aws-sdk-guardduty 1.31.0 → 1.36.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0a9809a659fc8926241fc5bbd6f1f9b4545a0d75f971feef244fc239988504c
-  data.tar.gz: b966788115cbb9a9a255338cb414521f3a46c72a655f2b86c886cefb973c5a84
+  metadata.gz: 0b31e6be5da0f7f691fe98f9e0f431c3c313aa2267e59e8a456b9138e167f00c
+  data.tar.gz: 20abf5a840390cc62d4d6c168536d640d5c613ebd3f38f4c8390073a0d908177
 SHA512:
-  metadata.gz: 66f2e58e21320658518a2e6af5059e92216dc2b669ee79dc044622274c90d6feced5740a354e020a534c8da15d9ea7a2f416aac2ba4e05471f63d609d2d2a740
-  data.tar.gz: b62ad8d9b366764a797c589498ab450ec4cc0213664dcf8a778cec1c8defcb5a37f70a02d9fceb0f4e54bbffe398215ed3d38c179613a8dd23290760378afe23
+  metadata.gz: 301174c7ee0c0208913ab17c76f5f3a4e96f3c24aff9d3714a7bcfbb63341cadca77777dd1dd22c1318fe7ea51b362ee5333251b6e19841e6dc119916f9c0ad4
+  data.tar.gz: acc43203f71aa487f9da853348b06b156e7758610abb1238ee738c18a5e0d7b7595e5d325708b29b1b09a0f3c69e854dac54f3c21202d536737d65449664d8d0

data/lib/aws-sdk-guardduty.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -45,6 +47,6 @@ require_relative 'aws-sdk-guardduty/customizations'
 # @service
 module Aws::GuardDuty
 
-  GEM_VERSION = '1.31.0'
+  GEM_VERSION = '1.36.0'
 
 end

data/lib/aws-sdk-guardduty/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -24,6 +26,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
@@ -69,6 +72,7 @@ module Aws::GuardDuty
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::RestJson)
 
@@ -161,7 +165,7 @@ module Aws::GuardDuty
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be a valid HTTP(S) URI.
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -176,7 +180,7 @@ module Aws::GuardDuty
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -637,7 +641,8 @@ module Aws::GuardDuty
     #   The format of the file that contains the IPSet.
     #
     # @option params [required, String] :location
-    #   The URI of the file that contains the IPSet. For example: .
+    #   The URI of the file that contains the IPSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #
     # @option params [required, Boolean] :activate
     #   A Boolean value that indicates whether GuardDuty is to start using the
@@ -822,7 +827,8 @@ module Aws::GuardDuty
     #   The format of the file that contains the ThreatIntelSet.
     #
     # @option params [required, String] :location
-    #   The URI of the file that contains the ThreatIntelSet. For example: .
+    #   The URI of the file that contains the ThreatIntelSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #
     # @option params [required, Boolean] :activate
     #   A Boolean value that indicates whether GuardDuty is to start using the
@@ -1422,6 +1428,30 @@ module Aws::GuardDuty
     #   resp.findings[0].resource.access_key_details.principal_id #=> String
     #   resp.findings[0].resource.access_key_details.user_name #=> String
     #   resp.findings[0].resource.access_key_details.user_type #=> String
+    #   resp.findings[0].resource.s3_bucket_details #=> Array
+    #   resp.findings[0].resource.s3_bucket_details[0].arn #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].name #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].type #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].created_at #=> Time
+    #   resp.findings[0].resource.s3_bucket_details[0].owner.id #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].tags #=> Array
+    #   resp.findings[0].resource.s3_bucket_details[0].tags[0].key #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].tags[0].value #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].default_server_side_encryption.encryption_type #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].default_server_side_encryption.kms_master_key_arn #=> String
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.access_control_list.allows_public_read_access #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.access_control_list.allows_public_write_access #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.bucket_policy.allows_public_read_access #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.bucket_policy.allows_public_write_access #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.ignore_public_acls #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.restrict_public_buckets #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.block_public_acls #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.block_public_policy #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.account_level_permissions.block_public_access.ignore_public_acls #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.account_level_permissions.block_public_access.restrict_public_buckets #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.account_level_permissions.block_public_access.block_public_acls #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.account_level_permissions.block_public_access.block_public_policy #=> Boolean
+    #   resp.findings[0].resource.s3_bucket_details[0].public_access.effective_permission #=> String
     #   resp.findings[0].resource.instance_details.availability_zone #=> String
     #   resp.findings[0].resource.instance_details.iam_instance_profile.arn #=> String
     #   resp.findings[0].resource.instance_details.iam_instance_profile.id #=> String
@@ -1946,8 +1976,6 @@ module Aws::GuardDuty
     #
     #   * resource.instanceDetails.instanceId
     #
-    #   * resource.instanceDetails.outpostArn
-    #
     #   * resource.instanceDetails.networkInterfaces.ipv6Addresses
     #
     #   * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
@@ -1998,8 +2026,6 @@ module Aws::GuardDuty
     #
     #   * service.action.networkConnectionAction.protocol
     #
-    #   * service.action.networkConnectionAction.localIpDetails.ipAddressV4
-    #
     #   * service.action.networkConnectionAction.remoteIpDetails.city.cityName
     #
     #   * service.action.networkConnectionAction.remoteIpDetails.country.countryName
@@ -2194,8 +2220,8 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
-    # Lists details about associated member accounts for the current
-    # GuardDuty master account.
+    # Lists details about all member accounts for the current GuardDuty
+    # master account.
     #
     # @option params [required, String] :detector_id
     #   The unique ID of the detector the member is associated with.
@@ -2213,11 +2239,9 @@ module Aws::GuardDuty
     #   data.
     #
     # @option params [String] :only_associated
-    #   Specifies what member accounts the response includes based on their
-    #   relationship status with the master account. The default value is
-    #   "true". If set to "false" the response includes all existing
-    #   member accounts (including members who haven't been invited yet or
-    #   have been disassociated).
+    #   Specifies whether to only return associated members or to return all
+    #   members (including members who haven't been invited yet or have been
+    #   disassociated).
     #
     # @return [Types::ListMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2733,7 +2757,8 @@ module Aws::GuardDuty
     #   The unique ID that specifies the IPSet that you want to update.
     #
     # @option params [String] :location
-    #   The updated URI of the file that contains the IPSet. For example: .
+    #   The updated URI of the file that contains the IPSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #
     # @option params [Boolean] :activate
     #   The updated Boolean value that specifies whether the IPSet is active
@@ -2839,7 +2864,7 @@ module Aws::GuardDuty
     #
     # @option params [String] :location
     #   The updated URI of the file that contains the ThreateIntelSet. For
-    #   example: .
+    #   example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #
     # @option params [Boolean] :activate
     #   The updated Boolean value that specifies whether the ThreateIntelSet
@@ -2879,7 +2904,7 @@ module Aws::GuardDuty
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.31.0'
+      context[:gem_version] = '1.36.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -13,11 +15,13 @@ module Aws::GuardDuty
 
     AcceptInvitationRequest = Shapes::StructureShape.new(name: 'AcceptInvitationRequest')
     AcceptInvitationResponse = Shapes::StructureShape.new(name: 'AcceptInvitationResponse')
+    AccessControlList = Shapes::StructureShape.new(name: 'AccessControlList')
     AccessKeyDetails = Shapes::StructureShape.new(name: 'AccessKeyDetails')
     AccountDetail = Shapes::StructureShape.new(name: 'AccountDetail')
     AccountDetails = Shapes::ListShape.new(name: 'AccountDetails')
     AccountId = Shapes::StringShape.new(name: 'AccountId')
     AccountIds = Shapes::ListShape.new(name: 'AccountIds')
+    AccountLevelPermissions = Shapes::StructureShape.new(name: 'AccountLevelPermissions')
     Action = Shapes::StructureShape.new(name: 'Action')
     AdminAccount = Shapes::StructureShape.new(name: 'AdminAccount')
     AdminAccounts = Shapes::ListShape.new(name: 'AdminAccounts')
@@ -26,7 +30,10 @@ module Aws::GuardDuty
     ArchiveFindingsResponse = Shapes::StructureShape.new(name: 'ArchiveFindingsResponse')
     AwsApiCallAction = Shapes::StructureShape.new(name: 'AwsApiCallAction')
     BadRequestException = Shapes::StructureShape.new(name: 'BadRequestException')
+    BlockPublicAccess = Shapes::StructureShape.new(name: 'BlockPublicAccess')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
+    BucketLevelPermissions = Shapes::StructureShape.new(name: 'BucketLevelPermissions')
+    BucketPolicy = Shapes::StructureShape.new(name: 'BucketPolicy')
     City = Shapes::StructureShape.new(name: 'City')
     ClientToken = Shapes::StringShape.new(name: 'ClientToken')
     Condition = Shapes::StructureShape.new(name: 'Condition')
@@ -49,6 +56,7 @@ module Aws::GuardDuty
     Criterion = Shapes::MapShape.new(name: 'Criterion')
     DeclineInvitationsRequest = Shapes::StructureShape.new(name: 'DeclineInvitationsRequest')
     DeclineInvitationsResponse = Shapes::StructureShape.new(name: 'DeclineInvitationsResponse')
+    DefaultServerSideEncryption = Shapes::StructureShape.new(name: 'DefaultServerSideEncryption')
     DeleteDetectorRequest = Shapes::StructureShape.new(name: 'DeleteDetectorRequest')
     DeleteDetectorResponse = Shapes::StructureShape.new(name: 'DeleteDetectorResponse')
     DeleteFilterRequest = Shapes::StructureShape.new(name: 'DeleteFilterRequest')
@@ -174,6 +182,8 @@ module Aws::GuardDuty
     NotEquals = Shapes::ListShape.new(name: 'NotEquals')
     OrderBy = Shapes::StringShape.new(name: 'OrderBy')
     Organization = Shapes::StructureShape.new(name: 'Organization')
+    Owner = Shapes::StructureShape.new(name: 'Owner')
+    PermissionConfiguration = Shapes::StructureShape.new(name: 'PermissionConfiguration')
     PortProbeAction = Shapes::StructureShape.new(name: 'PortProbeAction')
     PortProbeDetail = Shapes::StructureShape.new(name: 'PortProbeDetail')
     PortProbeDetails = Shapes::ListShape.new(name: 'PortProbeDetails')
@@ -181,10 +191,13 @@ module Aws::GuardDuty
     PrivateIpAddresses = Shapes::ListShape.new(name: 'PrivateIpAddresses')
     ProductCode = Shapes::StructureShape.new(name: 'ProductCode')
     ProductCodes = Shapes::ListShape.new(name: 'ProductCodes')
+    PublicAccess = Shapes::StructureShape.new(name: 'PublicAccess')
     PublishingStatus = Shapes::StringShape.new(name: 'PublishingStatus')
     RemoteIpDetails = Shapes::StructureShape.new(name: 'RemoteIpDetails')
     RemotePortDetails = Shapes::StructureShape.new(name: 'RemotePortDetails')
     Resource = Shapes::StructureShape.new(name: 'Resource')
+    S3BucketDetail = Shapes::StructureShape.new(name: 'S3BucketDetail')
+    S3BucketDetails = Shapes::ListShape.new(name: 'S3BucketDetails')
     SecurityGroup = Shapes::StructureShape.new(name: 'SecurityGroup')
     SecurityGroups = Shapes::ListShape.new(name: 'SecurityGroups')
     Service = Shapes::StructureShape.new(name: 'Service')
@@ -208,6 +221,7 @@ module Aws::GuardDuty
     ThreatIntelligenceDetail = Shapes::StructureShape.new(name: 'ThreatIntelligenceDetail')
     ThreatIntelligenceDetails = Shapes::ListShape.new(name: 'ThreatIntelligenceDetails')
     ThreatNames = Shapes::ListShape.new(name: 'ThreatNames')
+    Timestamp = Shapes::TimestampShape.new(name: 'Timestamp')
     UnarchiveFindingsRequest = Shapes::StructureShape.new(name: 'UnarchiveFindingsRequest')
     UnarchiveFindingsResponse = Shapes::StructureShape.new(name: 'UnarchiveFindingsResponse')
     UnprocessedAccount = Shapes::StructureShape.new(name: 'UnprocessedAccount')
@@ -236,6 +250,10 @@ module Aws::GuardDuty
 
     AcceptInvitationResponse.struct_class = Types::AcceptInvitationResponse
 
+    AccessControlList.add_member(:allows_public_read_access, Shapes::ShapeRef.new(shape: Boolean, location_name: "allowsPublicReadAccess"))
+    AccessControlList.add_member(:allows_public_write_access, Shapes::ShapeRef.new(shape: Boolean, location_name: "allowsPublicWriteAccess"))
+    AccessControlList.struct_class = Types::AccessControlList
+
     AccessKeyDetails.add_member(:access_key_id, Shapes::ShapeRef.new(shape: String, location_name: "accessKeyId"))
     AccessKeyDetails.add_member(:principal_id, Shapes::ShapeRef.new(shape: String, location_name: "principalId"))
     AccessKeyDetails.add_member(:user_name, Shapes::ShapeRef.new(shape: String, location_name: "userName"))
@@ -250,6 +268,9 @@ module Aws::GuardDuty
 
     AccountIds.member = Shapes::ShapeRef.new(shape: AccountId)
 
+    AccountLevelPermissions.add_member(:block_public_access, Shapes::ShapeRef.new(shape: BlockPublicAccess, location_name: "blockPublicAccess"))
+    AccountLevelPermissions.struct_class = Types::AccountLevelPermissions
+
     Action.add_member(:action_type, Shapes::ShapeRef.new(shape: String, location_name: "actionType"))
     Action.add_member(:aws_api_call_action, Shapes::ShapeRef.new(shape: AwsApiCallAction, location_name: "awsApiCallAction"))
     Action.add_member(:dns_request_action, Shapes::ShapeRef.new(shape: DnsRequestAction, location_name: "dnsRequestAction"))
@@ -280,6 +301,21 @@ module Aws::GuardDuty
     BadRequestException.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "__type"))
     BadRequestException.struct_class = Types::BadRequestException
 
+    BlockPublicAccess.add_member(:ignore_public_acls, Shapes::ShapeRef.new(shape: Boolean, location_name: "ignorePublicAcls"))
+    BlockPublicAccess.add_member(:restrict_public_buckets, Shapes::ShapeRef.new(shape: Boolean, location_name: "restrictPublicBuckets"))
+    BlockPublicAccess.add_member(:block_public_acls, Shapes::ShapeRef.new(shape: Boolean, location_name: "blockPublicAcls"))
+    BlockPublicAccess.add_member(:block_public_policy, Shapes::ShapeRef.new(shape: Boolean, location_name: "blockPublicPolicy"))
+    BlockPublicAccess.struct_class = Types::BlockPublicAccess
+
+    BucketLevelPermissions.add_member(:access_control_list, Shapes::ShapeRef.new(shape: AccessControlList, location_name: "accessControlList"))
+    BucketLevelPermissions.add_member(:bucket_policy, Shapes::ShapeRef.new(shape: BucketPolicy, location_name: "bucketPolicy"))
+    BucketLevelPermissions.add_member(:block_public_access, Shapes::ShapeRef.new(shape: BlockPublicAccess, location_name: "blockPublicAccess"))
+    BucketLevelPermissions.struct_class = Types::BucketLevelPermissions
+
+    BucketPolicy.add_member(:allows_public_read_access, Shapes::ShapeRef.new(shape: Boolean, location_name: "allowsPublicReadAccess"))
+    BucketPolicy.add_member(:allows_public_write_access, Shapes::ShapeRef.new(shape: Boolean, location_name: "allowsPublicWriteAccess"))
+    BucketPolicy.struct_class = Types::BucketPolicy
+
     City.add_member(:city_name, Shapes::ShapeRef.new(shape: String, location_name: "cityName"))
     City.struct_class = Types::City
 
@@ -381,6 +417,10 @@ module Aws::GuardDuty
     DeclineInvitationsResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: UnprocessedAccounts, required: true, location_name: "unprocessedAccounts"))
     DeclineInvitationsResponse.struct_class = Types::DeclineInvitationsResponse
 
+    DefaultServerSideEncryption.add_member(:encryption_type, Shapes::ShapeRef.new(shape: String, location_name: "encryptionType"))
+    DefaultServerSideEncryption.add_member(:kms_master_key_arn, Shapes::ShapeRef.new(shape: String, location_name: "kmsMasterKeyArn"))
+    DefaultServerSideEncryption.struct_class = Types::DefaultServerSideEncryption
+
     DeleteDetectorRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "detectorId"))
     DeleteDetectorRequest.struct_class = Types::DeleteDetectorRequest
 
@@ -794,6 +834,13 @@ module Aws::GuardDuty
     Organization.add_member(:org, Shapes::ShapeRef.new(shape: String, location_name: "org"))
     Organization.struct_class = Types::Organization
 
+    Owner.add_member(:id, Shapes::ShapeRef.new(shape: String, location_name: "id"))
+    Owner.struct_class = Types::Owner
+
+    PermissionConfiguration.add_member(:bucket_level_permissions, Shapes::ShapeRef.new(shape: BucketLevelPermissions, location_name: "bucketLevelPermissions"))
+    PermissionConfiguration.add_member(:account_level_permissions, Shapes::ShapeRef.new(shape: AccountLevelPermissions, location_name: "accountLevelPermissions"))
+    PermissionConfiguration.struct_class = Types::PermissionConfiguration
+
     PortProbeAction.add_member(:blocked, Shapes::ShapeRef.new(shape: Boolean, location_name: "blocked"))
     PortProbeAction.add_member(:port_probe_details, Shapes::ShapeRef.new(shape: PortProbeDetails, location_name: "portProbeDetails"))
     PortProbeAction.struct_class = Types::PortProbeAction
@@ -817,6 +864,10 @@ module Aws::GuardDuty
 
     ProductCodes.member = Shapes::ShapeRef.new(shape: ProductCode)
 
+    PublicAccess.add_member(:permission_configuration, Shapes::ShapeRef.new(shape: PermissionConfiguration, location_name: "permissionConfiguration"))
+    PublicAccess.add_member(:effective_permission, Shapes::ShapeRef.new(shape: String, location_name: "effectivePermission"))
+    PublicAccess.struct_class = Types::PublicAccess
+
     RemoteIpDetails.add_member(:city, Shapes::ShapeRef.new(shape: City, location_name: "city"))
     RemoteIpDetails.add_member(:country, Shapes::ShapeRef.new(shape: Country, location_name: "country"))
     RemoteIpDetails.add_member(:geo_location, Shapes::ShapeRef.new(shape: GeoLocation, location_name: "geoLocation"))
@@ -829,10 +880,23 @@ module Aws::GuardDuty
     RemotePortDetails.struct_class = Types::RemotePortDetails
 
     Resource.add_member(:access_key_details, Shapes::ShapeRef.new(shape: AccessKeyDetails, location_name: "accessKeyDetails"))
+    Resource.add_member(:s3_bucket_details, Shapes::ShapeRef.new(shape: S3BucketDetails, location_name: "s3BucketDetails"))
     Resource.add_member(:instance_details, Shapes::ShapeRef.new(shape: InstanceDetails, location_name: "instanceDetails"))
     Resource.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, location_name: "resourceType"))
     Resource.struct_class = Types::Resource
 
+    S3BucketDetail.add_member(:arn, Shapes::ShapeRef.new(shape: String, location_name: "arn"))
+    S3BucketDetail.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
+    S3BucketDetail.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "type"))
+    S3BucketDetail.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "createdAt"))
+    S3BucketDetail.add_member(:owner, Shapes::ShapeRef.new(shape: Owner, location_name: "owner"))
+    S3BucketDetail.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "tags"))
+    S3BucketDetail.add_member(:default_server_side_encryption, Shapes::ShapeRef.new(shape: DefaultServerSideEncryption, location_name: "defaultServerSideEncryption"))
+    S3BucketDetail.add_member(:public_access, Shapes::ShapeRef.new(shape: PublicAccess, location_name: "publicAccess"))
+    S3BucketDetail.struct_class = Types::S3BucketDetail
+
+    S3BucketDetails.member = Shapes::ShapeRef.new(shape: S3BucketDetail)
+
     SecurityGroup.add_member(:group_id, Shapes::ShapeRef.new(shape: String, location_name: "groupId"))
     SecurityGroup.add_member(:group_name, Shapes::ShapeRef.new(shape: String, location_name: "groupName"))
     SecurityGroup.struct_class = Types::SecurityGroup

data/lib/aws-sdk-guardduty/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-guardduty/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-guardduty/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -37,6 +39,7 @@ module Aws::GuardDuty
       :detector_id,
       :master_id,
       :invitation_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -44,6 +47,28 @@ module Aws::GuardDuty
     #
     class AcceptInvitationResponse < Aws::EmptyStructure; end
 
+    # Contains information on the current access control policies for the
+    # bucket.
+    #
+    # @!attribute [rw] allows_public_read_access
+    #   A value that indicates whether public read access for the bucket is
+    #   enabled through an Access Control List (ACL).
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] allows_public_write_access
+    #   A value that indicates whether public write access for the bucket is
+    #   enabled through an Access Control List (ACL).
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccessControlList AWS API Documentation
+    #
+    class AccessControlList < Struct.new(
+      :allows_public_read_access,
+      :allows_public_write_access)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the access keys.
     #
     # @!attribute [rw] access_key_id
@@ -69,6 +94,7 @@ module Aws::GuardDuty
       :principal_id,
       :user_name,
       :user_type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -95,6 +121,23 @@ module Aws::GuardDuty
     class AccountDetail < Struct.new(
       :account_id,
       :email)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the account level permissions on the S3
+    # bucket.
+    #
+    # @!attribute [rw] block_public_access
+    #   Describes the S3 Block Public Access settings of the bucket's
+    #   parent account.
+    #   @return [Types::BlockPublicAccess]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccountLevelPermissions AWS API Documentation
+    #
+    class AccountLevelPermissions < Struct.new(
+      :block_public_access)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -130,6 +173,7 @@ module Aws::GuardDuty
       :dns_request_action,
       :network_connection_action,
       :port_probe_action)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -150,6 +194,7 @@ module Aws::GuardDuty
     class AdminAccount < Struct.new(
       :admin_account_id,
       :admin_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -175,6 +220,7 @@ module Aws::GuardDuty
     class ArchiveFindingsRequest < Struct.new(
       :detector_id,
       :finding_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -212,6 +258,7 @@ module Aws::GuardDuty
       :domain_details,
       :remote_ip_details,
       :service_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -230,6 +277,91 @@ module Aws::GuardDuty
     class BadRequestException < Struct.new(
       :message,
       :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information on how the bucker owner's S3 Block Public Access
+    # settings are being applied to the S3 bucket. See [S3 Block Public
+    # Access][1] for more information.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
+    #
+    # @!attribute [rw] ignore_public_acls
+    #   Indicates if S3 Block Public Access is set to `IgnorePublicAcls`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] restrict_public_buckets
+    #   Indicates if S3 Block Public Access is set to
+    #   `RestrictPublicBuckets`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] block_public_acls
+    #   Indicates if S3 Block Public Access is set to `BlockPublicAcls`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] block_public_policy
+    #   Indicates if S3 Block Public Access is set to `BlockPublicPolicy`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BlockPublicAccess AWS API Documentation
+    #
+    class BlockPublicAccess < Struct.new(
+      :ignore_public_acls,
+      :restrict_public_buckets,
+      :block_public_acls,
+      :block_public_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the bucket level permissions for the S3
+    # bucket.
+    #
+    # @!attribute [rw] access_control_list
+    #   Contains information on how Access Control Policies are applied to
+    #   the bucket.
+    #   @return [Types::AccessControlList]
+    #
+    # @!attribute [rw] bucket_policy
+    #   Contains information on the bucket policies for the S3 bucket.
+    #   @return [Types::BucketPolicy]
+    #
+    # @!attribute [rw] block_public_access
+    #   Contains information on which account level S3 Block Public Access
+    #   settings are applied to the S3 bucket.
+    #   @return [Types::BlockPublicAccess]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BucketLevelPermissions AWS API Documentation
+    #
+    class BucketLevelPermissions < Struct.new(
+      :access_control_list,
+      :bucket_policy,
+      :block_public_access)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information on the current bucket policies for the S3 bucket.
+    #
+    # @!attribute [rw] allows_public_read_access
+    #   A value that indicates whether public read access for the bucket is
+    #   enabled through a bucket policy.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] allows_public_write_access
+    #   A value that indicates whether public write access for the bucket is
+    #   enabled through a bucket policy.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BucketPolicy AWS API Documentation
+    #
+    class BucketPolicy < Struct.new(
+      :allows_public_read_access,
+      :allows_public_write_access)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -243,6 +375,7 @@ module Aws::GuardDuty
     #
     class City < Struct.new(
       :city_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -341,6 +474,7 @@ module Aws::GuardDuty
       :greater_than_or_equal,
       :less_than,
       :less_than_or_equal)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -360,6 +494,7 @@ module Aws::GuardDuty
     class Country < Struct.new(
       :country_code,
       :country_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -403,6 +538,7 @@ module Aws::GuardDuty
       :client_token,
       :finding_publishing_frequency,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -414,6 +550,7 @@ module Aws::GuardDuty
     #
     class CreateDetectorResponse < Struct.new(
       :detector_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -612,6 +749,7 @@ module Aws::GuardDuty
       :finding_criteria,
       :client_token,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -623,6 +761,7 @@ module Aws::GuardDuty
     #
     class CreateFilterResponse < Struct.new(
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -658,7 +797,8 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] location
-    #   The URI of the file that contains the IPSet. For example: .
+    #   The URI of the file that contains the IPSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #   @return [String]
     #
     # @!attribute [rw] activate
@@ -687,6 +827,7 @@ module Aws::GuardDuty
       :activate,
       :client_token,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -698,6 +839,7 @@ module Aws::GuardDuty
     #
     class CreateIPSetResponse < Struct.new(
       :ip_set_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -729,6 +871,7 @@ module Aws::GuardDuty
     class CreateMembersRequest < Struct.new(
       :detector_id,
       :account_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -741,6 +884,7 @@ module Aws::GuardDuty
     #
     class CreateMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -786,6 +930,7 @@ module Aws::GuardDuty
       :destination_type,
       :destination_properties,
       :client_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -797,6 +942,7 @@ module Aws::GuardDuty
     #
     class CreatePublishingDestinationResponse < Struct.new(
       :destination_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -821,6 +967,7 @@ module Aws::GuardDuty
     class CreateSampleFindingsRequest < Struct.new(
       :detector_id,
       :finding_types)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -859,7 +1006,8 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] location
-    #   The URI of the file that contains the ThreatIntelSet. For example: .
+    #   The URI of the file that contains the ThreatIntelSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #   @return [String]
     #
     # @!attribute [rw] activate
@@ -888,6 +1036,7 @@ module Aws::GuardDuty
       :activate,
       :client_token,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -899,6 +1048,7 @@ module Aws::GuardDuty
     #
     class CreateThreatIntelSetResponse < Struct.new(
       :threat_intel_set_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -919,6 +1069,7 @@ module Aws::GuardDuty
     #
     class DeclineInvitationsRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -931,6 +1082,32 @@ module Aws::GuardDuty
     #
     class DeclineInvitationsResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information on the server side encryption method used in the
+    # S3 bucket. See [S3 Server-Side Encryption][1] for more information.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/atest/dev/serv-side-encryption.html
+    #
+    # @!attribute [rw] encryption_type
+    #   The type of encryption used for objects within the S3 bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_master_key_arn
+    #   The Amazon Resource Name (ARN) of the KMS encryption key. Only
+    #   available if the bucket `EncryptionType` is `aws:kms`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DefaultServerSideEncryption AWS API Documentation
+    #
+    class DefaultServerSideEncryption < Struct.new(
+      :encryption_type,
+      :kms_master_key_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -949,6 +1126,7 @@ module Aws::GuardDuty
     #
     class DeleteDetectorRequest < Struct.new(
       :detector_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -977,6 +1155,7 @@ module Aws::GuardDuty
     class DeleteFilterRequest < Struct.new(
       :detector_id,
       :filter_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1005,6 +1184,7 @@ module Aws::GuardDuty
     class DeleteIPSetRequest < Struct.new(
       :detector_id,
       :ip_set_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1028,6 +1208,7 @@ module Aws::GuardDuty
     #
     class DeleteInvitationsRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1040,6 +1221,7 @@ module Aws::GuardDuty
     #
     class DeleteInvitationsResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1066,6 +1248,7 @@ module Aws::GuardDuty
     class DeleteMembersRequest < Struct.new(
       :detector_id,
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1077,6 +1260,7 @@ module Aws::GuardDuty
     #
     class DeleteMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1102,6 +1286,7 @@ module Aws::GuardDuty
     class DeletePublishingDestinationRequest < Struct.new(
       :detector_id,
       :destination_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1131,6 +1316,7 @@ module Aws::GuardDuty
     class DeleteThreatIntelSetRequest < Struct.new(
       :detector_id,
       :threat_intel_set_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1154,6 +1340,7 @@ module Aws::GuardDuty
     #
     class DescribeOrganizationConfigurationRequest < Struct.new(
       :detector_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1172,6 +1359,7 @@ module Aws::GuardDuty
     class DescribeOrganizationConfigurationResponse < Struct.new(
       :auto_enable,
       :member_account_limit_reached)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1197,6 +1385,7 @@ module Aws::GuardDuty
     class DescribePublishingDestinationRequest < Struct.new(
       :detector_id,
       :destination_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1231,6 +1420,7 @@ module Aws::GuardDuty
       :status,
       :publishing_failure_start_timestamp,
       :destination_properties)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1256,6 +1446,7 @@ module Aws::GuardDuty
       :destination_id,
       :destination_type,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1284,6 +1475,7 @@ module Aws::GuardDuty
     class DestinationProperties < Struct.new(
       :destination_arn,
       :kms_key_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1303,6 +1495,7 @@ module Aws::GuardDuty
     #
     class DisableOrganizationAdminAccountRequest < Struct.new(
       :admin_account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1325,6 +1518,7 @@ module Aws::GuardDuty
     #
     class DisassociateFromMasterAccountRequest < Struct.new(
       :detector_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1355,6 +1549,7 @@ module Aws::GuardDuty
     class DisassociateMembersRequest < Struct.new(
       :detector_id,
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1367,6 +1562,7 @@ module Aws::GuardDuty
     #
     class DisassociateMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1381,6 +1577,7 @@ module Aws::GuardDuty
     #
     class DnsRequestAction < Struct.new(
       :domain)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1394,6 +1591,7 @@ module Aws::GuardDuty
     #
     class DomainDetails < Struct.new(
       :domain)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1413,6 +1611,7 @@ module Aws::GuardDuty
     #
     class EnableOrganizationAdminAccountRequest < Struct.new(
       :admin_account_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1430,6 +1629,7 @@ module Aws::GuardDuty
     #
     class Evidence < Struct.new(
       :threat_intelligence_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1515,6 +1715,7 @@ module Aws::GuardDuty
       :title,
       :type,
       :updated_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1551,6 +1752,7 @@ module Aws::GuardDuty
     #
     class FindingCriteria < Struct.new(
       :criterion)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1565,6 +1767,7 @@ module Aws::GuardDuty
     #
     class FindingStatistics < Struct.new(
       :count_by_severity)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1583,6 +1786,7 @@ module Aws::GuardDuty
     class GeoLocation < Struct.new(
       :lat,
       :lon)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1601,6 +1805,7 @@ module Aws::GuardDuty
     #
     class GetDetectorRequest < Struct.new(
       :detector_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1637,6 +1842,7 @@ module Aws::GuardDuty
       :status,
       :updated_at,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1661,6 +1867,7 @@ module Aws::GuardDuty
     class GetFilterRequest < Struct.new(
       :detector_id,
       :filter_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1701,6 +1908,7 @@ module Aws::GuardDuty
       :rank,
       :finding_criteria,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1735,6 +1943,7 @@ module Aws::GuardDuty
       :detector_id,
       :finding_ids,
       :sort_criteria)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1746,6 +1955,7 @@ module Aws::GuardDuty
     #
     class GetFindingsResponse < Struct.new(
       :findings)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1794,6 +2004,7 @@ module Aws::GuardDuty
       :detector_id,
       :finding_statistic_types,
       :finding_criteria)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1805,6 +2016,7 @@ module Aws::GuardDuty
     #
     class GetFindingsStatisticsResponse < Struct.new(
       :finding_statistics)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1829,6 +2041,7 @@ module Aws::GuardDuty
     class GetIPSetRequest < Struct.new(
       :detector_id,
       :ip_set_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1841,7 +2054,8 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] location
-    #   The URI of the file that contains the IPSet. For example: .
+    #   The URI of the file that contains the IPSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #   @return [String]
     #
     # @!attribute [rw] status
@@ -1860,6 +2074,7 @@ module Aws::GuardDuty
       :location,
       :status,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1877,6 +2092,7 @@ module Aws::GuardDuty
     #
     class GetInvitationsCountResponse < Struct.new(
       :invitations_count)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1895,6 +2111,7 @@ module Aws::GuardDuty
     #
     class GetMasterAccountRequest < Struct.new(
       :detector_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1906,6 +2123,7 @@ module Aws::GuardDuty
     #
     class GetMasterAccountResponse < Struct.new(
       :master)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1932,6 +2150,7 @@ module Aws::GuardDuty
     class GetMembersRequest < Struct.new(
       :detector_id,
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1949,6 +2168,7 @@ module Aws::GuardDuty
     class GetMembersResponse < Struct.new(
       :members,
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1974,6 +2194,7 @@ module Aws::GuardDuty
     class GetThreatIntelSetRequest < Struct.new(
       :detector_id,
       :threat_intel_set_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1988,7 +2209,8 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] location
-    #   The URI of the file that contains the ThreatIntelSet. For example: .
+    #   The URI of the file that contains the ThreatIntelSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #   @return [String]
     #
     # @!attribute [rw] status
@@ -2007,6 +2229,7 @@ module Aws::GuardDuty
       :location,
       :status,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2025,6 +2248,7 @@ module Aws::GuardDuty
     class IamInstanceProfile < Struct.new(
       :arn,
       :id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2099,6 +2323,7 @@ module Aws::GuardDuty
       :platform,
       :product_codes,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2117,6 +2342,7 @@ module Aws::GuardDuty
     class InternalServerErrorException < Struct.new(
       :message,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2147,6 +2373,7 @@ module Aws::GuardDuty
       :invitation_id,
       :relationship_status,
       :invited_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2188,6 +2415,7 @@ module Aws::GuardDuty
       :account_ids,
       :disable_email_notification,
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2200,6 +2428,7 @@ module Aws::GuardDuty
     #
     class InviteMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2230,6 +2459,7 @@ module Aws::GuardDuty
     class ListDetectorsRequest < Struct.new(
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2247,6 +2477,7 @@ module Aws::GuardDuty
     class ListDetectorsResponse < Struct.new(
       :detector_ids,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2283,6 +2514,7 @@ module Aws::GuardDuty
       :detector_id,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2300,6 +2532,7 @@ module Aws::GuardDuty
     class ListFiltersResponse < Struct.new(
       :filter_names,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2367,8 +2600,6 @@ module Aws::GuardDuty
     #
     #   * resource.instanceDetails.instanceId
     #
-    #   * resource.instanceDetails.outpostArn
-    #
     #   * resource.instanceDetails.networkInterfaces.ipv6Addresses
     #
     #   * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
@@ -2419,8 +2650,6 @@ module Aws::GuardDuty
     #
     #   * service.action.networkConnectionAction.protocol
     #
-    #   * service.action.networkConnectionAction.localIpDetails.ipAddressV4
-    #
     #   * service.action.networkConnectionAction.remoteIpDetails.city.cityName
     #
     #   * service.action.networkConnectionAction.remoteIpDetails.country.countryName
@@ -2479,6 +2708,7 @@ module Aws::GuardDuty
       :sort_criteria,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2496,6 +2726,7 @@ module Aws::GuardDuty
     class ListFindingsResponse < Struct.new(
       :finding_ids,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2532,6 +2763,7 @@ module Aws::GuardDuty
       :detector_id,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2549,6 +2781,7 @@ module Aws::GuardDuty
     class ListIPSetsResponse < Struct.new(
       :ip_set_ids,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2579,6 +2812,7 @@ module Aws::GuardDuty
     class ListInvitationsRequest < Struct.new(
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2596,6 +2830,7 @@ module Aws::GuardDuty
     class ListInvitationsResponse < Struct.new(
       :invitations,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2628,11 +2863,9 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] only_associated
-    #   Specifies what member accounts the response includes based on their
-    #   relationship status with the master account. The default value is
-    #   "true". If set to "false" the response includes all existing
-    #   member accounts (including members who haven't been invited yet or
-    #   have been disassociated).
+    #   Specifies whether to only return associated members or to return all
+    #   members (including members who haven't been invited yet or have
+    #   been disassociated).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMembersRequest AWS API Documentation
@@ -2642,6 +2875,7 @@ module Aws::GuardDuty
       :max_results,
       :next_token,
       :only_associated)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2659,6 +2893,7 @@ module Aws::GuardDuty
     class ListMembersResponse < Struct.new(
       :members,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2687,6 +2922,7 @@ module Aws::GuardDuty
     class ListOrganizationAdminAccountsRequest < Struct.new(
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2705,6 +2941,7 @@ module Aws::GuardDuty
     class ListOrganizationAdminAccountsResponse < Struct.new(
       :admin_accounts,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2739,6 +2976,7 @@ module Aws::GuardDuty
       :detector_id,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2760,6 +2998,7 @@ module Aws::GuardDuty
     class ListPublishingDestinationsResponse < Struct.new(
       :destinations,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2778,6 +3017,7 @@ module Aws::GuardDuty
     #
     class ListTagsForResourceRequest < Struct.new(
       :resource_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2789,6 +3029,7 @@ module Aws::GuardDuty
     #
     class ListTagsForResourceResponse < Struct.new(
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2826,6 +3067,7 @@ module Aws::GuardDuty
       :detector_id,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2843,6 +3085,7 @@ module Aws::GuardDuty
     class ListThreatIntelSetsResponse < Struct.new(
       :threat_intel_set_ids,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2856,6 +3099,7 @@ module Aws::GuardDuty
     #
     class LocalIpDetails < Struct.new(
       :ip_address_v4)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2874,6 +3118,7 @@ module Aws::GuardDuty
     class LocalPortDetails < Struct.new(
       :port,
       :port_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2903,6 +3148,7 @@ module Aws::GuardDuty
       :invitation_id,
       :relationship_status,
       :invited_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2946,6 +3192,7 @@ module Aws::GuardDuty
       :relationship_status,
       :invited_at,
       :updated_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2991,6 +3238,7 @@ module Aws::GuardDuty
       :local_ip_details,
       :remote_ip_details,
       :remote_port_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3050,6 +3298,7 @@ module Aws::GuardDuty
       :security_groups,
       :subnet_id,
       :vpc_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3080,6 +3329,49 @@ module Aws::GuardDuty
       :asn_org,
       :isp,
       :org)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information on the owner of the bucket.
+    #
+    # @!attribute [rw] id
+    #   The canonical user ID of the bucket owner. For information about
+    #   locating your canonical user ID see [Finding Your Account Canonical
+    #   User ID.][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Owner AWS API Documentation
+    #
+    class Owner < Struct.new(
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about how permissions are configured for the S3
+    # bucket.
+    #
+    # @!attribute [rw] bucket_level_permissions
+    #   Contains information about the bucket level permissions for the S3
+    #   bucket.
+    #   @return [Types::BucketLevelPermissions]
+    #
+    # @!attribute [rw] account_level_permissions
+    #   Contains information about the account level permissions on the S3
+    #   bucket.
+    #   @return [Types::AccountLevelPermissions]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PermissionConfiguration AWS API Documentation
+    #
+    class PermissionConfiguration < Struct.new(
+      :bucket_level_permissions,
+      :account_level_permissions)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3100,6 +3392,7 @@ module Aws::GuardDuty
     class PortProbeAction < Struct.new(
       :blocked,
       :port_probe_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3123,6 +3416,7 @@ module Aws::GuardDuty
       :local_port_details,
       :local_ip_details,
       :remote_ip_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3141,6 +3435,7 @@ module Aws::GuardDuty
     class PrivateIpAddressDetails < Struct.new(
       :private_dns_name,
       :private_ip_address)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3159,6 +3454,28 @@ module Aws::GuardDuty
     class ProductCode < Struct.new(
       :code,
       :product_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the public access policies that apply to the S3 bucket.
+    #
+    # @!attribute [rw] permission_configuration
+    #   Contains information about how permissions are configured for the S3
+    #   bucket.
+    #   @return [Types::PermissionConfiguration]
+    #
+    # @!attribute [rw] effective_permission
+    #   Describes the effective permission on this bucket after factoring
+    #   all attached policies.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PublicAccess AWS API Documentation
+    #
+    class PublicAccess < Struct.new(
+      :permission_configuration,
+      :effective_permission)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3192,6 +3509,7 @@ module Aws::GuardDuty
       :geo_location,
       :ip_address_v4,
       :organization)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3210,6 +3528,7 @@ module Aws::GuardDuty
     class RemotePortDetails < Struct.new(
       :port,
       :port_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3222,6 +3541,10 @@ module Aws::GuardDuty
     #   finding.
     #   @return [Types::AccessKeyDetails]
     #
+    # @!attribute [rw] s3_bucket_details
+    #   Contains information on the S3 bucket.
+    #   @return [Array<Types::S3BucketDetail>]
+    #
     # @!attribute [rw] instance_details
     #   The information about the EC2 instance associated with the activity
     #   that prompted GuardDuty to generate a finding.
@@ -3235,8 +3558,57 @@ module Aws::GuardDuty
     #
     class Resource < Struct.new(
       :access_key_details,
+      :s3_bucket_details,
       :instance_details,
       :resource_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the S3 bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the S3 bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   Describes whether the bucket is a source or destination bucket.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The date and time the bucket was created at.
+    #   @return [Time]
+    #
+    # @!attribute [rw] owner
+    #   The owner of the S3 bucket.
+    #   @return [Types::Owner]
+    #
+    # @!attribute [rw] tags
+    #   All tags attached to the S3 bucket
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] default_server_side_encryption
+    #   Describes the server side encryption method used in the S3 bucket.
+    #   @return [Types::DefaultServerSideEncryption]
+    #
+    # @!attribute [rw] public_access
+    #   Describes the public access policies that apply to the S3 bucket.
+    #   @return [Types::PublicAccess]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/S3BucketDetail AWS API Documentation
+    #
+    class S3BucketDetail < Struct.new(
+      :arn,
+      :name,
+      :type,
+      :created_at,
+      :owner,
+      :tags,
+      :default_server_side_encryption,
+      :public_access)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3256,6 +3628,7 @@ module Aws::GuardDuty
     class SecurityGroup < Struct.new(
       :group_id,
       :group_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3316,6 +3689,7 @@ module Aws::GuardDuty
       :resource_role,
       :service_name,
       :user_feedback)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3343,6 +3717,7 @@ module Aws::GuardDuty
     class SortCriteria < Struct.new(
       :attribute_name,
       :order_by)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3369,6 +3744,7 @@ module Aws::GuardDuty
     class StartMonitoringMembersRequest < Struct.new(
       :detector_id,
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3381,6 +3757,7 @@ module Aws::GuardDuty
     #
     class StartMonitoringMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3406,6 +3783,7 @@ module Aws::GuardDuty
     class StopMonitoringMembersRequest < Struct.new(
       :detector_id,
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3419,6 +3797,7 @@ module Aws::GuardDuty
     #
     class StopMonitoringMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3437,6 +3816,7 @@ module Aws::GuardDuty
     class Tag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3464,6 +3844,7 @@ module Aws::GuardDuty
     class TagResourceRequest < Struct.new(
       :resource_arn,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3488,6 +3869,7 @@ module Aws::GuardDuty
     class ThreatIntelligenceDetail < Struct.new(
       :threat_list_name,
       :threat_names)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3512,6 +3894,7 @@ module Aws::GuardDuty
     class UnarchiveFindingsRequest < Struct.new(
       :detector_id,
       :finding_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3534,6 +3917,7 @@ module Aws::GuardDuty
     class UnprocessedAccount < Struct.new(
       :account_id,
       :result)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3558,6 +3942,7 @@ module Aws::GuardDuty
     class UntagResourceRequest < Struct.new(
       :resource_arn,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3593,6 +3978,7 @@ module Aws::GuardDuty
       :detector_id,
       :enable,
       :finding_publishing_frequency)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3667,6 +4053,7 @@ module Aws::GuardDuty
       :action,
       :rank,
       :finding_criteria)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3678,6 +4065,7 @@ module Aws::GuardDuty
     #
     class UpdateFilterResponse < Struct.new(
       :name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3716,6 +4104,7 @@ module Aws::GuardDuty
       :finding_ids,
       :feedback,
       :comments)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3748,7 +4137,8 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] location
-    #   The updated URI of the file that contains the IPSet. For example: .
+    #   The updated URI of the file that contains the IPSet. For example:
+    #   https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #   @return [String]
     #
     # @!attribute [rw] activate
@@ -3764,6 +4154,7 @@ module Aws::GuardDuty
       :name,
       :location,
       :activate)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3793,6 +4184,7 @@ module Aws::GuardDuty
     class UpdateOrganizationConfigurationRequest < Struct.new(
       :detector_id,
       :auto_enable)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3832,6 +4224,7 @@ module Aws::GuardDuty
       :detector_id,
       :destination_id,
       :destination_properties)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3867,7 +4260,7 @@ module Aws::GuardDuty
     #
     # @!attribute [rw] location
     #   The updated URI of the file that contains the ThreateIntelSet. For
-    #   example: .
+    #   example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
     #   @return [String]
     #
     # @!attribute [rw] activate
@@ -3883,6 +4276,7 @@ module Aws::GuardDuty
       :name,
       :location,
       :activate)
+      SENSITIVE = []
       include Aws::Structure
     end