aws-sdk-guardduty 1.53.0 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 17b3f3bea4ddcd2bc98bb6358d91e3deeacbdcc1624ebc046970b8f2ec814498
4
- data.tar.gz: 4a2a233baf7377d8ca1d48fb0ca6f1330a7ac1db47dbb99a229f744ffe5d5cda
3
+ metadata.gz: e147e69f8acd9cb6dd498c5a69df832b4e7d0fb43325ddac96f12077bcf98909
4
+ data.tar.gz: '090cbcb445fcba86d7b7f0e1eaa8cbef74370ff8c037e581004d4e8afce02358'
5
5
  SHA512:
6
- metadata.gz: 19541da8bdeb995280d58b013c01a97d77e0624f78e95e7221de1f1e6c1a517abfea62c3ed45f5489c83096fdb0a02a1d599292ff845b5b1461b16fb107c9076
7
- data.tar.gz: b3aa2a323a1eb62110fa1e15ffd30cedc5ad428b400447e282e03cd73fdfcf94278aad93978fe8c78fc1926a3edb3dcd24298f0df7f5766f1a8cb00e36e65a92
6
+ metadata.gz: 902aeb9916eebf8e0e4b1ac9f8a5db1ef0d4fd1f40a06a1fa0616b86b7ae055acf1fa7db6eab0b67bb8e39f313b99d236e8f51267c735476f57ba5653f6c0c6b
7
+ data.tar.gz: 46deb062685b564f8cf90ee5dbb327c189bab832d49e95d900c487186305d75369e10b1a2a255857dd8276ad67f18146efa4812cf47302bcf83ec1c2910af694
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.54.0 (2022-01-25)
5
+ ------------------
6
+
7
+ * Feature - Amazon GuardDuty expands threat detection coverage to protect Amazon Elastic Kubernetes Service (EKS) workloads.
8
+
4
9
  1.53.0 (2022-01-20)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.53.0
1
+ 1.54.0
@@ -451,6 +451,11 @@ module Aws::GuardDuty
451
451
  # s3_logs: {
452
452
  # enable: false, # required
453
453
  # },
454
+ # kubernetes: {
455
+ # audit_logs: { # required
456
+ # enable: false, # required
457
+ # },
458
+ # },
454
459
  # },
455
460
  # tags: {
456
461
  # "TagKey" => "TagValue",
@@ -1202,6 +1207,7 @@ module Aws::GuardDuty
1202
1207
  # resp.auto_enable #=> Boolean
1203
1208
  # resp.member_account_limit_reached #=> Boolean
1204
1209
  # resp.data_sources.s3_logs.auto_enable #=> Boolean
1210
+ # resp.data_sources.kubernetes.audit_logs.auto_enable #=> Boolean
1205
1211
  #
1206
1212
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeOrganizationConfiguration AWS API Documentation
1207
1213
  #
@@ -1395,6 +1401,7 @@ module Aws::GuardDuty
1395
1401
  # resp.data_sources.dns_logs.status #=> String, one of "ENABLED", "DISABLED"
1396
1402
  # resp.data_sources.flow_logs.status #=> String, one of "ENABLED", "DISABLED"
1397
1403
  # resp.data_sources.s3_logs.status #=> String, one of "ENABLED", "DISABLED"
1404
+ # resp.data_sources.kubernetes.audit_logs.status #=> String, one of "ENABLED", "DISABLED"
1398
1405
  # resp.tags #=> Hash
1399
1406
  # resp.tags["TagKey"] #=> String
1400
1407
  #
@@ -1565,6 +1572,36 @@ module Aws::GuardDuty
1565
1572
  # resp.findings[0].resource.instance_details.tags #=> Array
1566
1573
  # resp.findings[0].resource.instance_details.tags[0].key #=> String
1567
1574
  # resp.findings[0].resource.instance_details.tags[0].value #=> String
1575
+ # resp.findings[0].resource.eks_cluster_details.name #=> String
1576
+ # resp.findings[0].resource.eks_cluster_details.arn #=> String
1577
+ # resp.findings[0].resource.eks_cluster_details.vpc_id #=> String
1578
+ # resp.findings[0].resource.eks_cluster_details.status #=> String
1579
+ # resp.findings[0].resource.eks_cluster_details.tags #=> Array
1580
+ # resp.findings[0].resource.eks_cluster_details.tags[0].key #=> String
1581
+ # resp.findings[0].resource.eks_cluster_details.tags[0].value #=> String
1582
+ # resp.findings[0].resource.eks_cluster_details.created_at #=> Time
1583
+ # resp.findings[0].resource.kubernetes_details.kubernetes_user_details.username #=> String
1584
+ # resp.findings[0].resource.kubernetes_details.kubernetes_user_details.uid #=> String
1585
+ # resp.findings[0].resource.kubernetes_details.kubernetes_user_details.groups #=> Array
1586
+ # resp.findings[0].resource.kubernetes_details.kubernetes_user_details.groups[0] #=> String
1587
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.name #=> String
1588
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.type #=> String
1589
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.uid #=> String
1590
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.namespace #=> String
1591
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.host_network #=> Boolean
1592
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers #=> Array
1593
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].container_runtime #=> String
1594
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].id #=> String
1595
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].name #=> String
1596
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].image #=> String
1597
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].image_prefix #=> String
1598
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts #=> Array
1599
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts[0].name #=> String
1600
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts[0].mount_path #=> String
1601
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].security_context.privileged #=> Boolean
1602
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes #=> Array
1603
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes[0].name #=> String
1604
+ # resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes[0].host_path.path #=> String
1568
1605
  # resp.findings[0].resource.resource_type #=> String
1569
1606
  # resp.findings[0].schema_version #=> String
1570
1607
  # resp.findings[0].service.action.action_type #=> String
@@ -1572,6 +1609,7 @@ module Aws::GuardDuty
1572
1609
  # resp.findings[0].service.action.aws_api_call_action.caller_type #=> String
1573
1610
  # resp.findings[0].service.action.aws_api_call_action.domain_details.domain #=> String
1574
1611
  # resp.findings[0].service.action.aws_api_call_action.error_code #=> String
1612
+ # resp.findings[0].service.action.aws_api_call_action.user_agent #=> String
1575
1613
  # resp.findings[0].service.action.aws_api_call_action.remote_ip_details.city.city_name #=> String
1576
1614
  # resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_code #=> String
1577
1615
  # resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_name #=> String
@@ -1619,6 +1657,23 @@ module Aws::GuardDuty
1619
1657
  # resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn_org #=> String
1620
1658
  # resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.isp #=> String
1621
1659
  # resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.org #=> String
1660
+ # resp.findings[0].service.action.kubernetes_api_call_action.request_uri #=> String
1661
+ # resp.findings[0].service.action.kubernetes_api_call_action.verb #=> String
1662
+ # resp.findings[0].service.action.kubernetes_api_call_action.source_ips #=> Array
1663
+ # resp.findings[0].service.action.kubernetes_api_call_action.source_ips[0] #=> String
1664
+ # resp.findings[0].service.action.kubernetes_api_call_action.user_agent #=> String
1665
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.city.city_name #=> String
1666
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.country.country_code #=> String
1667
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.country.country_name #=> String
1668
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.geo_location.lat #=> Float
1669
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.geo_location.lon #=> Float
1670
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.ip_address_v4 #=> String
1671
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn #=> String
1672
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn_org #=> String
1673
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.isp #=> String
1674
+ # resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.org #=> String
1675
+ # resp.findings[0].service.action.kubernetes_api_call_action.status_code #=> Integer
1676
+ # resp.findings[0].service.action.kubernetes_api_call_action.parameters #=> String
1622
1677
  # resp.findings[0].service.evidence.threat_intelligence_details #=> Array
1623
1678
  # resp.findings[0].service.evidence.threat_intelligence_details[0].threat_list_name #=> String
1624
1679
  # resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names #=> Array
@@ -1824,6 +1879,7 @@ module Aws::GuardDuty
1824
1879
  # resp.member_data_source_configurations[0].data_sources.dns_logs.status #=> String, one of "ENABLED", "DISABLED"
1825
1880
  # resp.member_data_source_configurations[0].data_sources.flow_logs.status #=> String, one of "ENABLED", "DISABLED"
1826
1881
  # resp.member_data_source_configurations[0].data_sources.s3_logs.status #=> String, one of "ENABLED", "DISABLED"
1882
+ # resp.member_data_source_configurations[0].data_sources.kubernetes.audit_logs.status #=> String, one of "ENABLED", "DISABLED"
1827
1883
  # resp.unprocessed_accounts #=> Array
1828
1884
  # resp.unprocessed_accounts[0].account_id #=> String
1829
1885
  # resp.unprocessed_accounts[0].result #=> String
@@ -1975,7 +2031,7 @@ module Aws::GuardDuty
1975
2031
  # usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
1976
2032
  # usage_criteria: { # required
1977
2033
  # account_ids: ["AccountId"],
1978
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS
2034
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
1979
2035
  # resources: ["String"],
1980
2036
  # },
1981
2037
  # unit: "String",
@@ -1990,7 +2046,7 @@ module Aws::GuardDuty
1990
2046
  # resp.usage_statistics.sum_by_account[0].total.amount #=> String
1991
2047
  # resp.usage_statistics.sum_by_account[0].total.unit #=> String
1992
2048
  # resp.usage_statistics.sum_by_data_source #=> Array
1993
- # resp.usage_statistics.sum_by_data_source[0].data_source #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_LOGS"
2049
+ # resp.usage_statistics.sum_by_data_source[0].data_source #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_LOGS", "KUBERNETES_AUDIT_LOGS"
1994
2050
  # resp.usage_statistics.sum_by_data_source[0].total.amount #=> String
1995
2051
  # resp.usage_statistics.sum_by_data_source[0].total.unit #=> String
1996
2052
  # resp.usage_statistics.sum_by_resource #=> Array
@@ -2846,6 +2902,11 @@ module Aws::GuardDuty
2846
2902
  # s3_logs: {
2847
2903
  # enable: false, # required
2848
2904
  # },
2905
+ # kubernetes: {
2906
+ # audit_logs: { # required
2907
+ # enable: false, # required
2908
+ # },
2909
+ # },
2849
2910
  # },
2850
2911
  # })
2851
2912
  #
@@ -3027,6 +3088,11 @@ module Aws::GuardDuty
3027
3088
  # s3_logs: {
3028
3089
  # enable: false, # required
3029
3090
  # },
3091
+ # kubernetes: {
3092
+ # audit_logs: { # required
3093
+ # enable: false, # required
3094
+ # },
3095
+ # },
3030
3096
  # },
3031
3097
  # })
3032
3098
  #
@@ -3068,6 +3134,11 @@ module Aws::GuardDuty
3068
3134
  # s3_logs: {
3069
3135
  # auto_enable: false, # required
3070
3136
  # },
3137
+ # kubernetes: {
3138
+ # audit_logs: { # required
3139
+ # auto_enable: false, # required
3140
+ # },
3141
+ # },
3071
3142
  # },
3072
3143
  # })
3073
3144
  #
@@ -3171,7 +3242,7 @@ module Aws::GuardDuty
3171
3242
  params: params,
3172
3243
  config: config)
3173
3244
  context[:gem_name] = 'aws-sdk-guardduty'
3174
- context[:gem_version] = '1.53.0'
3245
+ context[:gem_version] = '1.54.0'
3175
3246
  Seahorse::Client::Request.new(handlers, context)
3176
3247
  end
3177
3248
 
@@ -38,6 +38,8 @@ module Aws::GuardDuty
38
38
  ClientToken = Shapes::StringShape.new(name: 'ClientToken')
39
39
  CloudTrailConfigurationResult = Shapes::StructureShape.new(name: 'CloudTrailConfigurationResult')
40
40
  Condition = Shapes::StructureShape.new(name: 'Condition')
41
+ Container = Shapes::StructureShape.new(name: 'Container')
42
+ Containers = Shapes::ListShape.new(name: 'Containers')
41
43
  CountBySeverity = Shapes::MapShape.new(name: 'CountBySeverity')
42
44
  Country = Shapes::StructureShape.new(name: 'Country')
43
45
  CreateDetectorRequest = Shapes::StructureShape.new(name: 'CreateDetectorRequest')
@@ -98,6 +100,7 @@ module Aws::GuardDuty
98
100
  DnsRequestAction = Shapes::StructureShape.new(name: 'DnsRequestAction')
99
101
  DomainDetails = Shapes::StructureShape.new(name: 'DomainDetails')
100
102
  Double = Shapes::FloatShape.new(name: 'Double')
103
+ EksClusterDetails = Shapes::StructureShape.new(name: 'EksClusterDetails')
101
104
  Email = Shapes::StringShape.new(name: 'Email')
102
105
  EnableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountRequest')
103
106
  EnableOrganizationAdminAccountResponse = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountResponse')
@@ -145,7 +148,9 @@ module Aws::GuardDuty
145
148
  GetThreatIntelSetResponse = Shapes::StructureShape.new(name: 'GetThreatIntelSetResponse')
146
149
  GetUsageStatisticsRequest = Shapes::StructureShape.new(name: 'GetUsageStatisticsRequest')
147
150
  GetUsageStatisticsResponse = Shapes::StructureShape.new(name: 'GetUsageStatisticsResponse')
151
+ Groups = Shapes::ListShape.new(name: 'Groups')
148
152
  GuardDutyArn = Shapes::StringShape.new(name: 'GuardDutyArn')
153
+ HostPath = Shapes::StructureShape.new(name: 'HostPath')
149
154
  IamInstanceProfile = Shapes::StructureShape.new(name: 'IamInstanceProfile')
150
155
  InstanceDetails = Shapes::StructureShape.new(name: 'InstanceDetails')
151
156
  Integer = Shapes::IntegerShape.new(name: 'Integer')
@@ -158,6 +163,14 @@ module Aws::GuardDuty
158
163
  IpSetIds = Shapes::ListShape.new(name: 'IpSetIds')
159
164
  IpSetStatus = Shapes::StringShape.new(name: 'IpSetStatus')
160
165
  Ipv6Addresses = Shapes::ListShape.new(name: 'Ipv6Addresses')
166
+ KubernetesApiCallAction = Shapes::StructureShape.new(name: 'KubernetesApiCallAction')
167
+ KubernetesAuditLogsConfiguration = Shapes::StructureShape.new(name: 'KubernetesAuditLogsConfiguration')
168
+ KubernetesAuditLogsConfigurationResult = Shapes::StructureShape.new(name: 'KubernetesAuditLogsConfigurationResult')
169
+ KubernetesConfiguration = Shapes::StructureShape.new(name: 'KubernetesConfiguration')
170
+ KubernetesConfigurationResult = Shapes::StructureShape.new(name: 'KubernetesConfigurationResult')
171
+ KubernetesDetails = Shapes::StructureShape.new(name: 'KubernetesDetails')
172
+ KubernetesUserDetails = Shapes::StructureShape.new(name: 'KubernetesUserDetails')
173
+ KubernetesWorkloadDetails = Shapes::StructureShape.new(name: 'KubernetesWorkloadDetails')
161
174
  ListDetectorsRequest = Shapes::StructureShape.new(name: 'ListDetectorsRequest')
162
175
  ListDetectorsResponse = Shapes::StructureShape.new(name: 'ListDetectorsResponse')
163
176
  ListFiltersRequest = Shapes::StructureShape.new(name: 'ListFiltersRequest')
@@ -198,6 +211,10 @@ module Aws::GuardDuty
198
211
  Organization = Shapes::StructureShape.new(name: 'Organization')
199
212
  OrganizationDataSourceConfigurations = Shapes::StructureShape.new(name: 'OrganizationDataSourceConfigurations')
200
213
  OrganizationDataSourceConfigurationsResult = Shapes::StructureShape.new(name: 'OrganizationDataSourceConfigurationsResult')
214
+ OrganizationKubernetesAuditLogsConfiguration = Shapes::StructureShape.new(name: 'OrganizationKubernetesAuditLogsConfiguration')
215
+ OrganizationKubernetesAuditLogsConfigurationResult = Shapes::StructureShape.new(name: 'OrganizationKubernetesAuditLogsConfigurationResult')
216
+ OrganizationKubernetesConfiguration = Shapes::StructureShape.new(name: 'OrganizationKubernetesConfiguration')
217
+ OrganizationKubernetesConfigurationResult = Shapes::StructureShape.new(name: 'OrganizationKubernetesConfigurationResult')
201
218
  OrganizationS3LogsConfiguration = Shapes::StructureShape.new(name: 'OrganizationS3LogsConfiguration')
202
219
  OrganizationS3LogsConfigurationResult = Shapes::StructureShape.new(name: 'OrganizationS3LogsConfigurationResult')
203
220
  Owner = Shapes::StructureShape.new(name: 'Owner')
@@ -220,10 +237,12 @@ module Aws::GuardDuty
220
237
  S3BucketDetails = Shapes::ListShape.new(name: 'S3BucketDetails')
221
238
  S3LogsConfiguration = Shapes::StructureShape.new(name: 'S3LogsConfiguration')
222
239
  S3LogsConfigurationResult = Shapes::StructureShape.new(name: 'S3LogsConfigurationResult')
240
+ SecurityContext = Shapes::StructureShape.new(name: 'SecurityContext')
223
241
  SecurityGroup = Shapes::StructureShape.new(name: 'SecurityGroup')
224
242
  SecurityGroups = Shapes::ListShape.new(name: 'SecurityGroups')
225
243
  Service = Shapes::StructureShape.new(name: 'Service')
226
244
  SortCriteria = Shapes::StructureShape.new(name: 'SortCriteria')
245
+ SourceIps = Shapes::ListShape.new(name: 'SourceIps')
227
246
  StartMonitoringMembersRequest = Shapes::StructureShape.new(name: 'StartMonitoringMembersRequest')
228
247
  StartMonitoringMembersResponse = Shapes::StructureShape.new(name: 'StartMonitoringMembersResponse')
229
248
  StopMonitoringMembersRequest = Shapes::StructureShape.new(name: 'StopMonitoringMembersRequest')
@@ -276,6 +295,10 @@ module Aws::GuardDuty
276
295
  UsageResourceResultList = Shapes::ListShape.new(name: 'UsageResourceResultList')
277
296
  UsageStatisticType = Shapes::StringShape.new(name: 'UsageStatisticType')
278
297
  UsageStatistics = Shapes::StructureShape.new(name: 'UsageStatistics')
298
+ Volume = Shapes::StructureShape.new(name: 'Volume')
299
+ VolumeMount = Shapes::StructureShape.new(name: 'VolumeMount')
300
+ VolumeMounts = Shapes::ListShape.new(name: 'VolumeMounts')
301
+ Volumes = Shapes::ListShape.new(name: 'Volumes')
279
302
 
280
303
  AcceptInvitationRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "detectorId"))
281
304
  AcceptInvitationRequest.add_member(:master_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "masterId"))
@@ -310,6 +333,7 @@ module Aws::GuardDuty
310
333
  Action.add_member(:dns_request_action, Shapes::ShapeRef.new(shape: DnsRequestAction, location_name: "dnsRequestAction"))
311
334
  Action.add_member(:network_connection_action, Shapes::ShapeRef.new(shape: NetworkConnectionAction, location_name: "networkConnectionAction"))
312
335
  Action.add_member(:port_probe_action, Shapes::ShapeRef.new(shape: PortProbeAction, location_name: "portProbeAction"))
336
+ Action.add_member(:kubernetes_api_call_action, Shapes::ShapeRef.new(shape: KubernetesApiCallAction, location_name: "kubernetesApiCallAction"))
313
337
  Action.struct_class = Types::Action
314
338
 
315
339
  AdminAccount.add_member(:admin_account_id, Shapes::ShapeRef.new(shape: String, location_name: "adminAccountId"))
@@ -328,6 +352,7 @@ module Aws::GuardDuty
328
352
  AwsApiCallAction.add_member(:caller_type, Shapes::ShapeRef.new(shape: String, location_name: "callerType"))
329
353
  AwsApiCallAction.add_member(:domain_details, Shapes::ShapeRef.new(shape: DomainDetails, location_name: "domainDetails"))
330
354
  AwsApiCallAction.add_member(:error_code, Shapes::ShapeRef.new(shape: String, location_name: "errorCode"))
355
+ AwsApiCallAction.add_member(:user_agent, Shapes::ShapeRef.new(shape: String, location_name: "userAgent"))
331
356
  AwsApiCallAction.add_member(:remote_ip_details, Shapes::ShapeRef.new(shape: RemoteIpDetails, location_name: "remoteIpDetails"))
332
357
  AwsApiCallAction.add_member(:service_name, Shapes::ShapeRef.new(shape: String, location_name: "serviceName"))
333
358
  AwsApiCallAction.add_member(:remote_account_details, Shapes::ShapeRef.new(shape: RemoteAccountDetails, location_name: "remoteAccountDetails"))
@@ -372,6 +397,17 @@ module Aws::GuardDuty
372
397
  Condition.add_member(:less_than_or_equal, Shapes::ShapeRef.new(shape: Long, location_name: "lessThanOrEqual"))
373
398
  Condition.struct_class = Types::Condition
374
399
 
400
+ Container.add_member(:container_runtime, Shapes::ShapeRef.new(shape: String, location_name: "containerRuntime"))
401
+ Container.add_member(:id, Shapes::ShapeRef.new(shape: String, location_name: "id"))
402
+ Container.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
403
+ Container.add_member(:image, Shapes::ShapeRef.new(shape: String, location_name: "image"))
404
+ Container.add_member(:image_prefix, Shapes::ShapeRef.new(shape: String, location_name: "imagePrefix"))
405
+ Container.add_member(:volume_mounts, Shapes::ShapeRef.new(shape: VolumeMounts, location_name: "volumeMounts"))
406
+ Container.add_member(:security_context, Shapes::ShapeRef.new(shape: SecurityContext, location_name: "securityContext"))
407
+ Container.struct_class = Types::Container
408
+
409
+ Containers.member = Shapes::ShapeRef.new(shape: Container)
410
+
375
411
  CountBySeverity.key = Shapes::ShapeRef.new(shape: String)
376
412
  CountBySeverity.value = Shapes::ShapeRef.new(shape: Integer)
377
413
 
@@ -455,12 +491,14 @@ module Aws::GuardDuty
455
491
  DNSLogsConfigurationResult.struct_class = Types::DNSLogsConfigurationResult
456
492
 
457
493
  DataSourceConfigurations.add_member(:s3_logs, Shapes::ShapeRef.new(shape: S3LogsConfiguration, location_name: "s3Logs"))
494
+ DataSourceConfigurations.add_member(:kubernetes, Shapes::ShapeRef.new(shape: KubernetesConfiguration, location_name: "kubernetes"))
458
495
  DataSourceConfigurations.struct_class = Types::DataSourceConfigurations
459
496
 
460
497
  DataSourceConfigurationsResult.add_member(:cloud_trail, Shapes::ShapeRef.new(shape: CloudTrailConfigurationResult, required: true, location_name: "cloudTrail"))
461
498
  DataSourceConfigurationsResult.add_member(:dns_logs, Shapes::ShapeRef.new(shape: DNSLogsConfigurationResult, required: true, location_name: "dnsLogs"))
462
499
  DataSourceConfigurationsResult.add_member(:flow_logs, Shapes::ShapeRef.new(shape: FlowLogsConfigurationResult, required: true, location_name: "flowLogs"))
463
500
  DataSourceConfigurationsResult.add_member(:s3_logs, Shapes::ShapeRef.new(shape: S3LogsConfigurationResult, required: true, location_name: "s3Logs"))
501
+ DataSourceConfigurationsResult.add_member(:kubernetes, Shapes::ShapeRef.new(shape: KubernetesConfigurationResult, location_name: "kubernetes"))
464
502
  DataSourceConfigurationsResult.struct_class = Types::DataSourceConfigurationsResult
465
503
 
466
504
  DataSourceList.member = Shapes::ShapeRef.new(shape: DataSource)
@@ -572,6 +610,14 @@ module Aws::GuardDuty
572
610
  DomainDetails.add_member(:domain, Shapes::ShapeRef.new(shape: String, location_name: "domain"))
573
611
  DomainDetails.struct_class = Types::DomainDetails
574
612
 
613
+ EksClusterDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
614
+ EksClusterDetails.add_member(:arn, Shapes::ShapeRef.new(shape: String, location_name: "arn"))
615
+ EksClusterDetails.add_member(:vpc_id, Shapes::ShapeRef.new(shape: String, location_name: "vpcId"))
616
+ EksClusterDetails.add_member(:status, Shapes::ShapeRef.new(shape: String, location_name: "status"))
617
+ EksClusterDetails.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "tags"))
618
+ EksClusterDetails.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "createdAt"))
619
+ EksClusterDetails.struct_class = Types::EksClusterDetails
620
+
575
621
  EnableOrganizationAdminAccountRequest.add_member(:admin_account_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "adminAccountId"))
576
622
  EnableOrganizationAdminAccountRequest.struct_class = Types::EnableOrganizationAdminAccountRequest
577
623
 
@@ -725,6 +771,11 @@ module Aws::GuardDuty
725
771
  GetUsageStatisticsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
726
772
  GetUsageStatisticsResponse.struct_class = Types::GetUsageStatisticsResponse
727
773
 
774
+ Groups.member = Shapes::ShapeRef.new(shape: String)
775
+
776
+ HostPath.add_member(:path, Shapes::ShapeRef.new(shape: String, location_name: "path"))
777
+ HostPath.struct_class = Types::HostPath
778
+
728
779
  IamInstanceProfile.add_member(:arn, Shapes::ShapeRef.new(shape: String, location_name: "arn"))
729
780
  IamInstanceProfile.add_member(:id, Shapes::ShapeRef.new(shape: String, location_name: "id"))
730
781
  IamInstanceProfile.struct_class = Types::IamInstanceProfile
@@ -769,6 +820,45 @@ module Aws::GuardDuty
769
820
 
770
821
  Ipv6Addresses.member = Shapes::ShapeRef.new(shape: String)
771
822
 
823
+ KubernetesApiCallAction.add_member(:request_uri, Shapes::ShapeRef.new(shape: String, location_name: "requestUri"))
824
+ KubernetesApiCallAction.add_member(:verb, Shapes::ShapeRef.new(shape: String, location_name: "verb"))
825
+ KubernetesApiCallAction.add_member(:source_ips, Shapes::ShapeRef.new(shape: SourceIps, location_name: "sourceIps"))
826
+ KubernetesApiCallAction.add_member(:user_agent, Shapes::ShapeRef.new(shape: String, location_name: "userAgent"))
827
+ KubernetesApiCallAction.add_member(:remote_ip_details, Shapes::ShapeRef.new(shape: RemoteIpDetails, location_name: "remoteIpDetails"))
828
+ KubernetesApiCallAction.add_member(:status_code, Shapes::ShapeRef.new(shape: Integer, location_name: "statusCode"))
829
+ KubernetesApiCallAction.add_member(:parameters, Shapes::ShapeRef.new(shape: String, location_name: "parameters"))
830
+ KubernetesApiCallAction.struct_class = Types::KubernetesApiCallAction
831
+
832
+ KubernetesAuditLogsConfiguration.add_member(:enable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "enable"))
833
+ KubernetesAuditLogsConfiguration.struct_class = Types::KubernetesAuditLogsConfiguration
834
+
835
+ KubernetesAuditLogsConfigurationResult.add_member(:status, Shapes::ShapeRef.new(shape: DataSourceStatus, required: true, location_name: "status"))
836
+ KubernetesAuditLogsConfigurationResult.struct_class = Types::KubernetesAuditLogsConfigurationResult
837
+
838
+ KubernetesConfiguration.add_member(:audit_logs, Shapes::ShapeRef.new(shape: KubernetesAuditLogsConfiguration, required: true, location_name: "auditLogs"))
839
+ KubernetesConfiguration.struct_class = Types::KubernetesConfiguration
840
+
841
+ KubernetesConfigurationResult.add_member(:audit_logs, Shapes::ShapeRef.new(shape: KubernetesAuditLogsConfigurationResult, required: true, location_name: "auditLogs"))
842
+ KubernetesConfigurationResult.struct_class = Types::KubernetesConfigurationResult
843
+
844
+ KubernetesDetails.add_member(:kubernetes_user_details, Shapes::ShapeRef.new(shape: KubernetesUserDetails, location_name: "kubernetesUserDetails"))
845
+ KubernetesDetails.add_member(:kubernetes_workload_details, Shapes::ShapeRef.new(shape: KubernetesWorkloadDetails, location_name: "kubernetesWorkloadDetails"))
846
+ KubernetesDetails.struct_class = Types::KubernetesDetails
847
+
848
+ KubernetesUserDetails.add_member(:username, Shapes::ShapeRef.new(shape: String, location_name: "username"))
849
+ KubernetesUserDetails.add_member(:uid, Shapes::ShapeRef.new(shape: String, location_name: "uid"))
850
+ KubernetesUserDetails.add_member(:groups, Shapes::ShapeRef.new(shape: Groups, location_name: "groups"))
851
+ KubernetesUserDetails.struct_class = Types::KubernetesUserDetails
852
+
853
+ KubernetesWorkloadDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
854
+ KubernetesWorkloadDetails.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "type"))
855
+ KubernetesWorkloadDetails.add_member(:uid, Shapes::ShapeRef.new(shape: String, location_name: "uid"))
856
+ KubernetesWorkloadDetails.add_member(:namespace, Shapes::ShapeRef.new(shape: String, location_name: "namespace"))
857
+ KubernetesWorkloadDetails.add_member(:host_network, Shapes::ShapeRef.new(shape: Boolean, location_name: "hostNetwork"))
858
+ KubernetesWorkloadDetails.add_member(:containers, Shapes::ShapeRef.new(shape: Containers, location_name: "containers"))
859
+ KubernetesWorkloadDetails.add_member(:volumes, Shapes::ShapeRef.new(shape: Volumes, location_name: "volumes"))
860
+ KubernetesWorkloadDetails.struct_class = Types::KubernetesWorkloadDetails
861
+
772
862
  ListDetectorsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "maxResults"))
773
863
  ListDetectorsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
774
864
  ListDetectorsRequest.struct_class = Types::ListDetectorsRequest
@@ -920,11 +1010,25 @@ module Aws::GuardDuty
920
1010
  Organization.struct_class = Types::Organization
921
1011
 
922
1012
  OrganizationDataSourceConfigurations.add_member(:s3_logs, Shapes::ShapeRef.new(shape: OrganizationS3LogsConfiguration, location_name: "s3Logs"))
1013
+ OrganizationDataSourceConfigurations.add_member(:kubernetes, Shapes::ShapeRef.new(shape: OrganizationKubernetesConfiguration, location_name: "kubernetes"))
923
1014
  OrganizationDataSourceConfigurations.struct_class = Types::OrganizationDataSourceConfigurations
924
1015
 
925
1016
  OrganizationDataSourceConfigurationsResult.add_member(:s3_logs, Shapes::ShapeRef.new(shape: OrganizationS3LogsConfigurationResult, required: true, location_name: "s3Logs"))
1017
+ OrganizationDataSourceConfigurationsResult.add_member(:kubernetes, Shapes::ShapeRef.new(shape: OrganizationKubernetesConfigurationResult, location_name: "kubernetes"))
926
1018
  OrganizationDataSourceConfigurationsResult.struct_class = Types::OrganizationDataSourceConfigurationsResult
927
1019
 
1020
+ OrganizationKubernetesAuditLogsConfiguration.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "autoEnable"))
1021
+ OrganizationKubernetesAuditLogsConfiguration.struct_class = Types::OrganizationKubernetesAuditLogsConfiguration
1022
+
1023
+ OrganizationKubernetesAuditLogsConfigurationResult.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "autoEnable"))
1024
+ OrganizationKubernetesAuditLogsConfigurationResult.struct_class = Types::OrganizationKubernetesAuditLogsConfigurationResult
1025
+
1026
+ OrganizationKubernetesConfiguration.add_member(:audit_logs, Shapes::ShapeRef.new(shape: OrganizationKubernetesAuditLogsConfiguration, required: true, location_name: "auditLogs"))
1027
+ OrganizationKubernetesConfiguration.struct_class = Types::OrganizationKubernetesConfiguration
1028
+
1029
+ OrganizationKubernetesConfigurationResult.add_member(:audit_logs, Shapes::ShapeRef.new(shape: OrganizationKubernetesAuditLogsConfigurationResult, required: true, location_name: "auditLogs"))
1030
+ OrganizationKubernetesConfigurationResult.struct_class = Types::OrganizationKubernetesConfigurationResult
1031
+
928
1032
  OrganizationS3LogsConfiguration.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "autoEnable"))
929
1033
  OrganizationS3LogsConfiguration.struct_class = Types::OrganizationS3LogsConfiguration
930
1034
 
@@ -983,6 +1087,8 @@ module Aws::GuardDuty
983
1087
  Resource.add_member(:access_key_details, Shapes::ShapeRef.new(shape: AccessKeyDetails, location_name: "accessKeyDetails"))
984
1088
  Resource.add_member(:s3_bucket_details, Shapes::ShapeRef.new(shape: S3BucketDetails, location_name: "s3BucketDetails"))
985
1089
  Resource.add_member(:instance_details, Shapes::ShapeRef.new(shape: InstanceDetails, location_name: "instanceDetails"))
1090
+ Resource.add_member(:eks_cluster_details, Shapes::ShapeRef.new(shape: EksClusterDetails, location_name: "eksClusterDetails"))
1091
+ Resource.add_member(:kubernetes_details, Shapes::ShapeRef.new(shape: KubernetesDetails, location_name: "kubernetesDetails"))
986
1092
  Resource.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, location_name: "resourceType"))
987
1093
  Resource.struct_class = Types::Resource
988
1094
 
@@ -1006,6 +1112,9 @@ module Aws::GuardDuty
1006
1112
  S3LogsConfigurationResult.add_member(:status, Shapes::ShapeRef.new(shape: DataSourceStatus, required: true, location_name: "status"))
1007
1113
  S3LogsConfigurationResult.struct_class = Types::S3LogsConfigurationResult
1008
1114
 
1115
+ SecurityContext.add_member(:privileged, Shapes::ShapeRef.new(shape: Boolean, location_name: "privileged"))
1116
+ SecurityContext.struct_class = Types::SecurityContext
1117
+
1009
1118
  SecurityGroup.add_member(:group_id, Shapes::ShapeRef.new(shape: String, location_name: "groupId"))
1010
1119
  SecurityGroup.add_member(:group_name, Shapes::ShapeRef.new(shape: String, location_name: "groupName"))
1011
1120
  SecurityGroup.struct_class = Types::SecurityGroup
@@ -1028,6 +1137,8 @@ module Aws::GuardDuty
1028
1137
  SortCriteria.add_member(:order_by, Shapes::ShapeRef.new(shape: OrderBy, location_name: "orderBy"))
1029
1138
  SortCriteria.struct_class = Types::SortCriteria
1030
1139
 
1140
+ SourceIps.member = Shapes::ShapeRef.new(shape: String)
1141
+
1031
1142
  StartMonitoringMembersRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "detectorId"))
1032
1143
  StartMonitoringMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIds, required: true, location_name: "accountIds"))
1033
1144
  StartMonitoringMembersRequest.struct_class = Types::StartMonitoringMembersRequest
@@ -1187,6 +1298,18 @@ module Aws::GuardDuty
1187
1298
  UsageStatistics.add_member(:top_resources, Shapes::ShapeRef.new(shape: UsageResourceResultList, location_name: "topResources"))
1188
1299
  UsageStatistics.struct_class = Types::UsageStatistics
1189
1300
 
1301
+ Volume.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
1302
+ Volume.add_member(:host_path, Shapes::ShapeRef.new(shape: HostPath, location_name: "hostPath"))
1303
+ Volume.struct_class = Types::Volume
1304
+
1305
+ VolumeMount.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
1306
+ VolumeMount.add_member(:mount_path, Shapes::ShapeRef.new(shape: String, location_name: "mountPath"))
1307
+ VolumeMount.struct_class = Types::VolumeMount
1308
+
1309
+ VolumeMounts.member = Shapes::ShapeRef.new(shape: VolumeMount)
1310
+
1311
+ Volumes.member = Shapes::ShapeRef.new(shape: Volume)
1312
+
1190
1313
 
1191
1314
  # @api private
1192
1315
  API = Seahorse::Model::Api.new.tap do |api|
@@ -165,6 +165,11 @@ module Aws::GuardDuty
165
165
  # Information about the PORT\_PROBE action described in this finding.
166
166
  # @return [Types::PortProbeAction]
167
167
  #
168
+ # @!attribute [rw] kubernetes_api_call_action
169
+ # Information about the Kubernetes API call action described in this
170
+ # finding.
171
+ # @return [Types::KubernetesApiCallAction]
172
+ #
168
173
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Action AWS API Documentation
169
174
  #
170
175
  class Action < Struct.new(
@@ -172,7 +177,8 @@ module Aws::GuardDuty
172
177
  :aws_api_call_action,
173
178
  :dns_request_action,
174
179
  :network_connection_action,
175
- :port_probe_action)
180
+ :port_probe_action,
181
+ :kubernetes_api_call_action)
176
182
  SENSITIVE = []
177
183
  include Aws::Structure
178
184
  end
@@ -246,6 +252,9 @@ module Aws::GuardDuty
246
252
  # The error code of the failed Amazon Web Services API action.
247
253
  # @return [String]
248
254
  #
255
+ # @!attribute [rw] user_agent
256
+ # @return [String]
257
+ #
249
258
  # @!attribute [rw] remote_ip_details
250
259
  # The remote IP information of the connection that initiated the
251
260
  # Amazon Web Services API call.
@@ -268,6 +277,7 @@ module Aws::GuardDuty
268
277
  :caller_type,
269
278
  :domain_details,
270
279
  :error_code,
280
+ :user_agent,
271
281
  :remote_ip_details,
272
282
  :service_name,
273
283
  :remote_account_details)
@@ -507,6 +517,54 @@ module Aws::GuardDuty
507
517
  include Aws::Structure
508
518
  end
509
519
 
520
+ # Details of a container.
521
+ #
522
+ # @!attribute [rw] container_runtime
523
+ # The container runtime (such as, Docker or containerd) used to run
524
+ # the container.
525
+ # @return [String]
526
+ #
527
+ # @!attribute [rw] id
528
+ # Container ID.
529
+ # @return [String]
530
+ #
531
+ # @!attribute [rw] name
532
+ # Container name.
533
+ # @return [String]
534
+ #
535
+ # @!attribute [rw] image
536
+ # Container image.
537
+ # @return [String]
538
+ #
539
+ # @!attribute [rw] image_prefix
540
+ # Part of the image name before the last slash. For example,
541
+ # imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would
542
+ # be public.ecr.aws/amazonlinux. If the image name is relative and
543
+ # does not have a slash, this field is empty.
544
+ # @return [String]
545
+ #
546
+ # @!attribute [rw] volume_mounts
547
+ # Container volume mounts.
548
+ # @return [Array<Types::VolumeMount>]
549
+ #
550
+ # @!attribute [rw] security_context
551
+ # Container security context.
552
+ # @return [Types::SecurityContext]
553
+ #
554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Container AWS API Documentation
555
+ #
556
+ class Container < Struct.new(
557
+ :container_runtime,
558
+ :id,
559
+ :name,
560
+ :image,
561
+ :image_prefix,
562
+ :volume_mounts,
563
+ :security_context)
564
+ SENSITIVE = []
565
+ include Aws::Structure
566
+ end
567
+
510
568
  # Contains information about the country where the remote IP address is
511
569
  # located.
512
570
  #
@@ -538,6 +596,11 @@ module Aws::GuardDuty
538
596
  # s3_logs: {
539
597
  # enable: false, # required
540
598
  # },
599
+ # kubernetes: {
600
+ # audit_logs: { # required
601
+ # enable: false, # required
602
+ # },
603
+ # },
541
604
  # },
542
605
  # tags: {
543
606
  # "TagKey" => "TagValue",
@@ -1125,16 +1188,26 @@ module Aws::GuardDuty
1125
1188
  # s3_logs: {
1126
1189
  # enable: false, # required
1127
1190
  # },
1191
+ # kubernetes: {
1192
+ # audit_logs: { # required
1193
+ # enable: false, # required
1194
+ # },
1195
+ # },
1128
1196
  # }
1129
1197
  #
1130
1198
  # @!attribute [rw] s3_logs
1131
1199
  # Describes whether S3 data event logs are enabled as a data source.
1132
1200
  # @return [Types::S3LogsConfiguration]
1133
1201
  #
1202
+ # @!attribute [rw] kubernetes
1203
+ # Describes whether any Kubernetes logs are enabled as data sources.
1204
+ # @return [Types::KubernetesConfiguration]
1205
+ #
1134
1206
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurations AWS API Documentation
1135
1207
  #
1136
1208
  class DataSourceConfigurations < Struct.new(
1137
- :s3_logs)
1209
+ :s3_logs,
1210
+ :kubernetes)
1138
1211
  SENSITIVE = []
1139
1212
  include Aws::Structure
1140
1213
  end
@@ -1161,13 +1234,19 @@ module Aws::GuardDuty
1161
1234
  # logs as a data source.
1162
1235
  # @return [Types::S3LogsConfigurationResult]
1163
1236
  #
1237
+ # @!attribute [rw] kubernetes
1238
+ # An object that contains information on the status of all Kubernetes
1239
+ # data sources.
1240
+ # @return [Types::KubernetesConfigurationResult]
1241
+ #
1164
1242
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurationsResult AWS API Documentation
1165
1243
  #
1166
1244
  class DataSourceConfigurationsResult < Struct.new(
1167
1245
  :cloud_trail,
1168
1246
  :dns_logs,
1169
1247
  :flow_logs,
1170
- :s3_logs)
1248
+ :s3_logs,
1249
+ :kubernetes)
1171
1250
  SENSITIVE = []
1172
1251
  include Aws::Structure
1173
1252
  end
@@ -1726,6 +1805,45 @@ module Aws::GuardDuty
1726
1805
  include Aws::Structure
1727
1806
  end
1728
1807
 
1808
+ # Details about the EKS cluster involved in a Kubernetes finding.
1809
+ #
1810
+ # @!attribute [rw] name
1811
+ # EKS cluster name.
1812
+ # @return [String]
1813
+ #
1814
+ # @!attribute [rw] arn
1815
+ # EKS cluster ARN.
1816
+ # @return [String]
1817
+ #
1818
+ # @!attribute [rw] vpc_id
1819
+ # The VPC ID to which the EKS cluster is attached.
1820
+ # @return [String]
1821
+ #
1822
+ # @!attribute [rw] status
1823
+ # The EKS cluster status.
1824
+ # @return [String]
1825
+ #
1826
+ # @!attribute [rw] tags
1827
+ # The EKS cluster tags.
1828
+ # @return [Array<Types::Tag>]
1829
+ #
1830
+ # @!attribute [rw] created_at
1831
+ # The timestamp when the EKS cluster was created.
1832
+ # @return [Time]
1833
+ #
1834
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EksClusterDetails AWS API Documentation
1835
+ #
1836
+ class EksClusterDetails < Struct.new(
1837
+ :name,
1838
+ :arn,
1839
+ :vpc_id,
1840
+ :status,
1841
+ :tags,
1842
+ :created_at)
1843
+ SENSITIVE = []
1844
+ include Aws::Structure
1845
+ end
1846
+
1729
1847
  # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
1730
1848
  # data as a hash:
1731
1849
  #
@@ -2434,7 +2552,7 @@ module Aws::GuardDuty
2434
2552
  # usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
2435
2553
  # usage_criteria: { # required
2436
2554
  # account_ids: ["AccountId"],
2437
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS
2555
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
2438
2556
  # resources: ["String"],
2439
2557
  # },
2440
2558
  # unit: "String",
@@ -2504,6 +2622,21 @@ module Aws::GuardDuty
2504
2622
  include Aws::Structure
2505
2623
  end
2506
2624
 
2625
+ # Represents a pre-existing file or directory on the host machine that
2626
+ # the volume maps to.
2627
+ #
2628
+ # @!attribute [rw] path
2629
+ # Path of the file or directory on the host that the volume maps to.
2630
+ # @return [String]
2631
+ #
2632
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HostPath AWS API Documentation
2633
+ #
2634
+ class HostPath < Struct.new(
2635
+ :path)
2636
+ SENSITIVE = []
2637
+ include Aws::Structure
2638
+ end
2639
+
2507
2640
  # Contains information about the EC2 instance profile.
2508
2641
  #
2509
2642
  # @!attribute [rw] arn
@@ -2703,6 +2836,218 @@ module Aws::GuardDuty
2703
2836
  include Aws::Structure
2704
2837
  end
2705
2838
 
2839
+ # Information about the Kubernetes API call action described in this
2840
+ # finding.
2841
+ #
2842
+ # @!attribute [rw] request_uri
2843
+ # The Kubernetes API request URI.
2844
+ # @return [String]
2845
+ #
2846
+ # @!attribute [rw] verb
2847
+ # The Kubernetes API request HTTP verb.
2848
+ # @return [String]
2849
+ #
2850
+ # @!attribute [rw] source_ips
2851
+ # The IP of the Kubernetes API caller and the IPs of any proxies or
2852
+ # load balancers between the caller and the API endpoint.
2853
+ # @return [Array<String>]
2854
+ #
2855
+ # @!attribute [rw] user_agent
2856
+ # The user agent of the caller of the Kubernetes API.
2857
+ # @return [String]
2858
+ #
2859
+ # @!attribute [rw] remote_ip_details
2860
+ # Contains information about the remote IP address of the connection.
2861
+ # @return [Types::RemoteIpDetails]
2862
+ #
2863
+ # @!attribute [rw] status_code
2864
+ # The resulting HTTP response code of the Kubernetes API call action.
2865
+ # @return [Integer]
2866
+ #
2867
+ # @!attribute [rw] parameters
2868
+ # Parameters related to the Kubernetes API call action.
2869
+ # @return [String]
2870
+ #
2871
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesApiCallAction AWS API Documentation
2872
+ #
2873
+ class KubernetesApiCallAction < Struct.new(
2874
+ :request_uri,
2875
+ :verb,
2876
+ :source_ips,
2877
+ :user_agent,
2878
+ :remote_ip_details,
2879
+ :status_code,
2880
+ :parameters)
2881
+ SENSITIVE = []
2882
+ include Aws::Structure
2883
+ end
2884
+
2885
+ # Describes whether Kubernetes audit logs are enabled as a data source.
2886
+ #
2887
+ # @note When making an API call, you may pass KubernetesAuditLogsConfiguration
2888
+ # data as a hash:
2889
+ #
2890
+ # {
2891
+ # enable: false, # required
2892
+ # }
2893
+ #
2894
+ # @!attribute [rw] enable
2895
+ # The status of Kubernetes audit logs as a data source.
2896
+ # @return [Boolean]
2897
+ #
2898
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesAuditLogsConfiguration AWS API Documentation
2899
+ #
2900
+ class KubernetesAuditLogsConfiguration < Struct.new(
2901
+ :enable)
2902
+ SENSITIVE = []
2903
+ include Aws::Structure
2904
+ end
2905
+
2906
+ # Describes whether Kubernetes audit logs are enabled as a data source.
2907
+ #
2908
+ # @!attribute [rw] status
2909
+ # A value that describes whether Kubernetes audit logs are enabled as
2910
+ # a data source.
2911
+ # @return [String]
2912
+ #
2913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesAuditLogsConfigurationResult AWS API Documentation
2914
+ #
2915
+ class KubernetesAuditLogsConfigurationResult < Struct.new(
2916
+ :status)
2917
+ SENSITIVE = []
2918
+ include Aws::Structure
2919
+ end
2920
+
2921
+ # Describes whether any Kubernetes data sources are enabled.
2922
+ #
2923
+ # @note When making an API call, you may pass KubernetesConfiguration
2924
+ # data as a hash:
2925
+ #
2926
+ # {
2927
+ # audit_logs: { # required
2928
+ # enable: false, # required
2929
+ # },
2930
+ # }
2931
+ #
2932
+ # @!attribute [rw] audit_logs
2933
+ # The status of Kubernetes audit logs as a data source.
2934
+ # @return [Types::KubernetesAuditLogsConfiguration]
2935
+ #
2936
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesConfiguration AWS API Documentation
2937
+ #
2938
+ class KubernetesConfiguration < Struct.new(
2939
+ :audit_logs)
2940
+ SENSITIVE = []
2941
+ include Aws::Structure
2942
+ end
2943
+
2944
+ # Describes whether any Kubernetes logs will be enabled as a data
2945
+ # source.
2946
+ #
2947
+ # @!attribute [rw] audit_logs
2948
+ # Describes whether Kubernetes audit logs are enabled as a data
2949
+ # source.
2950
+ # @return [Types::KubernetesAuditLogsConfigurationResult]
2951
+ #
2952
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesConfigurationResult AWS API Documentation
2953
+ #
2954
+ class KubernetesConfigurationResult < Struct.new(
2955
+ :audit_logs)
2956
+ SENSITIVE = []
2957
+ include Aws::Structure
2958
+ end
2959
+
2960
+ # Details about Kubernetes resources such as a Kubernetes user or
2961
+ # workload resource involved in a Kubernetes finding.
2962
+ #
2963
+ # @!attribute [rw] kubernetes_user_details
2964
+ # Details about the Kubernetes user involved in a Kubernetes finding.
2965
+ # @return [Types::KubernetesUserDetails]
2966
+ #
2967
+ # @!attribute [rw] kubernetes_workload_details
2968
+ # Details about the Kubernetes workload involved in a Kubernetes
2969
+ # finding.
2970
+ # @return [Types::KubernetesWorkloadDetails]
2971
+ #
2972
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesDetails AWS API Documentation
2973
+ #
2974
+ class KubernetesDetails < Struct.new(
2975
+ :kubernetes_user_details,
2976
+ :kubernetes_workload_details)
2977
+ SENSITIVE = []
2978
+ include Aws::Structure
2979
+ end
2980
+
2981
+ # Details about the Kubernetes user involved in a Kubernetes finding.
2982
+ #
2983
+ # @!attribute [rw] username
2984
+ # The username of the user who called the Kubernetes API.
2985
+ # @return [String]
2986
+ #
2987
+ # @!attribute [rw] uid
2988
+ # The user ID of the user who called the Kubernetes API.
2989
+ # @return [String]
2990
+ #
2991
+ # @!attribute [rw] groups
2992
+ # The groups that include the user who called the Kubernetes API.
2993
+ # @return [Array<String>]
2994
+ #
2995
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesUserDetails AWS API Documentation
2996
+ #
2997
+ class KubernetesUserDetails < Struct.new(
2998
+ :username,
2999
+ :uid,
3000
+ :groups)
3001
+ SENSITIVE = []
3002
+ include Aws::Structure
3003
+ end
3004
+
3005
+ # Details about the Kubernetes workload involved in a Kubernetes
3006
+ # finding.
3007
+ #
3008
+ # @!attribute [rw] name
3009
+ # Kubernetes workload name.
3010
+ # @return [String]
3011
+ #
3012
+ # @!attribute [rw] type
3013
+ # Kubernetes workload type (e.g. Pod, Deployment, etc.).
3014
+ # @return [String]
3015
+ #
3016
+ # @!attribute [rw] uid
3017
+ # Kubernetes workload ID.
3018
+ # @return [String]
3019
+ #
3020
+ # @!attribute [rw] namespace
3021
+ # Kubernetes namespace that the workload is part of.
3022
+ # @return [String]
3023
+ #
3024
+ # @!attribute [rw] host_network
3025
+ # Whether the hostNetwork flag is enabled for the pods included in the
3026
+ # workload.
3027
+ # @return [Boolean]
3028
+ #
3029
+ # @!attribute [rw] containers
3030
+ # Containers running as part of the Kubernetes workload.
3031
+ # @return [Array<Types::Container>]
3032
+ #
3033
+ # @!attribute [rw] volumes
3034
+ # Volumes used by the Kubernetes workload.
3035
+ # @return [Array<Types::Volume>]
3036
+ #
3037
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesWorkloadDetails AWS API Documentation
3038
+ #
3039
+ class KubernetesWorkloadDetails < Struct.new(
3040
+ :name,
3041
+ :type,
3042
+ :uid,
3043
+ :namespace,
3044
+ :host_network,
3045
+ :containers,
3046
+ :volumes)
3047
+ SENSITIVE = []
3048
+ include Aws::Structure
3049
+ end
3050
+
2706
3051
  # @note When making an API call, you may pass ListDetectorsRequest
2707
3052
  # data as a hash:
2708
3053
  #
@@ -3634,6 +3979,11 @@ module Aws::GuardDuty
3634
3979
  # s3_logs: {
3635
3980
  # auto_enable: false, # required
3636
3981
  # },
3982
+ # kubernetes: {
3983
+ # audit_logs: { # required
3984
+ # auto_enable: false, # required
3985
+ # },
3986
+ # },
3637
3987
  # }
3638
3988
  #
3639
3989
  # @!attribute [rw] s3_logs
@@ -3641,10 +3991,16 @@ module Aws::GuardDuty
3641
3991
  # the organization.
3642
3992
  # @return [Types::OrganizationS3LogsConfiguration]
3643
3993
  #
3994
+ # @!attribute [rw] kubernetes
3995
+ # Describes the configuration of Kubernetes data sources for new
3996
+ # members of the organization.
3997
+ # @return [Types::OrganizationKubernetesConfiguration]
3998
+ #
3644
3999
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurations AWS API Documentation
3645
4000
  #
3646
4001
  class OrganizationDataSourceConfigurations < Struct.new(
3647
- :s3_logs)
4002
+ :s3_logs,
4003
+ :kubernetes)
3648
4004
  SENSITIVE = []
3649
4005
  include Aws::Structure
3650
4006
  end
@@ -3656,10 +4012,94 @@ module Aws::GuardDuty
3656
4012
  # Describes whether S3 data event logs are enabled as a data source.
3657
4013
  # @return [Types::OrganizationS3LogsConfigurationResult]
3658
4014
  #
4015
+ # @!attribute [rw] kubernetes
4016
+ # Describes the configuration of Kubernetes data sources.
4017
+ # @return [Types::OrganizationKubernetesConfigurationResult]
4018
+ #
3659
4019
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurationsResult AWS API Documentation
3660
4020
  #
3661
4021
  class OrganizationDataSourceConfigurationsResult < Struct.new(
3662
- :s3_logs)
4022
+ :s3_logs,
4023
+ :kubernetes)
4024
+ SENSITIVE = []
4025
+ include Aws::Structure
4026
+ end
4027
+
4028
+ # Organization-wide Kubernetes audit logs configuration.
4029
+ #
4030
+ # @note When making an API call, you may pass OrganizationKubernetesAuditLogsConfiguration
4031
+ # data as a hash:
4032
+ #
4033
+ # {
4034
+ # auto_enable: false, # required
4035
+ # }
4036
+ #
4037
+ # @!attribute [rw] auto_enable
4038
+ # A value that contains information on whether Kubernetes audit logs
4039
+ # should be enabled automatically as a data source for the
4040
+ # organization.
4041
+ # @return [Boolean]
4042
+ #
4043
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesAuditLogsConfiguration AWS API Documentation
4044
+ #
4045
+ class OrganizationKubernetesAuditLogsConfiguration < Struct.new(
4046
+ :auto_enable)
4047
+ SENSITIVE = []
4048
+ include Aws::Structure
4049
+ end
4050
+
4051
+ # The current configuration of Kubernetes audit logs as a data source
4052
+ # for the organization.
4053
+ #
4054
+ # @!attribute [rw] auto_enable
4055
+ # Whether Kubernetes audit logs data source should be auto-enabled for
4056
+ # new members joining the organization.
4057
+ # @return [Boolean]
4058
+ #
4059
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesAuditLogsConfigurationResult AWS API Documentation
4060
+ #
4061
+ class OrganizationKubernetesAuditLogsConfigurationResult < Struct.new(
4062
+ :auto_enable)
4063
+ SENSITIVE = []
4064
+ include Aws::Structure
4065
+ end
4066
+
4067
+ # Organization-wide Kubernetes data sources configurations.
4068
+ #
4069
+ # @note When making an API call, you may pass OrganizationKubernetesConfiguration
4070
+ # data as a hash:
4071
+ #
4072
+ # {
4073
+ # audit_logs: { # required
4074
+ # auto_enable: false, # required
4075
+ # },
4076
+ # }
4077
+ #
4078
+ # @!attribute [rw] audit_logs
4079
+ # Whether Kubernetes audit logs data source should be auto-enabled for
4080
+ # new members joining the organization.
4081
+ # @return [Types::OrganizationKubernetesAuditLogsConfiguration]
4082
+ #
4083
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesConfiguration AWS API Documentation
4084
+ #
4085
+ class OrganizationKubernetesConfiguration < Struct.new(
4086
+ :audit_logs)
4087
+ SENSITIVE = []
4088
+ include Aws::Structure
4089
+ end
4090
+
4091
+ # The current configuration of all Kubernetes data sources for the
4092
+ # organization.
4093
+ #
4094
+ # @!attribute [rw] audit_logs
4095
+ # The current configuration of Kubernetes audit logs as a data source
4096
+ # for the organization.
4097
+ # @return [Types::OrganizationKubernetesAuditLogsConfigurationResult]
4098
+ #
4099
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesConfigurationResult AWS API Documentation
4100
+ #
4101
+ class OrganizationKubernetesConfigurationResult < Struct.new(
4102
+ :audit_logs)
3663
4103
  SENSITIVE = []
3664
4104
  include Aws::Structure
3665
4105
  end
@@ -3943,6 +4383,15 @@ module Aws::GuardDuty
3943
4383
  # that prompted GuardDuty to generate a finding.
3944
4384
  # @return [Types::InstanceDetails]
3945
4385
  #
4386
+ # @!attribute [rw] eks_cluster_details
4387
+ # Details about the EKS cluster involved in a Kubernetes finding.
4388
+ # @return [Types::EksClusterDetails]
4389
+ #
4390
+ # @!attribute [rw] kubernetes_details
4391
+ # Details about the Kubernetes user and workload involved in a
4392
+ # Kubernetes finding.
4393
+ # @return [Types::KubernetesDetails]
4394
+ #
3946
4395
  # @!attribute [rw] resource_type
3947
4396
  # The type of Amazon Web Services resource.
3948
4397
  # @return [String]
@@ -3953,6 +4402,8 @@ module Aws::GuardDuty
3953
4402
  :access_key_details,
3954
4403
  :s3_bucket_details,
3955
4404
  :instance_details,
4405
+ :eks_cluster_details,
4406
+ :kubernetes_details,
3956
4407
  :resource_type)
3957
4408
  SENSITIVE = []
3958
4409
  include Aws::Structure
@@ -4043,6 +4494,20 @@ module Aws::GuardDuty
4043
4494
  include Aws::Structure
4044
4495
  end
4045
4496
 
4497
+ # Container security context.
4498
+ #
4499
+ # @!attribute [rw] privileged
4500
+ # Whether the container is privileged.
4501
+ # @return [Boolean]
4502
+ #
4503
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SecurityContext AWS API Documentation
4504
+ #
4505
+ class SecurityContext < Struct.new(
4506
+ :privileged)
4507
+ SENSITIVE = []
4508
+ include Aws::Structure
4509
+ end
4510
+
4046
4511
  # Contains information about the security groups associated with the EC2
4047
4512
  # instance.
4048
4513
  #
@@ -4413,6 +4878,11 @@ module Aws::GuardDuty
4413
4878
  # s3_logs: {
4414
4879
  # enable: false, # required
4415
4880
  # },
4881
+ # kubernetes: {
4882
+ # audit_logs: { # required
4883
+ # enable: false, # required
4884
+ # },
4885
+ # },
4416
4886
  # },
4417
4887
  # }
4418
4888
  #
@@ -4633,6 +5103,11 @@ module Aws::GuardDuty
4633
5103
  # s3_logs: {
4634
5104
  # enable: false, # required
4635
5105
  # },
5106
+ # kubernetes: {
5107
+ # audit_logs: { # required
5108
+ # enable: false, # required
5109
+ # },
5110
+ # },
4636
5111
  # },
4637
5112
  # }
4638
5113
  #
@@ -4681,6 +5156,11 @@ module Aws::GuardDuty
4681
5156
  # s3_logs: {
4682
5157
  # auto_enable: false, # required
4683
5158
  # },
5159
+ # kubernetes: {
5160
+ # audit_logs: { # required
5161
+ # auto_enable: false, # required
5162
+ # },
5163
+ # },
4684
5164
  # },
4685
5165
  # }
4686
5166
  #
@@ -4829,7 +5309,7 @@ module Aws::GuardDuty
4829
5309
  #
4830
5310
  # {
4831
5311
  # account_ids: ["AccountId"],
4832
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS
5312
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
4833
5313
  # resources: ["String"],
4834
5314
  # }
4835
5315
  #
@@ -4926,5 +5406,44 @@ module Aws::GuardDuty
4926
5406
  include Aws::Structure
4927
5407
  end
4928
5408
 
5409
+ # Volume used by the Kubernetes workload.
5410
+ #
5411
+ # @!attribute [rw] name
5412
+ # Volume name.
5413
+ # @return [String]
5414
+ #
5415
+ # @!attribute [rw] host_path
5416
+ # Represents a pre-existing file or directory on the host machine that
5417
+ # the volume maps to.
5418
+ # @return [Types::HostPath]
5419
+ #
5420
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Volume AWS API Documentation
5421
+ #
5422
+ class Volume < Struct.new(
5423
+ :name,
5424
+ :host_path)
5425
+ SENSITIVE = []
5426
+ include Aws::Structure
5427
+ end
5428
+
5429
+ # Container volume mount.
5430
+ #
5431
+ # @!attribute [rw] name
5432
+ # Volume mount name.
5433
+ # @return [String]
5434
+ #
5435
+ # @!attribute [rw] mount_path
5436
+ # Volume mount path.
5437
+ # @return [String]
5438
+ #
5439
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/VolumeMount AWS API Documentation
5440
+ #
5441
+ class VolumeMount < Struct.new(
5442
+ :name,
5443
+ :mount_path)
5444
+ SENSITIVE = []
5445
+ include Aws::Structure
5446
+ end
5447
+
4929
5448
  end
4930
5449
  end
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-guardduty/customizations'
48
48
  # @!group service
49
49
  module Aws::GuardDuty
50
50
 
51
- GEM_VERSION = '1.53.0'
51
+ GEM_VERSION = '1.54.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-guardduty
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.53.0
4
+ version: 1.54.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-20 00:00:00.000000000 Z
11
+ date: 2022-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core