aws-sdk-backup 1.102.0 → 1.103.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d14e71f10bf07913f1bef99000a64989c9df6c190863b936f714a6bc3ba42d1
-  data.tar.gz: 81ceca4bd9f4e186536864b1a7eaea7932397bff1d2252558e52405b976d4726
+  metadata.gz: 79eb7634b531c65f7b5e5ea14d324f1f9f1d25bd6920df534a29113f870dd50f
+  data.tar.gz: 50520f823c1c934eeb835eeaf7f4dc03d3e89bdb1707186d8a08d7d3230cfac4
 SHA512:
-  metadata.gz: 2dbc6163d8a34fe3a96af1baa2e8b700dd7aba91b09cb883d424c5cadc502eda719a70ec856c5ab8060e3ab1168dcb82f9ce8f994b4fdd8d70a197e62f2799f8
-  data.tar.gz: 877879476db7a1389e90eae9aac3b923ae12c167b8511f2954e6848bb66ff2c1b67a6d281bb8bf79d5ca411c74972766dff965b690019aa9bedced3ecd3444c3
+  metadata.gz: 6fa2173a56d00191580e642ae16cc5abc473b0c014b665a0321af317db56eb4e03fd59c68c8b4d0ee6eceb629bc4006e87c0338d3ddeea9900eb8403ae7a6f92
+  data.tar.gz: 6273da0c23fdb06eeca7fe8be3613958b8ea5884e46a4e5ec2f61d4cbf6d49f40233dd242c500e43aead55b8e3f98f4fb7093a22dd1ae317dbe47370d17d94ec

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.103.0 (2025-11-19)
+------------------
+
+* Feature - Amazon GuardDuty Malware Protection now supports AWS Backup, extending malware detection capabilities to EC2, EBS, and S3 backups.
+
 1.102.0 (2025-11-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.102.0
+1.103.0

data/lib/aws-sdk-backup/client.rb

@@ -613,6 +613,12 @@ module Aws::Backup
     #               resource_types: ["ResourceType"],
     #             },
     #           ],
+    #           scan_actions: [
+    #             {
+    #               malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #               scan_mode: "FULL_SCAN", # accepts FULL_SCAN, INCREMENTAL_SCAN
+    #             },
+    #           ],
     #         },
     #       ],
     #       advanced_backup_settings: [
@@ -623,6 +629,13 @@ module Aws::Backup
     #           },
     #         },
     #       ],
+    #       scan_settings: [
+    #         {
+    #           malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #           resource_types: ["ResourceType"],
+    #           scanner_role_arn: "IAMRoleArn",
+    #         },
+    #       ],
     #     },
     #     backup_plan_tags: {
     #       "TagKey" => "TagValue",
@@ -1076,7 +1089,8 @@ module Aws::Backup
     #   a report template. The report templates are:
     #
     #   `RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT |
-    #   BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT`
+    #   BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT |
+    #   SCAN_JOB_REPORT `
     #
     #   If the report template is `RESOURCE_COMPLIANCE_REPORT` or
     #   `CONTROL_COMPLIANCE_REPORT`, this API resource also describes the
@@ -2193,6 +2207,7 @@ module Aws::Backup
     #   * {Types::DescribeRecoveryPointOutput#index_status #index_status} => String
     #   * {Types::DescribeRecoveryPointOutput#index_status_message #index_status_message} => String
     #   * {Types::DescribeRecoveryPointOutput#encryption_key_type #encryption_key_type} => String
+    #   * {Types::DescribeRecoveryPointOutput#scan_results #scan_results} => Array<Types::ScanResult>
     #
     # @example Request syntax with placeholder values
     #
@@ -2243,6 +2258,12 @@ module Aws::Backup
     #   resp.index_status #=> String, one of "PENDING", "ACTIVE", "FAILED", "DELETING"
     #   resp.index_status_message #=> String
     #   resp.encryption_key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KMS_KEY"
+    #   resp.scan_results #=> Array
+    #   resp.scan_results[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_results[0].scan_job_state #=> String, one of "COMPLETED", "COMPLETED_WITH_ISSUES", "FAILED", "CANCELED"
+    #   resp.scan_results[0].last_scan_timestamp #=> Time
+    #   resp.scan_results[0].findings #=> Array
+    #   resp.scan_results[0].findings[0] #=> String, one of "MALWARE"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeRecoveryPoint AWS API Documentation
     #
@@ -2442,6 +2463,75 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Returns scan job details for the specified ScanJobID.
+    #
+    # @option params [required, String] :scan_job_id
+    #   Uniquely identifies a request to Backup to scan a resource.
+    #
+    # @return [Types::DescribeScanJobOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeScanJobOutput#account_id #account_id} => String
+    #   * {Types::DescribeScanJobOutput#backup_vault_arn #backup_vault_arn} => String
+    #   * {Types::DescribeScanJobOutput#backup_vault_name #backup_vault_name} => String
+    #   * {Types::DescribeScanJobOutput#completion_date #completion_date} => Time
+    #   * {Types::DescribeScanJobOutput#created_by #created_by} => Types::ScanJobCreator
+    #   * {Types::DescribeScanJobOutput#creation_date #creation_date} => Time
+    #   * {Types::DescribeScanJobOutput#iam_role_arn #iam_role_arn} => String
+    #   * {Types::DescribeScanJobOutput#malware_scanner #malware_scanner} => String
+    #   * {Types::DescribeScanJobOutput#recovery_point_arn #recovery_point_arn} => String
+    #   * {Types::DescribeScanJobOutput#resource_arn #resource_arn} => String
+    #   * {Types::DescribeScanJobOutput#resource_name #resource_name} => String
+    #   * {Types::DescribeScanJobOutput#resource_type #resource_type} => String
+    #   * {Types::DescribeScanJobOutput#scan_base_recovery_point_arn #scan_base_recovery_point_arn} => String
+    #   * {Types::DescribeScanJobOutput#scan_id #scan_id} => String
+    #   * {Types::DescribeScanJobOutput#scan_job_id #scan_job_id} => String
+    #   * {Types::DescribeScanJobOutput#scan_mode #scan_mode} => String
+    #   * {Types::DescribeScanJobOutput#scan_result #scan_result} => Types::ScanResultInfo
+    #   * {Types::DescribeScanJobOutput#scanner_role_arn #scanner_role_arn} => String
+    #   * {Types::DescribeScanJobOutput#state #state} => String
+    #   * {Types::DescribeScanJobOutput#status_message #status_message} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_scan_job({
+    #     scan_job_id: "String", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account_id #=> String
+    #   resp.backup_vault_arn #=> String
+    #   resp.backup_vault_name #=> String
+    #   resp.completion_date #=> Time
+    #   resp.created_by.backup_plan_arn #=> String
+    #   resp.created_by.backup_plan_id #=> String
+    #   resp.created_by.backup_plan_version #=> String
+    #   resp.created_by.backup_rule_id #=> String
+    #   resp.creation_date #=> Time
+    #   resp.iam_role_arn #=> String
+    #   resp.malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.recovery_point_arn #=> String
+    #   resp.resource_arn #=> String
+    #   resp.resource_name #=> String
+    #   resp.resource_type #=> String, one of "EBS", "EC2", "S3"
+    #   resp.scan_base_recovery_point_arn #=> String
+    #   resp.scan_id #=> String
+    #   resp.scan_job_id #=> String
+    #   resp.scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
+    #   resp.scan_result.scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.scanner_role_arn #=> String
+    #   resp.state #=> String, one of "CANCELED", "COMPLETED", "COMPLETED_WITH_ISSUES", "CREATED", "FAILED", "RUNNING"
+    #   resp.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeScanJob AWS API Documentation
+    #
+    # @overload describe_scan_job(params = {})
+    # @param [Hash] params ({})
+    def describe_scan_job(params = {}, options = {})
+      req = build_request(:describe_scan_job, params)
+      req.send_request(options)
+    end
+
     # Removes the association between an MPA approval team and a backup
     # vault, disabling the MPA approval workflow for restore operations.
     #
@@ -2631,10 +2721,18 @@ module Aws::Backup
     #   resp.backup_plan.rules[0].index_actions #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types[0] #=> String
+    #   resp.backup_plan.rules[0].scan_actions #=> Array
+    #   resp.backup_plan.rules[0].scan_actions[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.rules[0].scan_actions[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
     #   resp.backup_plan.advanced_backup_settings #=> Array
     #   resp.backup_plan.advanced_backup_settings[0].resource_type #=> String
     #   resp.backup_plan.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.backup_plan.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.backup_plan.scan_settings #=> Array
+    #   resp.backup_plan.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.scan_settings[0].resource_types #=> Array
+    #   resp.backup_plan.scan_settings[0].resource_types[0] #=> String
+    #   resp.backup_plan.scan_settings[0].scanner_role_arn #=> String
     #   resp.backup_plan_id #=> String
     #   resp.backup_plan_arn #=> String
     #   resp.version_id #=> String
@@ -2703,10 +2801,18 @@ module Aws::Backup
     #   resp.backup_plan.rules[0].index_actions #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types #=> Array
     #   resp.backup_plan.rules[0].index_actions[0].resource_types[0] #=> String
+    #   resp.backup_plan.rules[0].scan_actions #=> Array
+    #   resp.backup_plan.rules[0].scan_actions[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.rules[0].scan_actions[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
     #   resp.backup_plan.advanced_backup_settings #=> Array
     #   resp.backup_plan.advanced_backup_settings[0].resource_type #=> String
     #   resp.backup_plan.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.backup_plan.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.backup_plan.scan_settings #=> Array
+    #   resp.backup_plan.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan.scan_settings[0].resource_types #=> Array
+    #   resp.backup_plan.scan_settings[0].resource_types[0] #=> String
+    #   resp.backup_plan.scan_settings[0].scanner_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/GetBackupPlanFromJSON AWS API Documentation
     #
@@ -2760,10 +2866,18 @@ module Aws::Backup
     #   resp.backup_plan_document.rules[0].index_actions #=> Array
     #   resp.backup_plan_document.rules[0].index_actions[0].resource_types #=> Array
     #   resp.backup_plan_document.rules[0].index_actions[0].resource_types[0] #=> String
+    #   resp.backup_plan_document.rules[0].scan_actions #=> Array
+    #   resp.backup_plan_document.rules[0].scan_actions[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan_document.rules[0].scan_actions[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
     #   resp.backup_plan_document.advanced_backup_settings #=> Array
     #   resp.backup_plan_document.advanced_backup_settings[0].resource_type #=> String
     #   resp.backup_plan_document.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.backup_plan_document.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.backup_plan_document.scan_settings #=> Array
+    #   resp.backup_plan_document.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.backup_plan_document.scan_settings[0].resource_types #=> Array
+    #   resp.backup_plan_document.scan_settings[0].resource_types[0] #=> String
+    #   resp.backup_plan_document.scan_settings[0].scanner_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/GetBackupPlanFromTemplate AWS API Documentation
     #
@@ -4630,6 +4744,10 @@ module Aws::Backup
     #   resp.recovery_points[0].index_status #=> String, one of "PENDING", "ACTIVE", "FAILED", "DELETING"
     #   resp.recovery_points[0].index_status_message #=> String
     #   resp.recovery_points[0].encryption_key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KMS_KEY"
+    #   resp.recovery_points[0].aggregated_scan_result.failed_scan #=> Boolean
+    #   resp.recovery_points[0].aggregated_scan_result.findings #=> Array
+    #   resp.recovery_points[0].aggregated_scan_result.findings[0] #=> String, one of "MALWARE"
+    #   resp.recovery_points[0].aggregated_scan_result.last_computed #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListRecoveryPointsByBackupVault AWS API Documentation
     #
@@ -4758,6 +4876,10 @@ module Aws::Backup
     #   resp.recovery_points[0].index_status #=> String, one of "PENDING", "ACTIVE", "FAILED", "DELETING"
     #   resp.recovery_points[0].index_status_message #=> String
     #   resp.recovery_points[0].encryption_key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KMS_KEY"
+    #   resp.recovery_points[0].aggregated_scan_result.failed_scan #=> Boolean
+    #   resp.recovery_points[0].aggregated_scan_result.findings #=> Array
+    #   resp.recovery_points[0].aggregated_scan_result.findings[0] #=> String, one of "MALWARE"
+    #   resp.recovery_points[0].aggregated_scan_result.last_computed #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListRecoveryPointsByResource AWS API Documentation
     #
@@ -4789,7 +4911,11 @@ module Aws::Backup
     #   Returns only report jobs that are in the specified status. The
     #   statuses are:
     #
-    #   `CREATED | RUNNING | COMPLETED | FAILED`
+    #   `CREATED | RUNNING | COMPLETED | FAILED | COMPLETED_WITH_ISSUES`
+    #
+    #   Please note that only scanning jobs finish with state completed with
+    #   issues. For backup jobs this is a console interpretation of a job that
+    #   finishes in completed state and has a status message.
     #
     # @option params [Integer] :max_results
     #   The number of desired results from 1 to 1000. Optional. If
@@ -5384,6 +5510,242 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # This is a request for a summary of scan jobs created or running within
+    # the most recent 30 days.
+    #
+    # @option params [String] :account_id
+    #   Returns the job count for the specified account.
+    #
+    #   If the request is sent from a member account or an account not part of
+    #   Amazon Web Services Organizations, jobs within requestor's account
+    #   will be returned.
+    #
+    #   Root, admin, and delegated administrator accounts can use the value
+    #   `ANY` to return job counts from every account in the organization.
+    #
+    #   `AGGREGATE_ALL` aggregates job counts from all accounts within the
+    #   authenticated organization, then returns the sum.
+    #
+    # @option params [String] :resource_type
+    #   Returns the job count for the specified resource type. Use request
+    #   `GetSupportedResourceTypes` to obtain strings for supported resource
+    #   types.
+    #
+    #   The the value `ANY` returns count of all resource types.
+    #
+    #   `AGGREGATE_ALL` aggregates job counts for all resource types and
+    #   returns the sum.
+    #
+    # @option params [String] :malware_scanner
+    #   Returns only the scan jobs for the specified malware scanner.
+    #   Currently the only MalwareScanner is `GUARDDUTY`. But the field also
+    #   supports `ANY`, and `AGGREGATE_ALL`.
+    #
+    # @option params [String] :scan_result_status
+    #   Returns only the scan jobs for the specified scan results.
+    #
+    # @option params [String] :state
+    #   Returns only the scan jobs for the specified scanning job state.
+    #
+    # @option params [String] :aggregation_period
+    #   The period for the returned results.
+    #
+    #   * `ONE_DAY`The daily job count for the prior 1 day.
+    #
+    #   * `SEVEN_DAYS`The daily job count for the prior 7 days.
+    #
+    #   * `FOURTEEN_DAYS`The daily job count for the prior 14 days.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of items to be returned.
+    #
+    #   The value is an integer. Range of accepted values is from 1 to 500.
+    #
+    # @option params [String] :next_token
+    #   The next item following a partial list of returned items. For example,
+    #   if a request is made to return `MaxResults` number of items,
+    #   `NextToken` allows you to return more items in your list starting at
+    #   the location pointed to by the next token.
+    #
+    # @return [Types::ListScanJobSummariesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListScanJobSummariesOutput#scan_job_summaries #scan_job_summaries} => Array<Types::ScanJobSummary>
+    #   * {Types::ListScanJobSummariesOutput#aggregation_period #aggregation_period} => String
+    #   * {Types::ListScanJobSummariesOutput#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_scan_job_summaries({
+    #     account_id: "AccountId",
+    #     resource_type: "ResourceType",
+    #     malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #     scan_result_status: "NO_THREATS_FOUND", # accepts NO_THREATS_FOUND, THREATS_FOUND
+    #     state: "CREATED", # accepts CREATED, COMPLETED, COMPLETED_WITH_ISSUES, RUNNING, FAILED, CANCELED, AGGREGATE_ALL, ANY
+    #     aggregation_period: "ONE_DAY", # accepts ONE_DAY, SEVEN_DAYS, FOURTEEN_DAYS
+    #     max_results: 1,
+    #     next_token: "string",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scan_job_summaries #=> Array
+    #   resp.scan_job_summaries[0].region #=> String
+    #   resp.scan_job_summaries[0].account_id #=> String
+    #   resp.scan_job_summaries[0].state #=> String, one of "CREATED", "COMPLETED", "COMPLETED_WITH_ISSUES", "RUNNING", "FAILED", "CANCELED", "AGGREGATE_ALL", "ANY"
+    #   resp.scan_job_summaries[0].resource_type #=> String
+    #   resp.scan_job_summaries[0].count #=> Integer
+    #   resp.scan_job_summaries[0].start_time #=> Time
+    #   resp.scan_job_summaries[0].end_time #=> Time
+    #   resp.scan_job_summaries[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_job_summaries[0].scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.aggregation_period #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListScanJobSummaries AWS API Documentation
+    #
+    # @overload list_scan_job_summaries(params = {})
+    # @param [Hash] params ({})
+    def list_scan_job_summaries(params = {}, options = {})
+      req = build_request(:list_scan_job_summaries, params)
+      req.send_request(options)
+    end
+
+    # Returns a list of existing scan jobs for an authenticated account for
+    # the last 30 days.
+    #
+    # @option params [String] :by_account_id
+    #   The account ID to list the jobs from. Returns only backup jobs
+    #   associated with the specified account ID.
+    #
+    #   If used from an Amazon Web Services Organizations management account,
+    #   passing `*` returns all jobs across the organization.
+    #
+    #   Pattern: `^[0-9]{12}$`
+    #
+    # @option params [String] :by_backup_vault_name
+    #   Returns only scan jobs that will be stored in the specified backup
+    #   vault. Backup vaults are identified by names that are unique to the
+    #   account used to create them and the Amazon Web Services Region where
+    #   they are created.
+    #
+    #   Pattern: `^[a-zA-Z0-9\-\_\.]{2,50}$`
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :by_complete_after
+    #   Returns only scan jobs completed after a date expressed in Unix format
+    #   and Coordinated Universal Time (UTC).
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :by_complete_before
+    #   Returns only backup jobs completed before a date expressed in Unix
+    #   format and Coordinated Universal Time (UTC).
+    #
+    # @option params [String] :by_malware_scanner
+    #   Returns only the scan jobs for the specified malware scanner.
+    #   Currently only supports `GUARDDUTY`.
+    #
+    # @option params [String] :by_recovery_point_arn
+    #   Returns only the scan jobs that are ran against the specified recovery
+    #   point.
+    #
+    # @option params [String] :by_resource_arn
+    #   Returns only scan jobs that match the specified resource Amazon
+    #   Resource Name (ARN).
+    #
+    # @option params [String] :by_resource_type
+    #   Returns restore testing selections by the specified restore testing
+    #   plan name.
+    #
+    #   * `EBS`for Amazon Elastic Block Store
+    #
+    #   * `EC2`for Amazon Elastic Compute Cloud
+    #
+    #   * `S3`for Amazon Simple Storage Service (Amazon S3)
+    #
+    #   Pattern: `^[a-zA-Z0-9\-\_\.]{1,50}$`
+    #
+    # @option params [String] :by_scan_result_status
+    #   Returns only the scan jobs for the specified scan results:
+    #
+    #   * `THREATS_FOUND`
+    #
+    #   * `NO_THREATS_FOUND`
+    #
+    # @option params [String] :by_state
+    #   Returns only the scan jobs for the specified scanning job state.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of items to be returned.
+    #
+    #   Valid Range: Minimum value of 1. Maximum value of 1000.
+    #
+    # @option params [String] :next_token
+    #   The next item following a partial list of returned items. For example,
+    #   if a request is made to return `MaxResults` number of items,
+    #   `NextToken` allows you to return more items in your list starting at
+    #   the location pointed to by the next token.
+    #
+    # @return [Types::ListScanJobsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListScanJobsOutput#next_token #next_token} => String
+    #   * {Types::ListScanJobsOutput#scan_jobs #scan_jobs} => Array<Types::ScanJob>
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_scan_jobs({
+    #     by_account_id: "String",
+    #     by_backup_vault_name: "String",
+    #     by_complete_after: Time.now,
+    #     by_complete_before: Time.now,
+    #     by_malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #     by_recovery_point_arn: "String",
+    #     by_resource_arn: "String",
+    #     by_resource_type: "EBS", # accepts EBS, EC2, S3
+    #     by_scan_result_status: "NO_THREATS_FOUND", # accepts NO_THREATS_FOUND, THREATS_FOUND
+    #     by_state: "CANCELED", # accepts CANCELED, COMPLETED, COMPLETED_WITH_ISSUES, CREATED, FAILED, RUNNING
+    #     max_results: 1,
+    #     next_token: "String",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.scan_jobs #=> Array
+    #   resp.scan_jobs[0].account_id #=> String
+    #   resp.scan_jobs[0].backup_vault_arn #=> String
+    #   resp.scan_jobs[0].backup_vault_name #=> String
+    #   resp.scan_jobs[0].completion_date #=> Time
+    #   resp.scan_jobs[0].created_by.backup_plan_arn #=> String
+    #   resp.scan_jobs[0].created_by.backup_plan_id #=> String
+    #   resp.scan_jobs[0].created_by.backup_plan_version #=> String
+    #   resp.scan_jobs[0].created_by.backup_rule_id #=> String
+    #   resp.scan_jobs[0].creation_date #=> Time
+    #   resp.scan_jobs[0].iam_role_arn #=> String
+    #   resp.scan_jobs[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_jobs[0].recovery_point_arn #=> String
+    #   resp.scan_jobs[0].resource_arn #=> String
+    #   resp.scan_jobs[0].resource_name #=> String
+    #   resp.scan_jobs[0].resource_type #=> String, one of "EBS", "EC2", "S3"
+    #   resp.scan_jobs[0].scan_base_recovery_point_arn #=> String
+    #   resp.scan_jobs[0].scan_id #=> String
+    #   resp.scan_jobs[0].scan_job_id #=> String
+    #   resp.scan_jobs[0].scan_mode #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
+    #   resp.scan_jobs[0].scan_result.scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.scan_jobs[0].scanner_role_arn #=> String
+    #   resp.scan_jobs[0].state #=> String, one of "CANCELED", "COMPLETED", "COMPLETED_WITH_ISSUES", "CREATED", "FAILED", "RUNNING"
+    #   resp.scan_jobs[0].status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListScanJobs AWS API Documentation
+    #
+    # @overload list_scan_jobs(params = {})
+    # @param [Hash] params ({})
+    def list_scan_jobs(params = {}, options = {})
+      req = build_request(:list_scan_jobs, params)
+      req.send_request(options)
+    end
+
     # Returns the tags assigned to the resource, such as a target recovery
     # point, backup plan, or backup vault.
     #
@@ -6189,6 +6551,84 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Starts scanning jobs for specific resources.
+    #
+    # @option params [required, String] :backup_vault_name
+    #   The name of a logical container where backups are stored. Backup
+    #   vaults are identified by names that are unique to the account used to
+    #   create them and the Amazon Web Services Region where they are created.
+    #
+    #   Pattern: `^[a-zA-Z0-9\-\_]{2,50}$`
+    #
+    # @option params [required, String] :iam_role_arn
+    #   Specifies the IAM role ARN used to create the target recovery point;
+    #   for example, `arn:aws:iam::123456789012:role/S3Access`.
+    #
+    # @option params [String] :idempotency_token
+    #   A customer-chosen string that you can use to distinguish between
+    #   otherwise identical calls to `StartScanJob`. Retrying a successful
+    #   request with the same idempotency token results in a success message
+    #   with no action taken.
+    #
+    # @option params [required, String] :malware_scanner
+    #   Specifies the malware scanner used during the scan job. Currently only
+    #   supports `GUARDDUTY`.
+    #
+    # @option params [required, String] :recovery_point_arn
+    #   An Amazon Resource Name (ARN) that uniquely identifies a recovery
+    #   point. This is your target recovery point for a full scan. If you are
+    #   running an incremental scan, this will be your a recovery point which
+    #   has been created after your base recovery point selection.
+    #
+    # @option params [String] :scan_base_recovery_point_arn
+    #   An ARN that uniquely identifies the base recovery point to be used for
+    #   incremental scanning.
+    #
+    # @option params [required, String] :scan_mode
+    #   Specifies the scan type use for the scan job.
+    #
+    #   Includes:
+    #
+    #   * `FULL_SCAN` will scan the entire data lineage within the backup.
+    #
+    #   * `INCREMENTAL_SCAN` will scan the data difference between the target
+    #     recovery point and base recovery point ARN.
+    #
+    # @option params [required, String] :scanner_role_arn
+    #   Specified the IAM scanner role ARN.
+    #
+    # @return [Types::StartScanJobOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartScanJobOutput#creation_date #creation_date} => Time
+    #   * {Types::StartScanJobOutput#scan_job_id #scan_job_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_scan_job({
+    #     backup_vault_name: "String", # required
+    #     iam_role_arn: "String", # required
+    #     idempotency_token: "String",
+    #     malware_scanner: "GUARDDUTY", # required, accepts GUARDDUTY
+    #     recovery_point_arn: "String", # required
+    #     scan_base_recovery_point_arn: "String",
+    #     scan_mode: "FULL_SCAN", # required, accepts FULL_SCAN, INCREMENTAL_SCAN
+    #     scanner_role_arn: "String", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.creation_date #=> Time
+    #   resp.scan_job_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/StartScanJob AWS API Documentation
+    #
+    # @overload start_scan_job(params = {})
+    # @param [Hash] params ({})
+    def start_scan_job(params = {}, options = {})
+      req = build_request(:start_scan_job, params)
+      req.send_request(options)
+    end
+
     # Attempts to cancel a job to create a one-time backup of a resource.
     #
     # This action is not supported for the following services:
@@ -6316,6 +6756,7 @@ module Aws::Backup
     #   * {Types::UpdateBackupPlanOutput#creation_date #creation_date} => Time
     #   * {Types::UpdateBackupPlanOutput#version_id #version_id} => String
     #   * {Types::UpdateBackupPlanOutput#advanced_backup_settings #advanced_backup_settings} => Array<Types::AdvancedBackupSetting>
+    #   * {Types::UpdateBackupPlanOutput#scan_settings #scan_settings} => Array<Types::ScanSetting>
     #
     # @example Request syntax with placeholder values
     #
@@ -6358,6 +6799,12 @@ module Aws::Backup
     #               resource_types: ["ResourceType"],
     #             },
     #           ],
+    #           scan_actions: [
+    #             {
+    #               malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #               scan_mode: "FULL_SCAN", # accepts FULL_SCAN, INCREMENTAL_SCAN
+    #             },
+    #           ],
     #         },
     #       ],
     #       advanced_backup_settings: [
@@ -6368,6 +6815,13 @@ module Aws::Backup
     #           },
     #         },
     #       ],
+    #       scan_settings: [
+    #         {
+    #           malware_scanner: "GUARDDUTY", # accepts GUARDDUTY
+    #           resource_types: ["ResourceType"],
+    #           scanner_role_arn: "IAMRoleArn",
+    #         },
+    #       ],
     #     },
     #   })
     #
@@ -6381,6 +6835,11 @@ module Aws::Backup
     #   resp.advanced_backup_settings[0].resource_type #=> String
     #   resp.advanced_backup_settings[0].backup_options #=> Hash
     #   resp.advanced_backup_settings[0].backup_options["BackupOptionKey"] #=> String
+    #   resp.scan_settings #=> Array
+    #   resp.scan_settings[0].malware_scanner #=> String, one of "GUARDDUTY"
+    #   resp.scan_settings[0].resource_types #=> Array
+    #   resp.scan_settings[0].resource_types[0] #=> String
+    #   resp.scan_settings[0].scanner_role_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/UpdateBackupPlan AWS API Documentation
     #
@@ -6991,7 +7450,7 @@ module Aws::Backup
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-backup'
-      context[:gem_version] = '1.102.0'
+      context[:gem_version] = '1.103.0'
       Seahorse::Client::Request.new(handlers, context)
     end