Crates.io | aws-sdk-detective |
lib.rs | aws-sdk-detective |
version | 1.50.0 |
source | src |
created_at | 2021-05-07 22:05:33.178104 |
updated_at | 2024-12-04 05:48:10.778396 |
description | AWS SDK for Amazon Detective |
homepage | |
repository | https://github.com/awslabs/aws-sdk-rust |
max_upload_size | |
id | 394560 |
size | 2,047,635 |
Detective uses machine learning and purpose-built visualizations to help you to analyze and investigate security issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based events such as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by Amazon GuardDuty.
The Detective API primarily supports the creation and management of behavior graphs. A behavior graph contains the extracted data from a set of member accounts, and is created and managed by an administrator account.
To add a member account to the behavior graph, the administrator account sends an invitation to the account. When the account accepts the invitation, it becomes a member account in the behavior graph.
Detective is also integrated with Organizations. The organization management account designates the Detective administrator account for the organization. That account becomes the administrator account for the organization behavior graph. The Detective administrator account is also the delegated administrator account for Detective in Organizations.
The Detective administrator account can enable any organization account as a member account in the organization behavior graph. The organization accounts do not receive invitations. The Detective administrator account can also invite other accounts to the organization behavior graph.
Every behavior graph is specific to a Region. You can only use the API to manage behavior graphs that belong to the Region that is associated with the currently selected endpoint.
The administrator account for a behavior graph can use the Detective API to do the following:
The organization management account can use the Detective API to select the delegated administrator for Detective.
The Detective administrator account for an organization can use the Detective API to do the following:
An invited member account can use the Detective API to do the following:
All API actions are logged as CloudTrail events. See Logging Detective API Calls with CloudTrail.
Examples are available for many services and operations, check out the examples folder in GitHub.
The SDK provides one crate per AWS service. You must add Tokio
as a dependency within your Rust project to execute asynchronous code. To add aws-sdk-detective
to
your project, add the following to your Cargo.toml file:
[dependencies]
aws-config = { version = "1.1.7", features = ["behavior-version-latest"] }
aws-sdk-detective = "1.50.0"
tokio = { version = "1", features = ["full"] }
Then in code, a client can be created with the following:
use aws_sdk_detective as detective;
#[::tokio::main]
async fn main() -> Result<(), detective::Error> {
let config = aws_config::load_from_env().await;
let client = aws_sdk_detective::Client::new(&config);
// ... make some calls with the client
Ok(())
}
See the client documentation for information on what calls can be made, and the inputs and outputs for each of those calls.
Until the SDK is released, we will be adding information about using the SDK to the Developer Guide. Feel free to suggest additional sections for the guide by opening an issue and describing what you are trying to do.
This project is licensed under the Apache-2.0 License.