specify.
- *           CloudWatch Logs uses your log data for monitoring so no code changes are required. For
- *           example, you can monitor application logs for specific literal terms (such as
- *           "NullReferenceException") or count the number of occurrences of a literal term at a
- *           particular position in log data (such as "404" status codes in an Apache access log). When
- *           the term you are searching for is found, CloudWatch Logs reports the data to a CloudWatch
- *           metric that you specify.</p>
+ *           CloudWatch Logs can track the number of errors that occur in your application logs. Then,
+ *           it can send you a notification whenever the rate of errors exceeds a threshold that you
+ *           specify. CloudWatch Logs uses your log data for monitoring so no code changes are
+ *           required. For example, you can monitor application logs for specific literal terms (such
+ *           as "NullReferenceException"). You can also count the number of occurrences of a literal
+ *           term at a particular position in log data (such as "404" status codes in an Apache access
+ *           log). When the term you are searching for is found, CloudWatch Logs reports the data to a
+ *           CloudWatch metric that you specify.</p>
  *             </li>
  *             <li>
  *                <p>
@@ -412,9 +431,9 @@ export interface CloudWatchLogsClientResolvedConfig extends CloudWatchLogsClient
  *                <p>
  *                   <b>Archive log data</b>: You can use CloudWatch Logs to
  *           store your log data in highly durable storage. You can change the log retention setting so
- *           that any log events older than this setting are automatically deleted. The CloudWatch Logs
- *           agent makes it easy to quickly send both rotated and non-rotated log data off of a host
- *           and into the log service. You can then access the raw log data when you need it.</p>
+ *           that any log events earlier than this setting are automatically deleted. The CloudWatch
+ *           Logs agent helps to quickly send both rotated and non-rotated log data off of a host and
+ *           into the log service. You can then access the raw log data when you need it.</p>
  *             </li>
  *          </ul>
  */

clients/client-cloudwatch-logs/src/CloudWatchLogsClient.ts

@@ -24,19 +24,20 @@ export interface AssociateKmsKeyCommandInput extends AssociateKmsKeyRequest {}
 export interface AssociateKmsKeyCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Associates the specified Key Management Service customer master key (CMK) with the specified log group.</p>
- *          <p>Associating an KMS CMK with a log group overrides any existing associations between the log group and a CMK.
- *       After a CMK is associated with a log group, all newly ingested data for the log group is encrypted using the CMK.
- *       This association is stored as long as the data encrypted with the CMK is still within CloudWatch Logs.
- *       This enables CloudWatch Logs to decrypt this data whenever it is requested.</p>
+ * <p>Associates the specified KMS key with the specified log
+ *       group.</p>
+ *          <p>Associating a KMS key with a log group overrides any existing
+ *       associations between the log group and a KMS key. After a KMS key is associated with a log group, all newly ingested data for the log group is encrypted
+ *       using the KMS key. This association is stored as long as the data encrypted
+ *       with the KMS keyis still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it is requested.</p>
  *          <important>
- *             <p>CloudWatch Logs supports only symmetric CMKs. Do not use an associate an asymmetric CMK
- *         with your log group. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric
- *           Keys</a>.</p>
+ *             <p>CloudWatch Logs supports only symmetric KMS keys. Do not use an associate
+ *         an asymmetric KMS key with your log group. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using
+ *           Symmetric and Asymmetric Keys</a>.</p>
  *          </important>
  *          <p>It can take up to 5 minutes for this operation to take effect.</p>
- *          <p>If you attempt to associate a CMK with a log group but the CMK does not exist or the
- *       CMK is disabled, you receive an <code>InvalidParameterException</code> error. </p>
+ *          <p>If you attempt to associate a KMS key with a log group but the KMS key does not exist or the KMS key is disabled, you receive an
+ *         <code>InvalidParameterException</code> error. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-cloudwatch-logs/src/commands/AssociateKmsKeyCommand.ts

@@ -29,26 +29,26 @@ export interface CreateExportTaskCommandInput extends CreateExportTaskRequest {}
 export interface CreateExportTaskCommandOutput extends CreateExportTaskResponse, __MetadataBearer {}
 
 /**
- * <p>Creates an export task, which allows you to efficiently export data from a
- *       log group to an Amazon S3 bucket. When you perform a <code>CreateExportTask</code>
- *       operation, you must use credentials that have permission to write to the S3 bucket
- *       that you specify as the destination.</p>
- *          <p>Exporting log data to Amazon S3 buckets that are encrypted by KMS is
- *       supported. Exporting
- *       log data to Amazon S3 buckets that have S3 Object Lock enabled with a retention period is also supported.</p>
+ * <p>Creates an export task so that you can efficiently export data from a log group to an
+ *       Amazon S3 bucket. When you perform a <code>CreateExportTask</code> operation, you must use
+ *       credentials that have permission to write to the S3 bucket that you specify as the
+ *       destination.</p>
+ *          <p>Exporting log data to S3 buckets that are encrypted by KMS is supported.
+ *       Exporting log data to Amazon S3 buckets that have S3 Object Lock enabled with a
+ *       retention period is also supported.</p>
  *          <p>Exporting to S3 buckets that are encrypted with AES-256 is supported. </p>
  *          <p>This is an asynchronous call. If all the required information is provided, this
  *       operation initiates an export task and responds with the ID of the task. After the task has started,
  *       you can use <a href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeExportTasks.html">DescribeExportTasks</a> to get the status of the export task. Each account can
  *       only have one active (<code>RUNNING</code> or <code>PENDING</code>) export task at a time.
  *       To cancel an export task, use <a href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CancelExportTask.html">CancelExportTask</a>.</p>
  *          <p>You can export logs from multiple log groups or multiple time ranges to the same S3
- *       bucket. To separate out log data for each export task, you can specify a prefix to be used as
- *       the Amazon S3 key prefix for all exported objects.</p>
+ *       bucket. To separate log data for each export task, specify a prefix to be used as the Amazon
+ *       S3 key prefix for all exported objects.</p>
  *
  *          <note>
- *             <p>Time-based sorting on chunks of log data inside an exported file is not guaranteed. You can sort the
- *       exported log fild data by using Linux utilities.</p>
+ *             <p>Time-based sorting on chunks of log data inside an exported file is not guaranteed. You can
+ *         sort the exported log field data by using Linux utilities.</p>
  *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-cloudwatch-logs/src/commands/CreateExportTaskCommand.ts

@@ -28,7 +28,8 @@ export interface CreateLogGroupCommandOutput extends __MetadataBearer {}
  *          <p>You must use the following guidelines when naming a log group:</p>
  *          <ul>
  *             <li>
- *                <p>Log group names must be unique within a region for an Amazon Web Services account.</p>
+ *                <p>Log group names must be unique within a Region for an Amazon Web Services
+ *           account.</p>
  *             </li>
  *             <li>
  *                <p>Log group names can be between 1 and 512 characters long.</p>
@@ -38,18 +39,19 @@ export interface CreateLogGroupCommandOutput extends __MetadataBearer {}
  *           '/' (forward slash), '.' (period), and '#' (number sign)</p>
  *             </li>
  *          </ul>
- *          <p>When you create a log group, by default the log events in the log group never expire. To set
- *     a retention policy so that events expire and are deleted after a specified time, use
- *       <a href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html">PutRetentionPolicy</a>.</p>
- *          <p>If you associate a Key Management Service customer master key (CMK) with the log group, ingested data is encrypted using the CMK.
- *       This association is stored as long as the data encrypted with the CMK is still within CloudWatch Logs.
- *       This enables CloudWatch Logs to decrypt this data whenever it is requested.</p>
- *          <p>If you attempt to associate a CMK with the log group but the CMK does not exist or the
- *       CMK is disabled, you receive an <code>InvalidParameterException</code> error. </p>
+ *          <p>When you create a log group, by default the log events in the log group do not expire.
+ *       To set a retention policy so that events expire and are deleted after a specified time, use
+ *         <a href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html">PutRetentionPolicy</a>.</p>
+ *          <p>If you associate an KMS key with the log group, ingested data is
+ *       encrypted using the KMS key. This association is stored as long as the data
+ *       encrypted with the KMS key is still within CloudWatch Logs. This enables
+ *         CloudWatch Logs to decrypt this data whenever it is requested.</p>
+ *          <p>If you attempt to associate a KMS key with the log group but the KMS keydoes not exist or the KMS key is disabled, you receive an
+ *         <code>InvalidParameterException</code> error. </p>
  *          <important>
- *             <p>CloudWatch Logs supports only symmetric CMKs. Do not associate an asymmetric CMK with
- *         your log group. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric
- *           Keys</a>.</p>
+ *             <p>CloudWatch Logs supports only symmetric KMS keys. Do not associate an
+ *         asymmetric KMS key with your log group. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using
+ *           Symmetric and Asymmetric Keys</a>.</p>
  *          </important>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-cloudwatch-logs/src/commands/CreateLogGroupCommand.ts

@@ -38,7 +38,7 @@ export interface CreateLogStreamCommandOutput extends __MetadataBearer {}
  *                <p>Log stream names can be between 1 and 512 characters long.</p>
  *             </li>
  *             <li>
- *                <p>The ':' (colon) and '*' (asterisk) characters are not allowed.</p>
+ *                <p>Don't use ':' (colon) or '*' (asterisk) characters.</p>
  *             </li>
  *          </ul>
  * @example