Open ffalor opened 1 year ago
tim-finnigan
commented
1 year ago HI @ffalor thanks for reaching out. That error is coming from the CreateCustomLogSource API rather than the CLI directly. Can you confirm that you have securitylake enabled on the account that you're using with the AWS CLI?
ffalor
commented
1 year ago Hey, It was enabled on that account. A few mins after posting this a new version of the cli was released. I am using that one now without issue.
The command changed a lot, but it does what I would expect.
The change log didn't mention any changes to that command, but there were multiple.
tim-finnigan
commented
1 year ago Thanks for following up. I also did not see any recent CHANGELOG entries for securitylake, although Security Hub was mentioned here, so maybe there were some account integration changes that fixed this for you? If there's any feedback you'd like me to forward to the Security Lake team please let me know, otherwise I'll set this issue to auto-close.
ffalor
commented
1 year ago I believe the cli upgrade is what fixed my specific error. Perhaps there was an api change when security-lake went GA earlier this week? I know the command responses changed.
I guess technically my issue is resolved and closed - I just wanted to give this info out just incase others find themselves in a similar scenario.
These are the changes I was referring to: The help command using: 2.11.24
create-custom-log-source
[--configuration <value>]
[--event-classes <value>]
--source-name <value>
[--source-version <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]Help command for 2.11.23
create-custom-log-source
--custom-source-name <value>
--event-class <value>
--glue-invocation-role-arn <value>
--log-provider-account-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]Also aws securitylake get-datalake-status changed to aws securitylake get-data-lake-sources responses from both commands also changed.
tim-finnigan
commented
1 year ago Thanks @ffalo for confirming - I brought this issue up for discussion with the team and was informed that a patch was added here a few days ago which included changes to the service API model. There were issues with the preview release and those changes were required for the GA release that you referenced. Unfortunately a CHANGELOG entry did not get added due to this. We can leave this issue open for now as it may help others, and I think we may want to go back and manually add a securitylake CHANGELOG update for 2.11.24.
Describe the bug
running
aws securitylake create-custom-log-sourceresults in this error:I am running this as command using a role with administrator permissions
Expected Behavior
Expectation is the command would create a custom-log-source in securitylake
Current Behavior
Exception is thrown
Unable to determine service/operation name to be authorizedReproduction Steps
aws securitylake create-custom-log-sourcewith the required flagsPossible Solution
No response
Additional Information/Context
No response
CLI version used
aws-cli/2.11.23 Python/3.11.3 Darwin/22.4.0 source/x86_64 prompt/off
Environment details (OS name and version, etc.)
Python/3.11.3 Darwin/22.4.0