SECURITYLAKE

CreateAwsLogSource

enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.sources[_].accounts[_] == STRING
    input.Body.sources[_].regions[_] == STRING
    input.Body.sources[_].sourceName == enum_AwsLogSourceName[_]
    input.Body.sources[_].sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCustomLogSource

valid {
    input.Body.configuration.crawlerConfiguration.roleArn == STRING
    input.Body.configuration.providerIdentity.externalId == STRING
    input.Body.configuration.providerIdentity.principal == STRING
    input.Body.eventClasses[_] == STRING
    input.Body.sourceName == STRING
    input.Body.sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDataLake

valid {
    input.Body.configurations[_].encryptionConfiguration.kmsKeyId == STRING
    input.Body.configurations[_].lifecycleConfiguration.expiration.days == INTEGER
    input.Body.configurations[_].lifecycleConfiguration.transitions[_].days == INTEGER
    input.Body.configurations[_].lifecycleConfiguration.transitions[_].storageClass == STRING
    input.Body.configurations[_].region == STRING
    input.Body.configurations[_].replicationConfiguration.regions[_] == STRING
    input.Body.configurations[_].replicationConfiguration.roleArn == STRING
    input.Body.metaStoreManagerRoleArn == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDataLakeExceptionSubscription

valid {
    input.Body.exceptionTimeToLive == LONG
    input.Body.notificationEndpoint == STRING
    input.Body.subscriptionProtocol == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDataLakeOrganizationConfiguration

enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.autoEnableNewAccount[_].region == STRING
    input.Body.autoEnableNewAccount[_].sources[_].sourceName == enum_AwsLogSourceName[_]
    input.Body.autoEnableNewAccount[_].sources[_].sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSubscriber

enum_AccessType := [ "LAKEFORMATION", "S3" ]
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.accessTypes[_] == enum_AccessType[_]
    input.Body.sources[_].awsLogSource.sourceName == enum_AwsLogSourceName[_]
    input.Body.sources[_].awsLogSource.sourceVersion == STRING
    input.Body.sources[_].customLogSource.attributes.crawlerArn == STRING
    input.Body.sources[_].customLogSource.attributes.databaseArn == STRING
    input.Body.sources[_].customLogSource.attributes.tableArn == STRING
    input.Body.sources[_].customLogSource.provider.location == STRING
    input.Body.sources[_].customLogSource.provider.roleArn == STRING
    input.Body.sources[_].customLogSource.sourceName == STRING
    input.Body.sources[_].customLogSource.sourceVersion == STRING
    input.Body.subscriberDescription == STRING
    input.Body.subscriberIdentity.externalId == STRING
    input.Body.subscriberIdentity.principal == STRING
    input.Body.subscriberName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSubscriberNotification

enum_HttpMethod := [ "POST", "PUT" ]

valid {
    input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyName == STRING
    input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyValue == STRING
    input.Body.configuration.httpsNotificationConfiguration.endpoint == STRING
    input.Body.configuration.httpsNotificationConfiguration.httpMethod == enum_HttpMethod[_]
    input.Body.configuration.httpsNotificationConfiguration.targetRoleArn == STRING
    input.Body.configuration.sqsNotificationConfiguration == {}
    input.ReqMap.subscriberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAwsLogSource

enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.sources[_].accounts[_] == STRING
    input.Body.sources[_].regions[_] == STRING
    input.Body.sources[_].sourceName == enum_AwsLogSourceName[_]
    input.Body.sources[_].sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCustomLogSource

valid {
    input.ReqMap.sourceName == STRING
    input.Qs.sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDataLake

valid {
    input.Body.regions[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDataLakeExceptionSubscription

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDataLakeOrganizationConfiguration

enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.autoEnableNewAccount[_].region == STRING
    input.Body.autoEnableNewAccount[_].sources[_].sourceName == enum_AwsLogSourceName[_]
    input.Body.autoEnableNewAccount[_].sources[_].sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSubscriber

valid {
    input.ReqMap.subscriberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSubscriberNotification

valid {
    input.ReqMap.subscriberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterDataLakeDelegatedAdministrator

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDataLakeExceptionSubscription

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDataLakeOrganizationConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDataLakeSources

valid {
    input.Body.accounts[_] == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSubscriber

valid {
    input.ReqMap.subscriberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDataLakeExceptions

valid {
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.regions[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDataLakes

valid {
    input.Qs.regions[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListLogSources

enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.accounts[_] == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.regions[_] == STRING
    input.Body.sources[_].awsLogSource.sourceName == enum_AwsLogSourceName[_]
    input.Body.sources[_].awsLogSource.sourceVersion == STRING
    input.Body.sources[_].customLogSource.attributes.crawlerArn == STRING
    input.Body.sources[_].customLogSource.attributes.databaseArn == STRING
    input.Body.sources[_].customLogSource.attributes.tableArn == STRING
    input.Body.sources[_].customLogSource.provider.location == STRING
    input.Body.sources[_].customLogSource.provider.roleArn == STRING
    input.Body.sources[_].customLogSource.sourceName == STRING
    input.Body.sources[_].customLogSource.sourceVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSubscribers

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterDataLakeDelegatedAdministrator

valid {
    input.Body.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDataLake

valid {
    input.Body.configurations[_].encryptionConfiguration.kmsKeyId == STRING
    input.Body.configurations[_].lifecycleConfiguration.expiration.days == INTEGER
    input.Body.configurations[_].lifecycleConfiguration.transitions[_].days == INTEGER
    input.Body.configurations[_].lifecycleConfiguration.transitions[_].storageClass == STRING
    input.Body.configurations[_].region == STRING
    input.Body.configurations[_].replicationConfiguration.regions[_] == STRING
    input.Body.configurations[_].replicationConfiguration.roleArn == STRING
    input.Body.metaStoreManagerRoleArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDataLakeExceptionSubscription

valid {
    input.Body.exceptionTimeToLive == LONG
    input.Body.notificationEndpoint == STRING
    input.Body.subscriptionProtocol == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSubscriber

enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]

valid {
    input.Body.sources[_].awsLogSource.sourceName == enum_AwsLogSourceName[_]
    input.Body.sources[_].awsLogSource.sourceVersion == STRING
    input.Body.sources[_].customLogSource.attributes.crawlerArn == STRING
    input.Body.sources[_].customLogSource.attributes.databaseArn == STRING
    input.Body.sources[_].customLogSource.attributes.tableArn == STRING
    input.Body.sources[_].customLogSource.provider.location == STRING
    input.Body.sources[_].customLogSource.provider.roleArn == STRING
    input.Body.sources[_].customLogSource.sourceName == STRING
    input.Body.sources[_].customLogSource.sourceVersion == STRING
    input.Body.subscriberDescription == STRING
    input.Body.subscriberIdentity.externalId == STRING
    input.Body.subscriberIdentity.principal == STRING
    input.Body.subscriberName == STRING
    input.ReqMap.subscriberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSubscriberNotification

enum_HttpMethod := [ "POST", "PUT" ]

valid {
    input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyName == STRING
    input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyValue == STRING
    input.Body.configuration.httpsNotificationConfiguration.endpoint == STRING
    input.Body.configuration.httpsNotificationConfiguration.httpMethod == enum_HttpMethod[_]
    input.Body.configuration.httpsNotificationConfiguration.targetRoleArn == STRING
    input.Body.configuration.sqsNotificationConfiguration == {}
    input.ReqMap.subscriberId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}