aws-sdk-securityhub 1.14.0 → 1.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-securityhub.rb +1 -1
  3. data/lib/aws-sdk-securityhub/client.rb +211 -3
  4. data/lib/aws-sdk-securityhub/client_api.rb +174 -1
  5. data/lib/aws-sdk-securityhub/types.rb +1525 -62
  6. metadata +2 -2
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -103,103 +103,876 @@ module Aws::SecurityHub
103
103
  include Aws::Structure
104
104
  end
105
105
 
106
+ # Information about an Availability Zone.
107
+ #
108
+ # @note When making an API call, you may pass AvailabilityZone
109
+ # data as a hash:
110
+ #
111
+ # {
112
+ # zone_name: "NonEmptyString",
113
+ # subnet_id: "NonEmptyString",
114
+ # }
115
+ #
116
+ # @!attribute [rw] zone_name
117
+ # The name of the Availability Zone.
118
+ # @return [String]
119
+ #
120
+ # @!attribute [rw] subnet_id
121
+ # The ID of the subnet. You can specify one subnet per Availability
122
+ # Zone.
123
+ # @return [String]
124
+ #
125
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AvailabilityZone AWS API Documentation
126
+ #
127
+ class AvailabilityZone < Struct.new(
128
+ :zone_name,
129
+ :subnet_id)
130
+ include Aws::Structure
131
+ end
132
+
133
+ # A distribution configuration.
134
+ #
135
+ # @note When making an API call, you may pass AwsCloudFrontDistributionDetails
136
+ # data as a hash:
137
+ #
138
+ # {
139
+ # domain_name: "NonEmptyString",
140
+ # etag: "NonEmptyString",
141
+ # last_modified_time: "NonEmptyString",
142
+ # logging: {
143
+ # bucket: "NonEmptyString",
144
+ # enabled: false,
145
+ # include_cookies: false,
146
+ # prefix: "NonEmptyString",
147
+ # },
148
+ # origins: {
149
+ # items: [
150
+ # {
151
+ # domain_name: "NonEmptyString",
152
+ # id: "NonEmptyString",
153
+ # origin_path: "NonEmptyString",
154
+ # },
155
+ # ],
156
+ # },
157
+ # status: "NonEmptyString",
158
+ # web_acl_id: "NonEmptyString",
159
+ # }
160
+ #
161
+ # @!attribute [rw] domain_name
162
+ # The domain name corresponding to the distribution.
163
+ # @return [String]
164
+ #
165
+ # @!attribute [rw] etag
166
+ # The entity tag is a hash of the object.
167
+ # @return [String]
168
+ #
169
+ # @!attribute [rw] last_modified_time
170
+ # The date and time that the distribution was last modified.
171
+ # @return [String]
172
+ #
173
+ # @!attribute [rw] logging
174
+ # A complex type that controls whether access logs are written for the
175
+ # distribution.
176
+ # @return [Types::AwsCloudFrontDistributionLogging]
177
+ #
178
+ # @!attribute [rw] origins
179
+ # A complex type that contains information about origins for this
180
+ # distribution.
181
+ # @return [Types::AwsCloudFrontDistributionOrigins]
182
+ #
183
+ # @!attribute [rw] status
184
+ # Indicates the current status of the distribution.
185
+ # @return [String]
186
+ #
187
+ # @!attribute [rw] web_acl_id
188
+ # A unique identifier that specifies the AWS WAF web ACL, if any, to
189
+ # associate with this distribution.
190
+ # @return [String]
191
+ #
192
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionDetails AWS API Documentation
193
+ #
194
+ class AwsCloudFrontDistributionDetails < Struct.new(
195
+ :domain_name,
196
+ :etag,
197
+ :last_modified_time,
198
+ :logging,
199
+ :origins,
200
+ :status,
201
+ :web_acl_id)
202
+ include Aws::Structure
203
+ end
204
+
205
+ # A complex type that controls whether access logs are written for the
206
+ # distribution.
207
+ #
208
+ # @note When making an API call, you may pass AwsCloudFrontDistributionLogging
209
+ # data as a hash:
210
+ #
211
+ # {
212
+ # bucket: "NonEmptyString",
213
+ # enabled: false,
214
+ # include_cookies: false,
215
+ # prefix: "NonEmptyString",
216
+ # }
217
+ #
218
+ # @!attribute [rw] bucket
219
+ # The Amazon S3 bucket to store the access logs in.
220
+ # @return [String]
221
+ #
222
+ # @!attribute [rw] enabled
223
+ # With this field, you can enable or disable the selected
224
+ # distribution.
225
+ # @return [Boolean]
226
+ #
227
+ # @!attribute [rw] include_cookies
228
+ # Specifies whether you want CloudFront to include cookies in access
229
+ # logs.
230
+ # @return [Boolean]
231
+ #
232
+ # @!attribute [rw] prefix
233
+ # An optional string that you want CloudFront to prefix to the access
234
+ # log filenames for this distribution.
235
+ # @return [String]
236
+ #
237
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionLogging AWS API Documentation
238
+ #
239
+ class AwsCloudFrontDistributionLogging < Struct.new(
240
+ :bucket,
241
+ :enabled,
242
+ :include_cookies,
243
+ :prefix)
244
+ include Aws::Structure
245
+ end
246
+
247
+ # A complex type that describes the Amazon S3 bucket, HTTP server (for
248
+ # example, a web server), Amazon MediaStore, or other server from which
249
+ # CloudFront gets your files.
250
+ #
251
+ # @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
252
+ # data as a hash:
253
+ #
254
+ # {
255
+ # domain_name: "NonEmptyString",
256
+ # id: "NonEmptyString",
257
+ # origin_path: "NonEmptyString",
258
+ # }
259
+ #
260
+ # @!attribute [rw] domain_name
261
+ # Amazon S3 origins: The DNS name of the Amazon S3 bucket from which
262
+ # you want CloudFront to get objects for this origin.
263
+ # @return [String]
264
+ #
265
+ # @!attribute [rw] id
266
+ # A unique identifier for the origin or origin group.
267
+ # @return [String]
268
+ #
269
+ # @!attribute [rw] origin_path
270
+ # An optional element that causes CloudFront to request your content
271
+ # from a directory in your Amazon S3 bucket or your custom origin.
272
+ # @return [String]
273
+ #
274
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginItem AWS API Documentation
275
+ #
276
+ class AwsCloudFrontDistributionOriginItem < Struct.new(
277
+ :domain_name,
278
+ :id,
279
+ :origin_path)
280
+ include Aws::Structure
281
+ end
282
+
283
+ # A complex type that contains information about origins and origin
284
+ # groups for this distribution.
285
+ #
286
+ # @note When making an API call, you may pass AwsCloudFrontDistributionOrigins
287
+ # data as a hash:
288
+ #
289
+ # {
290
+ # items: [
291
+ # {
292
+ # domain_name: "NonEmptyString",
293
+ # id: "NonEmptyString",
294
+ # origin_path: "NonEmptyString",
295
+ # },
296
+ # ],
297
+ # }
298
+ #
299
+ # @!attribute [rw] items
300
+ # A complex type that contains origins or origin groups for this
301
+ # distribution.
302
+ # @return [Array<Types::AwsCloudFrontDistributionOriginItem>]
303
+ #
304
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOrigins AWS API Documentation
305
+ #
306
+ class AwsCloudFrontDistributionOrigins < Struct.new(
307
+ :items)
308
+ include Aws::Structure
309
+ end
310
+
106
311
  # The details of an Amazon EC2 instance.
107
312
  #
108
313
  # @note When making an API call, you may pass AwsEc2InstanceDetails
109
314
  # data as a hash:
110
315
  #
111
316
  # {
112
- # type: "NonEmptyString",
113
- # image_id: "NonEmptyString",
114
- # ip_v4_addresses: ["NonEmptyString"],
115
- # ip_v6_addresses: ["NonEmptyString"],
116
- # key_name: "NonEmptyString",
117
- # iam_instance_profile_arn: "NonEmptyString",
118
- # vpc_id: "NonEmptyString",
119
- # subnet_id: "NonEmptyString",
120
- # launched_at: "NonEmptyString",
317
+ # type: "NonEmptyString",
318
+ # image_id: "NonEmptyString",
319
+ # ip_v4_addresses: ["NonEmptyString"],
320
+ # ip_v6_addresses: ["NonEmptyString"],
321
+ # key_name: "NonEmptyString",
322
+ # iam_instance_profile_arn: "NonEmptyString",
323
+ # vpc_id: "NonEmptyString",
324
+ # subnet_id: "NonEmptyString",
325
+ # launched_at: "NonEmptyString",
326
+ # }
327
+ #
328
+ # @!attribute [rw] type
329
+ # The instance type of the instance.
330
+ # @return [String]
331
+ #
332
+ # @!attribute [rw] image_id
333
+ # The Amazon Machine Image (AMI) ID of the instance.
334
+ # @return [String]
335
+ #
336
+ # @!attribute [rw] ip_v4_addresses
337
+ # The IPv4 addresses associated with the instance.
338
+ # @return [Array<String>]
339
+ #
340
+ # @!attribute [rw] ip_v6_addresses
341
+ # The IPv6 addresses associated with the instance.
342
+ # @return [Array<String>]
343
+ #
344
+ # @!attribute [rw] key_name
345
+ # The key name associated with the instance.
346
+ # @return [String]
347
+ #
348
+ # @!attribute [rw] iam_instance_profile_arn
349
+ # The IAM profile ARN of the instance.
350
+ # @return [String]
351
+ #
352
+ # @!attribute [rw] vpc_id
353
+ # The identifier of the VPC that the instance was launched in.
354
+ # @return [String]
355
+ #
356
+ # @!attribute [rw] subnet_id
357
+ # The identifier of the subnet that the instance was launched in.
358
+ # @return [String]
359
+ #
360
+ # @!attribute [rw] launched_at
361
+ # The date/time the instance was launched.
362
+ # @return [String]
363
+ #
364
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
365
+ #
366
+ class AwsEc2InstanceDetails < Struct.new(
367
+ :type,
368
+ :image_id,
369
+ :ip_v4_addresses,
370
+ :ip_v6_addresses,
371
+ :key_name,
372
+ :iam_instance_profile_arn,
373
+ :vpc_id,
374
+ :subnet_id,
375
+ :launched_at)
376
+ include Aws::Structure
377
+ end
378
+
379
+ # Information about a load balancer.
380
+ #
381
+ # @note When making an API call, you may pass AwsElbv2LoadBalancerDetails
382
+ # data as a hash:
383
+ #
384
+ # {
385
+ # availability_zones: [
386
+ # {
387
+ # zone_name: "NonEmptyString",
388
+ # subnet_id: "NonEmptyString",
389
+ # },
390
+ # ],
391
+ # canonical_hosted_zone_id: "NonEmptyString",
392
+ # created_time: "NonEmptyString",
393
+ # dns_name: "NonEmptyString",
394
+ # ip_address_type: "NonEmptyString",
395
+ # scheme: "NonEmptyString",
396
+ # security_groups: ["NonEmptyString"],
397
+ # state: {
398
+ # code: "NonEmptyString",
399
+ # reason: "NonEmptyString",
400
+ # },
401
+ # type: "NonEmptyString",
402
+ # vpc_id: "NonEmptyString",
403
+ # }
404
+ #
405
+ # @!attribute [rw] availability_zones
406
+ # The Availability Zones for the load balancer.
407
+ # @return [Array<Types::AvailabilityZone>]
408
+ #
409
+ # @!attribute [rw] canonical_hosted_zone_id
410
+ # The ID of the Amazon Route 53 hosted zone associated with the load
411
+ # balancer.
412
+ # @return [String]
413
+ #
414
+ # @!attribute [rw] created_time
415
+ # The date and time the load balancer was created.
416
+ # @return [String]
417
+ #
418
+ # @!attribute [rw] dns_name
419
+ # The public DNS name of the load balancer.
420
+ # @return [String]
421
+ #
422
+ # @!attribute [rw] ip_address_type
423
+ # The type of IP addresses used by the subnets for your load balancer.
424
+ # The possible values are ipv4 (for IPv4 addresses) and dualstack (for
425
+ # IPv4 and IPv6 addresses).
426
+ # @return [String]
427
+ #
428
+ # @!attribute [rw] scheme
429
+ # The nodes of an Internet-facing load balancer have public IP
430
+ # addresses.
431
+ # @return [String]
432
+ #
433
+ # @!attribute [rw] security_groups
434
+ # The IDs of the security groups for the load balancer.
435
+ # @return [Array<String>]
436
+ #
437
+ # @!attribute [rw] state
438
+ # The state of the load balancer.
439
+ # @return [Types::LoadBalancerState]
440
+ #
441
+ # @!attribute [rw] type
442
+ # The type of load balancer.
443
+ # @return [String]
444
+ #
445
+ # @!attribute [rw] vpc_id
446
+ # The ID of the VPC for the load balancer.
447
+ # @return [String]
448
+ #
449
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbv2LoadBalancerDetails AWS API Documentation
450
+ #
451
+ class AwsElbv2LoadBalancerDetails < Struct.new(
452
+ :availability_zones,
453
+ :canonical_hosted_zone_id,
454
+ :created_time,
455
+ :dns_name,
456
+ :ip_address_type,
457
+ :scheme,
458
+ :security_groups,
459
+ :state,
460
+ :type,
461
+ :vpc_id)
462
+ include Aws::Structure
463
+ end
464
+
465
+ # IAM access key details related to a finding.
466
+ #
467
+ # @note When making an API call, you may pass AwsIamAccessKeyDetails
468
+ # data as a hash:
469
+ #
470
+ # {
471
+ # user_name: "NonEmptyString",
472
+ # status: "Active", # accepts Active, Inactive
473
+ # created_at: "NonEmptyString",
474
+ # principal_id: "NonEmptyString",
475
+ # principal_type: "NonEmptyString",
476
+ # principal_name: "NonEmptyString",
477
+ # }
478
+ #
479
+ # @!attribute [rw] user_name
480
+ # The user associated with the IAM access key related to a finding.
481
+ #
482
+ # The `UserName` parameter has been replaced with the `PrincipalName`
483
+ # parameter because access keys can also be assigned to principals
484
+ # that are not IAM users.
485
+ # @return [String]
486
+ #
487
+ # @!attribute [rw] status
488
+ # The status of the IAM access key related to a finding.
489
+ # @return [String]
490
+ #
491
+ # @!attribute [rw] created_at
492
+ # The creation date/time of the IAM access key related to a finding.
493
+ # @return [String]
494
+ #
495
+ # @!attribute [rw] principal_id
496
+ # The ID of the principal associated with an access key.
497
+ # @return [String]
498
+ #
499
+ # @!attribute [rw] principal_type
500
+ # The type of principal associated with an access key.
501
+ # @return [String]
502
+ #
503
+ # @!attribute [rw] principal_name
504
+ # The name of the principal.
505
+ # @return [String]
506
+ #
507
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation
508
+ #
509
+ class AwsIamAccessKeyDetails < Struct.new(
510
+ :user_name,
511
+ :status,
512
+ :created_at,
513
+ :principal_id,
514
+ :principal_type,
515
+ :principal_name)
516
+ include Aws::Structure
517
+ end
518
+
519
+ # Contains information about an IAM role, including all of the role's
520
+ # policies.
521
+ #
522
+ # @note When making an API call, you may pass AwsIamRoleDetails
523
+ # data as a hash:
524
+ #
525
+ # {
526
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
527
+ # create_date: "NonEmptyString",
528
+ # role_id: "NonEmptyString",
529
+ # role_name: "NonEmptyString",
530
+ # max_session_duration: 1,
531
+ # path: "NonEmptyString",
532
+ # }
533
+ #
534
+ # @!attribute [rw] assume_role_policy_document
535
+ # The trust policy that grants permission to assume the role.
536
+ # @return [String]
537
+ #
538
+ # @!attribute [rw] create_date
539
+ # The date and time, in ISO 8601 date-time format, when the role was
540
+ # created.
541
+ # @return [String]
542
+ #
543
+ # @!attribute [rw] role_id
544
+ # The stable and unique string identifying the role.
545
+ # @return [String]
546
+ #
547
+ # @!attribute [rw] role_name
548
+ # The friendly name that identifies the role.
549
+ # @return [String]
550
+ #
551
+ # @!attribute [rw] max_session_duration
552
+ # The maximum session duration (in seconds) that you want to set for
553
+ # the specified role.
554
+ # @return [Integer]
555
+ #
556
+ # @!attribute [rw] path
557
+ # The path to the role.
558
+ # @return [String]
559
+ #
560
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamRoleDetails AWS API Documentation
561
+ #
562
+ class AwsIamRoleDetails < Struct.new(
563
+ :assume_role_policy_document,
564
+ :create_date,
565
+ :role_id,
566
+ :role_name,
567
+ :max_session_duration,
568
+ :path)
569
+ include Aws::Structure
570
+ end
571
+
572
+ # Contains metadata about a customer master key (CMK).
573
+ #
574
+ # @note When making an API call, you may pass AwsKmsKeyDetails
575
+ # data as a hash:
576
+ #
577
+ # {
578
+ # aws_account_id: "NonEmptyString",
579
+ # creation_date: 1.0,
580
+ # key_id: "NonEmptyString",
581
+ # key_manager: "NonEmptyString",
582
+ # key_state: "NonEmptyString",
583
+ # origin: "NonEmptyString",
584
+ # }
585
+ #
586
+ # @!attribute [rw] aws_account_id
587
+ # The twelve-digit account ID of the AWS account that owns the CMK.
588
+ # @return [String]
589
+ #
590
+ # @!attribute [rw] creation_date
591
+ # The date and time when the CMK was created.
592
+ # @return [Float]
593
+ #
594
+ # @!attribute [rw] key_id
595
+ # The globally unique identifier for the CMK.
596
+ # @return [String]
597
+ #
598
+ # @!attribute [rw] key_manager
599
+ # The manager of the CMK. CMKs in your AWS account are either customer
600
+ # managed or AWS managed.
601
+ # @return [String]
602
+ #
603
+ # @!attribute [rw] key_state
604
+ # The state of the CMK.
605
+ # @return [String]
606
+ #
607
+ # @!attribute [rw] origin
608
+ # The source of the CMK's key material. When this value is AWS\_KMS,
609
+ # AWS KMS created the key material. When this value is EXTERNAL, the
610
+ # key material was imported from your existing key management
611
+ # infrastructure or the CMK lacks key material. When this value is
612
+ # AWS\_CLOUDHSM, the key material was created in the AWS CloudHSM
613
+ # cluster associated with a custom key store.
614
+ # @return [String]
615
+ #
616
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKmsKeyDetails AWS API Documentation
617
+ #
618
+ class AwsKmsKeyDetails < Struct.new(
619
+ :aws_account_id,
620
+ :creation_date,
621
+ :key_id,
622
+ :key_manager,
623
+ :key_state,
624
+ :origin)
625
+ include Aws::Structure
626
+ end
627
+
628
+ # The code for the Lambda function. You can specify either an object in
629
+ # Amazon S3, or upload a deployment package directly.
630
+ #
631
+ # @note When making an API call, you may pass AwsLambdaFunctionCode
632
+ # data as a hash:
633
+ #
634
+ # {
635
+ # s3_bucket: "NonEmptyString",
636
+ # s3_key: "NonEmptyString",
637
+ # s3_object_version: "NonEmptyString",
638
+ # zip_file: "NonEmptyString",
639
+ # }
640
+ #
641
+ # @!attribute [rw] s3_bucket
642
+ # An Amazon S3 bucket in the same AWS Region as your function. The
643
+ # bucket can be in a different AWS account.
644
+ # @return [String]
645
+ #
646
+ # @!attribute [rw] s3_key
647
+ # The Amazon S3 key of the deployment package.
648
+ # @return [String]
649
+ #
650
+ # @!attribute [rw] s3_object_version
651
+ # For versioned objects, the version of the deployment package object
652
+ # to use.
653
+ # @return [String]
654
+ #
655
+ # @!attribute [rw] zip_file
656
+ # The base64-encoded contents of the deployment package. AWS SDK and
657
+ # AWS CLI clients handle the encoding for you.
658
+ # @return [String]
659
+ #
660
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionCode AWS API Documentation
661
+ #
662
+ class AwsLambdaFunctionCode < Struct.new(
663
+ :s3_bucket,
664
+ :s3_key,
665
+ :s3_object_version,
666
+ :zip_file)
667
+ include Aws::Structure
668
+ end
669
+
670
+ # The dead-letter queue for failed asynchronous invocations.
671
+ #
672
+ # @note When making an API call, you may pass AwsLambdaFunctionDeadLetterConfig
673
+ # data as a hash:
674
+ #
675
+ # {
676
+ # target_arn: "NonEmptyString",
677
+ # }
678
+ #
679
+ # @!attribute [rw] target_arn
680
+ # The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS
681
+ # topic.
682
+ # @return [String]
683
+ #
684
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDeadLetterConfig AWS API Documentation
685
+ #
686
+ class AwsLambdaFunctionDeadLetterConfig < Struct.new(
687
+ :target_arn)
688
+ include Aws::Structure
689
+ end
690
+
691
+ # Details about a function's configuration.
692
+ #
693
+ # @note When making an API call, you may pass AwsLambdaFunctionDetails
694
+ # data as a hash:
695
+ #
696
+ # {
697
+ # code: {
698
+ # s3_bucket: "NonEmptyString",
699
+ # s3_key: "NonEmptyString",
700
+ # s3_object_version: "NonEmptyString",
701
+ # zip_file: "NonEmptyString",
702
+ # },
703
+ # code_sha_256: "NonEmptyString",
704
+ # dead_letter_config: {
705
+ # target_arn: "NonEmptyString",
706
+ # },
707
+ # environment: {
708
+ # variables: {
709
+ # "NonEmptyString" => "NonEmptyString",
710
+ # },
711
+ # error: {
712
+ # error_code: "NonEmptyString",
713
+ # message: "NonEmptyString",
714
+ # },
715
+ # },
716
+ # function_name: "NonEmptyString",
717
+ # handler: "NonEmptyString",
718
+ # kms_key_arn: "NonEmptyString",
719
+ # last_modified: "NonEmptyString",
720
+ # layers: [
721
+ # {
722
+ # arn: "NonEmptyString",
723
+ # code_size: 1,
724
+ # },
725
+ # ],
726
+ # master_arn: "NonEmptyString",
727
+ # memory_size: 1,
728
+ # revision_id: "NonEmptyString",
729
+ # role: "NonEmptyString",
730
+ # runtime: "NonEmptyString",
731
+ # timeout: 1,
732
+ # tracing_config: {
733
+ # mode: "NonEmptyString",
734
+ # },
735
+ # vpc_config: {
736
+ # security_group_ids: ["NonEmptyString"],
737
+ # subnet_ids: ["NonEmptyString"],
738
+ # vpc_id: "NonEmptyString",
739
+ # },
740
+ # version: "NonEmptyString",
741
+ # }
742
+ #
743
+ # @!attribute [rw] code
744
+ # An `AwsLambdaFunctionCode` object.
745
+ # @return [Types::AwsLambdaFunctionCode]
746
+ #
747
+ # @!attribute [rw] code_sha_256
748
+ # The SHA256 hash of the function's deployment package.
749
+ # @return [String]
750
+ #
751
+ # @!attribute [rw] dead_letter_config
752
+ # The function's dead letter queue.
753
+ # @return [Types::AwsLambdaFunctionDeadLetterConfig]
754
+ #
755
+ # @!attribute [rw] environment
756
+ # The function's environment variables.
757
+ # @return [Types::AwsLambdaFunctionEnvironment]
758
+ #
759
+ # @!attribute [rw] function_name
760
+ # The name of the function.
761
+ # @return [String]
762
+ #
763
+ # @!attribute [rw] handler
764
+ # The function that Lambda calls to begin executing your function.
765
+ # @return [String]
766
+ #
767
+ # @!attribute [rw] kms_key_arn
768
+ # The KMS key that's used to encrypt the function's environment
769
+ # variables. This key is only returned if you've configured a
770
+ # customer managed CMK.
771
+ # @return [String]
772
+ #
773
+ # @!attribute [rw] last_modified
774
+ # The date and time that the function was last updated, in ISO-8601
775
+ # format (YYYY-MM-DDThh:mm:ss.sTZD).
776
+ # @return [String]
777
+ #
778
+ # @!attribute [rw] layers
779
+ # The function's layers.
780
+ # @return [Array<Types::AwsLambdaFunctionLayer>]
781
+ #
782
+ # @!attribute [rw] master_arn
783
+ # For Lambda@Edge functions, the ARN of the master function.
784
+ # @return [String]
785
+ #
786
+ # @!attribute [rw] memory_size
787
+ # The memory that's allocated to the function.
788
+ # @return [Integer]
789
+ #
790
+ # @!attribute [rw] revision_id
791
+ # The latest updated revision of the function or alias.
792
+ # @return [String]
793
+ #
794
+ # @!attribute [rw] role
795
+ # The function's execution role.
796
+ # @return [String]
797
+ #
798
+ # @!attribute [rw] runtime
799
+ # The runtime environment for the Lambda function.
800
+ # @return [String]
801
+ #
802
+ # @!attribute [rw] timeout
803
+ # The amount of time that Lambda allows a function to run before
804
+ # stopping it.
805
+ # @return [Integer]
806
+ #
807
+ # @!attribute [rw] tracing_config
808
+ # The function's AWS X-Ray tracing configuration.
809
+ # @return [Types::AwsLambdaFunctionTracingConfig]
810
+ #
811
+ # @!attribute [rw] vpc_config
812
+ # The function's networking configuration.
813
+ # @return [Types::AwsLambdaFunctionVpcConfig]
814
+ #
815
+ # @!attribute [rw] version
816
+ # The version of the Lambda function.
817
+ # @return [String]
818
+ #
819
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDetails AWS API Documentation
820
+ #
821
+ class AwsLambdaFunctionDetails < Struct.new(
822
+ :code,
823
+ :code_sha_256,
824
+ :dead_letter_config,
825
+ :environment,
826
+ :function_name,
827
+ :handler,
828
+ :kms_key_arn,
829
+ :last_modified,
830
+ :layers,
831
+ :master_arn,
832
+ :memory_size,
833
+ :revision_id,
834
+ :role,
835
+ :runtime,
836
+ :timeout,
837
+ :tracing_config,
838
+ :vpc_config,
839
+ :version)
840
+ include Aws::Structure
841
+ end
842
+
843
+ # A function's environment variable settings.
844
+ #
845
+ # @note When making an API call, you may pass AwsLambdaFunctionEnvironment
846
+ # data as a hash:
847
+ #
848
+ # {
849
+ # variables: {
850
+ # "NonEmptyString" => "NonEmptyString",
851
+ # },
852
+ # error: {
853
+ # error_code: "NonEmptyString",
854
+ # message: "NonEmptyString",
855
+ # },
856
+ # }
857
+ #
858
+ # @!attribute [rw] variables
859
+ # Environment variable key-value pairs.
860
+ # @return [Hash<String,String>]
861
+ #
862
+ # @!attribute [rw] error
863
+ # An `AwsLambdaFunctionEnvironmentError` object.
864
+ # @return [Types::AwsLambdaFunctionEnvironmentError]
865
+ #
866
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironment AWS API Documentation
867
+ #
868
+ class AwsLambdaFunctionEnvironment < Struct.new(
869
+ :variables,
870
+ :error)
871
+ include Aws::Structure
872
+ end
873
+
874
+ # Error messages for environment variables that couldn't be applied.
875
+ #
876
+ # @note When making an API call, you may pass AwsLambdaFunctionEnvironmentError
877
+ # data as a hash:
878
+ #
879
+ # {
880
+ # error_code: "NonEmptyString",
881
+ # message: "NonEmptyString",
121
882
  # }
122
883
  #
123
- # @!attribute [rw] type
124
- # The instance type of the instance.
884
+ # @!attribute [rw] error_code
885
+ # The error code.
125
886
  # @return [String]
126
887
  #
127
- # @!attribute [rw] image_id
128
- # The Amazon Machine Image (AMI) ID of the instance.
888
+ # @!attribute [rw] message
889
+ # The error message.
129
890
  # @return [String]
130
891
  #
131
- # @!attribute [rw] ip_v4_addresses
132
- # The IPv4 addresses associated with the instance.
133
- # @return [Array<String>]
892
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironmentError AWS API Documentation
134
893
  #
135
- # @!attribute [rw] ip_v6_addresses
136
- # The IPv6 addresses associated with the instance.
137
- # @return [Array<String>]
894
+ class AwsLambdaFunctionEnvironmentError < Struct.new(
895
+ :error_code,
896
+ :message)
897
+ include Aws::Structure
898
+ end
899
+
900
+ # An AWS Lambda layer.
138
901
  #
139
- # @!attribute [rw] key_name
140
- # The key name associated with the instance.
141
- # @return [String]
902
+ # @note When making an API call, you may pass AwsLambdaFunctionLayer
903
+ # data as a hash:
142
904
  #
143
- # @!attribute [rw] iam_instance_profile_arn
144
- # The IAM profile ARN of the instance.
145
- # @return [String]
905
+ # {
906
+ # arn: "NonEmptyString",
907
+ # code_size: 1,
908
+ # }
146
909
  #
147
- # @!attribute [rw] vpc_id
148
- # The identifier of the VPC that the instance was launched in.
910
+ # @!attribute [rw] arn
911
+ # The Amazon Resource Name (ARN) of the function layer.
149
912
  # @return [String]
150
913
  #
151
- # @!attribute [rw] subnet_id
152
- # The identifier of the subnet that the instance was launched in.
153
- # @return [String]
914
+ # @!attribute [rw] code_size
915
+ # The size of the layer archive in bytes.
916
+ # @return [Integer]
154
917
  #
155
- # @!attribute [rw] launched_at
156
- # The date/time the instance was launched.
918
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionLayer AWS API Documentation
919
+ #
920
+ class AwsLambdaFunctionLayer < Struct.new(
921
+ :arn,
922
+ :code_size)
923
+ include Aws::Structure
924
+ end
925
+
926
+ # The function's AWS X-Ray tracing configuration.
927
+ #
928
+ # @note When making an API call, you may pass AwsLambdaFunctionTracingConfig
929
+ # data as a hash:
930
+ #
931
+ # {
932
+ # mode: "NonEmptyString",
933
+ # }
934
+ #
935
+ # @!attribute [rw] mode
936
+ # The tracing mode.
157
937
  # @return [String]
158
938
  #
159
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
939
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionTracingConfig AWS API Documentation
160
940
  #
161
- class AwsEc2InstanceDetails < Struct.new(
162
- :type,
163
- :image_id,
164
- :ip_v4_addresses,
165
- :ip_v6_addresses,
166
- :key_name,
167
- :iam_instance_profile_arn,
168
- :vpc_id,
169
- :subnet_id,
170
- :launched_at)
941
+ class AwsLambdaFunctionTracingConfig < Struct.new(
942
+ :mode)
171
943
  include Aws::Structure
172
944
  end
173
945
 
174
- # IAM access key details related to a finding.
946
+ # The VPC security groups and subnets that are attached to a Lambda
947
+ # function. For more information, see VPC Settings.
175
948
  #
176
- # @note When making an API call, you may pass AwsIamAccessKeyDetails
949
+ # @note When making an API call, you may pass AwsLambdaFunctionVpcConfig
177
950
  # data as a hash:
178
951
  #
179
952
  # {
180
- # user_name: "NonEmptyString",
181
- # status: "Active", # accepts Active, Inactive
182
- # created_at: "NonEmptyString",
953
+ # security_group_ids: ["NonEmptyString"],
954
+ # subnet_ids: ["NonEmptyString"],
955
+ # vpc_id: "NonEmptyString",
183
956
  # }
184
957
  #
185
- # @!attribute [rw] user_name
186
- # The user associated with the IAM access key related to a finding.
187
- # @return [String]
958
+ # @!attribute [rw] security_group_ids
959
+ # A list of VPC security groups IDs.
960
+ # @return [Array<String>]
188
961
  #
189
- # @!attribute [rw] status
190
- # The status of the IAM access key related to a finding.
191
- # @return [String]
962
+ # @!attribute [rw] subnet_ids
963
+ # A list of VPC subnet IDs.
964
+ # @return [Array<String>]
192
965
  #
193
- # @!attribute [rw] created_at
194
- # The creation date/time of the IAM access key related to a finding.
966
+ # @!attribute [rw] vpc_id
967
+ # The ID of the VPC.
195
968
  # @return [String]
196
969
  #
197
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation
970
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionVpcConfig AWS API Documentation
198
971
  #
199
- class AwsIamAccessKeyDetails < Struct.new(
200
- :user_name,
201
- :status,
202
- :created_at)
972
+ class AwsLambdaFunctionVpcConfig < Struct.new(
973
+ :security_group_ids,
974
+ :subnet_ids,
975
+ :vpc_id)
203
976
  include Aws::Structure
204
977
  end
205
978
 
@@ -324,6 +1097,28 @@ module Aws::SecurityHub
324
1097
  # "NonEmptyString" => "NonEmptyString",
325
1098
  # },
326
1099
  # details: {
1100
+ # aws_cloud_front_distribution: {
1101
+ # domain_name: "NonEmptyString",
1102
+ # etag: "NonEmptyString",
1103
+ # last_modified_time: "NonEmptyString",
1104
+ # logging: {
1105
+ # bucket: "NonEmptyString",
1106
+ # enabled: false,
1107
+ # include_cookies: false,
1108
+ # prefix: "NonEmptyString",
1109
+ # },
1110
+ # origins: {
1111
+ # items: [
1112
+ # {
1113
+ # domain_name: "NonEmptyString",
1114
+ # id: "NonEmptyString",
1115
+ # origin_path: "NonEmptyString",
1116
+ # },
1117
+ # ],
1118
+ # },
1119
+ # status: "NonEmptyString",
1120
+ # web_acl_id: "NonEmptyString",
1121
+ # },
327
1122
  # aws_ec2_instance: {
328
1123
  # type: "NonEmptyString",
329
1124
  # image_id: "NonEmptyString",
@@ -335,6 +1130,26 @@ module Aws::SecurityHub
335
1130
  # subnet_id: "NonEmptyString",
336
1131
  # launched_at: "NonEmptyString",
337
1132
  # },
1133
+ # aws_elbv_2_load_balancer: {
1134
+ # availability_zones: [
1135
+ # {
1136
+ # zone_name: "NonEmptyString",
1137
+ # subnet_id: "NonEmptyString",
1138
+ # },
1139
+ # ],
1140
+ # canonical_hosted_zone_id: "NonEmptyString",
1141
+ # created_time: "NonEmptyString",
1142
+ # dns_name: "NonEmptyString",
1143
+ # ip_address_type: "NonEmptyString",
1144
+ # scheme: "NonEmptyString",
1145
+ # security_groups: ["NonEmptyString"],
1146
+ # state: {
1147
+ # code: "NonEmptyString",
1148
+ # reason: "NonEmptyString",
1149
+ # },
1150
+ # type: "NonEmptyString",
1151
+ # vpc_id: "NonEmptyString",
1152
+ # },
338
1153
  # aws_s3_bucket: {
339
1154
  # owner_id: "NonEmptyString",
340
1155
  # owner_name: "NonEmptyString",
@@ -343,6 +1158,88 @@ module Aws::SecurityHub
343
1158
  # user_name: "NonEmptyString",
344
1159
  # status: "Active", # accepts Active, Inactive
345
1160
  # created_at: "NonEmptyString",
1161
+ # principal_id: "NonEmptyString",
1162
+ # principal_type: "NonEmptyString",
1163
+ # principal_name: "NonEmptyString",
1164
+ # },
1165
+ # aws_iam_role: {
1166
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1167
+ # create_date: "NonEmptyString",
1168
+ # role_id: "NonEmptyString",
1169
+ # role_name: "NonEmptyString",
1170
+ # max_session_duration: 1,
1171
+ # path: "NonEmptyString",
1172
+ # },
1173
+ # aws_kms_key: {
1174
+ # aws_account_id: "NonEmptyString",
1175
+ # creation_date: 1.0,
1176
+ # key_id: "NonEmptyString",
1177
+ # key_manager: "NonEmptyString",
1178
+ # key_state: "NonEmptyString",
1179
+ # origin: "NonEmptyString",
1180
+ # },
1181
+ # aws_lambda_function: {
1182
+ # code: {
1183
+ # s3_bucket: "NonEmptyString",
1184
+ # s3_key: "NonEmptyString",
1185
+ # s3_object_version: "NonEmptyString",
1186
+ # zip_file: "NonEmptyString",
1187
+ # },
1188
+ # code_sha_256: "NonEmptyString",
1189
+ # dead_letter_config: {
1190
+ # target_arn: "NonEmptyString",
1191
+ # },
1192
+ # environment: {
1193
+ # variables: {
1194
+ # "NonEmptyString" => "NonEmptyString",
1195
+ # },
1196
+ # error: {
1197
+ # error_code: "NonEmptyString",
1198
+ # message: "NonEmptyString",
1199
+ # },
1200
+ # },
1201
+ # function_name: "NonEmptyString",
1202
+ # handler: "NonEmptyString",
1203
+ # kms_key_arn: "NonEmptyString",
1204
+ # last_modified: "NonEmptyString",
1205
+ # layers: [
1206
+ # {
1207
+ # arn: "NonEmptyString",
1208
+ # code_size: 1,
1209
+ # },
1210
+ # ],
1211
+ # master_arn: "NonEmptyString",
1212
+ # memory_size: 1,
1213
+ # revision_id: "NonEmptyString",
1214
+ # role: "NonEmptyString",
1215
+ # runtime: "NonEmptyString",
1216
+ # timeout: 1,
1217
+ # tracing_config: {
1218
+ # mode: "NonEmptyString",
1219
+ # },
1220
+ # vpc_config: {
1221
+ # security_group_ids: ["NonEmptyString"],
1222
+ # subnet_ids: ["NonEmptyString"],
1223
+ # vpc_id: "NonEmptyString",
1224
+ # },
1225
+ # version: "NonEmptyString",
1226
+ # },
1227
+ # aws_sns_topic: {
1228
+ # kms_master_key_id: "NonEmptyString",
1229
+ # subscription: [
1230
+ # {
1231
+ # endpoint: "NonEmptyString",
1232
+ # protocol: "NonEmptyString",
1233
+ # },
1234
+ # ],
1235
+ # topic_name: "NonEmptyString",
1236
+ # owner: "NonEmptyString",
1237
+ # },
1238
+ # aws_sqs_queue: {
1239
+ # kms_data_key_reuse_period_seconds: 1,
1240
+ # kms_master_key_id: "NonEmptyString",
1241
+ # queue_name: "NonEmptyString",
1242
+ # dead_letter_target_arn: "NonEmptyString",
346
1243
  # },
347
1244
  # container: {
348
1245
  # name: "NonEmptyString",
@@ -1590,6 +2487,120 @@ module Aws::SecurityHub
1590
2487
  include Aws::Structure
1591
2488
  end
1592
2489
 
2490
+ # A wrapper type for the topic's Amazon Resource Name (ARN).
2491
+ #
2492
+ # @note When making an API call, you may pass AwsSnsTopicDetails
2493
+ # data as a hash:
2494
+ #
2495
+ # {
2496
+ # kms_master_key_id: "NonEmptyString",
2497
+ # subscription: [
2498
+ # {
2499
+ # endpoint: "NonEmptyString",
2500
+ # protocol: "NonEmptyString",
2501
+ # },
2502
+ # ],
2503
+ # topic_name: "NonEmptyString",
2504
+ # owner: "NonEmptyString",
2505
+ # }
2506
+ #
2507
+ # @!attribute [rw] kms_master_key_id
2508
+ # The ID of an AWS-managed customer master key (CMK) for Amazon SNS or
2509
+ # a custom CMK.
2510
+ # @return [String]
2511
+ #
2512
+ # @!attribute [rw] subscription
2513
+ # Subscription is an embedded property that describes the subscription
2514
+ # endpoints of an Amazon SNS topic.
2515
+ # @return [Array<Types::AwsSnsTopicSubscription>]
2516
+ #
2517
+ # @!attribute [rw] topic_name
2518
+ # The name of the topic.
2519
+ # @return [String]
2520
+ #
2521
+ # @!attribute [rw] owner
2522
+ # The subscription's owner.
2523
+ # @return [String]
2524
+ #
2525
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicDetails AWS API Documentation
2526
+ #
2527
+ class AwsSnsTopicDetails < Struct.new(
2528
+ :kms_master_key_id,
2529
+ :subscription,
2530
+ :topic_name,
2531
+ :owner)
2532
+ include Aws::Structure
2533
+ end
2534
+
2535
+ # A wrapper type for the attributes of an Amazon SNS subscription.
2536
+ #
2537
+ # @note When making an API call, you may pass AwsSnsTopicSubscription
2538
+ # data as a hash:
2539
+ #
2540
+ # {
2541
+ # endpoint: "NonEmptyString",
2542
+ # protocol: "NonEmptyString",
2543
+ # }
2544
+ #
2545
+ # @!attribute [rw] endpoint
2546
+ # The subscription's endpoint (format depends on the protocol).
2547
+ # @return [String]
2548
+ #
2549
+ # @!attribute [rw] protocol
2550
+ # The subscription's protocol.
2551
+ # @return [String]
2552
+ #
2553
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicSubscription AWS API Documentation
2554
+ #
2555
+ class AwsSnsTopicSubscription < Struct.new(
2556
+ :endpoint,
2557
+ :protocol)
2558
+ include Aws::Structure
2559
+ end
2560
+
2561
+ # Data about a queue.
2562
+ #
2563
+ # @note When making an API call, you may pass AwsSqsQueueDetails
2564
+ # data as a hash:
2565
+ #
2566
+ # {
2567
+ # kms_data_key_reuse_period_seconds: 1,
2568
+ # kms_master_key_id: "NonEmptyString",
2569
+ # queue_name: "NonEmptyString",
2570
+ # dead_letter_target_arn: "NonEmptyString",
2571
+ # }
2572
+ #
2573
+ # @!attribute [rw] kms_data_key_reuse_period_seconds
2574
+ # The length of time, in seconds, for which Amazon SQS can reuse a
2575
+ # data key to encrypt or decrypt messages before calling AWS KMS
2576
+ # again.
2577
+ # @return [Integer]
2578
+ #
2579
+ # @!attribute [rw] kms_master_key_id
2580
+ # The ID of an AWS-managed customer master key (CMK) for Amazon SQS or
2581
+ # a custom CMK.
2582
+ # @return [String]
2583
+ #
2584
+ # @!attribute [rw] queue_name
2585
+ # The name of the new queue.
2586
+ # @return [String]
2587
+ #
2588
+ # @!attribute [rw] dead_letter_target_arn
2589
+ # The Amazon Resource Name (ARN) of the dead-letter queue to which
2590
+ # Amazon SQS moves messages after the value of maxReceiveCount is
2591
+ # exceeded.
2592
+ # @return [String]
2593
+ #
2594
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSqsQueueDetails AWS API Documentation
2595
+ #
2596
+ class AwsSqsQueueDetails < Struct.new(
2597
+ :kms_data_key_reuse_period_seconds,
2598
+ :kms_master_key_id,
2599
+ :queue_name,
2600
+ :dead_letter_target_arn)
2601
+ include Aws::Structure
2602
+ end
2603
+
1593
2604
  # @note When making an API call, you may pass BatchDisableStandardsRequest
1594
2605
  # data as a hash:
1595
2606
  #
@@ -1747,6 +2758,28 @@ module Aws::SecurityHub
1747
2758
  # "NonEmptyString" => "NonEmptyString",
1748
2759
  # },
1749
2760
  # details: {
2761
+ # aws_cloud_front_distribution: {
2762
+ # domain_name: "NonEmptyString",
2763
+ # etag: "NonEmptyString",
2764
+ # last_modified_time: "NonEmptyString",
2765
+ # logging: {
2766
+ # bucket: "NonEmptyString",
2767
+ # enabled: false,
2768
+ # include_cookies: false,
2769
+ # prefix: "NonEmptyString",
2770
+ # },
2771
+ # origins: {
2772
+ # items: [
2773
+ # {
2774
+ # domain_name: "NonEmptyString",
2775
+ # id: "NonEmptyString",
2776
+ # origin_path: "NonEmptyString",
2777
+ # },
2778
+ # ],
2779
+ # },
2780
+ # status: "NonEmptyString",
2781
+ # web_acl_id: "NonEmptyString",
2782
+ # },
1750
2783
  # aws_ec2_instance: {
1751
2784
  # type: "NonEmptyString",
1752
2785
  # image_id: "NonEmptyString",
@@ -1758,6 +2791,26 @@ module Aws::SecurityHub
1758
2791
  # subnet_id: "NonEmptyString",
1759
2792
  # launched_at: "NonEmptyString",
1760
2793
  # },
2794
+ # aws_elbv_2_load_balancer: {
2795
+ # availability_zones: [
2796
+ # {
2797
+ # zone_name: "NonEmptyString",
2798
+ # subnet_id: "NonEmptyString",
2799
+ # },
2800
+ # ],
2801
+ # canonical_hosted_zone_id: "NonEmptyString",
2802
+ # created_time: "NonEmptyString",
2803
+ # dns_name: "NonEmptyString",
2804
+ # ip_address_type: "NonEmptyString",
2805
+ # scheme: "NonEmptyString",
2806
+ # security_groups: ["NonEmptyString"],
2807
+ # state: {
2808
+ # code: "NonEmptyString",
2809
+ # reason: "NonEmptyString",
2810
+ # },
2811
+ # type: "NonEmptyString",
2812
+ # vpc_id: "NonEmptyString",
2813
+ # },
1761
2814
  # aws_s3_bucket: {
1762
2815
  # owner_id: "NonEmptyString",
1763
2816
  # owner_name: "NonEmptyString",
@@ -1766,6 +2819,88 @@ module Aws::SecurityHub
1766
2819
  # user_name: "NonEmptyString",
1767
2820
  # status: "Active", # accepts Active, Inactive
1768
2821
  # created_at: "NonEmptyString",
2822
+ # principal_id: "NonEmptyString",
2823
+ # principal_type: "NonEmptyString",
2824
+ # principal_name: "NonEmptyString",
2825
+ # },
2826
+ # aws_iam_role: {
2827
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
2828
+ # create_date: "NonEmptyString",
2829
+ # role_id: "NonEmptyString",
2830
+ # role_name: "NonEmptyString",
2831
+ # max_session_duration: 1,
2832
+ # path: "NonEmptyString",
2833
+ # },
2834
+ # aws_kms_key: {
2835
+ # aws_account_id: "NonEmptyString",
2836
+ # creation_date: 1.0,
2837
+ # key_id: "NonEmptyString",
2838
+ # key_manager: "NonEmptyString",
2839
+ # key_state: "NonEmptyString",
2840
+ # origin: "NonEmptyString",
2841
+ # },
2842
+ # aws_lambda_function: {
2843
+ # code: {
2844
+ # s3_bucket: "NonEmptyString",
2845
+ # s3_key: "NonEmptyString",
2846
+ # s3_object_version: "NonEmptyString",
2847
+ # zip_file: "NonEmptyString",
2848
+ # },
2849
+ # code_sha_256: "NonEmptyString",
2850
+ # dead_letter_config: {
2851
+ # target_arn: "NonEmptyString",
2852
+ # },
2853
+ # environment: {
2854
+ # variables: {
2855
+ # "NonEmptyString" => "NonEmptyString",
2856
+ # },
2857
+ # error: {
2858
+ # error_code: "NonEmptyString",
2859
+ # message: "NonEmptyString",
2860
+ # },
2861
+ # },
2862
+ # function_name: "NonEmptyString",
2863
+ # handler: "NonEmptyString",
2864
+ # kms_key_arn: "NonEmptyString",
2865
+ # last_modified: "NonEmptyString",
2866
+ # layers: [
2867
+ # {
2868
+ # arn: "NonEmptyString",
2869
+ # code_size: 1,
2870
+ # },
2871
+ # ],
2872
+ # master_arn: "NonEmptyString",
2873
+ # memory_size: 1,
2874
+ # revision_id: "NonEmptyString",
2875
+ # role: "NonEmptyString",
2876
+ # runtime: "NonEmptyString",
2877
+ # timeout: 1,
2878
+ # tracing_config: {
2879
+ # mode: "NonEmptyString",
2880
+ # },
2881
+ # vpc_config: {
2882
+ # security_group_ids: ["NonEmptyString"],
2883
+ # subnet_ids: ["NonEmptyString"],
2884
+ # vpc_id: "NonEmptyString",
2885
+ # },
2886
+ # version: "NonEmptyString",
2887
+ # },
2888
+ # aws_sns_topic: {
2889
+ # kms_master_key_id: "NonEmptyString",
2890
+ # subscription: [
2891
+ # {
2892
+ # endpoint: "NonEmptyString",
2893
+ # protocol: "NonEmptyString",
2894
+ # },
2895
+ # ],
2896
+ # topic_name: "NonEmptyString",
2897
+ # owner: "NonEmptyString",
2898
+ # },
2899
+ # aws_sqs_queue: {
2900
+ # kms_data_key_reuse_period_seconds: 1,
2901
+ # kms_master_key_id: "NonEmptyString",
2902
+ # queue_name: "NonEmptyString",
2903
+ # dead_letter_target_arn: "NonEmptyString",
1769
2904
  # },
1770
2905
  # container: {
1771
2906
  # name: "NonEmptyString",
@@ -1802,7 +2937,8 @@ module Aws::SecurityHub
1802
2937
  #
1803
2938
  # @!attribute [rw] findings
1804
2939
  # A list of findings to import. To successfully import a finding, it
1805
- # must follow the [AWS Security Finding Format][1].
2940
+ # must follow the [AWS Security Finding Format][1]. Maximum of 100
2941
+ # findings per request.
1806
2942
  #
1807
2943
  #
1808
2944
  #
@@ -1841,6 +2977,21 @@ module Aws::SecurityHub
1841
2977
  # against a specific rule in a supported standard (for example, CIS AWS
1842
2978
  # Foundations). Contains compliance-related finding details.
1843
2979
  #
2980
+ # Values include the following:
2981
+ #
2982
+ # * Allowed values are the following:
2983
+ #
2984
+ # * `PASSED` - Compliance check passed for all evaluated resources.
2985
+ #
2986
+ # * `WARNING` - Some information is missing or this check is not
2987
+ # supported given your configuration.
2988
+ #
2989
+ # * `FAILED` - Compliance check failed for at least one evaluated
2990
+ # resource.
2991
+ #
2992
+ # * `NOT_AVAILABLE` - Check could not be performed due to a service
2993
+ # outage or API error.
2994
+ #
1844
2995
  # @note When making an API call, you may pass Compliance
1845
2996
  # data as a hash:
1846
2997
  #
@@ -4277,6 +5428,35 @@ module Aws::SecurityHub
4277
5428
  include Aws::Structure
4278
5429
  end
4279
5430
 
5431
+ # Information about the state of the load balancer.
5432
+ #
5433
+ # @note When making an API call, you may pass LoadBalancerState
5434
+ # data as a hash:
5435
+ #
5436
+ # {
5437
+ # code: "NonEmptyString",
5438
+ # reason: "NonEmptyString",
5439
+ # }
5440
+ #
5441
+ # @!attribute [rw] code
5442
+ # The state code. The initial state of the load balancer is
5443
+ # provisioning. After the load balancer is fully set up and ready to
5444
+ # route traffic, its state is active. If the load balancer could not
5445
+ # be set up, its state is failed.
5446
+ # @return [String]
5447
+ #
5448
+ # @!attribute [rw] reason
5449
+ # A description of the state.
5450
+ # @return [String]
5451
+ #
5452
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/LoadBalancerState AWS API Documentation
5453
+ #
5454
+ class LoadBalancerState < Struct.new(
5455
+ :code,
5456
+ :reason)
5457
+ include Aws::Structure
5458
+ end
5459
+
4280
5460
  # A list of malware related to a finding.
4281
5461
  #
4282
5462
  # @note When making an API call, you may pass Malware
@@ -4761,6 +5941,28 @@ module Aws::SecurityHub
4761
5941
  # "NonEmptyString" => "NonEmptyString",
4762
5942
  # },
4763
5943
  # details: {
5944
+ # aws_cloud_front_distribution: {
5945
+ # domain_name: "NonEmptyString",
5946
+ # etag: "NonEmptyString",
5947
+ # last_modified_time: "NonEmptyString",
5948
+ # logging: {
5949
+ # bucket: "NonEmptyString",
5950
+ # enabled: false,
5951
+ # include_cookies: false,
5952
+ # prefix: "NonEmptyString",
5953
+ # },
5954
+ # origins: {
5955
+ # items: [
5956
+ # {
5957
+ # domain_name: "NonEmptyString",
5958
+ # id: "NonEmptyString",
5959
+ # origin_path: "NonEmptyString",
5960
+ # },
5961
+ # ],
5962
+ # },
5963
+ # status: "NonEmptyString",
5964
+ # web_acl_id: "NonEmptyString",
5965
+ # },
4764
5966
  # aws_ec2_instance: {
4765
5967
  # type: "NonEmptyString",
4766
5968
  # image_id: "NonEmptyString",
@@ -4772,6 +5974,26 @@ module Aws::SecurityHub
4772
5974
  # subnet_id: "NonEmptyString",
4773
5975
  # launched_at: "NonEmptyString",
4774
5976
  # },
5977
+ # aws_elbv_2_load_balancer: {
5978
+ # availability_zones: [
5979
+ # {
5980
+ # zone_name: "NonEmptyString",
5981
+ # subnet_id: "NonEmptyString",
5982
+ # },
5983
+ # ],
5984
+ # canonical_hosted_zone_id: "NonEmptyString",
5985
+ # created_time: "NonEmptyString",
5986
+ # dns_name: "NonEmptyString",
5987
+ # ip_address_type: "NonEmptyString",
5988
+ # scheme: "NonEmptyString",
5989
+ # security_groups: ["NonEmptyString"],
5990
+ # state: {
5991
+ # code: "NonEmptyString",
5992
+ # reason: "NonEmptyString",
5993
+ # },
5994
+ # type: "NonEmptyString",
5995
+ # vpc_id: "NonEmptyString",
5996
+ # },
4775
5997
  # aws_s3_bucket: {
4776
5998
  # owner_id: "NonEmptyString",
4777
5999
  # owner_name: "NonEmptyString",
@@ -4780,6 +6002,88 @@ module Aws::SecurityHub
4780
6002
  # user_name: "NonEmptyString",
4781
6003
  # status: "Active", # accepts Active, Inactive
4782
6004
  # created_at: "NonEmptyString",
6005
+ # principal_id: "NonEmptyString",
6006
+ # principal_type: "NonEmptyString",
6007
+ # principal_name: "NonEmptyString",
6008
+ # },
6009
+ # aws_iam_role: {
6010
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
6011
+ # create_date: "NonEmptyString",
6012
+ # role_id: "NonEmptyString",
6013
+ # role_name: "NonEmptyString",
6014
+ # max_session_duration: 1,
6015
+ # path: "NonEmptyString",
6016
+ # },
6017
+ # aws_kms_key: {
6018
+ # aws_account_id: "NonEmptyString",
6019
+ # creation_date: 1.0,
6020
+ # key_id: "NonEmptyString",
6021
+ # key_manager: "NonEmptyString",
6022
+ # key_state: "NonEmptyString",
6023
+ # origin: "NonEmptyString",
6024
+ # },
6025
+ # aws_lambda_function: {
6026
+ # code: {
6027
+ # s3_bucket: "NonEmptyString",
6028
+ # s3_key: "NonEmptyString",
6029
+ # s3_object_version: "NonEmptyString",
6030
+ # zip_file: "NonEmptyString",
6031
+ # },
6032
+ # code_sha_256: "NonEmptyString",
6033
+ # dead_letter_config: {
6034
+ # target_arn: "NonEmptyString",
6035
+ # },
6036
+ # environment: {
6037
+ # variables: {
6038
+ # "NonEmptyString" => "NonEmptyString",
6039
+ # },
6040
+ # error: {
6041
+ # error_code: "NonEmptyString",
6042
+ # message: "NonEmptyString",
6043
+ # },
6044
+ # },
6045
+ # function_name: "NonEmptyString",
6046
+ # handler: "NonEmptyString",
6047
+ # kms_key_arn: "NonEmptyString",
6048
+ # last_modified: "NonEmptyString",
6049
+ # layers: [
6050
+ # {
6051
+ # arn: "NonEmptyString",
6052
+ # code_size: 1,
6053
+ # },
6054
+ # ],
6055
+ # master_arn: "NonEmptyString",
6056
+ # memory_size: 1,
6057
+ # revision_id: "NonEmptyString",
6058
+ # role: "NonEmptyString",
6059
+ # runtime: "NonEmptyString",
6060
+ # timeout: 1,
6061
+ # tracing_config: {
6062
+ # mode: "NonEmptyString",
6063
+ # },
6064
+ # vpc_config: {
6065
+ # security_group_ids: ["NonEmptyString"],
6066
+ # subnet_ids: ["NonEmptyString"],
6067
+ # vpc_id: "NonEmptyString",
6068
+ # },
6069
+ # version: "NonEmptyString",
6070
+ # },
6071
+ # aws_sns_topic: {
6072
+ # kms_master_key_id: "NonEmptyString",
6073
+ # subscription: [
6074
+ # {
6075
+ # endpoint: "NonEmptyString",
6076
+ # protocol: "NonEmptyString",
6077
+ # },
6078
+ # ],
6079
+ # topic_name: "NonEmptyString",
6080
+ # owner: "NonEmptyString",
6081
+ # },
6082
+ # aws_sqs_queue: {
6083
+ # kms_data_key_reuse_period_seconds: 1,
6084
+ # kms_master_key_id: "NonEmptyString",
6085
+ # queue_name: "NonEmptyString",
6086
+ # dead_letter_target_arn: "NonEmptyString",
4783
6087
  # },
4784
6088
  # container: {
4785
6089
  # name: "NonEmptyString",
@@ -4854,6 +6158,28 @@ module Aws::SecurityHub
4854
6158
  # data as a hash:
4855
6159
  #
4856
6160
  # {
6161
+ # aws_cloud_front_distribution: {
6162
+ # domain_name: "NonEmptyString",
6163
+ # etag: "NonEmptyString",
6164
+ # last_modified_time: "NonEmptyString",
6165
+ # logging: {
6166
+ # bucket: "NonEmptyString",
6167
+ # enabled: false,
6168
+ # include_cookies: false,
6169
+ # prefix: "NonEmptyString",
6170
+ # },
6171
+ # origins: {
6172
+ # items: [
6173
+ # {
6174
+ # domain_name: "NonEmptyString",
6175
+ # id: "NonEmptyString",
6176
+ # origin_path: "NonEmptyString",
6177
+ # },
6178
+ # ],
6179
+ # },
6180
+ # status: "NonEmptyString",
6181
+ # web_acl_id: "NonEmptyString",
6182
+ # },
4857
6183
  # aws_ec2_instance: {
4858
6184
  # type: "NonEmptyString",
4859
6185
  # image_id: "NonEmptyString",
@@ -4865,6 +6191,26 @@ module Aws::SecurityHub
4865
6191
  # subnet_id: "NonEmptyString",
4866
6192
  # launched_at: "NonEmptyString",
4867
6193
  # },
6194
+ # aws_elbv_2_load_balancer: {
6195
+ # availability_zones: [
6196
+ # {
6197
+ # zone_name: "NonEmptyString",
6198
+ # subnet_id: "NonEmptyString",
6199
+ # },
6200
+ # ],
6201
+ # canonical_hosted_zone_id: "NonEmptyString",
6202
+ # created_time: "NonEmptyString",
6203
+ # dns_name: "NonEmptyString",
6204
+ # ip_address_type: "NonEmptyString",
6205
+ # scheme: "NonEmptyString",
6206
+ # security_groups: ["NonEmptyString"],
6207
+ # state: {
6208
+ # code: "NonEmptyString",
6209
+ # reason: "NonEmptyString",
6210
+ # },
6211
+ # type: "NonEmptyString",
6212
+ # vpc_id: "NonEmptyString",
6213
+ # },
4868
6214
  # aws_s3_bucket: {
4869
6215
  # owner_id: "NonEmptyString",
4870
6216
  # owner_name: "NonEmptyString",
@@ -4873,6 +6219,88 @@ module Aws::SecurityHub
4873
6219
  # user_name: "NonEmptyString",
4874
6220
  # status: "Active", # accepts Active, Inactive
4875
6221
  # created_at: "NonEmptyString",
6222
+ # principal_id: "NonEmptyString",
6223
+ # principal_type: "NonEmptyString",
6224
+ # principal_name: "NonEmptyString",
6225
+ # },
6226
+ # aws_iam_role: {
6227
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
6228
+ # create_date: "NonEmptyString",
6229
+ # role_id: "NonEmptyString",
6230
+ # role_name: "NonEmptyString",
6231
+ # max_session_duration: 1,
6232
+ # path: "NonEmptyString",
6233
+ # },
6234
+ # aws_kms_key: {
6235
+ # aws_account_id: "NonEmptyString",
6236
+ # creation_date: 1.0,
6237
+ # key_id: "NonEmptyString",
6238
+ # key_manager: "NonEmptyString",
6239
+ # key_state: "NonEmptyString",
6240
+ # origin: "NonEmptyString",
6241
+ # },
6242
+ # aws_lambda_function: {
6243
+ # code: {
6244
+ # s3_bucket: "NonEmptyString",
6245
+ # s3_key: "NonEmptyString",
6246
+ # s3_object_version: "NonEmptyString",
6247
+ # zip_file: "NonEmptyString",
6248
+ # },
6249
+ # code_sha_256: "NonEmptyString",
6250
+ # dead_letter_config: {
6251
+ # target_arn: "NonEmptyString",
6252
+ # },
6253
+ # environment: {
6254
+ # variables: {
6255
+ # "NonEmptyString" => "NonEmptyString",
6256
+ # },
6257
+ # error: {
6258
+ # error_code: "NonEmptyString",
6259
+ # message: "NonEmptyString",
6260
+ # },
6261
+ # },
6262
+ # function_name: "NonEmptyString",
6263
+ # handler: "NonEmptyString",
6264
+ # kms_key_arn: "NonEmptyString",
6265
+ # last_modified: "NonEmptyString",
6266
+ # layers: [
6267
+ # {
6268
+ # arn: "NonEmptyString",
6269
+ # code_size: 1,
6270
+ # },
6271
+ # ],
6272
+ # master_arn: "NonEmptyString",
6273
+ # memory_size: 1,
6274
+ # revision_id: "NonEmptyString",
6275
+ # role: "NonEmptyString",
6276
+ # runtime: "NonEmptyString",
6277
+ # timeout: 1,
6278
+ # tracing_config: {
6279
+ # mode: "NonEmptyString",
6280
+ # },
6281
+ # vpc_config: {
6282
+ # security_group_ids: ["NonEmptyString"],
6283
+ # subnet_ids: ["NonEmptyString"],
6284
+ # vpc_id: "NonEmptyString",
6285
+ # },
6286
+ # version: "NonEmptyString",
6287
+ # },
6288
+ # aws_sns_topic: {
6289
+ # kms_master_key_id: "NonEmptyString",
6290
+ # subscription: [
6291
+ # {
6292
+ # endpoint: "NonEmptyString",
6293
+ # protocol: "NonEmptyString",
6294
+ # },
6295
+ # ],
6296
+ # topic_name: "NonEmptyString",
6297
+ # owner: "NonEmptyString",
6298
+ # },
6299
+ # aws_sqs_queue: {
6300
+ # kms_data_key_reuse_period_seconds: 1,
6301
+ # kms_master_key_id: "NonEmptyString",
6302
+ # queue_name: "NonEmptyString",
6303
+ # dead_letter_target_arn: "NonEmptyString",
4876
6304
  # },
4877
6305
  # container: {
4878
6306
  # name: "NonEmptyString",
@@ -4885,10 +6313,18 @@ module Aws::SecurityHub
4885
6313
  # },
4886
6314
  # }
4887
6315
  #
6316
+ # @!attribute [rw] aws_cloud_front_distribution
6317
+ # Details about a CloudFront distribution.
6318
+ # @return [Types::AwsCloudFrontDistributionDetails]
6319
+ #
4888
6320
  # @!attribute [rw] aws_ec2_instance
4889
6321
  # Details about an Amazon EC2 instance related to a finding.
4890
6322
  # @return [Types::AwsEc2InstanceDetails]
4891
6323
  #
6324
+ # @!attribute [rw] aws_elbv_2_load_balancer
6325
+ # Details about a load balancer.
6326
+ # @return [Types::AwsElbv2LoadBalancerDetails]
6327
+ #
4892
6328
  # @!attribute [rw] aws_s3_bucket
4893
6329
  # Details about an Amazon S3 Bucket related to a finding.
4894
6330
  # @return [Types::AwsS3BucketDetails]
@@ -4897,6 +6333,26 @@ module Aws::SecurityHub
4897
6333
  # Details about an IAM access key related to a finding.
4898
6334
  # @return [Types::AwsIamAccessKeyDetails]
4899
6335
  #
6336
+ # @!attribute [rw] aws_iam_role
6337
+ # Details about an IAM role.
6338
+ # @return [Types::AwsIamRoleDetails]
6339
+ #
6340
+ # @!attribute [rw] aws_kms_key
6341
+ # Details about a KMS key.
6342
+ # @return [Types::AwsKmsKeyDetails]
6343
+ #
6344
+ # @!attribute [rw] aws_lambda_function
6345
+ # Details about a Lambda function.
6346
+ # @return [Types::AwsLambdaFunctionDetails]
6347
+ #
6348
+ # @!attribute [rw] aws_sns_topic
6349
+ # Details about an SNS topic.
6350
+ # @return [Types::AwsSnsTopicDetails]
6351
+ #
6352
+ # @!attribute [rw] aws_sqs_queue
6353
+ # Details about an SQS queue.
6354
+ # @return [Types::AwsSqsQueueDetails]
6355
+ #
4900
6356
  # @!attribute [rw] container
4901
6357
  # Details about a container resource related to a finding.
4902
6358
  # @return [Types::ContainerDetails]
@@ -4908,9 +6364,16 @@ module Aws::SecurityHub
4908
6364
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
4909
6365
  #
4910
6366
  class ResourceDetails < Struct.new(
6367
+ :aws_cloud_front_distribution,
4911
6368
  :aws_ec2_instance,
6369
+ :aws_elbv_2_load_balancer,
4912
6370
  :aws_s3_bucket,
4913
6371
  :aws_iam_access_key,
6372
+ :aws_iam_role,
6373
+ :aws_kms_key,
6374
+ :aws_lambda_function,
6375
+ :aws_sns_topic,
6376
+ :aws_sqs_queue,
4914
6377
  :container,
4915
6378
  :other)
4916
6379
  include Aws::Structure