feat(client-cloudwatch-logs): Adding support for ocsf version 1.5, add optional parameter MappingVersion

awstools · awstools · commit 2a15be86e1c1 · 2025-11-19T19:14:50.000Z
diff --git a/clients/client-cloudwatch-logs/src/commands/GetTransformerCommand.ts b/clients/client-cloudwatch-logs/src/commands/GetTransformerCommand.ts
@@ -139,7 +139,8 @@ export interface GetTransformerCommandOutput extends GetTransformerResponse, __M
  * //       parseToOCSF: { // ParseToOCSF
  * //         source: "STRING_VALUE",
  * //         eventSource: "CloudTrail" || "Route53Resolver" || "VPCFlow" || "EKSAudit" || "AWSWAF", // required
- * //         ocsfVersion: "V1.1", // required
+ * //         ocsfVersion: "V1.1" || "V1.5", // required
+ * //         mappingVersion: "STRING_VALUE",
  * //       },
  * //       parsePostgres: { // ParsePostgres
  * //         source: "STRING_VALUE",
diff --git a/clients/client-cloudwatch-logs/src/commands/PutResourcePolicyCommand.ts b/clients/client-cloudwatch-logs/src/commands/PutResourcePolicyCommand.ts
@@ -27,23 +27,32 @@ export interface PutResourcePolicyCommandInput extends PutResourcePolicyRequest
 export interface PutResourcePolicyCommandOutput extends PutResourcePolicyResponse, __MetadataBearer {}
 
 /**
- * <p>Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. This API has the following restrictions:</p>
+ * <p>Creates or updates a resource policy allowing other Amazon Web Services services to put
+ *       log events to this account, such as Amazon Route 53. This API has the following
+ *       restrictions:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <b>Supported actions</b> - Policy only supports <code>logs:PutLogEvents</code> and <code>logs:CreateLogStream </code> actions</p>
+ *                   <b>Supported actions</b> - Policy only supports
+ *             <code>logs:PutLogEvents</code> and <code>logs:CreateLogStream </code> actions</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <b>Supported principals</b> - Policy only applies when operations are invoked by Amazon Web Services service principals (not IAM users, roles, or cross-account principals</p>
+ *                   <b>Supported principals</b> - Policy only applies when
+ *           operations are invoked by Amazon Web Services service principals (not IAM
+ *           users, roles, or cross-account principals</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <b>Policy limits</b> - An account can have a maximum of 10 policies without resourceARN and one per LogGroup resourceARN</p>
+ *                   <b>Policy limits</b> - An account can have a maximum of 10
+ *           policies without resourceARN and one per LogGroup resourceARN</p>
  *             </li>
  *          </ul>
  *          <important>
- *             <p>Resource policies with actions invoked by non-Amazon Web Services service principals (such as IAM users, roles, or other Amazon Web Services accounts) will not be enforced. For access control involving these principals, use the IAM policies.</p>
+ *             <p>Resource policies with actions invoked by non-Amazon Web Services service principals
+ *         (such as IAM users, roles, or other Amazon Web Services accounts) will not be
+ *         enforced. For access control involving these principals, use the IAM
+ *         policies.</p>
  *          </important>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
diff --git a/clients/client-cloudwatch-logs/src/commands/PutTransformerCommand.ts b/clients/client-cloudwatch-logs/src/commands/PutTransformerCommand.ts
@@ -154,7 +154,8 @@ export interface PutTransformerCommandOutput extends __MetadataBearer {}
  *       parseToOCSF: { // ParseToOCSF
  *         source: "STRING_VALUE",
  *         eventSource: "CloudTrail" || "Route53Resolver" || "VPCFlow" || "EKSAudit" || "AWSWAF", // required
- *         ocsfVersion: "V1.1", // required
+ *         ocsfVersion: "V1.1" || "V1.5", // required
+ *         mappingVersion: "STRING_VALUE",
  *       },
  *       parsePostgres: { // ParsePostgres
  *         source: "STRING_VALUE",
diff --git a/clients/client-cloudwatch-logs/src/commands/TestTransformerCommand.ts b/clients/client-cloudwatch-logs/src/commands/TestTransformerCommand.ts
@@ -131,7 +131,8 @@ export interface TestTransformerCommandOutput extends TestTransformerResponse, _
  *       parseToOCSF: { // ParseToOCSF
  *         source: "STRING_VALUE",
  *         eventSource: "CloudTrail" || "Route53Resolver" || "VPCFlow" || "EKSAudit" || "AWSWAF", // required
- *         ocsfVersion: "V1.1", // required
+ *         ocsfVersion: "V1.1" || "V1.5", // required
+ *         mappingVersion: "STRING_VALUE",
  *       },
  *       parsePostgres: { // ParsePostgres
  *         source: "STRING_VALUE",
diff --git a/clients/client-cloudwatch-logs/src/models/enums.ts b/clients/client-cloudwatch-logs/src/models/enums.ts
@@ -437,6 +437,7 @@ export type ScheduledQueryDestinationType =
  */
 export const OCSFVersion = {
   V1_1: "V1.1",
+  V1_5: "V1.5",
 } as const;
 /**
  * @public
diff --git a/clients/client-cloudwatch-logs/src/models/models_0.ts b/clients/client-cloudwatch-logs/src/models/models_0.ts
@@ -2889,13 +2889,17 @@ export interface MetricFilter {
   applyOnTransformedLogs?: boolean | undefined;
 
   /**
-   * <p>The filter expression that specifies which log events are processed by this metric filter based on system fields. Returns the <code>fieldSelectionCriteria</code> value if it was specified when the metric filter was created.</p>
+   * <p>The filter expression that specifies which log events are processed by this metric filter
+   *       based on system fields. Returns the <code>fieldSelectionCriteria</code> value if it was
+   *       specified when the metric filter was created.</p>
    * @public
    */
   fieldSelectionCriteria?: string | undefined;
 
   /**
-   * <p>The list of system fields that are emitted as additional dimensions in the generated metrics. Returns the <code>emitSystemFieldDimensions</code> value if it was specified when the metric filter was created.</p>
+   * <p>The list of system fields that are emitted as additional dimensions in the generated
+   *       metrics. Returns the <code>emitSystemFieldDimensions</code> value if it was specified when the
+   *       metric filter was created.</p>
    * @public
    */
   emitSystemFieldDimensions?: string[] | undefined;
@@ -3310,13 +3314,17 @@ export interface SubscriptionFilter {
   creationTime?: number | undefined;
 
   /**
-   * <p>The filter expression that specifies which log events are processed by this subscription filter based on system fields. Returns the <code>fieldSelectionCriteria</code> value if it was specified when the subscription filter was created.</p>
+   * <p>The filter expression that specifies which log events are processed by this subscription
+   *       filter based on system fields. Returns the <code>fieldSelectionCriteria</code> value if it was
+   *       specified when the subscription filter was created.</p>
    * @public
    */
   fieldSelectionCriteria?: string | undefined;
 
   /**
-   * <p>The list of system fields that are included in the log events sent to the subscription destination. Returns the <code>emitSystemFields</code> value if it was specified when the subscription filter was created.</p>
+   * <p>The list of system fields that are included in the log events sent to the subscription
+   *       destination. Returns the <code>emitSystemFields</code> value if it was specified when the
+   *       subscription filter was created.</p>
    * @public
    */
   emitSystemFields?: string[] | undefined;
@@ -4861,13 +4869,13 @@ export interface GetScheduledQueryHistoryRequest {
  */
 export interface ScheduledQueryDestination {
   /**
-   * <p>The type of destination (S3 or EVENTBRIDGE).</p>
+   * <p>The type of destination (S3).</p>
    * @public
    */
   destinationType?: ScheduledQueryDestinationType | undefined;
 
   /**
-   * <p>The destination identifier (S3 URI or EventBridge ARN).</p>
+   * <p>The destination identifier (S3 URI).</p>
    * @public
    */
   destinationIdentifier?: string | undefined;
@@ -4879,7 +4887,7 @@ export interface ScheduledQueryDestination {
   status?: ActionStatus | undefined;
 
   /**
-   * <p>The processed identifier returned for the destination (S3 key or event ID).</p>
+   * <p>The processed identifier returned for the destination (S3 key).</p>
    * @public
    */
   processedIdentifier?: string | undefined;
@@ -4903,7 +4911,7 @@ export interface TriggerHistoryRecord {
   queryId?: string | undefined;
 
   /**
-   * <p>The status of the query execution (SUCCEEDED, FAILED, TIMEOUT, or INVALID_QUERY).</p>
+   * <p>The status of the query execution (Running, Complete, Failed, Timeout, or InvalidQuery).</p>
    * @public
    */
   executionStatus?: ExecutionStatus | undefined;
@@ -4921,7 +4929,7 @@ export interface TriggerHistoryRecord {
   errorMessage?: string | undefined;
 
   /**
-   * <p>The list of destinations where the scheduled query results were delivered for this execution. This includes S3 buckets and EventBridge targets configured for the scheduled query.</p>
+   * <p>The list of destinations where the scheduled query results were delivered for this execution. This includes S3 buckets configured for the scheduled query.</p>
    * @public
    */
   destinations?: ScheduledQueryDestination[] | undefined;
@@ -5238,7 +5246,7 @@ export interface ParseRoute53 {
 /**
  * <p>This processor converts logs into <a href="https://ocsf.io">Open Cybersecurity Schema
  *         Framework (OCSF)</a> events.</p>
- *          <p>For more information about this processor including examples, see <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseToOCSF"> parseToOSCF</a> in the <i>CloudWatch Logs User Guide</i>.</p>
+ *          <p>For more information about this processor including examples, see <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseToOCSF">parseToOCSF</a> in the <i>CloudWatch Logs User Guide</i>.</p>
  * @public
  */
 export interface ParseToOCSF {
@@ -5261,6 +5269,13 @@ export interface ParseToOCSF {
    * @public
    */
   ocsfVersion: OCSFVersion | undefined;
+
+  /**
+   * <p>Identifies the specific release of the Open Cybersecurity Schema Framework (OCSF)
+   *       transformer being used to parse OCSF data. Defaults to the latest version if not specified. Does not automatically update.</p>
+   * @public
+   */
+  mappingVersion?: string | undefined;
 }
 
 /**
@@ -6712,11 +6727,18 @@ export interface PutDeliverySourceRequest {
    *           <code>ERROR_LOGS</code>.</p>
    *             </li>
    *             <li>
+   *                <p>For Network Load Balancer, the valid value is <code>NLB_ACCESS_LOGS</code>.</p>
+   *             </li>
+   *             <li>
    *                <p>For PCS, the valid values are <code>PCS_SCHEDULER_LOGS</code> and
    *             <code>PCS_JOBCOMP_LOGS</code>.</p>
    *             </li>
    *             <li>
-   *                <p>For Amazon Q, the valid values are <code>EVENT_LOGS</code> and <code>SYNC_JOB_LOGS</code>.</p>
+   *                <p>For Amazon Web Services RTB Fabric, the valid values is <code>APPLICATION_LOGS</code>.</p>
+   *             </li>
+   *             <li>
+   *                <p>For Amazon Q, the valid values are <code>EVENT_LOGS</code> and
+   *             <code>SYNC_JOB_LOGS</code>.</p>
    *             </li>
    *             <li>
    *                <p>For Amazon SES mail manager, the valid values are
@@ -7159,13 +7181,21 @@ export interface PutMetricFilterRequest {
   applyOnTransformedLogs?: boolean | undefined;
 
   /**
-   * <p>A filter expression that specifies which log events should be processed by this metric filter based on system fields such as source account and source region. Uses selection criteria syntax with operators like <code>=</code>, <code>!=</code>, <code>AND</code>, <code>OR</code>, <code>IN</code>, <code>NOT IN</code>. Example: <code>@aws.region = "us-east-1"</code> or <code>@aws.account IN ["123456789012", "987654321098"]</code>. Maximum length: 2000 characters.</p>
+   * <p>A filter expression that specifies which log events should be processed by this metric
+   *       filter based on system fields such as source account and source region. Uses selection
+   *       criteria syntax with operators like <code>=</code>, <code>!=</code>, <code>AND</code>,
+   *         <code>OR</code>, <code>IN</code>, <code>NOT IN</code>. Example: <code>@aws.region =
+   *         "us-east-1"</code> or <code>@aws.account IN ["123456789012", "987654321098"]</code>. Maximum
+   *       length: 2000 characters.</p>
    * @public
    */
   fieldSelectionCriteria?: string | undefined;
 
   /**
-   * <p>A list of system fields to emit as additional dimensions in the generated metrics. Valid values are <code>@aws.account</code> and <code>@aws.region</code>. These dimensions help identify the source of centralized log data and count toward the total dimension limit for metric filters.</p>
+   * <p>A list of system fields to emit as additional dimensions in the generated metrics. Valid
+   *       values are <code>@aws.account</code> and <code>@aws.region</code>. These dimensions help
+   *       identify the source of centralized log data and count toward the total dimension limit for
+   *       metric filters.</p>
    * @public
    */
   emitSystemFieldDimensions?: string[] | undefined;
@@ -7263,11 +7293,11 @@ export interface PutResourcePolicyRequest {
    *       that call.</p>
    *          <p></p>
    *          <p>
-   *             <code>\{ "Version": "2012-10-17",		 	 	  "Statement": [ \{ "Sid": "Route53LogsToCloudWatchLogs",
-   *         "Effect": "Allow", "Principal": \{ "Service": [ "route53.amazonaws.com" ] \}, "Action":
-   *         "logs:PutLogEvents", "Resource": "logArn", "Condition": \{ "ArnLike": \{ "aws:SourceArn":
-   *         "myRoute53ResourceArn" \}, "StringEquals": \{ "aws:SourceAccount": "myAwsAccountId" \} \} \} ]
-   *         \}</code>
+   *             <code>\{ "Version": "2012-10-17",		 	 	  "Statement": [ \{ "Sid":
+   *         "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": \{ "Service": [
+   *         "route53.amazonaws.com" ] \}, "Action": "logs:PutLogEvents", "Resource": "logArn",
+   *         "Condition": \{ "ArnLike": \{ "aws:SourceArn": "myRoute53ResourceArn" \}, "StringEquals": \{
+   *         "aws:SourceAccount": "myAwsAccountId" \} \} \} ] \}</code>
    *          </p>
    * @public
    */
@@ -7407,13 +7437,20 @@ export interface PutSubscriptionFilterRequest {
   applyOnTransformedLogs?: boolean | undefined;
 
   /**
-   * <p>A filter expression that specifies which log events should be processed by this subscription filter based on system fields such as source account and source region. Uses selection criteria syntax with operators like <code>=</code>, <code>!=</code>, <code>AND</code>, <code>OR</code>, <code>IN</code>, <code>NOT IN</code>. Example: <code>@aws.region NOT IN ["cn-north-1"]</code> or <code>@aws.account = "123456789012" AND @aws.region = "us-east-1"</code>. Maximum length: 2000 characters.</p>
+   * <p>A filter expression that specifies which log events should be processed by this
+   *       subscription filter based on system fields such as source account and source region. Uses
+   *       selection criteria syntax with operators like <code>=</code>, <code>!=</code>,
+   *         <code>AND</code>, <code>OR</code>, <code>IN</code>, <code>NOT IN</code>. Example:
+   *         <code>@aws.region NOT IN ["cn-north-1"]</code> or <code>@aws.account = "123456789012" AND
+   *         @aws.region = "us-east-1"</code>. Maximum length: 2000 characters.</p>
    * @public
    */
   fieldSelectionCriteria?: string | undefined;
 
   /**
-   * <p>A list of system fields to include in the log events sent to the subscription destination. Valid values are <code>@aws.account</code> and <code>@aws.region</code>. These fields provide source information for centralized log data in the forwarded payload.</p>
+   * <p>A list of system fields to include in the log events sent to the subscription destination.
+   *       Valid values are <code>@aws.account</code> and <code>@aws.region</code>. These fields provide
+   *       source information for centralized log data in the forwarded payload.</p>
    * @public
    */
   emitSystemFields?: string[] | undefined;
diff --git a/clients/client-cloudwatch-logs/src/schemas/schemas_0.ts b/clients/client-cloudwatch-logs/src/schemas/schemas_0.ts
@@ -637,6 +637,7 @@ const _mP = "matchPatterns";
 const _mR = "maxResults";
 const _mT = "metricTransformations";
 const _mV = "metricValue";
+const _mVa = "mappingVersion";
 const _ma = "match";
 const _man = "mandatory";
 const _mat = "matches";
@@ -1625,7 +1626,7 @@ export var ParseKeyValue: StaticStructureSchema = [
 ];
 export var ParsePostgres: StaticStructureSchema = [3, n0, _PP, 0, [_so], [0]];
 export var ParseRoute53: StaticStructureSchema = [3, n0, _PR, 0, [_so], [0]];
-export var ParseToOCSF: StaticStructureSchema = [3, n0, _PTOCSF, 0, [_so, _eSv, _oV], [0, 0, 0]];
+export var ParseToOCSF: StaticStructureSchema = [3, n0, _PTOCSF, 0, [_so, _eSv, _oV, _mVa], [0, 0, 0, 0]];
 export var ParseVPC: StaticStructureSchema = [3, n0, _PVPC, 0, [_so], [0]];
 export var ParseWAF: StaticStructureSchema = [3, n0, _PWAF, 0, [_so], [0]];
 export var PatternToken: StaticStructureSchema = [3, n0, _PT, 0, [_dTP, _iDs, _tS, _enu, _iTN], [1, 2, 0, 128 | 1, 0]];
diff --git a/codegen/sdk-codegen/aws-models/cloudwatch-logs.json b/codegen/sdk-codegen/aws-models/cloudwatch-logs.json
