You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::Detective::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::Detective::Client
- Defined in:
- (unknown)
Overview
An API client for Amazon Detective. To construct a client, you need to configure a :region
and :credentials
.
detective = Aws::Detective::Client.new(
region: region_name,
credentials: credentials,
# ...
)
See #initialize for a full list of supported configuration options.
Region
You can configure a default region in the following locations:
ENV['AWS_REGION']
Aws.config[:region]
Go here for a list of supported regions.
Credentials
Default credentials are loaded automatically from the following locations:
ENV['AWS_ACCESS_KEY_ID']
andENV['AWS_SECRET_ACCESS_KEY']
Aws.config[:credentials]
- The shared credentials ini file at
~/.aws/credentials
(more information) - From an instance profile when running on EC2
You can also construct a credentials object from one of the following classes:
Alternatively, you configure credentials with :access_key_id
and
:secret_access_key
:
# load credentials from disk
creds = YAML.load(File.read('/path/to/secrets'))
Aws::Detective::Client.new(
access_key_id: creds['access_key_id'],
secret_access_key: creds['secret_access_key']
)
Always load your credentials from outside your application. Avoid configuring credentials statically and never commit them to source control.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
Constructor collapse
-
#initialize(options = {}) ⇒ Aws::Detective::Client
constructor
Constructs an API client.
API Operations collapse
-
#accept_invitation(options = {}) ⇒ Struct
Accepts an invitation for the member account to contribute data to a behavior graph.
-
#create_graph(options = {}) ⇒ Types::CreateGraphResponse
Creates a new behavior graph for the calling account, and sets that account as the master account.
-
#create_members(options = {}) ⇒ Types::CreateMembersResponse
Sends a request to invite the specified AWS accounts to be member accounts in the behavior graph.
-
#delete_graph(options = {}) ⇒ Struct
Disables the specified behavior graph and queues it to be deleted.
-
#delete_members(options = {}) ⇒ Types::DeleteMembersResponse
Deletes one or more member accounts from the master account behavior graph.
-
#disassociate_membership(options = {}) ⇒ Struct
Removes the member account from the specified behavior graph.
-
#get_members(options = {}) ⇒ Types::GetMembersResponse
Returns the membership details for specified member accounts for a behavior graph.
.
-
#list_graphs(options = {}) ⇒ Types::ListGraphsResponse
Returns the list of behavior graphs that the calling account is a master of.
-
#list_invitations(options = {}) ⇒ Types::ListInvitationsResponse
Retrieves the list of open and accepted behavior graph invitations for the member account.
-
#list_members(options = {}) ⇒ Types::ListMembersResponse
Retrieves the list of member accounts for a behavior graph.
-
#reject_invitation(options = {}) ⇒ Struct
Rejects an invitation to contribute the account data to a behavior graph.
-
#start_monitoring_member(options = {}) ⇒ Struct
Sends a request to enable data ingest for a member account that has a status of
ACCEPTED_BUT_DISABLED
.For valid member accounts, the status is updated as follows.
-
If Detective enabled the member account, then the new status is
ENABLED
. -
If Detective cannot enable the member account, the status remains
ACCEPTED_BUT_DISABLED
.
-
Instance Method Summary collapse
-
#wait_until(waiter_name, params = {}) {|waiter| ... } ⇒ Boolean
Waiters polls an API operation until a resource enters a desired state.
-
#waiter_names ⇒ Array<Symbol>
Returns the list of supported waiters.
Methods inherited from Seahorse::Client::Base
add_plugin, api, #build_request, clear_plugins, define, new, #operation, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options = {}) ⇒ Aws::Detective::Client
Constructs an API client.
Instance Method Details
#accept_invitation(options = {}) ⇒ Struct
Accepts an invitation for the member account to contribute data to a behavior graph. This operation can only be called by an invited member account.
The request provides the ARN of behavior graph.
The member account status in the graph must be INVITED
.
#create_graph(options = {}) ⇒ Types::CreateGraphResponse
Creates a new behavior graph for the calling account, and sets that account as the master account. This operation is called by the account that is enabling Detective.
Before you try to enable Detective, make sure that your account has been enrolled in Amazon GuardDuty for at least 48 hours. If you do not meet this requirement, you cannot enable Detective. If you do meet the GuardDuty prerequisite, then when you make the request to enable Detective, it checks whether your data volume is within the Detective quota. If it exceeds the quota, then you cannot enable Detective.
The operation also enables Detective for the calling account in the currently selected Region. It returns the ARN of the new behavior graph.
CreateGraph
triggers a process to create the corresponding data tables for the new behavior graph.
An account can only be the master account for one behavior graph within a Region. If the same account calls CreateGraph
with the same master account, it always returns the same behavior graph ARN. It does not create a new behavior graph.
#create_members(options = {}) ⇒ Types::CreateMembersResponse
Sends a request to invite the specified AWS accounts to be member accounts in the behavior graph. This operation can only be called by the master account for a behavior graph.
CreateMembers
verifies the accounts and then sends invitations to the verified accounts.
The request provides the behavior graph ARN and the list of accounts to invite.
The response separates the requested accounts into two lists:
-
The accounts that
CreateMembers
was able to start the verification for. This list includes member accounts that are being verified, that have passed verification and are being sent an invitation, and that have failed verification. -
The accounts that
CreateMembers
was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.
#delete_graph(options = {}) ⇒ Struct
Disables the specified behavior graph and queues it to be deleted. This operation removes the graph from each member account's list of behavior graphs.
DeleteGraph
can only be called by the master account for a behavior graph.
#delete_members(options = {}) ⇒ Types::DeleteMembersResponse
Deletes one or more member accounts from the master account behavior graph. This operation can only be called by a Detective master account. That account cannot use DeleteMembers
to delete their own account from the behavior graph. To disable a behavior graph, the master account uses the DeleteGraph
API method.
#disassociate_membership(options = {}) ⇒ Struct
Removes the member account from the specified behavior graph. This operation can only be called by a member account that has the ENABLED
status.
#get_members(options = {}) ⇒ Types::GetMembersResponse
Returns the membership details for specified member accounts for a behavior graph.
#list_graphs(options = {}) ⇒ Types::ListGraphsResponse
Returns the list of behavior graphs that the calling account is a master of. This operation can only be called by a master account.
Because an account can currently only be the master of one behavior graph within a Region, the results always contain a single graph.
#list_invitations(options = {}) ⇒ Types::ListInvitationsResponse
Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by a member account.
Open invitations are invitations that the member account has not responded to.
The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
#list_members(options = {}) ⇒ Types::ListMembersResponse
Retrieves the list of member accounts for a behavior graph. Does not return member accounts that were removed from the behavior graph.
#reject_invitation(options = {}) ⇒ Struct
Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by a member account that has the INVITED
status.
#start_monitoring_member(options = {}) ⇒ Struct
Sends a request to enable data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED
.
For valid member accounts, the status is updated as follows.
-
If Detective enabled the member account, then the new status is
ENABLED
. -
If Detective cannot enable the member account, the status remains
ACCEPTED_BUT_DISABLED
.
#wait_until(waiter_name, params = {}) {|waiter| ... } ⇒ Boolean
Waiters polls an API operation until a resource enters a desired state.
Basic Usage
Waiters will poll until they are succesful, they fail by entering a terminal state, or until a maximum number of attempts are made.
# polls in a loop, sleeping between attempts client.waiter_until(waiter_name, params)
Configuration
You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. You configure waiters by passing a block to #wait_until:
# poll for ~25 seconds
client.wait_until(...) do |w|
w.max_attempts = 5
w.delay = 5
end
Callbacks
You can be notified before each polling attempt and before each
delay. If you throw :success
or :failure
from these callbacks,
it will terminate the waiter.
started_at = Time.now
client.wait_until(...) do |w|
# disable max attempts
w.max_attempts = nil
# poll for 1 hour, instead of a number of attempts
w.before_wait do |attempts, response|
throw :failure if Time.now - started_at > 3600
end
end
Handling Errors
When a waiter is successful, it returns true
. When a waiter
fails, it raises an error. All errors raised extend from
Waiters::Errors::WaiterFailed.
begin
client.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
# resource did not enter the desired state in time
end
#waiter_names ⇒ Array<Symbol>
Returns the list of supported waiters. The following table lists the supported waiters and the client method they call:
Waiter Name | Client Method | Default Delay: | Default Max Attempts: |
---|