aws-sdk-iot 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e3c571548bd1eb6c0c97cd73cb3892e7a5ceca19
-  data.tar.gz: 7420c89f19c0178ac5ee288eb7749cbadc1bfe25
+  metadata.gz: 7b483cded3c1d0ab4fad280cf0a6b9a58bc45071
+  data.tar.gz: b5894c3229bcd8c069b05a9298b8f73304a61097
 SHA512:
-  metadata.gz: 4346acafa0186e86e8f1c422a38f3d13cd0ebb34247d90982280f6c3d774d25060d86a578eb6bfa2231a81b1d01285df74a11767b36edffd45933afa7b9c7d68
-  data.tar.gz: 34bb5b27d44851a14353810d6d2f1e1cd8d70f8a557fd34432a8cc35fb43a8ae79b695c771ae03eee6a6bcb19c8aeae8fc37b9f9de2b5138d2ddfa786cd678f6
+  metadata.gz: 06b0cc94b47d9f3abce6dd98d9a16d2c90bb1ce0396c69b209cc43d7b563077f2cc781686c21062db8692ec73487a783e57a934a697233b9f3ac633442126b49
+  data.tar.gz: bee0b0d204bf9319c1374cb82f2e7d6e7d2ef86e0302cd03fb2a8351b55bc687669968052b89d57f4bdba299ba238736ed6ba4e3c4bdf240e0996472914dff68

data/lib/aws-sdk-iot.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-iot/customizations'
 # @service
 module Aws::IoT
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.11.0'
 
 end

data/lib/aws-sdk-iot/client.rb

@@ -317,6 +317,33 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Associates a Device Defender security profile with a thing group or
+    # with this account. Each thing group or account can have up to five
+    # security profiles associated with it.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The security profile that is attached.
+    #
+    # @option params [required, String] :security_profile_target_arn
+    #   The ARN of the target (thing group) to which the security profile is
+    #   attached.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.attach_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #     security_profile_target_arn: "SecurityProfileTargetArn", # required
+    #   })
+    #
+    # @overload attach_security_profile(params = {})
+    # @param [Hash] params ({})
+    def attach_security_profile(params = {}, options = {})
+      req = build_request(:attach_security_profile, params)
+      req.send_request(options)
+    end
+
     # Attaches the specified principal to the specified thing.
     #
     # @option params [required, String] :thing_name
@@ -341,6 +368,29 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Cancels an audit that is in progress. The audit can be either
+    # scheduled or on-demand. If the audit is not in progress, an
+    # "InvalidRequestException" occurs.
+    #
+    # @option params [required, String] :task_id
+    #   The ID of the audit you want to cancel. You can only cancel an audit
+    #   that is "IN\_PROGRESS".
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.cancel_audit_task({
+    #     task_id: "AuditTaskId", # required
+    #   })
+    #
+    # @overload cancel_audit_task(params = {})
+    # @param [Hash] params ({})
+    def cancel_audit_task(params = {}, options = {})
+      req = build_request(:cancel_audit_task, params)
+      req.send_request(options)
+    end
+
     # Cancels a pending transfer for the specified certificate.
     #
     # **Note** Only the transfer source account can use this operation to
@@ -951,6 +1001,122 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Creates a scheduled audit that is run at a specified time interval.
+    #
+    # @option params [required, String] :frequency
+    #   How often the scheduled audit takes place. Can be one of "DAILY",
+    #   "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of each
+    #   audit is determined by the system.
+    #
+    # @option params [String] :day_of_month
+    #   The day of the month on which the scheduled audit takes place. Can be
+    #   "1" through "31" or "LAST". This field is required if the
+    #   "frequency" parameter is set to "MONTHLY". If days 29-31 are
+    #   specified, and the month does not have that many days, the audit takes
+    #   place on the "LAST" day of the month.
+    #
+    # @option params [String] :day_of_week
+    #   The day of the week on which the scheduled audit takes place. Can be
+    #   one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or
+    #   "SAT". This field is required if the "frequency" parameter is set
+    #   to "WEEKLY" or "BIWEEKLY".
+    #
+    # @option params [required, Array<String>] :target_check_names
+    #   Which checks are performed during the scheduled audit. Checks must be
+    #   enabled for your account. (Use `DescribeAccountAuditConfiguration` to
+    #   see the list of all checks including those that are enabled or
+    #   `UpdateAccountAuditConfiguration` to select which checks are enabled.)
+    #
+    # @option params [required, String] :scheduled_audit_name
+    #   The name you want to give to the scheduled audit. (Max. 128 chars)
+    #
+    # @return [Types::CreateScheduledAuditResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateScheduledAuditResponse#scheduled_audit_arn #scheduled_audit_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_scheduled_audit({
+    #     frequency: "DAILY", # required, accepts DAILY, WEEKLY, BIWEEKLY, MONTHLY
+    #     day_of_month: "DayOfMonth",
+    #     day_of_week: "SUN", # accepts SUN, MON, TUE, WED, THU, FRI, SAT
+    #     target_check_names: ["AuditCheckName"], # required
+    #     scheduled_audit_name: "ScheduledAuditName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scheduled_audit_arn #=> String
+    #
+    # @overload create_scheduled_audit(params = {})
+    # @param [Hash] params ({})
+    def create_scheduled_audit(params = {}, options = {})
+      req = build_request(:create_scheduled_audit, params)
+      req.send_request(options)
+    end
+
+    # Creates a Device Defender security profile.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The name you are giving to the security profile.
+    #
+    # @option params [String] :security_profile_description
+    #   A description of the security profile.
+    #
+    # @option params [required, Array<Types::Behavior>] :behaviors
+    #   Specifies the behaviors that, when violated by a device (thing), cause
+    #   an alert.
+    #
+    # @option params [Hash<String,Types::AlertTarget>] :alert_targets
+    #   Specifies the destinations to which alerts are sent. (Alerts are
+    #   always sent to the console.) Alerts are generated when a device
+    #   (thing) violates a behavior.
+    #
+    # @return [Types::CreateSecurityProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateSecurityProfileResponse#security_profile_name #security_profile_name} => String
+    #   * {Types::CreateSecurityProfileResponse#security_profile_arn #security_profile_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #     security_profile_description: "SecurityProfileDescription",
+    #     behaviors: [ # required
+    #       {
+    #         name: "BehaviorName", # required
+    #         metric: "BehaviorMetric",
+    #         criteria: {
+    #           comparison_operator: "less-than", # accepts less-than, less-than-equals, greater-than, greater-than-equals, in-cidr-set, not-in-cidr-set, in-port-set, not-in-port-set
+    #           value: {
+    #             count: 1,
+    #             cidrs: ["Cidr"],
+    #             ports: [1],
+    #           },
+    #           duration_seconds: 1,
+    #         },
+    #       },
+    #     ],
+    #     alert_targets: {
+    #       "SNS" => {
+    #         alert_target_arn: "AlertTargetArn", # required
+    #         role_arn: "RoleArn", # required
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_profile_name #=> String
+    #   resp.security_profile_arn #=> String
+    #
+    # @overload create_security_profile(params = {})
+    # @param [Hash] params ({})
+    def create_security_profile(params = {}, options = {})
+      req = build_request(:create_security_profile, params)
+      req.send_request(options)
+    end
+
     # Creates a stream for delivering one or more large files in chunks over
     # MQTT. A stream transports data bytes in chunks or blocks packaged as
     # MQTT messages from a source like S3. You can have one or more files
@@ -1235,11 +1401,11 @@ module Aws::IoT
     #           },
     #           cloudwatch_metric: {
     #             role_arn: "AwsArn", # required
-    #             metric_namespace: "MetricNamespace", # required
-    #             metric_name: "MetricName", # required
-    #             metric_value: "MetricValue", # required
-    #             metric_unit: "MetricUnit", # required
-    #             metric_timestamp: "MetricTimestamp",
+    #             metric_namespace: "String", # required
+    #             metric_name: "String", # required
+    #             metric_value: "String", # required
+    #             metric_unit: "String", # required
+    #             metric_timestamp: "String",
     #           },
     #           cloudwatch_alarm: {
     #             role_arn: "AwsArn", # required
@@ -1263,6 +1429,11 @@ module Aws::IoT
     #             channel_name: "ChannelName",
     #             role_arn: "AwsArn",
     #           },
+    #           step_functions: {
+    #             execution_name_prefix: "ExecutionNamePrefix",
+    #             state_machine_name: "StateMachineName", # required
+    #             role_arn: "AwsArn", # required
+    #           },
     #         },
     #       ],
     #       rule_disabled: false,
@@ -1321,11 +1492,11 @@ module Aws::IoT
     #         },
     #         cloudwatch_metric: {
     #           role_arn: "AwsArn", # required
-    #           metric_namespace: "MetricNamespace", # required
-    #           metric_name: "MetricName", # required
-    #           metric_value: "MetricValue", # required
-    #           metric_unit: "MetricUnit", # required
-    #           metric_timestamp: "MetricTimestamp",
+    #           metric_namespace: "String", # required
+    #           metric_name: "String", # required
+    #           metric_value: "String", # required
+    #           metric_unit: "String", # required
+    #           metric_timestamp: "String",
     #         },
     #         cloudwatch_alarm: {
     #           role_arn: "AwsArn", # required
@@ -1349,6 +1520,11 @@ module Aws::IoT
     #           channel_name: "ChannelName",
     #           role_arn: "AwsArn",
     #         },
+    #         step_functions: {
+    #           execution_name_prefix: "ExecutionNamePrefix",
+    #           state_machine_name: "StateMachineName", # required
+    #           role_arn: "AwsArn", # required
+    #         },
     #       },
     #     },
     #   })
@@ -1360,6 +1536,28 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Restores the default settings for Device Defender audits for this
+    # account. Any configuration data you entered is deleted and all audit
+    # checks are reset to disabled.
+    #
+    # @option params [Boolean] :delete_scheduled_audits
+    #   If true, all scheduled audits are deleted.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_account_audit_configuration({
+    #     delete_scheduled_audits: false,
+    #   })
+    #
+    # @overload delete_account_audit_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_account_audit_configuration(params = {}, options = {})
+      req = build_request(:delete_account_audit_configuration, params)
+      req.send_request(options)
+    end
+
     # Deletes an authorizer.
     #
     # @option params [required, String] :authorizer_name
@@ -1637,6 +1835,53 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Deletes a scheduled audit.
+    #
+    # @option params [required, String] :scheduled_audit_name
+    #   The name of the scheduled audit you want to delete.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_scheduled_audit({
+    #     scheduled_audit_name: "ScheduledAuditName", # required
+    #   })
+    #
+    # @overload delete_scheduled_audit(params = {})
+    # @param [Hash] params ({})
+    def delete_scheduled_audit(params = {}, options = {})
+      req = build_request(:delete_scheduled_audit, params)
+      req.send_request(options)
+    end
+
+    # Deletes a Device Defender security profile.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The name of the security profile to be deleted.
+    #
+    # @option params [Integer] :expected_version
+    #   The expected version of the security profile. A new version is
+    #   generated whenever the security profile is updated. If you specify a
+    #   value that is different than the actual version, a
+    #   `VersionConflictException` is thrown.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #     expected_version: 1,
+    #   })
+    #
+    # @overload delete_security_profile(params = {})
+    # @param [Hash] params ({})
+    def delete_security_profile(params = {}, options = {})
+      req = build_request(:delete_security_profile, params)
+      req.send_request(options)
+    end
+
     # Deletes a stream.
     #
     # @option params [required, String] :stream_id
@@ -1805,6 +2050,81 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Gets information about the Device Defender audit settings for this
+    # account. Settings include how audit notifications are sent and which
+    # audit checks are enabled or disabled.
+    #
+    # @return [Types::DescribeAccountAuditConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeAccountAuditConfigurationResponse#role_arn #role_arn} => String
+    #   * {Types::DescribeAccountAuditConfigurationResponse#audit_notification_target_configurations #audit_notification_target_configurations} => Hash&lt;String,Types::AuditNotificationTarget&gt;
+    #   * {Types::DescribeAccountAuditConfigurationResponse#audit_check_configurations #audit_check_configurations} => Hash&lt;String,Types::AuditCheckConfiguration&gt;
+    #
+    # @example Response structure
+    #
+    #   resp.role_arn #=> String
+    #   resp.audit_notification_target_configurations #=> Hash
+    #   resp.audit_notification_target_configurations["AuditNotificationType"].target_arn #=> String
+    #   resp.audit_notification_target_configurations["AuditNotificationType"].role_arn #=> String
+    #   resp.audit_notification_target_configurations["AuditNotificationType"].enabled #=> Boolean
+    #   resp.audit_check_configurations #=> Hash
+    #   resp.audit_check_configurations["AuditCheckName"].enabled #=> Boolean
+    #
+    # @overload describe_account_audit_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_account_audit_configuration(params = {}, options = {})
+      req = build_request(:describe_account_audit_configuration, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a Device Defender audit.
+    #
+    # @option params [required, String] :task_id
+    #   The ID of the audit whose information you want to get.
+    #
+    # @return [Types::DescribeAuditTaskResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeAuditTaskResponse#task_status #task_status} => String
+    #   * {Types::DescribeAuditTaskResponse#task_type #task_type} => String
+    #   * {Types::DescribeAuditTaskResponse#task_start_time #task_start_time} => Time
+    #   * {Types::DescribeAuditTaskResponse#task_statistics #task_statistics} => Types::TaskStatistics
+    #   * {Types::DescribeAuditTaskResponse#scheduled_audit_name #scheduled_audit_name} => String
+    #   * {Types::DescribeAuditTaskResponse#audit_details #audit_details} => Hash&lt;String,Types::AuditCheckDetails&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_audit_task({
+    #     task_id: "AuditTaskId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.task_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED", "CANCELED"
+    #   resp.task_type #=> String, one of "ON_DEMAND_AUDIT_TASK", "SCHEDULED_AUDIT_TASK"
+    #   resp.task_start_time #=> Time
+    #   resp.task_statistics.total_checks #=> Integer
+    #   resp.task_statistics.in_progress_checks #=> Integer
+    #   resp.task_statistics.waiting_for_data_collection_checks #=> Integer
+    #   resp.task_statistics.compliant_checks #=> Integer
+    #   resp.task_statistics.non_compliant_checks #=> Integer
+    #   resp.task_statistics.failed_checks #=> Integer
+    #   resp.task_statistics.canceled_checks #=> Integer
+    #   resp.scheduled_audit_name #=> String
+    #   resp.audit_details #=> Hash
+    #   resp.audit_details["AuditCheckName"].check_run_status #=> String, one of "IN_PROGRESS", "WAITING_FOR_DATA_COLLECTION", "CANCELED", "COMPLETED_COMPLIANT", "COMPLETED_NON_COMPLIANT", "FAILED"
+    #   resp.audit_details["AuditCheckName"].check_compliant #=> Boolean
+    #   resp.audit_details["AuditCheckName"].total_resources_count #=> Integer
+    #   resp.audit_details["AuditCheckName"].non_compliant_resources_count #=> Integer
+    #   resp.audit_details["AuditCheckName"].error_code #=> String
+    #   resp.audit_details["AuditCheckName"].message #=> String
+    #
+    # @overload describe_audit_task(params = {})
+    # @param [Hash] params ({})
+    def describe_audit_task(params = {}, options = {})
+      req = build_request(:describe_audit_task, params)
+      req.send_request(options)
+    end
+
     # Describes an authorizer.
     #
     # @option params [required, String] :authorizer_name
@@ -1867,6 +2187,8 @@ module Aws::IoT
     #   resp.certificate_description.last_modified_date #=> Time
     #   resp.certificate_description.customer_version #=> Integer
     #   resp.certificate_description.generation_id #=> String
+    #   resp.certificate_description.validity.not_before #=> Time
+    #   resp.certificate_description.validity.not_after #=> Time
     #   resp.registration_config.template_body #=> String
     #   resp.registration_config.role_arn #=> String
     #
@@ -1911,6 +2233,8 @@ module Aws::IoT
     #   resp.certificate_description.transfer_data.accept_date #=> Time
     #   resp.certificate_description.transfer_data.reject_date #=> Time
     #   resp.certificate_description.generation_id #=> String
+    #   resp.certificate_description.validity.not_before #=> Time
+    #   resp.certificate_description.validity.not_after #=> Time
     #
     # @overload describe_certificate(params = {})
     # @param [Hash] params ({})
@@ -2150,6 +2474,94 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Gets information about a scheduled audit.
+    #
+    # @option params [required, String] :scheduled_audit_name
+    #   The name of the scheduled audit whose information you want to get.
+    #
+    # @return [Types::DescribeScheduledAuditResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeScheduledAuditResponse#frequency #frequency} => String
+    #   * {Types::DescribeScheduledAuditResponse#day_of_month #day_of_month} => String
+    #   * {Types::DescribeScheduledAuditResponse#day_of_week #day_of_week} => String
+    #   * {Types::DescribeScheduledAuditResponse#target_check_names #target_check_names} => Array&lt;String&gt;
+    #   * {Types::DescribeScheduledAuditResponse#scheduled_audit_name #scheduled_audit_name} => String
+    #   * {Types::DescribeScheduledAuditResponse#scheduled_audit_arn #scheduled_audit_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_scheduled_audit({
+    #     scheduled_audit_name: "ScheduledAuditName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.frequency #=> String, one of "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY"
+    #   resp.day_of_month #=> String
+    #   resp.day_of_week #=> String, one of "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT"
+    #   resp.target_check_names #=> Array
+    #   resp.target_check_names[0] #=> String
+    #   resp.scheduled_audit_name #=> String
+    #   resp.scheduled_audit_arn #=> String
+    #
+    # @overload describe_scheduled_audit(params = {})
+    # @param [Hash] params ({})
+    def describe_scheduled_audit(params = {}, options = {})
+      req = build_request(:describe_scheduled_audit, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a Device Defender security profile.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The name of the security profile whose information you want to get.
+    #
+    # @return [Types::DescribeSecurityProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeSecurityProfileResponse#security_profile_name #security_profile_name} => String
+    #   * {Types::DescribeSecurityProfileResponse#security_profile_arn #security_profile_arn} => String
+    #   * {Types::DescribeSecurityProfileResponse#security_profile_description #security_profile_description} => String
+    #   * {Types::DescribeSecurityProfileResponse#behaviors #behaviors} => Array&lt;Types::Behavior&gt;
+    #   * {Types::DescribeSecurityProfileResponse#alert_targets #alert_targets} => Hash&lt;String,Types::AlertTarget&gt;
+    #   * {Types::DescribeSecurityProfileResponse#version #version} => Integer
+    #   * {Types::DescribeSecurityProfileResponse#creation_date #creation_date} => Time
+    #   * {Types::DescribeSecurityProfileResponse#last_modified_date #last_modified_date} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_profile_name #=> String
+    #   resp.security_profile_arn #=> String
+    #   resp.security_profile_description #=> String
+    #   resp.behaviors #=> Array
+    #   resp.behaviors[0].name #=> String
+    #   resp.behaviors[0].metric #=> String
+    #   resp.behaviors[0].criteria.comparison_operator #=> String, one of "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set"
+    #   resp.behaviors[0].criteria.value.count #=> Integer
+    #   resp.behaviors[0].criteria.value.cidrs #=> Array
+    #   resp.behaviors[0].criteria.value.cidrs[0] #=> String
+    #   resp.behaviors[0].criteria.value.ports #=> Array
+    #   resp.behaviors[0].criteria.value.ports[0] #=> Integer
+    #   resp.behaviors[0].criteria.duration_seconds #=> Integer
+    #   resp.alert_targets #=> Hash
+    #   resp.alert_targets["AlertTargetType"].alert_target_arn #=> String
+    #   resp.alert_targets["AlertTargetType"].role_arn #=> String
+    #   resp.version #=> Integer
+    #   resp.creation_date #=> Time
+    #   resp.last_modified_date #=> Time
+    #
+    # @overload describe_security_profile(params = {})
+    # @param [Hash] params ({})
+    def describe_security_profile(params = {}, options = {})
+      req = build_request(:describe_security_profile, params)
+      req.send_request(options)
+    end
+
     # Gets information about a stream.
     #
     # @option params [required, String] :stream_id
@@ -2408,6 +2820,32 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Disassociates a Device Defender security profile from a thing group or
+    # from this account.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The security profile that is detached.
+    #
+    # @option params [required, String] :security_profile_target_arn
+    #   The ARN of the thing group from which the security profile is
+    #   detached.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.detach_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #     security_profile_target_arn: "SecurityProfileTargetArn", # required
+    #   })
+    #
+    # @overload detach_security_profile(params = {})
+    # @param [Hash] params ({})
+    def detach_security_profile(params = {}, options = {})
+      req = build_request(:detach_security_profile, params)
+      req.send_request(options)
+    end
+
     # Detaches the specified principal from the specified thing.
     #
     # @option params [required, String] :thing_name
@@ -2811,6 +3249,9 @@ module Aws::IoT
     #   resp.rule.actions[0].iot_analytics.channel_arn #=> String
     #   resp.rule.actions[0].iot_analytics.channel_name #=> String
     #   resp.rule.actions[0].iot_analytics.role_arn #=> String
+    #   resp.rule.actions[0].step_functions.execution_name_prefix #=> String
+    #   resp.rule.actions[0].step_functions.state_machine_name #=> String
+    #   resp.rule.actions[0].step_functions.role_arn #=> String
     #   resp.rule.rule_disabled #=> Boolean
     #   resp.rule.aws_iot_sql_version #=> String
     #   resp.rule.error_action.dynamo_db.table_name #=> String
@@ -2864,6 +3305,9 @@ module Aws::IoT
     #   resp.rule.error_action.iot_analytics.channel_arn #=> String
     #   resp.rule.error_action.iot_analytics.channel_name #=> String
     #   resp.rule.error_action.iot_analytics.role_arn #=> String
+    #   resp.rule.error_action.step_functions.execution_name_prefix #=> String
+    #   resp.rule.error_action.step_functions.state_machine_name #=> String
+    #   resp.rule.error_action.step_functions.role_arn #=> String
     #
     # @overload get_topic_rule(params = {})
     # @param [Hash] params ({})
@@ -2893,6 +3337,67 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Lists the active violations for a given Device Defender security
+    # profile.
+    #
+    # @option params [String] :thing_name
+    #   The name of the thing whose active violations are listed.
+    #
+    # @option params [String] :security_profile_name
+    #   The name of the Device Defender security profile for which violations
+    #   are listed.
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time.
+    #
+    # @return [Types::ListActiveViolationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListActiveViolationsResponse#active_violations #active_violations} => Array&lt;Types::ActiveViolation&gt;
+    #   * {Types::ListActiveViolationsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_active_violations({
+    #     thing_name: "ThingName",
+    #     security_profile_name: "SecurityProfileName",
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.active_violations #=> Array
+    #   resp.active_violations[0].violation_id #=> String
+    #   resp.active_violations[0].thing_name #=> String
+    #   resp.active_violations[0].security_profile_name #=> String
+    #   resp.active_violations[0].behavior.name #=> String
+    #   resp.active_violations[0].behavior.metric #=> String
+    #   resp.active_violations[0].behavior.criteria.comparison_operator #=> String, one of "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set"
+    #   resp.active_violations[0].behavior.criteria.value.count #=> Integer
+    #   resp.active_violations[0].behavior.criteria.value.cidrs #=> Array
+    #   resp.active_violations[0].behavior.criteria.value.cidrs[0] #=> String
+    #   resp.active_violations[0].behavior.criteria.value.ports #=> Array
+    #   resp.active_violations[0].behavior.criteria.value.ports[0] #=> Integer
+    #   resp.active_violations[0].behavior.criteria.duration_seconds #=> Integer
+    #   resp.active_violations[0].last_violation_value.count #=> Integer
+    #   resp.active_violations[0].last_violation_value.cidrs #=> Array
+    #   resp.active_violations[0].last_violation_value.cidrs[0] #=> String
+    #   resp.active_violations[0].last_violation_value.ports #=> Array
+    #   resp.active_violations[0].last_violation_value.ports[0] #=> Integer
+    #   resp.active_violations[0].last_violation_time #=> Time
+    #   resp.active_violations[0].violation_start_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @overload list_active_violations(params = {})
+    # @param [Hash] params ({})
+    def list_active_violations(params = {}, options = {})
+      req = build_request(:list_active_violations, params)
+      req.send_request(options)
+    end
+
     # Lists the policies attached to the specified thing group.
     #
     # @option params [required, String] :target
@@ -2935,65 +3440,222 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Lists the authorizers registered in your account.
+    # Lists the findings (results) of a Device Defender audit or of the
+    # audits performed during a specified time period. (Findings are
+    # retained for 180 days.)
     #
-    # @option params [Integer] :page_size
-    #   The maximum number of results to return at one time.
+    # @option params [String] :task_id
+    #   A filter to limit results to the audit with the specified ID. You must
+    #   specify either the taskId or the startTime and endTime, but not both.
     #
-    # @option params [String] :marker
-    #   A marker used to get the next set of results.
+    # @option params [String] :check_name
+    #   A filter to limit results to the findings for the specified audit
+    #   check.
     #
-    # @option params [Boolean] :ascending_order
-    #   Return the list of authorizers in ascending alphabetical order.
+    # @option params [Types::ResourceIdentifier] :resource_identifier
+    #   Information identifying the non-compliant resource.
     #
-    # @option params [String] :status
-    #   The status of the list authorizers request.
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
     #
-    # @return [Types::ListAuthorizersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [String] :next_token
+    #   The token for the next set of results.
     #
-    #   * {Types::ListAuthorizersResponse#authorizers #authorizers} => Array&lt;Types::AuthorizerSummary&gt;
-    #   * {Types::ListAuthorizersResponse#next_marker #next_marker} => String
+    # @option params [Time,DateTime,Date,Integer,String] :start_time
+    #   A filter to limit results to those found after the specified time. You
+    #   must specify either the startTime and endTime or the taskId, but not
+    #   both.
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :end_time
+    #   A filter to limit results to those found before the specified time.
+    #   You must specify either the startTime and endTime or the taskId, but
+    #   not both.
+    #
+    # @return [Types::ListAuditFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAuditFindingsResponse#findings #findings} => Array&lt;Types::AuditFinding&gt;
+    #   * {Types::ListAuditFindingsResponse#next_token #next_token} => String
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.list_authorizers({
-    #     page_size: 1,
-    #     marker: "Marker",
-    #     ascending_order: false,
-    #     status: "ACTIVE", # accepts ACTIVE, INACTIVE
+    #   resp = client.list_audit_findings({
+    #     task_id: "AuditTaskId",
+    #     check_name: "AuditCheckName",
+    #     resource_identifier: {
+    #       device_certificate_id: "CertificateId",
+    #       ca_certificate_id: "CertificateId",
+    #       cognito_identity_pool_id: "CognitoIdentityPoolId",
+    #       client_id: "ClientId",
+    #       policy_version_identifier: {
+    #         policy_name: "PolicyName",
+    #         policy_version_id: "PolicyVersionId",
+    #       },
+    #       account: "AwsAccountId",
+    #     },
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #     start_time: Time.now,
+    #     end_time: Time.now,
     #   })
     #
     # @example Response structure
     #
-    #   resp.authorizers #=> Array
-    #   resp.authorizers[0].authorizer_name #=> String
-    #   resp.authorizers[0].authorizer_arn #=> String
-    #   resp.next_marker #=> String
+    #   resp.findings #=> Array
+    #   resp.findings[0].task_id #=> String
+    #   resp.findings[0].check_name #=> String
+    #   resp.findings[0].task_start_time #=> Time
+    #   resp.findings[0].finding_time #=> Time
+    #   resp.findings[0].severity #=> String, one of "CRITICAL", "HIGH", "MEDIUM", "LOW"
+    #   resp.findings[0].non_compliant_resource.resource_type #=> String, one of "DEVICE_CERTIFICATE", "CA_CERTIFICATE", "IOT_POLICY", "COGNITO_IDENTITY_POOL", "CLIENT_ID", "ACCOUNT_SETTINGS"
+    #   resp.findings[0].non_compliant_resource.resource_identifier.device_certificate_id #=> String
+    #   resp.findings[0].non_compliant_resource.resource_identifier.ca_certificate_id #=> String
+    #   resp.findings[0].non_compliant_resource.resource_identifier.cognito_identity_pool_id #=> String
+    #   resp.findings[0].non_compliant_resource.resource_identifier.client_id #=> String
+    #   resp.findings[0].non_compliant_resource.resource_identifier.policy_version_identifier.policy_name #=> String
+    #   resp.findings[0].non_compliant_resource.resource_identifier.policy_version_identifier.policy_version_id #=> String
+    #   resp.findings[0].non_compliant_resource.resource_identifier.account #=> String
+    #   resp.findings[0].non_compliant_resource.additional_info #=> Hash
+    #   resp.findings[0].non_compliant_resource.additional_info["String"] #=> String
+    #   resp.findings[0].related_resources #=> Array
+    #   resp.findings[0].related_resources[0].resource_type #=> String, one of "DEVICE_CERTIFICATE", "CA_CERTIFICATE", "IOT_POLICY", "COGNITO_IDENTITY_POOL", "CLIENT_ID", "ACCOUNT_SETTINGS"
+    #   resp.findings[0].related_resources[0].resource_identifier.device_certificate_id #=> String
+    #   resp.findings[0].related_resources[0].resource_identifier.ca_certificate_id #=> String
+    #   resp.findings[0].related_resources[0].resource_identifier.cognito_identity_pool_id #=> String
+    #   resp.findings[0].related_resources[0].resource_identifier.client_id #=> String
+    #   resp.findings[0].related_resources[0].resource_identifier.policy_version_identifier.policy_name #=> String
+    #   resp.findings[0].related_resources[0].resource_identifier.policy_version_identifier.policy_version_id #=> String
+    #   resp.findings[0].related_resources[0].resource_identifier.account #=> String
+    #   resp.findings[0].related_resources[0].additional_info #=> Hash
+    #   resp.findings[0].related_resources[0].additional_info["String"] #=> String
+    #   resp.findings[0].reason_for_non_compliance #=> String
+    #   resp.findings[0].reason_for_non_compliance_code #=> String
+    #   resp.next_token #=> String
     #
-    # @overload list_authorizers(params = {})
+    # @overload list_audit_findings(params = {})
     # @param [Hash] params ({})
-    def list_authorizers(params = {}, options = {})
-      req = build_request(:list_authorizers, params)
+    def list_audit_findings(params = {}, options = {})
+      req = build_request(:list_audit_findings, params)
       req.send_request(options)
     end
 
-    # Lists the CA certificates registered for your AWS account.
+    # Lists the Device Defender audits that have been performed during a
+    # given time period.
     #
-    # The results are paginated with a default page size of 25. You can use
-    # the returned marker to retrieve additional results.
+    # @option params [required, Time,DateTime,Date,Integer,String] :start_time
+    #   The beginning of the time period. Note that audit information is
+    #   retained for a limited time (180 days). Requesting a start time prior
+    #   to what is retained results in an "InvalidRequestException".
     #
-    # @option params [Integer] :page_size
-    #   The result page size.
+    # @option params [required, Time,DateTime,Date,Integer,String] :end_time
+    #   The end of the time period.
     #
-    # @option params [String] :marker
-    #   The marker for the next set of results.
+    # @option params [String] :task_type
+    #   A filter to limit the output to the specified type of audit: can be
+    #   one of "ON\_DEMAND\_AUDIT\_TASK" or "SCHEDULED\_\_AUDIT\_TASK".
     #
-    # @option params [Boolean] :ascending_order
-    #   Determines the order of the results.
+    # @option params [String] :task_status
+    #   A filter to limit the output to audits with the specified completion
+    #   status: can be one of "IN\_PROGRESS", "COMPLETED", "FAILED" or
+    #   "CANCELED".
     #
-    # @return [Types::ListCACertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [String] :next_token
+    #   The token for the next set of results.
     #
-    #   * {Types::ListCACertificatesResponse#certificates #certificates} => Array&lt;Types::CACertificate&gt;
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
+    #
+    # @return [Types::ListAuditTasksResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAuditTasksResponse#tasks #tasks} => Array&lt;Types::AuditTaskMetadata&gt;
+    #   * {Types::ListAuditTasksResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_audit_tasks({
+    #     start_time: Time.now, # required
+    #     end_time: Time.now, # required
+    #     task_type: "ON_DEMAND_AUDIT_TASK", # accepts ON_DEMAND_AUDIT_TASK, SCHEDULED_AUDIT_TASK
+    #     task_status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED, CANCELED
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tasks #=> Array
+    #   resp.tasks[0].task_id #=> String
+    #   resp.tasks[0].task_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED", "CANCELED"
+    #   resp.tasks[0].task_type #=> String, one of "ON_DEMAND_AUDIT_TASK", "SCHEDULED_AUDIT_TASK"
+    #   resp.next_token #=> String
+    #
+    # @overload list_audit_tasks(params = {})
+    # @param [Hash] params ({})
+    def list_audit_tasks(params = {}, options = {})
+      req = build_request(:list_audit_tasks, params)
+      req.send_request(options)
+    end
+
+    # Lists the authorizers registered in your account.
+    #
+    # @option params [Integer] :page_size
+    #   The maximum number of results to return at one time.
+    #
+    # @option params [String] :marker
+    #   A marker used to get the next set of results.
+    #
+    # @option params [Boolean] :ascending_order
+    #   Return the list of authorizers in ascending alphabetical order.
+    #
+    # @option params [String] :status
+    #   The status of the list authorizers request.
+    #
+    # @return [Types::ListAuthorizersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAuthorizersResponse#authorizers #authorizers} => Array&lt;Types::AuthorizerSummary&gt;
+    #   * {Types::ListAuthorizersResponse#next_marker #next_marker} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_authorizers({
+    #     page_size: 1,
+    #     marker: "Marker",
+    #     ascending_order: false,
+    #     status: "ACTIVE", # accepts ACTIVE, INACTIVE
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.authorizers #=> Array
+    #   resp.authorizers[0].authorizer_name #=> String
+    #   resp.authorizers[0].authorizer_arn #=> String
+    #   resp.next_marker #=> String
+    #
+    # @overload list_authorizers(params = {})
+    # @param [Hash] params ({})
+    def list_authorizers(params = {}, options = {})
+      req = build_request(:list_authorizers, params)
+      req.send_request(options)
+    end
+
+    # Lists the CA certificates registered for your AWS account.
+    #
+    # The results are paginated with a default page size of 25. You can use
+    # the returned marker to retrieve additional results.
+    #
+    # @option params [Integer] :page_size
+    #   The result page size.
+    #
+    # @option params [String] :marker
+    #   The marker for the next set of results.
+    #
+    # @option params [Boolean] :ascending_order
+    #   Determines the order of the results.
+    #
+    # @return [Types::ListCACertificatesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListCACertificatesResponse#certificates #certificates} => Array&lt;Types::CACertificate&gt;
     #   * {Types::ListCACertificatesResponse#next_marker #next_marker} => String
     #
     # @example Request syntax with placeholder values
@@ -3552,8 +4214,7 @@ module Aws::IoT
     # Lists the things associated with the specified principal.
     #
     # @option params [String] :next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in this operation.
@@ -3624,6 +4285,125 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Lists all of your scheduled audits.
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
+    #
+    # @return [Types::ListScheduledAuditsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListScheduledAuditsResponse#scheduled_audits #scheduled_audits} => Array&lt;Types::ScheduledAuditMetadata&gt;
+    #   * {Types::ListScheduledAuditsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_scheduled_audits({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scheduled_audits #=> Array
+    #   resp.scheduled_audits[0].scheduled_audit_name #=> String
+    #   resp.scheduled_audits[0].scheduled_audit_arn #=> String
+    #   resp.scheduled_audits[0].frequency #=> String, one of "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY"
+    #   resp.scheduled_audits[0].day_of_month #=> String
+    #   resp.scheduled_audits[0].day_of_week #=> String, one of "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT"
+    #   resp.next_token #=> String
+    #
+    # @overload list_scheduled_audits(params = {})
+    # @param [Hash] params ({})
+    def list_scheduled_audits(params = {}, options = {})
+      req = build_request(:list_scheduled_audits, params)
+      req.send_request(options)
+    end
+
+    # Lists the Device Defender security profiles you have created. You can
+    # use filters to list only those security profiles associated with a
+    # thing group or only those associated with your account.
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time.
+    #
+    # @return [Types::ListSecurityProfilesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSecurityProfilesResponse#security_profile_identifiers #security_profile_identifiers} => Array&lt;Types::SecurityProfileIdentifier&gt;
+    #   * {Types::ListSecurityProfilesResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_security_profiles({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_profile_identifiers #=> Array
+    #   resp.security_profile_identifiers[0].name #=> String
+    #   resp.security_profile_identifiers[0].arn #=> String
+    #   resp.next_token #=> String
+    #
+    # @overload list_security_profiles(params = {})
+    # @param [Hash] params ({})
+    def list_security_profiles(params = {}, options = {})
+      req = build_request(:list_security_profiles, params)
+      req.send_request(options)
+    end
+
+    # Lists the Device Defender security profiles attached to a target
+    # (thing group).
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time.
+    #
+    # @option params [Boolean] :recursive
+    #   If true, return child groups as well.
+    #
+    # @option params [required, String] :security_profile_target_arn
+    #   The ARN of the target (thing group) whose attached security profiles
+    #   you want to get.
+    #
+    # @return [Types::ListSecurityProfilesForTargetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSecurityProfilesForTargetResponse#security_profile_target_mappings #security_profile_target_mappings} => Array&lt;Types::SecurityProfileTargetMapping&gt;
+    #   * {Types::ListSecurityProfilesForTargetResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_security_profiles_for_target({
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #     recursive: false,
+    #     security_profile_target_arn: "SecurityProfileTargetArn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_profile_target_mappings #=> Array
+    #   resp.security_profile_target_mappings[0].security_profile_identifier.name #=> String
+    #   resp.security_profile_target_mappings[0].security_profile_identifier.arn #=> String
+    #   resp.security_profile_target_mappings[0].target.arn #=> String
+    #   resp.next_token #=> String
+    #
+    # @overload list_security_profiles_for_target(params = {})
+    # @param [Hash] params ({})
+    def list_security_profiles_for_target(params = {}, options = {})
+      req = build_request(:list_security_profiles_for_target, params)
+      req.send_request(options)
+    end
+
     # Lists all of the streams in your AWS account.
     #
     # @option params [Integer] :max_results
@@ -3701,11 +4481,48 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Lists the targets (thing groups) associated with a given Device
+    # Defender security profile.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The security profile.
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time.
+    #
+    # @return [Types::ListTargetsForSecurityProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTargetsForSecurityProfileResponse#security_profile_targets #security_profile_targets} => Array&lt;Types::SecurityProfileTarget&gt;
+    #   * {Types::ListTargetsForSecurityProfileResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_targets_for_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_profile_targets #=> Array
+    #   resp.security_profile_targets[0].arn #=> String
+    #   resp.next_token #=> String
+    #
+    # @overload list_targets_for_security_profile(params = {})
+    # @param [Hash] params ({})
+    def list_targets_for_security_profile(params = {}, options = {})
+      req = build_request(:list_targets_for_security_profile, params)
+      req.send_request(options)
+    end
+
     # List the thing groups in your account.
     #
     # @option params [String] :next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -3756,8 +4573,7 @@ module Aws::IoT
     #   The thing name.
     #
     # @option params [String] :next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -3862,8 +4678,7 @@ module Aws::IoT
     # List bulk thing provisioning tasks.
     #
     # @option params [String] :next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -3900,8 +4715,7 @@ module Aws::IoT
     # Lists the existing thing types.
     #
     # @option params [String] :next_token
-    #   The token for the next set of results, or **null** if there are no
-    #   additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in this operation.
@@ -3949,8 +4763,7 @@ module Aws::IoT
     # **Red**.
     #
     # @option params [String] :next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return in this operation.
@@ -4007,8 +4820,7 @@ module Aws::IoT
     #   well.
     #
     # @option params [String] :next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token to retrieve the next set of results.
     #
     # @option params [Integer] :max_results
     #   The maximum number of results to return at one time.
@@ -4126,6 +4938,78 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Lists the Device Defender security profile violations discovered
+    # during the given time period. You can use filters to limit the results
+    # to those alerts issued for a particular security profile, behavior or
+    # thing (device).
+    #
+    # @option params [required, Time,DateTime,Date,Integer,String] :start_time
+    #   The start time for the alerts to be listed.
+    #
+    # @option params [required, Time,DateTime,Date,Integer,String] :end_time
+    #   The end time for the alerts to be listed.
+    #
+    # @option params [String] :thing_name
+    #   A filter to limit results to those alerts caused by the specified
+    #   thing.
+    #
+    # @option params [String] :security_profile_name
+    #   A filter to limit results to those alerts generated by the specified
+    #   security profile.
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return at one time.
+    #
+    # @return [Types::ListViolationEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListViolationEventsResponse#violation_events #violation_events} => Array&lt;Types::ViolationEvent&gt;
+    #   * {Types::ListViolationEventsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_violation_events({
+    #     start_time: Time.now, # required
+    #     end_time: Time.now, # required
+    #     thing_name: "ThingName",
+    #     security_profile_name: "SecurityProfileName",
+    #     next_token: "NextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.violation_events #=> Array
+    #   resp.violation_events[0].violation_id #=> String
+    #   resp.violation_events[0].thing_name #=> String
+    #   resp.violation_events[0].security_profile_name #=> String
+    #   resp.violation_events[0].behavior.name #=> String
+    #   resp.violation_events[0].behavior.metric #=> String
+    #   resp.violation_events[0].behavior.criteria.comparison_operator #=> String, one of "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set"
+    #   resp.violation_events[0].behavior.criteria.value.count #=> Integer
+    #   resp.violation_events[0].behavior.criteria.value.cidrs #=> Array
+    #   resp.violation_events[0].behavior.criteria.value.cidrs[0] #=> String
+    #   resp.violation_events[0].behavior.criteria.value.ports #=> Array
+    #   resp.violation_events[0].behavior.criteria.value.ports[0] #=> Integer
+    #   resp.violation_events[0].behavior.criteria.duration_seconds #=> Integer
+    #   resp.violation_events[0].metric_value.count #=> Integer
+    #   resp.violation_events[0].metric_value.cidrs #=> Array
+    #   resp.violation_events[0].metric_value.cidrs[0] #=> String
+    #   resp.violation_events[0].metric_value.ports #=> Array
+    #   resp.violation_events[0].metric_value.ports[0] #=> Integer
+    #   resp.violation_events[0].violation_event_type #=> String, one of "in-alarm", "alarm-cleared", "alarm-invalidated"
+    #   resp.violation_events[0].violation_event_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @overload list_violation_events(params = {})
+    # @param [Hash] params ({})
+    def list_violation_events(params = {}, options = {})
+      req = build_request(:list_violation_events, params)
+      req.send_request(options)
+    end
+
     # Registers a CA certificate with AWS IoT. This CA certificate can then
     # be used to sign device certificates, which can be then registered with
     # AWS IoT. You can register up to 10 CA certificates per AWS account
@@ -4411,11 +5295,11 @@ module Aws::IoT
     #           },
     #           cloudwatch_metric: {
     #             role_arn: "AwsArn", # required
-    #             metric_namespace: "MetricNamespace", # required
-    #             metric_name: "MetricName", # required
-    #             metric_value: "MetricValue", # required
-    #             metric_unit: "MetricUnit", # required
-    #             metric_timestamp: "MetricTimestamp",
+    #             metric_namespace: "String", # required
+    #             metric_name: "String", # required
+    #             metric_value: "String", # required
+    #             metric_unit: "String", # required
+    #             metric_timestamp: "String",
     #           },
     #           cloudwatch_alarm: {
     #             role_arn: "AwsArn", # required
@@ -4439,6 +5323,11 @@ module Aws::IoT
     #             channel_name: "ChannelName",
     #             role_arn: "AwsArn",
     #           },
+    #           step_functions: {
+    #             execution_name_prefix: "ExecutionNamePrefix",
+    #             state_machine_name: "StateMachineName", # required
+    #             role_arn: "AwsArn", # required
+    #           },
     #         },
     #       ],
     #       rule_disabled: false,
@@ -4497,11 +5386,11 @@ module Aws::IoT
     #         },
     #         cloudwatch_metric: {
     #           role_arn: "AwsArn", # required
-    #           metric_namespace: "MetricNamespace", # required
-    #           metric_name: "MetricName", # required
-    #           metric_value: "MetricValue", # required
-    #           metric_unit: "MetricUnit", # required
-    #           metric_timestamp: "MetricTimestamp",
+    #           metric_namespace: "String", # required
+    #           metric_name: "String", # required
+    #           metric_value: "String", # required
+    #           metric_unit: "String", # required
+    #           metric_timestamp: "String",
     #         },
     #         cloudwatch_alarm: {
     #           role_arn: "AwsArn", # required
@@ -4525,6 +5414,11 @@ module Aws::IoT
     #           channel_name: "ChannelName",
     #           role_arn: "AwsArn",
     #         },
+    #         step_functions: {
+    #           execution_name_prefix: "ExecutionNamePrefix",
+    #           state_machine_name: "StateMachineName", # required
+    #           role_arn: "AwsArn", # required
+    #         },
     #       },
     #     },
     #   })
@@ -4726,6 +5620,36 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Starts an on-demand Device Defender audit.
+    #
+    # @option params [required, Array<String>] :target_check_names
+    #   Which checks are performed during the audit. The checks you specify
+    #   must be enabled for your account or an exception occurs. Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks
+    #   including those that are enabled or `UpdateAccountAuditConfiguration`
+    #   to select which checks are enabled.
+    #
+    # @return [Types::StartOnDemandAuditTaskResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartOnDemandAuditTaskResponse#task_id #task_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_on_demand_audit_task({
+    #     target_check_names: ["AuditCheckName"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.task_id #=> String
+    #
+    # @overload start_on_demand_audit_task(params = {})
+    # @param [Hash] params ({})
+    def start_on_demand_audit_task(params = {}, options = {})
+      req = build_request(:start_on_demand_audit_task, params)
+      req.send_request(options)
+    end
+
     # Creates a bulk thing provisioning task.
     #
     # @option params [required, String] :template_body
@@ -4950,6 +5874,61 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Configures or reconfigures the Device Defender audit settings for this
+    # account. Settings include how audit notifications are sent and which
+    # audit checks are enabled or disabled.
+    #
+    # @option params [String] :role_arn
+    #   The ARN of the role that grants permission to AWS IoT to access
+    #   information about your devices, policies, certificates and other items
+    #   as necessary when performing an audit.
+    #
+    # @option params [Hash<String,Types::AuditNotificationTarget>] :audit_notification_target_configurations
+    #   Information about the targets to which audit notifications are sent.
+    #
+    # @option params [Hash<String,Types::AuditCheckConfiguration>] :audit_check_configurations
+    #   Specifies which audit checks are enabled and disabled for this
+    #   account. Use `DescribeAccountAuditConfiguration` to see the list of
+    #   all checks including those that are currently enabled.
+    #
+    #   Note that some data collection may begin immediately when certain
+    #   checks are enabled. When a check is disabled, any data collected so
+    #   far in relation to the check is deleted.
+    #
+    #   You cannot disable a check if it is used by any scheduled audit. You
+    #   must first delete the check from the scheduled audit or delete the
+    #   scheduled audit itself.
+    #
+    #   On the first call to `UpdateAccountAuditConfiguration` this parameter
+    #   is required and must specify at least one enabled check.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_account_audit_configuration({
+    #     role_arn: "RoleArn",
+    #     audit_notification_target_configurations: {
+    #       "SNS" => {
+    #         target_arn: "TargetArn",
+    #         role_arn: "RoleArn",
+    #         enabled: false,
+    #       },
+    #     },
+    #     audit_check_configurations: {
+    #       "AuditCheckName" => {
+    #         enabled: false,
+    #       },
+    #     },
+    #   })
+    #
+    # @overload update_account_audit_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_account_audit_configuration(params = {}, options = {})
+      req = build_request(:update_account_audit_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates an authorizer.
     #
     # @option params [required, String] :authorizer_name
@@ -5161,6 +6140,151 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Updates a scheduled audit, including what checks are performed and how
+    # often the audit takes place.
+    #
+    # @option params [String] :frequency
+    #   How often the scheduled audit takes place. Can be one of "DAILY",
+    #   "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of each
+    #   audit is determined by the system.
+    #
+    # @option params [String] :day_of_month
+    #   The day of the month on which the scheduled audit takes place. Can be
+    #   "1" through "31" or "LAST". This field is required if the
+    #   "frequency" parameter is set to "MONTHLY". If days 29-31 are
+    #   specified, and the month does not have that many days, the audit takes
+    #   place on the "LAST" day of the month.
+    #
+    # @option params [String] :day_of_week
+    #   The day of the week on which the scheduled audit takes place. Can be
+    #   one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or
+    #   "SAT". This field is required if the "frequency" parameter is set
+    #   to "WEEKLY" or "BIWEEKLY".
+    #
+    # @option params [Array<String>] :target_check_names
+    #   Which checks are performed during the scheduled audit. Checks must be
+    #   enabled for your account. (Use `DescribeAccountAuditConfiguration` to
+    #   see the list of all checks including those that are enabled or
+    #   `UpdateAccountAuditConfiguration` to select which checks are enabled.)
+    #
+    # @option params [required, String] :scheduled_audit_name
+    #   The name of the scheduled audit. (Max. 128 chars)
+    #
+    # @return [Types::UpdateScheduledAuditResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateScheduledAuditResponse#scheduled_audit_arn #scheduled_audit_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_scheduled_audit({
+    #     frequency: "DAILY", # accepts DAILY, WEEKLY, BIWEEKLY, MONTHLY
+    #     day_of_month: "DayOfMonth",
+    #     day_of_week: "SUN", # accepts SUN, MON, TUE, WED, THU, FRI, SAT
+    #     target_check_names: ["AuditCheckName"],
+    #     scheduled_audit_name: "ScheduledAuditName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scheduled_audit_arn #=> String
+    #
+    # @overload update_scheduled_audit(params = {})
+    # @param [Hash] params ({})
+    def update_scheduled_audit(params = {}, options = {})
+      req = build_request(:update_scheduled_audit, params)
+      req.send_request(options)
+    end
+
+    # Updates a Device Defender security profile.
+    #
+    # @option params [required, String] :security_profile_name
+    #   The name of the security profile you want to update.
+    #
+    # @option params [String] :security_profile_description
+    #   A description of the security profile.
+    #
+    # @option params [Array<Types::Behavior>] :behaviors
+    #   Specifies the behaviors that, when violated by a device (thing), cause
+    #   an alert.
+    #
+    # @option params [Hash<String,Types::AlertTarget>] :alert_targets
+    #   Where the alerts are sent. (Alerts are always sent to the console.)
+    #
+    # @option params [Integer] :expected_version
+    #   The expected version of the security profile. A new version is
+    #   generated whenever the security profile is updated. If you specify a
+    #   value that is different than the actual version, a
+    #   `VersionConflictException` is thrown.
+    #
+    # @return [Types::UpdateSecurityProfileResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateSecurityProfileResponse#security_profile_name #security_profile_name} => String
+    #   * {Types::UpdateSecurityProfileResponse#security_profile_arn #security_profile_arn} => String
+    #   * {Types::UpdateSecurityProfileResponse#security_profile_description #security_profile_description} => String
+    #   * {Types::UpdateSecurityProfileResponse#behaviors #behaviors} => Array&lt;Types::Behavior&gt;
+    #   * {Types::UpdateSecurityProfileResponse#alert_targets #alert_targets} => Hash&lt;String,Types::AlertTarget&gt;
+    #   * {Types::UpdateSecurityProfileResponse#version #version} => Integer
+    #   * {Types::UpdateSecurityProfileResponse#creation_date #creation_date} => Time
+    #   * {Types::UpdateSecurityProfileResponse#last_modified_date #last_modified_date} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_security_profile({
+    #     security_profile_name: "SecurityProfileName", # required
+    #     security_profile_description: "SecurityProfileDescription",
+    #     behaviors: [
+    #       {
+    #         name: "BehaviorName", # required
+    #         metric: "BehaviorMetric",
+    #         criteria: {
+    #           comparison_operator: "less-than", # accepts less-than, less-than-equals, greater-than, greater-than-equals, in-cidr-set, not-in-cidr-set, in-port-set, not-in-port-set
+    #           value: {
+    #             count: 1,
+    #             cidrs: ["Cidr"],
+    #             ports: [1],
+    #           },
+    #           duration_seconds: 1,
+    #         },
+    #       },
+    #     ],
+    #     alert_targets: {
+    #       "SNS" => {
+    #         alert_target_arn: "AlertTargetArn", # required
+    #         role_arn: "RoleArn", # required
+    #       },
+    #     },
+    #     expected_version: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.security_profile_name #=> String
+    #   resp.security_profile_arn #=> String
+    #   resp.security_profile_description #=> String
+    #   resp.behaviors #=> Array
+    #   resp.behaviors[0].name #=> String
+    #   resp.behaviors[0].metric #=> String
+    #   resp.behaviors[0].criteria.comparison_operator #=> String, one of "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set"
+    #   resp.behaviors[0].criteria.value.count #=> Integer
+    #   resp.behaviors[0].criteria.value.cidrs #=> Array
+    #   resp.behaviors[0].criteria.value.cidrs[0] #=> String
+    #   resp.behaviors[0].criteria.value.ports #=> Array
+    #   resp.behaviors[0].criteria.value.ports[0] #=> Integer
+    #   resp.behaviors[0].criteria.duration_seconds #=> Integer
+    #   resp.alert_targets #=> Hash
+    #   resp.alert_targets["AlertTargetType"].alert_target_arn #=> String
+    #   resp.alert_targets["AlertTargetType"].role_arn #=> String
+    #   resp.version #=> Integer
+    #   resp.creation_date #=> Time
+    #   resp.last_modified_date #=> Time
+    #
+    # @overload update_security_profile(params = {})
+    # @param [Hash] params ({})
+    def update_security_profile(params = {}, options = {})
+      req = build_request(:update_security_profile, params)
+      req.send_request(options)
+    end
+
     # Updates an existing stream. The stream version will be incremented by
     # one.
     #
@@ -5337,6 +6461,50 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Validates a Device Defender security profile behaviors specification.
+    #
+    # @option params [required, Array<Types::Behavior>] :behaviors
+    #   Specifies the behaviors that, when violated by a device (thing), cause
+    #   an alert.
+    #
+    # @return [Types::ValidateSecurityProfileBehaviorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ValidateSecurityProfileBehaviorsResponse#valid #valid} => Boolean
+    #   * {Types::ValidateSecurityProfileBehaviorsResponse#validation_errors #validation_errors} => Array&lt;Types::ValidationError&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.validate_security_profile_behaviors({
+    #     behaviors: [ # required
+    #       {
+    #         name: "BehaviorName", # required
+    #         metric: "BehaviorMetric",
+    #         criteria: {
+    #           comparison_operator: "less-than", # accepts less-than, less-than-equals, greater-than, greater-than-equals, in-cidr-set, not-in-cidr-set, in-port-set, not-in-port-set
+    #           value: {
+    #             count: 1,
+    #             cidrs: ["Cidr"],
+    #             ports: [1],
+    #           },
+    #           duration_seconds: 1,
+    #         },
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.valid #=> Boolean
+    #   resp.validation_errors #=> Array
+    #   resp.validation_errors[0].error_message #=> String
+    #
+    # @overload validate_security_profile_behaviors(params = {})
+    # @param [Hash] params ({})
+    def validate_security_profile_behaviors(params = {}, options = {})
+      req = build_request(:validate_security_profile_behaviors, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -5350,7 +6518,7 @@ module Aws::IoT
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iot'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.11.0'
       Seahorse::Client::Request.new(handlers, context)
     end