aws-sdk-backup 1.101.0 → 1.103.0

data/lib/aws-sdk-backup/client.rb

@@ -613,6 +613,12 @@ module Aws::Backup
     #               resource_types: ["ResourceType"],
     #             },
     #           ],
+    #           scan_actions: [
+    #             {
+    #               malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #               scan_mode: "FULL_SCAN", # accepts FULL_SCAN, INCREMENTAL_SCAN
+    #             },
+    #           ],
     #         },
     #       ],
     #       advanced_backup_settings: [
@@ -623,6 +629,13 @@ module Aws::Backup
     #           },
     #         },
     #       ],
+    #       scan_settings: [
+    #         {
+    #           malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #           resource_types: ["ResourceType"],
+    #           scanner_role_arn: "IAMRoleArn",
+    #         },
+    #       ],
     #     },
     #     backup_plan_tags: {
     #       "TagKey" => "TagValue",
@@ -1076,7 +1089,8 @@ module Aws::Backup
     #   a report template. The report templates are:
     #
     #   `RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT |
-    #   BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT`
+    #   BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT |
+    #   SCAN_JOB_REPORT `
     #
     #   If the report template is `RESOURCE_COMPLIANCE_REPORT` or
     #   `CONTROL_COMPLIANCE_REPORT`, this API resource also describes the
@@ -1367,6 +1381,78 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Creates a tiering configuration.
+    #
+    # A tiering configuration enables automatic movement of backup data to a
+    # lower-cost storage tier based on the age of backed-up objects in the
+    # backup vault.
+    #
+    # Each vault can only have one vault-specific tiering configuration, in
+    # addition to any global configuration that applies to all vaults.
+    #
+    # @option params [required, Types::TieringConfigurationInputForCreate] :tiering_configuration
+    #   A tiering configuration must contain a unique
+    #   `TieringConfigurationName` string you create and must contain a
+    #   `BackupVaultName` and `ResourceSelection`. You may optionally include
+    #   a `CreatorRequestId` string.
+    #
+    #   The `TieringConfigurationName` is a unique string that is the name of
+    #   the tiering configuration. This cannot be changed after creation, and
+    #   it must consist of only alphanumeric characters and underscores.
+    #
+    # @option params [Hash<String,String>] :tiering_configuration_tags
+    #   The tags to assign to the tiering configuration.
+    #
+    # @option params [String] :creator_request_id
+    #   This is a unique string that identifies the request and allows failed
+    #   requests to be retried without the risk of running the operation
+    #   twice. This parameter is optional. If used, this parameter must
+    #   contain 1 to 50 alphanumeric or '-\_.' characters.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @return [Types::CreateTieringConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateTieringConfigurationOutput#tiering_configuration_arn #tiering_configuration_arn} => String
+    #   * {Types::CreateTieringConfigurationOutput#tiering_configuration_name #tiering_configuration_name} => String
+    #   * {Types::CreateTieringConfigurationOutput#creation_time #creation_time} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_tiering_configuration({
+    #     tiering_configuration: { # required
+    #       tiering_configuration_name: "TieringConfigurationName", # required
+    #       backup_vault_name: "BackupVaultNameOrWildcard", # required
+    #       resource_selection: [ # required
+    #         {
+    #           resources: ["ARN"], # required
+    #           tiering_down_settings_in_days: 1, # required
+    #           resource_type: "ResourceType", # required
+    #         },
+    #       ],
+    #     },
+    #     tiering_configuration_tags: {
+    #       "TagKey" => "TagValue",
+    #     },
+    #     creator_request_id: "CreatorRequestId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tiering_configuration_arn #=> String
+    #   resp.tiering_configuration_name #=> String
+    #   resp.creation_time #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/CreateTieringConfiguration AWS API Documentation
+    #
+    # @overload create_tiering_configuration(params = {})
+    # @param [Hash] params ({})
+    def create_tiering_configuration(params = {}, options = {})
+      req = build_request(:create_tiering_configuration, params)
+      req.send_request(options)
+    end
+
     # Deletes a backup plan. A backup plan can only be deleted after all
     # associated selections of resources have been deleted. Deleting a
     # backup plan deletes the current version of a backup plan. Previous
@@ -1691,6 +1777,29 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Deletes the tiering configuration specified by a tiering configuration
+    # name.
+    #
+    # @option params [required, String] :tiering_configuration_name
+    #   The unique name of a tiering configuration.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_tiering_configuration({
+    #     tiering_configuration_name: "TieringConfigurationName", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DeleteTieringConfiguration AWS API Documentation
+    #
+    # @overload delete_tiering_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_tiering_configuration(params = {}, options = {})
+      req = build_request(:delete_tiering_configuration, params)
+      req.send_request(options)
+    end
+
     # Returns backup job details for the specified `BackupJobId`.
     #
     # @option params [required, String] :backup_job_id
@@ -2098,6 +2207,7 @@ module Aws::Backup
     #   * {Types::DescribeRecoveryPointOutput#index_status #index_status} => String
     #   * {Types::DescribeRecoveryPointOutput#index_status_message #index_status_message} => String
     #   * {Types::DescribeRecoveryPointOutput#encryption_key_type #encryption_key_type} => String
+    #   * {Types::DescribeRecoveryPointOutput#scan_results #scan_results} => Array&lt;Types::ScanResult&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -2148,6 +2258,12 @@ module Aws::Backup
     #   resp.index_status #=> String, one of "PENDING", "ACTIVE", "FAILED", "DELETING"
     #   resp.index_status_message #=> String
     #   resp.encryption_key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KMS_KEY"
+    #   resp.scan_results #=> Array
+    #   resp.scan_results[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_results[0].scan_job_state #=> String, one of "COMPLETED", "COMPLETED_WITH_ISSUES", "FAILED", "CANCELED"
+    #   resp.scan_results[0].last_scan_timestamp #=> Time
+    #   resp.scan_results[0].findings #=> Array
+    #   resp.scan_results[0].findings[0] #=> String, one of "MALWARE"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeRecoveryPoint AWS API Documentation
     #
@@ -2347,6 +2463,75 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Returns scan job details for the specified ScanJobID.
+    #
+    # @option params [required, String] :scan_job_id
+    #   Uniquely identifies a request to Backup to scan a resource.
+    #
+    # @return [Types::DescribeScanJobOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeScanJobOutput#account_id #account_id} => String
+    #   * {Types::DescribeScanJobOutput#backup_vault_arn #backup_vault_arn} => String
+    #   * {Types::DescribeScanJobOutput#backup_vault_name #backup_vault_name} => String
+    #   * {Types::DescribeScanJobOutput#completion_date #completion_date} => Time
+    #   * {Types::DescribeScanJobOutput#created_by #created_by} => Types::ScanJobCreator
+    #   * {Types::DescribeScanJobOutput#creation_date #creation_date} => Time
+    #   * {Types::DescribeScanJobOutput#iam_role_arn #iam_role_arn} => String
+    #   * {Types::DescribeScanJobOutput#malware_scanner #malware_scanner} => String
+    #   * {Types::DescribeScanJobOutput#recovery_point_arn #recovery_point_arn} => String
+    #   * {Types::DescribeScanJobOutput#resource_arn #resource_arn} => String
+    #   * {Types::DescribeScanJobOutput#resource_name #resource_name} => String
+    #   * {Types::DescribeScanJobOutput#resource_type #resource_type} => String
+    #   * {Types::DescribeScanJobOutput#scan_base_recovery_point_arn #scan_base_recovery_point_arn} => String
+    #   * {Types::DescribeScanJobOutput#scan_id #scan_id} => String
+    #   * {Types::DescribeScanJobOutput#scan_job_id #scan_job_id} => String
+    #   * {Types::DescribeScanJobOutput#scan_mode #scan_mode} => String
+    #   * {Types::DescribeScanJobOutput#scan_result #scan_result} => Types::ScanResultInfo
+    #   * {Types::DescribeScanJobOutput#scanner_role_arn #scanner_role_arn} => String
+    #   * {Types::DescribeScanJobOutput#state #state} => String
+    #   * {Types::DescribeScanJobOutput#status_message #status_message} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_scan_job({
+    #     scan_job_id: "String", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_id #=> String
+    #   resp.backup_vault_arn #=> String
+    #   resp.backup_vault_name #=> String
+    #   resp.completion_date #=> Time
+    #   resp.created_by.backup_plan_arn #=> String
+    #   resp.created_by.backup_plan_id #=> String
+    #   resp.created_by.backup_plan_version #=> String
+    #   resp.created_by.backup_rule_id #=> String
+    #   resp.creation_date #=> Time
+    #   resp.iam_role_arn #=> String
+    #   resp.malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.recovery_point_arn #=> String
+    #   resp.resource_arn #=> String
+    #   resp.resource_name #=> String
+    #   resp.resource_type #=> String, one of "EBS", "EC2", "S3"
+    #   resp.scan_base_recovery_point_arn #=> String
+    #   resp.scan_id #=> String
+    #   resp.scan_job_id #=> String
+    #   resp.scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
+    #   resp.scan_result.scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.scanner_role_arn #=> String
+    #   resp.state #=> String, one of "CANCELED", "COMPLETED", "COMPLETED_WITH_ISSUES", "CREATED", "FAILED", "RUNNING"
+    #   resp.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeScanJob AWS API Documentation
+    #
+    # @overload describe_scan_job(params = {})
+    # @param [Hash] params ({})
+    def describe_scan_job(params = {}, options = {})
+      req = build_request(:describe_scan_job, params)
+      req.send_request(options)
+    end
+
     # Removes the association between an MPA approval team and a backup
     # vault, disabling the MPA approval workflow for restore operations.
     #
@@ -2536,10 +2721,18 @@ module Aws::Backup
     #   resp.backup_plan.rules[0].index_actions #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types[0] #=> String
+    #   resp.backup_plan.rules[0].scan_actions #=> Array
+    #   resp.backup_plan.rules[0].scan_actions[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.rules[0].scan_actions[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
     #   resp.backup_plan.advanced_backup_settings #=> Array
     #   resp.backup_plan.advanced_backup_settings[0].resource_type #=> String
     #   resp.backup_plan.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.backup_plan.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.backup_plan.scan_settings #=> Array
+    #   resp.backup_plan.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.scan_settings[0].resource_types #=> Array
+    #   resp.backup_plan.scan_settings[0].resource_types[0] #=> String
+    #   resp.backup_plan.scan_settings[0].scanner_role_arn #=> String
     #   resp.backup_plan_id #=> String
     #   resp.backup_plan_arn #=> String
     #   resp.version_id #=> String
@@ -2608,10 +2801,18 @@ module Aws::Backup
     #   resp.backup_plan.rules[0].index_actions #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types[0] #=> String
+    #   resp.backup_plan.rules[0].scan_actions #=> Array
+    #   resp.backup_plan.rules[0].scan_actions[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.rules[0].scan_actions[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
     #   resp.backup_plan.advanced_backup_settings #=> Array
     #   resp.backup_plan.advanced_backup_settings[0].resource_type #=> String
     #   resp.backup_plan.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.backup_plan.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.backup_plan.scan_settings #=> Array
+    #   resp.backup_plan.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.scan_settings[0].resource_types #=> Array
+    #   resp.backup_plan.scan_settings[0].resource_types[0] #=> String
+    #   resp.backup_plan.scan_settings[0].scanner_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/GetBackupPlanFromJSON AWS API Documentation
     #
@@ -2665,10 +2866,18 @@ module Aws::Backup
     #   resp.backup_plan_document.rules[0].index_actions #=> Array
     #   resp.backup_plan_document.rules[0].index_actions[0].resource_types #=> Array
     #   resp.backup_plan_document.rules[0].index_actions[0].resource_types[0] #=> String
+    #   resp.backup_plan_document.rules[0].scan_actions #=> Array
+    #   resp.backup_plan_document.rules[0].scan_actions[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan_document.rules[0].scan_actions[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
     #   resp.backup_plan_document.advanced_backup_settings #=> Array
     #   resp.backup_plan_document.advanced_backup_settings[0].resource_type #=> String
     #   resp.backup_plan_document.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.backup_plan_document.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.backup_plan_document.scan_settings #=> Array
+    #   resp.backup_plan_document.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan_document.scan_settings[0].resource_types #=> Array
+    #   resp.backup_plan_document.scan_settings[0].resource_types[0] #=> String
+    #   resp.backup_plan_document.scan_settings[0].scanner_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/GetBackupPlanFromTemplate AWS API Documentation
     #
@@ -3159,6 +3368,46 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Returns `TieringConfiguration` details for the specified
+    # `TieringConfigurationName`. The details are the body of a tiering
+    # configuration in JSON format, in addition to configuration metadata.
+    #
+    # @option params [required, String] :tiering_configuration_name
+    #   The unique name of a tiering configuration.
+    #
+    # @return [Types::GetTieringConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetTieringConfigurationOutput#tiering_configuration #tiering_configuration} => Types::TieringConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_tiering_configuration({
+    #     tiering_configuration_name: "TieringConfigurationName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tiering_configuration.tiering_configuration_name #=> String
+    #   resp.tiering_configuration.tiering_configuration_arn #=> String
+    #   resp.tiering_configuration.backup_vault_name #=> String
+    #   resp.tiering_configuration.resource_selection #=> Array
+    #   resp.tiering_configuration.resource_selection[0].resources #=> Array
+    #   resp.tiering_configuration.resource_selection[0].resources[0] #=> String
+    #   resp.tiering_configuration.resource_selection[0].tiering_down_settings_in_days #=> Integer
+    #   resp.tiering_configuration.resource_selection[0].resource_type #=> String
+    #   resp.tiering_configuration.creator_request_id #=> String
+    #   resp.tiering_configuration.creation_time #=> Time
+    #   resp.tiering_configuration.last_updated_time #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/GetTieringConfiguration AWS API Documentation
+    #
+    # @overload get_tiering_configuration(params = {})
+    # @param [Hash] params ({})
+    def get_tiering_configuration(params = {}, options = {})
+      req = build_request(:get_tiering_configuration, params)
+      req.send_request(options)
+    end
+
     # This is a request for a summary of backup jobs created or running
     # within the most recent 30 days. You can include parameters AccountID,
     # State, ResourceType, MessageCategory, AggregationPeriod, MaxResults,
@@ -4495,6 +4744,10 @@ module Aws::Backup
     #   resp.recovery_points[0].index_status #=> String, one of "PENDING", "ACTIVE", "FAILED", "DELETING"
     #   resp.recovery_points[0].index_status_message #=> String
     #   resp.recovery_points[0].encryption_key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KMS_KEY"
+    #   resp.recovery_points[0].aggregated_scan_result.failed_scan #=> Boolean
+    #   resp.recovery_points[0].aggregated_scan_result.findings #=> Array
+    #   resp.recovery_points[0].aggregated_scan_result.findings[0] #=> String, one of "MALWARE"
+    #   resp.recovery_points[0].aggregated_scan_result.last_computed #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListRecoveryPointsByBackupVault AWS API Documentation
     #
@@ -4623,6 +4876,10 @@ module Aws::Backup
     #   resp.recovery_points[0].index_status #=> String, one of "PENDING", "ACTIVE", "FAILED", "DELETING"
     #   resp.recovery_points[0].index_status_message #=> String
     #   resp.recovery_points[0].encryption_key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KMS_KEY"
+    #   resp.recovery_points[0].aggregated_scan_result.failed_scan #=> Boolean
+    #   resp.recovery_points[0].aggregated_scan_result.findings #=> Array
+    #   resp.recovery_points[0].aggregated_scan_result.findings[0] #=> String, one of "MALWARE"
+    #   resp.recovery_points[0].aggregated_scan_result.last_computed #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListRecoveryPointsByResource AWS API Documentation
     #
@@ -4654,7 +4911,11 @@ module Aws::Backup
     #   Returns only report jobs that are in the specified status. The
     #   statuses are:
     #
-    #   `CREATED | RUNNING | COMPLETED | FAILED`
+    #   `CREATED | RUNNING | COMPLETED | FAILED | COMPLETED_WITH_ISSUES`
+    #
+    #   Please note that only scanning jobs finish with state completed with
+    #   issues. For backup jobs this is a console interpretation of a job that
+    #   finishes in completed state and has a status message.
     #
     # @option params [Integer] :max_results
     #   The number of desired results from 1 to 1000. Optional. If
@@ -5249,6 +5510,242 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # This is a request for a summary of scan jobs created or running within
+    # the most recent 30 days.
+    #
+    # @option params [String] :account_id
+    #   Returns the job count for the specified account.
+    #
+    #   If the request is sent from a member account or an account not part of
+    #   Amazon Web Services Organizations, jobs within requestor's account
+    #   will be returned.
+    #
+    #   Root, admin, and delegated administrator accounts can use the value
+    #   `ANY` to return job counts from every account in the organization.
+    #
+    #   `AGGREGATE_ALL` aggregates job counts from all accounts within the
+    #   authenticated organization, then returns the sum.
+    #
+    # @option params [String] :resource_type
+    #   Returns the job count for the specified resource type. Use request
+    #   `GetSupportedResourceTypes` to obtain strings for supported resource
+    #   types.
+    #
+    #   The the value `ANY` returns count of all resource types.
+    #
+    #   `AGGREGATE_ALL` aggregates job counts for all resource types and
+    #   returns the sum.
+    #
+    # @option params [String] :malware_scanner
+    #   Returns only the scan jobs for the specified malware scanner.
+    #   Currently the only MalwareScanner is `GUARDDUTY`. But the field also
+    #   supports `ANY`, and `AGGREGATE_ALL`.
+    #
+    # @option params [String] :scan_result_status
+    #   Returns only the scan jobs for the specified scan results.
+    #
+    # @option params [String] :state
+    #   Returns only the scan jobs for the specified scanning job state.
+    #
+    # @option params [String] :aggregation_period
+    #   The period for the returned results.
+    #
+    #   * `ONE_DAY`The daily job count for the prior 1 day.
+    #
+    #   * `SEVEN_DAYS`The daily job count for the prior 7 days.
+    #
+    #   * `FOURTEEN_DAYS`The daily job count for the prior 14 days.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of items to be returned.
+    #
+    #   The value is an integer. Range of accepted values is from 1 to 500.
+    #
+    # @option params [String] :next_token
+    #   The next item following a partial list of returned items. For example,
+    #   if a request is made to return `MaxResults` number of items,
+    #   `NextToken` allows you to return more items in your list starting at
+    #   the location pointed to by the next token.
+    #
+    # @return [Types::ListScanJobSummariesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListScanJobSummariesOutput#scan_job_summaries #scan_job_summaries} => Array&lt;Types::ScanJobSummary&gt;
+    #   * {Types::ListScanJobSummariesOutput#aggregation_period #aggregation_period} => String
+    #   * {Types::ListScanJobSummariesOutput#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_scan_job_summaries({
+    #     account_id: "AccountId",
+    #     resource_type: "ResourceType",
+    #     malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #     scan_result_status: "NO_THREATS_FOUND", # accepts NO_THREATS_FOUND, THREATS_FOUND
+    #     state: "CREATED", # accepts CREATED, COMPLETED, COMPLETED_WITH_ISSUES, RUNNING, FAILED, CANCELED, AGGREGATE_ALL, ANY
+    #     aggregation_period: "ONE_DAY", # accepts ONE_DAY, SEVEN_DAYS, FOURTEEN_DAYS
+    #     max_results: 1,
+    #     next_token: "string",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scan_job_summaries #=> Array
+    #   resp.scan_job_summaries[0].region #=> String
+    #   resp.scan_job_summaries[0].account_id #=> String
+    #   resp.scan_job_summaries[0].state #=> String, one of "CREATED", "COMPLETED", "COMPLETED_WITH_ISSUES", "RUNNING", "FAILED", "CANCELED", "AGGREGATE_ALL", "ANY"
+    #   resp.scan_job_summaries[0].resource_type #=> String
+    #   resp.scan_job_summaries[0].count #=> Integer
+    #   resp.scan_job_summaries[0].start_time #=> Time
+    #   resp.scan_job_summaries[0].end_time #=> Time
+    #   resp.scan_job_summaries[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_job_summaries[0].scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.aggregation_period #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListScanJobSummaries AWS API Documentation
+    #
+    # @overload list_scan_job_summaries(params = {})
+    # @param [Hash] params ({})
+    def list_scan_job_summaries(params = {}, options = {})
+      req = build_request(:list_scan_job_summaries, params)
+      req.send_request(options)
+    end
+
+    # Returns a list of existing scan jobs for an authenticated account for
+    # the last 30 days.
+    #
+    # @option params [String] :by_account_id
+    #   The account ID to list the jobs from. Returns only backup jobs
+    #   associated with the specified account ID.
+    #
+    #   If used from an Amazon Web Services Organizations management account,
+    #   passing `*` returns all jobs across the organization.
+    #
+    #   Pattern: `^[0-9]{12}$`
+    #
+    # @option params [String] :by_backup_vault_name
+    #   Returns only scan jobs that will be stored in the specified backup
+    #   vault. Backup vaults are identified by names that are unique to the
+    #   account used to create them and the Amazon Web Services Region where
+    #   they are created.
+    #
+    #   Pattern: `^[a-zA-Z0-9\-\_\.]{2,50}$`
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :by_complete_after
+    #   Returns only scan jobs completed after a date expressed in Unix format
+    #   and Coordinated Universal Time (UTC).
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :by_complete_before
+    #   Returns only backup jobs completed before a date expressed in Unix
+    #   format and Coordinated Universal Time (UTC).
+    #
+    # @option params [String] :by_malware_scanner
+    #   Returns only the scan jobs for the specified malware scanner.
+    #   Currently only supports `GUARDDUTY`.
+    #
+    # @option params [String] :by_recovery_point_arn
+    #   Returns only the scan jobs that are ran against the specified recovery
+    #   point.
+    #
+    # @option params [String] :by_resource_arn
+    #   Returns only scan jobs that match the specified resource Amazon
+    #   Resource Name (ARN).
+    #
+    # @option params [String] :by_resource_type
+    #   Returns restore testing selections by the specified restore testing
+    #   plan name.
+    #
+    #   * `EBS`for Amazon Elastic Block Store
+    #
+    #   * `EC2`for Amazon Elastic Compute Cloud
+    #
+    #   * `S3`for Amazon Simple Storage Service (Amazon S3)
+    #
+    #   Pattern: `^[a-zA-Z0-9\-\_\.]{1,50}$`
+    #
+    # @option params [String] :by_scan_result_status
+    #   Returns only the scan jobs for the specified scan results:
+    #
+    #   * `THREATS_FOUND`
+    #
+    #   * `NO_THREATS_FOUND`
+    #
+    # @option params [String] :by_state
+    #   Returns only the scan jobs for the specified scanning job state.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of items to be returned.
+    #
+    #   Valid Range: Minimum value of 1. Maximum value of 1000.
+    #
+    # @option params [String] :next_token
+    #   The next item following a partial list of returned items. For example,
+    #   if a request is made to return `MaxResults` number of items,
+    #   `NextToken` allows you to return more items in your list starting at
+    #   the location pointed to by the next token.
+    #
+    # @return [Types::ListScanJobsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListScanJobsOutput#next_token #next_token} => String
+    #   * {Types::ListScanJobsOutput#scan_jobs #scan_jobs} => Array&lt;Types::ScanJob&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_scan_jobs({
+    #     by_account_id: "String",
+    #     by_backup_vault_name: "String",
+    #     by_complete_after: Time.now,
+    #     by_complete_before: Time.now,
+    #     by_malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #     by_recovery_point_arn: "String",
+    #     by_resource_arn: "String",
+    #     by_resource_type: "EBS", # accepts EBS, EC2, S3
+    #     by_scan_result_status: "NO_THREATS_FOUND", # accepts NO_THREATS_FOUND, THREATS_FOUND
+    #     by_state: "CANCELED", # accepts CANCELED, COMPLETED, COMPLETED_WITH_ISSUES, CREATED, FAILED, RUNNING
+    #     max_results: 1,
+    #     next_token: "String",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.scan_jobs #=> Array
+    #   resp.scan_jobs[0].account_id #=> String
+    #   resp.scan_jobs[0].backup_vault_arn #=> String
+    #   resp.scan_jobs[0].backup_vault_name #=> String
+    #   resp.scan_jobs[0].completion_date #=> Time
+    #   resp.scan_jobs[0].created_by.backup_plan_arn #=> String
+    #   resp.scan_jobs[0].created_by.backup_plan_id #=> String
+    #   resp.scan_jobs[0].created_by.backup_plan_version #=> String
+    #   resp.scan_jobs[0].created_by.backup_rule_id #=> String
+    #   resp.scan_jobs[0].creation_date #=> Time
+    #   resp.scan_jobs[0].iam_role_arn #=> String
+    #   resp.scan_jobs[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_jobs[0].recovery_point_arn #=> String
+    #   resp.scan_jobs[0].resource_arn #=> String
+    #   resp.scan_jobs[0].resource_name #=> String
+    #   resp.scan_jobs[0].resource_type #=> String, one of "EBS", "EC2", "S3"
+    #   resp.scan_jobs[0].scan_base_recovery_point_arn #=> String
+    #   resp.scan_jobs[0].scan_id #=> String
+    #   resp.scan_jobs[0].scan_job_id #=> String
+    #   resp.scan_jobs[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
+    #   resp.scan_jobs[0].scan_result.scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.scan_jobs[0].scanner_role_arn #=> String
+    #   resp.scan_jobs[0].state #=> String, one of "CANCELED", "COMPLETED", "COMPLETED_WITH_ISSUES", "CREATED", "FAILED", "RUNNING"
+    #   resp.scan_jobs[0].status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListScanJobs AWS API Documentation
+    #
+    # @overload list_scan_jobs(params = {})
+    # @param [Hash] params ({})
+    def list_scan_jobs(params = {}, options = {})
+      req = build_request(:list_scan_jobs, params)
+      req.send_request(options)
+    end
+
     # Returns the tags assigned to the resource, such as a target recovery
     # point, backup plan, or backup vault.
     #
@@ -5314,6 +5811,50 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Returns a list of tiering configurations.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of items to be returned.
+    #
+    # @option params [String] :next_token
+    #   The next item following a partial list of returned items. For example,
+    #   if a request is made to return `MaxResults` number of items,
+    #   `NextToken` allows you to return more items in your list starting at
+    #   the location pointed to by the next token.
+    #
+    # @return [Types::ListTieringConfigurationsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTieringConfigurationsOutput#tiering_configurations #tiering_configurations} => Array&lt;Types::TieringConfigurationsListMember&gt;
+    #   * {Types::ListTieringConfigurationsOutput#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_tiering_configurations({
+    #     max_results: 1,
+    #     next_token: "string",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tiering_configurations #=> Array
+    #   resp.tiering_configurations[0].tiering_configuration_arn #=> String
+    #   resp.tiering_configurations[0].tiering_configuration_name #=> String
+    #   resp.tiering_configurations[0].backup_vault_name #=> String
+    #   resp.tiering_configurations[0].creation_time #=> Time
+    #   resp.tiering_configurations[0].last_updated_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListTieringConfigurations AWS API Documentation
+    #
+    # @overload list_tiering_configurations(params = {})
+    # @param [Hash] params ({})
+    def list_tiering_configurations(params = {}, options = {})
+      req = build_request(:list_tiering_configurations, params)
+      req.send_request(options)
+    end
+
     # Sets a resource-based policy that is used to manage access permissions
     # on the target backup vault. Requires a backup vault name and an access
     # policy document in JSON format.
@@ -6010,6 +6551,84 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Starts scanning jobs for specific resources.
+    #
+    # @option params [required, String] :backup_vault_name
+    #   The name of a logical container where backups are stored. Backup
+    #   vaults are identified by names that are unique to the account used to
+    #   create them and the Amazon Web Services Region where they are created.
+    #
+    #   Pattern: `^[a-zA-Z0-9\-\_]{2,50}$`
+    #
+    # @option params [required, String] :iam_role_arn
+    #   Specifies the IAM role ARN used to create the target recovery point;
+    #   for example, `arn:aws:iam::123456789012:role/S3Access`.
+    #
+    # @option params [String] :idempotency_token
+    #   A customer-chosen string that you can use to distinguish between
+    #   otherwise identical calls to `StartScanJob`. Retrying a successful
+    #   request with the same idempotency token results in a success message
+    #   with no action taken.
+    #
+    # @option params [required, String] :malware_scanner
+    #   Specifies the malware scanner used during the scan job. Currently only
+    #   supports `GUARDDUTY`.
+    #
+    # @option params [required, String] :recovery_point_arn
+    #   An Amazon Resource Name (ARN) that uniquely identifies a recovery
+    #   point. This is your target recovery point for a full scan. If you are
+    #   running an incremental scan, this will be your a recovery point which
+    #   has been created after your base recovery point selection.
+    #
+    # @option params [String] :scan_base_recovery_point_arn
+    #   An ARN that uniquely identifies the base recovery point to be used for
+    #   incremental scanning.
+    #
+    # @option params [required, String] :scan_mode
+    #   Specifies the scan type use for the scan job.
+    #
+    #   Includes:
+    #
+    #   * `FULL_SCAN` will scan the entire data lineage within the backup.
+    #
+    #   * `INCREMENTAL_SCAN` will scan the data difference between the target
+    #     recovery point and base recovery point ARN.
+    #
+    # @option params [required, String] :scanner_role_arn
+    #   Specified the IAM scanner role ARN.
+    #
+    # @return [Types::StartScanJobOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartScanJobOutput#creation_date #creation_date} => Time
+    #   * {Types::StartScanJobOutput#scan_job_id #scan_job_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_scan_job({
+    #     backup_vault_name: "String", # required
+    #     iam_role_arn: "String", # required
+    #     idempotency_token: "String",
+    #     malware_scanner: "GUARDDUTY", # required, accepts GUARDDUTY
+    #     recovery_point_arn: "String", # required
+    #     scan_base_recovery_point_arn: "String",
+    #     scan_mode: "FULL_SCAN", # required, accepts FULL_SCAN, INCREMENTAL_SCAN
+    #     scanner_role_arn: "String", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.creation_date #=> Time
+    #   resp.scan_job_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/StartScanJob AWS API Documentation
+    #
+    # @overload start_scan_job(params = {})
+    # @param [Hash] params ({})
+    def start_scan_job(params = {}, options = {})
+      req = build_request(:start_scan_job, params)
+      req.send_request(options)
+    end
+
     # Attempts to cancel a job to create a one-time backup of a resource.
     #
     # This action is not supported for the following services:
@@ -6137,6 +6756,7 @@ module Aws::Backup
     #   * {Types::UpdateBackupPlanOutput#creation_date #creation_date} => Time
     #   * {Types::UpdateBackupPlanOutput#version_id #version_id} => String
     #   * {Types::UpdateBackupPlanOutput#advanced_backup_settings #advanced_backup_settings} => Array&lt;Types::AdvancedBackupSetting&gt;
+    #   * {Types::UpdateBackupPlanOutput#scan_settings #scan_settings} => Array&lt;Types::ScanSetting&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -6179,6 +6799,12 @@ module Aws::Backup
     #               resource_types: ["ResourceType"],
     #             },
     #           ],
+    #           scan_actions: [
+    #             {
+    #               malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #               scan_mode: "FULL_SCAN", # accepts FULL_SCAN, INCREMENTAL_SCAN
+    #             },
+    #           ],
     #         },
     #       ],
     #       advanced_backup_settings: [
@@ -6189,6 +6815,13 @@ module Aws::Backup
     #           },
     #         },
     #       ],
+    #       scan_settings: [
+    #         {
+    #           malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #           resource_types: ["ResourceType"],
+    #           scanner_role_arn: "IAMRoleArn",
+    #         },
+    #       ],
     #     },
     #   })
     #
@@ -6202,6 +6835,11 @@ module Aws::Backup
     #   resp.advanced_backup_settings[0].resource_type #=> String
     #   resp.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.scan_settings #=> Array
+    #   resp.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_settings[0].resource_types #=> Array
+    #   resp.scan_settings[0].resource_types[0] #=> String
+    #   resp.scan_settings[0].scanner_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/UpdateBackupPlan AWS API Documentation
     #
@@ -6737,6 +7375,63 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # This request will send changes to your specified tiering
+    # configuration. `TieringConfigurationName` cannot be updated after it
+    # is created.
+    #
+    # `ResourceSelection` can contain:
+    #
+    # * `Resources`
+    #
+    # * `TieringDownSettingsInDays`
+    #
+    # * `ResourceType`
+    #
+    # @option params [required, String] :tiering_configuration_name
+    #   The name of a tiering configuration to update.
+    #
+    # @option params [required, Types::TieringConfigurationInputForUpdate] :tiering_configuration
+    #   Specifies the body of a tiering configuration.
+    #
+    # @return [Types::UpdateTieringConfigurationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateTieringConfigurationOutput#tiering_configuration_arn #tiering_configuration_arn} => String
+    #   * {Types::UpdateTieringConfigurationOutput#tiering_configuration_name #tiering_configuration_name} => String
+    #   * {Types::UpdateTieringConfigurationOutput#creation_time #creation_time} => Time
+    #   * {Types::UpdateTieringConfigurationOutput#last_updated_time #last_updated_time} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_tiering_configuration({
+    #     tiering_configuration_name: "TieringConfigurationName", # required
+    #     tiering_configuration: { # required
+    #       resource_selection: [ # required
+    #         {
+    #           resources: ["ARN"], # required
+    #           tiering_down_settings_in_days: 1, # required
+    #           resource_type: "ResourceType", # required
+    #         },
+    #       ],
+    #       backup_vault_name: "BackupVaultNameOrWildcard", # required
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tiering_configuration_arn #=> String
+    #   resp.tiering_configuration_name #=> String
+    #   resp.creation_time #=> Time
+    #   resp.last_updated_time #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/UpdateTieringConfiguration AWS API Documentation
+    #
+    # @overload update_tiering_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_tiering_configuration(params = {}, options = {})
+      req = build_request(:update_tiering_configuration, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -6755,7 +7450,7 @@ module Aws::Backup
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-backup'
-      context[:gem_version] = '1.101.0'
+      context[:gem_version] = '1.103.0'
       Seahorse::Client::Request.new(handlers, context)
     end