aws_sdk_detective/lib.rs
1#![allow(deprecated)]
2#![allow(unknown_lints)]
3#![allow(clippy::module_inception)]
4#![allow(clippy::upper_case_acronyms)]
5#![allow(clippy::large_enum_variant)]
6#![allow(clippy::wrong_self_convention)]
7#![allow(clippy::should_implement_trait)]
8#![allow(clippy::disallowed_names)]
9#![allow(clippy::vec_init_then_push)]
10#![allow(clippy::type_complexity)]
11#![allow(clippy::needless_return)]
12#![allow(clippy::derive_partial_eq_without_eq)]
13#![allow(clippy::result_large_err)]
14#![allow(clippy::unnecessary_map_on_constructor)]
15#![allow(clippy::deprecated_semver)]
16#![allow(rustdoc::bare_urls)]
17#![allow(rustdoc::redundant_explicit_links)]
18#![allow(rustdoc::invalid_html_tags)]
19#![forbid(unsafe_code)]
20#![warn(missing_docs)]
21#![cfg_attr(docsrs, feature(doc_cfg))]
22//! Detective uses machine learning and purpose-built visualizations to help you to analyze and investigate security issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based events such as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by Amazon GuardDuty.
23//!
24//! The Detective API primarily supports the creation and management of behavior graphs. A behavior graph contains the extracted data from a set of member accounts, and is created and managed by an administrator account.
25//!
26//! To add a member account to the behavior graph, the administrator account sends an invitation to the account. When the account accepts the invitation, it becomes a member account in the behavior graph.
27//!
28//! Detective is also integrated with Organizations. The organization management account designates the Detective administrator account for the organization. That account becomes the administrator account for the organization behavior graph. The Detective administrator account is also the delegated administrator account for Detective in Organizations.
29//!
30//! The Detective administrator account can enable any organization account as a member account in the organization behavior graph. The organization accounts do not receive invitations. The Detective administrator account can also invite other accounts to the organization behavior graph.
31//!
32//! Every behavior graph is specific to a Region. You can only use the API to manage behavior graphs that belong to the Region that is associated with the currently selected endpoint.
33//!
34//! The administrator account for a behavior graph can use the Detective API to do the following:
35//! - Enable and disable Detective. Enabling Detective creates a new behavior graph.
36//! - View the list of member accounts in a behavior graph.
37//! - Add member accounts to a behavior graph.
38//! - Remove member accounts from a behavior graph.
39//! - Apply tags to a behavior graph.
40//!
41//! The organization management account can use the Detective API to select the delegated administrator for Detective.
42//!
43//! The Detective administrator account for an organization can use the Detective API to do the following:
44//! - Perform all of the functions of an administrator account.
45//! - Determine whether to automatically enable new organization accounts as member accounts in the organization behavior graph.
46//!
47//! An invited member account can use the Detective API to do the following:
48//! - View the list of behavior graphs that they are invited to.
49//! - Accept an invitation to contribute to a behavior graph.
50//! - Decline an invitation to contribute to a behavior graph.
51//! - Remove their account from a behavior graph.
52//!
53//! All API actions are logged as CloudTrail events. See [Logging Detective API Calls with CloudTrail](https://docs.aws.amazon.com/detective/latest/userguide/logging-using-cloudtrail.html).
54//!
55//! ## Getting Started
56//!
57//! > Examples are available for many services and operations, check out the
58//! > [usage examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1).
59//!
60//! The SDK provides one crate per AWS service. You must add [Tokio](https://crates.io/crates/tokio)
61//! as a dependency within your Rust project to execute asynchronous code. To add `aws-sdk-detective` to
62//! your project, add the following to your **Cargo.toml** file:
63//!
64//! ```toml
65//! [dependencies]
66//! aws-config = { version = "1.1.7", features = ["behavior-version-latest"] }
67//! aws-sdk-detective = "1.91.0"
68//! tokio = { version = "1", features = ["full"] }
69//! ```
70//!
71//! Then in code, a client can be created with the following:
72//!
73//! ```rust,no_run
74//! use aws_sdk_detective as detective;
75//!
76//! #[::tokio::main]
77//! async fn main() -> Result<(), detective::Error> {
78//! let config = aws_config::load_from_env().await;
79//! let client = aws_sdk_detective::Client::new(&config);
80//!
81//! // ... make some calls with the client
82//!
83//! Ok(())
84//! }
85//! ```
86//!
87//! See the [client documentation](https://docs.rs/aws-sdk-detective/latest/aws_sdk_detective/client/struct.Client.html)
88//! for information on what calls can be made, and the inputs and outputs for each of those calls.
89//!
90//! ## Using the SDK
91//!
92//! Until the SDK is released, we will be adding information about using the SDK to the
93//! [Developer Guide](https://docs.aws.amazon.com/sdk-for-rust/latest/dg/welcome.html). Feel free to suggest
94//! additional sections for the guide by opening an issue and describing what you are trying to do.
95//!
96//! ## Getting Help
97//!
98//! * [GitHub discussions](https://github.com/awslabs/aws-sdk-rust/discussions) - For ideas, RFCs & general questions
99//! * [GitHub issues](https://github.com/awslabs/aws-sdk-rust/issues/new/choose) - For bug reports & feature requests
100//! * [Generated Docs (latest version)](https://awslabs.github.io/aws-sdk-rust/)
101//! * [Usage examples](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1)
102//!
103//!
104//! # Crate Organization
105//!
106//! The entry point for most customers will be [`Client`], which exposes one method for each API
107//! offered by Amazon Detective. The return value of each of these methods is a "fluent builder",
108//! where the different inputs for that API are added by builder-style function call chaining,
109//! followed by calling `send()` to get a [`Future`](std::future::Future) that will result in
110//! either a successful output or a [`SdkError`](crate::error::SdkError).
111//!
112//! Some of these API inputs may be structs or enums to provide more complex structured information.
113//! These structs and enums live in [`types`](crate::types). There are some simpler types for
114//! representing data such as date times or binary blobs that live in [`primitives`](crate::primitives).
115//!
116//! All types required to configure a client via the [`Config`](crate::Config) struct live
117//! in [`config`](crate::config).
118//!
119//! The [`operation`](crate::operation) module has a submodule for every API, and in each submodule
120//! is the input, output, and error type for that API, as well as builders to construct each of those.
121//!
122//! There is a top-level [`Error`](crate::Error) type that encompasses all the errors that the
123//! client can return. Any other error type can be converted to this `Error` type via the
124//! [`From`](std::convert::From) trait.
125//!
126//! The other modules within this crate are not required for normal usage.
127
128// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
129pub use error_meta::Error;
130
131#[doc(inline)]
132pub use config::Config;
133
134/// Client for calling Amazon Detective.
135/// ## Constructing a `Client`
136///
137/// A [`Config`] is required to construct a client. For most use cases, the [`aws-config`]
138/// crate should be used to automatically resolve this config using
139/// [`aws_config::load_from_env()`], since this will resolve an [`SdkConfig`] which can be shared
140/// across multiple different AWS SDK clients. This config resolution process can be customized
141/// by calling [`aws_config::from_env()`] instead, which returns a [`ConfigLoader`] that uses
142/// the [builder pattern] to customize the default config.
143///
144/// In the simplest case, creating a client looks as follows:
145/// ```rust,no_run
146/// # async fn wrapper() {
147/// let config = aws_config::load_from_env().await;
148/// let client = aws_sdk_detective::Client::new(&config);
149/// # }
150/// ```
151///
152/// Occasionally, SDKs may have additional service-specific values that can be set on the [`Config`] that
153/// is absent from [`SdkConfig`], or slightly different settings for a specific client may be desired.
154/// The [`Builder`](crate::config::Builder) struct implements `From<&SdkConfig>`, so setting these specific settings can be
155/// done as follows:
156///
157/// ```rust,no_run
158/// # async fn wrapper() {
159/// let sdk_config = ::aws_config::load_from_env().await;
160/// let config = aws_sdk_detective::config::Builder::from(&sdk_config)
161/// # /*
162/// .some_service_specific_setting("value")
163/// # */
164/// .build();
165/// # }
166/// ```
167///
168/// See the [`aws-config` docs] and [`Config`] for more information on customizing configuration.
169///
170/// _Note:_ Client construction is expensive due to connection thread pool initialization, and should
171/// be done once at application start-up.
172///
173/// [`Config`]: crate::Config
174/// [`ConfigLoader`]: https://docs.rs/aws-config/*/aws_config/struct.ConfigLoader.html
175/// [`SdkConfig`]: https://docs.rs/aws-config/*/aws_config/struct.SdkConfig.html
176/// [`aws-config` docs]: https://docs.rs/aws-config/*
177/// [`aws-config`]: https://crates.io/crates/aws-config
178/// [`aws_config::from_env()`]: https://docs.rs/aws-config/*/aws_config/fn.from_env.html
179/// [`aws_config::load_from_env()`]: https://docs.rs/aws-config/*/aws_config/fn.load_from_env.html
180/// [builder pattern]: https://rust-lang.github.io/api-guidelines/type-safety.html#builders-enable-construction-of-complex-values-c-builder
181/// # Using the `Client`
182///
183/// A client has a function for every operation that can be performed by the service.
184/// For example, the [`AcceptInvitation`](crate::operation::accept_invitation) operation has
185/// a [`Client::accept_invitation`], function which returns a builder for that operation.
186/// The fluent builder ultimately has a `send()` function that returns an async future that
187/// returns a result, as illustrated below:
188///
189/// ```rust,ignore
190/// let result = client.accept_invitation()
191/// .graph_arn("example")
192/// .send()
193/// .await;
194/// ```
195///
196/// The underlying HTTP requests that get made by this can be modified with the `customize_operation`
197/// function on the fluent builder. See the [`customize`](crate::client::customize) module for more
198/// information.
199pub mod client;
200
201/// Configuration for Amazon Detective.
202pub mod config;
203
204/// Common errors and error handling utilities.
205pub mod error;
206
207mod error_meta;
208
209/// Information about this crate.
210pub mod meta;
211
212/// All operations that this crate can perform.
213pub mod operation;
214
215/// Primitives such as `Blob` or `DateTime` used by other types.
216pub mod primitives;
217
218/// Data structures used by operation inputs/outputs.
219pub mod types;
220
221pub(crate) mod protocol_serde;
222
223mod sdk_feature_tracker;
224
225mod serialization_settings;
226
227mod endpoint_lib;
228
229mod lens;
230
231mod json_errors;
232
233#[doc(inline)]
234pub use client::Client;