aws-sdk-iot 1.35.0 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -372,6 +372,22 @@ module Aws::IoT
372
372
 
373
373
  end
374
374
 
375
+ class TaskAlreadyExistsException < ServiceError
376
+
377
+ # @param [Seahorse::Client::RequestContext] context
378
+ # @param [String] message
379
+ # @param [Aws::IoT::Types::TaskAlreadyExistsException] data
380
+ def initialize(context, message, data = Aws::EmptyStructure.new)
381
+ super(context, message, data)
382
+ end
383
+
384
+ # @return [String]
385
+ def message
386
+ @message || @data[:message]
387
+ end
388
+
389
+ end
390
+
375
391
  class ThrottlingException < ServiceError
376
392
 
377
393
  # @param [Seahorse::Client::RequestContext] context
@@ -408,6 +408,36 @@ module Aws::IoT
408
408
 
409
409
  class AddThingToThingGroupResponse < Aws::EmptyStructure; end
410
410
 
411
+ # Parameters used when defining a mitigation action that move a set of
412
+ # things to a thing group.
413
+ #
414
+ # @note When making an API call, you may pass AddThingsToThingGroupParams
415
+ # data as a hash:
416
+ #
417
+ # {
418
+ # thing_group_names: ["ThingGroupName"], # required
419
+ # override_dynamic_groups: false,
420
+ # }
421
+ #
422
+ # @!attribute [rw] thing_group_names
423
+ # The list of groups to which you want to add the things that
424
+ # triggered the mitigation action. You can add a thing to a maximum of
425
+ # 10 groups, but you cannot add a thing to more than one group in the
426
+ # same hierarchy.
427
+ # @return [Array<String>]
428
+ #
429
+ # @!attribute [rw] override_dynamic_groups
430
+ # Specifies if this mitigation action can move the things that
431
+ # triggered the mitigation action even if they are part of one or more
432
+ # dynamic things groups.
433
+ # @return [Boolean]
434
+ #
435
+ class AddThingsToThingGroupParams < Struct.new(
436
+ :thing_group_names,
437
+ :override_dynamic_groups)
438
+ include Aws::Structure
439
+ end
440
+
411
441
  # A structure containing the alert target ARN and the role ARN.
412
442
  #
413
443
  # @note When making an API call, you may pass AlertTarget
@@ -655,14 +685,14 @@ module Aws::IoT
655
685
  # Information about the audit check.
656
686
  #
657
687
  # @!attribute [rw] check_run_status
658
- # The completion status of this check, one of "IN\_PROGRESS",
688
+ # The completion status of this check. One of "IN\_PROGRESS",
659
689
  # "WAITING\_FOR\_DATA\_COLLECTION", "CANCELED",
660
690
  # "COMPLETED\_COMPLIANT", "COMPLETED\_NON\_COMPLIANT", or
661
691
  # "FAILED".
662
692
  # @return [String]
663
693
  #
664
694
  # @!attribute [rw] check_compliant
665
- # True if the check completed and found all resources compliant.
695
+ # True if the check is complete and found all resources compliant.
666
696
  # @return [Boolean]
667
697
  #
668
698
  # @!attribute [rw] total_resources_count
@@ -670,18 +700,19 @@ module Aws::IoT
670
700
  # @return [Integer]
671
701
  #
672
702
  # @!attribute [rw] non_compliant_resources_count
673
- # The number of resources that the check found non-compliant.
703
+ # The number of resources that were found noncompliant during the
704
+ # check.
674
705
  # @return [Integer]
675
706
  #
676
707
  # @!attribute [rw] error_code
677
- # The code of any error encountered when performing this check during
678
- # this audit. One of "INSUFFICIENT\_PERMISSIONS", or
708
+ # The code of any error encountered when this check is performed
709
+ # during this audit. One of "INSUFFICIENT\_PERMISSIONS" or
679
710
  # "AUDIT\_CHECK\_DISABLED".
680
711
  # @return [String]
681
712
  #
682
713
  # @!attribute [rw] message
683
- # The message associated with any error encountered when performing
684
- # this check during this audit.
714
+ # The message associated with any error encountered when this check is
715
+ # performed during this audit.
685
716
  # @return [String]
686
717
  #
687
718
  class AuditCheckDetails < Struct.new(
@@ -696,8 +727,13 @@ module Aws::IoT
696
727
 
697
728
  # The findings (results) of the audit.
698
729
  #
730
+ # @!attribute [rw] finding_id
731
+ # A unique identifier for this set of audit findings. This identifier
732
+ # is used to apply mitigation tasks to one or more sets of findings.
733
+ # @return [String]
734
+ #
699
735
  # @!attribute [rw] task_id
700
- # The ID of the audit that generated this result (finding)
736
+ # The ID of the audit that generated this result (finding).
701
737
  # @return [String]
702
738
  #
703
739
  # @!attribute [rw] check_name
@@ -717,8 +753,7 @@ module Aws::IoT
717
753
  # @return [String]
718
754
  #
719
755
  # @!attribute [rw] non_compliant_resource
720
- # The resource that was found to be non-compliant with the audit
721
- # check.
756
+ # The resource that was found to be noncompliant with the audit check.
722
757
  # @return [Types::NonCompliantResource]
723
758
  #
724
759
  # @!attribute [rw] related_resources
@@ -726,15 +761,15 @@ module Aws::IoT
726
761
  # @return [Array<Types::RelatedResource>]
727
762
  #
728
763
  # @!attribute [rw] reason_for_non_compliance
729
- # The reason the resource was non-compliant.
764
+ # The reason the resource was noncompliant.
730
765
  # @return [String]
731
766
  #
732
767
  # @!attribute [rw] reason_for_non_compliance_code
733
- # A code which indicates the reason that the resource was
734
- # non-compliant.
768
+ # A code that indicates the reason that the resource was noncompliant.
735
769
  # @return [String]
736
770
  #
737
771
  class AuditFinding < Struct.new(
772
+ :finding_id,
738
773
  :task_id,
739
774
  :check_name,
740
775
  :task_start_time,
@@ -747,6 +782,124 @@ module Aws::IoT
747
782
  include Aws::Structure
748
783
  end
749
784
 
785
+ # Returned by ListAuditMitigationActionsTask, this object contains
786
+ # information that describes a mitigation action that has been started.
787
+ #
788
+ # @!attribute [rw] task_id
789
+ # The unique identifier for the task that applies the mitigation
790
+ # action.
791
+ # @return [String]
792
+ #
793
+ # @!attribute [rw] finding_id
794
+ # The unique identifier for the findings to which the task and
795
+ # associated mitigation action are applied.
796
+ # @return [String]
797
+ #
798
+ # @!attribute [rw] action_name
799
+ # The friendly name of the mitigation action being applied by the
800
+ # task.
801
+ # @return [String]
802
+ #
803
+ # @!attribute [rw] action_id
804
+ # The unique identifier for the mitigation action being applied by the
805
+ # task.
806
+ # @return [String]
807
+ #
808
+ # @!attribute [rw] status
809
+ # The current status of the task being executed.
810
+ # @return [String]
811
+ #
812
+ # @!attribute [rw] start_time
813
+ # The date and time when the task was started.
814
+ # @return [Time]
815
+ #
816
+ # @!attribute [rw] end_time
817
+ # The date and time when the task was completed or canceled. Blank if
818
+ # the task is still running.
819
+ # @return [Time]
820
+ #
821
+ # @!attribute [rw] error_code
822
+ # If an error occurred, the code that indicates which type of error
823
+ # occurred.
824
+ # @return [String]
825
+ #
826
+ # @!attribute [rw] message
827
+ # If an error occurred, a message that describes the error.
828
+ # @return [String]
829
+ #
830
+ class AuditMitigationActionExecutionMetadata < Struct.new(
831
+ :task_id,
832
+ :finding_id,
833
+ :action_name,
834
+ :action_id,
835
+ :status,
836
+ :start_time,
837
+ :end_time,
838
+ :error_code,
839
+ :message)
840
+ include Aws::Structure
841
+ end
842
+
843
+ # Information about an audit mitigation actions task that is returned by
844
+ # `ListAuditMitigationActionsTasks`.
845
+ #
846
+ # @!attribute [rw] task_id
847
+ # The unique identifier for the task.
848
+ # @return [String]
849
+ #
850
+ # @!attribute [rw] start_time
851
+ # The time at which the audit mitigation actions task was started.
852
+ # @return [Time]
853
+ #
854
+ # @!attribute [rw] task_status
855
+ # The current state of the audit mitigation actions task.
856
+ # @return [String]
857
+ #
858
+ class AuditMitigationActionsTaskMetadata < Struct.new(
859
+ :task_id,
860
+ :start_time,
861
+ :task_status)
862
+ include Aws::Structure
863
+ end
864
+
865
+ # Used in MitigationActionParams, this information identifies the target
866
+ # findings to which the mitigation actions are applied. Only one entry
867
+ # appears.
868
+ #
869
+ # @note When making an API call, you may pass AuditMitigationActionsTaskTarget
870
+ # data as a hash:
871
+ #
872
+ # {
873
+ # audit_task_id: "AuditTaskId",
874
+ # finding_ids: ["FindingId"],
875
+ # audit_check_to_reason_code_filter: {
876
+ # "AuditCheckName" => ["ReasonForNonComplianceCode"],
877
+ # },
878
+ # }
879
+ #
880
+ # @!attribute [rw] audit_task_id
881
+ # If the task will apply a mitigation action to findings from a
882
+ # specific audit, this value uniquely identifies the audit.
883
+ # @return [String]
884
+ #
885
+ # @!attribute [rw] finding_ids
886
+ # If the task will apply a mitigation action to one or more listed
887
+ # findings, this value uniquely identifies those findings.
888
+ # @return [Array<String>]
889
+ #
890
+ # @!attribute [rw] audit_check_to_reason_code_filter
891
+ # Specifies a filter in the form of an audit check and set of reason
892
+ # codes that identify the findings from the audit to which the audit
893
+ # mitigation actions task apply.
894
+ # @return [Hash<String,Array<String>>]
895
+ #
896
+ class AuditMitigationActionsTaskTarget < Struct.new(
897
+ :audit_task_id,
898
+ :finding_ids,
899
+ :audit_check_to_reason_code_filter)
900
+ include Aws::Structure
901
+ end
902
+
750
903
  # Information about the targets to which audit notifications are sent.
751
904
  #
752
905
  # @note When making an API call, you may pass AuditNotificationTarget
@@ -786,12 +939,12 @@ module Aws::IoT
786
939
  # @return [String]
787
940
  #
788
941
  # @!attribute [rw] task_status
789
- # The status of this audit: one of "IN\_PROGRESS", "COMPLETED",
790
- # "FAILED" or "CANCELED".
942
+ # The status of this audit. One of "IN\_PROGRESS", "COMPLETED",
943
+ # "FAILED", or "CANCELED".
791
944
  # @return [String]
792
945
  #
793
946
  # @!attribute [rw] task_type
794
- # The type of this audit: one of "ON\_DEMAND\_AUDIT\_TASK" or
947
+ # The type of this audit. One of "ON\_DEMAND\_AUDIT\_TASK" or
795
948
  # "SCHEDULED\_AUDIT\_TASK".
796
949
  # @return [String]
797
950
  #
@@ -1174,6 +1327,24 @@ module Aws::IoT
1174
1327
  include Aws::Structure
1175
1328
  end
1176
1329
 
1330
+ # @note When making an API call, you may pass CancelAuditMitigationActionsTaskRequest
1331
+ # data as a hash:
1332
+ #
1333
+ # {
1334
+ # task_id: "AuditMitigationActionsTaskId", # required
1335
+ # }
1336
+ #
1337
+ # @!attribute [rw] task_id
1338
+ # The unique identifier for the task that you want to cancel.
1339
+ # @return [String]
1340
+ #
1341
+ class CancelAuditMitigationActionsTaskRequest < Struct.new(
1342
+ :task_id)
1343
+ include Aws::Structure
1344
+ end
1345
+
1346
+ class CancelAuditMitigationActionsTaskResponse < Aws::EmptyStructure; end
1347
+
1177
1348
  # @note When making an API call, you may pass CancelAuditTaskRequest
1178
1349
  # data as a hash:
1179
1350
  #
@@ -2172,6 +2343,82 @@ module Aws::IoT
2172
2343
  include Aws::Structure
2173
2344
  end
2174
2345
 
2346
+ # @note When making an API call, you may pass CreateMitigationActionRequest
2347
+ # data as a hash:
2348
+ #
2349
+ # {
2350
+ # action_name: "MitigationActionName", # required
2351
+ # role_arn: "RoleArn", # required
2352
+ # action_params: { # required
2353
+ # update_device_certificate_params: {
2354
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
2355
+ # },
2356
+ # update_ca_certificate_params: {
2357
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
2358
+ # },
2359
+ # add_things_to_thing_group_params: {
2360
+ # thing_group_names: ["ThingGroupName"], # required
2361
+ # override_dynamic_groups: false,
2362
+ # },
2363
+ # replace_default_policy_version_params: {
2364
+ # template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
2365
+ # },
2366
+ # enable_io_t_logging_params: {
2367
+ # role_arn_for_logging: "RoleArn", # required
2368
+ # log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
2369
+ # },
2370
+ # publish_finding_to_sns_params: {
2371
+ # topic_arn: "SnsTopicArn", # required
2372
+ # },
2373
+ # },
2374
+ # tags: [
2375
+ # {
2376
+ # key: "TagKey",
2377
+ # value: "TagValue",
2378
+ # },
2379
+ # ],
2380
+ # }
2381
+ #
2382
+ # @!attribute [rw] action_name
2383
+ # A friendly name for the action. Choose a friendly name that
2384
+ # accurately describes the action (for example,
2385
+ # `EnableLoggingAction`).
2386
+ # @return [String]
2387
+ #
2388
+ # @!attribute [rw] role_arn
2389
+ # The ARN of the IAM role that is used to apply the mitigation action.
2390
+ # @return [String]
2391
+ #
2392
+ # @!attribute [rw] action_params
2393
+ # Defines the type of action and the parameters for that action.
2394
+ # @return [Types::MitigationActionParams]
2395
+ #
2396
+ # @!attribute [rw] tags
2397
+ # Metadata that can be used to manage the mitigation action.
2398
+ # @return [Array<Types::Tag>]
2399
+ #
2400
+ class CreateMitigationActionRequest < Struct.new(
2401
+ :action_name,
2402
+ :role_arn,
2403
+ :action_params,
2404
+ :tags)
2405
+ include Aws::Structure
2406
+ end
2407
+
2408
+ # @!attribute [rw] action_arn
2409
+ # The ARN for the new mitigation action.
2410
+ # @return [String]
2411
+ #
2412
+ # @!attribute [rw] action_id
2413
+ # A unique identifier for the new mitigation action.
2414
+ # @return [String]
2415
+ #
2416
+ class CreateMitigationActionResponse < Struct.new(
2417
+ :action_arn,
2418
+ :action_id)
2419
+ include Aws::Structure
2420
+ end
2421
+
2175
2422
  # @note When making an API call, you may pass CreateOTAUpdateRequest
2176
2423
  # data as a hash:
2177
2424
  #
@@ -2491,19 +2738,19 @@ module Aws::IoT
2491
2738
  # day_of_month: "DayOfMonth",
2492
2739
  # day_of_week: "SUN", # accepts SUN, MON, TUE, WED, THU, FRI, SAT
2493
2740
  # target_check_names: ["AuditCheckName"], # required
2741
+ # scheduled_audit_name: "ScheduledAuditName", # required
2494
2742
  # tags: [
2495
2743
  # {
2496
2744
  # key: "TagKey",
2497
2745
  # value: "TagValue",
2498
2746
  # },
2499
2747
  # ],
2500
- # scheduled_audit_name: "ScheduledAuditName", # required
2501
2748
  # }
2502
2749
  #
2503
2750
  # @!attribute [rw] frequency
2504
2751
  # How often the scheduled audit takes place. Can be one of "DAILY",
2505
- # "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of
2506
- # each audit is determined by the system.
2752
+ # "WEEKLY", "BIWEEKLY" or "MONTHLY". The start time of each
2753
+ # audit is determined by the system.
2507
2754
  # @return [String]
2508
2755
  #
2509
2756
  # @!attribute [rw] day_of_month
@@ -2516,7 +2763,7 @@ module Aws::IoT
2516
2763
  #
2517
2764
  # @!attribute [rw] day_of_week
2518
2765
  # The day of the week on which the scheduled audit takes place. Can be
2519
- # one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or
2766
+ # one of "SUN", "MON", "TUE", "WED", "THU", "FRI", or
2520
2767
  # "SAT". This field is required if the "frequency" parameter is
2521
2768
  # set to "WEEKLY" or "BIWEEKLY".
2522
2769
  # @return [String]
@@ -2524,27 +2771,27 @@ module Aws::IoT
2524
2771
  # @!attribute [rw] target_check_names
2525
2772
  # Which checks are performed during the scheduled audit. Checks must
2526
2773
  # be enabled for your account. (Use
2527
- # `DescribeAccountAuditConfiguration` to see the list of all checks
2528
- # including those that are enabled or
2774
+ # `DescribeAccountAuditConfiguration` to see the list of all checks,
2775
+ # including those that are enabled or use
2529
2776
  # `UpdateAccountAuditConfiguration` to select which checks are
2530
2777
  # enabled.)
2531
2778
  # @return [Array<String>]
2532
2779
  #
2533
- # @!attribute [rw] tags
2534
- # Metadata which can be used to manage the scheduled audit.
2535
- # @return [Array<Types::Tag>]
2536
- #
2537
2780
  # @!attribute [rw] scheduled_audit_name
2538
2781
  # The name you want to give to the scheduled audit. (Max. 128 chars)
2539
2782
  # @return [String]
2540
2783
  #
2784
+ # @!attribute [rw] tags
2785
+ # Metadata that can be used to manage the scheduled audit.
2786
+ # @return [Array<Types::Tag>]
2787
+ #
2541
2788
  class CreateScheduledAuditRequest < Struct.new(
2542
2789
  :frequency,
2543
2790
  :day_of_month,
2544
2791
  :day_of_week,
2545
2792
  :target_check_names,
2546
- :tags,
2547
- :scheduled_audit_name)
2793
+ :scheduled_audit_name,
2794
+ :tags)
2548
2795
  include Aws::Structure
2549
2796
  end
2550
2797
 
@@ -2619,12 +2866,12 @@ module Aws::IoT
2619
2866
  #
2620
2867
  # @!attribute [rw] additional_metrics_to_retain
2621
2868
  # A list of metrics whose data is retained (stored). By default, data
2622
- # is retained for any metric used in the profile's `behaviors` but it
2623
- # is also retained for any metric specified here.
2869
+ # is retained for any metric used in the profile's `behaviors`, but
2870
+ # it is also retained for any metric specified here.
2624
2871
  # @return [Array<String>]
2625
2872
  #
2626
2873
  # @!attribute [rw] tags
2627
- # Metadata which can be used to manage the security profile.
2874
+ # Metadata that can be used to manage the security profile.
2628
2875
  # @return [Array<Types::Tag>]
2629
2876
  #
2630
2877
  class CreateSecurityProfileRequest < Struct.new(
@@ -3299,7 +3546,8 @@ module Aws::IoT
3299
3546
  # @return [String]
3300
3547
  #
3301
3548
  # @!attribute [rw] force_delete
3302
- # Forces a certificate request to be deleted.
3549
+ # Forces the deletion of a certificate if it is inactive and is not
3550
+ # attached to an IoT thing.
3303
3551
  # @return [Boolean]
3304
3552
  #
3305
3553
  class DeleteCertificateRequest < Struct.new(
@@ -3432,6 +3680,24 @@ module Aws::IoT
3432
3680
  include Aws::Structure
3433
3681
  end
3434
3682
 
3683
+ # @note When making an API call, you may pass DeleteMitigationActionRequest
3684
+ # data as a hash:
3685
+ #
3686
+ # {
3687
+ # action_name: "MitigationActionName", # required
3688
+ # }
3689
+ #
3690
+ # @!attribute [rw] action_name
3691
+ # The name of the mitigation action that you want to delete.
3692
+ # @return [String]
3693
+ #
3694
+ class DeleteMitigationActionRequest < Struct.new(
3695
+ :action_name)
3696
+ include Aws::Structure
3697
+ end
3698
+
3699
+ class DeleteMitigationActionResponse < Aws::EmptyStructure; end
3700
+
3435
3701
  # @note When making an API call, you may pass DeleteOTAUpdateRequest
3436
3702
  # data as a hash:
3437
3703
  #
@@ -3567,7 +3833,7 @@ module Aws::IoT
3567
3833
  # @!attribute [rw] expected_version
3568
3834
  # The expected version of the security profile. A new version is
3569
3835
  # generated whenever the security profile is updated. If you specify a
3570
- # value that is different than the actual version, a
3836
+ # value that is different from the actual version, a
3571
3837
  # `VersionConflictException` is thrown.
3572
3838
  # @return [Integer]
3573
3839
  #
@@ -3769,10 +4035,10 @@ module Aws::IoT
3769
4035
 
3770
4036
  # @!attribute [rw] role_arn
3771
4037
  # The ARN of the role that grants permission to AWS IoT to access
3772
- # information about your devices, policies, certificates and other
3773
- # items as necessary when performing an audit.
4038
+ # information about your devices, policies, certificates, and other
4039
+ # items as required when performing an audit.
3774
4040
  #
3775
- # On the first call to `UpdateAccountAuditConfiguration` this
4041
+ # On the first call to `UpdateAccountAuditConfiguration`, this
3776
4042
  # parameter is required.
3777
4043
  # @return [String]
3778
4044
  #
@@ -3792,6 +4058,91 @@ module Aws::IoT
3792
4058
  include Aws::Structure
3793
4059
  end
3794
4060
 
4061
+ # @note When making an API call, you may pass DescribeAuditFindingRequest
4062
+ # data as a hash:
4063
+ #
4064
+ # {
4065
+ # finding_id: "FindingId", # required
4066
+ # }
4067
+ #
4068
+ # @!attribute [rw] finding_id
4069
+ # A unique identifier for a single audit finding. You can use this
4070
+ # identifier to apply mitigation actions to the finding.
4071
+ # @return [String]
4072
+ #
4073
+ class DescribeAuditFindingRequest < Struct.new(
4074
+ :finding_id)
4075
+ include Aws::Structure
4076
+ end
4077
+
4078
+ # @!attribute [rw] finding
4079
+ # The findings (results) of the audit.
4080
+ # @return [Types::AuditFinding]
4081
+ #
4082
+ class DescribeAuditFindingResponse < Struct.new(
4083
+ :finding)
4084
+ include Aws::Structure
4085
+ end
4086
+
4087
+ # @note When making an API call, you may pass DescribeAuditMitigationActionsTaskRequest
4088
+ # data as a hash:
4089
+ #
4090
+ # {
4091
+ # task_id: "AuditMitigationActionsTaskId", # required
4092
+ # }
4093
+ #
4094
+ # @!attribute [rw] task_id
4095
+ # The unique identifier for the audit mitigation task.
4096
+ # @return [String]
4097
+ #
4098
+ class DescribeAuditMitigationActionsTaskRequest < Struct.new(
4099
+ :task_id)
4100
+ include Aws::Structure
4101
+ end
4102
+
4103
+ # @!attribute [rw] task_status
4104
+ # The current status of the task.
4105
+ # @return [String]
4106
+ #
4107
+ # @!attribute [rw] start_time
4108
+ # The date and time when the task was started.
4109
+ # @return [Time]
4110
+ #
4111
+ # @!attribute [rw] end_time
4112
+ # The date and time when the task was completed or canceled.
4113
+ # @return [Time]
4114
+ #
4115
+ # @!attribute [rw] task_statistics
4116
+ # Aggregate counts of the results when the mitigation tasks were
4117
+ # applied to the findings for this audit mitigation actions task.
4118
+ # @return [Hash<String,Types::TaskStatisticsForAuditCheck>]
4119
+ #
4120
+ # @!attribute [rw] target
4121
+ # Identifies the findings to which the mitigation actions are applied.
4122
+ # This can be by audit checks, by audit task, or a set of findings.
4123
+ # @return [Types::AuditMitigationActionsTaskTarget]
4124
+ #
4125
+ # @!attribute [rw] audit_check_to_actions_mapping
4126
+ # Specifies the mitigation actions that should be applied to specific
4127
+ # audit checks.
4128
+ # @return [Hash<String,Array<String>>]
4129
+ #
4130
+ # @!attribute [rw] actions_definition
4131
+ # Specifies the mitigation actions and their parameters that are
4132
+ # applied as part of this task.
4133
+ # @return [Array<Types::MitigationAction>]
4134
+ #
4135
+ class DescribeAuditMitigationActionsTaskResponse < Struct.new(
4136
+ :task_status,
4137
+ :start_time,
4138
+ :end_time,
4139
+ :task_statistics,
4140
+ :target,
4141
+ :audit_check_to_actions_mapping,
4142
+ :actions_definition)
4143
+ include Aws::Structure
4144
+ end
4145
+
3795
4146
  # @note When making an API call, you may pass DescribeAuditTaskRequest
3796
4147
  # data as a hash:
3797
4148
  #
@@ -4187,6 +4538,68 @@ module Aws::IoT
4187
4538
  include Aws::Structure
4188
4539
  end
4189
4540
 
4541
+ # @note When making an API call, you may pass DescribeMitigationActionRequest
4542
+ # data as a hash:
4543
+ #
4544
+ # {
4545
+ # action_name: "MitigationActionName", # required
4546
+ # }
4547
+ #
4548
+ # @!attribute [rw] action_name
4549
+ # The friendly name that uniquely identifies the mitigation action.
4550
+ # @return [String]
4551
+ #
4552
+ class DescribeMitigationActionRequest < Struct.new(
4553
+ :action_name)
4554
+ include Aws::Structure
4555
+ end
4556
+
4557
+ # @!attribute [rw] action_name
4558
+ # The friendly name that uniquely identifies the mitigation action.
4559
+ # @return [String]
4560
+ #
4561
+ # @!attribute [rw] action_type
4562
+ # The type of mitigation action.
4563
+ # @return [String]
4564
+ #
4565
+ # @!attribute [rw] action_arn
4566
+ # The ARN that identifies this migration action.
4567
+ # @return [String]
4568
+ #
4569
+ # @!attribute [rw] action_id
4570
+ # A unique identifier for this action.
4571
+ # @return [String]
4572
+ #
4573
+ # @!attribute [rw] role_arn
4574
+ # The ARN of the IAM role used to apply this action.
4575
+ # @return [String]
4576
+ #
4577
+ # @!attribute [rw] action_params
4578
+ # Parameters that control how the mitigation action is applied,
4579
+ # specific to the type of mitigation action.
4580
+ # @return [Types::MitigationActionParams]
4581
+ #
4582
+ # @!attribute [rw] creation_date
4583
+ # The date and time when the mitigation action was added to your AWS
4584
+ # account.
4585
+ # @return [Time]
4586
+ #
4587
+ # @!attribute [rw] last_modified_date
4588
+ # The date and time when the mitigation action was last changed.
4589
+ # @return [Time]
4590
+ #
4591
+ class DescribeMitigationActionResponse < Struct.new(
4592
+ :action_name,
4593
+ :action_type,
4594
+ :action_arn,
4595
+ :action_id,
4596
+ :role_arn,
4597
+ :action_params,
4598
+ :creation_date,
4599
+ :last_modified_date)
4600
+ include Aws::Structure
4601
+ end
4602
+
4190
4603
  # @note When making an API call, you may pass DescribeRoleAliasRequest
4191
4604
  # data as a hash:
4192
4605
  #
@@ -4230,8 +4643,8 @@ module Aws::IoT
4230
4643
 
4231
4644
  # @!attribute [rw] frequency
4232
4645
  # How often the scheduled audit takes place. One of "DAILY",
4233
- # "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of
4234
- # each audit is determined by the system.
4646
+ # "WEEKLY", "BIWEEKLY", or "MONTHLY". The start time of each
4647
+ # audit is determined by the system.
4235
4648
  # @return [String]
4236
4649
  #
4237
4650
  # @!attribute [rw] day_of_month
@@ -4243,14 +4656,14 @@ module Aws::IoT
4243
4656
  #
4244
4657
  # @!attribute [rw] day_of_week
4245
4658
  # The day of the week on which the scheduled audit takes place. One of
4246
- # "SUN", "MON", "TUE", "WED", "THU", "FRI" or "SAT".
4659
+ # "SUN", "MON", "TUE", "WED", "THU", "FRI", or "SAT".
4247
4660
  # @return [String]
4248
4661
  #
4249
4662
  # @!attribute [rw] target_check_names
4250
- # Which checks are performed during the scheduled audit. (Note that
4251
- # checks must be enabled for your account. (Use
4252
- # `DescribeAccountAuditConfiguration` to see the list of all checks
4253
- # including those that are enabled or
4663
+ # Which checks are performed during the scheduled audit. Checks must
4664
+ # be enabled for your account. (Use
4665
+ # `DescribeAccountAuditConfiguration` to see the list of all checks,
4666
+ # including those that are enabled or use
4254
4667
  # `UpdateAccountAuditConfiguration` to select which checks are
4255
4668
  # enabled.)
4256
4669
  # @return [Array<String>]
@@ -4313,8 +4726,8 @@ module Aws::IoT
4313
4726
  #
4314
4727
  # @!attribute [rw] additional_metrics_to_retain
4315
4728
  # A list of metrics whose data is retained (stored). By default, data
4316
- # is retained for any metric used in the profile's `behaviors` but it
4317
- # is also retained for any metric specified here.
4729
+ # is retained for any metric used in the profile's `behaviors`, but
4730
+ # it is also retained for any metric specified here.
4318
4731
  # @return [Array<String>]
4319
4732
  #
4320
4733
  # @!attribute [rw] version
@@ -4978,6 +5391,31 @@ module Aws::IoT
4978
5391
  include Aws::Structure
4979
5392
  end
4980
5393
 
5394
+ # Parameters used when defining a mitigation action that enable AWS IoT
5395
+ # logging.
5396
+ #
5397
+ # @note When making an API call, you may pass EnableIoTLoggingParams
5398
+ # data as a hash:
5399
+ #
5400
+ # {
5401
+ # role_arn_for_logging: "RoleArn", # required
5402
+ # log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
5403
+ # }
5404
+ #
5405
+ # @!attribute [rw] role_arn_for_logging
5406
+ # The ARN of the IAM role used for logging.
5407
+ # @return [String]
5408
+ #
5409
+ # @!attribute [rw] log_level
5410
+ # Specifies the types of information to be logged.
5411
+ # @return [String]
5412
+ #
5413
+ class EnableIoTLoggingParams < Struct.new(
5414
+ :role_arn_for_logging,
5415
+ :log_level)
5416
+ include Aws::Structure
5417
+ end
5418
+
4981
5419
  # The input for the EnableTopicRuleRequest operation.
4982
5420
  #
4983
5421
  # @note When making an API call, you may pass EnableTopicRuleRequest
@@ -5620,7 +6058,7 @@ module Aws::IoT
5620
6058
  include Aws::Structure
5621
6059
  end
5622
6060
 
5623
- # Sends messge data to an AWS IoT Analytics channel.
6061
+ # Sends message data to an AWS IoT Analytics channel.
5624
6062
  #
5625
6063
  # @note When making an API call, you may pass IotAnalyticsAction
5626
6064
  # data as a hash:
@@ -6169,7 +6607,7 @@ module Aws::IoT
6169
6607
  # data as a hash:
6170
6608
  #
6171
6609
  # {
6172
- # thing_name: "ThingName",
6610
+ # thing_name: "DeviceDefenderThingName",
6173
6611
  # security_profile_name: "SecurityProfileName",
6174
6612
  # next_token: "NextToken",
6175
6613
  # max_results: 1,
@@ -6283,24 +6721,159 @@ module Aws::IoT
6283
6721
  # },
6284
6722
  # max_results: 1,
6285
6723
  # next_token: "NextToken",
6286
- # start_time: Time.now,
6287
- # end_time: Time.now,
6724
+ # start_time: Time.now,
6725
+ # end_time: Time.now,
6726
+ # }
6727
+ #
6728
+ # @!attribute [rw] task_id
6729
+ # A filter to limit results to the audit with the specified ID. You
6730
+ # must specify either the taskId or the startTime and endTime, but not
6731
+ # both.
6732
+ # @return [String]
6733
+ #
6734
+ # @!attribute [rw] check_name
6735
+ # A filter to limit results to the findings for the specified audit
6736
+ # check.
6737
+ # @return [String]
6738
+ #
6739
+ # @!attribute [rw] resource_identifier
6740
+ # Information identifying the noncompliant resource.
6741
+ # @return [Types::ResourceIdentifier]
6742
+ #
6743
+ # @!attribute [rw] max_results
6744
+ # The maximum number of results to return at one time. The default is
6745
+ # 25.
6746
+ # @return [Integer]
6747
+ #
6748
+ # @!attribute [rw] next_token
6749
+ # The token for the next set of results.
6750
+ # @return [String]
6751
+ #
6752
+ # @!attribute [rw] start_time
6753
+ # A filter to limit results to those found after the specified time.
6754
+ # You must specify either the startTime and endTime or the taskId, but
6755
+ # not both.
6756
+ # @return [Time]
6757
+ #
6758
+ # @!attribute [rw] end_time
6759
+ # A filter to limit results to those found before the specified time.
6760
+ # You must specify either the startTime and endTime or the taskId, but
6761
+ # not both.
6762
+ # @return [Time]
6763
+ #
6764
+ class ListAuditFindingsRequest < Struct.new(
6765
+ :task_id,
6766
+ :check_name,
6767
+ :resource_identifier,
6768
+ :max_results,
6769
+ :next_token,
6770
+ :start_time,
6771
+ :end_time)
6772
+ include Aws::Structure
6773
+ end
6774
+
6775
+ # @!attribute [rw] findings
6776
+ # The findings (results) of the audit.
6777
+ # @return [Array<Types::AuditFinding>]
6778
+ #
6779
+ # @!attribute [rw] next_token
6780
+ # A token that can be used to retrieve the next set of results, or
6781
+ # `null` if there are no additional results.
6782
+ # @return [String]
6783
+ #
6784
+ class ListAuditFindingsResponse < Struct.new(
6785
+ :findings,
6786
+ :next_token)
6787
+ include Aws::Structure
6788
+ end
6789
+
6790
+ # @note When making an API call, you may pass ListAuditMitigationActionsExecutionsRequest
6791
+ # data as a hash:
6792
+ #
6793
+ # {
6794
+ # task_id: "AuditMitigationActionsTaskId", # required
6795
+ # action_status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED, CANCELED, SKIPPED, PENDING
6796
+ # finding_id: "FindingId", # required
6797
+ # max_results: 1,
6798
+ # next_token: "NextToken",
6799
+ # }
6800
+ #
6801
+ # @!attribute [rw] task_id
6802
+ # Specify this filter to limit results to actions for a specific audit
6803
+ # mitigation actions task.
6804
+ # @return [String]
6805
+ #
6806
+ # @!attribute [rw] action_status
6807
+ # Specify this filter to limit results to those with a specific
6808
+ # status.
6809
+ # @return [String]
6810
+ #
6811
+ # @!attribute [rw] finding_id
6812
+ # Specify this filter to limit results to those that were applied to a
6813
+ # specific audit finding.
6814
+ # @return [String]
6815
+ #
6816
+ # @!attribute [rw] max_results
6817
+ # The maximum number of results to return at one time. The default is
6818
+ # 25.
6819
+ # @return [Integer]
6820
+ #
6821
+ # @!attribute [rw] next_token
6822
+ # The token for the next set of results.
6823
+ # @return [String]
6824
+ #
6825
+ class ListAuditMitigationActionsExecutionsRequest < Struct.new(
6826
+ :task_id,
6827
+ :action_status,
6828
+ :finding_id,
6829
+ :max_results,
6830
+ :next_token)
6831
+ include Aws::Structure
6832
+ end
6833
+
6834
+ # @!attribute [rw] actions_executions
6835
+ # A set of task execution results based on the input parameters.
6836
+ # Details include the mitigation action applied, start time, and task
6837
+ # status.
6838
+ # @return [Array<Types::AuditMitigationActionExecutionMetadata>]
6839
+ #
6840
+ # @!attribute [rw] next_token
6841
+ # The token for the next set of results.
6842
+ # @return [String]
6843
+ #
6844
+ class ListAuditMitigationActionsExecutionsResponse < Struct.new(
6845
+ :actions_executions,
6846
+ :next_token)
6847
+ include Aws::Structure
6848
+ end
6849
+
6850
+ # @note When making an API call, you may pass ListAuditMitigationActionsTasksRequest
6851
+ # data as a hash:
6852
+ #
6853
+ # {
6854
+ # audit_task_id: "AuditTaskId",
6855
+ # finding_id: "FindingId",
6856
+ # task_status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED, CANCELED
6857
+ # max_results: 1,
6858
+ # next_token: "NextToken",
6859
+ # start_time: Time.now, # required
6860
+ # end_time: Time.now, # required
6288
6861
  # }
6289
6862
  #
6290
- # @!attribute [rw] task_id
6291
- # A filter to limit results to the audit with the specified ID. You
6292
- # must specify either the taskId or the startTime and endTime, but not
6293
- # both.
6863
+ # @!attribute [rw] audit_task_id
6864
+ # Specify this filter to limit results to tasks that were applied to
6865
+ # results for a specific audit.
6294
6866
  # @return [String]
6295
6867
  #
6296
- # @!attribute [rw] check_name
6297
- # A filter to limit results to the findings for the specified audit
6298
- # check.
6868
+ # @!attribute [rw] finding_id
6869
+ # Specify this filter to limit results to tasks that were applied to a
6870
+ # specific audit finding.
6299
6871
  # @return [String]
6300
6872
  #
6301
- # @!attribute [rw] resource_identifier
6302
- # Information identifying the non-compliant resource.
6303
- # @return [Types::ResourceIdentifier]
6873
+ # @!attribute [rw] task_status
6874
+ # Specify this filter to limit results to tasks that are in a specific
6875
+ # state.
6876
+ # @return [String]
6304
6877
  #
6305
6878
  # @!attribute [rw] max_results
6306
6879
  # The maximum number of results to return at one time. The default is
@@ -6312,21 +6885,19 @@ module Aws::IoT
6312
6885
  # @return [String]
6313
6886
  #
6314
6887
  # @!attribute [rw] start_time
6315
- # A filter to limit results to those found after the specified time.
6316
- # You must specify either the startTime and endTime or the taskId, but
6317
- # not both.
6888
+ # Specify this filter to limit results to tasks that began on or after
6889
+ # a specific date and time.
6318
6890
  # @return [Time]
6319
6891
  #
6320
6892
  # @!attribute [rw] end_time
6321
- # A filter to limit results to those found before the specified time.
6322
- # You must specify either the startTime and endTime or the taskId, but
6323
- # not both.
6893
+ # Specify this filter to limit results to tasks that were completed or
6894
+ # canceled on or before a specific date and time.
6324
6895
  # @return [Time]
6325
6896
  #
6326
- class ListAuditFindingsRequest < Struct.new(
6327
- :task_id,
6328
- :check_name,
6329
- :resource_identifier,
6897
+ class ListAuditMitigationActionsTasksRequest < Struct.new(
6898
+ :audit_task_id,
6899
+ :finding_id,
6900
+ :task_status,
6330
6901
  :max_results,
6331
6902
  :next_token,
6332
6903
  :start_time,
@@ -6334,17 +6905,17 @@ module Aws::IoT
6334
6905
  include Aws::Structure
6335
6906
  end
6336
6907
 
6337
- # @!attribute [rw] findings
6338
- # The findings (results) of the audit.
6339
- # @return [Array<Types::AuditFinding>]
6908
+ # @!attribute [rw] tasks
6909
+ # The collection of audit mitigation tasks that matched the filter
6910
+ # criteria.
6911
+ # @return [Array<Types::AuditMitigationActionsTaskMetadata>]
6340
6912
  #
6341
6913
  # @!attribute [rw] next_token
6342
- # A token that can be used to retrieve the next set of results, or
6343
- # `null` if there are no additional results.
6914
+ # The token for the next set of results.
6344
6915
  # @return [String]
6345
6916
  #
6346
- class ListAuditFindingsResponse < Struct.new(
6347
- :findings,
6917
+ class ListAuditMitigationActionsTasksResponse < Struct.new(
6918
+ :tasks,
6348
6919
  :next_token)
6349
6920
  include Aws::Structure
6350
6921
  end
@@ -6362,9 +6933,9 @@ module Aws::IoT
6362
6933
  # }
6363
6934
  #
6364
6935
  # @!attribute [rw] start_time
6365
- # The beginning of the time period. Note that audit information is
6366
- # retained for a limited time (180 days). Requesting a start time
6367
- # prior to what is retained results in an "InvalidRequestException".
6936
+ # The beginning of the time period. Audit information is retained for
6937
+ # a limited time (180 days). Requesting a start time prior to what is
6938
+ # retained results in an "InvalidRequestException".
6368
6939
  # @return [Time]
6369
6940
  #
6370
6941
  # @!attribute [rw] end_time
@@ -6378,8 +6949,8 @@ module Aws::IoT
6378
6949
  #
6379
6950
  # @!attribute [rw] task_status
6380
6951
  # A filter to limit the output to audits with the specified completion
6381
- # status: can be one of "IN\_PROGRESS", "COMPLETED", "FAILED" or
6382
- # "CANCELED".
6952
+ # status: can be one of "IN\_PROGRESS", "COMPLETED", "FAILED",
6953
+ # or "CANCELED".
6383
6954
  # @return [String]
6384
6955
  #
6385
6956
  # @!attribute [rw] next_token
@@ -6864,6 +7435,50 @@ module Aws::IoT
6864
7435
  include Aws::Structure
6865
7436
  end
6866
7437
 
7438
+ # @note When making an API call, you may pass ListMitigationActionsRequest
7439
+ # data as a hash:
7440
+ #
7441
+ # {
7442
+ # action_type: "UPDATE_DEVICE_CERTIFICATE", # accepts UPDATE_DEVICE_CERTIFICATE, UPDATE_CA_CERTIFICATE, ADD_THINGS_TO_THING_GROUP, REPLACE_DEFAULT_POLICY_VERSION, ENABLE_IOT_LOGGING, PUBLISH_FINDING_TO_SNS
7443
+ # max_results: 1,
7444
+ # next_token: "NextToken",
7445
+ # }
7446
+ #
7447
+ # @!attribute [rw] action_type
7448
+ # Specify a value to limit the result to mitigation actions with a
7449
+ # specific action type.
7450
+ # @return [String]
7451
+ #
7452
+ # @!attribute [rw] max_results
7453
+ # The maximum number of results to return at one time. The default is
7454
+ # 25.
7455
+ # @return [Integer]
7456
+ #
7457
+ # @!attribute [rw] next_token
7458
+ # The token for the next set of results.
7459
+ # @return [String]
7460
+ #
7461
+ class ListMitigationActionsRequest < Struct.new(
7462
+ :action_type,
7463
+ :max_results,
7464
+ :next_token)
7465
+ include Aws::Structure
7466
+ end
7467
+
7468
+ # @!attribute [rw] action_identifiers
7469
+ # A set of actions that matched the specified filter criteria.
7470
+ # @return [Array<Types::MitigationActionIdentifier>]
7471
+ #
7472
+ # @!attribute [rw] next_token
7473
+ # The token for the next set of results.
7474
+ # @return [String]
7475
+ #
7476
+ class ListMitigationActionsResponse < Struct.new(
7477
+ :action_identifiers,
7478
+ :next_token)
7479
+ include Aws::Structure
7480
+ end
7481
+
6867
7482
  # @note When making an API call, you may pass ListOTAUpdatesRequest
6868
7483
  # data as a hash:
6869
7484
  #
@@ -7284,7 +7899,7 @@ module Aws::IoT
7284
7899
  # @return [Integer]
7285
7900
  #
7286
7901
  # @!attribute [rw] recursive
7287
- # If true, return child groups as well.
7902
+ # If true, return child groups too.
7288
7903
  # @return [Boolean]
7289
7904
  #
7290
7905
  # @!attribute [rw] security_profile_target_arn
@@ -8044,7 +8659,7 @@ module Aws::IoT
8044
8659
  # {
8045
8660
  # start_time: Time.now, # required
8046
8661
  # end_time: Time.now, # required
8047
- # thing_name: "ThingName",
8662
+ # thing_name: "DeviceDefenderThingName",
8048
8663
  # security_profile_name: "SecurityProfileName",
8049
8664
  # next_token: "NextToken",
8050
8665
  # max_results: 1,
@@ -8088,7 +8703,7 @@ module Aws::IoT
8088
8703
 
8089
8704
  # @!attribute [rw] violation_events
8090
8705
  # The security profile violation alerts issued for this account during
8091
- # the given time frame, potentially filtered by security profile,
8706
+ # the given time period, potentially filtered by security profile,
8092
8707
  # behavior violated, or thing (device) violating.
8093
8708
  # @return [Array<Types::ViolationEvent>]
8094
8709
  #
@@ -8211,19 +8826,141 @@ module Aws::IoT
8211
8826
  include Aws::Structure
8212
8827
  end
8213
8828
 
8214
- # Information about the resource that was non-compliant with the audit
8829
+ # Describes which changes should be applied as part of a mitigation
8830
+ # action.
8831
+ #
8832
+ # @!attribute [rw] name
8833
+ # A user-friendly name for the mitigation action.
8834
+ # @return [String]
8835
+ #
8836
+ # @!attribute [rw] id
8837
+ # A unique identifier for the mitigation action.
8838
+ # @return [String]
8839
+ #
8840
+ # @!attribute [rw] role_arn
8841
+ # The IAM role ARN used to apply this mitigation action.
8842
+ # @return [String]
8843
+ #
8844
+ # @!attribute [rw] action_params
8845
+ # The set of parameters for this mitigation action. The parameters
8846
+ # vary, depending on the kind of action you apply.
8847
+ # @return [Types::MitigationActionParams]
8848
+ #
8849
+ class MitigationAction < Struct.new(
8850
+ :name,
8851
+ :id,
8852
+ :role_arn,
8853
+ :action_params)
8854
+ include Aws::Structure
8855
+ end
8856
+
8857
+ # Information that identifies a mitigation action. This information is
8858
+ # returned by ListMitigationActions.
8859
+ #
8860
+ # @!attribute [rw] action_name
8861
+ # The friendly name of the mitigation action.
8862
+ # @return [String]
8863
+ #
8864
+ # @!attribute [rw] action_arn
8865
+ # The IAM role ARN used to apply this mitigation action.
8866
+ # @return [String]
8867
+ #
8868
+ # @!attribute [rw] creation_date
8869
+ # The date when this mitigation action was created.
8870
+ # @return [Time]
8871
+ #
8872
+ class MitigationActionIdentifier < Struct.new(
8873
+ :action_name,
8874
+ :action_arn,
8875
+ :creation_date)
8876
+ include Aws::Structure
8877
+ end
8878
+
8879
+ # The set of parameters for this mitigation action. You can specify only
8880
+ # one type of parameter (in other words, you can apply only one action
8881
+ # for each defined mitigation action).
8882
+ #
8883
+ # @note When making an API call, you may pass MitigationActionParams
8884
+ # data as a hash:
8885
+ #
8886
+ # {
8887
+ # update_device_certificate_params: {
8888
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
8889
+ # },
8890
+ # update_ca_certificate_params: {
8891
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
8892
+ # },
8893
+ # add_things_to_thing_group_params: {
8894
+ # thing_group_names: ["ThingGroupName"], # required
8895
+ # override_dynamic_groups: false,
8896
+ # },
8897
+ # replace_default_policy_version_params: {
8898
+ # template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
8899
+ # },
8900
+ # enable_io_t_logging_params: {
8901
+ # role_arn_for_logging: "RoleArn", # required
8902
+ # log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
8903
+ # },
8904
+ # publish_finding_to_sns_params: {
8905
+ # topic_arn: "SnsTopicArn", # required
8906
+ # },
8907
+ # }
8908
+ #
8909
+ # @!attribute [rw] update_device_certificate_params
8910
+ # Parameters to define a mitigation action that changes the state of
8911
+ # the device certificate to inactive.
8912
+ # @return [Types::UpdateDeviceCertificateParams]
8913
+ #
8914
+ # @!attribute [rw] update_ca_certificate_params
8915
+ # Parameters to define a mitigation action that changes the state of
8916
+ # the CA certificate to inactive.
8917
+ # @return [Types::UpdateCACertificateParams]
8918
+ #
8919
+ # @!attribute [rw] add_things_to_thing_group_params
8920
+ # Parameters to define a mitigation action that moves devices
8921
+ # associated with a certificate to one or more specified thing groups,
8922
+ # typically for quarantine.
8923
+ # @return [Types::AddThingsToThingGroupParams]
8924
+ #
8925
+ # @!attribute [rw] replace_default_policy_version_params
8926
+ # Parameters to define a mitigation action that adds a blank policy to
8927
+ # restrict permissions.
8928
+ # @return [Types::ReplaceDefaultPolicyVersionParams]
8929
+ #
8930
+ # @!attribute [rw] enable_io_t_logging_params
8931
+ # Parameters to define a mitigation action that enables AWS IoT
8932
+ # logging at a specified level of detail.
8933
+ # @return [Types::EnableIoTLoggingParams]
8934
+ #
8935
+ # @!attribute [rw] publish_finding_to_sns_params
8936
+ # Parameters to define a mitigation action that publishes findings to
8937
+ # Amazon SNS. You can implement your own custom actions in response to
8938
+ # the Amazon SNS messages.
8939
+ # @return [Types::PublishFindingToSnsParams]
8940
+ #
8941
+ class MitigationActionParams < Struct.new(
8942
+ :update_device_certificate_params,
8943
+ :update_ca_certificate_params,
8944
+ :add_things_to_thing_group_params,
8945
+ :replace_default_policy_version_params,
8946
+ :enable_io_t_logging_params,
8947
+ :publish_finding_to_sns_params)
8948
+ include Aws::Structure
8949
+ end
8950
+
8951
+ # Information about the resource that was noncompliant with the audit
8215
8952
  # check.
8216
8953
  #
8217
8954
  # @!attribute [rw] resource_type
8218
- # The type of the non-compliant resource.
8955
+ # The type of the noncompliant resource.
8219
8956
  # @return [String]
8220
8957
  #
8221
8958
  # @!attribute [rw] resource_identifier
8222
- # Information identifying the non-compliant resource.
8959
+ # Information that identifies the noncompliant resource.
8223
8960
  # @return [Types::ResourceIdentifier]
8224
8961
  #
8225
8962
  # @!attribute [rw] additional_info
8226
- # Additional information about the non-compliant resource.
8963
+ # Other information about the noncompliant resource.
8227
8964
  # @return [Hash<String,String>]
8228
8965
  #
8229
8966
  class NonCompliantResource < Struct.new(
@@ -8554,6 +9291,26 @@ module Aws::IoT
8554
9291
  include Aws::Structure
8555
9292
  end
8556
9293
 
9294
+ # Parameters to define a mitigation action that publishes findings to
9295
+ # Amazon SNS. You can implement your own custom actions in response to
9296
+ # the Amazon SNS messages.
9297
+ #
9298
+ # @note When making an API call, you may pass PublishFindingToSnsParams
9299
+ # data as a hash:
9300
+ #
9301
+ # {
9302
+ # topic_arn: "SnsTopicArn", # required
9303
+ # }
9304
+ #
9305
+ # @!attribute [rw] topic_arn
9306
+ # The ARN of the topic to which you want to publish the findings.
9307
+ # @return [String]
9308
+ #
9309
+ class PublishFindingToSnsParams < Struct.new(
9310
+ :topic_arn)
9311
+ include Aws::Structure
9312
+ end
9313
+
8557
9314
  # The input for the DynamoActionVS action that specifies the DynamoDB
8558
9315
  # table to which the message data will be written.
8559
9316
  #
@@ -8565,7 +9322,7 @@ module Aws::IoT
8565
9322
  # }
8566
9323
  #
8567
9324
  # @!attribute [rw] table_name
8568
- # The table where the message data will be written
9325
+ # The table where the message data will be written.
8569
9326
  # @return [String]
8570
9327
  #
8571
9328
  class PutItemInput < Struct.new(
@@ -8831,11 +9588,11 @@ module Aws::IoT
8831
9588
  # @return [String]
8832
9589
  #
8833
9590
  # @!attribute [rw] resource_identifier
8834
- # Information identifying the resource.
9591
+ # Information that identifies the resource.
8835
9592
  # @return [Types::ResourceIdentifier]
8836
9593
  #
8837
9594
  # @!attribute [rw] additional_info
8838
- # Additional information about the resource.
9595
+ # Other information about the resource.
8839
9596
  # @return [Hash<String,String>]
8840
9597
  #
8841
9598
  class RelatedResource < Struct.new(
@@ -8917,6 +9674,26 @@ module Aws::IoT
8917
9674
 
8918
9675
  class RemoveThingFromThingGroupResponse < Aws::EmptyStructure; end
8919
9676
 
9677
+ # Parameters to define a mitigation action that adds a blank policy to
9678
+ # restrict permissions.
9679
+ #
9680
+ # @note When making an API call, you may pass ReplaceDefaultPolicyVersionParams
9681
+ # data as a hash:
9682
+ #
9683
+ # {
9684
+ # template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
9685
+ # }
9686
+ #
9687
+ # @!attribute [rw] template_name
9688
+ # The name of the template to be applied. The only supported value is
9689
+ # `BLANK_POLICY`.
9690
+ # @return [String]
9691
+ #
9692
+ class ReplaceDefaultPolicyVersionParams < Struct.new(
9693
+ :template_name)
9694
+ include Aws::Structure
9695
+ end
9696
+
8920
9697
  # The input for the ReplaceTopicRule operation.
8921
9698
  #
8922
9699
  # @note When making an API call, you may pass ReplaceTopicRuleRequest
@@ -9179,7 +9956,7 @@ module Aws::IoT
9179
9956
  include Aws::Structure
9180
9957
  end
9181
9958
 
9182
- # Information identifying the non-compliant resource.
9959
+ # Information that identifies the noncompliant resource.
9183
9960
  #
9184
9961
  # @note When making an API call, you may pass ResourceIdentifier
9185
9962
  # data as a hash:
@@ -9205,7 +9982,7 @@ module Aws::IoT
9205
9982
  # @return [String]
9206
9983
  #
9207
9984
  # @!attribute [rw] cognito_identity_pool_id
9208
- # The ID of the Cognito Identity Pool.
9985
+ # The ID of the Amazon Cognito identity pool.
9209
9986
  # @return [String]
9210
9987
  #
9211
9988
  # @!attribute [rw] client_id
@@ -9429,7 +10206,7 @@ module Aws::IoT
9429
10206
  # @return [String]
9430
10207
  #
9431
10208
  # @!attribute [rw] frequency
9432
- # How often the scheduled audit takes place.
10209
+ # How often the scheduled audit occurs.
9433
10210
  # @return [String]
9434
10211
  #
9435
10212
  # @!attribute [rw] day_of_month
@@ -9810,6 +10587,68 @@ module Aws::IoT
9810
10587
  include Aws::Structure
9811
10588
  end
9812
10589
 
10590
+ # @note When making an API call, you may pass StartAuditMitigationActionsTaskRequest
10591
+ # data as a hash:
10592
+ #
10593
+ # {
10594
+ # task_id: "AuditMitigationActionsTaskId", # required
10595
+ # target: { # required
10596
+ # audit_task_id: "AuditTaskId",
10597
+ # finding_ids: ["FindingId"],
10598
+ # audit_check_to_reason_code_filter: {
10599
+ # "AuditCheckName" => ["ReasonForNonComplianceCode"],
10600
+ # },
10601
+ # },
10602
+ # audit_check_to_actions_mapping: { # required
10603
+ # "AuditCheckName" => ["MitigationActionName"],
10604
+ # },
10605
+ # client_request_token: "ClientRequestToken", # required
10606
+ # }
10607
+ #
10608
+ # @!attribute [rw] task_id
10609
+ # A unique identifier for the task. You can use this identifier to
10610
+ # check the status of the task or to cancel it.
10611
+ # @return [String]
10612
+ #
10613
+ # @!attribute [rw] target
10614
+ # Specifies the audit findings to which the mitigation actions are
10615
+ # applied. You can apply them to a type of audit check, to all
10616
+ # findings from an audit, or to a speecific set of findings.
10617
+ # @return [Types::AuditMitigationActionsTaskTarget]
10618
+ #
10619
+ # @!attribute [rw] audit_check_to_actions_mapping
10620
+ # For an audit check, specifies which mitigation actions to apply.
10621
+ # Those actions must be defined in your AWS account.
10622
+ # @return [Hash<String,Array<String>>]
10623
+ #
10624
+ # @!attribute [rw] client_request_token
10625
+ # Each audit mitigation task must have a unique client request token.
10626
+ # If you try to start a new task with the same token as a task that
10627
+ # already exists, an exception occurs. If you omit this value, a
10628
+ # unique client request token is generated automatically.
10629
+ #
10630
+ # **A suitable default value is auto-generated.** You should normally
10631
+ # not need to pass this option.
10632
+ # @return [String]
10633
+ #
10634
+ class StartAuditMitigationActionsTaskRequest < Struct.new(
10635
+ :task_id,
10636
+ :target,
10637
+ :audit_check_to_actions_mapping,
10638
+ :client_request_token)
10639
+ include Aws::Structure
10640
+ end
10641
+
10642
+ # @!attribute [rw] task_id
10643
+ # The unique identifier for the audit mitigation task. This matches
10644
+ # the `taskId` that you specified in the request.
10645
+ # @return [String]
10646
+ #
10647
+ class StartAuditMitigationActionsTaskResponse < Struct.new(
10648
+ :task_id)
10649
+ include Aws::Structure
10650
+ end
10651
+
9813
10652
  # @note When making an API call, you may pass StartOnDemandAuditTaskRequest
9814
10653
  # data as a hash:
9815
10654
  #
@@ -9820,7 +10659,7 @@ module Aws::IoT
9820
10659
  # @!attribute [rw] target_check_names
9821
10660
  # Which checks are performed during the audit. The checks you specify
9822
10661
  # must be enabled for your account or an exception occurs. Use
9823
- # `DescribeAccountAuditConfiguration` to see the list of all checks
10662
+ # `DescribeAccountAuditConfiguration` to see the list of all checks,
9824
10663
  # including those that are enabled or
9825
10664
  # `UpdateAccountAuditConfiguration` to select which checks are
9826
10665
  # enabled.
@@ -10194,6 +11033,17 @@ module Aws::IoT
10194
11033
 
10195
11034
  class TagResourceResponse < Aws::EmptyStructure; end
10196
11035
 
11036
+ # This exception occurs if you attempt to start a task with the same
11037
+ # task-id as an existing task but with a different clientRequestToken.
11038
+ #
11039
+ # @!attribute [rw] message
11040
+ # @return [String]
11041
+ #
11042
+ class TaskAlreadyExistsException < Struct.new(
11043
+ :message)
11044
+ include Aws::Structure
11045
+ end
11046
+
10197
11047
  # Statistics for the checks performed during the audit.
10198
11048
  #
10199
11049
  # @!attribute [rw] total_checks
@@ -10213,11 +11063,11 @@ module Aws::IoT
10213
11063
  # @return [Integer]
10214
11064
  #
10215
11065
  # @!attribute [rw] non_compliant_checks
10216
- # The number of checks that found non-compliant resources.
11066
+ # The number of checks that found noncompliant resources.
10217
11067
  # @return [Integer]
10218
11068
  #
10219
11069
  # @!attribute [rw] failed_checks
10220
- # The number of checks
11070
+ # The number of checks.
10221
11071
  # @return [Integer]
10222
11072
  #
10223
11073
  # @!attribute [rw] canceled_checks
@@ -10236,6 +11086,43 @@ module Aws::IoT
10236
11086
  include Aws::Structure
10237
11087
  end
10238
11088
 
11089
+ # Provides summary counts of how many tasks for findings are in a
11090
+ # particular state. This information is included in the response from
11091
+ # DescribeAuditMitigationActionsTask.
11092
+ #
11093
+ # @!attribute [rw] total_findings_count
11094
+ # The total number of findings to which a task is being applied.
11095
+ # @return [Integer]
11096
+ #
11097
+ # @!attribute [rw] failed_findings_count
11098
+ # The number of findings for which at least one of the actions failed
11099
+ # when applied.
11100
+ # @return [Integer]
11101
+ #
11102
+ # @!attribute [rw] succeeded_findings_count
11103
+ # The number of findings for which all mitigation actions succeeded
11104
+ # when applied.
11105
+ # @return [Integer]
11106
+ #
11107
+ # @!attribute [rw] skipped_findings_count
11108
+ # The number of findings skipped because of filter conditions provided
11109
+ # in the parameters to the command.
11110
+ # @return [Integer]
11111
+ #
11112
+ # @!attribute [rw] canceled_findings_count
11113
+ # The number of findings to which the mitigation action task was
11114
+ # canceled when applied.
11115
+ # @return [Integer]
11116
+ #
11117
+ class TaskStatisticsForAuditCheck < Struct.new(
11118
+ :total_findings_count,
11119
+ :failed_findings_count,
11120
+ :succeeded_findings_count,
11121
+ :skipped_findings_count,
11122
+ :canceled_findings_count)
11123
+ include Aws::Structure
11124
+ end
11125
+
10239
11126
  # @note When making an API call, you may pass TestAuthorizationRequest
10240
11127
  # data as a hash:
10241
11128
  #
@@ -11184,7 +12071,7 @@ module Aws::IoT
11184
12071
  # @!attribute [rw] role_arn
11185
12072
  # The ARN of the role that grants permission to AWS IoT to access
11186
12073
  # information about your devices, policies, certificates and other
11187
- # items as necessary when performing an audit.
12074
+ # items as required when performing an audit.
11188
12075
  # @return [String]
11189
12076
  #
11190
12077
  # @!attribute [rw] audit_notification_target_configurations
@@ -11194,17 +12081,17 @@ module Aws::IoT
11194
12081
  # @!attribute [rw] audit_check_configurations
11195
12082
  # Specifies which audit checks are enabled and disabled for this
11196
12083
  # account. Use `DescribeAccountAuditConfiguration` to see the list of
11197
- # all checks including those that are currently enabled.
12084
+ # all checks, including those that are currently enabled.
11198
12085
  #
11199
- # Note that some data collection may begin immediately when certain
11200
- # checks are enabled. When a check is disabled, any data collected so
11201
- # far in relation to the check is deleted.
12086
+ # Some data collection might start immediately when certain checks are
12087
+ # enabled. When a check is disabled, any data collected so far in
12088
+ # relation to the check is deleted.
11202
12089
  #
11203
12090
  # You cannot disable a check if it is used by any scheduled audit. You
11204
12091
  # must first delete the check from the scheduled audit or delete the
11205
12092
  # scheduled audit itself.
11206
12093
  #
11207
- # On the first call to `UpdateAccountAuditConfiguration` this
12094
+ # On the first call to `UpdateAccountAuditConfiguration`, this
11208
12095
  # parameter is required and must specify at least one enabled check.
11209
12096
  # @return [Hash<String,Types::AuditCheckConfiguration>]
11210
12097
  #
@@ -11315,6 +12202,26 @@ module Aws::IoT
11315
12202
  include Aws::Structure
11316
12203
  end
11317
12204
 
12205
+ # Parameters to define a mitigation action that changes the state of the
12206
+ # CA certificate to inactive.
12207
+ #
12208
+ # @note When making an API call, you may pass UpdateCACertificateParams
12209
+ # data as a hash:
12210
+ #
12211
+ # {
12212
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
12213
+ # }
12214
+ #
12215
+ # @!attribute [rw] action
12216
+ # The action that you want to apply to the CA cerrtificate. The only
12217
+ # supported value is `DEACTIVATE`.
12218
+ # @return [String]
12219
+ #
12220
+ class UpdateCACertificateParams < Struct.new(
12221
+ :action)
12222
+ include Aws::Structure
12223
+ end
12224
+
11318
12225
  # The input to the UpdateCACertificate operation.
11319
12226
  #
11320
12227
  # @note When making an API call, you may pass UpdateCACertificateRequest
@@ -11352,7 +12259,7 @@ module Aws::IoT
11352
12259
  # @return [Types::RegistrationConfig]
11353
12260
  #
11354
12261
  # @!attribute [rw] remove_auto_registration
11355
- # If true, remove auto registration.
12262
+ # If true, removes auto registration.
11356
12263
  # @return [Boolean]
11357
12264
  #
11358
12265
  class UpdateCACertificateRequest < Struct.new(
@@ -11396,6 +12303,26 @@ module Aws::IoT
11396
12303
  include Aws::Structure
11397
12304
  end
11398
12305
 
12306
+ # Parameters to define a mitigation action that changes the state of the
12307
+ # device certificate to inactive.
12308
+ #
12309
+ # @note When making an API call, you may pass UpdateDeviceCertificateParams
12310
+ # data as a hash:
12311
+ #
12312
+ # {
12313
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
12314
+ # }
12315
+ #
12316
+ # @!attribute [rw] action
12317
+ # The action that you want to apply to the device cerrtificate. The
12318
+ # only supported value is `DEACTIVATE`.
12319
+ # @return [String]
12320
+ #
12321
+ class UpdateDeviceCertificateParams < Struct.new(
12322
+ :action)
12323
+ include Aws::Structure
12324
+ end
12325
+
11399
12326
  # @note When making an API call, you may pass UpdateDynamicThingGroupRequest
11400
12327
  # data as a hash:
11401
12328
  #
@@ -11593,6 +12520,71 @@ module Aws::IoT
11593
12520
  include Aws::Structure
11594
12521
  end
11595
12522
 
12523
+ # @note When making an API call, you may pass UpdateMitigationActionRequest
12524
+ # data as a hash:
12525
+ #
12526
+ # {
12527
+ # action_name: "MitigationActionName", # required
12528
+ # role_arn: "RoleArn",
12529
+ # action_params: {
12530
+ # update_device_certificate_params: {
12531
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
12532
+ # },
12533
+ # update_ca_certificate_params: {
12534
+ # action: "DEACTIVATE", # required, accepts DEACTIVATE
12535
+ # },
12536
+ # add_things_to_thing_group_params: {
12537
+ # thing_group_names: ["ThingGroupName"], # required
12538
+ # override_dynamic_groups: false,
12539
+ # },
12540
+ # replace_default_policy_version_params: {
12541
+ # template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
12542
+ # },
12543
+ # enable_io_t_logging_params: {
12544
+ # role_arn_for_logging: "RoleArn", # required
12545
+ # log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
12546
+ # },
12547
+ # publish_finding_to_sns_params: {
12548
+ # topic_arn: "SnsTopicArn", # required
12549
+ # },
12550
+ # },
12551
+ # }
12552
+ #
12553
+ # @!attribute [rw] action_name
12554
+ # The friendly name for the mitigation action. You can't change the
12555
+ # name by using `UpdateMitigationAction`. Instead, you must delete and
12556
+ # re-create the mitigation action with the new name.
12557
+ # @return [String]
12558
+ #
12559
+ # @!attribute [rw] role_arn
12560
+ # The ARN of the IAM role that is used to apply the mitigation action.
12561
+ # @return [String]
12562
+ #
12563
+ # @!attribute [rw] action_params
12564
+ # Defines the type of action and the parameters for that action.
12565
+ # @return [Types::MitigationActionParams]
12566
+ #
12567
+ class UpdateMitigationActionRequest < Struct.new(
12568
+ :action_name,
12569
+ :role_arn,
12570
+ :action_params)
12571
+ include Aws::Structure
12572
+ end
12573
+
12574
+ # @!attribute [rw] action_arn
12575
+ # The ARN for the new mitigation action.
12576
+ # @return [String]
12577
+ #
12578
+ # @!attribute [rw] action_id
12579
+ # A unique identifier for the mitigation action.
12580
+ # @return [String]
12581
+ #
12582
+ class UpdateMitigationActionResponse < Struct.new(
12583
+ :action_arn,
12584
+ :action_id)
12585
+ include Aws::Structure
12586
+ end
12587
+
11596
12588
  # @note When making an API call, you may pass UpdateRoleAliasRequest
11597
12589
  # data as a hash:
11598
12590
  #
@@ -11648,8 +12640,8 @@ module Aws::IoT
11648
12640
  #
11649
12641
  # @!attribute [rw] frequency
11650
12642
  # How often the scheduled audit takes place. Can be one of "DAILY",
11651
- # "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of
11652
- # each audit is determined by the system.
12643
+ # "WEEKLY", "BIWEEKLY", or "MONTHLY". The start time of each
12644
+ # audit is determined by the system.
11653
12645
  # @return [String]
11654
12646
  #
11655
12647
  # @!attribute [rw] day_of_month
@@ -11662,7 +12654,7 @@ module Aws::IoT
11662
12654
  #
11663
12655
  # @!attribute [rw] day_of_week
11664
12656
  # The day of the week on which the scheduled audit takes place. Can be
11665
- # one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or
12657
+ # one of "SUN", "MON", "TUE", "WED", "THU", "FRI", or
11666
12658
  # "SAT". This field is required if the "frequency" parameter is
11667
12659
  # set to "WEEKLY" or "BIWEEKLY".
11668
12660
  # @return [String]
@@ -11670,8 +12662,8 @@ module Aws::IoT
11670
12662
  # @!attribute [rw] target_check_names
11671
12663
  # Which checks are performed during the scheduled audit. Checks must
11672
12664
  # be enabled for your account. (Use
11673
- # `DescribeAccountAuditConfiguration` to see the list of all checks
11674
- # including those that are enabled or
12665
+ # `DescribeAccountAuditConfiguration` to see the list of all checks,
12666
+ # including those that are enabled or use
11675
12667
  # `UpdateAccountAuditConfiguration` to select which checks are
11676
12668
  # enabled.)
11677
12669
  # @return [Array<String>]
@@ -11756,32 +12748,32 @@ module Aws::IoT
11756
12748
  #
11757
12749
  # @!attribute [rw] additional_metrics_to_retain
11758
12750
  # A list of metrics whose data is retained (stored). By default, data
11759
- # is retained for any metric used in the profile's `behaviors` but it
11760
- # is also retained for any metric specified here.
12751
+ # is retained for any metric used in the profile's `behaviors`, but
12752
+ # it is also retained for any metric specified here.
11761
12753
  # @return [Array<String>]
11762
12754
  #
11763
12755
  # @!attribute [rw] delete_behaviors
11764
12756
  # If true, delete all `behaviors` defined for this security profile.
11765
- # If any `behaviors` are defined in the current invocation an
12757
+ # If any `behaviors` are defined in the current invocation, an
11766
12758
  # exception occurs.
11767
12759
  # @return [Boolean]
11768
12760
  #
11769
12761
  # @!attribute [rw] delete_alert_targets
11770
12762
  # If true, delete all `alertTargets` defined for this security
11771
- # profile. If any `alertTargets` are defined in the current invocation
11772
- # an exception occurs.
12763
+ # profile. If any `alertTargets` are defined in the current
12764
+ # invocation, an exception occurs.
11773
12765
  # @return [Boolean]
11774
12766
  #
11775
12767
  # @!attribute [rw] delete_additional_metrics_to_retain
11776
12768
  # If true, delete all `additionalMetricsToRetain` defined for this
11777
12769
  # security profile. If any `additionalMetricsToRetain` are defined in
11778
- # the current invocation an exception occurs.
12770
+ # the current invocation, an exception occurs.
11779
12771
  # @return [Boolean]
11780
12772
  #
11781
12773
  # @!attribute [rw] expected_version
11782
12774
  # The expected version of the security profile. A new version is
11783
12775
  # generated whenever the security profile is updated. If you specify a
11784
- # value that is different than the actual version, a
12776
+ # value that is different from the actual version, a
11785
12777
  # `VersionConflictException` is thrown.
11786
12778
  # @return [Integer]
11787
12779
  #
@@ -11822,7 +12814,7 @@ module Aws::IoT
11822
12814
  # @!attribute [rw] additional_metrics_to_retain
11823
12815
  # A list of metrics whose data is retained (stored). By default, data
11824
12816
  # is retained for any metric used in the security profile's
11825
- # `behaviors` but it is also retained for any metric specified here.
12817
+ # `behaviors`, but it is also retained for any metric specified here.
11826
12818
  # @return [Array<String>]
11827
12819
  #
11828
12820
  # @!attribute [rw] version