aws-sdk-macie2 1.24.0 → 1.29.0

data/lib/aws-sdk-macie2/client_api.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -21,6 +21,7 @@ module Aws::Macie2
     AccountLevelPermissions = Shapes::StructureShape.new(name: 'AccountLevelPermissions')
     AdminAccount = Shapes::StructureShape.new(name: 'AdminAccount')
     AdminStatus = Shapes::StringShape.new(name: 'AdminStatus')
+    AllowsUnencryptedObjectUploads = Shapes::StringShape.new(name: 'AllowsUnencryptedObjectUploads')
     ApiCallDetails = Shapes::StructureShape.new(name: 'ApiCallDetails')
     AssumedRole = Shapes::StructureShape.new(name: 'AssumedRole')
     AwsAccount = Shapes::StructureShape.new(name: 'AwsAccount')
@@ -32,6 +33,7 @@ module Aws::Macie2
     BucketCountByEffectivePermission = Shapes::StructureShape.new(name: 'BucketCountByEffectivePermission')
     BucketCountByEncryptionType = Shapes::StructureShape.new(name: 'BucketCountByEncryptionType')
     BucketCountBySharedAccessType = Shapes::StructureShape.new(name: 'BucketCountBySharedAccessType')
+    BucketCountPolicyAllowsUnencryptedObjectUploads = Shapes::StructureShape.new(name: 'BucketCountPolicyAllowsUnencryptedObjectUploads')
     BucketCriteria = Shapes::MapShape.new(name: 'BucketCriteria')
     BucketCriteriaAdditionalProperties = Shapes::StructureShape.new(name: 'BucketCriteriaAdditionalProperties')
     BucketLevelPermissions = Shapes::StructureShape.new(name: 'BucketLevelPermissions')
@@ -60,6 +62,8 @@ module Aws::Macie2
     CreateMemberResponse = Shapes::StructureShape.new(name: 'CreateMemberResponse')
     CreateSampleFindingsRequest = Shapes::StructureShape.new(name: 'CreateSampleFindingsRequest')
     CreateSampleFindingsResponse = Shapes::StructureShape.new(name: 'CreateSampleFindingsResponse')
+    CriteriaBlockForJob = Shapes::StructureShape.new(name: 'CriteriaBlockForJob')
+    CriteriaForJob = Shapes::StructureShape.new(name: 'CriteriaForJob')
     Criterion = Shapes::MapShape.new(name: 'Criterion')
     CriterionAdditionalProperties = Shapes::StructureShape.new(name: 'CriterionAdditionalProperties')
     Currency = Shapes::StringShape.new(name: 'Currency')
@@ -131,6 +135,8 @@ module Aws::Macie2
     GetFindingStatisticsResponse = Shapes::StructureShape.new(name: 'GetFindingStatisticsResponse')
     GetFindingsFilterRequest = Shapes::StructureShape.new(name: 'GetFindingsFilterRequest')
     GetFindingsFilterResponse = Shapes::StructureShape.new(name: 'GetFindingsFilterResponse')
+    GetFindingsPublicationConfigurationRequest = Shapes::StructureShape.new(name: 'GetFindingsPublicationConfigurationRequest')
+    GetFindingsPublicationConfigurationResponse = Shapes::StructureShape.new(name: 'GetFindingsPublicationConfigurationResponse')
     GetFindingsRequest = Shapes::StructureShape.new(name: 'GetFindingsRequest')
     GetFindingsResponse = Shapes::StructureShape.new(name: 'GetFindingsResponse')
     GetInvitationsCountRequest = Shapes::StructureShape.new(name: 'GetInvitationsCountRequest')
@@ -191,6 +197,8 @@ module Aws::Macie2
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     MacieStatus = Shapes::StringShape.new(name: 'MacieStatus')
+    MatchingBucket = Shapes::StructureShape.new(name: 'MatchingBucket')
+    MatchingResource = Shapes::StructureShape.new(name: 'MatchingResource')
     MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
     Member = Shapes::StructureShape.new(name: 'Member')
     MonthlySchedule = Shapes::StructureShape.new(name: 'MonthlySchedule')
@@ -203,6 +211,8 @@ module Aws::Macie2
     PolicyDetails = Shapes::StructureShape.new(name: 'PolicyDetails')
     PutClassificationExportConfigurationRequest = Shapes::StructureShape.new(name: 'PutClassificationExportConfigurationRequest')
     PutClassificationExportConfigurationResponse = Shapes::StructureShape.new(name: 'PutClassificationExportConfigurationResponse')
+    PutFindingsPublicationConfigurationRequest = Shapes::StructureShape.new(name: 'PutFindingsPublicationConfigurationRequest')
+    PutFindingsPublicationConfigurationResponse = Shapes::StructureShape.new(name: 'PutFindingsPublicationConfigurationResponse')
     Range = Shapes::StructureShape.new(name: 'Range')
     Ranges = Shapes::ListShape.new(name: 'Ranges')
     Record = Shapes::StructureShape.new(name: 'Record')
@@ -212,6 +222,7 @@ module Aws::Macie2
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourcesAffected = Shapes::StructureShape.new(name: 'ResourcesAffected')
     S3Bucket = Shapes::StructureShape.new(name: 'S3Bucket')
+    S3BucketCriteriaForJob = Shapes::StructureShape.new(name: 'S3BucketCriteriaForJob')
     S3BucketDefinitionForJob = Shapes::StructureShape.new(name: 'S3BucketDefinitionForJob')
     S3BucketOwner = Shapes::StructureShape.new(name: 'S3BucketOwner')
     S3Destination = Shapes::StructureShape.new(name: 'S3Destination')
@@ -219,6 +230,19 @@ module Aws::Macie2
     S3Object = Shapes::StructureShape.new(name: 'S3Object')
     ScopeFilterKey = Shapes::StringShape.new(name: 'ScopeFilterKey')
     Scoping = Shapes::StructureShape.new(name: 'Scoping')
+    SearchResourcesBucketCriteria = Shapes::StructureShape.new(name: 'SearchResourcesBucketCriteria')
+    SearchResourcesComparator = Shapes::StringShape.new(name: 'SearchResourcesComparator')
+    SearchResourcesCriteria = Shapes::StructureShape.new(name: 'SearchResourcesCriteria')
+    SearchResourcesCriteriaBlock = Shapes::StructureShape.new(name: 'SearchResourcesCriteriaBlock')
+    SearchResourcesRequest = Shapes::StructureShape.new(name: 'SearchResourcesRequest')
+    SearchResourcesResponse = Shapes::StructureShape.new(name: 'SearchResourcesResponse')
+    SearchResourcesSimpleCriterion = Shapes::StructureShape.new(name: 'SearchResourcesSimpleCriterion')
+    SearchResourcesSimpleCriterionKey = Shapes::StringShape.new(name: 'SearchResourcesSimpleCriterionKey')
+    SearchResourcesSortAttributeName = Shapes::StringShape.new(name: 'SearchResourcesSortAttributeName')
+    SearchResourcesSortCriteria = Shapes::StructureShape.new(name: 'SearchResourcesSortCriteria')
+    SearchResourcesTagCriterion = Shapes::StructureShape.new(name: 'SearchResourcesTagCriterion')
+    SearchResourcesTagCriterionPair = Shapes::StructureShape.new(name: 'SearchResourcesTagCriterionPair')
+    SecurityHubConfiguration = Shapes::StructureShape.new(name: 'SecurityHubConfiguration')
     SensitiveData = Shapes::ListShape.new(name: 'SensitiveData')
     SensitiveDataItem = Shapes::StructureShape.new(name: 'SensitiveDataItem')
     SensitiveDataItemCategory = Shapes::StringShape.new(name: 'SensitiveDataItemCategory')
@@ -231,10 +255,14 @@ module Aws::Macie2
     Severity = Shapes::StructureShape.new(name: 'Severity')
     SeverityDescription = Shapes::StringShape.new(name: 'SeverityDescription')
     SharedAccess = Shapes::StringShape.new(name: 'SharedAccess')
+    SimpleCriterionForJob = Shapes::StructureShape.new(name: 'SimpleCriterionForJob')
+    SimpleCriterionKeyForJob = Shapes::StringShape.new(name: 'SimpleCriterionKeyForJob')
     SimpleScopeTerm = Shapes::StructureShape.new(name: 'SimpleScopeTerm')
     SortCriteria = Shapes::StructureShape.new(name: 'SortCriteria')
     Statistics = Shapes::StructureShape.new(name: 'Statistics')
     StorageClass = Shapes::StringShape.new(name: 'StorageClass')
+    TagCriterionForJob = Shapes::StructureShape.new(name: 'TagCriterionForJob')
+    TagCriterionPairForJob = Shapes::StructureShape.new(name: 'TagCriterionPairForJob')
     TagMap = Shapes::MapShape.new(name: 'TagMap')
     TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
     TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
@@ -281,6 +309,7 @@ module Aws::Macie2
     __listOfAdminAccount = Shapes::ListShape.new(name: '__listOfAdminAccount')
     __listOfBatchGetCustomDataIdentifierSummary = Shapes::ListShape.new(name: '__listOfBatchGetCustomDataIdentifierSummary')
     __listOfBucketMetadata = Shapes::ListShape.new(name: '__listOfBucketMetadata')
+    __listOfCriteriaForJob = Shapes::ListShape.new(name: '__listOfCriteriaForJob')
     __listOfCustomDataIdentifierSummary = Shapes::ListShape.new(name: '__listOfCustomDataIdentifierSummary')
     __listOfFinding = Shapes::ListShape.new(name: '__listOfFinding')
     __listOfFindingType = Shapes::ListShape.new(name: '__listOfFindingType')
@@ -291,8 +320,12 @@ module Aws::Macie2
     __listOfJobSummary = Shapes::ListShape.new(name: '__listOfJobSummary')
     __listOfKeyValuePair = Shapes::ListShape.new(name: '__listOfKeyValuePair')
     __listOfListJobsFilterTerm = Shapes::ListShape.new(name: '__listOfListJobsFilterTerm')
+    __listOfMatchingResource = Shapes::ListShape.new(name: '__listOfMatchingResource')
     __listOfMember = Shapes::ListShape.new(name: '__listOfMember')
     __listOfS3BucketDefinitionForJob = Shapes::ListShape.new(name: '__listOfS3BucketDefinitionForJob')
+    __listOfSearchResourcesCriteria = Shapes::ListShape.new(name: '__listOfSearchResourcesCriteria')
+    __listOfSearchResourcesTagCriterionPair = Shapes::ListShape.new(name: '__listOfSearchResourcesTagCriterionPair')
+    __listOfTagCriterionPairForJob = Shapes::ListShape.new(name: '__listOfTagCriterionPairForJob')
     __listOfTagValuePair = Shapes::ListShape.new(name: '__listOfTagValuePair')
     __listOfUnprocessedAccount = Shapes::ListShape.new(name: '__listOfUnprocessedAccount')
     __listOfUsageByAccount = Shapes::ListShape.new(name: '__listOfUsageByAccount')
@@ -380,6 +413,7 @@ module Aws::Macie2
     BucketCountByEncryptionType.add_member(:kms_managed, Shapes::ShapeRef.new(shape: __long, location_name: "kmsManaged"))
     BucketCountByEncryptionType.add_member(:s3_managed, Shapes::ShapeRef.new(shape: __long, location_name: "s3Managed"))
     BucketCountByEncryptionType.add_member(:unencrypted, Shapes::ShapeRef.new(shape: __long, location_name: "unencrypted"))
+    BucketCountByEncryptionType.add_member(:unknown, Shapes::ShapeRef.new(shape: __long, location_name: "unknown"))
     BucketCountByEncryptionType.struct_class = Types::BucketCountByEncryptionType
 
     BucketCountBySharedAccessType.add_member(:external, Shapes::ShapeRef.new(shape: __long, location_name: "external"))
@@ -388,6 +422,11 @@ module Aws::Macie2
     BucketCountBySharedAccessType.add_member(:unknown, Shapes::ShapeRef.new(shape: __long, location_name: "unknown"))
     BucketCountBySharedAccessType.struct_class = Types::BucketCountBySharedAccessType
 
+    BucketCountPolicyAllowsUnencryptedObjectUploads.add_member(:allows_unencrypted_object_uploads, Shapes::ShapeRef.new(shape: __long, location_name: "allowsUnencryptedObjectUploads"))
+    BucketCountPolicyAllowsUnencryptedObjectUploads.add_member(:denies_unencrypted_object_uploads, Shapes::ShapeRef.new(shape: __long, location_name: "deniesUnencryptedObjectUploads"))
+    BucketCountPolicyAllowsUnencryptedObjectUploads.add_member(:unknown, Shapes::ShapeRef.new(shape: __long, location_name: "unknown"))
+    BucketCountPolicyAllowsUnencryptedObjectUploads.struct_class = Types::BucketCountPolicyAllowsUnencryptedObjectUploads
+
     BucketCriteria.key = Shapes::ShapeRef.new(shape: __string)
     BucketCriteria.value = Shapes::ShapeRef.new(shape: BucketCriteriaAdditionalProperties)
 
@@ -406,6 +445,7 @@ module Aws::Macie2
     BucketLevelPermissions.struct_class = Types::BucketLevelPermissions
 
     BucketMetadata.add_member(:account_id, Shapes::ShapeRef.new(shape: __string, location_name: "accountId"))
+    BucketMetadata.add_member(:allows_unencrypted_object_uploads, Shapes::ShapeRef.new(shape: AllowsUnencryptedObjectUploads, location_name: "allowsUnencryptedObjectUploads"))
     BucketMetadata.add_member(:bucket_arn, Shapes::ShapeRef.new(shape: __string, location_name: "bucketArn"))
     BucketMetadata.add_member(:bucket_created_at, Shapes::ShapeRef.new(shape: __timestampIso8601, location_name: "bucketCreatedAt"))
     BucketMetadata.add_member(:bucket_name, Shapes::ShapeRef.new(shape: __string, location_name: "bucketName"))
@@ -542,6 +582,13 @@ module Aws::Macie2
 
     CreateSampleFindingsResponse.struct_class = Types::CreateSampleFindingsResponse
 
+    CriteriaBlockForJob.add_member(:and, Shapes::ShapeRef.new(shape: __listOfCriteriaForJob, location_name: "and"))
+    CriteriaBlockForJob.struct_class = Types::CriteriaBlockForJob
+
+    CriteriaForJob.add_member(:simple_criterion, Shapes::ShapeRef.new(shape: SimpleCriterionForJob, location_name: "simpleCriterion"))
+    CriteriaForJob.add_member(:tag_criterion, Shapes::ShapeRef.new(shape: TagCriterionForJob, location_name: "tagCriterion"))
+    CriteriaForJob.struct_class = Types::CriteriaForJob
+
     Criterion.key = Shapes::ShapeRef.new(shape: __string)
     Criterion.value = Shapes::ShapeRef.new(shape: CriterionAdditionalProperties)
 
@@ -749,6 +796,7 @@ module Aws::Macie2
     GetBucketStatisticsResponse.add_member(:bucket_count, Shapes::ShapeRef.new(shape: __long, location_name: "bucketCount"))
     GetBucketStatisticsResponse.add_member(:bucket_count_by_effective_permission, Shapes::ShapeRef.new(shape: BucketCountByEffectivePermission, location_name: "bucketCountByEffectivePermission"))
     GetBucketStatisticsResponse.add_member(:bucket_count_by_encryption_type, Shapes::ShapeRef.new(shape: BucketCountByEncryptionType, location_name: "bucketCountByEncryptionType"))
+    GetBucketStatisticsResponse.add_member(:bucket_count_by_object_encryption_requirement, Shapes::ShapeRef.new(shape: BucketCountPolicyAllowsUnencryptedObjectUploads, location_name: "bucketCountByObjectEncryptionRequirement"))
     GetBucketStatisticsResponse.add_member(:bucket_count_by_shared_access_type, Shapes::ShapeRef.new(shape: BucketCountBySharedAccessType, location_name: "bucketCountBySharedAccessType"))
     GetBucketStatisticsResponse.add_member(:classifiable_object_count, Shapes::ShapeRef.new(shape: __long, location_name: "classifiableObjectCount"))
     GetBucketStatisticsResponse.add_member(:classifiable_size_in_bytes, Shapes::ShapeRef.new(shape: __long, location_name: "classifiableSizeInBytes"))
@@ -803,6 +851,11 @@ module Aws::Macie2
     GetFindingsFilterResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     GetFindingsFilterResponse.struct_class = Types::GetFindingsFilterResponse
 
+    GetFindingsPublicationConfigurationRequest.struct_class = Types::GetFindingsPublicationConfigurationRequest
+
+    GetFindingsPublicationConfigurationResponse.add_member(:security_hub_configuration, Shapes::ShapeRef.new(shape: SecurityHubConfiguration, location_name: "securityHubConfiguration"))
+    GetFindingsPublicationConfigurationResponse.struct_class = Types::GetFindingsPublicationConfigurationResponse
+
     GetFindingsRequest.add_member(:finding_ids, Shapes::ShapeRef.new(shape: __listOf__string, required: true, location_name: "findingIds"))
     GetFindingsRequest.add_member(:sort_criteria, Shapes::ShapeRef.new(shape: SortCriteria, location_name: "sortCriteria"))
     GetFindingsRequest.struct_class = Types::GetFindingsRequest
@@ -931,6 +984,7 @@ module Aws::Macie2
     JobSummary.add_member(:last_run_error_status, Shapes::ShapeRef.new(shape: LastRunErrorStatus, location_name: "lastRunErrorStatus"))
     JobSummary.add_member(:name, Shapes::ShapeRef.new(shape: __string, location_name: "name"))
     JobSummary.add_member(:user_paused_details, Shapes::ShapeRef.new(shape: UserPausedDetails, location_name: "userPausedDetails"))
+    JobSummary.add_member(:bucket_criteria, Shapes::ShapeRef.new(shape: S3BucketCriteriaForJob, location_name: "bucketCriteria"))
     JobSummary.struct_class = Types::JobSummary
 
     KeyValuePair.add_member(:key, Shapes::ShapeRef.new(shape: __string, location_name: "key"))
@@ -1022,6 +1076,22 @@ module Aws::Macie2
     ListTagsForResourceResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse
 
+    MatchingBucket.add_member(:account_id, Shapes::ShapeRef.new(shape: __string, location_name: "accountId"))
+    MatchingBucket.add_member(:bucket_name, Shapes::ShapeRef.new(shape: __string, location_name: "bucketName"))
+    MatchingBucket.add_member(:classifiable_object_count, Shapes::ShapeRef.new(shape: __long, location_name: "classifiableObjectCount"))
+    MatchingBucket.add_member(:classifiable_size_in_bytes, Shapes::ShapeRef.new(shape: __long, location_name: "classifiableSizeInBytes"))
+    MatchingBucket.add_member(:job_details, Shapes::ShapeRef.new(shape: JobDetails, location_name: "jobDetails"))
+    MatchingBucket.add_member(:object_count, Shapes::ShapeRef.new(shape: __long, location_name: "objectCount"))
+    MatchingBucket.add_member(:object_count_by_encryption_type, Shapes::ShapeRef.new(shape: ObjectCountByEncryptionType, location_name: "objectCountByEncryptionType"))
+    MatchingBucket.add_member(:size_in_bytes, Shapes::ShapeRef.new(shape: __long, location_name: "sizeInBytes"))
+    MatchingBucket.add_member(:size_in_bytes_compressed, Shapes::ShapeRef.new(shape: __long, location_name: "sizeInBytesCompressed"))
+    MatchingBucket.add_member(:unclassifiable_object_count, Shapes::ShapeRef.new(shape: ObjectLevelStatistics, location_name: "unclassifiableObjectCount"))
+    MatchingBucket.add_member(:unclassifiable_object_size_in_bytes, Shapes::ShapeRef.new(shape: ObjectLevelStatistics, location_name: "unclassifiableObjectSizeInBytes"))
+    MatchingBucket.struct_class = Types::MatchingBucket
+
+    MatchingResource.add_member(:matching_bucket, Shapes::ShapeRef.new(shape: MatchingBucket, location_name: "matchingBucket"))
+    MatchingResource.struct_class = Types::MatchingResource
+
     Member.add_member(:account_id, Shapes::ShapeRef.new(shape: __string, location_name: "accountId"))
     Member.add_member(:administrator_account_id, Shapes::ShapeRef.new(shape: __string, location_name: "administratorAccountId"))
     Member.add_member(:arn, Shapes::ShapeRef.new(shape: __string, location_name: "arn"))
@@ -1040,6 +1110,7 @@ module Aws::Macie2
     ObjectCountByEncryptionType.add_member(:kms_managed, Shapes::ShapeRef.new(shape: __long, location_name: "kmsManaged"))
     ObjectCountByEncryptionType.add_member(:s3_managed, Shapes::ShapeRef.new(shape: __long, location_name: "s3Managed"))
     ObjectCountByEncryptionType.add_member(:unencrypted, Shapes::ShapeRef.new(shape: __long, location_name: "unencrypted"))
+    ObjectCountByEncryptionType.add_member(:unknown, Shapes::ShapeRef.new(shape: __long, location_name: "unknown"))
     ObjectCountByEncryptionType.struct_class = Types::ObjectCountByEncryptionType
 
     ObjectLevelStatistics.add_member(:file_type, Shapes::ShapeRef.new(shape: __long, location_name: "fileType"))
@@ -1071,6 +1142,12 @@ module Aws::Macie2
     PutClassificationExportConfigurationResponse.add_member(:configuration, Shapes::ShapeRef.new(shape: ClassificationExportConfiguration, location_name: "configuration"))
     PutClassificationExportConfigurationResponse.struct_class = Types::PutClassificationExportConfigurationResponse
 
+    PutFindingsPublicationConfigurationRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: __string, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    PutFindingsPublicationConfigurationRequest.add_member(:security_hub_configuration, Shapes::ShapeRef.new(shape: SecurityHubConfiguration, location_name: "securityHubConfiguration"))
+    PutFindingsPublicationConfigurationRequest.struct_class = Types::PutFindingsPublicationConfigurationRequest
+
+    PutFindingsPublicationConfigurationResponse.struct_class = Types::PutFindingsPublicationConfigurationResponse
+
     Range.add_member(:end, Shapes::ShapeRef.new(shape: __long, location_name: "end"))
     Range.add_member(:start, Shapes::ShapeRef.new(shape: __long, location_name: "start"))
     Range.add_member(:start_column, Shapes::ShapeRef.new(shape: __long, location_name: "startColumn"))
@@ -1096,6 +1173,7 @@ module Aws::Macie2
     ResourcesAffected.add_member(:s3_object, Shapes::ShapeRef.new(shape: S3Object, location_name: "s3Object"))
     ResourcesAffected.struct_class = Types::ResourcesAffected
 
+    S3Bucket.add_member(:allows_unencrypted_object_uploads, Shapes::ShapeRef.new(shape: AllowsUnencryptedObjectUploads, location_name: "allowsUnencryptedObjectUploads"))
     S3Bucket.add_member(:arn, Shapes::ShapeRef.new(shape: __string, location_name: "arn"))
     S3Bucket.add_member(:created_at, Shapes::ShapeRef.new(shape: __timestampIso8601, location_name: "createdAt"))
     S3Bucket.add_member(:default_server_side_encryption, Shapes::ShapeRef.new(shape: ServerSideEncryption, location_name: "defaultServerSideEncryption"))
@@ -1105,6 +1183,10 @@ module Aws::Macie2
     S3Bucket.add_member(:tags, Shapes::ShapeRef.new(shape: KeyValuePairList, location_name: "tags"))
     S3Bucket.struct_class = Types::S3Bucket
 
+    S3BucketCriteriaForJob.add_member(:excludes, Shapes::ShapeRef.new(shape: CriteriaBlockForJob, location_name: "excludes"))
+    S3BucketCriteriaForJob.add_member(:includes, Shapes::ShapeRef.new(shape: CriteriaBlockForJob, location_name: "includes"))
+    S3BucketCriteriaForJob.struct_class = Types::S3BucketCriteriaForJob
+
     S3BucketDefinitionForJob.add_member(:account_id, Shapes::ShapeRef.new(shape: __string, required: true, location_name: "accountId"))
     S3BucketDefinitionForJob.add_member(:buckets, Shapes::ShapeRef.new(shape: __listOf__string, required: true, location_name: "buckets"))
     S3BucketDefinitionForJob.struct_class = Types::S3BucketDefinitionForJob
@@ -1120,6 +1202,7 @@ module Aws::Macie2
 
     S3JobDefinition.add_member(:bucket_definitions, Shapes::ShapeRef.new(shape: __listOfS3BucketDefinitionForJob, location_name: "bucketDefinitions"))
     S3JobDefinition.add_member(:scoping, Shapes::ShapeRef.new(shape: Scoping, location_name: "scoping"))
+    S3JobDefinition.add_member(:bucket_criteria, Shapes::ShapeRef.new(shape: S3BucketCriteriaForJob, location_name: "bucketCriteria"))
     S3JobDefinition.struct_class = Types::S3JobDefinition
 
     S3Object.add_member(:bucket_arn, Shapes::ShapeRef.new(shape: __string, location_name: "bucketArn"))
@@ -1140,6 +1223,48 @@ module Aws::Macie2
     Scoping.add_member(:includes, Shapes::ShapeRef.new(shape: JobScopingBlock, location_name: "includes"))
     Scoping.struct_class = Types::Scoping
 
+    SearchResourcesBucketCriteria.add_member(:excludes, Shapes::ShapeRef.new(shape: SearchResourcesCriteriaBlock, location_name: "excludes"))
+    SearchResourcesBucketCriteria.add_member(:includes, Shapes::ShapeRef.new(shape: SearchResourcesCriteriaBlock, location_name: "includes"))
+    SearchResourcesBucketCriteria.struct_class = Types::SearchResourcesBucketCriteria
+
+    SearchResourcesCriteria.add_member(:simple_criterion, Shapes::ShapeRef.new(shape: SearchResourcesSimpleCriterion, location_name: "simpleCriterion"))
+    SearchResourcesCriteria.add_member(:tag_criterion, Shapes::ShapeRef.new(shape: SearchResourcesTagCriterion, location_name: "tagCriterion"))
+    SearchResourcesCriteria.struct_class = Types::SearchResourcesCriteria
+
+    SearchResourcesCriteriaBlock.add_member(:and, Shapes::ShapeRef.new(shape: __listOfSearchResourcesCriteria, location_name: "and"))
+    SearchResourcesCriteriaBlock.struct_class = Types::SearchResourcesCriteriaBlock
+
+    SearchResourcesRequest.add_member(:bucket_criteria, Shapes::ShapeRef.new(shape: SearchResourcesBucketCriteria, location_name: "bucketCriteria"))
+    SearchResourcesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: __integer, location_name: "maxResults"))
+    SearchResourcesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: __string, location_name: "nextToken"))
+    SearchResourcesRequest.add_member(:sort_criteria, Shapes::ShapeRef.new(shape: SearchResourcesSortCriteria, location_name: "sortCriteria"))
+    SearchResourcesRequest.struct_class = Types::SearchResourcesRequest
+
+    SearchResourcesResponse.add_member(:matching_resources, Shapes::ShapeRef.new(shape: __listOfMatchingResource, location_name: "matchingResources"))
+    SearchResourcesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: __string, location_name: "nextToken"))
+    SearchResourcesResponse.struct_class = Types::SearchResourcesResponse
+
+    SearchResourcesSimpleCriterion.add_member(:comparator, Shapes::ShapeRef.new(shape: SearchResourcesComparator, location_name: "comparator"))
+    SearchResourcesSimpleCriterion.add_member(:key, Shapes::ShapeRef.new(shape: SearchResourcesSimpleCriterionKey, location_name: "key"))
+    SearchResourcesSimpleCriterion.add_member(:values, Shapes::ShapeRef.new(shape: __listOf__string, location_name: "values"))
+    SearchResourcesSimpleCriterion.struct_class = Types::SearchResourcesSimpleCriterion
+
+    SearchResourcesSortCriteria.add_member(:attribute_name, Shapes::ShapeRef.new(shape: SearchResourcesSortAttributeName, location_name: "attributeName"))
+    SearchResourcesSortCriteria.add_member(:order_by, Shapes::ShapeRef.new(shape: OrderBy, location_name: "orderBy"))
+    SearchResourcesSortCriteria.struct_class = Types::SearchResourcesSortCriteria
+
+    SearchResourcesTagCriterion.add_member(:comparator, Shapes::ShapeRef.new(shape: SearchResourcesComparator, location_name: "comparator"))
+    SearchResourcesTagCriterion.add_member(:tag_values, Shapes::ShapeRef.new(shape: __listOfSearchResourcesTagCriterionPair, location_name: "tagValues"))
+    SearchResourcesTagCriterion.struct_class = Types::SearchResourcesTagCriterion
+
+    SearchResourcesTagCriterionPair.add_member(:key, Shapes::ShapeRef.new(shape: __string, location_name: "key"))
+    SearchResourcesTagCriterionPair.add_member(:value, Shapes::ShapeRef.new(shape: __string, location_name: "value"))
+    SearchResourcesTagCriterionPair.struct_class = Types::SearchResourcesTagCriterionPair
+
+    SecurityHubConfiguration.add_member(:publish_classification_findings, Shapes::ShapeRef.new(shape: __boolean, required: true, location_name: "publishClassificationFindings"))
+    SecurityHubConfiguration.add_member(:publish_policy_findings, Shapes::ShapeRef.new(shape: __boolean, required: true, location_name: "publishPolicyFindings"))
+    SecurityHubConfiguration.struct_class = Types::SecurityHubConfiguration
+
     SensitiveData.member = Shapes::ShapeRef.new(shape: SensitiveDataItem)
 
     SensitiveDataItem.add_member(:category, Shapes::ShapeRef.new(shape: SensitiveDataItemCategory, location_name: "category"))
@@ -1178,6 +1303,11 @@ module Aws::Macie2
     Severity.add_member(:score, Shapes::ShapeRef.new(shape: __long, location_name: "score"))
     Severity.struct_class = Types::Severity
 
+    SimpleCriterionForJob.add_member(:comparator, Shapes::ShapeRef.new(shape: JobComparator, location_name: "comparator"))
+    SimpleCriterionForJob.add_member(:key, Shapes::ShapeRef.new(shape: SimpleCriterionKeyForJob, location_name: "key"))
+    SimpleCriterionForJob.add_member(:values, Shapes::ShapeRef.new(shape: __listOf__string, location_name: "values"))
+    SimpleCriterionForJob.struct_class = Types::SimpleCriterionForJob
+
     SimpleScopeTerm.add_member(:comparator, Shapes::ShapeRef.new(shape: JobComparator, location_name: "comparator"))
     SimpleScopeTerm.add_member(:key, Shapes::ShapeRef.new(shape: ScopeFilterKey, location_name: "key"))
     SimpleScopeTerm.add_member(:values, Shapes::ShapeRef.new(shape: __listOf__string, location_name: "values"))
@@ -1191,6 +1321,14 @@ module Aws::Macie2
     Statistics.add_member(:number_of_runs, Shapes::ShapeRef.new(shape: __double, location_name: "numberOfRuns"))
     Statistics.struct_class = Types::Statistics
 
+    TagCriterionForJob.add_member(:comparator, Shapes::ShapeRef.new(shape: JobComparator, location_name: "comparator"))
+    TagCriterionForJob.add_member(:tag_values, Shapes::ShapeRef.new(shape: __listOfTagCriterionPairForJob, location_name: "tagValues"))
+    TagCriterionForJob.struct_class = Types::TagCriterionForJob
+
+    TagCriterionPairForJob.add_member(:key, Shapes::ShapeRef.new(shape: __string, location_name: "key"))
+    TagCriterionPairForJob.add_member(:value, Shapes::ShapeRef.new(shape: __string, location_name: "value"))
+    TagCriterionPairForJob.struct_class = Types::TagCriterionPairForJob
+
     TagMap.key = Shapes::ShapeRef.new(shape: __string)
     TagMap.value = Shapes::ShapeRef.new(shape: __string)
 
@@ -1246,6 +1384,7 @@ module Aws::Macie2
     UpdateFindingsFilterRequest.add_member(:id, Shapes::ShapeRef.new(shape: __string, required: true, location: "uri", location_name: "id"))
     UpdateFindingsFilterRequest.add_member(:name, Shapes::ShapeRef.new(shape: __string, location_name: "name"))
     UpdateFindingsFilterRequest.add_member(:position, Shapes::ShapeRef.new(shape: __integer, location_name: "position"))
+    UpdateFindingsFilterRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: __string, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
     UpdateFindingsFilterRequest.struct_class = Types::UpdateFindingsFilterRequest
 
     UpdateFindingsFilterResponse.add_member(:arn, Shapes::ShapeRef.new(shape: __string, location_name: "arn"))
@@ -1325,6 +1464,8 @@ module Aws::Macie2
 
     __listOfBucketMetadata.member = Shapes::ShapeRef.new(shape: BucketMetadata)
 
+    __listOfCriteriaForJob.member = Shapes::ShapeRef.new(shape: CriteriaForJob)
+
     __listOfCustomDataIdentifierSummary.member = Shapes::ShapeRef.new(shape: CustomDataIdentifierSummary)
 
     __listOfFinding.member = Shapes::ShapeRef.new(shape: Finding)
@@ -1345,10 +1486,18 @@ module Aws::Macie2
 
     __listOfListJobsFilterTerm.member = Shapes::ShapeRef.new(shape: ListJobsFilterTerm)
 
+    __listOfMatchingResource.member = Shapes::ShapeRef.new(shape: MatchingResource)
+
     __listOfMember.member = Shapes::ShapeRef.new(shape: Member)
 
     __listOfS3BucketDefinitionForJob.member = Shapes::ShapeRef.new(shape: S3BucketDefinitionForJob)
 
+    __listOfSearchResourcesCriteria.member = Shapes::ShapeRef.new(shape: SearchResourcesCriteria)
+
+    __listOfSearchResourcesTagCriterionPair.member = Shapes::ShapeRef.new(shape: SearchResourcesTagCriterionPair)
+
+    __listOfTagCriterionPairForJob.member = Shapes::ShapeRef.new(shape: TagCriterionPairForJob)
+
     __listOfTagValuePair.member = Shapes::ShapeRef.new(shape: TagValuePair)
 
     __listOfUnprocessedAccount.member = Shapes::ShapeRef.new(shape: UnprocessedAccount)
@@ -1837,6 +1986,21 @@ module Aws::Macie2
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
 
+      api.add_operation(:get_findings_publication_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetFindingsPublicationConfiguration"
+        o.http_method = "GET"
+        o.http_request_uri = "/findings-publication-configuration"
+        o.input = Shapes::ShapeRef.new(shape: GetFindingsPublicationConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetFindingsPublicationConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
+
       api.add_operation(:get_invitations_count, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetInvitationsCount"
         o.http_method = "GET"
@@ -2103,6 +2267,42 @@ module Aws::Macie2
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
       end)
 
+      api.add_operation(:put_findings_publication_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutFindingsPublicationConfiguration"
+        o.http_method = "PUT"
+        o.http_request_uri = "/findings-publication-configuration"
+        o.input = Shapes::ShapeRef.new(shape: PutFindingsPublicationConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutFindingsPublicationConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
+
+      api.add_operation(:search_resources, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "SearchResources"
+        o.http_method = "POST"
+        o.http_request_uri = "/datasources/search-resources"
+        o.input = Shapes::ShapeRef.new(shape: SearchResourcesRequest)
+        o.output = Shapes::ShapeRef.new(shape: SearchResourcesResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "TagResource"
         o.http_method = "POST"

data/lib/aws-sdk-macie2/errors.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-macie2/resource.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-macie2/types.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -376,7 +376,13 @@ module Aws::Macie2
 
     # Provides information about the number of S3 buckets that use certain
     # types of server-side encryption by default or don't encrypt new
-    # objects by default.
+    # objects by default. For detailed information about these settings, see
+    # [Setting default server-side encryption behavior for Amazon S3
+    # buckets][1] in the *Amazon Simple Storage Service User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
     #
     # @!attribute [rw] kms_managed
     #   @return [Integer]
@@ -387,18 +393,22 @@ module Aws::Macie2
     # @!attribute [rw] unencrypted
     #   @return [Integer]
     #
+    # @!attribute [rw] unknown
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/BucketCountByEncryptionType AWS API Documentation
     #
     class BucketCountByEncryptionType < Struct.new(
       :kms_managed,
       :s3_managed,
-      :unencrypted)
+      :unencrypted,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # Provides information about the number of S3 buckets that are shared
-    # with other AWS accounts.
+    # Provides information about the number of S3 buckets that are or
+    # aren't shared with other AWS accounts.
     #
     # @!attribute [rw] external
     #   @return [Integer]
@@ -423,6 +433,29 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides information about the number of S3 buckets whose bucket
+    # policies do or don't require server-side encryption of objects when
+    # objects are uploaded to the buckets.
+    #
+    # @!attribute [rw] allows_unencrypted_object_uploads
+    #   @return [Integer]
+    #
+    # @!attribute [rw] denies_unencrypted_object_uploads
+    #   @return [Integer]
+    #
+    # @!attribute [rw] unknown
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/BucketCountPolicyAllowsUnencryptedObjectUploads AWS API Documentation
+    #
+    class BucketCountPolicyAllowsUnencryptedObjectUploads < Struct.new(
+      :allows_unencrypted_object_uploads,
+      :denies_unencrypted_object_uploads,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the operator to use in a property-based condition that
     # filters the results of a query for information about S3 buckets.
     #
@@ -495,7 +528,7 @@ module Aws::Macie2
     #   @return [Types::BlockPublicAccess]
     #
     # @!attribute [rw] bucket_policy
-    #   Provides information about the permissions settings of a bucket
+    #   Provides information about the permissions settings of the bucket
     #   policy for an S3 bucket.
     #   @return [Types::BucketPolicy]
     #
@@ -515,6 +548,9 @@ module Aws::Macie2
     # @!attribute [rw] account_id
     #   @return [String]
     #
+    # @!attribute [rw] allows_unencrypted_object_uploads
+    #   @return [String]
+    #
     # @!attribute [rw] bucket_arn
     #   @return [String]
     #
@@ -589,21 +625,23 @@ module Aws::Macie2
     # @!attribute [rw] unclassifiable_object_count
     #   Provides information about the total storage size (in bytes) or
     #   number of objects that Amazon Macie can't analyze in one or more S3
-    #   buckets. In a BucketMetadata object, this data is for a specific
-    #   bucket. In a GetBucketStatisticsResponse object, this data is
-    #   aggregated for all the buckets in the query results. If versioning
-    #   is enabled for a bucket, total storage size values are based on the
-    #   size of the latest version of each applicable object in the bucket.
+    #   buckets. In a BucketMetadata or MatchingBucket object, this data is
+    #   for a specific bucket. In a GetBucketStatisticsResponse object, this
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, total storage size values are
+    #   based on the size of the latest version of each applicable object in
+    #   the bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] unclassifiable_object_size_in_bytes
     #   Provides information about the total storage size (in bytes) or
     #   number of objects that Amazon Macie can't analyze in one or more S3
-    #   buckets. In a BucketMetadata object, this data is for a specific
-    #   bucket. In a GetBucketStatisticsResponse object, this data is
-    #   aggregated for all the buckets in the query results. If versioning
-    #   is enabled for a bucket, total storage size values are based on the
-    #   size of the latest version of each applicable object in the bucket.
+    #   buckets. In a BucketMetadata or MatchingBucket object, this data is
+    #   for a specific bucket. In a GetBucketStatisticsResponse object, this
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, total storage size values are
+    #   based on the size of the latest version of each applicable object in
+    #   the bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] versioning
@@ -613,6 +651,7 @@ module Aws::Macie2
     #
     class BucketMetadata < Struct.new(
       :account_id,
+      :allows_unencrypted_object_uploads,
       :bucket_arn,
       :bucket_created_at,
       :bucket_name,
@@ -659,8 +698,8 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Provides information about the permissions settings of a bucket policy
-    # for an S3 bucket.
+    # Provides information about the permissions settings of the bucket
+    # policy for an S3 bucket.
     #
     # @!attribute [rw] allows_public_read_access
     #   @return [Boolean]
@@ -931,7 +970,7 @@ module Aws::Macie2
     #                 {
     #                   simple_scope_term: {
     #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #                     key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #                     values: ["__string"],
     #                   },
     #                   tag_scope_term: {
@@ -953,7 +992,7 @@ module Aws::Macie2
     #                 {
     #                   simple_scope_term: {
     #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                     key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #                     key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #                     values: ["__string"],
     #                   },
     #                   tag_scope_term: {
@@ -971,6 +1010,48 @@ module Aws::Macie2
     #               ],
     #             },
     #           },
+    #           bucket_criteria: {
+    #             excludes: {
+    #               and: [
+    #                 {
+    #                   simple_criterion: {
+    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                     key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                     values: ["__string"],
+    #                   },
+    #                   tag_criterion: {
+    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                     tag_values: [
+    #                       {
+    #                         key: "__string",
+    #                         value: "__string",
+    #                       },
+    #                     ],
+    #                   },
+    #                 },
+    #               ],
+    #             },
+    #             includes: {
+    #               and: [
+    #                 {
+    #                   simple_criterion: {
+    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                     key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                     values: ["__string"],
+    #                   },
+    #                   tag_criterion: {
+    #                     comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                     tag_values: [
+    #                       {
+    #                         key: "__string",
+    #                         value: "__string",
+    #                       },
+    #                     ],
+    #                   },
+    #                 },
+    #               ],
+    #             },
+    #           },
     #         },
     #         sampling_percentage: 1,
     #         schedule_frequency: {
@@ -1011,7 +1092,12 @@ module Aws::Macie2
     #
     # @!attribute [rw] s3_job_definition
     #   Specifies which S3 buckets contain the objects that a classification
-    #   job analyzes, and the scope of that analysis.
+    #   job analyzes, and the scope of that analysis. The bucket
+    #   specification can be static (bucketDefinitions) or dynamic
+    #   (bucketCriteria). If it's static, the job analyzes objects in the
+    #   same predefined set of buckets each time the job runs. If it's
+    #   dynamic, the job analyzes objects in any buckets that match the
+    #   specified criteria each time the job starts to run.
     #   @return [Types::S3JobDefinition]
     #
     # @!attribute [rw] sampling_percentage
@@ -1353,6 +1439,87 @@ module Aws::Macie2
     #
     class CreateSampleFindingsResponse < Aws::EmptyStructure; end
 
+    # Specifies one or more property- and tag-based conditions that define
+    # criteria for including or excluding S3 buckets from a classification
+    # job.
+    #
+    # @note When making an API call, you may pass CriteriaBlockForJob
+    #   data as a hash:
+    #
+    #       {
+    #         and: [
+    #           {
+    #             simple_criterion: {
+    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #               key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #               values: ["__string"],
+    #             },
+    #             tag_criterion: {
+    #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #               tag_values: [
+    #                 {
+    #                   key: "__string",
+    #                   value: "__string",
+    #                 },
+    #               ],
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] and
+    #   @return [Array<Types::CriteriaForJob>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CriteriaBlockForJob AWS API Documentation
+    #
+    class CriteriaBlockForJob < Struct.new(
+      :and)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a property- or tag-based condition that defines criteria for
+    # including or excluding S3 buckets from a classification job.
+    #
+    # @note When making an API call, you may pass CriteriaForJob
+    #   data as a hash:
+    #
+    #       {
+    #         simple_criterion: {
+    #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #           key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #           values: ["__string"],
+    #         },
+    #         tag_criterion: {
+    #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #           tag_values: [
+    #             {
+    #               key: "__string",
+    #               value: "__string",
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] simple_criterion
+    #   Specifies a property-based condition that determines whether an S3
+    #   bucket is included or excluded from a classification job.
+    #   @return [Types::SimpleCriterionForJob]
+    #
+    # @!attribute [rw] tag_criterion
+    #   Specifies a tag-based condition that determines whether an S3 bucket
+    #   is included or excluded from a classification job.
+    #   @return [Types::TagCriterionForJob]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CriteriaForJob AWS API Documentation
+    #
+    class CriteriaForJob < Struct.new(
+      :simple_criterion,
+      :tag_criterion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the operator to use in a property-based condition that
     # filters the results of a query for findings. For detailed information
     # and examples of each operator, see [Fundamentals of filtering
@@ -1475,9 +1642,9 @@ module Aws::Macie2
     #   @return [String]
     #
     # @!attribute [rw] occurrences
-    #   Provides the location of 1-15 occurrences of sensitive data that was
-    #   detected by managed data identifiers or a custom data identifier and
-    #   produced a sensitive data finding.
+    #   Specifies the location of 1-15 occurrences of sensitive data that
+    #   was detected by managed data identifiers or a custom data identifier
+    #   and produced a sensitive data finding.
     #   @return [Types::Occurrences]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/CustomDetection AWS API Documentation
@@ -1543,9 +1710,9 @@ module Aws::Macie2
     #   @return [Integer]
     #
     # @!attribute [rw] occurrences
-    #   Provides the location of 1-15 occurrences of sensitive data that was
-    #   detected by managed data identifiers or a custom data identifier and
-    #   produced a sensitive data finding.
+    #   Specifies the location of 1-15 occurrences of sensitive data that
+    #   was detected by managed data identifiers or a custom data identifier
+    #   and produced a sensitive data finding.
     #   @return [Types::Occurrences]
     #
     # @!attribute [rw] type
@@ -1789,10 +1956,13 @@ module Aws::Macie2
     #
     # @!attribute [rw] last_run_error_status
     #   Specifies whether any account- or bucket-level access errors
-    #   occurred when a classification job ran. For example, the job is
-    #   configured to analyze data for a member account that was suspended,
-    #   or the job is configured to analyze an S3 bucket that Amazon Macie
-    #   isn't allowed to access.
+    #   occurred when a classification job ran. For information about using
+    #   logging data to investigate these errors, see [Monitoring sensitive
+    #   data discovery jobs][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-monitor-cw-logs.html
     #   @return [Types::LastRunErrorStatus]
     #
     # @!attribute [rw] last_run_time
@@ -1803,7 +1973,12 @@ module Aws::Macie2
     #
     # @!attribute [rw] s3_job_definition
     #   Specifies which S3 buckets contain the objects that a classification
-    #   job analyzes, and the scope of that analysis.
+    #   job analyzes, and the scope of that analysis. The bucket
+    #   specification can be static (bucketDefinitions) or dynamic
+    #   (bucketCriteria). If it's static, the job analyzes objects in the
+    #   same predefined set of buckets each time the job runs. If it's
+    #   dynamic, the job analyzes objects in any buckets that match the
+    #   specified criteria each time the job starts to run.
     #   @return [Types::S3JobDefinition]
     #
     # @!attribute [rw] sampling_percentage
@@ -1999,7 +2174,13 @@ module Aws::Macie2
     #   The frequency with which Amazon Macie publishes updates to policy
     #   findings for an account. This includes publishing updates to AWS
     #   Security Hub and Amazon EventBridge (formerly called Amazon
-    #   CloudWatch Events). Valid values are:
+    #   CloudWatch Events). For more information, see [Monitoring and
+    #   processing findings][1] in the *Amazon Macie User Guide*. Valid
+    #   values are:
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/findings-monitor.html
     #   @return [String]
     #
     # @!attribute [rw] status
@@ -2396,12 +2577,24 @@ module Aws::Macie2
     # @!attribute [rw] bucket_count_by_encryption_type
     #   Provides information about the number of S3 buckets that use certain
     #   types of server-side encryption by default or don't encrypt new
-    #   objects by default.
+    #   objects by default. For detailed information about these settings,
+    #   see [Setting default server-side encryption behavior for Amazon S3
+    #   buckets][1] in the *Amazon Simple Storage Service User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
     #   @return [Types::BucketCountByEncryptionType]
     #
+    # @!attribute [rw] bucket_count_by_object_encryption_requirement
+    #   Provides information about the number of S3 buckets whose bucket
+    #   policies do or don't require server-side encryption of objects when
+    #   objects are uploaded to the buckets.
+    #   @return [Types::BucketCountPolicyAllowsUnencryptedObjectUploads]
+    #
     # @!attribute [rw] bucket_count_by_shared_access_type
-    #   Provides information about the number of S3 buckets that are shared
-    #   with other AWS accounts.
+    #   Provides information about the number of S3 buckets that are or
+    #   aren't shared with other AWS accounts.
     #   @return [Types::BucketCountBySharedAccessType]
     #
     # @!attribute [rw] classifiable_object_count
@@ -2425,21 +2618,23 @@ module Aws::Macie2
     # @!attribute [rw] unclassifiable_object_count
     #   Provides information about the total storage size (in bytes) or
     #   number of objects that Amazon Macie can't analyze in one or more S3
-    #   buckets. In a BucketMetadata object, this data is for a specific
-    #   bucket. In a GetBucketStatisticsResponse object, this data is
-    #   aggregated for all the buckets in the query results. If versioning
-    #   is enabled for a bucket, total storage size values are based on the
-    #   size of the latest version of each applicable object in the bucket.
+    #   buckets. In a BucketMetadata or MatchingBucket object, this data is
+    #   for a specific bucket. In a GetBucketStatisticsResponse object, this
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, total storage size values are
+    #   based on the size of the latest version of each applicable object in
+    #   the bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @!attribute [rw] unclassifiable_object_size_in_bytes
     #   Provides information about the total storage size (in bytes) or
     #   number of objects that Amazon Macie can't analyze in one or more S3
-    #   buckets. In a BucketMetadata object, this data is for a specific
-    #   bucket. In a GetBucketStatisticsResponse object, this data is
-    #   aggregated for all the buckets in the query results. If versioning
-    #   is enabled for a bucket, total storage size values are based on the
-    #   size of the latest version of each applicable object in the bucket.
+    #   buckets. In a BucketMetadata or MatchingBucket object, this data is
+    #   for a specific bucket. In a GetBucketStatisticsResponse object, this
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, total storage size values are
+    #   based on the size of the latest version of each applicable object in
+    #   the bucket.
     #   @return [Types::ObjectLevelStatistics]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetBucketStatisticsResponse AWS API Documentation
@@ -2448,6 +2643,7 @@ module Aws::Macie2
       :bucket_count,
       :bucket_count_by_effective_permission,
       :bucket_count_by_encryption_type,
+      :bucket_count_by_object_encryption_requirement,
       :bucket_count_by_shared_access_type,
       :classifiable_object_count,
       :classifiable_size_in_bytes,
@@ -2698,6 +2894,34 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetFindingsPublicationConfigurationRequest AWS API Documentation
+    #
+    class GetFindingsPublicationConfigurationRequest < Aws::EmptyStructure; end
+
+    # Provides information about the current configuration settings for
+    # publishing findings to AWS Security Hub automatically.
+    #
+    # @!attribute [rw] security_hub_configuration
+    #   Specifies configuration settings that determine which findings are
+    #   published to AWS Security Hub automatically. For information about
+    #   how Macie publishes findings to Security Hub, see [Amazon Macie
+    #   integration with Security Hub][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/securityhub-integration.html
+    #   @return [Types::SecurityHubConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetFindingsPublicationConfigurationResponse AWS API Documentation
+    #
+    class GetFindingsPublicationConfigurationResponse < Struct.new(
+      :security_hub_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies one or more findings to retrieve.
     #
     # @note When making an API call, you may pass GetFindingsRequest
@@ -2778,7 +3002,13 @@ module Aws::Macie2
     #   The frequency with which Amazon Macie publishes updates to policy
     #   findings for an account. This includes publishing updates to AWS
     #   Security Hub and Amazon EventBridge (formerly called Amazon
-    #   CloudWatch Events). Valid values are:
+    #   CloudWatch Events). For more information, see [Monitoring and
+    #   processing findings][1] in the *Amazon Macie User Guide*. Valid
+    #   values are:
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/findings-monitor.html
     #   @return [String]
     #
     # @!attribute [rw] service_role
@@ -3282,7 +3512,9 @@ module Aws::Macie2
     end
 
     # Specifies a property- or tag-based condition that defines criteria for
-    # including or excluding objects from a classification job.
+    # including or excluding S3 objects from a classification job. A
+    # JobScopeTerm object can contain only one simpleScopeTerm object or one
+    # tagScopeTerm object.
     #
     # @note When making an API call, you may pass JobScopeTerm
     #   data as a hash:
@@ -3290,7 +3522,7 @@ module Aws::Macie2
     #       {
     #         simple_scope_term: {
     #           comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #           key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #           key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #           values: ["__string"],
     #         },
     #         tag_scope_term: {
@@ -3307,13 +3539,13 @@ module Aws::Macie2
     #       }
     #
     # @!attribute [rw] simple_scope_term
-    #   Specifies a property-based condition that determines whether an
+    #   Specifies a property-based condition that determines whether an S3
     #   object is included or excluded from a classification job.
     #   @return [Types::SimpleScopeTerm]
     #
     # @!attribute [rw] tag_scope_term
-    #   Specifies a tag-based condition that determines whether an object is
-    #   included or excluded from a classification job.
+    #   Specifies a tag-based condition that determines whether an S3 object
+    #   is included or excluded from a classification job.
     #   @return [Types::TagScopeTerm]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/JobScopeTerm AWS API Documentation
@@ -3326,9 +3558,8 @@ module Aws::Macie2
     end
 
     # Specifies one or more property- and tag-based conditions that define
-    # criteria for including or excluding objects from a classification job.
-    # If you specify more than one condition, Amazon Macie uses an AND
-    # operator to join the conditions.
+    # criteria for including or excluding S3 objects from a classification
+    # job.
     #
     # @note When making an API call, you may pass JobScopingBlock
     #   data as a hash:
@@ -3338,7 +3569,7 @@ module Aws::Macie2
     #           {
     #             simple_scope_term: {
     #               comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #               key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #               key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #               values: ["__string"],
     #             },
     #             tag_scope_term: {
@@ -3389,10 +3620,13 @@ module Aws::Macie2
     #
     # @!attribute [rw] last_run_error_status
     #   Specifies whether any account- or bucket-level access errors
-    #   occurred when a classification job ran. For example, the job is
-    #   configured to analyze data for a member account that was suspended,
-    #   or the job is configured to analyze an S3 bucket that Amazon Macie
-    #   isn't allowed to access.
+    #   occurred when a classification job ran. For information about using
+    #   logging data to investigate these errors, see [Monitoring sensitive
+    #   data discovery jobs][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-monitor-cw-logs.html
     #   @return [Types::LastRunErrorStatus]
     #
     # @!attribute [rw] name
@@ -3409,6 +3643,12 @@ module Aws::Macie2
     #   status of RUNNING.
     #   @return [Types::UserPausedDetails]
     #
+    # @!attribute [rw] bucket_criteria
+    #   Specifies property- and tag-based conditions that define criteria
+    #   for including or excluding S3 buckets from a classification job.
+    #   Exclude conditions take precedence over include conditions.
+    #   @return [Types::S3BucketCriteriaForJob]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/JobSummary AWS API Documentation
     #
     class JobSummary < Struct.new(
@@ -3419,7 +3659,8 @@ module Aws::Macie2
       :job_type,
       :last_run_error_status,
       :name,
-      :user_paused_details)
+      :user_paused_details,
+      :bucket_criteria)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3444,10 +3685,13 @@ module Aws::Macie2
     end
 
     # Specifies whether any account- or bucket-level access errors occurred
-    # when a classification job ran. For example, the job is configured to
-    # analyze data for a member account that was suspended, or the job is
-    # configured to analyze an S3 bucket that Amazon Macie isn't allowed to
-    # access.
+    # when a classification job ran. For information about using logging
+    # data to investigate these errors, see [Monitoring sensitive data
+    # discovery jobs][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/discovery-jobs-monitor-cw-logs.html
     #
     # @!attribute [rw] code
     #   Specifies whether any account- or bucket-level access errors
@@ -3959,6 +4203,98 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Provides statistical data and other information about an S3 bucket
+    # that Amazon Macie monitors and analyzes.
+    #
+    # @!attribute [rw] account_id
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_name
+    #   @return [String]
+    #
+    # @!attribute [rw] classifiable_object_count
+    #   @return [Integer]
+    #
+    # @!attribute [rw] classifiable_size_in_bytes
+    #   @return [Integer]
+    #
+    # @!attribute [rw] job_details
+    #   Specifies whether any one-time or recurring classification jobs are
+    #   configured to analyze data in an S3 bucket, and, if so, the details
+    #   of the job that ran most recently.
+    #   @return [Types::JobDetails]
+    #
+    # @!attribute [rw] object_count
+    #   @return [Integer]
+    #
+    # @!attribute [rw] object_count_by_encryption_type
+    #   Provides information about the number of objects that are in an S3
+    #   bucket and use certain types of server-side encryption, use
+    #   client-side encryption, or aren't encrypted.
+    #   @return [Types::ObjectCountByEncryptionType]
+    #
+    # @!attribute [rw] size_in_bytes
+    #   @return [Integer]
+    #
+    # @!attribute [rw] size_in_bytes_compressed
+    #   @return [Integer]
+    #
+    # @!attribute [rw] unclassifiable_object_count
+    #   Provides information about the total storage size (in bytes) or
+    #   number of objects that Amazon Macie can't analyze in one or more S3
+    #   buckets. In a BucketMetadata or MatchingBucket object, this data is
+    #   for a specific bucket. In a GetBucketStatisticsResponse object, this
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, total storage size values are
+    #   based on the size of the latest version of each applicable object in
+    #   the bucket.
+    #   @return [Types::ObjectLevelStatistics]
+    #
+    # @!attribute [rw] unclassifiable_object_size_in_bytes
+    #   Provides information about the total storage size (in bytes) or
+    #   number of objects that Amazon Macie can't analyze in one or more S3
+    #   buckets. In a BucketMetadata or MatchingBucket object, this data is
+    #   for a specific bucket. In a GetBucketStatisticsResponse object, this
+    #   data is aggregated for all the buckets in the query results. If
+    #   versioning is enabled for a bucket, total storage size values are
+    #   based on the size of the latest version of each applicable object in
+    #   the bucket.
+    #   @return [Types::ObjectLevelStatistics]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/MatchingBucket AWS API Documentation
+    #
+    class MatchingBucket < Struct.new(
+      :account_id,
+      :bucket_name,
+      :classifiable_object_count,
+      :classifiable_size_in_bytes,
+      :job_details,
+      :object_count,
+      :object_count_by_encryption_type,
+      :size_in_bytes,
+      :size_in_bytes_compressed,
+      :unclassifiable_object_count,
+      :unclassifiable_object_size_in_bytes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides statistical data and other information about an AWS resource
+    # that Amazon Macie monitors and analyzes.
+    #
+    # @!attribute [rw] matching_bucket
+    #   Provides statistical data and other information about an S3 bucket
+    #   that Amazon Macie monitors and analyzes.
+    #   @return [Types::MatchingBucket]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/MatchingResource AWS API Documentation
+    #
+    class MatchingResource < Struct.new(
+      :matching_bucket)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about an account that's associated with an
     # Amazon Macie administrator account.
     #
@@ -4048,24 +4384,28 @@ module Aws::Macie2
     # @!attribute [rw] unencrypted
     #   @return [Integer]
     #
+    # @!attribute [rw] unknown
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/ObjectCountByEncryptionType AWS API Documentation
     #
     class ObjectCountByEncryptionType < Struct.new(
       :customer_managed,
       :kms_managed,
       :s3_managed,
-      :unencrypted)
+      :unencrypted,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Provides information about the total storage size (in bytes) or number
     # of objects that Amazon Macie can't analyze in one or more S3 buckets.
-    # In a BucketMetadata object, this data is for a specific bucket. In a
-    # GetBucketStatisticsResponse object, this data is aggregated for all
-    # the buckets in the query results. If versioning is enabled for a
-    # bucket, total storage size values are based on the size of the latest
-    # version of each applicable object in the bucket.
+    # In a BucketMetadata or MatchingBucket object, this data is for a
+    # specific bucket. In a GetBucketStatisticsResponse object, this data is
+    # aggregated for all the buckets in the query results. If versioning is
+    # enabled for a bucket, total storage size values are based on the size
+    # of the latest version of each applicable object in the bucket.
     #
     # @!attribute [rw] file_type
     #   @return [Integer]
@@ -4086,7 +4426,7 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Provides the location of 1-15 occurrences of sensitive data that was
+    # Specifies the location of 1-15 occurrences of sensitive data that was
     # detected by managed data identifiers or a custom data identifier and
     # produced a sensitive data finding.
     #
@@ -4134,14 +4474,12 @@ module Aws::Macie2
     #
     # @!attribute [rw] line_range
     #   Provides details about the location of an occurrence of sensitive
-    #   data in an Adobe Portable Document Format file, Microsoft Word
-    #   document, or non-binary text file.
+    #   data in a Microsoft Word document or non-binary text file.
     #   @return [Types::Range]
     #
     # @!attribute [rw] offset_range
     #   Provides details about the location of an occurrence of sensitive
-    #   data in an Adobe Portable Document Format file, Microsoft Word
-    #   document, or non-binary text file.
+    #   data in a Microsoft Word document or non-binary text file.
     #   @return [Types::Range]
     #
     # @!attribute [rw] page_number
@@ -4228,9 +4566,51 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies configuration settings for publishing findings to AWS
+    # Security Hub automatically.
+    #
+    # @note When making an API call, you may pass PutFindingsPublicationConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_token: "__string",
+    #         security_hub_configuration: {
+    #           publish_classification_findings: false, # required
+    #           publish_policy_findings: false, # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] client_token
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] security_hub_configuration
+    #   Specifies configuration settings that determine which findings are
+    #   published to AWS Security Hub automatically. For information about
+    #   how Macie publishes findings to Security Hub, see [Amazon Macie
+    #   integration with Security Hub][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/securityhub-integration.html
+    #   @return [Types::SecurityHubConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/PutFindingsPublicationConfigurationRequest AWS API Documentation
+    #
+    class PutFindingsPublicationConfigurationRequest < Struct.new(
+      :client_token,
+      :security_hub_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/PutFindingsPublicationConfigurationResponse AWS API Documentation
+    #
+    class PutFindingsPublicationConfigurationResponse < Aws::EmptyStructure; end
+
     # Provides details about the location of an occurrence of sensitive data
-    # in an Adobe Portable Document Format file, Microsoft Word document, or
-    # non-binary text file.
+    # in a Microsoft Word document or non-binary text file.
     #
     # @!attribute [rw] end
     #   @return [Integer]
@@ -4327,6 +4707,9 @@ module Aws::Macie2
 
     # Provides information about an S3 bucket that a finding applies to.
     #
+    # @!attribute [rw] allows_unencrypted_object_uploads
+    #   @return [String]
+    #
     # @!attribute [rw] arn
     #   @return [String]
     #
@@ -4359,6 +4742,7 @@ module Aws::Macie2
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3Bucket AWS API Documentation
     #
     class S3Bucket < Struct.new(
+      :allows_unencrypted_object_uploads,
       :arn,
       :created_at,
       :default_server_side_encryption,
@@ -4370,10 +4754,82 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies which AWS account owns the S3 buckets that a classification
-    # job analyzes, and the buckets to analyze for the account.
+    # Specifies property- and tag-based conditions that define criteria for
+    # including or excluding S3 buckets from a classification job. Exclude
+    # conditions take precedence over include conditions.
     #
-    # @note When making an API call, you may pass S3BucketDefinitionForJob
+    # @note When making an API call, you may pass S3BucketCriteriaForJob
+    #   data as a hash:
+    #
+    #       {
+    #         excludes: {
+    #           and: [
+    #             {
+    #               simple_criterion: {
+    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                 values: ["__string"],
+    #               },
+    #               tag_criterion: {
+    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                 tag_values: [
+    #                   {
+    #                     key: "__string",
+    #                     value: "__string",
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #           ],
+    #         },
+    #         includes: {
+    #           and: [
+    #             {
+    #               simple_criterion: {
+    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                 values: ["__string"],
+    #               },
+    #               tag_criterion: {
+    #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                 tag_values: [
+    #                   {
+    #                     key: "__string",
+    #                     value: "__string",
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] excludes
+    #   Specifies one or more property- and tag-based conditions that define
+    #   criteria for including or excluding S3 buckets from a classification
+    #   job.
+    #   @return [Types::CriteriaBlockForJob]
+    #
+    # @!attribute [rw] includes
+    #   Specifies one or more property- and tag-based conditions that define
+    #   criteria for including or excluding S3 buckets from a classification
+    #   job.
+    #   @return [Types::CriteriaBlockForJob]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3BucketCriteriaForJob AWS API Documentation
+    #
+    class S3BucketCriteriaForJob < Struct.new(
+      :excludes,
+      :includes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies an AWS account that owns S3 buckets for a classification job
+    # to analyze, and one or more specific buckets to analyze for that
+    # account.
+    #
+    # @note When making an API call, you may pass S3BucketDefinitionForJob
     #   data as a hash:
     #
     #       {
@@ -4445,7 +4901,12 @@ module Aws::Macie2
     end
 
     # Specifies which S3 buckets contain the objects that a classification
-    # job analyzes, and the scope of that analysis.
+    # job analyzes, and the scope of that analysis. The bucket specification
+    # can be static (bucketDefinitions) or dynamic (bucketCriteria). If
+    # it's static, the job analyzes objects in the same predefined set of
+    # buckets each time the job runs. If it's dynamic, the job analyzes
+    # objects in any buckets that match the specified criteria each time the
+    # job starts to run.
     #
     # @note When making an API call, you may pass S3JobDefinition
     #   data as a hash:
@@ -4463,7 +4924,7 @@ module Aws::Macie2
     #               {
     #                 simple_scope_term: {
     #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #                   key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #                   values: ["__string"],
     #                 },
     #                 tag_scope_term: {
@@ -4485,7 +4946,7 @@ module Aws::Macie2
     #               {
     #                 simple_scope_term: {
     #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                   key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #                   key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #                   values: ["__string"],
     #                 },
     #                 tag_scope_term: {
@@ -4503,23 +4964,71 @@ module Aws::Macie2
     #             ],
     #           },
     #         },
+    #         bucket_criteria: {
+    #           excludes: {
+    #             and: [
+    #               {
+    #                 simple_criterion: {
+    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                   values: ["__string"],
+    #                 },
+    #                 tag_criterion: {
+    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                   tag_values: [
+    #                     {
+    #                       key: "__string",
+    #                       value: "__string",
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #             ],
+    #           },
+    #           includes: {
+    #             and: [
+    #               {
+    #                 simple_criterion: {
+    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                   values: ["__string"],
+    #                 },
+    #                 tag_criterion: {
+    #                   comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #                   tag_values: [
+    #                     {
+    #                       key: "__string",
+    #                       value: "__string",
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #             ],
+    #           },
+    #         },
     #       }
     #
     # @!attribute [rw] bucket_definitions
     #   @return [Array<Types::S3BucketDefinitionForJob>]
     #
     # @!attribute [rw] scoping
-    #   Specifies one or more property- and tag-based conditions that refine
-    #   the scope of a classification job. These conditions define criteria
-    #   that determine which objects a job analyzes. Exclude conditions take
-    #   precedence over include conditions.
+    #   Specifies one or more property- and tag-based conditions that define
+    #   criteria for including or excluding S3 objects from a classification
+    #   job. Exclude conditions take precedence over include conditions.
     #   @return [Types::Scoping]
     #
+    # @!attribute [rw] bucket_criteria
+    #   Specifies property- and tag-based conditions that define criteria
+    #   for including or excluding S3 buckets from a classification job.
+    #   Exclude conditions take precedence over include conditions.
+    #   @return [Types::S3BucketCriteriaForJob]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/S3JobDefinition AWS API Documentation
     #
     class S3JobDefinition < Struct.new(
       :bucket_definitions,
-      :scoping)
+      :scoping,
+      :bucket_criteria)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4587,10 +5096,9 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies one or more property- and tag-based conditions that refine
-    # the scope of a classification job. These conditions define criteria
-    # that determine which objects a job analyzes. Exclude conditions take
-    # precedence over include conditions.
+    # Specifies one or more property- and tag-based conditions that define
+    # criteria for including or excluding S3 objects from a classification
+    # job. Exclude conditions take precedence over include conditions.
     #
     # @note When making an API call, you may pass Scoping
     #   data as a hash:
@@ -4601,7 +5109,7 @@ module Aws::Macie2
     #             {
     #               simple_scope_term: {
     #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #                 key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #                 values: ["__string"],
     #               },
     #               tag_scope_term: {
@@ -4623,7 +5131,7 @@ module Aws::Macie2
     #             {
     #               simple_scope_term: {
     #                 comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #                 key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #                 key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #                 values: ["__string"],
     #               },
     #               tag_scope_term: {
@@ -4644,16 +5152,14 @@ module Aws::Macie2
     #
     # @!attribute [rw] excludes
     #   Specifies one or more property- and tag-based conditions that define
-    #   criteria for including or excluding objects from a classification
-    #   job. If you specify more than one condition, Amazon Macie uses an
-    #   AND operator to join the conditions.
+    #   criteria for including or excluding S3 objects from a classification
+    #   job.
     #   @return [Types::JobScopingBlock]
     #
     # @!attribute [rw] includes
     #   Specifies one or more property- and tag-based conditions that define
-    #   criteria for including or excluding objects from a classification
-    #   job. If you specify more than one condition, Amazon Macie uses an
-    #   AND operator to join the conditions.
+    #   criteria for including or excluding S3 objects from a classification
+    #   job.
     #   @return [Types::JobScopingBlock]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/Scoping AWS API Documentation
@@ -4665,6 +5171,419 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies property- and tag-based conditions that define filter
+    # criteria for including or excluding S3 buckets from the query results.
+    # Exclude conditions take precedence over include conditions.
+    #
+    # @note When making an API call, you may pass SearchResourcesBucketCriteria
+    #   data as a hash:
+    #
+    #       {
+    #         excludes: {
+    #           and: [
+    #             {
+    #               simple_criterion: {
+    #                 comparator: "EQ", # accepts EQ, NE
+    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                 values: ["__string"],
+    #               },
+    #               tag_criterion: {
+    #                 comparator: "EQ", # accepts EQ, NE
+    #                 tag_values: [
+    #                   {
+    #                     key: "__string",
+    #                     value: "__string",
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #           ],
+    #         },
+    #         includes: {
+    #           and: [
+    #             {
+    #               simple_criterion: {
+    #                 comparator: "EQ", # accepts EQ, NE
+    #                 key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                 values: ["__string"],
+    #               },
+    #               tag_criterion: {
+    #                 comparator: "EQ", # accepts EQ, NE
+    #                 tag_values: [
+    #                   {
+    #                     key: "__string",
+    #                     value: "__string",
+    #                   },
+    #                 ],
+    #               },
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] excludes
+    #   Specifies property- and tag-based conditions that define filter
+    #   criteria for including or excluding AWS resources from the query
+    #   results.
+    #   @return [Types::SearchResourcesCriteriaBlock]
+    #
+    # @!attribute [rw] includes
+    #   Specifies property- and tag-based conditions that define filter
+    #   criteria for including or excluding AWS resources from the query
+    #   results.
+    #   @return [Types::SearchResourcesCriteriaBlock]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesBucketCriteria AWS API Documentation
+    #
+    class SearchResourcesBucketCriteria < Struct.new(
+      :excludes,
+      :includes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a property- or tag-based filter condition for including or
+    # excluding AWS resources from the query results.
+    #
+    # @note When making an API call, you may pass SearchResourcesCriteria
+    #   data as a hash:
+    #
+    #       {
+    #         simple_criterion: {
+    #           comparator: "EQ", # accepts EQ, NE
+    #           key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #           values: ["__string"],
+    #         },
+    #         tag_criterion: {
+    #           comparator: "EQ", # accepts EQ, NE
+    #           tag_values: [
+    #             {
+    #               key: "__string",
+    #               value: "__string",
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] simple_criterion
+    #   Specifies a property-based filter condition that determines which
+    #   AWS resources are included or excluded from the query results.
+    #   @return [Types::SearchResourcesSimpleCriterion]
+    #
+    # @!attribute [rw] tag_criterion
+    #   Specifies a tag-based filter condition that determines which AWS
+    #   resources are included or excluded from the query results.
+    #   @return [Types::SearchResourcesTagCriterion]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesCriteria AWS API Documentation
+    #
+    class SearchResourcesCriteria < Struct.new(
+      :simple_criterion,
+      :tag_criterion)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies property- and tag-based conditions that define filter
+    # criteria for including or excluding AWS resources from the query
+    # results.
+    #
+    # @note When making an API call, you may pass SearchResourcesCriteriaBlock
+    #   data as a hash:
+    #
+    #       {
+    #         and: [
+    #           {
+    #             simple_criterion: {
+    #               comparator: "EQ", # accepts EQ, NE
+    #               key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #               values: ["__string"],
+    #             },
+    #             tag_criterion: {
+    #               comparator: "EQ", # accepts EQ, NE
+    #               tag_values: [
+    #                 {
+    #                   key: "__string",
+    #                   value: "__string",
+    #                 },
+    #               ],
+    #             },
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] and
+    #   @return [Array<Types::SearchResourcesCriteria>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesCriteriaBlock AWS API Documentation
+    #
+    class SearchResourcesCriteriaBlock < Struct.new(
+      :and)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies criteria for filtering, sorting, and paginating the results
+    # of a query for statistical data and other information about AWS
+    # resources that Amazon Macie monitors and analyzes.
+    #
+    # @note When making an API call, you may pass SearchResourcesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         bucket_criteria: {
+    #           excludes: {
+    #             and: [
+    #               {
+    #                 simple_criterion: {
+    #                   comparator: "EQ", # accepts EQ, NE
+    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                   values: ["__string"],
+    #                 },
+    #                 tag_criterion: {
+    #                   comparator: "EQ", # accepts EQ, NE
+    #                   tag_values: [
+    #                     {
+    #                       key: "__string",
+    #                       value: "__string",
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #             ],
+    #           },
+    #           includes: {
+    #             and: [
+    #               {
+    #                 simple_criterion: {
+    #                   comparator: "EQ", # accepts EQ, NE
+    #                   key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #                   values: ["__string"],
+    #                 },
+    #                 tag_criterion: {
+    #                   comparator: "EQ", # accepts EQ, NE
+    #                   tag_values: [
+    #                     {
+    #                       key: "__string",
+    #                       value: "__string",
+    #                     },
+    #                   ],
+    #                 },
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         max_results: 1,
+    #         next_token: "__string",
+    #         sort_criteria: {
+    #           attribute_name: "ACCOUNT_ID", # accepts ACCOUNT_ID, RESOURCE_NAME, S3_CLASSIFIABLE_OBJECT_COUNT, S3_CLASSIFIABLE_SIZE_IN_BYTES
+    #           order_by: "ASC", # accepts ASC, DESC
+    #         },
+    #       }
+    #
+    # @!attribute [rw] bucket_criteria
+    #   Specifies property- and tag-based conditions that define filter
+    #   criteria for including or excluding S3 buckets from the query
+    #   results. Exclude conditions take precedence over include conditions.
+    #   @return [Types::SearchResourcesBucketCriteria]
+    #
+    # @!attribute [rw] max_results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @!attribute [rw] sort_criteria
+    #   Specifies criteria for sorting the results of a query for
+    #   information about AWS resources that Amazon Macie monitors and
+    #   analyzes.
+    #   @return [Types::SearchResourcesSortCriteria]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesRequest AWS API Documentation
+    #
+    class SearchResourcesRequest < Struct.new(
+      :bucket_criteria,
+      :max_results,
+      :next_token,
+      :sort_criteria)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides the results of a query that retrieved statistical data and
+    # other information about AWS resources that Amazon Macie monitors and
+    # analyzes.
+    #
+    # @!attribute [rw] matching_resources
+    #   @return [Array<Types::MatchingResource>]
+    #
+    # @!attribute [rw] next_token
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesResponse AWS API Documentation
+    #
+    class SearchResourcesResponse < Struct.new(
+      :matching_resources,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a property-based filter condition that determines which AWS
+    # resources are included or excluded from the query results.
+    #
+    # @note When making an API call, you may pass SearchResourcesSimpleCriterion
+    #   data as a hash:
+    #
+    #       {
+    #         comparator: "EQ", # accepts EQ, NE
+    #         key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #         values: ["__string"],
+    #       }
+    #
+    # @!attribute [rw] comparator
+    #   The operator to use in a condition that filters the results of a
+    #   query. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] key
+    #   The property to use in a condition that filters the query results.
+    #   Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] values
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesSimpleCriterion AWS API Documentation
+    #
+    class SearchResourcesSimpleCriterion < Struct.new(
+      :comparator,
+      :key,
+      :values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies criteria for sorting the results of a query for information
+    # about AWS resources that Amazon Macie monitors and analyzes.
+    #
+    # @note When making an API call, you may pass SearchResourcesSortCriteria
+    #   data as a hash:
+    #
+    #       {
+    #         attribute_name: "ACCOUNT_ID", # accepts ACCOUNT_ID, RESOURCE_NAME, S3_CLASSIFIABLE_OBJECT_COUNT, S3_CLASSIFIABLE_SIZE_IN_BYTES
+    #         order_by: "ASC", # accepts ASC, DESC
+    #       }
+    #
+    # @!attribute [rw] attribute_name
+    #   The property to sort the query results by. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] order_by
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesSortCriteria AWS API Documentation
+    #
+    class SearchResourcesSortCriteria < Struct.new(
+      :attribute_name,
+      :order_by)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a tag-based filter condition that determines which AWS
+    # resources are included or excluded from the query results.
+    #
+    # @note When making an API call, you may pass SearchResourcesTagCriterion
+    #   data as a hash:
+    #
+    #       {
+    #         comparator: "EQ", # accepts EQ, NE
+    #         tag_values: [
+    #           {
+    #             key: "__string",
+    #             value: "__string",
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] comparator
+    #   The operator to use in a condition that filters the results of a
+    #   query. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_values
+    #   @return [Array<Types::SearchResourcesTagCriterionPair>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesTagCriterion AWS API Documentation
+    #
+    class SearchResourcesTagCriterion < Struct.new(
+      :comparator,
+      :tag_values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a tag key, a tag value, or a tag key and value (as a pair)
+    # to use in a tag-based filter condition for a query. Tag keys and
+    # values are case sensitive. Also, Amazon Macie doesn't support use of
+    # partial values or wildcard characters in tag-based filter conditions.
+    #
+    # @note When making an API call, you may pass SearchResourcesTagCriterionPair
+    #   data as a hash:
+    #
+    #       {
+    #         key: "__string",
+    #         value: "__string",
+    #       }
+    #
+    # @!attribute [rw] key
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SearchResourcesTagCriterionPair AWS API Documentation
+    #
+    class SearchResourcesTagCriterionPair < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies configuration settings that determine which findings are
+    # published to AWS Security Hub automatically. For information about how
+    # Macie publishes findings to Security Hub, see [Amazon Macie
+    # integration with Security Hub][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/securityhub-integration.html
+    #
+    # @note When making an API call, you may pass SecurityHubConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         publish_classification_findings: false, # required
+    #         publish_policy_findings: false, # required
+    #       }
+    #
+    # @!attribute [rw] publish_classification_findings
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] publish_policy_findings
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SecurityHubConfiguration AWS API Documentation
+    #
+    class SecurityHubConfiguration < Struct.new(
+      :publish_classification_findings,
+      :publish_policy_findings)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Provides information about the category, types, and occurrences of
     # sensitive data that produced a sensitive data finding.
     #
@@ -4838,15 +5757,50 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies a property-based condition that determines whether an object
-    # is included or excluded from a classification job.
+    # Specifies a property-based condition that determines whether an S3
+    # bucket is included or excluded from a classification job.
+    #
+    # @note When making an API call, you may pass SimpleCriterionForJob
+    #   data as a hash:
+    #
+    #       {
+    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #         key: "ACCOUNT_ID", # accepts ACCOUNT_ID, S3_BUCKET_NAME, S3_BUCKET_EFFECTIVE_PERMISSION, S3_BUCKET_SHARED_ACCESS
+    #         values: ["__string"],
+    #       }
+    #
+    # @!attribute [rw] comparator
+    #   The operator to use in a condition. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] key
+    #   The property to use in a condition that determines whether an S3
+    #   bucket is included or excluded from a classification job. Valid
+    #   values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] values
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/SimpleCriterionForJob AWS API Documentation
+    #
+    class SimpleCriterionForJob < Struct.new(
+      :comparator,
+      :key,
+      :values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a property-based condition that determines whether an S3
+    # object is included or excluded from a classification job.
     #
     # @note When making an API call, you may pass SimpleScopeTerm
     #   data as a hash:
     #
     #       {
     #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
-    #         key: "BUCKET_CREATION_DATE", # accepts BUCKET_CREATION_DATE, OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, TAG, OBJECT_KEY
+    #         key: "OBJECT_EXTENSION", # accepts OBJECT_EXTENSION, OBJECT_LAST_MODIFIED_DATE, OBJECT_SIZE, OBJECT_KEY
     #         values: ["__string"],
     #       }
     #
@@ -4855,8 +5809,9 @@ module Aws::Macie2
     #   @return [String]
     #
     # @!attribute [rw] key
-    #   The property to use in a condition that determines which objects are
-    #   analyzed by a classification job. Valid values are:
+    #   The property to use in a condition that determines whether an S3
+    #   object is included or excluded from a classification job. Valid
+    #   values are:
     #   @return [String]
     #
     # @!attribute [rw] values
@@ -4914,6 +5869,67 @@ module Aws::Macie2
       include Aws::Structure
     end
 
+    # Specifies a tag-based condition that determines whether an S3 bucket
+    # is included or excluded from a classification job.
+    #
+    # @note When making an API call, you may pass TagCriterionForJob
+    #   data as a hash:
+    #
+    #       {
+    #         comparator: "EQ", # accepts EQ, GT, GTE, LT, LTE, NE, CONTAINS, STARTS_WITH
+    #         tag_values: [
+    #           {
+    #             key: "__string",
+    #             value: "__string",
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] comparator
+    #   The operator to use in a condition. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_values
+    #   @return [Array<Types::TagCriterionPairForJob>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/TagCriterionForJob AWS API Documentation
+    #
+    class TagCriterionForJob < Struct.new(
+      :comparator,
+      :tag_values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies a tag key, a tag value, or a tag key and value (as a pair)
+    # to use in a tag-based condition that determines whether an S3 bucket
+    # is included or excluded from a classification job. Tag keys and values
+    # are case sensitive. Also, Amazon Macie doesn't support use of partial
+    # values or wildcard characters in tag-based conditions.
+    #
+    # @note When making an API call, you may pass TagCriterionPairForJob
+    #   data as a hash:
+    #
+    #       {
+    #         key: "__string",
+    #         value: "__string",
+    #       }
+    #
+    # @!attribute [rw] key
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/TagCriterionPairForJob AWS API Documentation
+    #
+    class TagCriterionPairForJob < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the tags (keys and values) to associate with a
     # classification job, custom data identifier, findings filter, or member
     # account.
@@ -4952,8 +5968,8 @@ module Aws::Macie2
     #
     class TagResourceResponse < Aws::EmptyStructure; end
 
-    # Specifies a tag-based condition that determines whether an object is
-    # included or excluded from a classification job.
+    # Specifies a tag-based condition that determines whether an S3 object
+    # is included or excluded from a classification job.
     #
     # @note When making an API call, you may pass TagScopeTerm
     #   data as a hash:
@@ -4997,7 +6013,10 @@ module Aws::Macie2
     end
 
     # Specifies a tag key or tag key and value pair to use in a tag-based
-    # condition for a classification job.
+    # condition that determines whether an S3 object is included or excluded
+    # from a classification job. Tag keys and values are case sensitive.
+    # Also, Amazon Macie doesn't support use of partial values or wildcard
+    # characters in tag-based conditions.
     #
     # @note When making an API call, you may pass TagValuePair
     #   data as a hash:
@@ -5143,8 +6162,8 @@ module Aws::Macie2
     class UntagResourceResponse < Aws::EmptyStructure; end
 
     # Changes the status of a classification job. For more information about
-    # pausing, resuming, or cancelling jobs, see [Managing and monitoring
-    # sensitive data discovery jobs][1] in the *Amazon Macie User Guide*.
+    # pausing, resuming, or cancelling jobs, see [Managing sensitive data
+    # discovery jobs][1] in the *Amazon Macie User Guide*.
     #
     #
     #
@@ -5202,6 +6221,7 @@ module Aws::Macie2
     #         id: "__string", # required
     #         name: "__string",
     #         position: 1,
+    #         client_token: "__string",
     #       }
     #
     # @!attribute [rw] action
@@ -5227,6 +6247,11 @@ module Aws::Macie2
     # @!attribute [rw] position
     #   @return [Integer]
     #
+    # @!attribute [rw] client_token
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateFindingsFilterRequest AWS API Documentation
     #
     class UpdateFindingsFilterRequest < Struct.new(
@@ -5235,7 +6260,8 @@ module Aws::Macie2
       :finding_criteria,
       :id,
       :name,
-      :position)
+      :position,
+      :client_token)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5273,7 +6299,13 @@ module Aws::Macie2
     #   The frequency with which Amazon Macie publishes updates to policy
     #   findings for an account. This includes publishing updates to AWS
     #   Security Hub and Amazon EventBridge (formerly called Amazon
-    #   CloudWatch Events). Valid values are:
+    #   CloudWatch Events). For more information, see [Monitoring and
+    #   processing findings][1] in the *Amazon Macie User Guide*. Valid
+    #   values are:
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/findings-monitor.html
     #   @return [String]
     #
     # @!attribute [rw] status