aws-sdk-detective 1.23.0 → 1.27.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a333bc4db705d7332fa5965fade61e7d56c3dd1386de4691ea192d034a8cab2
-  data.tar.gz: 05f23dec4cdce2172e1ccc46e92961e7ea46220ecb0676b9271599db56858189
+  metadata.gz: f9248be41f2590f45c67026bd4ed23644ad9c14d3b16210d4a1bdeca0d8926fb
+  data.tar.gz: e131451b9e997f8ae20a02c9aed4c6ac73aff6896f0de037528b4338ef38d42d
 SHA512:
-  metadata.gz: 5954e7d4cf186b5e391e678903bd0e730da0514c718065d6c7708c3287b79a4866efd0730ead848eb6841a73c3f2c85fa25bf68e34f9aa21b97d2be76586d07b
-  data.tar.gz: fb474032dd3cdf3b35ef4ca34c012cb40fb9fb3f2d37ea4ff3bf04d9baa053fac1c214806cb99d8185077e3c992338357092b7be8298caa3cfb26897746696b8
+  metadata.gz: f65b5fc7b4ff40bf71668e65db55913dba6484643428808c6f5f765c09dfb9de32362af3436e2dac2e867938d162bcdcb2b3f1ddef126c7792c769dc330a329e
+  data.tar.gz: 66ec617198d32c278debf82f9dfb70f5bcb23ac450a4fd4f7b8eb71c19495a72a51744dfd7efa7cef419e46877813abf1e1d1472fbe61f3391d7c944776f245c

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.27.0 (2022-02-03)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.26.0 (2022-01-03)
+------------------
+
+* Feature - Added and updated API operations to support the Detective integration with AWS Organizations. New actions are used to manage the delegated administrator account and the integration configuration.
+
+1.25.0 (2021-12-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.24.0 (2021-11-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.23.0 (2021-11-04)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.23.0
+1.27.0

data/lib/aws-sdk-detective/client.rb

@@ -27,6 +27,8 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
@@ -73,6 +75,8 @@ module Aws::Detective
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::RestJson)
 
@@ -119,7 +123,9 @@ module Aws::Detective
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -173,6 +179,10 @@ module Aws::Detective
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -295,7 +305,7 @@ module Aws::Detective
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -311,6 +321,9 @@ module Aws::Detective
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -421,47 +434,62 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Sends a request to invite the specified AWS accounts to be member
-    # accounts in the behavior graph. This operation can only be called by
-    # the administrator account for a behavior graph.
+    # `CreateMembers` is used to send invitations to accounts. For the
+    # organization behavior graph, the Detective administrator account uses
+    # `CreateMembers` to enable organization accounts as member accounts.
+    #
+    # For invited accounts, `CreateMembers` sends a request to invite the
+    # specified Amazon Web Services accounts to be member accounts in the
+    # behavior graph. This operation can only be called by the administrator
+    # account for a behavior graph.
     #
     # `CreateMembers` verifies the accounts and then invites the verified
     # accounts. The administrator can optionally specify to not send
     # invitation emails to the member accounts. This would be used when the
     # administrator manages their member accounts centrally.
     #
+    # For organization accounts in the organization behavior graph,
+    # `CreateMembers` attempts to enable the accounts. The organization
+    # accounts do not receive invitations.
+    #
     # The request provides the behavior graph ARN and the list of accounts
-    # to invite.
+    # to invite or to enable.
     #
     # The response separates the requested accounts into two lists:
     #
-    # * The accounts that `CreateMembers` was able to start the verification
-    #   for. This list includes member accounts that are being verified,
-    #   that have passed verification and are to be invited, and that have
-    #   failed verification.
+    # * The accounts that `CreateMembers` was able to process. For invited
+    #   accounts, includes member accounts that are being verified, that
+    #   have passed verification and are to be invited, and that have failed
+    #   verification. For organization accounts in the organization behavior
+    #   graph, includes accounts that can be enabled and that cannot be
+    #   enabled.
     #
     # * The accounts that `CreateMembers` was unable to process. This list
     #   includes accounts that were already invited to be member accounts in
     #   the behavior graph.
     #
     # @option params [required, String] :graph_arn
-    #   The ARN of the behavior graph to invite the member accounts to
-    #   contribute their data to.
+    #   The ARN of the behavior graph.
     #
     # @option params [String] :message
     #   Customized message text to include in the invitation email message to
     #   the invited member accounts.
     #
     # @option params [Boolean] :disable_email_notification
-    #   if set to `true`, then the member accounts do not receive email
-    #   notifications. By default, this is set to `false`, and the member
+    #   if set to `true`, then the invited accounts do not receive email
+    #   notifications. By default, this is set to `false`, and the invited
     #   accounts receive email notifications.
     #
+    #   Organization accounts in the organization behavior graph do not
+    #   receive email notifications.
+    #
     # @option params [required, Array<Types::Account>] :accounts
-    #   The list of AWS accounts to invite to become member accounts in the
-    #   behavior graph. You can invite up to 50 accounts at a time. For each
-    #   invited account, the account list contains the account identifier and
-    #   the AWS account root user email address.
+    #   The list of Amazon Web Services accounts to invite or to enable. You
+    #   can invite or enable up to 50 accounts at a time. For each invited
+    #   account, the account list contains the account identifier and the
+    #   Amazon Web Services account root user email address. For organization
+    #   accounts in the organization behavior graph, the email address is not
+    #   required.
     #
     # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -498,6 +526,7 @@ module Aws::Detective
     #   resp.members[0].volume_usage_updated_time #=> Time
     #   resp.members[0].percent_of_graph_utilization #=> Float
     #   resp.members[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.members[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.unprocessed_accounts #=> Array
     #   resp.unprocessed_accounts[0].account_id #=> String
     #   resp.unprocessed_accounts[0].reason #=> String
@@ -512,8 +541,8 @@ module Aws::Detective
     end
 
     # Disables the specified behavior graph and queues it to be deleted.
-    # This operation removes the graph from each member account's list of
-    # behavior graphs.
+    # This operation removes the behavior graph from each member account's
+    # list of behavior graphs.
     #
     # `DeleteGraph` can only be called by the administrator account for a
     # behavior graph.
@@ -538,20 +567,32 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Deletes one or more member accounts from the administrator account's
-    # behavior graph. This operation can only be called by a Detective
-    # administrator account. That account cannot use `DeleteMembers` to
-    # delete their own account from the behavior graph. To disable a
-    # behavior graph, the administrator account uses the `DeleteGraph` API
-    # method.
+    # Removes the specified member accounts from the behavior graph. The
+    # removed accounts no longer contribute data to the behavior graph. This
+    # operation can only be called by the administrator account for the
+    # behavior graph.
+    #
+    # For invited accounts, the removed accounts are deleted from the list
+    # of accounts in the behavior graph. To restore the account, the
+    # administrator account must send another invitation.
+    #
+    # For organization accounts in the organization behavior graph, the
+    # Detective administrator account can always enable the organization
+    # account again. Organization accounts that are not enabled as member
+    # accounts are not included in the `ListMembers` results for the
+    # organization behavior graph.
+    #
+    # An administrator account cannot use `DeleteMembers` to remove their
+    # own account from the behavior graph. To disable a behavior graph, the
+    # administrator account uses the `DeleteGraph` API method.
     #
     # @option params [required, String] :graph_arn
-    #   The ARN of the behavior graph to delete members from.
+    #   The ARN of the behavior graph to remove members from.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of AWS account identifiers for the member accounts to delete
-    #   from the behavior graph. You can delete up to 50 member accounts at a
-    #   time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   accounts to remove from the behavior graph. You can remove up to 50
+    #   member accounts at a time.
     #
     # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -582,10 +623,66 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns information about the configuration for the organization
+    # behavior graph. Currently indicates whether to automatically enable
+    # new organization accounts as member accounts.
+    #
+    # Can only be called by the Detective administrator account for the
+    # organization.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the organization behavior graph.
+    #
+    # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_organization_configuration({
+    #     graph_arn: "GraphArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.auto_enable #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
+    #
+    # @overload describe_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_organization_configuration(params = {}, options = {})
+      req = build_request(:describe_organization_configuration, params)
+      req.send_request(options)
+    end
+
+    # Removes the Detective administrator account for the organization in
+    # the current Region. Deletes the behavior graph for that account.
+    #
+    # Can only be called by the organization management account. Before you
+    # can select a different Detective administrator account, you must
+    # remove the Detective administrator account in all Regions.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload disable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def disable_organization_admin_account(params = {}, options = {})
+      req = build_request(:disable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Removes the member account from the specified behavior graph. This
-    # operation can only be called by a member account that has the
+    # operation can only be called by an invited member account that has the
     # `ENABLED` status.
     #
+    # `DisassociateMembership` cannot be called by an organization account
+    # in the organization behavior graph. For the organization behavior
+    # graph, the Detective administrator account determines which
+    # organization accounts to enable or disable as member accounts.
+    #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph to remove the member account from.
     #
@@ -609,6 +706,40 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Designates the Detective administrator account for the organization in
+    # the current Region.
+    #
+    # If the account does not have Detective enabled, then enables Detective
+    # for that account and creates a new behavior graph.
+    #
+    # Can only be called by the organization management account.
+    #
+    # The Detective administrator account for an organization must be the
+    # same in all Regions. If you already designated a Detective
+    # administrator account in another Region, then you must designate the
+    # same account.
+    #
+    # @option params [required, String] :account_id
+    #   The Amazon Web Services account identifier of the account to designate
+    #   as the Detective administrator account for the organization.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_organization_admin_account({
+    #     account_id: "AccountId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload enable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def enable_organization_admin_account(params = {}, options = {})
+      req = build_request(:enable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Returns the membership details for specified member accounts for a
     # behavior graph.
     #
@@ -616,9 +747,9 @@ module Aws::Detective
     #   The ARN of the behavior graph for which to request the member details.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of AWS account identifiers for the member account for which
-    #   to return member details. You can request details for up to 50 member
-    #   accounts at a time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   account for which to return member details. You can request details
+    #   for up to 50 member accounts at a time.
     #
     #   You cannot use `GetMembers` to retrieve information about member
     #   accounts that were removed from the behavior graph.
@@ -651,6 +782,7 @@ module Aws::Detective
     #   resp.member_details[0].volume_usage_updated_time #=> Time
     #   resp.member_details[0].percent_of_graph_utilization #=> Float
     #   resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.unprocessed_accounts #=> Array
     #   resp.unprocessed_accounts[0].account_id #=> String
     #   resp.unprocessed_accounts[0].reason #=> String
@@ -713,8 +845,8 @@ module Aws::Detective
     end
 
     # Retrieves the list of open and accepted behavior graph invitations for
-    # the member account. This operation can only be called by a member
-    # account.
+    # the member account. This operation can only be called by an invited
+    # member account.
     #
     # Open invitations are invitations that the member account has not
     # responded to.
@@ -764,6 +896,7 @@ module Aws::Detective
     #   resp.invitations[0].volume_usage_updated_time #=> Time
     #   resp.invitations[0].percent_of_graph_utilization #=> Float
     #   resp.invitations[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.invitations[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvitations AWS API Documentation
@@ -775,8 +908,14 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Retrieves the list of member accounts for a behavior graph. Does not
-    # return member accounts that were removed from the behavior graph.
+    # Retrieves the list of member accounts for a behavior graph.
+    #
+    # For invited accounts, the results do not include member accounts that
+    # were removed from the behavior graph.
+    #
+    # For the organization behavior graph, the results do not include
+    # organization accounts that the Detective administrator account has not
+    # enabled as member accounts.
     #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph for which to retrieve the list of member
@@ -823,6 +962,7 @@ module Aws::Detective
     #   resp.member_details[0].volume_usage_updated_time #=> Time
     #   resp.member_details[0].percent_of_graph_utilization #=> Float
     #   resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListMembers AWS API Documentation
@@ -834,6 +974,49 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns information about the Detective administrator account for an
+    # organization. Can only be called by the organization management
+    # account.
+    #
+    # @option params [String] :next_token
+    #   For requests to get the next page of results, the pagination token
+    #   that was returned with the previous set of results. The initial
+    #   request does not include a pagination token.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return.
+    #
+    # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListOrganizationAdminAccountsResponse#administrators #administrators} => Array&lt;Types::Administrator&gt;
+    #   * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_organization_admin_accounts({
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.administrators #=> Array
+    #   resp.administrators[0].account_id #=> String
+    #   resp.administrators[0].graph_arn #=> String
+    #   resp.administrators[0].delegation_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
+    #
+    # @overload list_organization_admin_accounts(params = {})
+    # @param [Hash] params ({})
+    def list_organization_admin_accounts(params = {}, options = {})
+      req = build_request(:list_organization_admin_accounts, params)
+      req.send_request(options)
+    end
+
     # Returns the tag values that are assigned to a behavior graph.
     #
     # @option params [required, String] :resource_arn
@@ -864,8 +1047,12 @@ module Aws::Detective
     end
 
     # Rejects an invitation to contribute the account data to a behavior
-    # graph. This operation must be called by a member account that has the
-    # `INVITED` status.
+    # graph. This operation must be called by an invited member account that
+    # has the `INVITED` status.
+    #
+    # `RejectInvitation` cannot be called by an organization account in the
+    # organization behavior graph. In the organization behavior graph,
+    # organization accounts do not receive an invitation.
     #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph to reject the invitation to.
@@ -986,6 +1173,35 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Updates the configuration for the Organizations integration in the
+    # current Region. Can only be called by the Detective administrator
+    # account for the organization.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the organization behavior graph.
+    #
+    # @option params [Boolean] :auto_enable
+    #   Indicates whether to automatically enable new organization accounts as
+    #   member accounts in the organization behavior graph.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_organization_configuration({
+    #     graph_arn: "GraphArn", # required
+    #     auto_enable: false,
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
+    #
+    # @overload update_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_organization_configuration(params = {}, options = {})
+      req = build_request(:update_organization_configuration, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -999,7 +1215,7 @@ module Aws::Detective
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-detective'
-      context[:gem_version] = '1.23.0'
+      context[:gem_version] = '1.27.0'
       Seahorse::Client::Request.new(handlers, context)
     end