aws-sdk-securityhub 1.14.0 → 1.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-securityhub.rb +1 -1
- data/lib/aws-sdk-securityhub/client.rb +211 -3
- data/lib/aws-sdk-securityhub/client_api.rb +174 -1
- data/lib/aws-sdk-securityhub/types.rb +1525 -62
- metadata +2 -2
@@ -103,103 +103,876 @@ module Aws::SecurityHub
|
|
103
103
|
include Aws::Structure
|
104
104
|
end
|
105
105
|
|
106
|
+
# Information about an Availability Zone.
|
107
|
+
#
|
108
|
+
# @note When making an API call, you may pass AvailabilityZone
|
109
|
+
# data as a hash:
|
110
|
+
#
|
111
|
+
# {
|
112
|
+
# zone_name: "NonEmptyString",
|
113
|
+
# subnet_id: "NonEmptyString",
|
114
|
+
# }
|
115
|
+
#
|
116
|
+
# @!attribute [rw] zone_name
|
117
|
+
# The name of the Availability Zone.
|
118
|
+
# @return [String]
|
119
|
+
#
|
120
|
+
# @!attribute [rw] subnet_id
|
121
|
+
# The ID of the subnet. You can specify one subnet per Availability
|
122
|
+
# Zone.
|
123
|
+
# @return [String]
|
124
|
+
#
|
125
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AvailabilityZone AWS API Documentation
|
126
|
+
#
|
127
|
+
class AvailabilityZone < Struct.new(
|
128
|
+
:zone_name,
|
129
|
+
:subnet_id)
|
130
|
+
include Aws::Structure
|
131
|
+
end
|
132
|
+
|
133
|
+
# A distribution configuration.
|
134
|
+
#
|
135
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionDetails
|
136
|
+
# data as a hash:
|
137
|
+
#
|
138
|
+
# {
|
139
|
+
# domain_name: "NonEmptyString",
|
140
|
+
# etag: "NonEmptyString",
|
141
|
+
# last_modified_time: "NonEmptyString",
|
142
|
+
# logging: {
|
143
|
+
# bucket: "NonEmptyString",
|
144
|
+
# enabled: false,
|
145
|
+
# include_cookies: false,
|
146
|
+
# prefix: "NonEmptyString",
|
147
|
+
# },
|
148
|
+
# origins: {
|
149
|
+
# items: [
|
150
|
+
# {
|
151
|
+
# domain_name: "NonEmptyString",
|
152
|
+
# id: "NonEmptyString",
|
153
|
+
# origin_path: "NonEmptyString",
|
154
|
+
# },
|
155
|
+
# ],
|
156
|
+
# },
|
157
|
+
# status: "NonEmptyString",
|
158
|
+
# web_acl_id: "NonEmptyString",
|
159
|
+
# }
|
160
|
+
#
|
161
|
+
# @!attribute [rw] domain_name
|
162
|
+
# The domain name corresponding to the distribution.
|
163
|
+
# @return [String]
|
164
|
+
#
|
165
|
+
# @!attribute [rw] etag
|
166
|
+
# The entity tag is a hash of the object.
|
167
|
+
# @return [String]
|
168
|
+
#
|
169
|
+
# @!attribute [rw] last_modified_time
|
170
|
+
# The date and time that the distribution was last modified.
|
171
|
+
# @return [String]
|
172
|
+
#
|
173
|
+
# @!attribute [rw] logging
|
174
|
+
# A complex type that controls whether access logs are written for the
|
175
|
+
# distribution.
|
176
|
+
# @return [Types::AwsCloudFrontDistributionLogging]
|
177
|
+
#
|
178
|
+
# @!attribute [rw] origins
|
179
|
+
# A complex type that contains information about origins for this
|
180
|
+
# distribution.
|
181
|
+
# @return [Types::AwsCloudFrontDistributionOrigins]
|
182
|
+
#
|
183
|
+
# @!attribute [rw] status
|
184
|
+
# Indicates the current status of the distribution.
|
185
|
+
# @return [String]
|
186
|
+
#
|
187
|
+
# @!attribute [rw] web_acl_id
|
188
|
+
# A unique identifier that specifies the AWS WAF web ACL, if any, to
|
189
|
+
# associate with this distribution.
|
190
|
+
# @return [String]
|
191
|
+
#
|
192
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionDetails AWS API Documentation
|
193
|
+
#
|
194
|
+
class AwsCloudFrontDistributionDetails < Struct.new(
|
195
|
+
:domain_name,
|
196
|
+
:etag,
|
197
|
+
:last_modified_time,
|
198
|
+
:logging,
|
199
|
+
:origins,
|
200
|
+
:status,
|
201
|
+
:web_acl_id)
|
202
|
+
include Aws::Structure
|
203
|
+
end
|
204
|
+
|
205
|
+
# A complex type that controls whether access logs are written for the
|
206
|
+
# distribution.
|
207
|
+
#
|
208
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionLogging
|
209
|
+
# data as a hash:
|
210
|
+
#
|
211
|
+
# {
|
212
|
+
# bucket: "NonEmptyString",
|
213
|
+
# enabled: false,
|
214
|
+
# include_cookies: false,
|
215
|
+
# prefix: "NonEmptyString",
|
216
|
+
# }
|
217
|
+
#
|
218
|
+
# @!attribute [rw] bucket
|
219
|
+
# The Amazon S3 bucket to store the access logs in.
|
220
|
+
# @return [String]
|
221
|
+
#
|
222
|
+
# @!attribute [rw] enabled
|
223
|
+
# With this field, you can enable or disable the selected
|
224
|
+
# distribution.
|
225
|
+
# @return [Boolean]
|
226
|
+
#
|
227
|
+
# @!attribute [rw] include_cookies
|
228
|
+
# Specifies whether you want CloudFront to include cookies in access
|
229
|
+
# logs.
|
230
|
+
# @return [Boolean]
|
231
|
+
#
|
232
|
+
# @!attribute [rw] prefix
|
233
|
+
# An optional string that you want CloudFront to prefix to the access
|
234
|
+
# log filenames for this distribution.
|
235
|
+
# @return [String]
|
236
|
+
#
|
237
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionLogging AWS API Documentation
|
238
|
+
#
|
239
|
+
class AwsCloudFrontDistributionLogging < Struct.new(
|
240
|
+
:bucket,
|
241
|
+
:enabled,
|
242
|
+
:include_cookies,
|
243
|
+
:prefix)
|
244
|
+
include Aws::Structure
|
245
|
+
end
|
246
|
+
|
247
|
+
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
248
|
+
# example, a web server), Amazon MediaStore, or other server from which
|
249
|
+
# CloudFront gets your files.
|
250
|
+
#
|
251
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
|
252
|
+
# data as a hash:
|
253
|
+
#
|
254
|
+
# {
|
255
|
+
# domain_name: "NonEmptyString",
|
256
|
+
# id: "NonEmptyString",
|
257
|
+
# origin_path: "NonEmptyString",
|
258
|
+
# }
|
259
|
+
#
|
260
|
+
# @!attribute [rw] domain_name
|
261
|
+
# Amazon S3 origins: The DNS name of the Amazon S3 bucket from which
|
262
|
+
# you want CloudFront to get objects for this origin.
|
263
|
+
# @return [String]
|
264
|
+
#
|
265
|
+
# @!attribute [rw] id
|
266
|
+
# A unique identifier for the origin or origin group.
|
267
|
+
# @return [String]
|
268
|
+
#
|
269
|
+
# @!attribute [rw] origin_path
|
270
|
+
# An optional element that causes CloudFront to request your content
|
271
|
+
# from a directory in your Amazon S3 bucket or your custom origin.
|
272
|
+
# @return [String]
|
273
|
+
#
|
274
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginItem AWS API Documentation
|
275
|
+
#
|
276
|
+
class AwsCloudFrontDistributionOriginItem < Struct.new(
|
277
|
+
:domain_name,
|
278
|
+
:id,
|
279
|
+
:origin_path)
|
280
|
+
include Aws::Structure
|
281
|
+
end
|
282
|
+
|
283
|
+
# A complex type that contains information about origins and origin
|
284
|
+
# groups for this distribution.
|
285
|
+
#
|
286
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionOrigins
|
287
|
+
# data as a hash:
|
288
|
+
#
|
289
|
+
# {
|
290
|
+
# items: [
|
291
|
+
# {
|
292
|
+
# domain_name: "NonEmptyString",
|
293
|
+
# id: "NonEmptyString",
|
294
|
+
# origin_path: "NonEmptyString",
|
295
|
+
# },
|
296
|
+
# ],
|
297
|
+
# }
|
298
|
+
#
|
299
|
+
# @!attribute [rw] items
|
300
|
+
# A complex type that contains origins or origin groups for this
|
301
|
+
# distribution.
|
302
|
+
# @return [Array<Types::AwsCloudFrontDistributionOriginItem>]
|
303
|
+
#
|
304
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOrigins AWS API Documentation
|
305
|
+
#
|
306
|
+
class AwsCloudFrontDistributionOrigins < Struct.new(
|
307
|
+
:items)
|
308
|
+
include Aws::Structure
|
309
|
+
end
|
310
|
+
|
106
311
|
# The details of an Amazon EC2 instance.
|
107
312
|
#
|
108
313
|
# @note When making an API call, you may pass AwsEc2InstanceDetails
|
109
314
|
# data as a hash:
|
110
315
|
#
|
111
316
|
# {
|
112
|
-
# type: "NonEmptyString",
|
113
|
-
# image_id: "NonEmptyString",
|
114
|
-
# ip_v4_addresses: ["NonEmptyString"],
|
115
|
-
# ip_v6_addresses: ["NonEmptyString"],
|
116
|
-
# key_name: "NonEmptyString",
|
117
|
-
# iam_instance_profile_arn: "NonEmptyString",
|
118
|
-
# vpc_id: "NonEmptyString",
|
119
|
-
# subnet_id: "NonEmptyString",
|
120
|
-
# launched_at: "NonEmptyString",
|
317
|
+
# type: "NonEmptyString",
|
318
|
+
# image_id: "NonEmptyString",
|
319
|
+
# ip_v4_addresses: ["NonEmptyString"],
|
320
|
+
# ip_v6_addresses: ["NonEmptyString"],
|
321
|
+
# key_name: "NonEmptyString",
|
322
|
+
# iam_instance_profile_arn: "NonEmptyString",
|
323
|
+
# vpc_id: "NonEmptyString",
|
324
|
+
# subnet_id: "NonEmptyString",
|
325
|
+
# launched_at: "NonEmptyString",
|
326
|
+
# }
|
327
|
+
#
|
328
|
+
# @!attribute [rw] type
|
329
|
+
# The instance type of the instance.
|
330
|
+
# @return [String]
|
331
|
+
#
|
332
|
+
# @!attribute [rw] image_id
|
333
|
+
# The Amazon Machine Image (AMI) ID of the instance.
|
334
|
+
# @return [String]
|
335
|
+
#
|
336
|
+
# @!attribute [rw] ip_v4_addresses
|
337
|
+
# The IPv4 addresses associated with the instance.
|
338
|
+
# @return [Array<String>]
|
339
|
+
#
|
340
|
+
# @!attribute [rw] ip_v6_addresses
|
341
|
+
# The IPv6 addresses associated with the instance.
|
342
|
+
# @return [Array<String>]
|
343
|
+
#
|
344
|
+
# @!attribute [rw] key_name
|
345
|
+
# The key name associated with the instance.
|
346
|
+
# @return [String]
|
347
|
+
#
|
348
|
+
# @!attribute [rw] iam_instance_profile_arn
|
349
|
+
# The IAM profile ARN of the instance.
|
350
|
+
# @return [String]
|
351
|
+
#
|
352
|
+
# @!attribute [rw] vpc_id
|
353
|
+
# The identifier of the VPC that the instance was launched in.
|
354
|
+
# @return [String]
|
355
|
+
#
|
356
|
+
# @!attribute [rw] subnet_id
|
357
|
+
# The identifier of the subnet that the instance was launched in.
|
358
|
+
# @return [String]
|
359
|
+
#
|
360
|
+
# @!attribute [rw] launched_at
|
361
|
+
# The date/time the instance was launched.
|
362
|
+
# @return [String]
|
363
|
+
#
|
364
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
|
365
|
+
#
|
366
|
+
class AwsEc2InstanceDetails < Struct.new(
|
367
|
+
:type,
|
368
|
+
:image_id,
|
369
|
+
:ip_v4_addresses,
|
370
|
+
:ip_v6_addresses,
|
371
|
+
:key_name,
|
372
|
+
:iam_instance_profile_arn,
|
373
|
+
:vpc_id,
|
374
|
+
:subnet_id,
|
375
|
+
:launched_at)
|
376
|
+
include Aws::Structure
|
377
|
+
end
|
378
|
+
|
379
|
+
# Information about a load balancer.
|
380
|
+
#
|
381
|
+
# @note When making an API call, you may pass AwsElbv2LoadBalancerDetails
|
382
|
+
# data as a hash:
|
383
|
+
#
|
384
|
+
# {
|
385
|
+
# availability_zones: [
|
386
|
+
# {
|
387
|
+
# zone_name: "NonEmptyString",
|
388
|
+
# subnet_id: "NonEmptyString",
|
389
|
+
# },
|
390
|
+
# ],
|
391
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
392
|
+
# created_time: "NonEmptyString",
|
393
|
+
# dns_name: "NonEmptyString",
|
394
|
+
# ip_address_type: "NonEmptyString",
|
395
|
+
# scheme: "NonEmptyString",
|
396
|
+
# security_groups: ["NonEmptyString"],
|
397
|
+
# state: {
|
398
|
+
# code: "NonEmptyString",
|
399
|
+
# reason: "NonEmptyString",
|
400
|
+
# },
|
401
|
+
# type: "NonEmptyString",
|
402
|
+
# vpc_id: "NonEmptyString",
|
403
|
+
# }
|
404
|
+
#
|
405
|
+
# @!attribute [rw] availability_zones
|
406
|
+
# The Availability Zones for the load balancer.
|
407
|
+
# @return [Array<Types::AvailabilityZone>]
|
408
|
+
#
|
409
|
+
# @!attribute [rw] canonical_hosted_zone_id
|
410
|
+
# The ID of the Amazon Route 53 hosted zone associated with the load
|
411
|
+
# balancer.
|
412
|
+
# @return [String]
|
413
|
+
#
|
414
|
+
# @!attribute [rw] created_time
|
415
|
+
# The date and time the load balancer was created.
|
416
|
+
# @return [String]
|
417
|
+
#
|
418
|
+
# @!attribute [rw] dns_name
|
419
|
+
# The public DNS name of the load balancer.
|
420
|
+
# @return [String]
|
421
|
+
#
|
422
|
+
# @!attribute [rw] ip_address_type
|
423
|
+
# The type of IP addresses used by the subnets for your load balancer.
|
424
|
+
# The possible values are ipv4 (for IPv4 addresses) and dualstack (for
|
425
|
+
# IPv4 and IPv6 addresses).
|
426
|
+
# @return [String]
|
427
|
+
#
|
428
|
+
# @!attribute [rw] scheme
|
429
|
+
# The nodes of an Internet-facing load balancer have public IP
|
430
|
+
# addresses.
|
431
|
+
# @return [String]
|
432
|
+
#
|
433
|
+
# @!attribute [rw] security_groups
|
434
|
+
# The IDs of the security groups for the load balancer.
|
435
|
+
# @return [Array<String>]
|
436
|
+
#
|
437
|
+
# @!attribute [rw] state
|
438
|
+
# The state of the load balancer.
|
439
|
+
# @return [Types::LoadBalancerState]
|
440
|
+
#
|
441
|
+
# @!attribute [rw] type
|
442
|
+
# The type of load balancer.
|
443
|
+
# @return [String]
|
444
|
+
#
|
445
|
+
# @!attribute [rw] vpc_id
|
446
|
+
# The ID of the VPC for the load balancer.
|
447
|
+
# @return [String]
|
448
|
+
#
|
449
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbv2LoadBalancerDetails AWS API Documentation
|
450
|
+
#
|
451
|
+
class AwsElbv2LoadBalancerDetails < Struct.new(
|
452
|
+
:availability_zones,
|
453
|
+
:canonical_hosted_zone_id,
|
454
|
+
:created_time,
|
455
|
+
:dns_name,
|
456
|
+
:ip_address_type,
|
457
|
+
:scheme,
|
458
|
+
:security_groups,
|
459
|
+
:state,
|
460
|
+
:type,
|
461
|
+
:vpc_id)
|
462
|
+
include Aws::Structure
|
463
|
+
end
|
464
|
+
|
465
|
+
# IAM access key details related to a finding.
|
466
|
+
#
|
467
|
+
# @note When making an API call, you may pass AwsIamAccessKeyDetails
|
468
|
+
# data as a hash:
|
469
|
+
#
|
470
|
+
# {
|
471
|
+
# user_name: "NonEmptyString",
|
472
|
+
# status: "Active", # accepts Active, Inactive
|
473
|
+
# created_at: "NonEmptyString",
|
474
|
+
# principal_id: "NonEmptyString",
|
475
|
+
# principal_type: "NonEmptyString",
|
476
|
+
# principal_name: "NonEmptyString",
|
477
|
+
# }
|
478
|
+
#
|
479
|
+
# @!attribute [rw] user_name
|
480
|
+
# The user associated with the IAM access key related to a finding.
|
481
|
+
#
|
482
|
+
# The `UserName` parameter has been replaced with the `PrincipalName`
|
483
|
+
# parameter because access keys can also be assigned to principals
|
484
|
+
# that are not IAM users.
|
485
|
+
# @return [String]
|
486
|
+
#
|
487
|
+
# @!attribute [rw] status
|
488
|
+
# The status of the IAM access key related to a finding.
|
489
|
+
# @return [String]
|
490
|
+
#
|
491
|
+
# @!attribute [rw] created_at
|
492
|
+
# The creation date/time of the IAM access key related to a finding.
|
493
|
+
# @return [String]
|
494
|
+
#
|
495
|
+
# @!attribute [rw] principal_id
|
496
|
+
# The ID of the principal associated with an access key.
|
497
|
+
# @return [String]
|
498
|
+
#
|
499
|
+
# @!attribute [rw] principal_type
|
500
|
+
# The type of principal associated with an access key.
|
501
|
+
# @return [String]
|
502
|
+
#
|
503
|
+
# @!attribute [rw] principal_name
|
504
|
+
# The name of the principal.
|
505
|
+
# @return [String]
|
506
|
+
#
|
507
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation
|
508
|
+
#
|
509
|
+
class AwsIamAccessKeyDetails < Struct.new(
|
510
|
+
:user_name,
|
511
|
+
:status,
|
512
|
+
:created_at,
|
513
|
+
:principal_id,
|
514
|
+
:principal_type,
|
515
|
+
:principal_name)
|
516
|
+
include Aws::Structure
|
517
|
+
end
|
518
|
+
|
519
|
+
# Contains information about an IAM role, including all of the role's
|
520
|
+
# policies.
|
521
|
+
#
|
522
|
+
# @note When making an API call, you may pass AwsIamRoleDetails
|
523
|
+
# data as a hash:
|
524
|
+
#
|
525
|
+
# {
|
526
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
527
|
+
# create_date: "NonEmptyString",
|
528
|
+
# role_id: "NonEmptyString",
|
529
|
+
# role_name: "NonEmptyString",
|
530
|
+
# max_session_duration: 1,
|
531
|
+
# path: "NonEmptyString",
|
532
|
+
# }
|
533
|
+
#
|
534
|
+
# @!attribute [rw] assume_role_policy_document
|
535
|
+
# The trust policy that grants permission to assume the role.
|
536
|
+
# @return [String]
|
537
|
+
#
|
538
|
+
# @!attribute [rw] create_date
|
539
|
+
# The date and time, in ISO 8601 date-time format, when the role was
|
540
|
+
# created.
|
541
|
+
# @return [String]
|
542
|
+
#
|
543
|
+
# @!attribute [rw] role_id
|
544
|
+
# The stable and unique string identifying the role.
|
545
|
+
# @return [String]
|
546
|
+
#
|
547
|
+
# @!attribute [rw] role_name
|
548
|
+
# The friendly name that identifies the role.
|
549
|
+
# @return [String]
|
550
|
+
#
|
551
|
+
# @!attribute [rw] max_session_duration
|
552
|
+
# The maximum session duration (in seconds) that you want to set for
|
553
|
+
# the specified role.
|
554
|
+
# @return [Integer]
|
555
|
+
#
|
556
|
+
# @!attribute [rw] path
|
557
|
+
# The path to the role.
|
558
|
+
# @return [String]
|
559
|
+
#
|
560
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamRoleDetails AWS API Documentation
|
561
|
+
#
|
562
|
+
class AwsIamRoleDetails < Struct.new(
|
563
|
+
:assume_role_policy_document,
|
564
|
+
:create_date,
|
565
|
+
:role_id,
|
566
|
+
:role_name,
|
567
|
+
:max_session_duration,
|
568
|
+
:path)
|
569
|
+
include Aws::Structure
|
570
|
+
end
|
571
|
+
|
572
|
+
# Contains metadata about a customer master key (CMK).
|
573
|
+
#
|
574
|
+
# @note When making an API call, you may pass AwsKmsKeyDetails
|
575
|
+
# data as a hash:
|
576
|
+
#
|
577
|
+
# {
|
578
|
+
# aws_account_id: "NonEmptyString",
|
579
|
+
# creation_date: 1.0,
|
580
|
+
# key_id: "NonEmptyString",
|
581
|
+
# key_manager: "NonEmptyString",
|
582
|
+
# key_state: "NonEmptyString",
|
583
|
+
# origin: "NonEmptyString",
|
584
|
+
# }
|
585
|
+
#
|
586
|
+
# @!attribute [rw] aws_account_id
|
587
|
+
# The twelve-digit account ID of the AWS account that owns the CMK.
|
588
|
+
# @return [String]
|
589
|
+
#
|
590
|
+
# @!attribute [rw] creation_date
|
591
|
+
# The date and time when the CMK was created.
|
592
|
+
# @return [Float]
|
593
|
+
#
|
594
|
+
# @!attribute [rw] key_id
|
595
|
+
# The globally unique identifier for the CMK.
|
596
|
+
# @return [String]
|
597
|
+
#
|
598
|
+
# @!attribute [rw] key_manager
|
599
|
+
# The manager of the CMK. CMKs in your AWS account are either customer
|
600
|
+
# managed or AWS managed.
|
601
|
+
# @return [String]
|
602
|
+
#
|
603
|
+
# @!attribute [rw] key_state
|
604
|
+
# The state of the CMK.
|
605
|
+
# @return [String]
|
606
|
+
#
|
607
|
+
# @!attribute [rw] origin
|
608
|
+
# The source of the CMK's key material. When this value is AWS\_KMS,
|
609
|
+
# AWS KMS created the key material. When this value is EXTERNAL, the
|
610
|
+
# key material was imported from your existing key management
|
611
|
+
# infrastructure or the CMK lacks key material. When this value is
|
612
|
+
# AWS\_CLOUDHSM, the key material was created in the AWS CloudHSM
|
613
|
+
# cluster associated with a custom key store.
|
614
|
+
# @return [String]
|
615
|
+
#
|
616
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKmsKeyDetails AWS API Documentation
|
617
|
+
#
|
618
|
+
class AwsKmsKeyDetails < Struct.new(
|
619
|
+
:aws_account_id,
|
620
|
+
:creation_date,
|
621
|
+
:key_id,
|
622
|
+
:key_manager,
|
623
|
+
:key_state,
|
624
|
+
:origin)
|
625
|
+
include Aws::Structure
|
626
|
+
end
|
627
|
+
|
628
|
+
# The code for the Lambda function. You can specify either an object in
|
629
|
+
# Amazon S3, or upload a deployment package directly.
|
630
|
+
#
|
631
|
+
# @note When making an API call, you may pass AwsLambdaFunctionCode
|
632
|
+
# data as a hash:
|
633
|
+
#
|
634
|
+
# {
|
635
|
+
# s3_bucket: "NonEmptyString",
|
636
|
+
# s3_key: "NonEmptyString",
|
637
|
+
# s3_object_version: "NonEmptyString",
|
638
|
+
# zip_file: "NonEmptyString",
|
639
|
+
# }
|
640
|
+
#
|
641
|
+
# @!attribute [rw] s3_bucket
|
642
|
+
# An Amazon S3 bucket in the same AWS Region as your function. The
|
643
|
+
# bucket can be in a different AWS account.
|
644
|
+
# @return [String]
|
645
|
+
#
|
646
|
+
# @!attribute [rw] s3_key
|
647
|
+
# The Amazon S3 key of the deployment package.
|
648
|
+
# @return [String]
|
649
|
+
#
|
650
|
+
# @!attribute [rw] s3_object_version
|
651
|
+
# For versioned objects, the version of the deployment package object
|
652
|
+
# to use.
|
653
|
+
# @return [String]
|
654
|
+
#
|
655
|
+
# @!attribute [rw] zip_file
|
656
|
+
# The base64-encoded contents of the deployment package. AWS SDK and
|
657
|
+
# AWS CLI clients handle the encoding for you.
|
658
|
+
# @return [String]
|
659
|
+
#
|
660
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionCode AWS API Documentation
|
661
|
+
#
|
662
|
+
class AwsLambdaFunctionCode < Struct.new(
|
663
|
+
:s3_bucket,
|
664
|
+
:s3_key,
|
665
|
+
:s3_object_version,
|
666
|
+
:zip_file)
|
667
|
+
include Aws::Structure
|
668
|
+
end
|
669
|
+
|
670
|
+
# The dead-letter queue for failed asynchronous invocations.
|
671
|
+
#
|
672
|
+
# @note When making an API call, you may pass AwsLambdaFunctionDeadLetterConfig
|
673
|
+
# data as a hash:
|
674
|
+
#
|
675
|
+
# {
|
676
|
+
# target_arn: "NonEmptyString",
|
677
|
+
# }
|
678
|
+
#
|
679
|
+
# @!attribute [rw] target_arn
|
680
|
+
# The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS
|
681
|
+
# topic.
|
682
|
+
# @return [String]
|
683
|
+
#
|
684
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDeadLetterConfig AWS API Documentation
|
685
|
+
#
|
686
|
+
class AwsLambdaFunctionDeadLetterConfig < Struct.new(
|
687
|
+
:target_arn)
|
688
|
+
include Aws::Structure
|
689
|
+
end
|
690
|
+
|
691
|
+
# Details about a function's configuration.
|
692
|
+
#
|
693
|
+
# @note When making an API call, you may pass AwsLambdaFunctionDetails
|
694
|
+
# data as a hash:
|
695
|
+
#
|
696
|
+
# {
|
697
|
+
# code: {
|
698
|
+
# s3_bucket: "NonEmptyString",
|
699
|
+
# s3_key: "NonEmptyString",
|
700
|
+
# s3_object_version: "NonEmptyString",
|
701
|
+
# zip_file: "NonEmptyString",
|
702
|
+
# },
|
703
|
+
# code_sha_256: "NonEmptyString",
|
704
|
+
# dead_letter_config: {
|
705
|
+
# target_arn: "NonEmptyString",
|
706
|
+
# },
|
707
|
+
# environment: {
|
708
|
+
# variables: {
|
709
|
+
# "NonEmptyString" => "NonEmptyString",
|
710
|
+
# },
|
711
|
+
# error: {
|
712
|
+
# error_code: "NonEmptyString",
|
713
|
+
# message: "NonEmptyString",
|
714
|
+
# },
|
715
|
+
# },
|
716
|
+
# function_name: "NonEmptyString",
|
717
|
+
# handler: "NonEmptyString",
|
718
|
+
# kms_key_arn: "NonEmptyString",
|
719
|
+
# last_modified: "NonEmptyString",
|
720
|
+
# layers: [
|
721
|
+
# {
|
722
|
+
# arn: "NonEmptyString",
|
723
|
+
# code_size: 1,
|
724
|
+
# },
|
725
|
+
# ],
|
726
|
+
# master_arn: "NonEmptyString",
|
727
|
+
# memory_size: 1,
|
728
|
+
# revision_id: "NonEmptyString",
|
729
|
+
# role: "NonEmptyString",
|
730
|
+
# runtime: "NonEmptyString",
|
731
|
+
# timeout: 1,
|
732
|
+
# tracing_config: {
|
733
|
+
# mode: "NonEmptyString",
|
734
|
+
# },
|
735
|
+
# vpc_config: {
|
736
|
+
# security_group_ids: ["NonEmptyString"],
|
737
|
+
# subnet_ids: ["NonEmptyString"],
|
738
|
+
# vpc_id: "NonEmptyString",
|
739
|
+
# },
|
740
|
+
# version: "NonEmptyString",
|
741
|
+
# }
|
742
|
+
#
|
743
|
+
# @!attribute [rw] code
|
744
|
+
# An `AwsLambdaFunctionCode` object.
|
745
|
+
# @return [Types::AwsLambdaFunctionCode]
|
746
|
+
#
|
747
|
+
# @!attribute [rw] code_sha_256
|
748
|
+
# The SHA256 hash of the function's deployment package.
|
749
|
+
# @return [String]
|
750
|
+
#
|
751
|
+
# @!attribute [rw] dead_letter_config
|
752
|
+
# The function's dead letter queue.
|
753
|
+
# @return [Types::AwsLambdaFunctionDeadLetterConfig]
|
754
|
+
#
|
755
|
+
# @!attribute [rw] environment
|
756
|
+
# The function's environment variables.
|
757
|
+
# @return [Types::AwsLambdaFunctionEnvironment]
|
758
|
+
#
|
759
|
+
# @!attribute [rw] function_name
|
760
|
+
# The name of the function.
|
761
|
+
# @return [String]
|
762
|
+
#
|
763
|
+
# @!attribute [rw] handler
|
764
|
+
# The function that Lambda calls to begin executing your function.
|
765
|
+
# @return [String]
|
766
|
+
#
|
767
|
+
# @!attribute [rw] kms_key_arn
|
768
|
+
# The KMS key that's used to encrypt the function's environment
|
769
|
+
# variables. This key is only returned if you've configured a
|
770
|
+
# customer managed CMK.
|
771
|
+
# @return [String]
|
772
|
+
#
|
773
|
+
# @!attribute [rw] last_modified
|
774
|
+
# The date and time that the function was last updated, in ISO-8601
|
775
|
+
# format (YYYY-MM-DDThh:mm:ss.sTZD).
|
776
|
+
# @return [String]
|
777
|
+
#
|
778
|
+
# @!attribute [rw] layers
|
779
|
+
# The function's layers.
|
780
|
+
# @return [Array<Types::AwsLambdaFunctionLayer>]
|
781
|
+
#
|
782
|
+
# @!attribute [rw] master_arn
|
783
|
+
# For Lambda@Edge functions, the ARN of the master function.
|
784
|
+
# @return [String]
|
785
|
+
#
|
786
|
+
# @!attribute [rw] memory_size
|
787
|
+
# The memory that's allocated to the function.
|
788
|
+
# @return [Integer]
|
789
|
+
#
|
790
|
+
# @!attribute [rw] revision_id
|
791
|
+
# The latest updated revision of the function or alias.
|
792
|
+
# @return [String]
|
793
|
+
#
|
794
|
+
# @!attribute [rw] role
|
795
|
+
# The function's execution role.
|
796
|
+
# @return [String]
|
797
|
+
#
|
798
|
+
# @!attribute [rw] runtime
|
799
|
+
# The runtime environment for the Lambda function.
|
800
|
+
# @return [String]
|
801
|
+
#
|
802
|
+
# @!attribute [rw] timeout
|
803
|
+
# The amount of time that Lambda allows a function to run before
|
804
|
+
# stopping it.
|
805
|
+
# @return [Integer]
|
806
|
+
#
|
807
|
+
# @!attribute [rw] tracing_config
|
808
|
+
# The function's AWS X-Ray tracing configuration.
|
809
|
+
# @return [Types::AwsLambdaFunctionTracingConfig]
|
810
|
+
#
|
811
|
+
# @!attribute [rw] vpc_config
|
812
|
+
# The function's networking configuration.
|
813
|
+
# @return [Types::AwsLambdaFunctionVpcConfig]
|
814
|
+
#
|
815
|
+
# @!attribute [rw] version
|
816
|
+
# The version of the Lambda function.
|
817
|
+
# @return [String]
|
818
|
+
#
|
819
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDetails AWS API Documentation
|
820
|
+
#
|
821
|
+
class AwsLambdaFunctionDetails < Struct.new(
|
822
|
+
:code,
|
823
|
+
:code_sha_256,
|
824
|
+
:dead_letter_config,
|
825
|
+
:environment,
|
826
|
+
:function_name,
|
827
|
+
:handler,
|
828
|
+
:kms_key_arn,
|
829
|
+
:last_modified,
|
830
|
+
:layers,
|
831
|
+
:master_arn,
|
832
|
+
:memory_size,
|
833
|
+
:revision_id,
|
834
|
+
:role,
|
835
|
+
:runtime,
|
836
|
+
:timeout,
|
837
|
+
:tracing_config,
|
838
|
+
:vpc_config,
|
839
|
+
:version)
|
840
|
+
include Aws::Structure
|
841
|
+
end
|
842
|
+
|
843
|
+
# A function's environment variable settings.
|
844
|
+
#
|
845
|
+
# @note When making an API call, you may pass AwsLambdaFunctionEnvironment
|
846
|
+
# data as a hash:
|
847
|
+
#
|
848
|
+
# {
|
849
|
+
# variables: {
|
850
|
+
# "NonEmptyString" => "NonEmptyString",
|
851
|
+
# },
|
852
|
+
# error: {
|
853
|
+
# error_code: "NonEmptyString",
|
854
|
+
# message: "NonEmptyString",
|
855
|
+
# },
|
856
|
+
# }
|
857
|
+
#
|
858
|
+
# @!attribute [rw] variables
|
859
|
+
# Environment variable key-value pairs.
|
860
|
+
# @return [Hash<String,String>]
|
861
|
+
#
|
862
|
+
# @!attribute [rw] error
|
863
|
+
# An `AwsLambdaFunctionEnvironmentError` object.
|
864
|
+
# @return [Types::AwsLambdaFunctionEnvironmentError]
|
865
|
+
#
|
866
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironment AWS API Documentation
|
867
|
+
#
|
868
|
+
class AwsLambdaFunctionEnvironment < Struct.new(
|
869
|
+
:variables,
|
870
|
+
:error)
|
871
|
+
include Aws::Structure
|
872
|
+
end
|
873
|
+
|
874
|
+
# Error messages for environment variables that couldn't be applied.
|
875
|
+
#
|
876
|
+
# @note When making an API call, you may pass AwsLambdaFunctionEnvironmentError
|
877
|
+
# data as a hash:
|
878
|
+
#
|
879
|
+
# {
|
880
|
+
# error_code: "NonEmptyString",
|
881
|
+
# message: "NonEmptyString",
|
121
882
|
# }
|
122
883
|
#
|
123
|
-
# @!attribute [rw]
|
124
|
-
# The
|
884
|
+
# @!attribute [rw] error_code
|
885
|
+
# The error code.
|
125
886
|
# @return [String]
|
126
887
|
#
|
127
|
-
# @!attribute [rw]
|
128
|
-
# The
|
888
|
+
# @!attribute [rw] message
|
889
|
+
# The error message.
|
129
890
|
# @return [String]
|
130
891
|
#
|
131
|
-
#
|
132
|
-
# The IPv4 addresses associated with the instance.
|
133
|
-
# @return [Array<String>]
|
892
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironmentError AWS API Documentation
|
134
893
|
#
|
135
|
-
|
136
|
-
|
137
|
-
|
894
|
+
class AwsLambdaFunctionEnvironmentError < Struct.new(
|
895
|
+
:error_code,
|
896
|
+
:message)
|
897
|
+
include Aws::Structure
|
898
|
+
end
|
899
|
+
|
900
|
+
# An AWS Lambda layer.
|
138
901
|
#
|
139
|
-
#
|
140
|
-
#
|
141
|
-
# @return [String]
|
902
|
+
# @note When making an API call, you may pass AwsLambdaFunctionLayer
|
903
|
+
# data as a hash:
|
142
904
|
#
|
143
|
-
#
|
144
|
-
#
|
145
|
-
#
|
905
|
+
# {
|
906
|
+
# arn: "NonEmptyString",
|
907
|
+
# code_size: 1,
|
908
|
+
# }
|
146
909
|
#
|
147
|
-
# @!attribute [rw]
|
148
|
-
# The
|
910
|
+
# @!attribute [rw] arn
|
911
|
+
# The Amazon Resource Name (ARN) of the function layer.
|
149
912
|
# @return [String]
|
150
913
|
#
|
151
|
-
# @!attribute [rw]
|
152
|
-
# The
|
153
|
-
# @return [
|
914
|
+
# @!attribute [rw] code_size
|
915
|
+
# The size of the layer archive in bytes.
|
916
|
+
# @return [Integer]
|
154
917
|
#
|
155
|
-
#
|
156
|
-
#
|
918
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionLayer AWS API Documentation
|
919
|
+
#
|
920
|
+
class AwsLambdaFunctionLayer < Struct.new(
|
921
|
+
:arn,
|
922
|
+
:code_size)
|
923
|
+
include Aws::Structure
|
924
|
+
end
|
925
|
+
|
926
|
+
# The function's AWS X-Ray tracing configuration.
|
927
|
+
#
|
928
|
+
# @note When making an API call, you may pass AwsLambdaFunctionTracingConfig
|
929
|
+
# data as a hash:
|
930
|
+
#
|
931
|
+
# {
|
932
|
+
# mode: "NonEmptyString",
|
933
|
+
# }
|
934
|
+
#
|
935
|
+
# @!attribute [rw] mode
|
936
|
+
# The tracing mode.
|
157
937
|
# @return [String]
|
158
938
|
#
|
159
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/
|
939
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionTracingConfig AWS API Documentation
|
160
940
|
#
|
161
|
-
class
|
162
|
-
:
|
163
|
-
:image_id,
|
164
|
-
:ip_v4_addresses,
|
165
|
-
:ip_v6_addresses,
|
166
|
-
:key_name,
|
167
|
-
:iam_instance_profile_arn,
|
168
|
-
:vpc_id,
|
169
|
-
:subnet_id,
|
170
|
-
:launched_at)
|
941
|
+
class AwsLambdaFunctionTracingConfig < Struct.new(
|
942
|
+
:mode)
|
171
943
|
include Aws::Structure
|
172
944
|
end
|
173
945
|
|
174
|
-
#
|
946
|
+
# The VPC security groups and subnets that are attached to a Lambda
|
947
|
+
# function. For more information, see VPC Settings.
|
175
948
|
#
|
176
|
-
# @note When making an API call, you may pass
|
949
|
+
# @note When making an API call, you may pass AwsLambdaFunctionVpcConfig
|
177
950
|
# data as a hash:
|
178
951
|
#
|
179
952
|
# {
|
180
|
-
#
|
181
|
-
#
|
182
|
-
#
|
953
|
+
# security_group_ids: ["NonEmptyString"],
|
954
|
+
# subnet_ids: ["NonEmptyString"],
|
955
|
+
# vpc_id: "NonEmptyString",
|
183
956
|
# }
|
184
957
|
#
|
185
|
-
# @!attribute [rw]
|
186
|
-
#
|
187
|
-
# @return [String]
|
958
|
+
# @!attribute [rw] security_group_ids
|
959
|
+
# A list of VPC security groups IDs.
|
960
|
+
# @return [Array<String>]
|
188
961
|
#
|
189
|
-
# @!attribute [rw]
|
190
|
-
#
|
191
|
-
# @return [String]
|
962
|
+
# @!attribute [rw] subnet_ids
|
963
|
+
# A list of VPC subnet IDs.
|
964
|
+
# @return [Array<String>]
|
192
965
|
#
|
193
|
-
# @!attribute [rw]
|
194
|
-
# The
|
966
|
+
# @!attribute [rw] vpc_id
|
967
|
+
# The ID of the VPC.
|
195
968
|
# @return [String]
|
196
969
|
#
|
197
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/
|
970
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionVpcConfig AWS API Documentation
|
198
971
|
#
|
199
|
-
class
|
200
|
-
:
|
201
|
-
:
|
202
|
-
:
|
972
|
+
class AwsLambdaFunctionVpcConfig < Struct.new(
|
973
|
+
:security_group_ids,
|
974
|
+
:subnet_ids,
|
975
|
+
:vpc_id)
|
203
976
|
include Aws::Structure
|
204
977
|
end
|
205
978
|
|
@@ -324,6 +1097,28 @@ module Aws::SecurityHub
|
|
324
1097
|
# "NonEmptyString" => "NonEmptyString",
|
325
1098
|
# },
|
326
1099
|
# details: {
|
1100
|
+
# aws_cloud_front_distribution: {
|
1101
|
+
# domain_name: "NonEmptyString",
|
1102
|
+
# etag: "NonEmptyString",
|
1103
|
+
# last_modified_time: "NonEmptyString",
|
1104
|
+
# logging: {
|
1105
|
+
# bucket: "NonEmptyString",
|
1106
|
+
# enabled: false,
|
1107
|
+
# include_cookies: false,
|
1108
|
+
# prefix: "NonEmptyString",
|
1109
|
+
# },
|
1110
|
+
# origins: {
|
1111
|
+
# items: [
|
1112
|
+
# {
|
1113
|
+
# domain_name: "NonEmptyString",
|
1114
|
+
# id: "NonEmptyString",
|
1115
|
+
# origin_path: "NonEmptyString",
|
1116
|
+
# },
|
1117
|
+
# ],
|
1118
|
+
# },
|
1119
|
+
# status: "NonEmptyString",
|
1120
|
+
# web_acl_id: "NonEmptyString",
|
1121
|
+
# },
|
327
1122
|
# aws_ec2_instance: {
|
328
1123
|
# type: "NonEmptyString",
|
329
1124
|
# image_id: "NonEmptyString",
|
@@ -335,6 +1130,26 @@ module Aws::SecurityHub
|
|
335
1130
|
# subnet_id: "NonEmptyString",
|
336
1131
|
# launched_at: "NonEmptyString",
|
337
1132
|
# },
|
1133
|
+
# aws_elbv_2_load_balancer: {
|
1134
|
+
# availability_zones: [
|
1135
|
+
# {
|
1136
|
+
# zone_name: "NonEmptyString",
|
1137
|
+
# subnet_id: "NonEmptyString",
|
1138
|
+
# },
|
1139
|
+
# ],
|
1140
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
1141
|
+
# created_time: "NonEmptyString",
|
1142
|
+
# dns_name: "NonEmptyString",
|
1143
|
+
# ip_address_type: "NonEmptyString",
|
1144
|
+
# scheme: "NonEmptyString",
|
1145
|
+
# security_groups: ["NonEmptyString"],
|
1146
|
+
# state: {
|
1147
|
+
# code: "NonEmptyString",
|
1148
|
+
# reason: "NonEmptyString",
|
1149
|
+
# },
|
1150
|
+
# type: "NonEmptyString",
|
1151
|
+
# vpc_id: "NonEmptyString",
|
1152
|
+
# },
|
338
1153
|
# aws_s3_bucket: {
|
339
1154
|
# owner_id: "NonEmptyString",
|
340
1155
|
# owner_name: "NonEmptyString",
|
@@ -343,6 +1158,88 @@ module Aws::SecurityHub
|
|
343
1158
|
# user_name: "NonEmptyString",
|
344
1159
|
# status: "Active", # accepts Active, Inactive
|
345
1160
|
# created_at: "NonEmptyString",
|
1161
|
+
# principal_id: "NonEmptyString",
|
1162
|
+
# principal_type: "NonEmptyString",
|
1163
|
+
# principal_name: "NonEmptyString",
|
1164
|
+
# },
|
1165
|
+
# aws_iam_role: {
|
1166
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
1167
|
+
# create_date: "NonEmptyString",
|
1168
|
+
# role_id: "NonEmptyString",
|
1169
|
+
# role_name: "NonEmptyString",
|
1170
|
+
# max_session_duration: 1,
|
1171
|
+
# path: "NonEmptyString",
|
1172
|
+
# },
|
1173
|
+
# aws_kms_key: {
|
1174
|
+
# aws_account_id: "NonEmptyString",
|
1175
|
+
# creation_date: 1.0,
|
1176
|
+
# key_id: "NonEmptyString",
|
1177
|
+
# key_manager: "NonEmptyString",
|
1178
|
+
# key_state: "NonEmptyString",
|
1179
|
+
# origin: "NonEmptyString",
|
1180
|
+
# },
|
1181
|
+
# aws_lambda_function: {
|
1182
|
+
# code: {
|
1183
|
+
# s3_bucket: "NonEmptyString",
|
1184
|
+
# s3_key: "NonEmptyString",
|
1185
|
+
# s3_object_version: "NonEmptyString",
|
1186
|
+
# zip_file: "NonEmptyString",
|
1187
|
+
# },
|
1188
|
+
# code_sha_256: "NonEmptyString",
|
1189
|
+
# dead_letter_config: {
|
1190
|
+
# target_arn: "NonEmptyString",
|
1191
|
+
# },
|
1192
|
+
# environment: {
|
1193
|
+
# variables: {
|
1194
|
+
# "NonEmptyString" => "NonEmptyString",
|
1195
|
+
# },
|
1196
|
+
# error: {
|
1197
|
+
# error_code: "NonEmptyString",
|
1198
|
+
# message: "NonEmptyString",
|
1199
|
+
# },
|
1200
|
+
# },
|
1201
|
+
# function_name: "NonEmptyString",
|
1202
|
+
# handler: "NonEmptyString",
|
1203
|
+
# kms_key_arn: "NonEmptyString",
|
1204
|
+
# last_modified: "NonEmptyString",
|
1205
|
+
# layers: [
|
1206
|
+
# {
|
1207
|
+
# arn: "NonEmptyString",
|
1208
|
+
# code_size: 1,
|
1209
|
+
# },
|
1210
|
+
# ],
|
1211
|
+
# master_arn: "NonEmptyString",
|
1212
|
+
# memory_size: 1,
|
1213
|
+
# revision_id: "NonEmptyString",
|
1214
|
+
# role: "NonEmptyString",
|
1215
|
+
# runtime: "NonEmptyString",
|
1216
|
+
# timeout: 1,
|
1217
|
+
# tracing_config: {
|
1218
|
+
# mode: "NonEmptyString",
|
1219
|
+
# },
|
1220
|
+
# vpc_config: {
|
1221
|
+
# security_group_ids: ["NonEmptyString"],
|
1222
|
+
# subnet_ids: ["NonEmptyString"],
|
1223
|
+
# vpc_id: "NonEmptyString",
|
1224
|
+
# },
|
1225
|
+
# version: "NonEmptyString",
|
1226
|
+
# },
|
1227
|
+
# aws_sns_topic: {
|
1228
|
+
# kms_master_key_id: "NonEmptyString",
|
1229
|
+
# subscription: [
|
1230
|
+
# {
|
1231
|
+
# endpoint: "NonEmptyString",
|
1232
|
+
# protocol: "NonEmptyString",
|
1233
|
+
# },
|
1234
|
+
# ],
|
1235
|
+
# topic_name: "NonEmptyString",
|
1236
|
+
# owner: "NonEmptyString",
|
1237
|
+
# },
|
1238
|
+
# aws_sqs_queue: {
|
1239
|
+
# kms_data_key_reuse_period_seconds: 1,
|
1240
|
+
# kms_master_key_id: "NonEmptyString",
|
1241
|
+
# queue_name: "NonEmptyString",
|
1242
|
+
# dead_letter_target_arn: "NonEmptyString",
|
346
1243
|
# },
|
347
1244
|
# container: {
|
348
1245
|
# name: "NonEmptyString",
|
@@ -1590,6 +2487,120 @@ module Aws::SecurityHub
|
|
1590
2487
|
include Aws::Structure
|
1591
2488
|
end
|
1592
2489
|
|
2490
|
+
# A wrapper type for the topic's Amazon Resource Name (ARN).
|
2491
|
+
#
|
2492
|
+
# @note When making an API call, you may pass AwsSnsTopicDetails
|
2493
|
+
# data as a hash:
|
2494
|
+
#
|
2495
|
+
# {
|
2496
|
+
# kms_master_key_id: "NonEmptyString",
|
2497
|
+
# subscription: [
|
2498
|
+
# {
|
2499
|
+
# endpoint: "NonEmptyString",
|
2500
|
+
# protocol: "NonEmptyString",
|
2501
|
+
# },
|
2502
|
+
# ],
|
2503
|
+
# topic_name: "NonEmptyString",
|
2504
|
+
# owner: "NonEmptyString",
|
2505
|
+
# }
|
2506
|
+
#
|
2507
|
+
# @!attribute [rw] kms_master_key_id
|
2508
|
+
# The ID of an AWS-managed customer master key (CMK) for Amazon SNS or
|
2509
|
+
# a custom CMK.
|
2510
|
+
# @return [String]
|
2511
|
+
#
|
2512
|
+
# @!attribute [rw] subscription
|
2513
|
+
# Subscription is an embedded property that describes the subscription
|
2514
|
+
# endpoints of an Amazon SNS topic.
|
2515
|
+
# @return [Array<Types::AwsSnsTopicSubscription>]
|
2516
|
+
#
|
2517
|
+
# @!attribute [rw] topic_name
|
2518
|
+
# The name of the topic.
|
2519
|
+
# @return [String]
|
2520
|
+
#
|
2521
|
+
# @!attribute [rw] owner
|
2522
|
+
# The subscription's owner.
|
2523
|
+
# @return [String]
|
2524
|
+
#
|
2525
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicDetails AWS API Documentation
|
2526
|
+
#
|
2527
|
+
class AwsSnsTopicDetails < Struct.new(
|
2528
|
+
:kms_master_key_id,
|
2529
|
+
:subscription,
|
2530
|
+
:topic_name,
|
2531
|
+
:owner)
|
2532
|
+
include Aws::Structure
|
2533
|
+
end
|
2534
|
+
|
2535
|
+
# A wrapper type for the attributes of an Amazon SNS subscription.
|
2536
|
+
#
|
2537
|
+
# @note When making an API call, you may pass AwsSnsTopicSubscription
|
2538
|
+
# data as a hash:
|
2539
|
+
#
|
2540
|
+
# {
|
2541
|
+
# endpoint: "NonEmptyString",
|
2542
|
+
# protocol: "NonEmptyString",
|
2543
|
+
# }
|
2544
|
+
#
|
2545
|
+
# @!attribute [rw] endpoint
|
2546
|
+
# The subscription's endpoint (format depends on the protocol).
|
2547
|
+
# @return [String]
|
2548
|
+
#
|
2549
|
+
# @!attribute [rw] protocol
|
2550
|
+
# The subscription's protocol.
|
2551
|
+
# @return [String]
|
2552
|
+
#
|
2553
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicSubscription AWS API Documentation
|
2554
|
+
#
|
2555
|
+
class AwsSnsTopicSubscription < Struct.new(
|
2556
|
+
:endpoint,
|
2557
|
+
:protocol)
|
2558
|
+
include Aws::Structure
|
2559
|
+
end
|
2560
|
+
|
2561
|
+
# Data about a queue.
|
2562
|
+
#
|
2563
|
+
# @note When making an API call, you may pass AwsSqsQueueDetails
|
2564
|
+
# data as a hash:
|
2565
|
+
#
|
2566
|
+
# {
|
2567
|
+
# kms_data_key_reuse_period_seconds: 1,
|
2568
|
+
# kms_master_key_id: "NonEmptyString",
|
2569
|
+
# queue_name: "NonEmptyString",
|
2570
|
+
# dead_letter_target_arn: "NonEmptyString",
|
2571
|
+
# }
|
2572
|
+
#
|
2573
|
+
# @!attribute [rw] kms_data_key_reuse_period_seconds
|
2574
|
+
# The length of time, in seconds, for which Amazon SQS can reuse a
|
2575
|
+
# data key to encrypt or decrypt messages before calling AWS KMS
|
2576
|
+
# again.
|
2577
|
+
# @return [Integer]
|
2578
|
+
#
|
2579
|
+
# @!attribute [rw] kms_master_key_id
|
2580
|
+
# The ID of an AWS-managed customer master key (CMK) for Amazon SQS or
|
2581
|
+
# a custom CMK.
|
2582
|
+
# @return [String]
|
2583
|
+
#
|
2584
|
+
# @!attribute [rw] queue_name
|
2585
|
+
# The name of the new queue.
|
2586
|
+
# @return [String]
|
2587
|
+
#
|
2588
|
+
# @!attribute [rw] dead_letter_target_arn
|
2589
|
+
# The Amazon Resource Name (ARN) of the dead-letter queue to which
|
2590
|
+
# Amazon SQS moves messages after the value of maxReceiveCount is
|
2591
|
+
# exceeded.
|
2592
|
+
# @return [String]
|
2593
|
+
#
|
2594
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSqsQueueDetails AWS API Documentation
|
2595
|
+
#
|
2596
|
+
class AwsSqsQueueDetails < Struct.new(
|
2597
|
+
:kms_data_key_reuse_period_seconds,
|
2598
|
+
:kms_master_key_id,
|
2599
|
+
:queue_name,
|
2600
|
+
:dead_letter_target_arn)
|
2601
|
+
include Aws::Structure
|
2602
|
+
end
|
2603
|
+
|
1593
2604
|
# @note When making an API call, you may pass BatchDisableStandardsRequest
|
1594
2605
|
# data as a hash:
|
1595
2606
|
#
|
@@ -1747,6 +2758,28 @@ module Aws::SecurityHub
|
|
1747
2758
|
# "NonEmptyString" => "NonEmptyString",
|
1748
2759
|
# },
|
1749
2760
|
# details: {
|
2761
|
+
# aws_cloud_front_distribution: {
|
2762
|
+
# domain_name: "NonEmptyString",
|
2763
|
+
# etag: "NonEmptyString",
|
2764
|
+
# last_modified_time: "NonEmptyString",
|
2765
|
+
# logging: {
|
2766
|
+
# bucket: "NonEmptyString",
|
2767
|
+
# enabled: false,
|
2768
|
+
# include_cookies: false,
|
2769
|
+
# prefix: "NonEmptyString",
|
2770
|
+
# },
|
2771
|
+
# origins: {
|
2772
|
+
# items: [
|
2773
|
+
# {
|
2774
|
+
# domain_name: "NonEmptyString",
|
2775
|
+
# id: "NonEmptyString",
|
2776
|
+
# origin_path: "NonEmptyString",
|
2777
|
+
# },
|
2778
|
+
# ],
|
2779
|
+
# },
|
2780
|
+
# status: "NonEmptyString",
|
2781
|
+
# web_acl_id: "NonEmptyString",
|
2782
|
+
# },
|
1750
2783
|
# aws_ec2_instance: {
|
1751
2784
|
# type: "NonEmptyString",
|
1752
2785
|
# image_id: "NonEmptyString",
|
@@ -1758,6 +2791,26 @@ module Aws::SecurityHub
|
|
1758
2791
|
# subnet_id: "NonEmptyString",
|
1759
2792
|
# launched_at: "NonEmptyString",
|
1760
2793
|
# },
|
2794
|
+
# aws_elbv_2_load_balancer: {
|
2795
|
+
# availability_zones: [
|
2796
|
+
# {
|
2797
|
+
# zone_name: "NonEmptyString",
|
2798
|
+
# subnet_id: "NonEmptyString",
|
2799
|
+
# },
|
2800
|
+
# ],
|
2801
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
2802
|
+
# created_time: "NonEmptyString",
|
2803
|
+
# dns_name: "NonEmptyString",
|
2804
|
+
# ip_address_type: "NonEmptyString",
|
2805
|
+
# scheme: "NonEmptyString",
|
2806
|
+
# security_groups: ["NonEmptyString"],
|
2807
|
+
# state: {
|
2808
|
+
# code: "NonEmptyString",
|
2809
|
+
# reason: "NonEmptyString",
|
2810
|
+
# },
|
2811
|
+
# type: "NonEmptyString",
|
2812
|
+
# vpc_id: "NonEmptyString",
|
2813
|
+
# },
|
1761
2814
|
# aws_s3_bucket: {
|
1762
2815
|
# owner_id: "NonEmptyString",
|
1763
2816
|
# owner_name: "NonEmptyString",
|
@@ -1766,6 +2819,88 @@ module Aws::SecurityHub
|
|
1766
2819
|
# user_name: "NonEmptyString",
|
1767
2820
|
# status: "Active", # accepts Active, Inactive
|
1768
2821
|
# created_at: "NonEmptyString",
|
2822
|
+
# principal_id: "NonEmptyString",
|
2823
|
+
# principal_type: "NonEmptyString",
|
2824
|
+
# principal_name: "NonEmptyString",
|
2825
|
+
# },
|
2826
|
+
# aws_iam_role: {
|
2827
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
2828
|
+
# create_date: "NonEmptyString",
|
2829
|
+
# role_id: "NonEmptyString",
|
2830
|
+
# role_name: "NonEmptyString",
|
2831
|
+
# max_session_duration: 1,
|
2832
|
+
# path: "NonEmptyString",
|
2833
|
+
# },
|
2834
|
+
# aws_kms_key: {
|
2835
|
+
# aws_account_id: "NonEmptyString",
|
2836
|
+
# creation_date: 1.0,
|
2837
|
+
# key_id: "NonEmptyString",
|
2838
|
+
# key_manager: "NonEmptyString",
|
2839
|
+
# key_state: "NonEmptyString",
|
2840
|
+
# origin: "NonEmptyString",
|
2841
|
+
# },
|
2842
|
+
# aws_lambda_function: {
|
2843
|
+
# code: {
|
2844
|
+
# s3_bucket: "NonEmptyString",
|
2845
|
+
# s3_key: "NonEmptyString",
|
2846
|
+
# s3_object_version: "NonEmptyString",
|
2847
|
+
# zip_file: "NonEmptyString",
|
2848
|
+
# },
|
2849
|
+
# code_sha_256: "NonEmptyString",
|
2850
|
+
# dead_letter_config: {
|
2851
|
+
# target_arn: "NonEmptyString",
|
2852
|
+
# },
|
2853
|
+
# environment: {
|
2854
|
+
# variables: {
|
2855
|
+
# "NonEmptyString" => "NonEmptyString",
|
2856
|
+
# },
|
2857
|
+
# error: {
|
2858
|
+
# error_code: "NonEmptyString",
|
2859
|
+
# message: "NonEmptyString",
|
2860
|
+
# },
|
2861
|
+
# },
|
2862
|
+
# function_name: "NonEmptyString",
|
2863
|
+
# handler: "NonEmptyString",
|
2864
|
+
# kms_key_arn: "NonEmptyString",
|
2865
|
+
# last_modified: "NonEmptyString",
|
2866
|
+
# layers: [
|
2867
|
+
# {
|
2868
|
+
# arn: "NonEmptyString",
|
2869
|
+
# code_size: 1,
|
2870
|
+
# },
|
2871
|
+
# ],
|
2872
|
+
# master_arn: "NonEmptyString",
|
2873
|
+
# memory_size: 1,
|
2874
|
+
# revision_id: "NonEmptyString",
|
2875
|
+
# role: "NonEmptyString",
|
2876
|
+
# runtime: "NonEmptyString",
|
2877
|
+
# timeout: 1,
|
2878
|
+
# tracing_config: {
|
2879
|
+
# mode: "NonEmptyString",
|
2880
|
+
# },
|
2881
|
+
# vpc_config: {
|
2882
|
+
# security_group_ids: ["NonEmptyString"],
|
2883
|
+
# subnet_ids: ["NonEmptyString"],
|
2884
|
+
# vpc_id: "NonEmptyString",
|
2885
|
+
# },
|
2886
|
+
# version: "NonEmptyString",
|
2887
|
+
# },
|
2888
|
+
# aws_sns_topic: {
|
2889
|
+
# kms_master_key_id: "NonEmptyString",
|
2890
|
+
# subscription: [
|
2891
|
+
# {
|
2892
|
+
# endpoint: "NonEmptyString",
|
2893
|
+
# protocol: "NonEmptyString",
|
2894
|
+
# },
|
2895
|
+
# ],
|
2896
|
+
# topic_name: "NonEmptyString",
|
2897
|
+
# owner: "NonEmptyString",
|
2898
|
+
# },
|
2899
|
+
# aws_sqs_queue: {
|
2900
|
+
# kms_data_key_reuse_period_seconds: 1,
|
2901
|
+
# kms_master_key_id: "NonEmptyString",
|
2902
|
+
# queue_name: "NonEmptyString",
|
2903
|
+
# dead_letter_target_arn: "NonEmptyString",
|
1769
2904
|
# },
|
1770
2905
|
# container: {
|
1771
2906
|
# name: "NonEmptyString",
|
@@ -1802,7 +2937,8 @@ module Aws::SecurityHub
|
|
1802
2937
|
#
|
1803
2938
|
# @!attribute [rw] findings
|
1804
2939
|
# A list of findings to import. To successfully import a finding, it
|
1805
|
-
# must follow the [AWS Security Finding Format][1].
|
2940
|
+
# must follow the [AWS Security Finding Format][1]. Maximum of 100
|
2941
|
+
# findings per request.
|
1806
2942
|
#
|
1807
2943
|
#
|
1808
2944
|
#
|
@@ -1841,6 +2977,21 @@ module Aws::SecurityHub
|
|
1841
2977
|
# against a specific rule in a supported standard (for example, CIS AWS
|
1842
2978
|
# Foundations). Contains compliance-related finding details.
|
1843
2979
|
#
|
2980
|
+
# Values include the following:
|
2981
|
+
#
|
2982
|
+
# * Allowed values are the following:
|
2983
|
+
#
|
2984
|
+
# * `PASSED` - Compliance check passed for all evaluated resources.
|
2985
|
+
#
|
2986
|
+
# * `WARNING` - Some information is missing or this check is not
|
2987
|
+
# supported given your configuration.
|
2988
|
+
#
|
2989
|
+
# * `FAILED` - Compliance check failed for at least one evaluated
|
2990
|
+
# resource.
|
2991
|
+
#
|
2992
|
+
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
2993
|
+
# outage or API error.
|
2994
|
+
#
|
1844
2995
|
# @note When making an API call, you may pass Compliance
|
1845
2996
|
# data as a hash:
|
1846
2997
|
#
|
@@ -4277,6 +5428,35 @@ module Aws::SecurityHub
|
|
4277
5428
|
include Aws::Structure
|
4278
5429
|
end
|
4279
5430
|
|
5431
|
+
# Information about the state of the load balancer.
|
5432
|
+
#
|
5433
|
+
# @note When making an API call, you may pass LoadBalancerState
|
5434
|
+
# data as a hash:
|
5435
|
+
#
|
5436
|
+
# {
|
5437
|
+
# code: "NonEmptyString",
|
5438
|
+
# reason: "NonEmptyString",
|
5439
|
+
# }
|
5440
|
+
#
|
5441
|
+
# @!attribute [rw] code
|
5442
|
+
# The state code. The initial state of the load balancer is
|
5443
|
+
# provisioning. After the load balancer is fully set up and ready to
|
5444
|
+
# route traffic, its state is active. If the load balancer could not
|
5445
|
+
# be set up, its state is failed.
|
5446
|
+
# @return [String]
|
5447
|
+
#
|
5448
|
+
# @!attribute [rw] reason
|
5449
|
+
# A description of the state.
|
5450
|
+
# @return [String]
|
5451
|
+
#
|
5452
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/LoadBalancerState AWS API Documentation
|
5453
|
+
#
|
5454
|
+
class LoadBalancerState < Struct.new(
|
5455
|
+
:code,
|
5456
|
+
:reason)
|
5457
|
+
include Aws::Structure
|
5458
|
+
end
|
5459
|
+
|
4280
5460
|
# A list of malware related to a finding.
|
4281
5461
|
#
|
4282
5462
|
# @note When making an API call, you may pass Malware
|
@@ -4761,6 +5941,28 @@ module Aws::SecurityHub
|
|
4761
5941
|
# "NonEmptyString" => "NonEmptyString",
|
4762
5942
|
# },
|
4763
5943
|
# details: {
|
5944
|
+
# aws_cloud_front_distribution: {
|
5945
|
+
# domain_name: "NonEmptyString",
|
5946
|
+
# etag: "NonEmptyString",
|
5947
|
+
# last_modified_time: "NonEmptyString",
|
5948
|
+
# logging: {
|
5949
|
+
# bucket: "NonEmptyString",
|
5950
|
+
# enabled: false,
|
5951
|
+
# include_cookies: false,
|
5952
|
+
# prefix: "NonEmptyString",
|
5953
|
+
# },
|
5954
|
+
# origins: {
|
5955
|
+
# items: [
|
5956
|
+
# {
|
5957
|
+
# domain_name: "NonEmptyString",
|
5958
|
+
# id: "NonEmptyString",
|
5959
|
+
# origin_path: "NonEmptyString",
|
5960
|
+
# },
|
5961
|
+
# ],
|
5962
|
+
# },
|
5963
|
+
# status: "NonEmptyString",
|
5964
|
+
# web_acl_id: "NonEmptyString",
|
5965
|
+
# },
|
4764
5966
|
# aws_ec2_instance: {
|
4765
5967
|
# type: "NonEmptyString",
|
4766
5968
|
# image_id: "NonEmptyString",
|
@@ -4772,6 +5974,26 @@ module Aws::SecurityHub
|
|
4772
5974
|
# subnet_id: "NonEmptyString",
|
4773
5975
|
# launched_at: "NonEmptyString",
|
4774
5976
|
# },
|
5977
|
+
# aws_elbv_2_load_balancer: {
|
5978
|
+
# availability_zones: [
|
5979
|
+
# {
|
5980
|
+
# zone_name: "NonEmptyString",
|
5981
|
+
# subnet_id: "NonEmptyString",
|
5982
|
+
# },
|
5983
|
+
# ],
|
5984
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
5985
|
+
# created_time: "NonEmptyString",
|
5986
|
+
# dns_name: "NonEmptyString",
|
5987
|
+
# ip_address_type: "NonEmptyString",
|
5988
|
+
# scheme: "NonEmptyString",
|
5989
|
+
# security_groups: ["NonEmptyString"],
|
5990
|
+
# state: {
|
5991
|
+
# code: "NonEmptyString",
|
5992
|
+
# reason: "NonEmptyString",
|
5993
|
+
# },
|
5994
|
+
# type: "NonEmptyString",
|
5995
|
+
# vpc_id: "NonEmptyString",
|
5996
|
+
# },
|
4775
5997
|
# aws_s3_bucket: {
|
4776
5998
|
# owner_id: "NonEmptyString",
|
4777
5999
|
# owner_name: "NonEmptyString",
|
@@ -4780,6 +6002,88 @@ module Aws::SecurityHub
|
|
4780
6002
|
# user_name: "NonEmptyString",
|
4781
6003
|
# status: "Active", # accepts Active, Inactive
|
4782
6004
|
# created_at: "NonEmptyString",
|
6005
|
+
# principal_id: "NonEmptyString",
|
6006
|
+
# principal_type: "NonEmptyString",
|
6007
|
+
# principal_name: "NonEmptyString",
|
6008
|
+
# },
|
6009
|
+
# aws_iam_role: {
|
6010
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
6011
|
+
# create_date: "NonEmptyString",
|
6012
|
+
# role_id: "NonEmptyString",
|
6013
|
+
# role_name: "NonEmptyString",
|
6014
|
+
# max_session_duration: 1,
|
6015
|
+
# path: "NonEmptyString",
|
6016
|
+
# },
|
6017
|
+
# aws_kms_key: {
|
6018
|
+
# aws_account_id: "NonEmptyString",
|
6019
|
+
# creation_date: 1.0,
|
6020
|
+
# key_id: "NonEmptyString",
|
6021
|
+
# key_manager: "NonEmptyString",
|
6022
|
+
# key_state: "NonEmptyString",
|
6023
|
+
# origin: "NonEmptyString",
|
6024
|
+
# },
|
6025
|
+
# aws_lambda_function: {
|
6026
|
+
# code: {
|
6027
|
+
# s3_bucket: "NonEmptyString",
|
6028
|
+
# s3_key: "NonEmptyString",
|
6029
|
+
# s3_object_version: "NonEmptyString",
|
6030
|
+
# zip_file: "NonEmptyString",
|
6031
|
+
# },
|
6032
|
+
# code_sha_256: "NonEmptyString",
|
6033
|
+
# dead_letter_config: {
|
6034
|
+
# target_arn: "NonEmptyString",
|
6035
|
+
# },
|
6036
|
+
# environment: {
|
6037
|
+
# variables: {
|
6038
|
+
# "NonEmptyString" => "NonEmptyString",
|
6039
|
+
# },
|
6040
|
+
# error: {
|
6041
|
+
# error_code: "NonEmptyString",
|
6042
|
+
# message: "NonEmptyString",
|
6043
|
+
# },
|
6044
|
+
# },
|
6045
|
+
# function_name: "NonEmptyString",
|
6046
|
+
# handler: "NonEmptyString",
|
6047
|
+
# kms_key_arn: "NonEmptyString",
|
6048
|
+
# last_modified: "NonEmptyString",
|
6049
|
+
# layers: [
|
6050
|
+
# {
|
6051
|
+
# arn: "NonEmptyString",
|
6052
|
+
# code_size: 1,
|
6053
|
+
# },
|
6054
|
+
# ],
|
6055
|
+
# master_arn: "NonEmptyString",
|
6056
|
+
# memory_size: 1,
|
6057
|
+
# revision_id: "NonEmptyString",
|
6058
|
+
# role: "NonEmptyString",
|
6059
|
+
# runtime: "NonEmptyString",
|
6060
|
+
# timeout: 1,
|
6061
|
+
# tracing_config: {
|
6062
|
+
# mode: "NonEmptyString",
|
6063
|
+
# },
|
6064
|
+
# vpc_config: {
|
6065
|
+
# security_group_ids: ["NonEmptyString"],
|
6066
|
+
# subnet_ids: ["NonEmptyString"],
|
6067
|
+
# vpc_id: "NonEmptyString",
|
6068
|
+
# },
|
6069
|
+
# version: "NonEmptyString",
|
6070
|
+
# },
|
6071
|
+
# aws_sns_topic: {
|
6072
|
+
# kms_master_key_id: "NonEmptyString",
|
6073
|
+
# subscription: [
|
6074
|
+
# {
|
6075
|
+
# endpoint: "NonEmptyString",
|
6076
|
+
# protocol: "NonEmptyString",
|
6077
|
+
# },
|
6078
|
+
# ],
|
6079
|
+
# topic_name: "NonEmptyString",
|
6080
|
+
# owner: "NonEmptyString",
|
6081
|
+
# },
|
6082
|
+
# aws_sqs_queue: {
|
6083
|
+
# kms_data_key_reuse_period_seconds: 1,
|
6084
|
+
# kms_master_key_id: "NonEmptyString",
|
6085
|
+
# queue_name: "NonEmptyString",
|
6086
|
+
# dead_letter_target_arn: "NonEmptyString",
|
4783
6087
|
# },
|
4784
6088
|
# container: {
|
4785
6089
|
# name: "NonEmptyString",
|
@@ -4854,6 +6158,28 @@ module Aws::SecurityHub
|
|
4854
6158
|
# data as a hash:
|
4855
6159
|
#
|
4856
6160
|
# {
|
6161
|
+
# aws_cloud_front_distribution: {
|
6162
|
+
# domain_name: "NonEmptyString",
|
6163
|
+
# etag: "NonEmptyString",
|
6164
|
+
# last_modified_time: "NonEmptyString",
|
6165
|
+
# logging: {
|
6166
|
+
# bucket: "NonEmptyString",
|
6167
|
+
# enabled: false,
|
6168
|
+
# include_cookies: false,
|
6169
|
+
# prefix: "NonEmptyString",
|
6170
|
+
# },
|
6171
|
+
# origins: {
|
6172
|
+
# items: [
|
6173
|
+
# {
|
6174
|
+
# domain_name: "NonEmptyString",
|
6175
|
+
# id: "NonEmptyString",
|
6176
|
+
# origin_path: "NonEmptyString",
|
6177
|
+
# },
|
6178
|
+
# ],
|
6179
|
+
# },
|
6180
|
+
# status: "NonEmptyString",
|
6181
|
+
# web_acl_id: "NonEmptyString",
|
6182
|
+
# },
|
4857
6183
|
# aws_ec2_instance: {
|
4858
6184
|
# type: "NonEmptyString",
|
4859
6185
|
# image_id: "NonEmptyString",
|
@@ -4865,6 +6191,26 @@ module Aws::SecurityHub
|
|
4865
6191
|
# subnet_id: "NonEmptyString",
|
4866
6192
|
# launched_at: "NonEmptyString",
|
4867
6193
|
# },
|
6194
|
+
# aws_elbv_2_load_balancer: {
|
6195
|
+
# availability_zones: [
|
6196
|
+
# {
|
6197
|
+
# zone_name: "NonEmptyString",
|
6198
|
+
# subnet_id: "NonEmptyString",
|
6199
|
+
# },
|
6200
|
+
# ],
|
6201
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
6202
|
+
# created_time: "NonEmptyString",
|
6203
|
+
# dns_name: "NonEmptyString",
|
6204
|
+
# ip_address_type: "NonEmptyString",
|
6205
|
+
# scheme: "NonEmptyString",
|
6206
|
+
# security_groups: ["NonEmptyString"],
|
6207
|
+
# state: {
|
6208
|
+
# code: "NonEmptyString",
|
6209
|
+
# reason: "NonEmptyString",
|
6210
|
+
# },
|
6211
|
+
# type: "NonEmptyString",
|
6212
|
+
# vpc_id: "NonEmptyString",
|
6213
|
+
# },
|
4868
6214
|
# aws_s3_bucket: {
|
4869
6215
|
# owner_id: "NonEmptyString",
|
4870
6216
|
# owner_name: "NonEmptyString",
|
@@ -4873,6 +6219,88 @@ module Aws::SecurityHub
|
|
4873
6219
|
# user_name: "NonEmptyString",
|
4874
6220
|
# status: "Active", # accepts Active, Inactive
|
4875
6221
|
# created_at: "NonEmptyString",
|
6222
|
+
# principal_id: "NonEmptyString",
|
6223
|
+
# principal_type: "NonEmptyString",
|
6224
|
+
# principal_name: "NonEmptyString",
|
6225
|
+
# },
|
6226
|
+
# aws_iam_role: {
|
6227
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
6228
|
+
# create_date: "NonEmptyString",
|
6229
|
+
# role_id: "NonEmptyString",
|
6230
|
+
# role_name: "NonEmptyString",
|
6231
|
+
# max_session_duration: 1,
|
6232
|
+
# path: "NonEmptyString",
|
6233
|
+
# },
|
6234
|
+
# aws_kms_key: {
|
6235
|
+
# aws_account_id: "NonEmptyString",
|
6236
|
+
# creation_date: 1.0,
|
6237
|
+
# key_id: "NonEmptyString",
|
6238
|
+
# key_manager: "NonEmptyString",
|
6239
|
+
# key_state: "NonEmptyString",
|
6240
|
+
# origin: "NonEmptyString",
|
6241
|
+
# },
|
6242
|
+
# aws_lambda_function: {
|
6243
|
+
# code: {
|
6244
|
+
# s3_bucket: "NonEmptyString",
|
6245
|
+
# s3_key: "NonEmptyString",
|
6246
|
+
# s3_object_version: "NonEmptyString",
|
6247
|
+
# zip_file: "NonEmptyString",
|
6248
|
+
# },
|
6249
|
+
# code_sha_256: "NonEmptyString",
|
6250
|
+
# dead_letter_config: {
|
6251
|
+
# target_arn: "NonEmptyString",
|
6252
|
+
# },
|
6253
|
+
# environment: {
|
6254
|
+
# variables: {
|
6255
|
+
# "NonEmptyString" => "NonEmptyString",
|
6256
|
+
# },
|
6257
|
+
# error: {
|
6258
|
+
# error_code: "NonEmptyString",
|
6259
|
+
# message: "NonEmptyString",
|
6260
|
+
# },
|
6261
|
+
# },
|
6262
|
+
# function_name: "NonEmptyString",
|
6263
|
+
# handler: "NonEmptyString",
|
6264
|
+
# kms_key_arn: "NonEmptyString",
|
6265
|
+
# last_modified: "NonEmptyString",
|
6266
|
+
# layers: [
|
6267
|
+
# {
|
6268
|
+
# arn: "NonEmptyString",
|
6269
|
+
# code_size: 1,
|
6270
|
+
# },
|
6271
|
+
# ],
|
6272
|
+
# master_arn: "NonEmptyString",
|
6273
|
+
# memory_size: 1,
|
6274
|
+
# revision_id: "NonEmptyString",
|
6275
|
+
# role: "NonEmptyString",
|
6276
|
+
# runtime: "NonEmptyString",
|
6277
|
+
# timeout: 1,
|
6278
|
+
# tracing_config: {
|
6279
|
+
# mode: "NonEmptyString",
|
6280
|
+
# },
|
6281
|
+
# vpc_config: {
|
6282
|
+
# security_group_ids: ["NonEmptyString"],
|
6283
|
+
# subnet_ids: ["NonEmptyString"],
|
6284
|
+
# vpc_id: "NonEmptyString",
|
6285
|
+
# },
|
6286
|
+
# version: "NonEmptyString",
|
6287
|
+
# },
|
6288
|
+
# aws_sns_topic: {
|
6289
|
+
# kms_master_key_id: "NonEmptyString",
|
6290
|
+
# subscription: [
|
6291
|
+
# {
|
6292
|
+
# endpoint: "NonEmptyString",
|
6293
|
+
# protocol: "NonEmptyString",
|
6294
|
+
# },
|
6295
|
+
# ],
|
6296
|
+
# topic_name: "NonEmptyString",
|
6297
|
+
# owner: "NonEmptyString",
|
6298
|
+
# },
|
6299
|
+
# aws_sqs_queue: {
|
6300
|
+
# kms_data_key_reuse_period_seconds: 1,
|
6301
|
+
# kms_master_key_id: "NonEmptyString",
|
6302
|
+
# queue_name: "NonEmptyString",
|
6303
|
+
# dead_letter_target_arn: "NonEmptyString",
|
4876
6304
|
# },
|
4877
6305
|
# container: {
|
4878
6306
|
# name: "NonEmptyString",
|
@@ -4885,10 +6313,18 @@ module Aws::SecurityHub
|
|
4885
6313
|
# },
|
4886
6314
|
# }
|
4887
6315
|
#
|
6316
|
+
# @!attribute [rw] aws_cloud_front_distribution
|
6317
|
+
# Details about a CloudFront distribution.
|
6318
|
+
# @return [Types::AwsCloudFrontDistributionDetails]
|
6319
|
+
#
|
4888
6320
|
# @!attribute [rw] aws_ec2_instance
|
4889
6321
|
# Details about an Amazon EC2 instance related to a finding.
|
4890
6322
|
# @return [Types::AwsEc2InstanceDetails]
|
4891
6323
|
#
|
6324
|
+
# @!attribute [rw] aws_elbv_2_load_balancer
|
6325
|
+
# Details about a load balancer.
|
6326
|
+
# @return [Types::AwsElbv2LoadBalancerDetails]
|
6327
|
+
#
|
4892
6328
|
# @!attribute [rw] aws_s3_bucket
|
4893
6329
|
# Details about an Amazon S3 Bucket related to a finding.
|
4894
6330
|
# @return [Types::AwsS3BucketDetails]
|
@@ -4897,6 +6333,26 @@ module Aws::SecurityHub
|
|
4897
6333
|
# Details about an IAM access key related to a finding.
|
4898
6334
|
# @return [Types::AwsIamAccessKeyDetails]
|
4899
6335
|
#
|
6336
|
+
# @!attribute [rw] aws_iam_role
|
6337
|
+
# Details about an IAM role.
|
6338
|
+
# @return [Types::AwsIamRoleDetails]
|
6339
|
+
#
|
6340
|
+
# @!attribute [rw] aws_kms_key
|
6341
|
+
# Details about a KMS key.
|
6342
|
+
# @return [Types::AwsKmsKeyDetails]
|
6343
|
+
#
|
6344
|
+
# @!attribute [rw] aws_lambda_function
|
6345
|
+
# Details about a Lambda function.
|
6346
|
+
# @return [Types::AwsLambdaFunctionDetails]
|
6347
|
+
#
|
6348
|
+
# @!attribute [rw] aws_sns_topic
|
6349
|
+
# Details about an SNS topic.
|
6350
|
+
# @return [Types::AwsSnsTopicDetails]
|
6351
|
+
#
|
6352
|
+
# @!attribute [rw] aws_sqs_queue
|
6353
|
+
# Details about an SQS queue.
|
6354
|
+
# @return [Types::AwsSqsQueueDetails]
|
6355
|
+
#
|
4900
6356
|
# @!attribute [rw] container
|
4901
6357
|
# Details about a container resource related to a finding.
|
4902
6358
|
# @return [Types::ContainerDetails]
|
@@ -4908,9 +6364,16 @@ module Aws::SecurityHub
|
|
4908
6364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
4909
6365
|
#
|
4910
6366
|
class ResourceDetails < Struct.new(
|
6367
|
+
:aws_cloud_front_distribution,
|
4911
6368
|
:aws_ec2_instance,
|
6369
|
+
:aws_elbv_2_load_balancer,
|
4912
6370
|
:aws_s3_bucket,
|
4913
6371
|
:aws_iam_access_key,
|
6372
|
+
:aws_iam_role,
|
6373
|
+
:aws_kms_key,
|
6374
|
+
:aws_lambda_function,
|
6375
|
+
:aws_sns_topic,
|
6376
|
+
:aws_sqs_queue,
|
4914
6377
|
:container,
|
4915
6378
|
:other)
|
4916
6379
|
include Aws::Structure
|