aws-sdk-detective 1.25.0 → 1.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f793f2bcf579c8204cbaae8e915fc143f81038780670ef5f0ae938f751bb7399
4
- data.tar.gz: ee44b465465cb6455f848d775a62505268c11843b9029606822c6150cbd777da
3
+ metadata.gz: 905d4ac8d836aacc72ac74ffaadb3ed37c66f1637b6836719bc349b5b14d1271
4
+ data.tar.gz: 0b6e855a00ee47d2a58d04114e81942f115376f66ecafad95280b66a51656a58
5
5
  SHA512:
6
- metadata.gz: b6d066507d5f8c54f592c15332af0daa7da728b9d843b6923ce892374b48e11d37be9993a0a452d2be55998b0beadf8d6b1983c46cf14a551372e7ff8de72b62
7
- data.tar.gz: 8bb68fcc0b84f011042cc1af1b288deac6059c2b1e20f7bf3e7e17c7c4948d218f3001091680b3fc7b2508b72fe75b510151aad5cc258082771736317d9a1eb0
6
+ metadata.gz: 64b71da0efde12aab15225cc2e06d7aa224ff808c4ac5e7502dd07993b3547ef4106b876bbc3842bd5a29f65e3c85dcbeab222e635988d26715c6124949072bf
7
+ data.tar.gz: 15f1a0d4cebe6a237dfd57bac467329475b6e417c6bf076bffbb825a44b28357b2f7ee5a813fa42159dc174703e77e587ec035a4fa453cba02b3ade12b4448b7
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.26.0 (2022-01-03)
5
+ ------------------
6
+
7
+ * Feature - Added and updated API operations to support the Detective integration with AWS Organizations. New actions are used to manage the delegated administrator account and the integration configuration.
8
+
4
9
  1.25.0 (2021-12-21)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.25.0
1
+ 1.26.0
@@ -432,47 +432,62 @@ module Aws::Detective
432
432
  req.send_request(options)
433
433
  end
434
434
 
435
- # Sends a request to invite the specified AWS accounts to be member
436
- # accounts in the behavior graph. This operation can only be called by
437
- # the administrator account for a behavior graph.
435
+ # `CreateMembers` is used to send invitations to accounts. For the
436
+ # organization behavior graph, the Detective administrator account uses
437
+ # `CreateMembers` to enable organization accounts as member accounts.
438
+ #
439
+ # For invited accounts, `CreateMembers` sends a request to invite the
440
+ # specified Amazon Web Services accounts to be member accounts in the
441
+ # behavior graph. This operation can only be called by the administrator
442
+ # account for a behavior graph.
438
443
  #
439
444
  # `CreateMembers` verifies the accounts and then invites the verified
440
445
  # accounts. The administrator can optionally specify to not send
441
446
  # invitation emails to the member accounts. This would be used when the
442
447
  # administrator manages their member accounts centrally.
443
448
  #
449
+ # For organization accounts in the organization behavior graph,
450
+ # `CreateMembers` attempts to enable the accounts. The organization
451
+ # accounts do not receive invitations.
452
+ #
444
453
  # The request provides the behavior graph ARN and the list of accounts
445
- # to invite.
454
+ # to invite or to enable.
446
455
  #
447
456
  # The response separates the requested accounts into two lists:
448
457
  #
449
- # * The accounts that `CreateMembers` was able to start the verification
450
- # for. This list includes member accounts that are being verified,
451
- # that have passed verification and are to be invited, and that have
452
- # failed verification.
458
+ # * The accounts that `CreateMembers` was able to process. For invited
459
+ # accounts, includes member accounts that are being verified, that
460
+ # have passed verification and are to be invited, and that have failed
461
+ # verification. For organization accounts in the organization behavior
462
+ # graph, includes accounts that can be enabled and that cannot be
463
+ # enabled.
453
464
  #
454
465
  # * The accounts that `CreateMembers` was unable to process. This list
455
466
  # includes accounts that were already invited to be member accounts in
456
467
  # the behavior graph.
457
468
  #
458
469
  # @option params [required, String] :graph_arn
459
- # The ARN of the behavior graph to invite the member accounts to
460
- # contribute their data to.
470
+ # The ARN of the behavior graph.
461
471
  #
462
472
  # @option params [String] :message
463
473
  # Customized message text to include in the invitation email message to
464
474
  # the invited member accounts.
465
475
  #
466
476
  # @option params [Boolean] :disable_email_notification
467
- # if set to `true`, then the member accounts do not receive email
468
- # notifications. By default, this is set to `false`, and the member
477
+ # if set to `true`, then the invited accounts do not receive email
478
+ # notifications. By default, this is set to `false`, and the invited
469
479
  # accounts receive email notifications.
470
480
  #
481
+ # Organization accounts in the organization behavior graph do not
482
+ # receive email notifications.
483
+ #
471
484
  # @option params [required, Array<Types::Account>] :accounts
472
- # The list of AWS accounts to invite to become member accounts in the
473
- # behavior graph. You can invite up to 50 accounts at a time. For each
474
- # invited account, the account list contains the account identifier and
475
- # the AWS account root user email address.
485
+ # The list of Amazon Web Services accounts to invite or to enable. You
486
+ # can invite or enable up to 50 accounts at a time. For each invited
487
+ # account, the account list contains the account identifier and the
488
+ # Amazon Web Services account root user email address. For organization
489
+ # accounts in the organization behavior graph, the email address is not
490
+ # required.
476
491
  #
477
492
  # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
478
493
  #
@@ -509,6 +524,7 @@ module Aws::Detective
509
524
  # resp.members[0].volume_usage_updated_time #=> Time
510
525
  # resp.members[0].percent_of_graph_utilization #=> Float
511
526
  # resp.members[0].percent_of_graph_utilization_updated_time #=> Time
527
+ # resp.members[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
512
528
  # resp.unprocessed_accounts #=> Array
513
529
  # resp.unprocessed_accounts[0].account_id #=> String
514
530
  # resp.unprocessed_accounts[0].reason #=> String
@@ -523,8 +539,8 @@ module Aws::Detective
523
539
  end
524
540
 
525
541
  # Disables the specified behavior graph and queues it to be deleted.
526
- # This operation removes the graph from each member account's list of
527
- # behavior graphs.
542
+ # This operation removes the behavior graph from each member account's
543
+ # list of behavior graphs.
528
544
  #
529
545
  # `DeleteGraph` can only be called by the administrator account for a
530
546
  # behavior graph.
@@ -549,20 +565,32 @@ module Aws::Detective
549
565
  req.send_request(options)
550
566
  end
551
567
 
552
- # Deletes one or more member accounts from the administrator account's
553
- # behavior graph. This operation can only be called by a Detective
554
- # administrator account. That account cannot use `DeleteMembers` to
555
- # delete their own account from the behavior graph. To disable a
556
- # behavior graph, the administrator account uses the `DeleteGraph` API
557
- # method.
568
+ # Removes the specified member accounts from the behavior graph. The
569
+ # removed accounts no longer contribute data to the behavior graph. This
570
+ # operation can only be called by the administrator account for the
571
+ # behavior graph.
572
+ #
573
+ # For invited accounts, the removed accounts are deleted from the list
574
+ # of accounts in the behavior graph. To restore the account, the
575
+ # administrator account must send another invitation.
576
+ #
577
+ # For organization accounts in the organization behavior graph, the
578
+ # Detective administrator account can always enable the organization
579
+ # account again. Organization accounts that are not enabled as member
580
+ # accounts are not included in the `ListMembers` results for the
581
+ # organization behavior graph.
582
+ #
583
+ # An administrator account cannot use `DeleteMembers` to remove their
584
+ # own account from the behavior graph. To disable a behavior graph, the
585
+ # administrator account uses the `DeleteGraph` API method.
558
586
  #
559
587
  # @option params [required, String] :graph_arn
560
- # The ARN of the behavior graph to delete members from.
588
+ # The ARN of the behavior graph to remove members from.
561
589
  #
562
590
  # @option params [required, Array<String>] :account_ids
563
- # The list of AWS account identifiers for the member accounts to delete
564
- # from the behavior graph. You can delete up to 50 member accounts at a
565
- # time.
591
+ # The list of Amazon Web Services account identifiers for the member
592
+ # accounts to remove from the behavior graph. You can remove up to 50
593
+ # member accounts at a time.
566
594
  #
567
595
  # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
568
596
  #
@@ -593,10 +621,66 @@ module Aws::Detective
593
621
  req.send_request(options)
594
622
  end
595
623
 
624
+ # Returns information about the configuration for the organization
625
+ # behavior graph. Currently indicates whether to automatically enable
626
+ # new organization accounts as member accounts.
627
+ #
628
+ # Can only be called by the Detective administrator account for the
629
+ # organization.
630
+ #
631
+ # @option params [required, String] :graph_arn
632
+ # The ARN of the organization behavior graph.
633
+ #
634
+ # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
635
+ #
636
+ # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
637
+ #
638
+ # @example Request syntax with placeholder values
639
+ #
640
+ # resp = client.describe_organization_configuration({
641
+ # graph_arn: "GraphArn", # required
642
+ # })
643
+ #
644
+ # @example Response structure
645
+ #
646
+ # resp.auto_enable #=> Boolean
647
+ #
648
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
649
+ #
650
+ # @overload describe_organization_configuration(params = {})
651
+ # @param [Hash] params ({})
652
+ def describe_organization_configuration(params = {}, options = {})
653
+ req = build_request(:describe_organization_configuration, params)
654
+ req.send_request(options)
655
+ end
656
+
657
+ # Removes the Detective administrator account for the organization in
658
+ # the current Region. Deletes the behavior graph for that account.
659
+ #
660
+ # Can only be called by the organization management account. Before you
661
+ # can select a different Detective administrator account, you must
662
+ # remove the Detective administrator account in all Regions.
663
+ #
664
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
665
+ #
666
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
667
+ #
668
+ # @overload disable_organization_admin_account(params = {})
669
+ # @param [Hash] params ({})
670
+ def disable_organization_admin_account(params = {}, options = {})
671
+ req = build_request(:disable_organization_admin_account, params)
672
+ req.send_request(options)
673
+ end
674
+
596
675
  # Removes the member account from the specified behavior graph. This
597
- # operation can only be called by a member account that has the
676
+ # operation can only be called by an invited member account that has the
598
677
  # `ENABLED` status.
599
678
  #
679
+ # `DisassociateMembership` cannot be called by an organization account
680
+ # in the organization behavior graph. For the organization behavior
681
+ # graph, the Detective administrator account determines which
682
+ # organization accounts to enable or disable as member accounts.
683
+ #
600
684
  # @option params [required, String] :graph_arn
601
685
  # The ARN of the behavior graph to remove the member account from.
602
686
  #
@@ -620,6 +704,40 @@ module Aws::Detective
620
704
  req.send_request(options)
621
705
  end
622
706
 
707
+ # Designates the Detective administrator account for the organization in
708
+ # the current Region.
709
+ #
710
+ # If the account does not have Detective enabled, then enables Detective
711
+ # for that account and creates a new behavior graph.
712
+ #
713
+ # Can only be called by the organization management account.
714
+ #
715
+ # The Detective administrator account for an organization must be the
716
+ # same in all Regions. If you already designated a Detective
717
+ # administrator account in another Region, then you must designate the
718
+ # same account.
719
+ #
720
+ # @option params [required, String] :account_id
721
+ # The Amazon Web Services account identifier of the account to designate
722
+ # as the Detective administrator account for the organization.
723
+ #
724
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
725
+ #
726
+ # @example Request syntax with placeholder values
727
+ #
728
+ # resp = client.enable_organization_admin_account({
729
+ # account_id: "AccountId", # required
730
+ # })
731
+ #
732
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
733
+ #
734
+ # @overload enable_organization_admin_account(params = {})
735
+ # @param [Hash] params ({})
736
+ def enable_organization_admin_account(params = {}, options = {})
737
+ req = build_request(:enable_organization_admin_account, params)
738
+ req.send_request(options)
739
+ end
740
+
623
741
  # Returns the membership details for specified member accounts for a
624
742
  # behavior graph.
625
743
  #
@@ -627,9 +745,9 @@ module Aws::Detective
627
745
  # The ARN of the behavior graph for which to request the member details.
628
746
  #
629
747
  # @option params [required, Array<String>] :account_ids
630
- # The list of AWS account identifiers for the member account for which
631
- # to return member details. You can request details for up to 50 member
632
- # accounts at a time.
748
+ # The list of Amazon Web Services account identifiers for the member
749
+ # account for which to return member details. You can request details
750
+ # for up to 50 member accounts at a time.
633
751
  #
634
752
  # You cannot use `GetMembers` to retrieve information about member
635
753
  # accounts that were removed from the behavior graph.
@@ -662,6 +780,7 @@ module Aws::Detective
662
780
  # resp.member_details[0].volume_usage_updated_time #=> Time
663
781
  # resp.member_details[0].percent_of_graph_utilization #=> Float
664
782
  # resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
783
+ # resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
665
784
  # resp.unprocessed_accounts #=> Array
666
785
  # resp.unprocessed_accounts[0].account_id #=> String
667
786
  # resp.unprocessed_accounts[0].reason #=> String
@@ -724,8 +843,8 @@ module Aws::Detective
724
843
  end
725
844
 
726
845
  # Retrieves the list of open and accepted behavior graph invitations for
727
- # the member account. This operation can only be called by a member
728
- # account.
846
+ # the member account. This operation can only be called by an invited
847
+ # member account.
729
848
  #
730
849
  # Open invitations are invitations that the member account has not
731
850
  # responded to.
@@ -775,6 +894,7 @@ module Aws::Detective
775
894
  # resp.invitations[0].volume_usage_updated_time #=> Time
776
895
  # resp.invitations[0].percent_of_graph_utilization #=> Float
777
896
  # resp.invitations[0].percent_of_graph_utilization_updated_time #=> Time
897
+ # resp.invitations[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
778
898
  # resp.next_token #=> String
779
899
  #
780
900
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvitations AWS API Documentation
@@ -786,8 +906,14 @@ module Aws::Detective
786
906
  req.send_request(options)
787
907
  end
788
908
 
789
- # Retrieves the list of member accounts for a behavior graph. Does not
790
- # return member accounts that were removed from the behavior graph.
909
+ # Retrieves the list of member accounts for a behavior graph.
910
+ #
911
+ # For invited accounts, the results do not include member accounts that
912
+ # were removed from the behavior graph.
913
+ #
914
+ # For the organization behavior graph, the results do not include
915
+ # organization accounts that the Detective administrator account has not
916
+ # enabled as member accounts.
791
917
  #
792
918
  # @option params [required, String] :graph_arn
793
919
  # The ARN of the behavior graph for which to retrieve the list of member
@@ -834,6 +960,7 @@ module Aws::Detective
834
960
  # resp.member_details[0].volume_usage_updated_time #=> Time
835
961
  # resp.member_details[0].percent_of_graph_utilization #=> Float
836
962
  # resp.member_details[0].percent_of_graph_utilization_updated_time #=> Time
963
+ # resp.member_details[0].invitation_type #=> String, one of "INVITATION", "ORGANIZATION"
837
964
  # resp.next_token #=> String
838
965
  #
839
966
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListMembers AWS API Documentation
@@ -845,6 +972,49 @@ module Aws::Detective
845
972
  req.send_request(options)
846
973
  end
847
974
 
975
+ # Returns information about the Detective administrator account for an
976
+ # organization. Can only be called by the organization management
977
+ # account.
978
+ #
979
+ # @option params [String] :next_token
980
+ # For requests to get the next page of results, the pagination token
981
+ # that was returned with the previous set of results. The initial
982
+ # request does not include a pagination token.
983
+ #
984
+ # @option params [Integer] :max_results
985
+ # The maximum number of results to return.
986
+ #
987
+ # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
988
+ #
989
+ # * {Types::ListOrganizationAdminAccountsResponse#administrators #administrators} => Array&lt;Types::Administrator&gt;
990
+ # * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
991
+ #
992
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
993
+ #
994
+ # @example Request syntax with placeholder values
995
+ #
996
+ # resp = client.list_organization_admin_accounts({
997
+ # next_token: "PaginationToken",
998
+ # max_results: 1,
999
+ # })
1000
+ #
1001
+ # @example Response structure
1002
+ #
1003
+ # resp.administrators #=> Array
1004
+ # resp.administrators[0].account_id #=> String
1005
+ # resp.administrators[0].graph_arn #=> String
1006
+ # resp.administrators[0].delegation_time #=> Time
1007
+ # resp.next_token #=> String
1008
+ #
1009
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
1010
+ #
1011
+ # @overload list_organization_admin_accounts(params = {})
1012
+ # @param [Hash] params ({})
1013
+ def list_organization_admin_accounts(params = {}, options = {})
1014
+ req = build_request(:list_organization_admin_accounts, params)
1015
+ req.send_request(options)
1016
+ end
1017
+
848
1018
  # Returns the tag values that are assigned to a behavior graph.
849
1019
  #
850
1020
  # @option params [required, String] :resource_arn
@@ -875,8 +1045,12 @@ module Aws::Detective
875
1045
  end
876
1046
 
877
1047
  # Rejects an invitation to contribute the account data to a behavior
878
- # graph. This operation must be called by a member account that has the
879
- # `INVITED` status.
1048
+ # graph. This operation must be called by an invited member account that
1049
+ # has the `INVITED` status.
1050
+ #
1051
+ # `RejectInvitation` cannot be called by an organization account in the
1052
+ # organization behavior graph. In the organization behavior graph,
1053
+ # organization accounts do not receive an invitation.
880
1054
  #
881
1055
  # @option params [required, String] :graph_arn
882
1056
  # The ARN of the behavior graph to reject the invitation to.
@@ -997,6 +1171,35 @@ module Aws::Detective
997
1171
  req.send_request(options)
998
1172
  end
999
1173
 
1174
+ # Updates the configuration for the Organizations integration in the
1175
+ # current Region. Can only be called by the Detective administrator
1176
+ # account for the organization.
1177
+ #
1178
+ # @option params [required, String] :graph_arn
1179
+ # The ARN of the organization behavior graph.
1180
+ #
1181
+ # @option params [Boolean] :auto_enable
1182
+ # Indicates whether to automatically enable new organization accounts as
1183
+ # member accounts in the organization behavior graph.
1184
+ #
1185
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1186
+ #
1187
+ # @example Request syntax with placeholder values
1188
+ #
1189
+ # resp = client.update_organization_configuration({
1190
+ # graph_arn: "GraphArn", # required
1191
+ # auto_enable: false,
1192
+ # })
1193
+ #
1194
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
1195
+ #
1196
+ # @overload update_organization_configuration(params = {})
1197
+ # @param [Hash] params ({})
1198
+ def update_organization_configuration(params = {}, options = {})
1199
+ req = build_request(:update_organization_configuration, params)
1200
+ req.send_request(options)
1201
+ end
1202
+
1000
1203
  # @!endgroup
1001
1204
 
1002
1205
  # @param params ({})
@@ -1010,7 +1213,7 @@ module Aws::Detective
1010
1213
  params: params,
1011
1214
  config: config)
1012
1215
  context[:gem_name] = 'aws-sdk-detective'
1013
- context[:gem_version] = '1.25.0'
1216
+ context[:gem_version] = '1.26.0'
1014
1217
  Seahorse::Client::Request.new(handlers, context)
1015
1218
  end
1016
1219
 
@@ -18,6 +18,8 @@ module Aws::Detective
18
18
  AccountId = Shapes::StringShape.new(name: 'AccountId')
19
19
  AccountIdList = Shapes::ListShape.new(name: 'AccountIdList')
20
20
  AccountList = Shapes::ListShape.new(name: 'AccountList')
21
+ Administrator = Shapes::StructureShape.new(name: 'Administrator')
22
+ AdministratorList = Shapes::ListShape.new(name: 'AdministratorList')
21
23
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
22
24
  ByteValue = Shapes::IntegerShape.new(name: 'ByteValue')
23
25
  ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
@@ -28,9 +30,12 @@ module Aws::Detective
28
30
  DeleteGraphRequest = Shapes::StructureShape.new(name: 'DeleteGraphRequest')
29
31
  DeleteMembersRequest = Shapes::StructureShape.new(name: 'DeleteMembersRequest')
30
32
  DeleteMembersResponse = Shapes::StructureShape.new(name: 'DeleteMembersResponse')
33
+ DescribeOrganizationConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeOrganizationConfigurationRequest')
34
+ DescribeOrganizationConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeOrganizationConfigurationResponse')
31
35
  DisassociateMembershipRequest = Shapes::StructureShape.new(name: 'DisassociateMembershipRequest')
32
36
  EmailAddress = Shapes::StringShape.new(name: 'EmailAddress')
33
37
  EmailMessage = Shapes::StringShape.new(name: 'EmailMessage')
38
+ EnableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountRequest')
34
39
  ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
35
40
  GetMembersRequest = Shapes::StructureShape.new(name: 'GetMembersRequest')
36
41
  GetMembersResponse = Shapes::StructureShape.new(name: 'GetMembersResponse')
@@ -38,12 +43,15 @@ module Aws::Detective
38
43
  GraphArn = Shapes::StringShape.new(name: 'GraphArn')
39
44
  GraphList = Shapes::ListShape.new(name: 'GraphList')
40
45
  InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
46
+ InvitationType = Shapes::StringShape.new(name: 'InvitationType')
41
47
  ListGraphsRequest = Shapes::StructureShape.new(name: 'ListGraphsRequest')
42
48
  ListGraphsResponse = Shapes::StructureShape.new(name: 'ListGraphsResponse')
43
49
  ListInvitationsRequest = Shapes::StructureShape.new(name: 'ListInvitationsRequest')
44
50
  ListInvitationsResponse = Shapes::StructureShape.new(name: 'ListInvitationsResponse')
45
51
  ListMembersRequest = Shapes::StructureShape.new(name: 'ListMembersRequest')
46
52
  ListMembersResponse = Shapes::StructureShape.new(name: 'ListMembersResponse')
53
+ ListOrganizationAdminAccountsRequest = Shapes::StructureShape.new(name: 'ListOrganizationAdminAccountsRequest')
54
+ ListOrganizationAdminAccountsResponse = Shapes::StructureShape.new(name: 'ListOrganizationAdminAccountsResponse')
47
55
  ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
48
56
  ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
49
57
  MemberDetail = Shapes::StructureShape.new(name: 'MemberDetail')
@@ -64,11 +72,13 @@ module Aws::Detective
64
72
  TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
65
73
  TagValue = Shapes::StringShape.new(name: 'TagValue')
66
74
  Timestamp = Shapes::TimestampShape.new(name: 'Timestamp', timestampFormat: "iso8601")
75
+ TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
67
76
  UnprocessedAccount = Shapes::StructureShape.new(name: 'UnprocessedAccount')
68
77
  UnprocessedAccountList = Shapes::ListShape.new(name: 'UnprocessedAccountList')
69
78
  UnprocessedReason = Shapes::StringShape.new(name: 'UnprocessedReason')
70
79
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
71
80
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
81
+ UpdateOrganizationConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateOrganizationConfigurationRequest')
72
82
  ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
73
83
 
74
84
  AcceptInvitationRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
@@ -82,6 +92,13 @@ module Aws::Detective
82
92
 
83
93
  AccountList.member = Shapes::ShapeRef.new(shape: Account)
84
94
 
95
+ Administrator.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
96
+ Administrator.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, location_name: "GraphArn"))
97
+ Administrator.add_member(:delegation_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "DelegationTime"))
98
+ Administrator.struct_class = Types::Administrator
99
+
100
+ AdministratorList.member = Shapes::ShapeRef.new(shape: Administrator)
101
+
85
102
  ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
86
103
  ConflictException.struct_class = Types::ConflictException
87
104
 
@@ -112,9 +129,18 @@ module Aws::Detective
112
129
  DeleteMembersResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: UnprocessedAccountList, location_name: "UnprocessedAccounts"))
113
130
  DeleteMembersResponse.struct_class = Types::DeleteMembersResponse
114
131
 
132
+ DescribeOrganizationConfigurationRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
133
+ DescribeOrganizationConfigurationRequest.struct_class = Types::DescribeOrganizationConfigurationRequest
134
+
135
+ DescribeOrganizationConfigurationResponse.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnable"))
136
+ DescribeOrganizationConfigurationResponse.struct_class = Types::DescribeOrganizationConfigurationResponse
137
+
115
138
  DisassociateMembershipRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
116
139
  DisassociateMembershipRequest.struct_class = Types::DisassociateMembershipRequest
117
140
 
141
+ EnableOrganizationAdminAccountRequest.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
142
+ EnableOrganizationAdminAccountRequest.struct_class = Types::EnableOrganizationAdminAccountRequest
143
+
118
144
  GetMembersRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
119
145
  GetMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, required: true, location_name: "AccountIds"))
120
146
  GetMembersRequest.struct_class = Types::GetMembersRequest
@@ -157,6 +183,14 @@ module Aws::Detective
157
183
  ListMembersResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
158
184
  ListMembersResponse.struct_class = Types::ListMembersResponse
159
185
 
186
+ ListOrganizationAdminAccountsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
187
+ ListOrganizationAdminAccountsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MemberResultsLimit, location_name: "MaxResults"))
188
+ ListOrganizationAdminAccountsRequest.struct_class = Types::ListOrganizationAdminAccountsRequest
189
+
190
+ ListOrganizationAdminAccountsResponse.add_member(:administrators, Shapes::ShapeRef.new(shape: AdministratorList, location_name: "Administrators"))
191
+ ListOrganizationAdminAccountsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
192
+ ListOrganizationAdminAccountsResponse.struct_class = Types::ListOrganizationAdminAccountsResponse
193
+
160
194
  ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location: "uri", location_name: "ResourceArn"))
161
195
  ListTagsForResourceRequest.struct_class = Types::ListTagsForResourceRequest
162
196
 
@@ -176,6 +210,7 @@ module Aws::Detective
176
210
  MemberDetail.add_member(:volume_usage_updated_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "VolumeUsageUpdatedTime"))
177
211
  MemberDetail.add_member(:percent_of_graph_utilization, Shapes::ShapeRef.new(shape: Percentage, deprecated: true, location_name: "PercentOfGraphUtilization", metadata: {"deprecatedMessage"=>"This property is deprecated. Use VolumeUsageInBytes instead."}))
178
212
  MemberDetail.add_member(:percent_of_graph_utilization_updated_time, Shapes::ShapeRef.new(shape: Timestamp, deprecated: true, location_name: "PercentOfGraphUtilizationUpdatedTime", metadata: {"deprecatedMessage"=>"This property is deprecated. Use VolumeUsageUpdatedTime instead."}))
213
+ MemberDetail.add_member(:invitation_type, Shapes::ShapeRef.new(shape: InvitationType, location_name: "InvitationType"))
179
214
  MemberDetail.struct_class = Types::MemberDetail
180
215
 
181
216
  MemberDetailList.member = Shapes::ShapeRef.new(shape: MemberDetail)
@@ -204,6 +239,9 @@ module Aws::Detective
204
239
 
205
240
  TagResourceResponse.struct_class = Types::TagResourceResponse
206
241
 
242
+ TooManyRequestsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
243
+ TooManyRequestsException.struct_class = Types::TooManyRequestsException
244
+
207
245
  UnprocessedAccount.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
208
246
  UnprocessedAccount.add_member(:reason, Shapes::ShapeRef.new(shape: UnprocessedReason, location_name: "Reason"))
209
247
  UnprocessedAccount.struct_class = Types::UnprocessedAccount
@@ -216,6 +254,10 @@ module Aws::Detective
216
254
 
217
255
  UntagResourceResponse.struct_class = Types::UntagResourceResponse
218
256
 
257
+ UpdateOrganizationConfigurationRequest.add_member(:graph_arn, Shapes::ShapeRef.new(shape: GraphArn, required: true, location_name: "GraphArn"))
258
+ UpdateOrganizationConfigurationRequest.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnable"))
259
+ UpdateOrganizationConfigurationRequest.struct_class = Types::UpdateOrganizationConfigurationRequest
260
+
219
261
  ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
220
262
  ValidationException.struct_class = Types::ValidationException
221
263
 
@@ -295,6 +337,28 @@ module Aws::Detective
295
337
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
296
338
  end)
297
339
 
340
+ api.add_operation(:describe_organization_configuration, Seahorse::Model::Operation.new.tap do |o|
341
+ o.name = "DescribeOrganizationConfiguration"
342
+ o.http_method = "POST"
343
+ o.http_request_uri = "/orgs/describeOrganizationConfiguration"
344
+ o.input = Shapes::ShapeRef.new(shape: DescribeOrganizationConfigurationRequest)
345
+ o.output = Shapes::ShapeRef.new(shape: DescribeOrganizationConfigurationResponse)
346
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
347
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
348
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
349
+ end)
350
+
351
+ api.add_operation(:disable_organization_admin_account, Seahorse::Model::Operation.new.tap do |o|
352
+ o.name = "DisableOrganizationAdminAccount"
353
+ o.http_method = "POST"
354
+ o.http_request_uri = "/orgs/disableAdminAccount"
355
+ o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
356
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
357
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
358
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
359
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
360
+ end)
361
+
298
362
  api.add_operation(:disassociate_membership, Seahorse::Model::Operation.new.tap do |o|
299
363
  o.name = "DisassociateMembership"
300
364
  o.http_method = "POST"
@@ -307,6 +371,17 @@ module Aws::Detective
307
371
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
308
372
  end)
309
373
 
374
+ api.add_operation(:enable_organization_admin_account, Seahorse::Model::Operation.new.tap do |o|
375
+ o.name = "EnableOrganizationAdminAccount"
376
+ o.http_method = "POST"
377
+ o.http_request_uri = "/orgs/enableAdminAccount"
378
+ o.input = Shapes::ShapeRef.new(shape: EnableOrganizationAdminAccountRequest)
379
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
380
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
381
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
382
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
383
+ end)
384
+
310
385
  api.add_operation(:get_members, Seahorse::Model::Operation.new.tap do |o|
311
386
  o.name = "GetMembers"
312
387
  o.http_method = "POST"
@@ -367,6 +442,23 @@ module Aws::Detective
367
442
  )
368
443
  end)
369
444
 
445
+ api.add_operation(:list_organization_admin_accounts, Seahorse::Model::Operation.new.tap do |o|
446
+ o.name = "ListOrganizationAdminAccounts"
447
+ o.http_method = "POST"
448
+ o.http_request_uri = "/orgs/adminAccountslist"
449
+ o.input = Shapes::ShapeRef.new(shape: ListOrganizationAdminAccountsRequest)
450
+ o.output = Shapes::ShapeRef.new(shape: ListOrganizationAdminAccountsResponse)
451
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
452
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
453
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
454
+ o[:pager] = Aws::Pager.new(
455
+ limit_key: "max_results",
456
+ tokens: {
457
+ "next_token" => "next_token"
458
+ }
459
+ )
460
+ end)
461
+
370
462
  api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
371
463
  o.name = "ListTagsForResource"
372
464
  o.http_method = "GET"
@@ -424,6 +516,17 @@ module Aws::Detective
424
516
  o.errors << Shapes::ShapeRef.new(shape: ValidationException)
425
517
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
426
518
  end)
519
+
520
+ api.add_operation(:update_organization_configuration, Seahorse::Model::Operation.new.tap do |o|
521
+ o.name = "UpdateOrganizationConfiguration"
522
+ o.http_method = "POST"
523
+ o.http_request_uri = "/orgs/updateOrganizationConfiguration"
524
+ o.input = Shapes::ShapeRef.new(shape: UpdateOrganizationConfigurationRequest)
525
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
526
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
527
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
528
+ o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
529
+ end)
427
530
  end
428
531
 
429
532
  end
@@ -31,6 +31,7 @@ module Aws::Detective
31
31
  # * {InternalServerException}
32
32
  # * {ResourceNotFoundException}
33
33
  # * {ServiceQuotaExceededException}
34
+ # * {TooManyRequestsException}
34
35
  # * {ValidationException}
35
36
  #
36
37
  # Additionally, error classes are dynamically generated for service errors based on the error code
@@ -99,6 +100,21 @@ module Aws::Detective
99
100
  end
100
101
  end
101
102
 
103
+ class TooManyRequestsException < ServiceError
104
+
105
+ # @param [Seahorse::Client::RequestContext] context
106
+ # @param [String] message
107
+ # @param [Aws::Detective::Types::TooManyRequestsException] data
108
+ def initialize(context, message, data = Aws::EmptyStructure.new)
109
+ super(context, message, data)
110
+ end
111
+
112
+ # @return [String]
113
+ def message
114
+ @message || @data[:message]
115
+ end
116
+ end
117
+
102
118
  class ValidationException < ServiceError
103
119
 
104
120
  # @param [Seahorse::Client::RequestContext] context
@@ -32,8 +32,8 @@ module Aws::Detective
32
32
  include Aws::Structure
33
33
  end
34
34
 
35
- # An AWS account that is the administrator account of or a member of a
36
- # behavior graph.
35
+ # An Amazon Web Services account that is the administrator account of or
36
+ # a member of a behavior graph.
37
37
  #
38
38
  # @note When making an API call, you may pass Account
39
39
  # data as a hash:
@@ -44,11 +44,12 @@ module Aws::Detective
44
44
  # }
45
45
  #
46
46
  # @!attribute [rw] account_id
47
- # The account identifier of the AWS account.
47
+ # The account identifier of the Amazon Web Services account.
48
48
  # @return [String]
49
49
  #
50
50
  # @!attribute [rw] email_address
51
- # The AWS account root user email address for the AWS account.
51
+ # The Amazon Web Services account root user email address for the
52
+ # Amazon Web Services account.
52
53
  # @return [String]
53
54
  #
54
55
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Account AWS API Documentation
@@ -60,6 +61,34 @@ module Aws::Detective
60
61
  include Aws::Structure
61
62
  end
62
63
 
64
+ # Information about the Detective administrator account for an
65
+ # organization.
66
+ #
67
+ # @!attribute [rw] account_id
68
+ # The Amazon Web Services account identifier of the Detective
69
+ # administrator account for the organization.
70
+ # @return [String]
71
+ #
72
+ # @!attribute [rw] graph_arn
73
+ # The ARN of the organization behavior graph.
74
+ # @return [String]
75
+ #
76
+ # @!attribute [rw] delegation_time
77
+ # The date and time when the Detective administrator account was
78
+ # enabled. The value is an ISO8601 formatted string. For example,
79
+ # `2021-08-18T16:35:56.284Z`.
80
+ # @return [Time]
81
+ #
82
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Administrator AWS API Documentation
83
+ #
84
+ class Administrator < Struct.new(
85
+ :account_id,
86
+ :graph_arn,
87
+ :delegation_time)
88
+ SENSITIVE = []
89
+ include Aws::Structure
90
+ end
91
+
63
92
  # The request attempted an invalid action.
64
93
  #
65
94
  # @!attribute [rw] message
@@ -125,8 +154,7 @@ module Aws::Detective
125
154
  # }
126
155
  #
127
156
  # @!attribute [rw] graph_arn
128
- # The ARN of the behavior graph to invite the member accounts to
129
- # contribute their data to.
157
+ # The ARN of the behavior graph.
130
158
  # @return [String]
131
159
  #
132
160
  # @!attribute [rw] message
@@ -135,16 +163,21 @@ module Aws::Detective
135
163
  # @return [String]
136
164
  #
137
165
  # @!attribute [rw] disable_email_notification
138
- # if set to `true`, then the member accounts do not receive email
139
- # notifications. By default, this is set to `false`, and the member
166
+ # if set to `true`, then the invited accounts do not receive email
167
+ # notifications. By default, this is set to `false`, and the invited
140
168
  # accounts receive email notifications.
169
+ #
170
+ # Organization accounts in the organization behavior graph do not
171
+ # receive email notifications.
141
172
  # @return [Boolean]
142
173
  #
143
174
  # @!attribute [rw] accounts
144
- # The list of AWS accounts to invite to become member accounts in the
145
- # behavior graph. You can invite up to 50 accounts at a time. For each
146
- # invited account, the account list contains the account identifier
147
- # and the AWS account root user email address.
175
+ # The list of Amazon Web Services accounts to invite or to enable. You
176
+ # can invite or enable up to 50 accounts at a time. For each invited
177
+ # account, the account list contains the account identifier and the
178
+ # Amazon Web Services account root user email address. For
179
+ # organization accounts in the organization behavior graph, the email
180
+ # address is not required.
148
181
  # @return [Array<Types::Account>]
149
182
  #
150
183
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/CreateMembersRequest AWS API Documentation
@@ -159,17 +192,18 @@ module Aws::Detective
159
192
  end
160
193
 
161
194
  # @!attribute [rw] members
162
- # The set of member account invitation requests that Detective was
163
- # able to process. This includes accounts that are being verified,
164
- # that failed verification, and that passed verification and are being
165
- # sent an invitation.
195
+ # The set of member account invitation or enablement requests that
196
+ # Detective was able to process. This includes accounts that are being
197
+ # verified, that failed verification, and that passed verification and
198
+ # are being sent an invitation or are being enabled.
166
199
  # @return [Array<Types::MemberDetail>]
167
200
  #
168
201
  # @!attribute [rw] unprocessed_accounts
169
202
  # The list of accounts for which Detective was unable to process the
170
- # invitation request. For each account, the list provides the reason
171
- # why the request could not be processed. The list includes accounts
172
- # that are already member accounts in the behavior graph.
203
+ # invitation or enablement request. For each account, the list
204
+ # provides the reason why the request could not be processed. The list
205
+ # includes accounts that are already member accounts in the behavior
206
+ # graph.
173
207
  # @return [Array<Types::UnprocessedAccount>]
174
208
  #
175
209
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/CreateMembersResponse AWS API Documentation
@@ -209,13 +243,13 @@ module Aws::Detective
209
243
  # }
210
244
  #
211
245
  # @!attribute [rw] graph_arn
212
- # The ARN of the behavior graph to delete members from.
246
+ # The ARN of the behavior graph to remove members from.
213
247
  # @return [String]
214
248
  #
215
249
  # @!attribute [rw] account_ids
216
- # The list of AWS account identifiers for the member accounts to
217
- # delete from the behavior graph. You can delete up to 50 member
218
- # accounts at a time.
250
+ # The list of Amazon Web Services account identifiers for the member
251
+ # accounts to remove from the behavior graph. You can remove up to 50
252
+ # member accounts at a time.
219
253
  # @return [Array<String>]
220
254
  #
221
255
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DeleteMembersRequest AWS API Documentation
@@ -228,12 +262,13 @@ module Aws::Detective
228
262
  end
229
263
 
230
264
  # @!attribute [rw] account_ids
231
- # The list of AWS account identifiers for the member accounts that
232
- # Detective successfully deleted from the behavior graph.
265
+ # The list of Amazon Web Services account identifiers for the member
266
+ # accounts that Detective successfully removed from the behavior
267
+ # graph.
233
268
  # @return [Array<String>]
234
269
  #
235
270
  # @!attribute [rw] unprocessed_accounts
236
- # The list of member accounts that Detective was not able to delete
271
+ # The list of member accounts that Detective was not able to remove
237
272
  # from the behavior graph. For each member account, provides the
238
273
  # reason that the deletion could not be processed.
239
274
  # @return [Array<Types::UnprocessedAccount>]
@@ -247,6 +282,38 @@ module Aws::Detective
247
282
  include Aws::Structure
248
283
  end
249
284
 
285
+ # @note When making an API call, you may pass DescribeOrganizationConfigurationRequest
286
+ # data as a hash:
287
+ #
288
+ # {
289
+ # graph_arn: "GraphArn", # required
290
+ # }
291
+ #
292
+ # @!attribute [rw] graph_arn
293
+ # The ARN of the organization behavior graph.
294
+ # @return [String]
295
+ #
296
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfigurationRequest AWS API Documentation
297
+ #
298
+ class DescribeOrganizationConfigurationRequest < Struct.new(
299
+ :graph_arn)
300
+ SENSITIVE = []
301
+ include Aws::Structure
302
+ end
303
+
304
+ # @!attribute [rw] auto_enable
305
+ # Indicates whether to automatically enable new organization accounts
306
+ # as member accounts in the organization behavior graph.
307
+ # @return [Boolean]
308
+ #
309
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
310
+ #
311
+ class DescribeOrganizationConfigurationResponse < Struct.new(
312
+ :auto_enable)
313
+ SENSITIVE = []
314
+ include Aws::Structure
315
+ end
316
+
250
317
  # @note When making an API call, you may pass DisassociateMembershipRequest
251
318
  # data as a hash:
252
319
  #
@@ -269,6 +336,27 @@ module Aws::Detective
269
336
  include Aws::Structure
270
337
  end
271
338
 
339
+ # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
340
+ # data as a hash:
341
+ #
342
+ # {
343
+ # account_id: "AccountId", # required
344
+ # }
345
+ #
346
+ # @!attribute [rw] account_id
347
+ # The Amazon Web Services account identifier of the account to
348
+ # designate as the Detective administrator account for the
349
+ # organization.
350
+ # @return [String]
351
+ #
352
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/EnableOrganizationAdminAccountRequest AWS API Documentation
353
+ #
354
+ class EnableOrganizationAdminAccountRequest < Struct.new(
355
+ :account_id)
356
+ SENSITIVE = []
357
+ include Aws::Structure
358
+ end
359
+
272
360
  # @note When making an API call, you may pass GetMembersRequest
273
361
  # data as a hash:
274
362
  #
@@ -283,9 +371,9 @@ module Aws::Detective
283
371
  # @return [String]
284
372
  #
285
373
  # @!attribute [rw] account_ids
286
- # The list of AWS account identifiers for the member account for which
287
- # to return member details. You can request details for up to 50
288
- # member accounts at a time.
374
+ # The list of Amazon Web Services account identifiers for the member
375
+ # account for which to return member details. You can request details
376
+ # for up to 50 member accounts at a time.
289
377
  #
290
378
  # You cannot use `GetMembers` to retrieve information about member
291
379
  # accounts that were removed from the behavior graph.
@@ -330,7 +418,8 @@ module Aws::Detective
330
418
  #
331
419
  # @!attribute [rw] created_time
332
420
  # The date and time that the behavior graph was created. The value is
333
- # in milliseconds since the epoch.
421
+ # an ISO8601 formatted string. For example,
422
+ # `2021-08-18T16:35:56.284Z`.
334
423
  # @return [Time]
335
424
  #
336
425
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Graph AWS API Documentation
@@ -493,16 +582,19 @@ module Aws::Detective
493
582
  # @!attribute [rw] member_details
494
583
  # The list of member accounts in the behavior graph.
495
584
  #
496
- # The results include member accounts that did not pass verification
497
- # and member accounts that have not yet accepted the invitation to the
498
- # behavior graph. The results do not include member accounts that were
499
- # removed from the behavior graph.
585
+ # For invited accounts, the results include member accounts that did
586
+ # not pass verification and member accounts that have not yet accepted
587
+ # the invitation to the behavior graph. The results do not include
588
+ # member accounts that were removed from the behavior graph.
589
+ #
590
+ # For the organization behavior graph, the results do not include
591
+ # organization accounts that the Detective administrator account has
592
+ # not enabled as member accounts.
500
593
  # @return [Array<Types::MemberDetail>]
501
594
  #
502
595
  # @!attribute [rw] next_token
503
- # If there are more member accounts remaining in the results, then
504
- # this is the pagination token to use to request the next page of
505
- # member accounts.
596
+ # If there are more member accounts remaining in the results, then use
597
+ # this pagination token to request the next page of member accounts.
506
598
  # @return [String]
507
599
  #
508
600
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListMembersResponse AWS API Documentation
@@ -514,6 +606,51 @@ module Aws::Detective
514
606
  include Aws::Structure
515
607
  end
516
608
 
609
+ # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest
610
+ # data as a hash:
611
+ #
612
+ # {
613
+ # next_token: "PaginationToken",
614
+ # max_results: 1,
615
+ # }
616
+ #
617
+ # @!attribute [rw] next_token
618
+ # For requests to get the next page of results, the pagination token
619
+ # that was returned with the previous set of results. The initial
620
+ # request does not include a pagination token.
621
+ # @return [String]
622
+ #
623
+ # @!attribute [rw] max_results
624
+ # The maximum number of results to return.
625
+ # @return [Integer]
626
+ #
627
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccountsRequest AWS API Documentation
628
+ #
629
+ class ListOrganizationAdminAccountsRequest < Struct.new(
630
+ :next_token,
631
+ :max_results)
632
+ SENSITIVE = []
633
+ include Aws::Structure
634
+ end
635
+
636
+ # @!attribute [rw] administrators
637
+ # The list of delegated administrator accounts.
638
+ # @return [Array<Types::Administrator>]
639
+ #
640
+ # @!attribute [rw] next_token
641
+ # If there are more accounts remaining in the results, then this is
642
+ # the pagination token to use to request the next page of accounts.
643
+ # @return [String]
644
+ #
645
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListOrganizationAdminAccountsResponse AWS API Documentation
646
+ #
647
+ class ListOrganizationAdminAccountsResponse < Struct.new(
648
+ :administrators,
649
+ :next_token)
650
+ SENSITIVE = []
651
+ include Aws::Structure
652
+ end
653
+
517
654
  # @note When making an API call, you may pass ListTagsForResourceRequest
518
655
  # data as a hash:
519
656
  #
@@ -546,59 +683,70 @@ module Aws::Detective
546
683
  include Aws::Structure
547
684
  end
548
685
 
549
- # Details about a member account that was invited to contribute to a
550
- # behavior graph.
686
+ # Details about a member account in a behavior graph.
551
687
  #
552
688
  # @!attribute [rw] account_id
553
- # The AWS account identifier for the member account.
689
+ # The Amazon Web Services account identifier for the member account.
554
690
  # @return [String]
555
691
  #
556
692
  # @!attribute [rw] email_address
557
- # The AWS account root user email address for the member account.
693
+ # The Amazon Web Services account root user email address for the
694
+ # member account.
558
695
  # @return [String]
559
696
  #
560
697
  # @!attribute [rw] graph_arn
561
- # The ARN of the behavior graph that the member account was invited
562
- # to.
698
+ # The ARN of the behavior graph.
563
699
  # @return [String]
564
700
  #
565
701
  # @!attribute [rw] master_id
566
- # The AWS account identifier of the administrator account for the
567
- # behavior graph.
702
+ # The Amazon Web Services account identifier of the administrator
703
+ # account for the behavior graph.
568
704
  # @return [String]
569
705
  #
570
706
  # @!attribute [rw] administrator_id
571
- # The AWS account identifier of the administrator account for the
572
- # behavior graph.
707
+ # The Amazon Web Services account identifier of the administrator
708
+ # account for the behavior graph.
573
709
  # @return [String]
574
710
  #
575
711
  # @!attribute [rw] status
576
712
  # The current membership status of the member account. The status can
577
713
  # have one of the following values:
578
714
  #
579
- # * `INVITED` - Indicates that the member was sent an invitation but
580
- # has not yet responded.
581
- #
582
- # * `VERIFICATION_IN_PROGRESS` - Indicates that Detective is verifying
583
- # that the account identifier and email address provided for the
584
- # member account match. If they do match, then Detective sends the
585
- # invitation. If the email address and account identifier don't
586
- # match, then the member cannot be added to the behavior graph.
587
- #
588
- # * `VERIFICATION_FAILED` - Indicates that the account and email
589
- # address provided for the member account do not match, and
590
- # Detective did not send an invitation to the account.
591
- #
592
- # * `ENABLED` - Indicates that the member account accepted the
593
- # invitation to contribute to the behavior graph.
594
- #
595
- # * `ACCEPTED_BUT_DISABLED` - Indicates that the member account
596
- # accepted the invitation but is prevented from contributing data to
597
- # the behavior graph. `DisabledReason` provides the reason why the
598
- # member account is not enabled.
599
- #
600
- # Member accounts that declined an invitation or that were removed
601
- # from the behavior graph are not included.
715
+ # * `INVITED` - For invited accounts only. Indicates that the member
716
+ # was sent an invitation but has not yet responded.
717
+ #
718
+ # * `VERIFICATION_IN_PROGRESS` - For invited accounts only, indicates
719
+ # that Detective is verifying that the account identifier and email
720
+ # address provided for the member account match. If they do match,
721
+ # then Detective sends the invitation. If the email address and
722
+ # account identifier don't match, then the member cannot be added
723
+ # to the behavior graph.
724
+ #
725
+ # For organization accounts in the organization behavior graph,
726
+ # indicates that Detective is verifying that the account belongs to
727
+ # the organization.
728
+ #
729
+ # * `VERIFICATION_FAILED` - For invited accounts only. Indicates that
730
+ # the account and email address provided for the member account do
731
+ # not match, and Detective did not send an invitation to the
732
+ # account.
733
+ #
734
+ # * `ENABLED` - Indicates that the member account currently
735
+ # contributes data to the behavior graph. For invited accounts, the
736
+ # member account accepted the invitation. For organization accounts
737
+ # in the organization behavior graph, the Detective administrator
738
+ # account enabled the organization account as a member account.
739
+ #
740
+ # * `ACCEPTED_BUT_DISABLED` - The account accepted the invitation, or
741
+ # was enabled by the Detective administrator account, but is
742
+ # prevented from contributing data to the behavior graph.
743
+ # `DisabledReason` provides the reason why the member account is not
744
+ # enabled.
745
+ #
746
+ # Invited accounts that declined an invitation or that were removed
747
+ # from the behavior graph are not included. In the organization
748
+ # behavior graph, organization accounts that the Detective
749
+ # administrator account did not enable are not included.
602
750
  # @return [String]
603
751
  #
604
752
  # @!attribute [rw] disabled_reason
@@ -616,13 +764,15 @@ module Aws::Detective
616
764
  # @return [String]
617
765
  #
618
766
  # @!attribute [rw] invited_time
619
- # The date and time that Detective sent the invitation to the member
620
- # account. The value is in milliseconds since the epoch.
767
+ # For invited accounts, the date and time that Detective sent the
768
+ # invitation to the account. The value is an ISO8601 formatted string.
769
+ # For example, `2021-08-18T16:35:56.284Z`.
621
770
  # @return [Time]
622
771
  #
623
772
  # @!attribute [rw] updated_time
624
773
  # The date and time that the member account was last updated. The
625
- # value is in milliseconds since the epoch.
774
+ # value is an ISO8601 formatted string. For example,
775
+ # `2021-08-18T16:35:56.284Z`.
626
776
  # @return [Time]
627
777
  #
628
778
  # @!attribute [rw] volume_usage_in_bytes
@@ -631,7 +781,8 @@ module Aws::Detective
631
781
  #
632
782
  # @!attribute [rw] volume_usage_updated_time
633
783
  # The data and time when the member account data volume was last
634
- # updated.
784
+ # updated. The value is an ISO8601 formatted string. For example,
785
+ # `2021-08-18T16:35:56.284Z`.
635
786
  # @return [Time]
636
787
  #
637
788
  # @!attribute [rw] percent_of_graph_utilization
@@ -651,9 +802,20 @@ module Aws::Detective
651
802
  #
652
803
  # @!attribute [rw] percent_of_graph_utilization_updated_time
653
804
  # The date and time when the graph utilization percentage was last
654
- # updated.
805
+ # updated. The value is an ISO8601 formatted string. For example,
806
+ # `2021-08-18T16:35:56.284Z`.
655
807
  # @return [Time]
656
808
  #
809
+ # @!attribute [rw] invitation_type
810
+ # The type of behavior graph membership.
811
+ #
812
+ # For an organization account in the organization behavior graph, the
813
+ # type is `ORGANIZATION`.
814
+ #
815
+ # For an account that was invited to a behavior graph, the type is
816
+ # `INVITATION`.
817
+ # @return [String]
818
+ #
657
819
  # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/MemberDetail AWS API Documentation
658
820
  #
659
821
  class MemberDetail < Struct.new(
@@ -669,7 +831,8 @@ module Aws::Detective
669
831
  :volume_usage_in_bytes,
670
832
  :volume_usage_updated_time,
671
833
  :percent_of_graph_utilization,
672
- :percent_of_graph_utilization_updated_time)
834
+ :percent_of_graph_utilization_updated_time,
835
+ :invitation_type)
673
836
  SENSITIVE = []
674
837
  include Aws::Structure
675
838
  end
@@ -713,7 +876,7 @@ module Aws::Detective
713
876
  #
714
877
  # * The request would cause the number of member accounts in the
715
878
  # behavior graph to exceed the maximum allowed. A behavior graph
716
- # cannot have more than 1000 member accounts.
879
+ # cannot have more than 1200 member accounts.
717
880
  #
718
881
  # * The request would cause the data rate for the behavior graph to
719
882
  # exceed the maximum allowed.
@@ -795,12 +958,26 @@ module Aws::Detective
795
958
  #
796
959
  class TagResourceResponse < Aws::EmptyStructure; end
797
960
 
961
+ # The request cannot be completed because too many other requests are
962
+ # occurring at the same time.
963
+ #
964
+ # @!attribute [rw] message
965
+ # @return [String]
966
+ #
967
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/TooManyRequestsException AWS API Documentation
968
+ #
969
+ class TooManyRequestsException < Struct.new(
970
+ :message)
971
+ SENSITIVE = []
972
+ include Aws::Structure
973
+ end
974
+
798
975
  # A member account that was included in a request but for which the
799
976
  # request could not be processed.
800
977
  #
801
978
  # @!attribute [rw] account_id
802
- # The AWS account identifier of the member account that was not
803
- # processed.
979
+ # The Amazon Web Services account identifier of the member account
980
+ # that was not processed.
804
981
  # @return [String]
805
982
  #
806
983
  # @!attribute [rw] reason
@@ -846,6 +1023,32 @@ module Aws::Detective
846
1023
  #
847
1024
  class UntagResourceResponse < Aws::EmptyStructure; end
848
1025
 
1026
+ # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest
1027
+ # data as a hash:
1028
+ #
1029
+ # {
1030
+ # graph_arn: "GraphArn", # required
1031
+ # auto_enable: false,
1032
+ # }
1033
+ #
1034
+ # @!attribute [rw] graph_arn
1035
+ # The ARN of the organization behavior graph.
1036
+ # @return [String]
1037
+ #
1038
+ # @!attribute [rw] auto_enable
1039
+ # Indicates whether to automatically enable new organization accounts
1040
+ # as member accounts in the organization behavior graph.
1041
+ # @return [Boolean]
1042
+ #
1043
+ # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
1044
+ #
1045
+ class UpdateOrganizationConfigurationRequest < Struct.new(
1046
+ :graph_arn,
1047
+ :auto_enable)
1048
+ SENSITIVE = []
1049
+ include Aws::Structure
1050
+ end
1051
+
849
1052
  # The request parameters are invalid.
850
1053
  #
851
1054
  # @!attribute [rw] message
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-detective/customizations'
48
48
  # @!group service
49
49
  module Aws::Detective
50
50
 
51
- GEM_VERSION = '1.25.0'
51
+ GEM_VERSION = '1.26.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-detective
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.25.0
4
+ version: 1.26.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-21 00:00:00.000000000 Z
11
+ date: 2022-01-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core