aws-sdk-detective 1.25.0 → 1.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f793f2bcf579c8204cbaae8e915fc143f81038780670ef5f0ae938f751bb7399
-  data.tar.gz: ee44b465465cb6455f848d775a62505268c11843b9029606822c6150cbd777da
+  metadata.gz: 905d4ac8d836aacc72ac74ffaadb3ed37c66f1637b6836719bc349b5b14d1271
+  data.tar.gz: 0b6e855a00ee47d2a58d04114e81942f115376f66ecafad95280b66a51656a58
 SHA512:
-  metadata.gz: b6d066507d5f8c54f592c15332af0daa7da728b9d843b6923ce892374b48e11d37be9993a0a452d2be55998b0beadf8d6b1983c46cf14a551372e7ff8de72b62
-  data.tar.gz: 8bb68fcc0b84f011042cc1af1b288deac6059c2b1e20f7bf3e7e17c7c4948d218f3001091680b3fc7b2508b72fe75b510151aad5cc258082771736317d9a1eb0
+  metadata.gz: 64b71da0efde12aab15225cc2e06d7aa224ff808c4ac5e7502dd07993b3547ef4106b876bbc3842bd5a29f65e3c85dcbeab222e635988d26715c6124949072bf
+  data.tar.gz: 15f1a0d4cebe6a237dfd57bac467329475b6e417c6bf076bffbb825a44b28357b2f7ee5a813fa42159dc174703e77e587ec035a4fa453cba02b3ade12b4448b7

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.26.0 (2022-01-03)
+------------------
+
+* Feature - Added and updated API operations to support the Detective integration with AWS Organizations. New actions are used to manage the delegated administrator account and the integration configuration.
+
 1.25.0 (2021-12-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.25.0
+1.26.0

data/lib/aws-sdk-detective/client.rb

@@ -432,47 +432,62 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Sends a request to invite the specified AWS accounts to be member
-    # accounts in the behavior graph. This operation can only be called by
-    # the administrator account for a behavior graph.
+    # `CreateMembers` is used to send invitations to accounts. For the
+    # organization behavior graph, the Detective administrator account uses
+    # `CreateMembers` to enable organization accounts as member accounts.
+    #
+    # For invited accounts, `CreateMembers` sends a request to invite the
+    # specified Amazon Web Services accounts to be member accounts in the
+    # behavior graph. This operation can only be called by the administrator
+    # account for a behavior graph.
     #
     # `CreateMembers` verifies the accounts and then invites the verified
     # accounts. The administrator can optionally specify to not send
     # invitation emails to the member accounts. This would be used when the
     # administrator manages their member accounts centrally.
     #
+    # For organization accounts in the organization behavior graph,
+    # `CreateMembers` attempts to enable the accounts. The organization
+    # accounts do not receive invitations.
+    #
     # The request provides the behavior graph ARN and the list of accounts
-    # to invite.
+    # to invite or to enable.
     #
     # The response separates the requested accounts into two lists:
     #
-    # * The accounts that `CreateMembers` was able to start the verification
-    #   for. This list includes member accounts that are being verified,
-    #   that have passed verification and are to be invited, and that have
-    #   failed verification.
+    # * The accounts that `CreateMembers` was able to process. For invited
+    #   accounts, includes member accounts that are being verified, that
+    #   have passed verification and are to be invited, and that have failed
+    #   verification. For organization accounts in the organization behavior
+    #   graph, includes accounts that can be enabled and that cannot be
+    #   enabled.
     #
     # * The accounts that `CreateMembers` was unable to process. This list
     #   includes accounts that were already invited to be member accounts in
     #   the behavior graph.
     #
     # @option params [required, String] :graph_arn
-    #   The ARN of the behavior graph to invite the member accounts to
-    #   contribute their data to.
+    #   The ARN of the behavior graph.
     #
     # @option params [String] :message
     #   Customized message text to include in the invitation email message to
     #   the invited member accounts.
     #
     # @option params [Boolean] :disable_email_notification
-    #   if set to `true`, then the member accounts do not receive email
-    #   notifications. By default, this is set to `false`, and the member
+    #   if set to `true`, then the invited accounts do not receive email
+    #   notifications. By default, this is set to `false`, and the invited
     #   accounts receive email notifications.
     #
+    #   Organization accounts in the organization behavior graph do not
+    #   receive email notifications.
+    #
     # @option params [required, Array<Types::Account>] :accounts
-    #   The list of AWS accounts to invite to become member accounts in the
-    #   behavior graph. You can invite up to 50 accounts at a time. For each
-    #   invited account, the account list contains the account identifier and
-    #   the AWS account root user email address.
+    #   The list of Amazon Web Services accounts to invite or to enable. You
+    #   can invite or enable up to 50 accounts at a time. For each invited
+    #   account, the account list contains the account identifier and the
+    #   Amazon Web Services account root user email address. For organization
+    #   accounts in the organization behavior graph, the email address is not
+    #   required.
     #
     # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -509,6 +524,7 @@ module Aws::Detective
     #   resp.members[0].volume_usage_updated_time #=> Time
     #   resp.members[0].percent_of_graph_utilization #=> Float
     #   resp.members[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.members[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.unprocessed_accounts #=> Array
     #   resp.unprocessed_accounts[0].account_id #=> String
     #   resp.unprocessed_accounts[0].reason #=> String
@@ -523,8 +539,8 @@ module Aws::Detective
     end
 
     # Disables the specified behavior graph and queues it to be deleted.
-    # This operation removes the graph from each member account's list of
-    # behavior graphs.
+    # This operation removes the behavior graph from each member account's
+    # list of behavior graphs.
     #
     # `DeleteGraph` can only be called by the administrator account for a
     # behavior graph.
@@ -549,20 +565,32 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Deletes one or more member accounts from the administrator account's
-    # behavior graph. This operation can only be called by a Detective
-    # administrator account. That account cannot use `DeleteMembers` to
-    # delete their own account from the behavior graph. To disable a
-    # behavior graph, the administrator account uses the `DeleteGraph` API
-    # method.
+    # Removes the specified member accounts from the behavior graph. The
+    # removed accounts no longer contribute data to the behavior graph. This
+    # operation can only be called by the administrator account for the
+    # behavior graph.
+    #
+    # For invited accounts, the removed accounts are deleted from the list
+    # of accounts in the behavior graph. To restore the account, the
+    # administrator account must send another invitation.
+    #
+    # For organization accounts in the organization behavior graph, the
+    # Detective administrator account can always enable the organization
+    # account again. Organization accounts that are not enabled as member
+    # accounts are not included in the `ListMembers` results for the
+    # organization behavior graph.
+    #
+    # An administrator account cannot use `DeleteMembers` to remove their
+    # own account from the behavior graph. To disable a behavior graph, the
+    # administrator account uses the `DeleteGraph` API method.
     #
     # @option params [required, String] :graph_arn
-    #   The ARN of the behavior graph to delete members from.
+    #   The ARN of the behavior graph to remove members from.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of AWS account identifiers for the member accounts to delete
-    #   from the behavior graph. You can delete up to 50 member accounts at a
-    #   time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   accounts to remove from the behavior graph. You can remove up to 50
+    #   member accounts at a time.
     #
     # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -593,10 +621,66 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns information about the configuration for the organization
+    # behavior graph. Currently indicates whether to automatically enable
+    # new organization accounts as member accounts.
+    #
+    # Can only be called by the Detective administrator account for the
+    # organization.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the organization behavior graph.
+    #
+    # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_organization_configuration({
+    #     graph_arn: "GraphArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.auto_enable #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
+    #
+    # @overload describe_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_organization_configuration(params = {}, options = {})
+      req = build_request(:describe_organization_configuration, params)
+      req.send_request(options)
+    end
+
+    # Removes the Detective administrator account for the organization in
+    # the current Region. Deletes the behavior graph for that account.
+    #
+    # Can only be called by the organization management account. Before you
+    # can select a different Detective administrator account, you must
+    # remove the Detective administrator account in all Regions.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload disable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def disable_organization_admin_account(params = {}, options = {})
+      req = build_request(:disable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Removes the member account from the specified behavior graph. This
-    # operation can only be called by a member account that has the
+    # operation can only be called by an invited member account that has the
     # `ENABLED` status.
     #
+    # `DisassociateMembership` cannot be called by an organization account
+    # in the organization behavior graph. For the organization behavior
+    # graph, the Detective administrator account determines which
+    # organization accounts to enable or disable as member accounts.
+    #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph to remove the member account from.
     #
@@ -620,6 +704,40 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Designates the Detective administrator account for the organization in
+    # the current Region.
+    #
+    # If the account does not have Detective enabled, then enables Detective
+    # for that account and creates a new behavior graph.
+    #
+    # Can only be called by the organization management account.
+    #
+    # The Detective administrator account for an organization must be the
+    # same in all Regions. If you already designated a Detective
+    # administrator account in another Region, then you must designate the
+    # same account.
+    #
+    # @option params [required, String] :account_id
+    #   The Amazon Web Services account identifier of the account to designate
+    #   as the Detective administrator account for the organization.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_organization_admin_account({
+    #     account_id: "AccountId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload enable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def enable_organization_admin_account(params = {}, options = {})
+      req = build_request(:enable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Returns the membership details for specified member accounts for a
     # behavior graph.
     #
@@ -627,9 +745,9 @@ module Aws::Detective
     #   The ARN of the behavior graph for which to request the member details.
     #
     # @option params [required, Array<String>] :account_ids
-    #   The list of AWS account identifiers for the member account for which
-    #   to return member details. You can request details for up to 50 member
-    #   accounts at a time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   account for which to return member details. You can request details
+    #   for up to 50 member accounts at a time.
     #
     #   You cannot use `GetMembers` to retrieve information about member
     #   accounts that were removed from the behavior graph.
@@ -662,6 +780,7 @@ module Aws::Detective
     #   resp.member_details[0].volume_usage_updated_time #=> Time
     #   resp.member_details[0].percent_of_graph_utilization #=> Float
     #   resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.unprocessed_accounts #=> Array
     #   resp.unprocessed_accounts[0].account_id #=> String
     #   resp.unprocessed_accounts[0].reason #=> String
@@ -724,8 +843,8 @@ module Aws::Detective
     end
 
     # Retrieves the list of open and accepted behavior graph invitations for
-    # the member account. This operation can only be called by a member
-    # account.
+    # the member account. This operation can only be called by an invited
+    # member account.
     #
     # Open invitations are invitations that the member account has not
     # responded to.
@@ -775,6 +894,7 @@ module Aws::Detective
     #   resp.invitations[0].volume_usage_updated_time #=> Time
     #   resp.invitations[0].percent_of_graph_utilization #=> Float
     #   resp.invitations[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.invitations[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvitations AWS API Documentation
@@ -786,8 +906,14 @@ module Aws::Detective
       req.send_request(options)
     end
 
-    # Retrieves the list of member accounts for a behavior graph. Does not
-    # return member accounts that were removed from the behavior graph.
+    # Retrieves the list of member accounts for a behavior graph.
+    #
+    # For invited accounts, the results do not include member accounts that
+    # were removed from the behavior graph.
+    #
+    # For the organization behavior graph, the results do not include
+    # organization accounts that the Detective administrator account has not
+    # enabled as member accounts.
     #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph for which to retrieve the list of member
@@ -834,6 +960,7 @@ module Aws::Detective
     #   resp.member_details[0].volume_usage_updated_time #=> Time
     #   resp.member_details[0].percent_of_graph_utilization #=> Float
     #   resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
+    #   resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListMembers AWS API Documentation
@@ -845,6 +972,49 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns information about the Detective administrator account for an
+    # organization. Can only be called by the organization management
+    # account.
+    #
+    # @option params [String] :next_token
+    #   For requests to get the next page of results, the pagination token
+    #   that was returned with the previous set of results. The initial
+    #   request does not include a pagination token.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return.
+    #
+    # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListOrganizationAdminAccountsResponse#administrators #administrators} => Array&lt;Types::Administrator&gt;
+    #   * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_organization_admin_accounts({
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.administrators #=> Array
+    #   resp.administrators[0].account_id #=> String
+    #   resp.administrators[0].graph_arn #=> String
+    #   resp.administrators[0].delegation_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
+    #
+    # @overload list_organization_admin_accounts(params = {})
+    # @param [Hash] params ({})
+    def list_organization_admin_accounts(params = {}, options = {})
+      req = build_request(:list_organization_admin_accounts, params)
+      req.send_request(options)
+    end
+
     # Returns the tag values that are assigned to a behavior graph.
     #
     # @option params [required, String] :resource_arn
@@ -875,8 +1045,12 @@ module Aws::Detective
     end
 
     # Rejects an invitation to contribute the account data to a behavior
-    # graph. This operation must be called by a member account that has the
-    # `INVITED` status.
+    # graph. This operation must be called by an invited member account that
+    # has the `INVITED` status.
+    #
+    # `RejectInvitation` cannot be called by an organization account in the
+    # organization behavior graph. In the organization behavior graph,
+    # organization accounts do not receive an invitation.
     #
     # @option params [required, String] :graph_arn
     #   The ARN of the behavior graph to reject the invitation to.
@@ -997,6 +1171,35 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Updates the configuration for the Organizations integration in the
+    # current Region. Can only be called by the Detective administrator
+    # account for the organization.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the organization behavior graph.
+    #
+    # @option params [Boolean] :auto_enable
+    #   Indicates whether to automatically enable new organization accounts as
+    #   member accounts in the organization behavior graph.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_organization_configuration({
+    #     graph_arn: "GraphArn", # required
+    #     auto_enable: false,
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
+    #
+    # @overload update_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_organization_configuration(params = {}, options = {})
+      req = build_request(:update_organization_configuration, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -1010,7 +1213,7 @@ module Aws::Detective
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-detective'
-      context[:gem_version] = '1.25.0'
+      context[:gem_version] = '1.26.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-detective/client_api.rb

@@ -18,6 +18,8 @@ module Aws::Detective
     AccountId = Shapes::StringShape.new(name: 'AccountId')
     AccountIdList = Shapes::ListShape.new(name: 'AccountIdList')
     AccountList = Shapes::ListShape.new(name: 'AccountList')
+    Administrator = Shapes::StructureShape.new(name: 'Administrator')
+    AdministratorList = Shapes::ListShape.new(name: 'AdministratorList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     ByteValue = Shapes::IntegerShape.new(name: 'ByteValue')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
@@ -28,9 +30,12 @@ module Aws::Detective
     DeleteGraphRequest = Shapes::StructureShape.new(name: 'DeleteGraphRequest')
     DeleteMembersRequest = Shapes::StructureShape.new(name: 'DeleteMembersRequest')
     DeleteMembersResponse = Shapes::StructureShape.new(name: 'DeleteMembersResponse')
+    DescribeOrganizationConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeOrganizationConfigurationRequest')
+    DescribeOrganizationConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeOrganizationConfigurationResponse')
     DisassociateMembershipRequest = Shapes::StructureShape.new(name: 'DisassociateMembershipRequest')
     EmailAddress = Shapes::StringShape.new(name: 'EmailAddress')
     EmailMessage = Shapes::StringShape.new(name: 'EmailMessage')
+    EnableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountRequest')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     GetMembersRequest = Shapes::StructureShape.new(name: 'GetMembersRequest')
     GetMembersResponse = Shapes::StructureShape.new(name: 'GetMembersResponse')
@@ -38,12 +43,15 @@ module Aws::Detective
     GraphArn = Shapes::StringShape.new(name: 'GraphArn')
     GraphList = Shapes::ListShape.new(name: 'GraphList')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
+    InvitationType = Shapes::StringShape.new(name: 'InvitationType')
     ListGraphsRequest = Shapes::StructureShape.new(name: 'ListGraphsRequest')
     ListGraphsResponse = Shapes::StructureShape.new(name: 'ListGraphsResponse')
     ListInvitationsRequest = Shapes::StructureShape.new(name: 'ListInvitationsRequest')
     ListInvitationsResponse = Shapes::StructureShape.new(name: 'ListInvitationsResponse')
     ListMembersRequest = Shapes::StructureShape.new(name: 'ListMembersRequest')
     ListMembersResponse = Shapes::StructureShape.new(name: 'ListMembersResponse')
+    ListOrganizationAdminAccountsRequest = Shapes::StructureShape.new(name: 'ListOrganizationAdminAccountsRequest')
+    ListOrganizationAdminAccountsResponse = Shapes::StructureShape.new(name: 'ListOrganizationAdminAccountsResponse')
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     MemberDetail = Shapes::StructureShape.new(name: 'MemberDetail')
@@ -64,11 +72,13 @@ module Aws::Detective
     TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
     TagValue = Shapes::StringShape.new(name: 'TagValue')
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp', timestampFormat: "iso8601")
+    TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
     UnprocessedAccount = Shapes::StructureShape.new(name: 'UnprocessedAccount')
     UnprocessedAccountList = Shapes::ListShape.new(name: 'UnprocessedAccountList')
     UnprocessedReason = Shapes::StringShape.new(name: 'UnprocessedReason')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
+    UpdateOrganizationConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateOrganizationConfigurationRequest')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
 
     AcceptInvitationRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
@@ -82,6 +92,13 @@ module Aws::Detective
 
     AccountList.member = Shapes::ShapeRef.new(shape: Account)
 
+    Administrator.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
+    Administrator.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, location_name: "GraphArn"))
+    Administrator.add_member(:delegation_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "DelegationTime"))
+    Administrator.struct_class = Types::Administrator
+
+    AdministratorList.member = Shapes::ShapeRef.new(shape: Administrator)
+
     ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     ConflictException.struct_class = Types::ConflictException
 
@@ -112,9 +129,18 @@ module Aws::Detective
     DeleteMembersResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: UnprocessedAccountList, location_name: "UnprocessedAccounts"))
     DeleteMembersResponse.struct_class = Types::DeleteMembersResponse
 
+    DescribeOrganizationConfigurationRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
+    DescribeOrganizationConfigurationRequest.struct_class = Types::DescribeOrganizationConfigurationRequest
+
+    DescribeOrganizationConfigurationResponse.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnable"))
+    DescribeOrganizationConfigurationResponse.struct_class = Types::DescribeOrganizationConfigurationResponse
+
     DisassociateMembershipRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
     DisassociateMembershipRequest.struct_class = Types::DisassociateMembershipRequest
 
+    EnableOrganizationAdminAccountRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
+    EnableOrganizationAdminAccountRequest.struct_class = Types::EnableOrganizationAdminAccountRequest
+
     GetMembersRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
     GetMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, required: true, location_name: "AccountIds"))
     GetMembersRequest.struct_class = Types::GetMembersRequest
@@ -157,6 +183,14 @@ module Aws::Detective
     ListMembersResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
     ListMembersResponse.struct_class = Types::ListMembersResponse
 
+    ListOrganizationAdminAccountsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    ListOrganizationAdminAccountsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MemberResultsLimit, location_name: "MaxResults"))
+    ListOrganizationAdminAccountsRequest.struct_class = Types::ListOrganizationAdminAccountsRequest
+
+    ListOrganizationAdminAccountsResponse.add_member(:administrators, Shapes::ShapeRef.new(shape: AdministratorList, location_name: "Administrators"))
+    ListOrganizationAdminAccountsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    ListOrganizationAdminAccountsResponse.struct_class = Types::ListOrganizationAdminAccountsResponse
+
     ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location: "uri", location_name: "ResourceArn"))
     ListTagsForResourceRequest.struct_class = Types::ListTagsForResourceRequest
 
@@ -176,6 +210,7 @@ module Aws::Detective
     MemberDetail.add_member(:volume_usage_updated_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "VolumeUsageUpdatedTime"))
     MemberDetail.add_member(:percent_of_graph_utilization, Shapes::ShapeRef.new(shape: Percentage, deprecated: true, location_name: "PercentOfGraphUtilization", metadata: {"deprecatedMessage"=>"This property is deprecated. Use VolumeUsageInBytes instead."}))
     MemberDetail.add_member(:percent_of_graph_utilization_updated_time, Shapes::ShapeRef.new(shape: Timestamp, deprecated: true, location_name: "PercentOfGraphUtilizationUpdatedTime", metadata: {"deprecatedMessage"=>"This property is deprecated. Use VolumeUsageUpdatedTime instead."}))
+    MemberDetail.add_member(:invitation_type, Shapes::ShapeRef.new(shape: InvitationType, location_name: "InvitationType"))
     MemberDetail.struct_class = Types::MemberDetail
 
     MemberDetailList.member = Shapes::ShapeRef.new(shape: MemberDetail)
@@ -204,6 +239,9 @@ module Aws::Detective
 
     TagResourceResponse.struct_class = Types::TagResourceResponse
 
+    TooManyRequestsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
+    TooManyRequestsException.struct_class = Types::TooManyRequestsException
+
     UnprocessedAccount.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
     UnprocessedAccount.add_member(:reason, Shapes::ShapeRef.new(shape: UnprocessedReason, location_name: "Reason"))
     UnprocessedAccount.struct_class = Types::UnprocessedAccount
@@ -216,6 +254,10 @@ module Aws::Detective
 
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
 
+    UpdateOrganizationConfigurationRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
+    UpdateOrganizationConfigurationRequest.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnable"))
+    UpdateOrganizationConfigurationRequest.struct_class = Types::UpdateOrganizationConfigurationRequest
+
     ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     ValidationException.struct_class = Types::ValidationException
 
@@ -295,6 +337,28 @@ module Aws::Detective
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
       end)
 
+      api.add_operation(:describe_organization_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeOrganizationConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/orgs/describeOrganizationConfiguration"
+        o.input = Shapes::ShapeRef.new(shape: DescribeOrganizationConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeOrganizationConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+      end)
+
+      api.add_operation(:disable_organization_admin_account, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisableOrganizationAdminAccount"
+        o.http_method = "POST"
+        o.http_request_uri = "/orgs/disableAdminAccount"
+        o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+      end)
+
       api.add_operation(:disassociate_membership, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DisassociateMembership"
         o.http_method = "POST"
@@ -307,6 +371,17 @@ module Aws::Detective
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
       end)
 
+      api.add_operation(:enable_organization_admin_account, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "EnableOrganizationAdminAccount"
+        o.http_method = "POST"
+        o.http_request_uri = "/orgs/enableAdminAccount"
+        o.input = Shapes::ShapeRef.new(shape: EnableOrganizationAdminAccountRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+      end)
+
       api.add_operation(:get_members, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetMembers"
         o.http_method = "POST"
@@ -367,6 +442,23 @@ module Aws::Detective
         )
       end)
 
+      api.add_operation(:list_organization_admin_accounts, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListOrganizationAdminAccounts"
+        o.http_method = "POST"
+        o.http_request_uri = "/orgs/adminAccountslist"
+        o.input = Shapes::ShapeRef.new(shape: ListOrganizationAdminAccountsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListOrganizationAdminAccountsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListTagsForResource"
         o.http_method = "GET"
@@ -424,6 +516,17 @@ module Aws::Detective
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
+
+      api.add_operation(:update_organization_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateOrganizationConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/orgs/updateOrganizationConfiguration"
+        o.input = Shapes::ShapeRef.new(shape: UpdateOrganizationConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+      end)
     end
 
   end

data/lib/aws-sdk-detective/errors.rb

@@ -31,6 +31,7 @@ module Aws::Detective
   # * {InternalServerException}
   # * {ResourceNotFoundException}
   # * {ServiceQuotaExceededException}
+  # * {TooManyRequestsException}
   # * {ValidationException}
   #
   # Additionally, error classes are dynamically generated for service errors based on the error code
@@ -99,6 +100,21 @@ module Aws::Detective
       end
     end
 
+    class TooManyRequestsException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::Detective::Types::TooManyRequestsException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class ValidationException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-detective/types.rb

@@ -32,8 +32,8 @@ module Aws::Detective
       include Aws::Structure
     end
 
-    # An AWS account that is the administrator account of or a member of a
-    # behavior graph.
+    # An Amazon Web Services account that is the administrator account of or
+    # a member of a behavior graph.
     #
     # @note When making an API call, you may pass Account
     #   data as a hash:
@@ -44,11 +44,12 @@ module Aws::Detective
     #       }
     #
     # @!attribute [rw] account_id
-    #   The account identifier of the AWS account.
+    #   The account identifier of the Amazon Web Services account.
     #   @return [String]
     #
     # @!attribute [rw] email_address
-    #   The AWS account root user email address for the AWS account.
+    #   The Amazon Web Services account root user email address for the
+    #   Amazon Web Services account.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Account AWS API Documentation
@@ -60,6 +61,34 @@ module Aws::Detective
       include Aws::Structure
     end
 
+    # Information about the Detective administrator account for an
+    # organization.
+    #
+    # @!attribute [rw] account_id
+    #   The Amazon Web Services account identifier of the Detective
+    #   administrator account for the organization.
+    #   @return [String]
+    #
+    # @!attribute [rw] graph_arn
+    #   The ARN of the organization behavior graph.
+    #   @return [String]
+    #
+    # @!attribute [rw] delegation_time
+    #   The date and time when the Detective administrator account was
+    #   enabled. The value is an ISO8601 formatted string. For example,
+    #   `2021-08-18T16:35:56.284Z`.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Administrator AWS API Documentation
+    #
+    class Administrator < Struct.new(
+      :account_id,
+      :graph_arn,
+      :delegation_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request attempted an invalid action.
     #
     # @!attribute [rw] message
@@ -125,8 +154,7 @@ module Aws::Detective
     #       }
     #
     # @!attribute [rw] graph_arn
-    #   The ARN of the behavior graph to invite the member accounts to
-    #   contribute their data to.
+    #   The ARN of the behavior graph.
     #   @return [String]
     #
     # @!attribute [rw] message
@@ -135,16 +163,21 @@ module Aws::Detective
     #   @return [String]
     #
     # @!attribute [rw] disable_email_notification
-    #   if set to `true`, then the member accounts do not receive email
-    #   notifications. By default, this is set to `false`, and the member
+    #   if set to `true`, then the invited accounts do not receive email
+    #   notifications. By default, this is set to `false`, and the invited
     #   accounts receive email notifications.
+    #
+    #   Organization accounts in the organization behavior graph do not
+    #   receive email notifications.
     #   @return [Boolean]
     #
     # @!attribute [rw] accounts
-    #   The list of AWS accounts to invite to become member accounts in the
-    #   behavior graph. You can invite up to 50 accounts at a time. For each
-    #   invited account, the account list contains the account identifier
-    #   and the AWS account root user email address.
+    #   The list of Amazon Web Services accounts to invite or to enable. You
+    #   can invite or enable up to 50 accounts at a time. For each invited
+    #   account, the account list contains the account identifier and the
+    #   Amazon Web Services account root user email address. For
+    #   organization accounts in the organization behavior graph, the email
+    #   address is not required.
     #   @return [Array<Types::Account>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/CreateMembersRequest AWS API Documentation
@@ -159,17 +192,18 @@ module Aws::Detective
     end
 
     # @!attribute [rw] members
-    #   The set of member account invitation requests that Detective was
-    #   able to process. This includes accounts that are being verified,
-    #   that failed verification, and that passed verification and are being
-    #   sent an invitation.
+    #   The set of member account invitation or enablement requests that
+    #   Detective was able to process. This includes accounts that are being
+    #   verified, that failed verification, and that passed verification and
+    #   are being sent an invitation or are being enabled.
     #   @return [Array<Types::MemberDetail>]
     #
     # @!attribute [rw] unprocessed_accounts
     #   The list of accounts for which Detective was unable to process the
-    #   invitation request. For each account, the list provides the reason
-    #   why the request could not be processed. The list includes accounts
-    #   that are already member accounts in the behavior graph.
+    #   invitation or enablement request. For each account, the list
+    #   provides the reason why the request could not be processed. The list
+    #   includes accounts that are already member accounts in the behavior
+    #   graph.
     #   @return [Array<Types::UnprocessedAccount>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/CreateMembersResponse AWS API Documentation
@@ -209,13 +243,13 @@ module Aws::Detective
     #       }
     #
     # @!attribute [rw] graph_arn
-    #   The ARN of the behavior graph to delete members from.
+    #   The ARN of the behavior graph to remove members from.
     #   @return [String]
     #
     # @!attribute [rw] account_ids
-    #   The list of AWS account identifiers for the member accounts to
-    #   delete from the behavior graph. You can delete up to 50 member
-    #   accounts at a time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   accounts to remove from the behavior graph. You can remove up to 50
+    #   member accounts at a time.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DeleteMembersRequest AWS API Documentation
@@ -228,12 +262,13 @@ module Aws::Detective
     end
 
     # @!attribute [rw] account_ids
-    #   The list of AWS account identifiers for the member accounts that
-    #   Detective successfully deleted from the behavior graph.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   accounts that Detective successfully removed from the behavior
+    #   graph.
     #   @return [Array<String>]
     #
     # @!attribute [rw] unprocessed_accounts
-    #   The list of member accounts that Detective was not able to delete
+    #   The list of member accounts that Detective was not able to remove
     #   from the behavior graph. For each member account, provides the
     #   reason that the deletion could not be processed.
     #   @return [Array<Types::UnprocessedAccount>]
@@ -247,6 +282,38 @@ module Aws::Detective
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeOrganizationConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         graph_arn: "GraphArn", # required
+    #       }
+    #
+    # @!attribute [rw] graph_arn
+    #   The ARN of the organization behavior graph.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfigurationRequest AWS API Documentation
+    #
+    class DescribeOrganizationConfigurationRequest < Struct.new(
+      :graph_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] auto_enable
+    #   Indicates whether to automatically enable new organization accounts
+    #   as member accounts in the organization behavior graph.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
+    #
+    class DescribeOrganizationConfigurationResponse < Struct.new(
+      :auto_enable)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DisassociateMembershipRequest
     #   data as a hash:
     #
@@ -269,6 +336,27 @@ module Aws::Detective
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
+    #   data as a hash:
+    #
+    #       {
+    #         account_id: "AccountId", # required
+    #       }
+    #
+    # @!attribute [rw] account_id
+    #   The Amazon Web Services account identifier of the account to
+    #   designate as the Detective administrator account for the
+    #   organization.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/EnableOrganizationAdminAccountRequest AWS API Documentation
+    #
+    class EnableOrganizationAdminAccountRequest < Struct.new(
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetMembersRequest
     #   data as a hash:
     #
@@ -283,9 +371,9 @@ module Aws::Detective
     #   @return [String]
     #
     # @!attribute [rw] account_ids
-    #   The list of AWS account identifiers for the member account for which
-    #   to return member details. You can request details for up to 50
-    #   member accounts at a time.
+    #   The list of Amazon Web Services account identifiers for the member
+    #   account for which to return member details. You can request details
+    #   for up to 50 member accounts at a time.
     #
     #   You cannot use `GetMembers` to retrieve information about member
     #   accounts that were removed from the behavior graph.
@@ -330,7 +418,8 @@ module Aws::Detective
     #
     # @!attribute [rw] created_time
     #   The date and time that the behavior graph was created. The value is
-    #   in milliseconds since the epoch.
+    #   an ISO8601 formatted string. For example,
+    #   `2021-08-18T16:35:56.284Z`.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Graph AWS API Documentation
@@ -493,16 +582,19 @@ module Aws::Detective
     # @!attribute [rw] member_details
     #   The list of member accounts in the behavior graph.
     #
-    #   The results include member accounts that did not pass verification
-    #   and member accounts that have not yet accepted the invitation to the
-    #   behavior graph. The results do not include member accounts that were
-    #   removed from the behavior graph.
+    #   For invited accounts, the results include member accounts that did
+    #   not pass verification and member accounts that have not yet accepted
+    #   the invitation to the behavior graph. The results do not include
+    #   member accounts that were removed from the behavior graph.
+    #
+    #   For the organization behavior graph, the results do not include
+    #   organization accounts that the Detective administrator account has
+    #   not enabled as member accounts.
     #   @return [Array<Types::MemberDetail>]
     #
     # @!attribute [rw] next_token
-    #   If there are more member accounts remaining in the results, then
-    #   this is the pagination token to use to request the next page of
-    #   member accounts.
+    #   If there are more member accounts remaining in the results, then use
+    #   this pagination token to request the next page of member accounts.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListMembersResponse AWS API Documentation
@@ -514,6 +606,51 @@ module Aws::Detective
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         next_token: "PaginationToken",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] next_token
+    #   For requests to get the next page of results, the pagination token
+    #   that was returned with the previous set of results. The initial
+    #   request does not include a pagination token.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccountsRequest AWS API Documentation
+    #
+    class ListOrganizationAdminAccountsRequest < Struct.new(
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] administrators
+    #   The list of delegated administrator accounts.
+    #   @return [Array<Types::Administrator>]
+    #
+    # @!attribute [rw] next_token
+    #   If there are more accounts remaining in the results, then this is
+    #   the pagination token to use to request the next page of accounts.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccountsResponse AWS API Documentation
+    #
+    class ListOrganizationAdminAccountsResponse < Struct.new(
+      :administrators,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListTagsForResourceRequest
     #   data as a hash:
     #
@@ -546,59 +683,70 @@ module Aws::Detective
       include Aws::Structure
     end
 
-    # Details about a member account that was invited to contribute to a
-    # behavior graph.
+    # Details about a member account in a behavior graph.
     #
     # @!attribute [rw] account_id
-    #   The AWS account identifier for the member account.
+    #   The Amazon Web Services account identifier for the member account.
     #   @return [String]
     #
     # @!attribute [rw] email_address
-    #   The AWS account root user email address for the member account.
+    #   The Amazon Web Services account root user email address for the
+    #   member account.
     #   @return [String]
     #
     # @!attribute [rw] graph_arn
-    #   The ARN of the behavior graph that the member account was invited
-    #   to.
+    #   The ARN of the behavior graph.
     #   @return [String]
     #
     # @!attribute [rw] master_id
-    #   The AWS account identifier of the administrator account for the
-    #   behavior graph.
+    #   The Amazon Web Services account identifier of the administrator
+    #   account for the behavior graph.
     #   @return [String]
     #
     # @!attribute [rw] administrator_id
-    #   The AWS account identifier of the administrator account for the
-    #   behavior graph.
+    #   The Amazon Web Services account identifier of the administrator
+    #   account for the behavior graph.
     #   @return [String]
     #
     # @!attribute [rw] status
     #   The current membership status of the member account. The status can
     #   have one of the following values:
     #
-    #   * `INVITED` - Indicates that the member was sent an invitation but
-    #     has not yet responded.
-    #
-    #   * `VERIFICATION_IN_PROGRESS` - Indicates that Detective is verifying
-    #     that the account identifier and email address provided for the
-    #     member account match. If they do match, then Detective sends the
-    #     invitation. If the email address and account identifier don't
-    #     match, then the member cannot be added to the behavior graph.
-    #
-    #   * `VERIFICATION_FAILED` - Indicates that the account and email
-    #     address provided for the member account do not match, and
-    #     Detective did not send an invitation to the account.
-    #
-    #   * `ENABLED` - Indicates that the member account accepted the
-    #     invitation to contribute to the behavior graph.
-    #
-    #   * `ACCEPTED_BUT_DISABLED` - Indicates that the member account
-    #     accepted the invitation but is prevented from contributing data to
-    #     the behavior graph. `DisabledReason` provides the reason why the
-    #     member account is not enabled.
-    #
-    #   Member accounts that declined an invitation or that were removed
-    #   from the behavior graph are not included.
+    #   * `INVITED` - For invited accounts only. Indicates that the member
+    #     was sent an invitation but has not yet responded.
+    #
+    #   * `VERIFICATION_IN_PROGRESS` - For invited accounts only, indicates
+    #     that Detective is verifying that the account identifier and email
+    #     address provided for the member account match. If they do match,
+    #     then Detective sends the invitation. If the email address and
+    #     account identifier don't match, then the member cannot be added
+    #     to the behavior graph.
+    #
+    #     For organization accounts in the organization behavior graph,
+    #     indicates that Detective is verifying that the account belongs to
+    #     the organization.
+    #
+    #   * `VERIFICATION_FAILED` - For invited accounts only. Indicates that
+    #     the account and email address provided for the member account do
+    #     not match, and Detective did not send an invitation to the
+    #     account.
+    #
+    #   * `ENABLED` - Indicates that the member account currently
+    #     contributes data to the behavior graph. For invited accounts, the
+    #     member account accepted the invitation. For organization accounts
+    #     in the organization behavior graph, the Detective administrator
+    #     account enabled the organization account as a member account.
+    #
+    #   * `ACCEPTED_BUT_DISABLED` - The account accepted the invitation, or
+    #     was enabled by the Detective administrator account, but is
+    #     prevented from contributing data to the behavior graph.
+    #     `DisabledReason` provides the reason why the member account is not
+    #     enabled.
+    #
+    #   Invited accounts that declined an invitation or that were removed
+    #   from the behavior graph are not included. In the organization
+    #   behavior graph, organization accounts that the Detective
+    #   administrator account did not enable are not included.
     #   @return [String]
     #
     # @!attribute [rw] disabled_reason
@@ -616,13 +764,15 @@ module Aws::Detective
     #   @return [String]
     #
     # @!attribute [rw] invited_time
-    #   The date and time that Detective sent the invitation to the member
-    #   account. The value is in milliseconds since the epoch.
+    #   For invited accounts, the date and time that Detective sent the
+    #   invitation to the account. The value is an ISO8601 formatted string.
+    #   For example, `2021-08-18T16:35:56.284Z`.
     #   @return [Time]
     #
     # @!attribute [rw] updated_time
     #   The date and time that the member account was last updated. The
-    #   value is in milliseconds since the epoch.
+    #   value is an ISO8601 formatted string. For example,
+    #   `2021-08-18T16:35:56.284Z`.
     #   @return [Time]
     #
     # @!attribute [rw] volume_usage_in_bytes
@@ -631,7 +781,8 @@ module Aws::Detective
     #
     # @!attribute [rw] volume_usage_updated_time
     #   The data and time when the member account data volume was last
-    #   updated.
+    #   updated. The value is an ISO8601 formatted string. For example,
+    #   `2021-08-18T16:35:56.284Z`.
     #   @return [Time]
     #
     # @!attribute [rw] percent_of_graph_utilization
@@ -651,9 +802,20 @@ module Aws::Detective
     #
     # @!attribute [rw] percent_of_graph_utilization_updated_time
     #   The date and time when the graph utilization percentage was last
-    #   updated.
+    #   updated. The value is an ISO8601 formatted string. For example,
+    #   `2021-08-18T16:35:56.284Z`.
     #   @return [Time]
     #
+    # @!attribute [rw] invitation_type
+    #   The type of behavior graph membership.
+    #
+    #   For an organization account in the organization behavior graph, the
+    #   type is `ORGANIZATION`.
+    #
+    #   For an account that was invited to a behavior graph, the type is
+    #   `INVITATION`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/MemberDetail AWS API Documentation
     #
     class MemberDetail < Struct.new(
@@ -669,7 +831,8 @@ module Aws::Detective
       :volume_usage_in_bytes,
       :volume_usage_updated_time,
       :percent_of_graph_utilization,
-      :percent_of_graph_utilization_updated_time)
+      :percent_of_graph_utilization_updated_time,
+      :invitation_type)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -713,7 +876,7 @@ module Aws::Detective
     #
     # * The request would cause the number of member accounts in the
     #   behavior graph to exceed the maximum allowed. A behavior graph
-    #   cannot have more than 1000 member accounts.
+    #   cannot have more than 1200 member accounts.
     #
     # * The request would cause the data rate for the behavior graph to
     #   exceed the maximum allowed.
@@ -795,12 +958,26 @@ module Aws::Detective
     #
     class TagResourceResponse < Aws::EmptyStructure; end
 
+    # The request cannot be completed because too many other requests are
+    # occurring at the same time.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/TooManyRequestsException AWS API Documentation
+    #
+    class TooManyRequestsException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A member account that was included in a request but for which the
     # request could not be processed.
     #
     # @!attribute [rw] account_id
-    #   The AWS account identifier of the member account that was not
-    #   processed.
+    #   The Amazon Web Services account identifier of the member account
+    #   that was not processed.
     #   @return [String]
     #
     # @!attribute [rw] reason
@@ -846,6 +1023,32 @@ module Aws::Detective
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         graph_arn: "GraphArn", # required
+    #         auto_enable: false,
+    #       }
+    #
+    # @!attribute [rw] graph_arn
+    #   The ARN of the organization behavior graph.
+    #   @return [String]
+    #
+    # @!attribute [rw] auto_enable
+    #   Indicates whether to automatically enable new organization accounts
+    #   as member accounts in the organization behavior graph.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
+    #
+    class UpdateOrganizationConfigurationRequest < Struct.new(
+      :graph_arn,
+      :auto_enable)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request parameters are invalid.
     #
     # @!attribute [rw] message

data/lib/aws-sdk-detective.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-detective/customizations'
 # @!group service
 module Aws::Detective
 
-  GEM_VERSION = '1.25.0'
+  GEM_VERSION = '1.26.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-detective
 version: !ruby/object:Gem::Version
-  version: 1.25.0
+  version: 1.26.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core