SECURITYLAKE
CreateAwsLogSource
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.sources[_].accounts[_] == STRING
input.Body.sources[_].regions[_] == STRING
input.Body.sources[_].sourceName == enum_AwsLogSourceName[_]
input.Body.sources[_].sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateCustomLogSource
valid {
input.Body.configuration.crawlerConfiguration.roleArn == STRING
input.Body.configuration.providerIdentity.externalId == STRING
input.Body.configuration.providerIdentity.principal == STRING
input.Body.eventClasses[_] == STRING
input.Body.sourceName == STRING
input.Body.sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateDataLake
valid {
input.Body.configurations[_].encryptionConfiguration.kmsKeyId == STRING
input.Body.configurations[_].lifecycleConfiguration.expiration.days == INTEGER
input.Body.configurations[_].lifecycleConfiguration.transitions[_].days == INTEGER
input.Body.configurations[_].lifecycleConfiguration.transitions[_].storageClass == STRING
input.Body.configurations[_].region == STRING
input.Body.configurations[_].replicationConfiguration.regions[_] == STRING
input.Body.configurations[_].replicationConfiguration.roleArn == STRING
input.Body.metaStoreManagerRoleArn == STRING
input.Body.tags[_].key == STRING
input.Body.tags[_].value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateDataLakeExceptionSubscription
valid {
input.Body.exceptionTimeToLive == LONG
input.Body.notificationEndpoint == STRING
input.Body.subscriptionProtocol == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateDataLakeOrganizationConfiguration
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.autoEnableNewAccount[_].region == STRING
input.Body.autoEnableNewAccount[_].sources[_].sourceName == enum_AwsLogSourceName[_]
input.Body.autoEnableNewAccount[_].sources[_].sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateSubscriber
enum_AccessType := [ "LAKEFORMATION", "S3" ]
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.accessTypes[_] == enum_AccessType[_]
input.Body.sources[_].awsLogSource.sourceName == enum_AwsLogSourceName[_]
input.Body.sources[_].awsLogSource.sourceVersion == STRING
input.Body.sources[_].customLogSource.attributes.crawlerArn == STRING
input.Body.sources[_].customLogSource.attributes.databaseArn == STRING
input.Body.sources[_].customLogSource.attributes.tableArn == STRING
input.Body.sources[_].customLogSource.provider.location == STRING
input.Body.sources[_].customLogSource.provider.roleArn == STRING
input.Body.sources[_].customLogSource.sourceName == STRING
input.Body.sources[_].customLogSource.sourceVersion == STRING
input.Body.subscriberDescription == STRING
input.Body.subscriberIdentity.externalId == STRING
input.Body.subscriberIdentity.principal == STRING
input.Body.subscriberName == STRING
input.Body.tags[_].key == STRING
input.Body.tags[_].value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateSubscriberNotification
enum_HttpMethod := [ "POST", "PUT" ]
valid {
input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyName == STRING
input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyValue == STRING
input.Body.configuration.httpsNotificationConfiguration.endpoint == STRING
input.Body.configuration.httpsNotificationConfiguration.httpMethod == enum_HttpMethod[_]
input.Body.configuration.httpsNotificationConfiguration.targetRoleArn == STRING
input.Body.configuration.sqsNotificationConfiguration == {}
input.ReqMap.subscriberId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAwsLogSource
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.sources[_].accounts[_] == STRING
input.Body.sources[_].regions[_] == STRING
input.Body.sources[_].sourceName == enum_AwsLogSourceName[_]
input.Body.sources[_].sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteCustomLogSource
valid {
input.ReqMap.sourceName == STRING
input.Qs.sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteDataLake
valid {
input.Body.regions[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteDataLakeExceptionSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteDataLakeOrganizationConfiguration
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.autoEnableNewAccount[_].region == STRING
input.Body.autoEnableNewAccount[_].sources[_].sourceName == enum_AwsLogSourceName[_]
input.Body.autoEnableNewAccount[_].sources[_].sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteSubscriber
valid {
input.ReqMap.subscriberId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteSubscriberNotification
valid {
input.ReqMap.subscriberId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeregisterDataLakeDelegatedAdministrator
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDataLakeExceptionSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDataLakeOrganizationConfiguration
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDataLakeSources
valid {
input.Body.accounts[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetSubscriber
valid {
input.ReqMap.subscriberId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListDataLakeExceptions
valid {
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.regions[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListDataLakes
valid {
input.Qs.regions[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListLogSources
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.accounts[_] == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.Body.regions[_] == STRING
input.Body.sources[_].awsLogSource.sourceName == enum_AwsLogSourceName[_]
input.Body.sources[_].awsLogSource.sourceVersion == STRING
input.Body.sources[_].customLogSource.attributes.crawlerArn == STRING
input.Body.sources[_].customLogSource.attributes.databaseArn == STRING
input.Body.sources[_].customLogSource.attributes.tableArn == STRING
input.Body.sources[_].customLogSource.provider.location == STRING
input.Body.sources[_].customLogSource.provider.roleArn == STRING
input.Body.sources[_].customLogSource.sourceName == STRING
input.Body.sources[_].customLogSource.sourceVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListSubscribers
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RegisterDataLakeDelegatedAdministrator
valid {
input.Body.accountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.tags[_].key == STRING
input.Body.tags[_].value == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateDataLake
valid {
input.Body.configurations[_].encryptionConfiguration.kmsKeyId == STRING
input.Body.configurations[_].lifecycleConfiguration.expiration.days == INTEGER
input.Body.configurations[_].lifecycleConfiguration.transitions[_].days == INTEGER
input.Body.configurations[_].lifecycleConfiguration.transitions[_].storageClass == STRING
input.Body.configurations[_].region == STRING
input.Body.configurations[_].replicationConfiguration.regions[_] == STRING
input.Body.configurations[_].replicationConfiguration.roleArn == STRING
input.Body.metaStoreManagerRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateDataLakeExceptionSubscription
valid {
input.Body.exceptionTimeToLive == LONG
input.Body.notificationEndpoint == STRING
input.Body.subscriptionProtocol == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateSubscriber
enum_AwsLogSourceName := [ "ROUTE53", "VPC_FLOW", "SH_FINDINGS", "CLOUD_TRAIL_MGMT", "LAMBDA_EXECUTION", "S3_DATA", "EKS_AUDIT", "WAF" ]
valid {
input.Body.sources[_].awsLogSource.sourceName == enum_AwsLogSourceName[_]
input.Body.sources[_].awsLogSource.sourceVersion == STRING
input.Body.sources[_].customLogSource.attributes.crawlerArn == STRING
input.Body.sources[_].customLogSource.attributes.databaseArn == STRING
input.Body.sources[_].customLogSource.attributes.tableArn == STRING
input.Body.sources[_].customLogSource.provider.location == STRING
input.Body.sources[_].customLogSource.provider.roleArn == STRING
input.Body.sources[_].customLogSource.sourceName == STRING
input.Body.sources[_].customLogSource.sourceVersion == STRING
input.Body.subscriberDescription == STRING
input.Body.subscriberIdentity.externalId == STRING
input.Body.subscriberIdentity.principal == STRING
input.Body.subscriberName == STRING
input.ReqMap.subscriberId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateSubscriberNotification
enum_HttpMethod := [ "POST", "PUT" ]
valid {
input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyName == STRING
input.Body.configuration.httpsNotificationConfiguration.authorizationApiKeyValue == STRING
input.Body.configuration.httpsNotificationConfiguration.endpoint == STRING
input.Body.configuration.httpsNotificationConfiguration.httpMethod == enum_HttpMethod[_]
input.Body.configuration.httpsNotificationConfiguration.targetRoleArn == STRING
input.Body.configuration.sqsNotificationConfiguration == {}
input.ReqMap.subscriberId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 12 days ago