packages feed

amazonka-securitylake-2.0: gen/Amazonka/SecurityLake/CreateCustomLogSource.hs

{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SecurityLake.CreateCustomLogSource
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Adds a third-party custom source in Amazon Security Lake, from the
-- Amazon Web Services Region where you want to create a custom source.
-- Security Lake can collect logs and events from third-party custom
-- sources. After creating the appropriate IAM role to invoke Glue crawler,
-- use this API to add a custom source name in Security Lake. This
-- operation creates a partition in the Amazon S3 bucket for Security Lake
-- as the target location for log files from the custom source in addition
-- to an associated Glue table and an Glue crawler.
module Amazonka.SecurityLake.CreateCustomLogSource
  ( -- * Creating a Request
    CreateCustomLogSource (..),
    newCreateCustomLogSource,

    -- * Request Lenses
    createCustomLogSource_customSourceName,
    createCustomLogSource_eventClass,
    createCustomLogSource_glueInvocationRoleArn,
    createCustomLogSource_logProviderAccountId,

    -- * Destructuring the Response
    CreateCustomLogSourceResponse (..),
    newCreateCustomLogSourceResponse,

    -- * Response Lenses
    createCustomLogSourceResponse_httpStatus,
    createCustomLogSourceResponse_customDataLocation,
    createCustomLogSourceResponse_glueCrawlerName,
    createCustomLogSourceResponse_glueDatabaseName,
    createCustomLogSourceResponse_glueTableName,
    createCustomLogSourceResponse_logProviderAccessRoleArn,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SecurityLake.Types

-- | /See:/ 'newCreateCustomLogSource' smart constructor.
data CreateCustomLogSource = CreateCustomLogSource'
  { -- | The name for a third-party custom source. This must be a Regionally
    -- unique value.
    customSourceName :: Prelude.Text,
    -- | The Open Cybersecurity Schema Framework (OCSF) event class which
    -- describes the type of data that the custom source will send to Security
    -- Lake.
    eventClass :: OcsfEventClass,
    -- | The Amazon Resource Name (ARN) of the Identity and Access Management
    -- (IAM) role to be used by the Glue crawler. The recommended IAM policies
    -- are:
    --
    -- -   The managed policy @AWSGlueServiceRole@
    --
    -- -   A custom policy granting access to your Amazon S3 Data Lake
    glueInvocationRoleArn :: Prelude.Text,
    -- | The Amazon Web Services account ID of the custom source that will write
    -- logs and events into the Amazon S3 Data Lake.
    logProviderAccountId :: Prelude.Text
  }
  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'CreateCustomLogSource' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'customSourceName', 'createCustomLogSource_customSourceName' - The name for a third-party custom source. This must be a Regionally
-- unique value.
--
-- 'eventClass', 'createCustomLogSource_eventClass' - The Open Cybersecurity Schema Framework (OCSF) event class which
-- describes the type of data that the custom source will send to Security
-- Lake.
--
-- 'glueInvocationRoleArn', 'createCustomLogSource_glueInvocationRoleArn' - The Amazon Resource Name (ARN) of the Identity and Access Management
-- (IAM) role to be used by the Glue crawler. The recommended IAM policies
-- are:
--
-- -   The managed policy @AWSGlueServiceRole@
--
-- -   A custom policy granting access to your Amazon S3 Data Lake
--
-- 'logProviderAccountId', 'createCustomLogSource_logProviderAccountId' - The Amazon Web Services account ID of the custom source that will write
-- logs and events into the Amazon S3 Data Lake.
newCreateCustomLogSource ::
  -- | 'customSourceName'
  Prelude.Text ->
  -- | 'eventClass'
  OcsfEventClass ->
  -- | 'glueInvocationRoleArn'
  Prelude.Text ->
  -- | 'logProviderAccountId'
  Prelude.Text ->
  CreateCustomLogSource
newCreateCustomLogSource
  pCustomSourceName_
  pEventClass_
  pGlueInvocationRoleArn_
  pLogProviderAccountId_ =
    CreateCustomLogSource'
      { customSourceName =
          pCustomSourceName_,
        eventClass = pEventClass_,
        glueInvocationRoleArn = pGlueInvocationRoleArn_,
        logProviderAccountId = pLogProviderAccountId_
      }

-- | The name for a third-party custom source. This must be a Regionally
-- unique value.
createCustomLogSource_customSourceName :: Lens.Lens' CreateCustomLogSource Prelude.Text
createCustomLogSource_customSourceName = Lens.lens (\CreateCustomLogSource' {customSourceName} -> customSourceName) (\s@CreateCustomLogSource' {} a -> s {customSourceName = a} :: CreateCustomLogSource)

-- | The Open Cybersecurity Schema Framework (OCSF) event class which
-- describes the type of data that the custom source will send to Security
-- Lake.
createCustomLogSource_eventClass :: Lens.Lens' CreateCustomLogSource OcsfEventClass
createCustomLogSource_eventClass = Lens.lens (\CreateCustomLogSource' {eventClass} -> eventClass) (\s@CreateCustomLogSource' {} a -> s {eventClass = a} :: CreateCustomLogSource)

-- | The Amazon Resource Name (ARN) of the Identity and Access Management
-- (IAM) role to be used by the Glue crawler. The recommended IAM policies
-- are:
--
-- -   The managed policy @AWSGlueServiceRole@
--
-- -   A custom policy granting access to your Amazon S3 Data Lake
createCustomLogSource_glueInvocationRoleArn :: Lens.Lens' CreateCustomLogSource Prelude.Text
createCustomLogSource_glueInvocationRoleArn = Lens.lens (\CreateCustomLogSource' {glueInvocationRoleArn} -> glueInvocationRoleArn) (\s@CreateCustomLogSource' {} a -> s {glueInvocationRoleArn = a} :: CreateCustomLogSource)

-- | The Amazon Web Services account ID of the custom source that will write
-- logs and events into the Amazon S3 Data Lake.
createCustomLogSource_logProviderAccountId :: Lens.Lens' CreateCustomLogSource Prelude.Text
createCustomLogSource_logProviderAccountId = Lens.lens (\CreateCustomLogSource' {logProviderAccountId} -> logProviderAccountId) (\s@CreateCustomLogSource' {} a -> s {logProviderAccountId = a} :: CreateCustomLogSource)

instance Core.AWSRequest CreateCustomLogSource where
  type
    AWSResponse CreateCustomLogSource =
      CreateCustomLogSourceResponse
  request overrides =
    Request.postJSON (overrides defaultService)
  response =
    Response.receiveJSON
      ( \s h x ->
          CreateCustomLogSourceResponse'
            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
            Prelude.<*> (x Data..:> "customDataLocation")
            Prelude.<*> (x Data..:> "glueCrawlerName")
            Prelude.<*> (x Data..:> "glueDatabaseName")
            Prelude.<*> (x Data..:> "glueTableName")
            Prelude.<*> (x Data..:> "logProviderAccessRoleArn")
      )

instance Prelude.Hashable CreateCustomLogSource where
  hashWithSalt _salt CreateCustomLogSource' {..} =
    _salt
      `Prelude.hashWithSalt` customSourceName
      `Prelude.hashWithSalt` eventClass
      `Prelude.hashWithSalt` glueInvocationRoleArn
      `Prelude.hashWithSalt` logProviderAccountId

instance Prelude.NFData CreateCustomLogSource where
  rnf CreateCustomLogSource' {..} =
    Prelude.rnf customSourceName
      `Prelude.seq` Prelude.rnf eventClass
      `Prelude.seq` Prelude.rnf glueInvocationRoleArn
      `Prelude.seq` Prelude.rnf logProviderAccountId

instance Data.ToHeaders CreateCustomLogSource where
  toHeaders =
    Prelude.const
      ( Prelude.mconcat
          [ "Content-Type"
              Data.=# ( "application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON CreateCustomLogSource where
  toJSON CreateCustomLogSource' {..} =
    Data.object
      ( Prelude.catMaybes
          [ Prelude.Just
              ("customSourceName" Data..= customSourceName),
            Prelude.Just ("eventClass" Data..= eventClass),
            Prelude.Just
              ( "glueInvocationRoleArn"
                  Data..= glueInvocationRoleArn
              ),
            Prelude.Just
              ( "logProviderAccountId"
                  Data..= logProviderAccountId
              )
          ]
      )

instance Data.ToPath CreateCustomLogSource where
  toPath = Prelude.const "/v1/logsources/custom"

instance Data.ToQuery CreateCustomLogSource where
  toQuery = Prelude.const Prelude.mempty

-- | /See:/ 'newCreateCustomLogSourceResponse' smart constructor.
data CreateCustomLogSourceResponse = CreateCustomLogSourceResponse'
  { -- | The response's http status code.
    httpStatus :: Prelude.Int,
    -- | The location of the partition in the Amazon S3 bucket for Security Lake.
    customDataLocation :: Prelude.Text,
    -- | The name of the Glue crawler.
    glueCrawlerName :: Prelude.Text,
    -- | The Glue database where results are written, such as:
    -- @arn:aws:daylight:us-east-1::database\/sometable\/*@.
    glueDatabaseName :: Prelude.Text,
    -- | The table name of the Glue crawler.
    glueTableName :: Prelude.Text,
    -- | The ARN of the IAM role to be used by the entity putting logs into your
    -- custom source partition. Security Lake will apply the correct access
    -- policies to this role, but you must first manually create the trust
    -- policy for this role. The IAM role name must start with the text
    -- \'Security Lake\'. The IAM role must trust the @logProviderAccountId@ to
    -- assume the role.
    logProviderAccessRoleArn :: Prelude.Text
  }
  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)

-- |
-- Create a value of 'CreateCustomLogSourceResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'createCustomLogSourceResponse_httpStatus' - The response's http status code.
--
-- 'customDataLocation', 'createCustomLogSourceResponse_customDataLocation' - The location of the partition in the Amazon S3 bucket for Security Lake.
--
-- 'glueCrawlerName', 'createCustomLogSourceResponse_glueCrawlerName' - The name of the Glue crawler.
--
-- 'glueDatabaseName', 'createCustomLogSourceResponse_glueDatabaseName' - The Glue database where results are written, such as:
-- @arn:aws:daylight:us-east-1::database\/sometable\/*@.
--
-- 'glueTableName', 'createCustomLogSourceResponse_glueTableName' - The table name of the Glue crawler.
--
-- 'logProviderAccessRoleArn', 'createCustomLogSourceResponse_logProviderAccessRoleArn' - The ARN of the IAM role to be used by the entity putting logs into your
-- custom source partition. Security Lake will apply the correct access
-- policies to this role, but you must first manually create the trust
-- policy for this role. The IAM role name must start with the text
-- \'Security Lake\'. The IAM role must trust the @logProviderAccountId@ to
-- assume the role.
newCreateCustomLogSourceResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  -- | 'customDataLocation'
  Prelude.Text ->
  -- | 'glueCrawlerName'
  Prelude.Text ->
  -- | 'glueDatabaseName'
  Prelude.Text ->
  -- | 'glueTableName'
  Prelude.Text ->
  -- | 'logProviderAccessRoleArn'
  Prelude.Text ->
  CreateCustomLogSourceResponse
newCreateCustomLogSourceResponse
  pHttpStatus_
  pCustomDataLocation_
  pGlueCrawlerName_
  pGlueDatabaseName_
  pGlueTableName_
  pLogProviderAccessRoleArn_ =
    CreateCustomLogSourceResponse'
      { httpStatus =
          pHttpStatus_,
        customDataLocation = pCustomDataLocation_,
        glueCrawlerName = pGlueCrawlerName_,
        glueDatabaseName = pGlueDatabaseName_,
        glueTableName = pGlueTableName_,
        logProviderAccessRoleArn =
          pLogProviderAccessRoleArn_
      }

-- | The response's http status code.
createCustomLogSourceResponse_httpStatus :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Int
createCustomLogSourceResponse_httpStatus = Lens.lens (\CreateCustomLogSourceResponse' {httpStatus} -> httpStatus) (\s@CreateCustomLogSourceResponse' {} a -> s {httpStatus = a} :: CreateCustomLogSourceResponse)

-- | The location of the partition in the Amazon S3 bucket for Security Lake.
createCustomLogSourceResponse_customDataLocation :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text
createCustomLogSourceResponse_customDataLocation = Lens.lens (\CreateCustomLogSourceResponse' {customDataLocation} -> customDataLocation) (\s@CreateCustomLogSourceResponse' {} a -> s {customDataLocation = a} :: CreateCustomLogSourceResponse)

-- | The name of the Glue crawler.
createCustomLogSourceResponse_glueCrawlerName :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text
createCustomLogSourceResponse_glueCrawlerName = Lens.lens (\CreateCustomLogSourceResponse' {glueCrawlerName} -> glueCrawlerName) (\s@CreateCustomLogSourceResponse' {} a -> s {glueCrawlerName = a} :: CreateCustomLogSourceResponse)

-- | The Glue database where results are written, such as:
-- @arn:aws:daylight:us-east-1::database\/sometable\/*@.
createCustomLogSourceResponse_glueDatabaseName :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text
createCustomLogSourceResponse_glueDatabaseName = Lens.lens (\CreateCustomLogSourceResponse' {glueDatabaseName} -> glueDatabaseName) (\s@CreateCustomLogSourceResponse' {} a -> s {glueDatabaseName = a} :: CreateCustomLogSourceResponse)

-- | The table name of the Glue crawler.
createCustomLogSourceResponse_glueTableName :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text
createCustomLogSourceResponse_glueTableName = Lens.lens (\CreateCustomLogSourceResponse' {glueTableName} -> glueTableName) (\s@CreateCustomLogSourceResponse' {} a -> s {glueTableName = a} :: CreateCustomLogSourceResponse)

-- | The ARN of the IAM role to be used by the entity putting logs into your
-- custom source partition. Security Lake will apply the correct access
-- policies to this role, but you must first manually create the trust
-- policy for this role. The IAM role name must start with the text
-- \'Security Lake\'. The IAM role must trust the @logProviderAccountId@ to
-- assume the role.
createCustomLogSourceResponse_logProviderAccessRoleArn :: Lens.Lens' CreateCustomLogSourceResponse Prelude.Text
createCustomLogSourceResponse_logProviderAccessRoleArn = Lens.lens (\CreateCustomLogSourceResponse' {logProviderAccessRoleArn} -> logProviderAccessRoleArn) (\s@CreateCustomLogSourceResponse' {} a -> s {logProviderAccessRoleArn = a} :: CreateCustomLogSourceResponse)

instance Prelude.NFData CreateCustomLogSourceResponse where
  rnf CreateCustomLogSourceResponse' {..} =
    Prelude.rnf httpStatus
      `Prelude.seq` Prelude.rnf customDataLocation
      `Prelude.seq` Prelude.rnf glueCrawlerName
      `Prelude.seq` Prelude.rnf glueDatabaseName
      `Prelude.seq` Prelude.rnf glueTableName
      `Prelude.seq` Prelude.rnf logProviderAccessRoleArn