aws-sdk-iot 1.35.0 → 1.36.0

data/lib/aws-sdk-iot/errors.rb

@@ -372,6 +372,22 @@ module Aws::IoT
 
     end
 
+    class TaskAlreadyExistsException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::IoT::Types::TaskAlreadyExistsException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+
+    end
+
     class ThrottlingException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-iot/types.rb

@@ -408,6 +408,36 @@ module Aws::IoT
 
     class AddThingToThingGroupResponse < Aws::EmptyStructure; end
 
+    # Parameters used when defining a mitigation action that move a set of
+    # things to a thing group.
+    #
+    # @note When making an API call, you may pass AddThingsToThingGroupParams
+    #   data as a hash:
+    #
+    #       {
+    #         thing_group_names: ["ThingGroupName"], # required
+    #         override_dynamic_groups: false,
+    #       }
+    #
+    # @!attribute [rw] thing_group_names
+    #   The list of groups to which you want to add the things that
+    #   triggered the mitigation action. You can add a thing to a maximum of
+    #   10 groups, but you cannot add a thing to more than one group in the
+    #   same hierarchy.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] override_dynamic_groups
+    #   Specifies if this mitigation action can move the things that
+    #   triggered the mitigation action even if they are part of one or more
+    #   dynamic things groups.
+    #   @return [Boolean]
+    #
+    class AddThingsToThingGroupParams < Struct.new(
+      :thing_group_names,
+      :override_dynamic_groups)
+      include Aws::Structure
+    end
+
     # A structure containing the alert target ARN and the role ARN.
     #
     # @note When making an API call, you may pass AlertTarget
@@ -655,14 +685,14 @@ module Aws::IoT
     # Information about the audit check.
     #
     # @!attribute [rw] check_run_status
-    #   The completion status of this check, one of "IN\_PROGRESS",
+    #   The completion status of this check. One of "IN\_PROGRESS",
     #   "WAITING\_FOR\_DATA\_COLLECTION", "CANCELED",
     #   "COMPLETED\_COMPLIANT", "COMPLETED\_NON\_COMPLIANT", or
     #   "FAILED".
     #   @return [String]
     #
     # @!attribute [rw] check_compliant
-    #   True if the check completed and found all resources compliant.
+    #   True if the check is complete and found all resources compliant.
     #   @return [Boolean]
     #
     # @!attribute [rw] total_resources_count
@@ -670,18 +700,19 @@ module Aws::IoT
     #   @return [Integer]
     #
     # @!attribute [rw] non_compliant_resources_count
-    #   The number of resources that the check found non-compliant.
+    #   The number of resources that were found noncompliant during the
+    #   check.
     #   @return [Integer]
     #
     # @!attribute [rw] error_code
-    #   The code of any error encountered when performing this check during
-    #   this audit. One of "INSUFFICIENT\_PERMISSIONS", or
+    #   The code of any error encountered when this check is performed
+    #   during this audit. One of "INSUFFICIENT\_PERMISSIONS" or
     #   "AUDIT\_CHECK\_DISABLED".
     #   @return [String]
     #
     # @!attribute [rw] message
-    #   The message associated with any error encountered when performing
-    #   this check during this audit.
+    #   The message associated with any error encountered when this check is
+    #   performed during this audit.
     #   @return [String]
     #
     class AuditCheckDetails < Struct.new(
@@ -696,8 +727,13 @@ module Aws::IoT
 
     # The findings (results) of the audit.
     #
+    # @!attribute [rw] finding_id
+    #   A unique identifier for this set of audit findings. This identifier
+    #   is used to apply mitigation tasks to one or more sets of findings.
+    #   @return [String]
+    #
     # @!attribute [rw] task_id
-    #   The ID of the audit that generated this result (finding)
+    #   The ID of the audit that generated this result (finding).
     #   @return [String]
     #
     # @!attribute [rw] check_name
@@ -717,8 +753,7 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] non_compliant_resource
-    #   The resource that was found to be non-compliant with the audit
-    #   check.
+    #   The resource that was found to be noncompliant with the audit check.
     #   @return [Types::NonCompliantResource]
     #
     # @!attribute [rw] related_resources
@@ -726,15 +761,15 @@ module Aws::IoT
     #   @return [Array<Types::RelatedResource>]
     #
     # @!attribute [rw] reason_for_non_compliance
-    #   The reason the resource was non-compliant.
+    #   The reason the resource was noncompliant.
     #   @return [String]
     #
     # @!attribute [rw] reason_for_non_compliance_code
-    #   A code which indicates the reason that the resource was
-    #   non-compliant.
+    #   A code that indicates the reason that the resource was noncompliant.
     #   @return [String]
     #
     class AuditFinding < Struct.new(
+      :finding_id,
       :task_id,
       :check_name,
       :task_start_time,
@@ -747,6 +782,124 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Returned by ListAuditMitigationActionsTask, this object contains
+    # information that describes a mitigation action that has been started.
+    #
+    # @!attribute [rw] task_id
+    #   The unique identifier for the task that applies the mitigation
+    #   action.
+    #   @return [String]
+    #
+    # @!attribute [rw] finding_id
+    #   The unique identifier for the findings to which the task and
+    #   associated mitigation action are applied.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_name
+    #   The friendly name of the mitigation action being applied by the
+    #   task.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_id
+    #   The unique identifier for the mitigation action being applied by the
+    #   task.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the task being executed.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The date and time when the task was started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   The date and time when the task was completed or canceled. Blank if
+    #   the task is still running.
+    #   @return [Time]
+    #
+    # @!attribute [rw] error_code
+    #   If an error occurred, the code that indicates which type of error
+    #   occurred.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   If an error occurred, a message that describes the error.
+    #   @return [String]
+    #
+    class AuditMitigationActionExecutionMetadata < Struct.new(
+      :task_id,
+      :finding_id,
+      :action_name,
+      :action_id,
+      :status,
+      :start_time,
+      :end_time,
+      :error_code,
+      :message)
+      include Aws::Structure
+    end
+
+    # Information about an audit mitigation actions task that is returned by
+    # `ListAuditMitigationActionsTasks`.
+    #
+    # @!attribute [rw] task_id
+    #   The unique identifier for the task.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The time at which the audit mitigation actions task was started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] task_status
+    #   The current state of the audit mitigation actions task.
+    #   @return [String]
+    #
+    class AuditMitigationActionsTaskMetadata < Struct.new(
+      :task_id,
+      :start_time,
+      :task_status)
+      include Aws::Structure
+    end
+
+    # Used in MitigationActionParams, this information identifies the target
+    # findings to which the mitigation actions are applied. Only one entry
+    # appears.
+    #
+    # @note When making an API call, you may pass AuditMitigationActionsTaskTarget
+    #   data as a hash:
+    #
+    #       {
+    #         audit_task_id: "AuditTaskId",
+    #         finding_ids: ["FindingId"],
+    #         audit_check_to_reason_code_filter: {
+    #           "AuditCheckName" => ["ReasonForNonComplianceCode"],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] audit_task_id
+    #   If the task will apply a mitigation action to findings from a
+    #   specific audit, this value uniquely identifies the audit.
+    #   @return [String]
+    #
+    # @!attribute [rw] finding_ids
+    #   If the task will apply a mitigation action to one or more listed
+    #   findings, this value uniquely identifies those findings.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] audit_check_to_reason_code_filter
+    #   Specifies a filter in the form of an audit check and set of reason
+    #   codes that identify the findings from the audit to which the audit
+    #   mitigation actions task apply.
+    #   @return [Hash<String,Array<String>>]
+    #
+    class AuditMitigationActionsTaskTarget < Struct.new(
+      :audit_task_id,
+      :finding_ids,
+      :audit_check_to_reason_code_filter)
+      include Aws::Structure
+    end
+
     # Information about the targets to which audit notifications are sent.
     #
     # @note When making an API call, you may pass AuditNotificationTarget
@@ -786,12 +939,12 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] task_status
-    #   The status of this audit: one of "IN\_PROGRESS", "COMPLETED",
-    #   "FAILED" or "CANCELED".
+    #   The status of this audit. One of "IN\_PROGRESS", "COMPLETED",
+    #   "FAILED", or "CANCELED".
     #   @return [String]
     #
     # @!attribute [rw] task_type
-    #   The type of this audit: one of "ON\_DEMAND\_AUDIT\_TASK" or
+    #   The type of this audit. One of "ON\_DEMAND\_AUDIT\_TASK" or
     #   "SCHEDULED\_AUDIT\_TASK".
     #   @return [String]
     #
@@ -1174,6 +1327,24 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CancelAuditMitigationActionsTaskRequest
+    #   data as a hash:
+    #
+    #       {
+    #         task_id: "AuditMitigationActionsTaskId", # required
+    #       }
+    #
+    # @!attribute [rw] task_id
+    #   The unique identifier for the task that you want to cancel.
+    #   @return [String]
+    #
+    class CancelAuditMitigationActionsTaskRequest < Struct.new(
+      :task_id)
+      include Aws::Structure
+    end
+
+    class CancelAuditMitigationActionsTaskResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass CancelAuditTaskRequest
     #   data as a hash:
     #
@@ -2172,6 +2343,82 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateMitigationActionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         action_name: "MitigationActionName", # required
+    #         role_arn: "RoleArn", # required
+    #         action_params: { # required
+    #           update_device_certificate_params: {
+    #             action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #           },
+    #           update_ca_certificate_params: {
+    #             action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #           },
+    #           add_things_to_thing_group_params: {
+    #             thing_group_names: ["ThingGroupName"], # required
+    #             override_dynamic_groups: false,
+    #           },
+    #           replace_default_policy_version_params: {
+    #             template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
+    #           },
+    #           enable_io_t_logging_params: {
+    #             role_arn_for_logging: "RoleArn", # required
+    #             log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
+    #           },
+    #           publish_finding_to_sns_params: {
+    #             topic_arn: "SnsTopicArn", # required
+    #           },
+    #         },
+    #         tags: [
+    #           {
+    #             key: "TagKey",
+    #             value: "TagValue",
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] action_name
+    #   A friendly name for the action. Choose a friendly name that
+    #   accurately describes the action (for example,
+    #   `EnableLoggingAction`).
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role that is used to apply the mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_params
+    #   Defines the type of action and the parameters for that action.
+    #   @return [Types::MitigationActionParams]
+    #
+    # @!attribute [rw] tags
+    #   Metadata that can be used to manage the mitigation action.
+    #   @return [Array<Types::Tag>]
+    #
+    class CreateMitigationActionRequest < Struct.new(
+      :action_name,
+      :role_arn,
+      :action_params,
+      :tags)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] action_arn
+    #   The ARN for the new mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_id
+    #   A unique identifier for the new mitigation action.
+    #   @return [String]
+    #
+    class CreateMitigationActionResponse < Struct.new(
+      :action_arn,
+      :action_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateOTAUpdateRequest
     #   data as a hash:
     #
@@ -2491,19 +2738,19 @@ module Aws::IoT
     #         day_of_month: "DayOfMonth",
     #         day_of_week: "SUN", # accepts SUN, MON, TUE, WED, THU, FRI, SAT
     #         target_check_names: ["AuditCheckName"], # required
+    #         scheduled_audit_name: "ScheduledAuditName", # required
     #         tags: [
     #           {
     #             key: "TagKey",
     #             value: "TagValue",
     #           },
     #         ],
-    #         scheduled_audit_name: "ScheduledAuditName", # required
     #       }
     #
     # @!attribute [rw] frequency
     #   How often the scheduled audit takes place. Can be one of "DAILY",
-    #   "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of
-    #   each audit is determined by the system.
+    #   "WEEKLY", "BIWEEKLY" or "MONTHLY". The start time of each
+    #   audit is determined by the system.
     #   @return [String]
     #
     # @!attribute [rw] day_of_month
@@ -2516,7 +2763,7 @@ module Aws::IoT
     #
     # @!attribute [rw] day_of_week
     #   The day of the week on which the scheduled audit takes place. Can be
-    #   one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or
+    #   one of "SUN", "MON", "TUE", "WED", "THU", "FRI", or
     #   "SAT". This field is required if the "frequency" parameter is
     #   set to "WEEKLY" or "BIWEEKLY".
     #   @return [String]
@@ -2524,27 +2771,27 @@ module Aws::IoT
     # @!attribute [rw] target_check_names
     #   Which checks are performed during the scheduled audit. Checks must
     #   be enabled for your account. (Use
-    #   `DescribeAccountAuditConfiguration` to see the list of all checks
-    #   including those that are enabled or
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
     #   `UpdateAccountAuditConfiguration` to select which checks are
     #   enabled.)
     #   @return [Array<String>]
     #
-    # @!attribute [rw] tags
-    #   Metadata which can be used to manage the scheduled audit.
-    #   @return [Array<Types::Tag>]
-    #
     # @!attribute [rw] scheduled_audit_name
     #   The name you want to give to the scheduled audit. (Max. 128 chars)
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   Metadata that can be used to manage the scheduled audit.
+    #   @return [Array<Types::Tag>]
+    #
     class CreateScheduledAuditRequest < Struct.new(
       :frequency,
       :day_of_month,
       :day_of_week,
       :target_check_names,
-      :tags,
-      :scheduled_audit_name)
+      :scheduled_audit_name,
+      :tags)
       include Aws::Structure
     end
 
@@ -2619,12 +2866,12 @@ module Aws::IoT
     #
     # @!attribute [rw] additional_metrics_to_retain
     #   A list of metrics whose data is retained (stored). By default, data
-    #   is retained for any metric used in the profile's `behaviors` but it
-    #   is also retained for any metric specified here.
+    #   is retained for any metric used in the profile's `behaviors`, but
+    #   it is also retained for any metric specified here.
     #   @return [Array<String>]
     #
     # @!attribute [rw] tags
-    #   Metadata which can be used to manage the security profile.
+    #   Metadata that can be used to manage the security profile.
     #   @return [Array<Types::Tag>]
     #
     class CreateSecurityProfileRequest < Struct.new(
@@ -3299,7 +3546,8 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] force_delete
-    #   Forces a certificate request to be deleted.
+    #   Forces the deletion of a certificate if it is inactive and is not
+    #   attached to an IoT thing.
     #   @return [Boolean]
     #
     class DeleteCertificateRequest < Struct.new(
@@ -3432,6 +3680,24 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteMitigationActionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         action_name: "MitigationActionName", # required
+    #       }
+    #
+    # @!attribute [rw] action_name
+    #   The name of the mitigation action that you want to delete.
+    #   @return [String]
+    #
+    class DeleteMitigationActionRequest < Struct.new(
+      :action_name)
+      include Aws::Structure
+    end
+
+    class DeleteMitigationActionResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DeleteOTAUpdateRequest
     #   data as a hash:
     #
@@ -3567,7 +3833,7 @@ module Aws::IoT
     # @!attribute [rw] expected_version
     #   The expected version of the security profile. A new version is
     #   generated whenever the security profile is updated. If you specify a
-    #   value that is different than the actual version, a
+    #   value that is different from the actual version, a
     #   `VersionConflictException` is thrown.
     #   @return [Integer]
     #
@@ -3769,10 +4035,10 @@ module Aws::IoT
 
     # @!attribute [rw] role_arn
     #   The ARN of the role that grants permission to AWS IoT to access
-    #   information about your devices, policies, certificates and other
-    #   items as necessary when performing an audit.
+    #   information about your devices, policies, certificates, and other
+    #   items as required when performing an audit.
     #
-    #   On the first call to `UpdateAccountAuditConfiguration` this
+    #   On the first call to `UpdateAccountAuditConfiguration`, this
     #   parameter is required.
     #   @return [String]
     #
@@ -3792,6 +4058,91 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeAuditFindingRequest
+    #   data as a hash:
+    #
+    #       {
+    #         finding_id: "FindingId", # required
+    #       }
+    #
+    # @!attribute [rw] finding_id
+    #   A unique identifier for a single audit finding. You can use this
+    #   identifier to apply mitigation actions to the finding.
+    #   @return [String]
+    #
+    class DescribeAuditFindingRequest < Struct.new(
+      :finding_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] finding
+    #   The findings (results) of the audit.
+    #   @return [Types::AuditFinding]
+    #
+    class DescribeAuditFindingResponse < Struct.new(
+      :finding)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DescribeAuditMitigationActionsTaskRequest
+    #   data as a hash:
+    #
+    #       {
+    #         task_id: "AuditMitigationActionsTaskId", # required
+    #       }
+    #
+    # @!attribute [rw] task_id
+    #   The unique identifier for the audit mitigation task.
+    #   @return [String]
+    #
+    class DescribeAuditMitigationActionsTaskRequest < Struct.new(
+      :task_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] task_status
+    #   The current status of the task.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The date and time when the task was started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   The date and time when the task was completed or canceled.
+    #   @return [Time]
+    #
+    # @!attribute [rw] task_statistics
+    #   Aggregate counts of the results when the mitigation tasks were
+    #   applied to the findings for this audit mitigation actions task.
+    #   @return [Hash<String,Types::TaskStatisticsForAuditCheck>]
+    #
+    # @!attribute [rw] target
+    #   Identifies the findings to which the mitigation actions are applied.
+    #   This can be by audit checks, by audit task, or a set of findings.
+    #   @return [Types::AuditMitigationActionsTaskTarget]
+    #
+    # @!attribute [rw] audit_check_to_actions_mapping
+    #   Specifies the mitigation actions that should be applied to specific
+    #   audit checks.
+    #   @return [Hash<String,Array<String>>]
+    #
+    # @!attribute [rw] actions_definition
+    #   Specifies the mitigation actions and their parameters that are
+    #   applied as part of this task.
+    #   @return [Array<Types::MitigationAction>]
+    #
+    class DescribeAuditMitigationActionsTaskResponse < Struct.new(
+      :task_status,
+      :start_time,
+      :end_time,
+      :task_statistics,
+      :target,
+      :audit_check_to_actions_mapping,
+      :actions_definition)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeAuditTaskRequest
     #   data as a hash:
     #
@@ -4187,6 +4538,68 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeMitigationActionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         action_name: "MitigationActionName", # required
+    #       }
+    #
+    # @!attribute [rw] action_name
+    #   The friendly name that uniquely identifies the mitigation action.
+    #   @return [String]
+    #
+    class DescribeMitigationActionRequest < Struct.new(
+      :action_name)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] action_name
+    #   The friendly name that uniquely identifies the mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_type
+    #   The type of mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_arn
+    #   The ARN that identifies this migration action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_id
+    #   A unique identifier for this action.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role used to apply this action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_params
+    #   Parameters that control how the mitigation action is applied,
+    #   specific to the type of mitigation action.
+    #   @return [Types::MitigationActionParams]
+    #
+    # @!attribute [rw] creation_date
+    #   The date and time when the mitigation action was added to your AWS
+    #   account.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_modified_date
+    #   The date and time when the mitigation action was last changed.
+    #   @return [Time]
+    #
+    class DescribeMitigationActionResponse < Struct.new(
+      :action_name,
+      :action_type,
+      :action_arn,
+      :action_id,
+      :role_arn,
+      :action_params,
+      :creation_date,
+      :last_modified_date)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeRoleAliasRequest
     #   data as a hash:
     #
@@ -4230,8 +4643,8 @@ module Aws::IoT
 
     # @!attribute [rw] frequency
     #   How often the scheduled audit takes place. One of "DAILY",
-    #   "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of
-    #   each audit is determined by the system.
+    #   "WEEKLY", "BIWEEKLY", or "MONTHLY". The start time of each
+    #   audit is determined by the system.
     #   @return [String]
     #
     # @!attribute [rw] day_of_month
@@ -4243,14 +4656,14 @@ module Aws::IoT
     #
     # @!attribute [rw] day_of_week
     #   The day of the week on which the scheduled audit takes place. One of
-    #   "SUN", "MON", "TUE", "WED", "THU", "FRI" or "SAT".
+    #   "SUN", "MON", "TUE", "WED", "THU", "FRI", or "SAT".
     #   @return [String]
     #
     # @!attribute [rw] target_check_names
-    #   Which checks are performed during the scheduled audit. (Note that
-    #   checks must be enabled for your account. (Use
-    #   `DescribeAccountAuditConfiguration` to see the list of all checks
-    #   including those that are enabled or
+    #   Which checks are performed during the scheduled audit. Checks must
+    #   be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
     #   `UpdateAccountAuditConfiguration` to select which checks are
     #   enabled.)
     #   @return [Array<String>]
@@ -4313,8 +4726,8 @@ module Aws::IoT
     #
     # @!attribute [rw] additional_metrics_to_retain
     #   A list of metrics whose data is retained (stored). By default, data
-    #   is retained for any metric used in the profile's `behaviors` but it
-    #   is also retained for any metric specified here.
+    #   is retained for any metric used in the profile's `behaviors`, but
+    #   it is also retained for any metric specified here.
     #   @return [Array<String>]
     #
     # @!attribute [rw] version
@@ -4978,6 +5391,31 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Parameters used when defining a mitigation action that enable AWS IoT
+    # logging.
+    #
+    # @note When making an API call, you may pass EnableIoTLoggingParams
+    #   data as a hash:
+    #
+    #       {
+    #         role_arn_for_logging: "RoleArn", # required
+    #         log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
+    #       }
+    #
+    # @!attribute [rw] role_arn_for_logging
+    #   The ARN of the IAM role used for logging.
+    #   @return [String]
+    #
+    # @!attribute [rw] log_level
+    #   Specifies the types of information to be logged.
+    #   @return [String]
+    #
+    class EnableIoTLoggingParams < Struct.new(
+      :role_arn_for_logging,
+      :log_level)
+      include Aws::Structure
+    end
+
     # The input for the EnableTopicRuleRequest operation.
     #
     # @note When making an API call, you may pass EnableTopicRuleRequest
@@ -5620,7 +6058,7 @@ module Aws::IoT
       include Aws::Structure
     end
 
-    # Sends messge data to an AWS IoT Analytics channel.
+    # Sends message data to an AWS IoT Analytics channel.
     #
     # @note When making an API call, you may pass IotAnalyticsAction
     #   data as a hash:
@@ -6169,7 +6607,7 @@ module Aws::IoT
     #   data as a hash:
     #
     #       {
-    #         thing_name: "ThingName",
+    #         thing_name: "DeviceDefenderThingName",
     #         security_profile_name: "SecurityProfileName",
     #         next_token: "NextToken",
     #         max_results: 1,
@@ -6283,24 +6721,159 @@ module Aws::IoT
     #         },
     #         max_results: 1,
     #         next_token: "NextToken",
-    #         start_time: Time.now,
-    #         end_time: Time.now,
+    #         start_time: Time.now,
+    #         end_time: Time.now,
+    #       }
+    #
+    # @!attribute [rw] task_id
+    #   A filter to limit results to the audit with the specified ID. You
+    #   must specify either the taskId or the startTime and endTime, but not
+    #   both.
+    #   @return [String]
+    #
+    # @!attribute [rw] check_name
+    #   A filter to limit results to the findings for the specified audit
+    #   check.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information identifying the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   A filter to limit results to those found after the specified time.
+    #   You must specify either the startTime and endTime or the taskId, but
+    #   not both.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   A filter to limit results to those found before the specified time.
+    #   You must specify either the startTime and endTime or the taskId, but
+    #   not both.
+    #   @return [Time]
+    #
+    class ListAuditFindingsRequest < Struct.new(
+      :task_id,
+      :check_name,
+      :resource_identifier,
+      :max_results,
+      :next_token,
+      :start_time,
+      :end_time)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] findings
+    #   The findings (results) of the audit.
+    #   @return [Array<Types::AuditFinding>]
+    #
+    # @!attribute [rw] next_token
+    #   A token that can be used to retrieve the next set of results, or
+    #   `null` if there are no additional results.
+    #   @return [String]
+    #
+    class ListAuditFindingsResponse < Struct.new(
+      :findings,
+      :next_token)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListAuditMitigationActionsExecutionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         task_id: "AuditMitigationActionsTaskId", # required
+    #         action_status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED, CANCELED, SKIPPED, PENDING
+    #         finding_id: "FindingId", # required
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] task_id
+    #   Specify this filter to limit results to actions for a specific audit
+    #   mitigation actions task.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_status
+    #   Specify this filter to limit results to those with a specific
+    #   status.
+    #   @return [String]
+    #
+    # @!attribute [rw] finding_id
+    #   Specify this filter to limit results to those that were applied to a
+    #   specific audit finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of results.
+    #   @return [String]
+    #
+    class ListAuditMitigationActionsExecutionsRequest < Struct.new(
+      :task_id,
+      :action_status,
+      :finding_id,
+      :max_results,
+      :next_token)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] actions_executions
+    #   A set of task execution results based on the input parameters.
+    #   Details include the mitigation action applied, start time, and task
+    #   status.
+    #   @return [Array<Types::AuditMitigationActionExecutionMetadata>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of results.
+    #   @return [String]
+    #
+    class ListAuditMitigationActionsExecutionsResponse < Struct.new(
+      :actions_executions,
+      :next_token)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListAuditMitigationActionsTasksRequest
+    #   data as a hash:
+    #
+    #       {
+    #         audit_task_id: "AuditTaskId",
+    #         finding_id: "FindingId",
+    #         task_status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED, CANCELED
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #         start_time: Time.now, # required
+    #         end_time: Time.now, # required
     #       }
     #
-    # @!attribute [rw] task_id
-    #   A filter to limit results to the audit with the specified ID. You
-    #   must specify either the taskId or the startTime and endTime, but not
-    #   both.
+    # @!attribute [rw] audit_task_id
+    #   Specify this filter to limit results to tasks that were applied to
+    #   results for a specific audit.
     #   @return [String]
     #
-    # @!attribute [rw] check_name
-    #   A filter to limit results to the findings for the specified audit
-    #   check.
+    # @!attribute [rw] finding_id
+    #   Specify this filter to limit results to tasks that were applied to a
+    #   specific audit finding.
     #   @return [String]
     #
-    # @!attribute [rw] resource_identifier
-    #   Information identifying the non-compliant resource.
-    #   @return [Types::ResourceIdentifier]
+    # @!attribute [rw] task_status
+    #   Specify this filter to limit results to tasks that are in a specific
+    #   state.
+    #   @return [String]
     #
     # @!attribute [rw] max_results
     #   The maximum number of results to return at one time. The default is
@@ -6312,21 +6885,19 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] start_time
-    #   A filter to limit results to those found after the specified time.
-    #   You must specify either the startTime and endTime or the taskId, but
-    #   not both.
+    #   Specify this filter to limit results to tasks that began on or after
+    #   a specific date and time.
     #   @return [Time]
     #
     # @!attribute [rw] end_time
-    #   A filter to limit results to those found before the specified time.
-    #   You must specify either the startTime and endTime or the taskId, but
-    #   not both.
+    #   Specify this filter to limit results to tasks that were completed or
+    #   canceled on or before a specific date and time.
     #   @return [Time]
     #
-    class ListAuditFindingsRequest < Struct.new(
-      :task_id,
-      :check_name,
-      :resource_identifier,
+    class ListAuditMitigationActionsTasksRequest < Struct.new(
+      :audit_task_id,
+      :finding_id,
+      :task_status,
       :max_results,
       :next_token,
       :start_time,
@@ -6334,17 +6905,17 @@ module Aws::IoT
       include Aws::Structure
     end
 
-    # @!attribute [rw] findings
-    #   The findings (results) of the audit.
-    #   @return [Array<Types::AuditFinding>]
+    # @!attribute [rw] tasks
+    #   The collection of audit mitigation tasks that matched the filter
+    #   criteria.
+    #   @return [Array<Types::AuditMitigationActionsTaskMetadata>]
     #
     # @!attribute [rw] next_token
-    #   A token that can be used to retrieve the next set of results, or
-    #   `null` if there are no additional results.
+    #   The token for the next set of results.
     #   @return [String]
     #
-    class ListAuditFindingsResponse < Struct.new(
-      :findings,
+    class ListAuditMitigationActionsTasksResponse < Struct.new(
+      :tasks,
       :next_token)
       include Aws::Structure
     end
@@ -6362,9 +6933,9 @@ module Aws::IoT
     #       }
     #
     # @!attribute [rw] start_time
-    #   The beginning of the time period. Note that audit information is
-    #   retained for a limited time (180 days). Requesting a start time
-    #   prior to what is retained results in an "InvalidRequestException".
+    #   The beginning of the time period. Audit information is retained for
+    #   a limited time (180 days). Requesting a start time prior to what is
+    #   retained results in an "InvalidRequestException".
     #   @return [Time]
     #
     # @!attribute [rw] end_time
@@ -6378,8 +6949,8 @@ module Aws::IoT
     #
     # @!attribute [rw] task_status
     #   A filter to limit the output to audits with the specified completion
-    #   status: can be one of "IN\_PROGRESS", "COMPLETED", "FAILED" or
-    #   "CANCELED".
+    #   status: can be one of "IN\_PROGRESS", "COMPLETED", "FAILED",
+    #   or "CANCELED".
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -6864,6 +7435,50 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListMitigationActionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         action_type: "UPDATE_DEVICE_CERTIFICATE", # accepts UPDATE_DEVICE_CERTIFICATE, UPDATE_CA_CERTIFICATE, ADD_THINGS_TO_THING_GROUP, REPLACE_DEFAULT_POLICY_VERSION, ENABLE_IOT_LOGGING, PUBLISH_FINDING_TO_SNS
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] action_type
+    #   Specify a value to limit the result to mitigation actions with a
+    #   specific action type.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of results.
+    #   @return [String]
+    #
+    class ListMitigationActionsRequest < Struct.new(
+      :action_type,
+      :max_results,
+      :next_token)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] action_identifiers
+    #   A set of actions that matched the specified filter criteria.
+    #   @return [Array<Types::MitigationActionIdentifier>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of results.
+    #   @return [String]
+    #
+    class ListMitigationActionsResponse < Struct.new(
+      :action_identifiers,
+      :next_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListOTAUpdatesRequest
     #   data as a hash:
     #
@@ -7284,7 +7899,7 @@ module Aws::IoT
     #   @return [Integer]
     #
     # @!attribute [rw] recursive
-    #   If true, return child groups as well.
+    #   If true, return child groups too.
     #   @return [Boolean]
     #
     # @!attribute [rw] security_profile_target_arn
@@ -8044,7 +8659,7 @@ module Aws::IoT
     #       {
     #         start_time: Time.now, # required
     #         end_time: Time.now, # required
-    #         thing_name: "ThingName",
+    #         thing_name: "DeviceDefenderThingName",
     #         security_profile_name: "SecurityProfileName",
     #         next_token: "NextToken",
     #         max_results: 1,
@@ -8088,7 +8703,7 @@ module Aws::IoT
 
     # @!attribute [rw] violation_events
     #   The security profile violation alerts issued for this account during
-    #   the given time frame, potentially filtered by security profile,
+    #   the given time period, potentially filtered by security profile,
     #   behavior violated, or thing (device) violating.
     #   @return [Array<Types::ViolationEvent>]
     #
@@ -8211,19 +8826,141 @@ module Aws::IoT
       include Aws::Structure
     end
 
-    # Information about the resource that was non-compliant with the audit
+    # Describes which changes should be applied as part of a mitigation
+    # action.
+    #
+    # @!attribute [rw] name
+    #   A user-friendly name for the mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The IAM role ARN used to apply this mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_params
+    #   The set of parameters for this mitigation action. The parameters
+    #   vary, depending on the kind of action you apply.
+    #   @return [Types::MitigationActionParams]
+    #
+    class MitigationAction < Struct.new(
+      :name,
+      :id,
+      :role_arn,
+      :action_params)
+      include Aws::Structure
+    end
+
+    # Information that identifies a mitigation action. This information is
+    # returned by ListMitigationActions.
+    #
+    # @!attribute [rw] action_name
+    #   The friendly name of the mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_arn
+    #   The IAM role ARN used to apply this mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] creation_date
+    #   The date when this mitigation action was created.
+    #   @return [Time]
+    #
+    class MitigationActionIdentifier < Struct.new(
+      :action_name,
+      :action_arn,
+      :creation_date)
+      include Aws::Structure
+    end
+
+    # The set of parameters for this mitigation action. You can specify only
+    # one type of parameter (in other words, you can apply only one action
+    # for each defined mitigation action).
+    #
+    # @note When making an API call, you may pass MitigationActionParams
+    #   data as a hash:
+    #
+    #       {
+    #         update_device_certificate_params: {
+    #           action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #         },
+    #         update_ca_certificate_params: {
+    #           action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #         },
+    #         add_things_to_thing_group_params: {
+    #           thing_group_names: ["ThingGroupName"], # required
+    #           override_dynamic_groups: false,
+    #         },
+    #         replace_default_policy_version_params: {
+    #           template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
+    #         },
+    #         enable_io_t_logging_params: {
+    #           role_arn_for_logging: "RoleArn", # required
+    #           log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
+    #         },
+    #         publish_finding_to_sns_params: {
+    #           topic_arn: "SnsTopicArn", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] update_device_certificate_params
+    #   Parameters to define a mitigation action that changes the state of
+    #   the device certificate to inactive.
+    #   @return [Types::UpdateDeviceCertificateParams]
+    #
+    # @!attribute [rw] update_ca_certificate_params
+    #   Parameters to define a mitigation action that changes the state of
+    #   the CA certificate to inactive.
+    #   @return [Types::UpdateCACertificateParams]
+    #
+    # @!attribute [rw] add_things_to_thing_group_params
+    #   Parameters to define a mitigation action that moves devices
+    #   associated with a certificate to one or more specified thing groups,
+    #   typically for quarantine.
+    #   @return [Types::AddThingsToThingGroupParams]
+    #
+    # @!attribute [rw] replace_default_policy_version_params
+    #   Parameters to define a mitigation action that adds a blank policy to
+    #   restrict permissions.
+    #   @return [Types::ReplaceDefaultPolicyVersionParams]
+    #
+    # @!attribute [rw] enable_io_t_logging_params
+    #   Parameters to define a mitigation action that enables AWS IoT
+    #   logging at a specified level of detail.
+    #   @return [Types::EnableIoTLoggingParams]
+    #
+    # @!attribute [rw] publish_finding_to_sns_params
+    #   Parameters to define a mitigation action that publishes findings to
+    #   Amazon SNS. You can implement your own custom actions in response to
+    #   the Amazon SNS messages.
+    #   @return [Types::PublishFindingToSnsParams]
+    #
+    class MitigationActionParams < Struct.new(
+      :update_device_certificate_params,
+      :update_ca_certificate_params,
+      :add_things_to_thing_group_params,
+      :replace_default_policy_version_params,
+      :enable_io_t_logging_params,
+      :publish_finding_to_sns_params)
+      include Aws::Structure
+    end
+
+    # Information about the resource that was noncompliant with the audit
     # check.
     #
     # @!attribute [rw] resource_type
-    #   The type of the non-compliant resource.
+    #   The type of the noncompliant resource.
     #   @return [String]
     #
     # @!attribute [rw] resource_identifier
-    #   Information identifying the non-compliant resource.
+    #   Information that identifies the noncompliant resource.
     #   @return [Types::ResourceIdentifier]
     #
     # @!attribute [rw] additional_info
-    #   Additional information about the non-compliant resource.
+    #   Other information about the noncompliant resource.
     #   @return [Hash<String,String>]
     #
     class NonCompliantResource < Struct.new(
@@ -8554,6 +9291,26 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Parameters to define a mitigation action that publishes findings to
+    # Amazon SNS. You can implement your own custom actions in response to
+    # the Amazon SNS messages.
+    #
+    # @note When making an API call, you may pass PublishFindingToSnsParams
+    #   data as a hash:
+    #
+    #       {
+    #         topic_arn: "SnsTopicArn", # required
+    #       }
+    #
+    # @!attribute [rw] topic_arn
+    #   The ARN of the topic to which you want to publish the findings.
+    #   @return [String]
+    #
+    class PublishFindingToSnsParams < Struct.new(
+      :topic_arn)
+      include Aws::Structure
+    end
+
     # The input for the DynamoActionVS action that specifies the DynamoDB
     # table to which the message data will be written.
     #
@@ -8565,7 +9322,7 @@ module Aws::IoT
     #       }
     #
     # @!attribute [rw] table_name
-    #   The table where the message data will be written
+    #   The table where the message data will be written.
     #   @return [String]
     #
     class PutItemInput < Struct.new(
@@ -8831,11 +9588,11 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] resource_identifier
-    #   Information identifying the resource.
+    #   Information that identifies the resource.
     #   @return [Types::ResourceIdentifier]
     #
     # @!attribute [rw] additional_info
-    #   Additional information about the resource.
+    #   Other information about the resource.
     #   @return [Hash<String,String>]
     #
     class RelatedResource < Struct.new(
@@ -8917,6 +9674,26 @@ module Aws::IoT
 
     class RemoveThingFromThingGroupResponse < Aws::EmptyStructure; end
 
+    # Parameters to define a mitigation action that adds a blank policy to
+    # restrict permissions.
+    #
+    # @note When making an API call, you may pass ReplaceDefaultPolicyVersionParams
+    #   data as a hash:
+    #
+    #       {
+    #         template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
+    #       }
+    #
+    # @!attribute [rw] template_name
+    #   The name of the template to be applied. The only supported value is
+    #   `BLANK_POLICY`.
+    #   @return [String]
+    #
+    class ReplaceDefaultPolicyVersionParams < Struct.new(
+      :template_name)
+      include Aws::Structure
+    end
+
     # The input for the ReplaceTopicRule operation.
     #
     # @note When making an API call, you may pass ReplaceTopicRuleRequest
@@ -9179,7 +9956,7 @@ module Aws::IoT
       include Aws::Structure
     end
 
-    # Information identifying the non-compliant resource.
+    # Information that identifies the noncompliant resource.
     #
     # @note When making an API call, you may pass ResourceIdentifier
     #   data as a hash:
@@ -9205,7 +9982,7 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] cognito_identity_pool_id
-    #   The ID of the Cognito Identity Pool.
+    #   The ID of the Amazon Cognito identity pool.
     #   @return [String]
     #
     # @!attribute [rw] client_id
@@ -9429,7 +10206,7 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] frequency
-    #   How often the scheduled audit takes place.
+    #   How often the scheduled audit occurs.
     #   @return [String]
     #
     # @!attribute [rw] day_of_month
@@ -9810,6 +10587,68 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass StartAuditMitigationActionsTaskRequest
+    #   data as a hash:
+    #
+    #       {
+    #         task_id: "AuditMitigationActionsTaskId", # required
+    #         target: { # required
+    #           audit_task_id: "AuditTaskId",
+    #           finding_ids: ["FindingId"],
+    #           audit_check_to_reason_code_filter: {
+    #             "AuditCheckName" => ["ReasonForNonComplianceCode"],
+    #           },
+    #         },
+    #         audit_check_to_actions_mapping: { # required
+    #           "AuditCheckName" => ["MitigationActionName"],
+    #         },
+    #         client_request_token: "ClientRequestToken", # required
+    #       }
+    #
+    # @!attribute [rw] task_id
+    #   A unique identifier for the task. You can use this identifier to
+    #   check the status of the task or to cancel it.
+    #   @return [String]
+    #
+    # @!attribute [rw] target
+    #   Specifies the audit findings to which the mitigation actions are
+    #   applied. You can apply them to a type of audit check, to all
+    #   findings from an audit, or to a speecific set of findings.
+    #   @return [Types::AuditMitigationActionsTaskTarget]
+    #
+    # @!attribute [rw] audit_check_to_actions_mapping
+    #   For an audit check, specifies which mitigation actions to apply.
+    #   Those actions must be defined in your AWS account.
+    #   @return [Hash<String,Array<String>>]
+    #
+    # @!attribute [rw] client_request_token
+    #   Each audit mitigation task must have a unique client request token.
+    #   If you try to start a new task with the same token as a task that
+    #   already exists, an exception occurs. If you omit this value, a
+    #   unique client request token is generated automatically.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    class StartAuditMitigationActionsTaskRequest < Struct.new(
+      :task_id,
+      :target,
+      :audit_check_to_actions_mapping,
+      :client_request_token)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] task_id
+    #   The unique identifier for the audit mitigation task. This matches
+    #   the `taskId` that you specified in the request.
+    #   @return [String]
+    #
+    class StartAuditMitigationActionsTaskResponse < Struct.new(
+      :task_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass StartOnDemandAuditTaskRequest
     #   data as a hash:
     #
@@ -9820,7 +10659,7 @@ module Aws::IoT
     # @!attribute [rw] target_check_names
     #   Which checks are performed during the audit. The checks you specify
     #   must be enabled for your account or an exception occurs. Use
-    #   `DescribeAccountAuditConfiguration` to see the list of all checks
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
     #   including those that are enabled or
     #   `UpdateAccountAuditConfiguration` to select which checks are
     #   enabled.
@@ -10194,6 +11033,17 @@ module Aws::IoT
 
     class TagResourceResponse < Aws::EmptyStructure; end
 
+    # This exception occurs if you attempt to start a task with the same
+    # task-id as an existing task but with a different clientRequestToken.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    class TaskAlreadyExistsException < Struct.new(
+      :message)
+      include Aws::Structure
+    end
+
     # Statistics for the checks performed during the audit.
     #
     # @!attribute [rw] total_checks
@@ -10213,11 +11063,11 @@ module Aws::IoT
     #   @return [Integer]
     #
     # @!attribute [rw] non_compliant_checks
-    #   The number of checks that found non-compliant resources.
+    #   The number of checks that found noncompliant resources.
     #   @return [Integer]
     #
     # @!attribute [rw] failed_checks
-    #   The number of checks
+    #   The number of checks.
     #   @return [Integer]
     #
     # @!attribute [rw] canceled_checks
@@ -10236,6 +11086,43 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Provides summary counts of how many tasks for findings are in a
+    # particular state. This information is included in the response from
+    # DescribeAuditMitigationActionsTask.
+    #
+    # @!attribute [rw] total_findings_count
+    #   The total number of findings to which a task is being applied.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] failed_findings_count
+    #   The number of findings for which at least one of the actions failed
+    #   when applied.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] succeeded_findings_count
+    #   The number of findings for which all mitigation actions succeeded
+    #   when applied.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] skipped_findings_count
+    #   The number of findings skipped because of filter conditions provided
+    #   in the parameters to the command.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] canceled_findings_count
+    #   The number of findings to which the mitigation action task was
+    #   canceled when applied.
+    #   @return [Integer]
+    #
+    class TaskStatisticsForAuditCheck < Struct.new(
+      :total_findings_count,
+      :failed_findings_count,
+      :succeeded_findings_count,
+      :skipped_findings_count,
+      :canceled_findings_count)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass TestAuthorizationRequest
     #   data as a hash:
     #
@@ -11184,7 +12071,7 @@ module Aws::IoT
     # @!attribute [rw] role_arn
     #   The ARN of the role that grants permission to AWS IoT to access
     #   information about your devices, policies, certificates and other
-    #   items as necessary when performing an audit.
+    #   items as required when performing an audit.
     #   @return [String]
     #
     # @!attribute [rw] audit_notification_target_configurations
@@ -11194,17 +12081,17 @@ module Aws::IoT
     # @!attribute [rw] audit_check_configurations
     #   Specifies which audit checks are enabled and disabled for this
     #   account. Use `DescribeAccountAuditConfiguration` to see the list of
-    #   all checks including those that are currently enabled.
+    #   all checks, including those that are currently enabled.
     #
-    #   Note that some data collection may begin immediately when certain
-    #   checks are enabled. When a check is disabled, any data collected so
-    #   far in relation to the check is deleted.
+    #   Some data collection might start immediately when certain checks are
+    #   enabled. When a check is disabled, any data collected so far in
+    #   relation to the check is deleted.
     #
     #   You cannot disable a check if it is used by any scheduled audit. You
     #   must first delete the check from the scheduled audit or delete the
     #   scheduled audit itself.
     #
-    #   On the first call to `UpdateAccountAuditConfiguration` this
+    #   On the first call to `UpdateAccountAuditConfiguration`, this
     #   parameter is required and must specify at least one enabled check.
     #   @return [Hash<String,Types::AuditCheckConfiguration>]
     #
@@ -11315,6 +12202,26 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Parameters to define a mitigation action that changes the state of the
+    # CA certificate to inactive.
+    #
+    # @note When making an API call, you may pass UpdateCACertificateParams
+    #   data as a hash:
+    #
+    #       {
+    #         action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #       }
+    #
+    # @!attribute [rw] action
+    #   The action that you want to apply to the CA cerrtificate. The only
+    #   supported value is `DEACTIVATE`.
+    #   @return [String]
+    #
+    class UpdateCACertificateParams < Struct.new(
+      :action)
+      include Aws::Structure
+    end
+
     # The input to the UpdateCACertificate operation.
     #
     # @note When making an API call, you may pass UpdateCACertificateRequest
@@ -11352,7 +12259,7 @@ module Aws::IoT
     #   @return [Types::RegistrationConfig]
     #
     # @!attribute [rw] remove_auto_registration
-    #   If true, remove auto registration.
+    #   If true, removes auto registration.
     #   @return [Boolean]
     #
     class UpdateCACertificateRequest < Struct.new(
@@ -11396,6 +12303,26 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Parameters to define a mitigation action that changes the state of the
+    # device certificate to inactive.
+    #
+    # @note When making an API call, you may pass UpdateDeviceCertificateParams
+    #   data as a hash:
+    #
+    #       {
+    #         action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #       }
+    #
+    # @!attribute [rw] action
+    #   The action that you want to apply to the device cerrtificate. The
+    #   only supported value is `DEACTIVATE`.
+    #   @return [String]
+    #
+    class UpdateDeviceCertificateParams < Struct.new(
+      :action)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateDynamicThingGroupRequest
     #   data as a hash:
     #
@@ -11593,6 +12520,71 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateMitigationActionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         action_name: "MitigationActionName", # required
+    #         role_arn: "RoleArn",
+    #         action_params: {
+    #           update_device_certificate_params: {
+    #             action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #           },
+    #           update_ca_certificate_params: {
+    #             action: "DEACTIVATE", # required, accepts DEACTIVATE
+    #           },
+    #           add_things_to_thing_group_params: {
+    #             thing_group_names: ["ThingGroupName"], # required
+    #             override_dynamic_groups: false,
+    #           },
+    #           replace_default_policy_version_params: {
+    #             template_name: "BLANK_POLICY", # required, accepts BLANK_POLICY
+    #           },
+    #           enable_io_t_logging_params: {
+    #             role_arn_for_logging: "RoleArn", # required
+    #             log_level: "DEBUG", # required, accepts DEBUG, INFO, ERROR, WARN, DISABLED
+    #           },
+    #           publish_finding_to_sns_params: {
+    #             topic_arn: "SnsTopicArn", # required
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] action_name
+    #   The friendly name for the mitigation action. You can't change the
+    #   name by using `UpdateMitigationAction`. Instead, you must delete and
+    #   re-create the mitigation action with the new name.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the IAM role that is used to apply the mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_params
+    #   Defines the type of action and the parameters for that action.
+    #   @return [Types::MitigationActionParams]
+    #
+    class UpdateMitigationActionRequest < Struct.new(
+      :action_name,
+      :role_arn,
+      :action_params)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] action_arn
+    #   The ARN for the new mitigation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_id
+    #   A unique identifier for the mitigation action.
+    #   @return [String]
+    #
+    class UpdateMitigationActionResponse < Struct.new(
+      :action_arn,
+      :action_id)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateRoleAliasRequest
     #   data as a hash:
     #
@@ -11648,8 +12640,8 @@ module Aws::IoT
     #
     # @!attribute [rw] frequency
     #   How often the scheduled audit takes place. Can be one of "DAILY",
-    #   "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of
-    #   each audit is determined by the system.
+    #   "WEEKLY", "BIWEEKLY", or "MONTHLY". The start time of each
+    #   audit is determined by the system.
     #   @return [String]
     #
     # @!attribute [rw] day_of_month
@@ -11662,7 +12654,7 @@ module Aws::IoT
     #
     # @!attribute [rw] day_of_week
     #   The day of the week on which the scheduled audit takes place. Can be
-    #   one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or
+    #   one of "SUN", "MON", "TUE", "WED", "THU", "FRI", or
     #   "SAT". This field is required if the "frequency" parameter is
     #   set to "WEEKLY" or "BIWEEKLY".
     #   @return [String]
@@ -11670,8 +12662,8 @@ module Aws::IoT
     # @!attribute [rw] target_check_names
     #   Which checks are performed during the scheduled audit. Checks must
     #   be enabled for your account. (Use
-    #   `DescribeAccountAuditConfiguration` to see the list of all checks
-    #   including those that are enabled or
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
     #   `UpdateAccountAuditConfiguration` to select which checks are
     #   enabled.)
     #   @return [Array<String>]
@@ -11756,32 +12748,32 @@ module Aws::IoT
     #
     # @!attribute [rw] additional_metrics_to_retain
     #   A list of metrics whose data is retained (stored). By default, data
-    #   is retained for any metric used in the profile's `behaviors` but it
-    #   is also retained for any metric specified here.
+    #   is retained for any metric used in the profile's `behaviors`, but
+    #   it is also retained for any metric specified here.
     #   @return [Array<String>]
     #
     # @!attribute [rw] delete_behaviors
     #   If true, delete all `behaviors` defined for this security profile.
-    #   If any `behaviors` are defined in the current invocation an
+    #   If any `behaviors` are defined in the current invocation, an
     #   exception occurs.
     #   @return [Boolean]
     #
     # @!attribute [rw] delete_alert_targets
     #   If true, delete all `alertTargets` defined for this security
-    #   profile. If any `alertTargets` are defined in the current invocation
-    #   an exception occurs.
+    #   profile. If any `alertTargets` are defined in the current
+    #   invocation, an exception occurs.
     #   @return [Boolean]
     #
     # @!attribute [rw] delete_additional_metrics_to_retain
     #   If true, delete all `additionalMetricsToRetain` defined for this
     #   security profile. If any `additionalMetricsToRetain` are defined in
-    #   the current invocation an exception occurs.
+    #   the current invocation, an exception occurs.
     #   @return [Boolean]
     #
     # @!attribute [rw] expected_version
     #   The expected version of the security profile. A new version is
     #   generated whenever the security profile is updated. If you specify a
-    #   value that is different than the actual version, a
+    #   value that is different from the actual version, a
     #   `VersionConflictException` is thrown.
     #   @return [Integer]
     #
@@ -11822,7 +12814,7 @@ module Aws::IoT
     # @!attribute [rw] additional_metrics_to_retain
     #   A list of metrics whose data is retained (stored). By default, data
     #   is retained for any metric used in the security profile's
-    #   `behaviors` but it is also retained for any metric specified here.
+    #   `behaviors`, but it is also retained for any metric specified here.
     #   @return [Array<String>]
     #
     # @!attribute [rw] version