aws-sdk-detective 1.24.0 → 1.41.0

data/lib/aws-sdk-detective/client.rb

@@ -27,7 +27,11 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
+require 'aws-sdk-core/plugins/request_compression.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
+require 'aws-sdk-core/plugins/recursion_detection.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:detective)
@@ -73,8 +77,13 @@ module Aws::Detective
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
+    add_plugin(Aws::Plugins::RequestCompression)
+    add_plugin(Aws::Plugins::DefaultsMode)
+    add_plugin(Aws::Plugins::RecursionDetection)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::RestJson)
+    add_plugin(Aws::Detective::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -175,10 +184,18 @@ module Aws::Detective
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
     #
+    #   @option options [Boolean] :disable_request_compression (false)
+    #     When set to 'true' the request body will not be compressed
+    #     for supported operations.
+    #
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
@@ -199,6 +216,10 @@ module Aws::Detective
     #   @option options [Boolean] :endpoint_discovery (false)
     #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
+    #   @option options [Boolean] :ignore_configured_endpoint_urls
+    #     Setting to true disables use of endpoint URLs provided via environment
+    #     variables and the shared configuration file.
+    #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
     #
@@ -219,6 +240,11 @@ module Aws::Detective
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [Integer] :request_min_compression_size_bytes (10240)
+    #     The minimum size in bytes that triggers compression for request
+    #     bodies. The value must be non-negative integer value between 0
+    #     and 10485780 bytes inclusive.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -264,6 +290,11 @@ module Aws::Detective
     #       in the future.
     #
     #
+    #   @option options [String] :sdk_ua_app_id
+    #     A unique and opaque application ID that is appended to the
+    #     User-Agent header as app/<sdk_ua_app_id>. It should have a
+    #     maximum length of 50.
+    #
     #   @option options [String] :secret_access_key
     #
     #   @option options [String] :session_token
@@ -277,6 +308,19 @@ module Aws::Detective
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -290,6 +334,9 @@ module Aws::Detective
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::Detective::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::Detective::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -297,7 +344,7 @@ module Aws::Detective
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -313,6 +360,9 @@ module Aws::Detective
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -369,6 +419,85 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Gets data source package information for the behavior graph.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [required, Array<String>] :account_ids
+    #   The list of Amazon Web Services accounts to get data source package
+    #   information on.
+    #
+    # @return [Types::BatchGetGraphMemberDatasourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetGraphMemberDatasourcesResponse#member_datasources #member_datasources} => Array&lt;Types::MembershipDatasources&gt;
+    #   * {Types::BatchGetGraphMemberDatasourcesResponse#unprocessed_accounts #unprocessed_accounts} => Array&lt;Types::UnprocessedAccount&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_graph_member_datasources({
+    #     graph_arn: "GraphArn", # required
+    #     account_ids: ["AccountId"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.member_datasources #=> Array
+    #   resp.member_datasources[0].account_id #=> String
+    #   resp.member_datasources[0].graph_arn #=> String
+    #   resp.member_datasources[0].datasource_package_ingest_history #=> Hash
+    #   resp.member_datasources[0].datasource_package_ingest_history["DatasourcePackage"] #=> Hash
+    #   resp.member_datasources[0].datasource_package_ingest_history["DatasourcePackage"]["DatasourcePackageIngestState"].timestamp #=> Time
+    #   resp.unprocessed_accounts #=> Array
+    #   resp.unprocessed_accounts[0].account_id #=> String
+    #   resp.unprocessed_accounts[0].reason #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/BatchGetGraphMemberDatasources AWS API Documentation
+    #
+    # @overload batch_get_graph_member_datasources(params = {})
+    # @param [Hash] params ({})
+    def batch_get_graph_member_datasources(params = {}, options = {})
+      req = build_request(:batch_get_graph_member_datasources, params)
+      req.send_request(options)
+    end
+
+    # Gets information on the data source package history for an account.
+    #
+    # @option params [required, Array<String>] :graph_arns
+    #   The ARN of the behavior graph.
+    #
+    # @return [Types::BatchGetMembershipDatasourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetMembershipDatasourcesResponse#membership_datasources #membership_datasources} => Array&lt;Types::MembershipDatasources&gt;
+    #   * {Types::BatchGetMembershipDatasourcesResponse#unprocessed_graphs #unprocessed_graphs} => Array&lt;Types::UnprocessedGraph&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_membership_datasources({
+    #     graph_arns: ["GraphArn"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.membership_datasources #=> Array
+    #   resp.membership_datasources[0].account_id #=> String
+    #   resp.membership_datasources[0].graph_arn #=> String
+    #   resp.membership_datasources[0].datasource_package_ingest_history #=> Hash
+    #   resp.membership_datasources[0].datasource_package_ingest_history["DatasourcePackage"] #=> Hash
+    #   resp.membership_datasources[0].datasource_package_ingest_history["DatasourcePackage"]["DatasourcePackageIngestState"].timestamp #=> Time
+    #   resp.unprocessed_graphs #=> Array
+    #   resp.unprocessed_graphs[0].graph_arn #=> String
+    #   resp.unprocessed_graphs[0].reason #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/BatchGetMembershipDatasources AWS API Documentation
+    #
+    # @overload batch_get_membership_datasources(params = {})
+    # @param [Hash] params ({})
+    def batch_get_membership_datasources(params = {}, options = {})
+      req = build_request(:batch_get_membership_datasources, params)
+      req.send_request(options)
+    end
+
     # Creates a new behavior graph for the calling account, and sets that
     # account as the administrator account. This operation is called by the
     # account that is enabling Detective.
@@ -423,47 +552,62 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Sends a request to invite the specified AWS accounts to be member
-    # accounts in the behavior graph. This operation can only be called by
-    # the administrator account for a behavior graph.
+    # `CreateMembers` is used to send invitations to accounts. For the
+    # organization behavior graph, the Detective administrator account uses
+    # `CreateMembers` to enable organization accounts as member accounts.
+    #
+    # For invited accounts, `CreateMembers` sends a request to invite the
+    # specified Amazon Web Services accounts to be member accounts in the
+    # behavior graph. This operation can only be called by the administrator
+    # account for a behavior graph.
     #
     # `CreateMembers` verifies the accounts and then invites the verified
     # accounts. The administrator can optionally specify to not send
     # invitation emails to the member accounts. This would be used when the
     # administrator manages their member accounts centrally.
     #
+    # For organization accounts in the organization behavior graph,
+    # `CreateMembers` attempts to enable the accounts. The organization
+    # accounts do not receive invitations.
+    #
     # The request provides the behavior graph ARN and the list of accounts
-    # to invite.
+    # to invite or to enable.
     #
     # The response separates the requested accounts into two lists:
     #
-    # * The accounts that `CreateMembers` was able to start the verification
-    #   for. This list includes member accounts that are being verified,
-    #   that have passed verification and are to be invited, and that have
-    #   failed verification.
+    # * The accounts that `CreateMembers` was able to process. For invited
+    #   accounts, includes member accounts that are being verified, that
+    #   have passed verification and are to be invited, and that have failed
+    #   verification. For organization accounts in the organization behavior
+    #   graph, includes accounts that can be enabled and that cannot be
+    #   enabled.
     #
     # * The accounts that `CreateMembers` was unable to process. This list
     #   includes accounts that were already invited to be member accounts in
     #   the behavior graph.
     #
     # @option params [required, String] :graph_arn
-    #   The ARN of the behavior graph to invite the member accounts to
-    #   contribute their data to.
+    #   The ARN of the behavior graph.
     #
     # @option params [String] :message
     #   Customized message text to include in the invitation email message to
     #   the invited member accounts.
     #
     # @option params [Boolean] :disable_email_notification
-    #   if set to `true`, then the member accounts do not receive email
-    #   notifications. By default, this is set to `false`, and the member
+    #   if set to `true`, then the invited accounts do not receive email
+    #   notifications. By default, this is set to `false`, and the invited
     #   accounts receive email notifications.
     #
+    #   Organization accounts in the organization behavior graph do not
+    #   receive email notifications.
+    #
     # @option params [required, Array<Types::Account>] :accounts
-    #   The list of AWS accounts to invite to become member accounts in the
-    #   behavior graph. You can invite up to 50 accounts at a time. For each
-    #   invited account, the account list contains the account identifier and
-    #   the AWS account root user email address.
+    #   The list of Amazon Web Services accounts to invite or to enable. You
+    #   can invite or enable up to 50 accounts at a time. For each invited
+    #   account, the account list contains the account identifier and the
+    #   Amazon Web Services account root user email address. For organization
+    #   accounts in the organization behavior graph, the email address is not
+    #   required.
     #
     # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -500,6 +644,12 @@ module Aws::Detective
     #   resp.members[0].volume_usage_updated_time #=> Time
     #   resp.members[0].percent_of_graph_utilization #=> Float
     #   resp.members[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.members[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
+    #   resp.members[0].volume_usage_by_datasource_package #=> Hash
+    #   resp.members[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_in_bytes #=> Integer
+    #   resp.members[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_update_time #=> Time
+    #   resp.members[0].datasource_package_ingest_states #=> Hash
+    #   resp.members[0].datasource_package_ingest_states["DatasourcePackage"] #=> String, one of "STARTED", "STOPPED", "DISABLED"
     #   resp.unprocessed_accounts #=> Array
     #   resp.unprocessed_accounts[0].account_id #=> String
     #   resp.unprocessed_accounts[0].reason #=> String
@@ -514,8 +664,8 @@ module Aws::Detective
     end
 
     # Disables the specified behavior graph and queues it to be deleted.
-    # This operation removes the graph from each member account's list of
-    # behavior graphs.
+    # This operation removes the behavior graph from each member account's
+    # list of behavior graphs.
     #
     # `DeleteGraph` can only be called by the administrator account for a
     # behavior graph.
@@ -540,20 +690,32 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Deletes one or more member accounts from the administrator account's
-    # behavior graph. This operation can only be called by a Detective
-    # administrator account. That account cannot use `DeleteMembers` to
-    # delete their own account from the behavior graph. To disable a
-    # behavior graph, the administrator account uses the `DeleteGraph` API
-    # method.
+    # Removes the specified member accounts from the behavior graph. The
+    # removed accounts no longer contribute data to the behavior graph. This
+    # operation can only be called by the administrator account for the
+    # behavior graph.
+    #
+    # For invited accounts, the removed accounts are deleted from the list
+    # of accounts in the behavior graph. To restore the account, the
+    # administrator account must send another invitation.
+    #
+    # For organization accounts in the organization behavior graph, the
+    # Detective administrator account can always enable the organization
+    # account again. Organization accounts that are not enabled as member
+    # accounts are not included in the `ListMembers` results for the
+    # organization behavior graph.
+    #
+    # An administrator account cannot use `DeleteMembers` to remove their
+    # own account from the behavior graph. To disable a behavior graph, the
+    # administrator account uses the `DeleteGraph` API method.
     #
     # @option params [required, String] :graph_arn
-    #   The ARN of the behavior graph to delete members from.
+    #   The ARN of the behavior graph to remove members from.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of AWS account identifiers for the member accounts to delete
-    #   from the behavior graph. You can delete up to 50 member accounts at a
-    #   time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   accounts to remove from the behavior graph. You can remove up to 50
+    #   member accounts at a time.
     #
     # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -584,10 +746,73 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns information about the configuration for the organization
+    # behavior graph. Currently indicates whether to automatically enable
+    # new organization accounts as member accounts.
+    #
+    # Can only be called by the Detective administrator account for the
+    # organization.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the organization behavior graph.
+    #
+    # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_organization_configuration({
+    #     graph_arn: "GraphArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.auto_enable #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
+    #
+    # @overload describe_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_organization_configuration(params = {}, options = {})
+      req = build_request(:describe_organization_configuration, params)
+      req.send_request(options)
+    end
+
+    # Removes the Detective administrator account in the current Region.
+    # Deletes the organization behavior graph.
+    #
+    # Can only be called by the organization management account.
+    #
+    # Removing the Detective administrator account does not affect the
+    # delegated administrator account for Detective in Organizations.
+    #
+    # To remove the delegated administrator account in Organizations, use
+    # the Organizations API. Removing the delegated administrator account
+    # also removes the Detective administrator account in all Regions,
+    # except for Regions where the Detective administrator account is the
+    # organization management account.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload disable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def disable_organization_admin_account(params = {}, options = {})
+      req = build_request(:disable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Removes the member account from the specified behavior graph. This
-    # operation can only be called by a member account that has the
+    # operation can only be called by an invited member account that has the
     # `ENABLED` status.
     #
+    # `DisassociateMembership` cannot be called by an organization account
+    # in the organization behavior graph. For the organization behavior
+    # graph, the Detective administrator account determines which
+    # organization accounts to enable or disable as member accounts.
+    #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph to remove the member account from.
     #
@@ -611,6 +836,47 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Designates the Detective administrator account for the organization in
+    # the current Region.
+    #
+    # If the account does not have Detective enabled, then enables Detective
+    # for that account and creates a new behavior graph.
+    #
+    # Can only be called by the organization management account.
+    #
+    # If the organization has a delegated administrator account in
+    # Organizations, then the Detective administrator account must be either
+    # the delegated administrator account or the organization management
+    # account.
+    #
+    # If the organization does not have a delegated administrator account in
+    # Organizations, then you can choose any account in the organization. If
+    # you choose an account other than the organization management account,
+    # Detective calls Organizations to make that account the delegated
+    # administrator account for Detective. The organization management
+    # account cannot be the delegated administrator account.
+    #
+    # @option params [required, String] :account_id
+    #   The Amazon Web Services account identifier of the account to designate
+    #   as the Detective administrator account for the organization.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_organization_admin_account({
+    #     account_id: "AccountId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload enable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def enable_organization_admin_account(params = {}, options = {})
+      req = build_request(:enable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Returns the membership details for specified member accounts for a
     # behavior graph.
     #
@@ -618,9 +884,9 @@ module Aws::Detective
     #   The ARN of the behavior graph for which to request the member details.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of AWS account identifiers for the member account for which
-    #   to return member details. You can request details for up to 50 member
-    #   accounts at a time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   account for which to return member details. You can request details
+    #   for up to 50 member accounts at a time.
     #
     #   You cannot use `GetMembers` to retrieve information about member
     #   accounts that were removed from the behavior graph.
@@ -653,6 +919,12 @@ module Aws::Detective
     #   resp.member_details[0].volume_usage_updated_time #=> Time
     #   resp.member_details[0].percent_of_graph_utilization #=> Float
     #   resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
+    #   resp.member_details[0].volume_usage_by_datasource_package #=> Hash
+    #   resp.member_details[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_in_bytes #=> Integer
+    #   resp.member_details[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_update_time #=> Time
+    #   resp.member_details[0].datasource_package_ingest_states #=> Hash
+    #   resp.member_details[0].datasource_package_ingest_states["DatasourcePackage"] #=> String, one of "STARTED", "STOPPED", "DISABLED"
     #   resp.unprocessed_accounts #=> Array
     #   resp.unprocessed_accounts[0].account_id #=> String
     #   resp.unprocessed_accounts[0].reason #=> String
@@ -666,6 +938,51 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Lists data source packages in the behavior graph.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [String] :next_token
+    #   For requests to get the next page of results, the pagination token
+    #   that was returned with the previous set of results. The initial
+    #   request does not include a pagination token.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return.
+    #
+    # @return [Types::ListDatasourcePackagesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListDatasourcePackagesResponse#datasource_packages #datasource_packages} => Hash&lt;String,Types::DatasourcePackageIngestDetail&gt;
+    #   * {Types::ListDatasourcePackagesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_datasource_packages({
+    #     graph_arn: "GraphArn", # required
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.datasource_packages #=> Hash
+    #   resp.datasource_packages["DatasourcePackage"].datasource_package_ingest_state #=> String, one of "STARTED", "STOPPED", "DISABLED"
+    #   resp.datasource_packages["DatasourcePackage"].last_ingest_state_change #=> Hash
+    #   resp.datasource_packages["DatasourcePackage"].last_ingest_state_change["DatasourcePackageIngestState"].timestamp #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListDatasourcePackages AWS API Documentation
+    #
+    # @overload list_datasource_packages(params = {})
+    # @param [Hash] params ({})
+    def list_datasource_packages(params = {}, options = {})
+      req = build_request(:list_datasource_packages, params)
+      req.send_request(options)
+    end
+
     # Returns the list of behavior graphs that the calling account is an
     # administrator account of. This operation can only be called by an
     # administrator account.
@@ -715,8 +1032,8 @@ module Aws::Detective
     end
 
     # Retrieves the list of open and accepted behavior graph invitations for
-    # the member account. This operation can only be called by a member
-    # account.
+    # the member account. This operation can only be called by an invited
+    # member account.
     #
     # Open invitations are invitations that the member account has not
     # responded to.
@@ -766,6 +1083,12 @@ module Aws::Detective
     #   resp.invitations[0].volume_usage_updated_time #=> Time
     #   resp.invitations[0].percent_of_graph_utilization #=> Float
     #   resp.invitations[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.invitations[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
+    #   resp.invitations[0].volume_usage_by_datasource_package #=> Hash
+    #   resp.invitations[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_in_bytes #=> Integer
+    #   resp.invitations[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_update_time #=> Time
+    #   resp.invitations[0].datasource_package_ingest_states #=> Hash
+    #   resp.invitations[0].datasource_package_ingest_states["DatasourcePackage"] #=> String, one of "STARTED", "STOPPED", "DISABLED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvitations AWS API Documentation
@@ -777,8 +1100,14 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Retrieves the list of member accounts for a behavior graph. Does not
-    # return member accounts that were removed from the behavior graph.
+    # Retrieves the list of member accounts for a behavior graph.
+    #
+    # For invited accounts, the results do not include member accounts that
+    # were removed from the behavior graph.
+    #
+    # For the organization behavior graph, the results do not include
+    # organization accounts that the Detective administrator account has not
+    # enabled as member accounts.
     #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph for which to retrieve the list of member
@@ -825,6 +1154,12 @@ module Aws::Detective
     #   resp.member_details[0].volume_usage_updated_time #=> Time
     #   resp.member_details[0].percent_of_graph_utilization #=> Float
     #   resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
+    #   resp.member_details[0].volume_usage_by_datasource_package #=> Hash
+    #   resp.member_details[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_in_bytes #=> Integer
+    #   resp.member_details[0].volume_usage_by_datasource_package["DatasourcePackage"].volume_usage_update_time #=> Time
+    #   resp.member_details[0].datasource_package_ingest_states #=> Hash
+    #   resp.member_details[0].datasource_package_ingest_states["DatasourcePackage"] #=> String, one of "STARTED", "STOPPED", "DISABLED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListMembers AWS API Documentation
@@ -836,6 +1171,49 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns information about the Detective administrator account for an
+    # organization. Can only be called by the organization management
+    # account.
+    #
+    # @option params [String] :next_token
+    #   For requests to get the next page of results, the pagination token
+    #   that was returned with the previous set of results. The initial
+    #   request does not include a pagination token.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return.
+    #
+    # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListOrganizationAdminAccountsResponse#administrators #administrators} => Array&lt;Types::Administrator&gt;
+    #   * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_organization_admin_accounts({
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.administrators #=> Array
+    #   resp.administrators[0].account_id #=> String
+    #   resp.administrators[0].graph_arn #=> String
+    #   resp.administrators[0].delegation_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
+    #
+    # @overload list_organization_admin_accounts(params = {})
+    # @param [Hash] params ({})
+    def list_organization_admin_accounts(params = {}, options = {})
+      req = build_request(:list_organization_admin_accounts, params)
+      req.send_request(options)
+    end
+
     # Returns the tag values that are assigned to a behavior graph.
     #
     # @option params [required, String] :resource_arn
@@ -866,8 +1244,12 @@ module Aws::Detective
     end
 
     # Rejects an invitation to contribute the account data to a behavior
-    # graph. This operation must be called by a member account that has the
-    # `INVITED` status.
+    # graph. This operation must be called by an invited member account that
+    # has the `INVITED` status.
+    #
+    # `RejectInvitation` cannot be called by an organization account in the
+    # organization behavior graph. In the organization behavior graph,
+    # organization accounts do not receive an invitation.
     #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph to reject the invitation to.
@@ -988,6 +1370,61 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Starts a data source packages for the behavior graph.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [required, Array<String>] :datasource_packages
+    #   The data source package start for the behavior graph.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_datasource_packages({
+    #     graph_arn: "GraphArn", # required
+    #     datasource_packages: ["DETECTIVE_CORE"], # required, accepts DETECTIVE_CORE, EKS_AUDIT, ASFF_SECURITYHUB_FINDING
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateDatasourcePackages AWS API Documentation
+    #
+    # @overload update_datasource_packages(params = {})
+    # @param [Hash] params ({})
+    def update_datasource_packages(params = {}, options = {})
+      req = build_request(:update_datasource_packages, params)
+      req.send_request(options)
+    end
+
+    # Updates the configuration for the Organizations integration in the
+    # current Region. Can only be called by the Detective administrator
+    # account for the organization.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the organization behavior graph.
+    #
+    # @option params [Boolean] :auto_enable
+    #   Indicates whether to automatically enable new organization accounts as
+    #   member accounts in the organization behavior graph.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_organization_configuration({
+    #     graph_arn: "GraphArn", # required
+    #     auto_enable: false,
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
+    #
+    # @overload update_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_organization_configuration(params = {}, options = {})
+      req = build_request(:update_organization_configuration, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -1001,7 +1438,7 @@ module Aws::Detective
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-detective'
-      context[:gem_version] = '1.24.0'
+      context[:gem_version] = '1.41.0'
       Seahorse::Client::Request.new(handlers, context)
     end