aws-sdk-securityhub 1.14.0 → 1.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-securityhub.rb +1 -1
- data/lib/aws-sdk-securityhub/client.rb +211 -3
- data/lib/aws-sdk-securityhub/client_api.rb +174 -1
- data/lib/aws-sdk-securityhub/types.rb +1525 -62
- metadata +2 -2
@@ -103,103 +103,876 @@ module Aws::SecurityHub
|
|
103
103
|
include Aws::Structure
|
104
104
|
end
|
105
105
|
|
106
|
+
# Information about an Availability Zone.
|
107
|
+
#
|
108
|
+
# @note When making an API call, you may pass AvailabilityZone
|
109
|
+
# data as a hash:
|
110
|
+
#
|
111
|
+
# {
|
112
|
+
# zone_name: "NonEmptyString",
|
113
|
+
# subnet_id: "NonEmptyString",
|
114
|
+
# }
|
115
|
+
#
|
116
|
+
# @!attribute [rw] zone_name
|
117
|
+
# The name of the Availability Zone.
|
118
|
+
# @return [String]
|
119
|
+
#
|
120
|
+
# @!attribute [rw] subnet_id
|
121
|
+
# The ID of the subnet. You can specify one subnet per Availability
|
122
|
+
# Zone.
|
123
|
+
# @return [String]
|
124
|
+
#
|
125
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AvailabilityZone AWS API Documentation
|
126
|
+
#
|
127
|
+
class AvailabilityZone < Struct.new(
|
128
|
+
:zone_name,
|
129
|
+
:subnet_id)
|
130
|
+
include Aws::Structure
|
131
|
+
end
|
132
|
+
|
133
|
+
# A distribution configuration.
|
134
|
+
#
|
135
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionDetails
|
136
|
+
# data as a hash:
|
137
|
+
#
|
138
|
+
# {
|
139
|
+
# domain_name: "NonEmptyString",
|
140
|
+
# etag: "NonEmptyString",
|
141
|
+
# last_modified_time: "NonEmptyString",
|
142
|
+
# logging: {
|
143
|
+
# bucket: "NonEmptyString",
|
144
|
+
# enabled: false,
|
145
|
+
# include_cookies: false,
|
146
|
+
# prefix: "NonEmptyString",
|
147
|
+
# },
|
148
|
+
# origins: {
|
149
|
+
# items: [
|
150
|
+
# {
|
151
|
+
# domain_name: "NonEmptyString",
|
152
|
+
# id: "NonEmptyString",
|
153
|
+
# origin_path: "NonEmptyString",
|
154
|
+
# },
|
155
|
+
# ],
|
156
|
+
# },
|
157
|
+
# status: "NonEmptyString",
|
158
|
+
# web_acl_id: "NonEmptyString",
|
159
|
+
# }
|
160
|
+
#
|
161
|
+
# @!attribute [rw] domain_name
|
162
|
+
# The domain name corresponding to the distribution.
|
163
|
+
# @return [String]
|
164
|
+
#
|
165
|
+
# @!attribute [rw] etag
|
166
|
+
# The entity tag is a hash of the object.
|
167
|
+
# @return [String]
|
168
|
+
#
|
169
|
+
# @!attribute [rw] last_modified_time
|
170
|
+
# The date and time that the distribution was last modified.
|
171
|
+
# @return [String]
|
172
|
+
#
|
173
|
+
# @!attribute [rw] logging
|
174
|
+
# A complex type that controls whether access logs are written for the
|
175
|
+
# distribution.
|
176
|
+
# @return [Types::AwsCloudFrontDistributionLogging]
|
177
|
+
#
|
178
|
+
# @!attribute [rw] origins
|
179
|
+
# A complex type that contains information about origins for this
|
180
|
+
# distribution.
|
181
|
+
# @return [Types::AwsCloudFrontDistributionOrigins]
|
182
|
+
#
|
183
|
+
# @!attribute [rw] status
|
184
|
+
# Indicates the current status of the distribution.
|
185
|
+
# @return [String]
|
186
|
+
#
|
187
|
+
# @!attribute [rw] web_acl_id
|
188
|
+
# A unique identifier that specifies the AWS WAF web ACL, if any, to
|
189
|
+
# associate with this distribution.
|
190
|
+
# @return [String]
|
191
|
+
#
|
192
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionDetails AWS API Documentation
|
193
|
+
#
|
194
|
+
class AwsCloudFrontDistributionDetails < Struct.new(
|
195
|
+
:domain_name,
|
196
|
+
:etag,
|
197
|
+
:last_modified_time,
|
198
|
+
:logging,
|
199
|
+
:origins,
|
200
|
+
:status,
|
201
|
+
:web_acl_id)
|
202
|
+
include Aws::Structure
|
203
|
+
end
|
204
|
+
|
205
|
+
# A complex type that controls whether access logs are written for the
|
206
|
+
# distribution.
|
207
|
+
#
|
208
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionLogging
|
209
|
+
# data as a hash:
|
210
|
+
#
|
211
|
+
# {
|
212
|
+
# bucket: "NonEmptyString",
|
213
|
+
# enabled: false,
|
214
|
+
# include_cookies: false,
|
215
|
+
# prefix: "NonEmptyString",
|
216
|
+
# }
|
217
|
+
#
|
218
|
+
# @!attribute [rw] bucket
|
219
|
+
# The Amazon S3 bucket to store the access logs in.
|
220
|
+
# @return [String]
|
221
|
+
#
|
222
|
+
# @!attribute [rw] enabled
|
223
|
+
# With this field, you can enable or disable the selected
|
224
|
+
# distribution.
|
225
|
+
# @return [Boolean]
|
226
|
+
#
|
227
|
+
# @!attribute [rw] include_cookies
|
228
|
+
# Specifies whether you want CloudFront to include cookies in access
|
229
|
+
# logs.
|
230
|
+
# @return [Boolean]
|
231
|
+
#
|
232
|
+
# @!attribute [rw] prefix
|
233
|
+
# An optional string that you want CloudFront to prefix to the access
|
234
|
+
# log filenames for this distribution.
|
235
|
+
# @return [String]
|
236
|
+
#
|
237
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionLogging AWS API Documentation
|
238
|
+
#
|
239
|
+
class AwsCloudFrontDistributionLogging < Struct.new(
|
240
|
+
:bucket,
|
241
|
+
:enabled,
|
242
|
+
:include_cookies,
|
243
|
+
:prefix)
|
244
|
+
include Aws::Structure
|
245
|
+
end
|
246
|
+
|
247
|
+
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
248
|
+
# example, a web server), Amazon MediaStore, or other server from which
|
249
|
+
# CloudFront gets your files.
|
250
|
+
#
|
251
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
|
252
|
+
# data as a hash:
|
253
|
+
#
|
254
|
+
# {
|
255
|
+
# domain_name: "NonEmptyString",
|
256
|
+
# id: "NonEmptyString",
|
257
|
+
# origin_path: "NonEmptyString",
|
258
|
+
# }
|
259
|
+
#
|
260
|
+
# @!attribute [rw] domain_name
|
261
|
+
# Amazon S3 origins: The DNS name of the Amazon S3 bucket from which
|
262
|
+
# you want CloudFront to get objects for this origin.
|
263
|
+
# @return [String]
|
264
|
+
#
|
265
|
+
# @!attribute [rw] id
|
266
|
+
# A unique identifier for the origin or origin group.
|
267
|
+
# @return [String]
|
268
|
+
#
|
269
|
+
# @!attribute [rw] origin_path
|
270
|
+
# An optional element that causes CloudFront to request your content
|
271
|
+
# from a directory in your Amazon S3 bucket or your custom origin.
|
272
|
+
# @return [String]
|
273
|
+
#
|
274
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginItem AWS API Documentation
|
275
|
+
#
|
276
|
+
class AwsCloudFrontDistributionOriginItem < Struct.new(
|
277
|
+
:domain_name,
|
278
|
+
:id,
|
279
|
+
:origin_path)
|
280
|
+
include Aws::Structure
|
281
|
+
end
|
282
|
+
|
283
|
+
# A complex type that contains information about origins and origin
|
284
|
+
# groups for this distribution.
|
285
|
+
#
|
286
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionOrigins
|
287
|
+
# data as a hash:
|
288
|
+
#
|
289
|
+
# {
|
290
|
+
# items: [
|
291
|
+
# {
|
292
|
+
# domain_name: "NonEmptyString",
|
293
|
+
# id: "NonEmptyString",
|
294
|
+
# origin_path: "NonEmptyString",
|
295
|
+
# },
|
296
|
+
# ],
|
297
|
+
# }
|
298
|
+
#
|
299
|
+
# @!attribute [rw] items
|
300
|
+
# A complex type that contains origins or origin groups for this
|
301
|
+
# distribution.
|
302
|
+
# @return [Array<Types::AwsCloudFrontDistributionOriginItem>]
|
303
|
+
#
|
304
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOrigins AWS API Documentation
|
305
|
+
#
|
306
|
+
class AwsCloudFrontDistributionOrigins < Struct.new(
|
307
|
+
:items)
|
308
|
+
include Aws::Structure
|
309
|
+
end
|
310
|
+
|
106
311
|
# The details of an Amazon EC2 instance.
|
107
312
|
#
|
108
313
|
# @note When making an API call, you may pass AwsEc2InstanceDetails
|
109
314
|
# data as a hash:
|
110
315
|
#
|
111
316
|
# {
|
112
|
-
# type: "NonEmptyString",
|
113
|
-
# image_id: "NonEmptyString",
|
114
|
-
# ip_v4_addresses: ["NonEmptyString"],
|
115
|
-
# ip_v6_addresses: ["NonEmptyString"],
|
116
|
-
# key_name: "NonEmptyString",
|
117
|
-
# iam_instance_profile_arn: "NonEmptyString",
|
118
|
-
# vpc_id: "NonEmptyString",
|
119
|
-
# subnet_id: "NonEmptyString",
|
120
|
-
# launched_at: "NonEmptyString",
|
317
|
+
# type: "NonEmptyString",
|
318
|
+
# image_id: "NonEmptyString",
|
319
|
+
# ip_v4_addresses: ["NonEmptyString"],
|
320
|
+
# ip_v6_addresses: ["NonEmptyString"],
|
321
|
+
# key_name: "NonEmptyString",
|
322
|
+
# iam_instance_profile_arn: "NonEmptyString",
|
323
|
+
# vpc_id: "NonEmptyString",
|
324
|
+
# subnet_id: "NonEmptyString",
|
325
|
+
# launched_at: "NonEmptyString",
|
326
|
+
# }
|
327
|
+
#
|
328
|
+
# @!attribute [rw] type
|
329
|
+
# The instance type of the instance.
|
330
|
+
# @return [String]
|
331
|
+
#
|
332
|
+
# @!attribute [rw] image_id
|
333
|
+
# The Amazon Machine Image (AMI) ID of the instance.
|
334
|
+
# @return [String]
|
335
|
+
#
|
336
|
+
# @!attribute [rw] ip_v4_addresses
|
337
|
+
# The IPv4 addresses associated with the instance.
|
338
|
+
# @return [Array<String>]
|
339
|
+
#
|
340
|
+
# @!attribute [rw] ip_v6_addresses
|
341
|
+
# The IPv6 addresses associated with the instance.
|
342
|
+
# @return [Array<String>]
|
343
|
+
#
|
344
|
+
# @!attribute [rw] key_name
|
345
|
+
# The key name associated with the instance.
|
346
|
+
# @return [String]
|
347
|
+
#
|
348
|
+
# @!attribute [rw] iam_instance_profile_arn
|
349
|
+
# The IAM profile ARN of the instance.
|
350
|
+
# @return [String]
|
351
|
+
#
|
352
|
+
# @!attribute [rw] vpc_id
|
353
|
+
# The identifier of the VPC that the instance was launched in.
|
354
|
+
# @return [String]
|
355
|
+
#
|
356
|
+
# @!attribute [rw] subnet_id
|
357
|
+
# The identifier of the subnet that the instance was launched in.
|
358
|
+
# @return [String]
|
359
|
+
#
|
360
|
+
# @!attribute [rw] launched_at
|
361
|
+
# The date/time the instance was launched.
|
362
|
+
# @return [String]
|
363
|
+
#
|
364
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
|
365
|
+
#
|
366
|
+
class AwsEc2InstanceDetails < Struct.new(
|
367
|
+
:type,
|
368
|
+
:image_id,
|
369
|
+
:ip_v4_addresses,
|
370
|
+
:ip_v6_addresses,
|
371
|
+
:key_name,
|
372
|
+
:iam_instance_profile_arn,
|
373
|
+
:vpc_id,
|
374
|
+
:subnet_id,
|
375
|
+
:launched_at)
|
376
|
+
include Aws::Structure
|
377
|
+
end
|
378
|
+
|
379
|
+
# Information about a load balancer.
|
380
|
+
#
|
381
|
+
# @note When making an API call, you may pass AwsElbv2LoadBalancerDetails
|
382
|
+
# data as a hash:
|
383
|
+
#
|
384
|
+
# {
|
385
|
+
# availability_zones: [
|
386
|
+
# {
|
387
|
+
# zone_name: "NonEmptyString",
|
388
|
+
# subnet_id: "NonEmptyString",
|
389
|
+
# },
|
390
|
+
# ],
|
391
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
392
|
+
# created_time: "NonEmptyString",
|
393
|
+
# dns_name: "NonEmptyString",
|
394
|
+
# ip_address_type: "NonEmptyString",
|
395
|
+
# scheme: "NonEmptyString",
|
396
|
+
# security_groups: ["NonEmptyString"],
|
397
|
+
# state: {
|
398
|
+
# code: "NonEmptyString",
|
399
|
+
# reason: "NonEmptyString",
|
400
|
+
# },
|
401
|
+
# type: "NonEmptyString",
|
402
|
+
# vpc_id: "NonEmptyString",
|
403
|
+
# }
|
404
|
+
#
|
405
|
+
# @!attribute [rw] availability_zones
|
406
|
+
# The Availability Zones for the load balancer.
|
407
|
+
# @return [Array<Types::AvailabilityZone>]
|
408
|
+
#
|
409
|
+
# @!attribute [rw] canonical_hosted_zone_id
|
410
|
+
# The ID of the Amazon Route 53 hosted zone associated with the load
|
411
|
+
# balancer.
|
412
|
+
# @return [String]
|
413
|
+
#
|
414
|
+
# @!attribute [rw] created_time
|
415
|
+
# The date and time the load balancer was created.
|
416
|
+
# @return [String]
|
417
|
+
#
|
418
|
+
# @!attribute [rw] dns_name
|
419
|
+
# The public DNS name of the load balancer.
|
420
|
+
# @return [String]
|
421
|
+
#
|
422
|
+
# @!attribute [rw] ip_address_type
|
423
|
+
# The type of IP addresses used by the subnets for your load balancer.
|
424
|
+
# The possible values are ipv4 (for IPv4 addresses) and dualstack (for
|
425
|
+
# IPv4 and IPv6 addresses).
|
426
|
+
# @return [String]
|
427
|
+
#
|
428
|
+
# @!attribute [rw] scheme
|
429
|
+
# The nodes of an Internet-facing load balancer have public IP
|
430
|
+
# addresses.
|
431
|
+
# @return [String]
|
432
|
+
#
|
433
|
+
# @!attribute [rw] security_groups
|
434
|
+
# The IDs of the security groups for the load balancer.
|
435
|
+
# @return [Array<String>]
|
436
|
+
#
|
437
|
+
# @!attribute [rw] state
|
438
|
+
# The state of the load balancer.
|
439
|
+
# @return [Types::LoadBalancerState]
|
440
|
+
#
|
441
|
+
# @!attribute [rw] type
|
442
|
+
# The type of load balancer.
|
443
|
+
# @return [String]
|
444
|
+
#
|
445
|
+
# @!attribute [rw] vpc_id
|
446
|
+
# The ID of the VPC for the load balancer.
|
447
|
+
# @return [String]
|
448
|
+
#
|
449
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbv2LoadBalancerDetails AWS API Documentation
|
450
|
+
#
|
451
|
+
class AwsElbv2LoadBalancerDetails < Struct.new(
|
452
|
+
:availability_zones,
|
453
|
+
:canonical_hosted_zone_id,
|
454
|
+
:created_time,
|
455
|
+
:dns_name,
|
456
|
+
:ip_address_type,
|
457
|
+
:scheme,
|
458
|
+
:security_groups,
|
459
|
+
:state,
|
460
|
+
:type,
|
461
|
+
:vpc_id)
|
462
|
+
include Aws::Structure
|
463
|
+
end
|
464
|
+
|
465
|
+
# IAM access key details related to a finding.
|
466
|
+
#
|
467
|
+
# @note When making an API call, you may pass AwsIamAccessKeyDetails
|
468
|
+
# data as a hash:
|
469
|
+
#
|
470
|
+
# {
|
471
|
+
# user_name: "NonEmptyString",
|
472
|
+
# status: "Active", # accepts Active, Inactive
|
473
|
+
# created_at: "NonEmptyString",
|
474
|
+
# principal_id: "NonEmptyString",
|
475
|
+
# principal_type: "NonEmptyString",
|
476
|
+
# principal_name: "NonEmptyString",
|
477
|
+
# }
|
478
|
+
#
|
479
|
+
# @!attribute [rw] user_name
|
480
|
+
# The user associated with the IAM access key related to a finding.
|
481
|
+
#
|
482
|
+
# The `UserName` parameter has been replaced with the `PrincipalName`
|
483
|
+
# parameter because access keys can also be assigned to principals
|
484
|
+
# that are not IAM users.
|
485
|
+
# @return [String]
|
486
|
+
#
|
487
|
+
# @!attribute [rw] status
|
488
|
+
# The status of the IAM access key related to a finding.
|
489
|
+
# @return [String]
|
490
|
+
#
|
491
|
+
# @!attribute [rw] created_at
|
492
|
+
# The creation date/time of the IAM access key related to a finding.
|
493
|
+
# @return [String]
|
494
|
+
#
|
495
|
+
# @!attribute [rw] principal_id
|
496
|
+
# The ID of the principal associated with an access key.
|
497
|
+
# @return [String]
|
498
|
+
#
|
499
|
+
# @!attribute [rw] principal_type
|
500
|
+
# The type of principal associated with an access key.
|
501
|
+
# @return [String]
|
502
|
+
#
|
503
|
+
# @!attribute [rw] principal_name
|
504
|
+
# The name of the principal.
|
505
|
+
# @return [String]
|
506
|
+
#
|
507
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation
|
508
|
+
#
|
509
|
+
class AwsIamAccessKeyDetails < Struct.new(
|
510
|
+
:user_name,
|
511
|
+
:status,
|
512
|
+
:created_at,
|
513
|
+
:principal_id,
|
514
|
+
:principal_type,
|
515
|
+
:principal_name)
|
516
|
+
include Aws::Structure
|
517
|
+
end
|
518
|
+
|
519
|
+
# Contains information about an IAM role, including all of the role's
|
520
|
+
# policies.
|
521
|
+
#
|
522
|
+
# @note When making an API call, you may pass AwsIamRoleDetails
|
523
|
+
# data as a hash:
|
524
|
+
#
|
525
|
+
# {
|
526
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
527
|
+
# create_date: "NonEmptyString",
|
528
|
+
# role_id: "NonEmptyString",
|
529
|
+
# role_name: "NonEmptyString",
|
530
|
+
# max_session_duration: 1,
|
531
|
+
# path: "NonEmptyString",
|
532
|
+
# }
|
533
|
+
#
|
534
|
+
# @!attribute [rw] assume_role_policy_document
|
535
|
+
# The trust policy that grants permission to assume the role.
|
536
|
+
# @return [String]
|
537
|
+
#
|
538
|
+
# @!attribute [rw] create_date
|
539
|
+
# The date and time, in ISO 8601 date-time format, when the role was
|
540
|
+
# created.
|
541
|
+
# @return [String]
|
542
|
+
#
|
543
|
+
# @!attribute [rw] role_id
|
544
|
+
# The stable and unique string identifying the role.
|
545
|
+
# @return [String]
|
546
|
+
#
|
547
|
+
# @!attribute [rw] role_name
|
548
|
+
# The friendly name that identifies the role.
|
549
|
+
# @return [String]
|
550
|
+
#
|
551
|
+
# @!attribute [rw] max_session_duration
|
552
|
+
# The maximum session duration (in seconds) that you want to set for
|
553
|
+
# the specified role.
|
554
|
+
# @return [Integer]
|
555
|
+
#
|
556
|
+
# @!attribute [rw] path
|
557
|
+
# The path to the role.
|
558
|
+
# @return [String]
|
559
|
+
#
|
560
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamRoleDetails AWS API Documentation
|
561
|
+
#
|
562
|
+
class AwsIamRoleDetails < Struct.new(
|
563
|
+
:assume_role_policy_document,
|
564
|
+
:create_date,
|
565
|
+
:role_id,
|
566
|
+
:role_name,
|
567
|
+
:max_session_duration,
|
568
|
+
:path)
|
569
|
+
include Aws::Structure
|
570
|
+
end
|
571
|
+
|
572
|
+
# Contains metadata about a customer master key (CMK).
|
573
|
+
#
|
574
|
+
# @note When making an API call, you may pass AwsKmsKeyDetails
|
575
|
+
# data as a hash:
|
576
|
+
#
|
577
|
+
# {
|
578
|
+
# aws_account_id: "NonEmptyString",
|
579
|
+
# creation_date: 1.0,
|
580
|
+
# key_id: "NonEmptyString",
|
581
|
+
# key_manager: "NonEmptyString",
|
582
|
+
# key_state: "NonEmptyString",
|
583
|
+
# origin: "NonEmptyString",
|
584
|
+
# }
|
585
|
+
#
|
586
|
+
# @!attribute [rw] aws_account_id
|
587
|
+
# The twelve-digit account ID of the AWS account that owns the CMK.
|
588
|
+
# @return [String]
|
589
|
+
#
|
590
|
+
# @!attribute [rw] creation_date
|
591
|
+
# The date and time when the CMK was created.
|
592
|
+
# @return [Float]
|
593
|
+
#
|
594
|
+
# @!attribute [rw] key_id
|
595
|
+
# The globally unique identifier for the CMK.
|
596
|
+
# @return [String]
|
597
|
+
#
|
598
|
+
# @!attribute [rw] key_manager
|
599
|
+
# The manager of the CMK. CMKs in your AWS account are either customer
|
600
|
+
# managed or AWS managed.
|
601
|
+
# @return [String]
|
602
|
+
#
|
603
|
+
# @!attribute [rw] key_state
|
604
|
+
# The state of the CMK.
|
605
|
+
# @return [String]
|
606
|
+
#
|
607
|
+
# @!attribute [rw] origin
|
608
|
+
# The source of the CMK's key material. When this value is AWS\_KMS,
|
609
|
+
# AWS KMS created the key material. When this value is EXTERNAL, the
|
610
|
+
# key material was imported from your existing key management
|
611
|
+
# infrastructure or the CMK lacks key material. When this value is
|
612
|
+
# AWS\_CLOUDHSM, the key material was created in the AWS CloudHSM
|
613
|
+
# cluster associated with a custom key store.
|
614
|
+
# @return [String]
|
615
|
+
#
|
616
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKmsKeyDetails AWS API Documentation
|
617
|
+
#
|
618
|
+
class AwsKmsKeyDetails < Struct.new(
|
619
|
+
:aws_account_id,
|
620
|
+
:creation_date,
|
621
|
+
:key_id,
|
622
|
+
:key_manager,
|
623
|
+
:key_state,
|
624
|
+
:origin)
|
625
|
+
include Aws::Structure
|
626
|
+
end
|
627
|
+
|
628
|
+
# The code for the Lambda function. You can specify either an object in
|
629
|
+
# Amazon S3, or upload a deployment package directly.
|
630
|
+
#
|
631
|
+
# @note When making an API call, you may pass AwsLambdaFunctionCode
|
632
|
+
# data as a hash:
|
633
|
+
#
|
634
|
+
# {
|
635
|
+
# s3_bucket: "NonEmptyString",
|
636
|
+
# s3_key: "NonEmptyString",
|
637
|
+
# s3_object_version: "NonEmptyString",
|
638
|
+
# zip_file: "NonEmptyString",
|
639
|
+
# }
|
640
|
+
#
|
641
|
+
# @!attribute [rw] s3_bucket
|
642
|
+
# An Amazon S3 bucket in the same AWS Region as your function. The
|
643
|
+
# bucket can be in a different AWS account.
|
644
|
+
# @return [String]
|
645
|
+
#
|
646
|
+
# @!attribute [rw] s3_key
|
647
|
+
# The Amazon S3 key of the deployment package.
|
648
|
+
# @return [String]
|
649
|
+
#
|
650
|
+
# @!attribute [rw] s3_object_version
|
651
|
+
# For versioned objects, the version of the deployment package object
|
652
|
+
# to use.
|
653
|
+
# @return [String]
|
654
|
+
#
|
655
|
+
# @!attribute [rw] zip_file
|
656
|
+
# The base64-encoded contents of the deployment package. AWS SDK and
|
657
|
+
# AWS CLI clients handle the encoding for you.
|
658
|
+
# @return [String]
|
659
|
+
#
|
660
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionCode AWS API Documentation
|
661
|
+
#
|
662
|
+
class AwsLambdaFunctionCode < Struct.new(
|
663
|
+
:s3_bucket,
|
664
|
+
:s3_key,
|
665
|
+
:s3_object_version,
|
666
|
+
:zip_file)
|
667
|
+
include Aws::Structure
|
668
|
+
end
|
669
|
+
|
670
|
+
# The dead-letter queue for failed asynchronous invocations.
|
671
|
+
#
|
672
|
+
# @note When making an API call, you may pass AwsLambdaFunctionDeadLetterConfig
|
673
|
+
# data as a hash:
|
674
|
+
#
|
675
|
+
# {
|
676
|
+
# target_arn: "NonEmptyString",
|
677
|
+
# }
|
678
|
+
#
|
679
|
+
# @!attribute [rw] target_arn
|
680
|
+
# The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS
|
681
|
+
# topic.
|
682
|
+
# @return [String]
|
683
|
+
#
|
684
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDeadLetterConfig AWS API Documentation
|
685
|
+
#
|
686
|
+
class AwsLambdaFunctionDeadLetterConfig < Struct.new(
|
687
|
+
:target_arn)
|
688
|
+
include Aws::Structure
|
689
|
+
end
|
690
|
+
|
691
|
+
# Details about a function's configuration.
|
692
|
+
#
|
693
|
+
# @note When making an API call, you may pass AwsLambdaFunctionDetails
|
694
|
+
# data as a hash:
|
695
|
+
#
|
696
|
+
# {
|
697
|
+
# code: {
|
698
|
+
# s3_bucket: "NonEmptyString",
|
699
|
+
# s3_key: "NonEmptyString",
|
700
|
+
# s3_object_version: "NonEmptyString",
|
701
|
+
# zip_file: "NonEmptyString",
|
702
|
+
# },
|
703
|
+
# code_sha_256: "NonEmptyString",
|
704
|
+
# dead_letter_config: {
|
705
|
+
# target_arn: "NonEmptyString",
|
706
|
+
# },
|
707
|
+
# environment: {
|
708
|
+
# variables: {
|
709
|
+
# "NonEmptyString" => "NonEmptyString",
|
710
|
+
# },
|
711
|
+
# error: {
|
712
|
+
# error_code: "NonEmptyString",
|
713
|
+
# message: "NonEmptyString",
|
714
|
+
# },
|
715
|
+
# },
|
716
|
+
# function_name: "NonEmptyString",
|
717
|
+
# handler: "NonEmptyString",
|
718
|
+
# kms_key_arn: "NonEmptyString",
|
719
|
+
# last_modified: "NonEmptyString",
|
720
|
+
# layers: [
|
721
|
+
# {
|
722
|
+
# arn: "NonEmptyString",
|
723
|
+
# code_size: 1,
|
724
|
+
# },
|
725
|
+
# ],
|
726
|
+
# master_arn: "NonEmptyString",
|
727
|
+
# memory_size: 1,
|
728
|
+
# revision_id: "NonEmptyString",
|
729
|
+
# role: "NonEmptyString",
|
730
|
+
# runtime: "NonEmptyString",
|
731
|
+
# timeout: 1,
|
732
|
+
# tracing_config: {
|
733
|
+
# mode: "NonEmptyString",
|
734
|
+
# },
|
735
|
+
# vpc_config: {
|
736
|
+
# security_group_ids: ["NonEmptyString"],
|
737
|
+
# subnet_ids: ["NonEmptyString"],
|
738
|
+
# vpc_id: "NonEmptyString",
|
739
|
+
# },
|
740
|
+
# version: "NonEmptyString",
|
741
|
+
# }
|
742
|
+
#
|
743
|
+
# @!attribute [rw] code
|
744
|
+
# An `AwsLambdaFunctionCode` object.
|
745
|
+
# @return [Types::AwsLambdaFunctionCode]
|
746
|
+
#
|
747
|
+
# @!attribute [rw] code_sha_256
|
748
|
+
# The SHA256 hash of the function's deployment package.
|
749
|
+
# @return [String]
|
750
|
+
#
|
751
|
+
# @!attribute [rw] dead_letter_config
|
752
|
+
# The function's dead letter queue.
|
753
|
+
# @return [Types::AwsLambdaFunctionDeadLetterConfig]
|
754
|
+
#
|
755
|
+
# @!attribute [rw] environment
|
756
|
+
# The function's environment variables.
|
757
|
+
# @return [Types::AwsLambdaFunctionEnvironment]
|
758
|
+
#
|
759
|
+
# @!attribute [rw] function_name
|
760
|
+
# The name of the function.
|
761
|
+
# @return [String]
|
762
|
+
#
|
763
|
+
# @!attribute [rw] handler
|
764
|
+
# The function that Lambda calls to begin executing your function.
|
765
|
+
# @return [String]
|
766
|
+
#
|
767
|
+
# @!attribute [rw] kms_key_arn
|
768
|
+
# The KMS key that's used to encrypt the function's environment
|
769
|
+
# variables. This key is only returned if you've configured a
|
770
|
+
# customer managed CMK.
|
771
|
+
# @return [String]
|
772
|
+
#
|
773
|
+
# @!attribute [rw] last_modified
|
774
|
+
# The date and time that the function was last updated, in ISO-8601
|
775
|
+
# format (YYYY-MM-DDThh:mm:ss.sTZD).
|
776
|
+
# @return [String]
|
777
|
+
#
|
778
|
+
# @!attribute [rw] layers
|
779
|
+
# The function's layers.
|
780
|
+
# @return [Array<Types::AwsLambdaFunctionLayer>]
|
781
|
+
#
|
782
|
+
# @!attribute [rw] master_arn
|
783
|
+
# For Lambda@Edge functions, the ARN of the master function.
|
784
|
+
# @return [String]
|
785
|
+
#
|
786
|
+
# @!attribute [rw] memory_size
|
787
|
+
# The memory that's allocated to the function.
|
788
|
+
# @return [Integer]
|
789
|
+
#
|
790
|
+
# @!attribute [rw] revision_id
|
791
|
+
# The latest updated revision of the function or alias.
|
792
|
+
# @return [String]
|
793
|
+
#
|
794
|
+
# @!attribute [rw] role
|
795
|
+
# The function's execution role.
|
796
|
+
# @return [String]
|
797
|
+
#
|
798
|
+
# @!attribute [rw] runtime
|
799
|
+
# The runtime environment for the Lambda function.
|
800
|
+
# @return [String]
|
801
|
+
#
|
802
|
+
# @!attribute [rw] timeout
|
803
|
+
# The amount of time that Lambda allows a function to run before
|
804
|
+
# stopping it.
|
805
|
+
# @return [Integer]
|
806
|
+
#
|
807
|
+
# @!attribute [rw] tracing_config
|
808
|
+
# The function's AWS X-Ray tracing configuration.
|
809
|
+
# @return [Types::AwsLambdaFunctionTracingConfig]
|
810
|
+
#
|
811
|
+
# @!attribute [rw] vpc_config
|
812
|
+
# The function's networking configuration.
|
813
|
+
# @return [Types::AwsLambdaFunctionVpcConfig]
|
814
|
+
#
|
815
|
+
# @!attribute [rw] version
|
816
|
+
# The version of the Lambda function.
|
817
|
+
# @return [String]
|
818
|
+
#
|
819
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDetails AWS API Documentation
|
820
|
+
#
|
821
|
+
class AwsLambdaFunctionDetails < Struct.new(
|
822
|
+
:code,
|
823
|
+
:code_sha_256,
|
824
|
+
:dead_letter_config,
|
825
|
+
:environment,
|
826
|
+
:function_name,
|
827
|
+
:handler,
|
828
|
+
:kms_key_arn,
|
829
|
+
:last_modified,
|
830
|
+
:layers,
|
831
|
+
:master_arn,
|
832
|
+
:memory_size,
|
833
|
+
:revision_id,
|
834
|
+
:role,
|
835
|
+
:runtime,
|
836
|
+
:timeout,
|
837
|
+
:tracing_config,
|
838
|
+
:vpc_config,
|
839
|
+
:version)
|
840
|
+
include Aws::Structure
|
841
|
+
end
|
842
|
+
|
843
|
+
# A function's environment variable settings.
|
844
|
+
#
|
845
|
+
# @note When making an API call, you may pass AwsLambdaFunctionEnvironment
|
846
|
+
# data as a hash:
|
847
|
+
#
|
848
|
+
# {
|
849
|
+
# variables: {
|
850
|
+
# "NonEmptyString" => "NonEmptyString",
|
851
|
+
# },
|
852
|
+
# error: {
|
853
|
+
# error_code: "NonEmptyString",
|
854
|
+
# message: "NonEmptyString",
|
855
|
+
# },
|
856
|
+
# }
|
857
|
+
#
|
858
|
+
# @!attribute [rw] variables
|
859
|
+
# Environment variable key-value pairs.
|
860
|
+
# @return [Hash<String,String>]
|
861
|
+
#
|
862
|
+
# @!attribute [rw] error
|
863
|
+
# An `AwsLambdaFunctionEnvironmentError` object.
|
864
|
+
# @return [Types::AwsLambdaFunctionEnvironmentError]
|
865
|
+
#
|
866
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironment AWS API Documentation
|
867
|
+
#
|
868
|
+
class AwsLambdaFunctionEnvironment < Struct.new(
|
869
|
+
:variables,
|
870
|
+
:error)
|
871
|
+
include Aws::Structure
|
872
|
+
end
|
873
|
+
|
874
|
+
# Error messages for environment variables that couldn't be applied.
|
875
|
+
#
|
876
|
+
# @note When making an API call, you may pass AwsLambdaFunctionEnvironmentError
|
877
|
+
# data as a hash:
|
878
|
+
#
|
879
|
+
# {
|
880
|
+
# error_code: "NonEmptyString",
|
881
|
+
# message: "NonEmptyString",
|
121
882
|
# }
|
122
883
|
#
|
123
|
-
# @!attribute [rw]
|
124
|
-
# The
|
884
|
+
# @!attribute [rw] error_code
|
885
|
+
# The error code.
|
125
886
|
# @return [String]
|
126
887
|
#
|
127
|
-
# @!attribute [rw]
|
128
|
-
# The
|
888
|
+
# @!attribute [rw] message
|
889
|
+
# The error message.
|
129
890
|
# @return [String]
|
130
891
|
#
|
131
|
-
#
|
132
|
-
# The IPv4 addresses associated with the instance.
|
133
|
-
# @return [Array<String>]
|
892
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironmentError AWS API Documentation
|
134
893
|
#
|
135
|
-
|
136
|
-
|
137
|
-
|
894
|
+
class AwsLambdaFunctionEnvironmentError < Struct.new(
|
895
|
+
:error_code,
|
896
|
+
:message)
|
897
|
+
include Aws::Structure
|
898
|
+
end
|
899
|
+
|
900
|
+
# An AWS Lambda layer.
|
138
901
|
#
|
139
|
-
#
|
140
|
-
#
|
141
|
-
# @return [String]
|
902
|
+
# @note When making an API call, you may pass AwsLambdaFunctionLayer
|
903
|
+
# data as a hash:
|
142
904
|
#
|
143
|
-
#
|
144
|
-
#
|
145
|
-
#
|
905
|
+
# {
|
906
|
+
# arn: "NonEmptyString",
|
907
|
+
# code_size: 1,
|
908
|
+
# }
|
146
909
|
#
|
147
|
-
# @!attribute [rw]
|
148
|
-
# The
|
910
|
+
# @!attribute [rw] arn
|
911
|
+
# The Amazon Resource Name (ARN) of the function layer.
|
149
912
|
# @return [String]
|
150
913
|
#
|
151
|
-
# @!attribute [rw]
|
152
|
-
# The
|
153
|
-
# @return [
|
914
|
+
# @!attribute [rw] code_size
|
915
|
+
# The size of the layer archive in bytes.
|
916
|
+
# @return [Integer]
|
154
917
|
#
|
155
|
-
#
|
156
|
-
#
|
918
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionLayer AWS API Documentation
|
919
|
+
#
|
920
|
+
class AwsLambdaFunctionLayer < Struct.new(
|
921
|
+
:arn,
|
922
|
+
:code_size)
|
923
|
+
include Aws::Structure
|
924
|
+
end
|
925
|
+
|
926
|
+
# The function's AWS X-Ray tracing configuration.
|
927
|
+
#
|
928
|
+
# @note When making an API call, you may pass AwsLambdaFunctionTracingConfig
|
929
|
+
# data as a hash:
|
930
|
+
#
|
931
|
+
# {
|
932
|
+
# mode: "NonEmptyString",
|
933
|
+
# }
|
934
|
+
#
|
935
|
+
# @!attribute [rw] mode
|
936
|
+
# The tracing mode.
|
157
937
|
# @return [String]
|
158
938
|
#
|
159
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/
|
939
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionTracingConfig AWS API Documentation
|
160
940
|
#
|
161
|
-
class
|
162
|
-
:
|
163
|
-
:image_id,
|
164
|
-
:ip_v4_addresses,
|
165
|
-
:ip_v6_addresses,
|
166
|
-
:key_name,
|
167
|
-
:iam_instance_profile_arn,
|
168
|
-
:vpc_id,
|
169
|
-
:subnet_id,
|
170
|
-
:launched_at)
|
941
|
+
class AwsLambdaFunctionTracingConfig < Struct.new(
|
942
|
+
:mode)
|
171
943
|
include Aws::Structure
|
172
944
|
end
|
173
945
|
|
174
|
-
#
|
946
|
+
# The VPC security groups and subnets that are attached to a Lambda
|
947
|
+
# function. For more information, see VPC Settings.
|
175
948
|
#
|
176
|
-
# @note When making an API call, you may pass
|
949
|
+
# @note When making an API call, you may pass AwsLambdaFunctionVpcConfig
|
177
950
|
# data as a hash:
|
178
951
|
#
|
179
952
|
# {
|
180
|
-
#
|
181
|
-
#
|
182
|
-
#
|
953
|
+
# security_group_ids: ["NonEmptyString"],
|
954
|
+
# subnet_ids: ["NonEmptyString"],
|
955
|
+
# vpc_id: "NonEmptyString",
|
183
956
|
# }
|
184
957
|
#
|
185
|
-
# @!attribute [rw]
|
186
|
-
#
|
187
|
-
# @return [String]
|
958
|
+
# @!attribute [rw] security_group_ids
|
959
|
+
# A list of VPC security groups IDs.
|
960
|
+
# @return [Array<String>]
|
188
961
|
#
|
189
|
-
# @!attribute [rw]
|
190
|
-
#
|
191
|
-
# @return [String]
|
962
|
+
# @!attribute [rw] subnet_ids
|
963
|
+
# A list of VPC subnet IDs.
|
964
|
+
# @return [Array<String>]
|
192
965
|
#
|
193
|
-
# @!attribute [rw]
|
194
|
-
# The
|
966
|
+
# @!attribute [rw] vpc_id
|
967
|
+
# The ID of the VPC.
|
195
968
|
# @return [String]
|
196
969
|
#
|
197
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/
|
970
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionVpcConfig AWS API Documentation
|
198
971
|
#
|
199
|
-
class
|
200
|
-
:
|
201
|
-
:
|
202
|
-
:
|
972
|
+
class AwsLambdaFunctionVpcConfig < Struct.new(
|
973
|
+
:security_group_ids,
|
974
|
+
:subnet_ids,
|
975
|
+
:vpc_id)
|
203
976
|
include Aws::Structure
|
204
977
|
end
|
205
978
|
|
@@ -324,6 +1097,28 @@ module Aws::SecurityHub
|
|
324
1097
|
# "NonEmptyString" => "NonEmptyString",
|
325
1098
|
# },
|
326
1099
|
# details: {
|
1100
|
+
# aws_cloud_front_distribution: {
|
1101
|
+
# domain_name: "NonEmptyString",
|
1102
|
+
# etag: "NonEmptyString",
|
1103
|
+
# last_modified_time: "NonEmptyString",
|
1104
|
+
# logging: {
|
1105
|
+
# bucket: "NonEmptyString",
|
1106
|
+
# enabled: false,
|
1107
|
+
# include_cookies: false,
|
1108
|
+
# prefix: "NonEmptyString",
|
1109
|
+
# },
|
1110
|
+
# origins: {
|
1111
|
+
# items: [
|
1112
|
+
# {
|
1113
|
+
# domain_name: "NonEmptyString",
|
1114
|
+
# id: "NonEmptyString",
|
1115
|
+
# origin_path: "NonEmptyString",
|
1116
|
+
# },
|
1117
|
+
# ],
|
1118
|
+
# },
|
1119
|
+
# status: "NonEmptyString",
|
1120
|
+
# web_acl_id: "NonEmptyString",
|
1121
|
+
# },
|
327
1122
|
# aws_ec2_instance: {
|
328
1123
|
# type: "NonEmptyString",
|
329
1124
|
# image_id: "NonEmptyString",
|
@@ -335,6 +1130,26 @@ module Aws::SecurityHub
|
|
335
1130
|
# subnet_id: "NonEmptyString",
|
336
1131
|
# launched_at: "NonEmptyString",
|
337
1132
|
# },
|
1133
|
+
# aws_elbv_2_load_balancer: {
|
1134
|
+
# availability_zones: [
|
1135
|
+
# {
|
1136
|
+
# zone_name: "NonEmptyString",
|
1137
|
+
# subnet_id: "NonEmptyString",
|
1138
|
+
# },
|
1139
|
+
# ],
|
1140
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
1141
|
+
# created_time: "NonEmptyString",
|
1142
|
+
# dns_name: "NonEmptyString",
|
1143
|
+
# ip_address_type: "NonEmptyString",
|
1144
|
+
# scheme: "NonEmptyString",
|
1145
|
+
# security_groups: ["NonEmptyString"],
|
1146
|
+
# state: {
|
1147
|
+
# code: "NonEmptyString",
|
1148
|
+
# reason: "NonEmptyString",
|
1149
|
+
# },
|
1150
|
+
# type: "NonEmptyString",
|
1151
|
+
# vpc_id: "NonEmptyString",
|
1152
|
+
# },
|
338
1153
|
# aws_s3_bucket: {
|
339
1154
|
# owner_id: "NonEmptyString",
|
340
1155
|
# owner_name: "NonEmptyString",
|
@@ -343,6 +1158,88 @@ module Aws::SecurityHub
|
|
343
1158
|
# user_name: "NonEmptyString",
|
344
1159
|
# status: "Active", # accepts Active, Inactive
|
345
1160
|
# created_at: "NonEmptyString",
|
1161
|
+
# principal_id: "NonEmptyString",
|
1162
|
+
# principal_type: "NonEmptyString",
|
1163
|
+
# principal_name: "NonEmptyString",
|
1164
|
+
# },
|
1165
|
+
# aws_iam_role: {
|
1166
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
1167
|
+
# create_date: "NonEmptyString",
|
1168
|
+
# role_id: "NonEmptyString",
|
1169
|
+
# role_name: "NonEmptyString",
|
1170
|
+
# max_session_duration: 1,
|
1171
|
+
# path: "NonEmptyString",
|
1172
|
+
# },
|
1173
|
+
# aws_kms_key: {
|
1174
|
+
# aws_account_id: "NonEmptyString",
|
1175
|
+
# creation_date: 1.0,
|
1176
|
+
# key_id: "NonEmptyString",
|
1177
|
+
# key_manager: "NonEmptyString",
|
1178
|
+
# key_state: "NonEmptyString",
|
1179
|
+
# origin: "NonEmptyString",
|
1180
|
+
# },
|
1181
|
+
# aws_lambda_function: {
|
1182
|
+
# code: {
|
1183
|
+
# s3_bucket: "NonEmptyString",
|
1184
|
+
# s3_key: "NonEmptyString",
|
1185
|
+
# s3_object_version: "NonEmptyString",
|
1186
|
+
# zip_file: "NonEmptyString",
|
1187
|
+
# },
|
1188
|
+
# code_sha_256: "NonEmptyString",
|
1189
|
+
# dead_letter_config: {
|
1190
|
+
# target_arn: "NonEmptyString",
|
1191
|
+
# },
|
1192
|
+
# environment: {
|
1193
|
+
# variables: {
|
1194
|
+
# "NonEmptyString" => "NonEmptyString",
|
1195
|
+
# },
|
1196
|
+
# error: {
|
1197
|
+
# error_code: "NonEmptyString",
|
1198
|
+
# message: "NonEmptyString",
|
1199
|
+
# },
|
1200
|
+
# },
|
1201
|
+
# function_name: "NonEmptyString",
|
1202
|
+
# handler: "NonEmptyString",
|
1203
|
+
# kms_key_arn: "NonEmptyString",
|
1204
|
+
# last_modified: "NonEmptyString",
|
1205
|
+
# layers: [
|
1206
|
+
# {
|
1207
|
+
# arn: "NonEmptyString",
|
1208
|
+
# code_size: 1,
|
1209
|
+
# },
|
1210
|
+
# ],
|
1211
|
+
# master_arn: "NonEmptyString",
|
1212
|
+
# memory_size: 1,
|
1213
|
+
# revision_id: "NonEmptyString",
|
1214
|
+
# role: "NonEmptyString",
|
1215
|
+
# runtime: "NonEmptyString",
|
1216
|
+
# timeout: 1,
|
1217
|
+
# tracing_config: {
|
1218
|
+
# mode: "NonEmptyString",
|
1219
|
+
# },
|
1220
|
+
# vpc_config: {
|
1221
|
+
# security_group_ids: ["NonEmptyString"],
|
1222
|
+
# subnet_ids: ["NonEmptyString"],
|
1223
|
+
# vpc_id: "NonEmptyString",
|
1224
|
+
# },
|
1225
|
+
# version: "NonEmptyString",
|
1226
|
+
# },
|
1227
|
+
# aws_sns_topic: {
|
1228
|
+
# kms_master_key_id: "NonEmptyString",
|
1229
|
+
# subscription: [
|
1230
|
+
# {
|
1231
|
+
# endpoint: "NonEmptyString",
|
1232
|
+
# protocol: "NonEmptyString",
|
1233
|
+
# },
|
1234
|
+
# ],
|
1235
|
+
# topic_name: "NonEmptyString",
|
1236
|
+
# owner: "NonEmptyString",
|
1237
|
+
# },
|
1238
|
+
# aws_sqs_queue: {
|
1239
|
+
# kms_data_key_reuse_period_seconds: 1,
|
1240
|
+
# kms_master_key_id: "NonEmptyString",
|
1241
|
+
# queue_name: "NonEmptyString",
|
1242
|
+
# dead_letter_target_arn: "NonEmptyString",
|
346
1243
|
# },
|
347
1244
|
# container: {
|
348
1245
|
# name: "NonEmptyString",
|
@@ -1590,6 +2487,120 @@ module Aws::SecurityHub
|
|
1590
2487
|
include Aws::Structure
|
1591
2488
|
end
|
1592
2489
|
|
2490
|
+
# A wrapper type for the topic's Amazon Resource Name (ARN).
|
2491
|
+
#
|
2492
|
+
# @note When making an API call, you may pass AwsSnsTopicDetails
|
2493
|
+
# data as a hash:
|
2494
|
+
#
|
2495
|
+
# {
|
2496
|
+
# kms_master_key_id: "NonEmptyString",
|
2497
|
+
# subscription: [
|
2498
|
+
# {
|
2499
|
+
# endpoint: "NonEmptyString",
|
2500
|
+
# protocol: "NonEmptyString",
|
2501
|
+
# },
|
2502
|
+
# ],
|
2503
|
+
# topic_name: "NonEmptyString",
|
2504
|
+
# owner: "NonEmptyString",
|
2505
|
+
# }
|
2506
|
+
#
|
2507
|
+
# @!attribute [rw] kms_master_key_id
|
2508
|
+
# The ID of an AWS-managed customer master key (CMK) for Amazon SNS or
|
2509
|
+
# a custom CMK.
|
2510
|
+
# @return [String]
|
2511
|
+
#
|
2512
|
+
# @!attribute [rw] subscription
|
2513
|
+
# Subscription is an embedded property that describes the subscription
|
2514
|
+
# endpoints of an Amazon SNS topic.
|
2515
|
+
# @return [Array<Types::AwsSnsTopicSubscription>]
|
2516
|
+
#
|
2517
|
+
# @!attribute [rw] topic_name
|
2518
|
+
# The name of the topic.
|
2519
|
+
# @return [String]
|
2520
|
+
#
|
2521
|
+
# @!attribute [rw] owner
|
2522
|
+
# The subscription's owner.
|
2523
|
+
# @return [String]
|
2524
|
+
#
|
2525
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicDetails AWS API Documentation
|
2526
|
+
#
|
2527
|
+
class AwsSnsTopicDetails < Struct.new(
|
2528
|
+
:kms_master_key_id,
|
2529
|
+
:subscription,
|
2530
|
+
:topic_name,
|
2531
|
+
:owner)
|
2532
|
+
include Aws::Structure
|
2533
|
+
end
|
2534
|
+
|
2535
|
+
# A wrapper type for the attributes of an Amazon SNS subscription.
|
2536
|
+
#
|
2537
|
+
# @note When making an API call, you may pass AwsSnsTopicSubscription
|
2538
|
+
# data as a hash:
|
2539
|
+
#
|
2540
|
+
# {
|
2541
|
+
# endpoint: "NonEmptyString",
|
2542
|
+
# protocol: "NonEmptyString",
|
2543
|
+
# }
|
2544
|
+
#
|
2545
|
+
# @!attribute [rw] endpoint
|
2546
|
+
# The subscription's endpoint (format depends on the protocol).
|
2547
|
+
# @return [String]
|
2548
|
+
#
|
2549
|
+
# @!attribute [rw] protocol
|
2550
|
+
# The subscription's protocol.
|
2551
|
+
# @return [String]
|
2552
|
+
#
|
2553
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicSubscription AWS API Documentation
|
2554
|
+
#
|
2555
|
+
class AwsSnsTopicSubscription < Struct.new(
|
2556
|
+
:endpoint,
|
2557
|
+
:protocol)
|
2558
|
+
include Aws::Structure
|
2559
|
+
end
|
2560
|
+
|
2561
|
+
# Data about a queue.
|
2562
|
+
#
|
2563
|
+
# @note When making an API call, you may pass AwsSqsQueueDetails
|
2564
|
+
# data as a hash:
|
2565
|
+
#
|
2566
|
+
# {
|
2567
|
+
# kms_data_key_reuse_period_seconds: 1,
|
2568
|
+
# kms_master_key_id: "NonEmptyString",
|
2569
|
+
# queue_name: "NonEmptyString",
|
2570
|
+
# dead_letter_target_arn: "NonEmptyString",
|
2571
|
+
# }
|
2572
|
+
#
|
2573
|
+
# @!attribute [rw] kms_data_key_reuse_period_seconds
|
2574
|
+
# The length of time, in seconds, for which Amazon SQS can reuse a
|
2575
|
+
# data key to encrypt or decrypt messages before calling AWS KMS
|
2576
|
+
# again.
|
2577
|
+
# @return [Integer]
|
2578
|
+
#
|
2579
|
+
# @!attribute [rw] kms_master_key_id
|
2580
|
+
# The ID of an AWS-managed customer master key (CMK) for Amazon SQS or
|
2581
|
+
# a custom CMK.
|
2582
|
+
# @return [String]
|
2583
|
+
#
|
2584
|
+
# @!attribute [rw] queue_name
|
2585
|
+
# The name of the new queue.
|
2586
|
+
# @return [String]
|
2587
|
+
#
|
2588
|
+
# @!attribute [rw] dead_letter_target_arn
|
2589
|
+
# The Amazon Resource Name (ARN) of the dead-letter queue to which
|
2590
|
+
# Amazon SQS moves messages after the value of maxReceiveCount is
|
2591
|
+
# exceeded.
|
2592
|
+
# @return [String]
|
2593
|
+
#
|
2594
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSqsQueueDetails AWS API Documentation
|
2595
|
+
#
|
2596
|
+
class AwsSqsQueueDetails < Struct.new(
|
2597
|
+
:kms_data_key_reuse_period_seconds,
|
2598
|
+
:kms_master_key_id,
|
2599
|
+
:queue_name,
|
2600
|
+
:dead_letter_target_arn)
|
2601
|
+
include Aws::Structure
|
2602
|
+
end
|
2603
|
+
|
1593
2604
|
# @note When making an API call, you may pass BatchDisableStandardsRequest
|
1594
2605
|
# data as a hash:
|
1595
2606
|
#
|
@@ -1747,6 +2758,28 @@ module Aws::SecurityHub
|
|
1747
2758
|
# "NonEmptyString" => "NonEmptyString",
|
1748
2759
|
# },
|
1749
2760
|
# details: {
|
2761
|
+
# aws_cloud_front_distribution: {
|
2762
|
+
# domain_name: "NonEmptyString",
|
2763
|
+
# etag: "NonEmptyString",
|
2764
|
+
# last_modified_time: "NonEmptyString",
|
2765
|
+
# logging: {
|
2766
|
+
# bucket: "NonEmptyString",
|
2767
|
+
# enabled: false,
|
2768
|
+
# include_cookies: false,
|
2769
|
+
# prefix: "NonEmptyString",
|
2770
|
+
# },
|
2771
|
+
# origins: {
|
2772
|
+
# items: [
|
2773
|
+
# {
|
2774
|
+
# domain_name: "NonEmptyString",
|
2775
|
+
# id: "NonEmptyString",
|
2776
|
+
# origin_path: "NonEmptyString",
|
2777
|
+
# },
|
2778
|
+
# ],
|
2779
|
+
# },
|
2780
|
+
# status: "NonEmptyString",
|
2781
|
+
# web_acl_id: "NonEmptyString",
|
2782
|
+
# },
|
1750
2783
|
# aws_ec2_instance: {
|
1751
2784
|
# type: "NonEmptyString",
|
1752
2785
|
# image_id: "NonEmptyString",
|
@@ -1758,6 +2791,26 @@ module Aws::SecurityHub
|
|
1758
2791
|
# subnet_id: "NonEmptyString",
|
1759
2792
|
# launched_at: "NonEmptyString",
|
1760
2793
|
# },
|
2794
|
+
# aws_elbv_2_load_balancer: {
|
2795
|
+
# availability_zones: [
|
2796
|
+
# {
|
2797
|
+
# zone_name: "NonEmptyString",
|
2798
|
+
# subnet_id: "NonEmptyString",
|
2799
|
+
# },
|
2800
|
+
# ],
|
2801
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
2802
|
+
# created_time: "NonEmptyString",
|
2803
|
+
# dns_name: "NonEmptyString",
|
2804
|
+
# ip_address_type: "NonEmptyString",
|
2805
|
+
# scheme: "NonEmptyString",
|
2806
|
+
# security_groups: ["NonEmptyString"],
|
2807
|
+
# state: {
|
2808
|
+
# code: "NonEmptyString",
|
2809
|
+
# reason: "NonEmptyString",
|
2810
|
+
# },
|
2811
|
+
# type: "NonEmptyString",
|
2812
|
+
# vpc_id: "NonEmptyString",
|
2813
|
+
# },
|
1761
2814
|
# aws_s3_bucket: {
|
1762
2815
|
# owner_id: "NonEmptyString",
|
1763
2816
|
# owner_name: "NonEmptyString",
|
@@ -1766,6 +2819,88 @@ module Aws::SecurityHub
|
|
1766
2819
|
# user_name: "NonEmptyString",
|
1767
2820
|
# status: "Active", # accepts Active, Inactive
|
1768
2821
|
# created_at: "NonEmptyString",
|
2822
|
+
# principal_id: "NonEmptyString",
|
2823
|
+
# principal_type: "NonEmptyString",
|
2824
|
+
# principal_name: "NonEmptyString",
|
2825
|
+
# },
|
2826
|
+
# aws_iam_role: {
|
2827
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
2828
|
+
# create_date: "NonEmptyString",
|
2829
|
+
# role_id: "NonEmptyString",
|
2830
|
+
# role_name: "NonEmptyString",
|
2831
|
+
# max_session_duration: 1,
|
2832
|
+
# path: "NonEmptyString",
|
2833
|
+
# },
|
2834
|
+
# aws_kms_key: {
|
2835
|
+
# aws_account_id: "NonEmptyString",
|
2836
|
+
# creation_date: 1.0,
|
2837
|
+
# key_id: "NonEmptyString",
|
2838
|
+
# key_manager: "NonEmptyString",
|
2839
|
+
# key_state: "NonEmptyString",
|
2840
|
+
# origin: "NonEmptyString",
|
2841
|
+
# },
|
2842
|
+
# aws_lambda_function: {
|
2843
|
+
# code: {
|
2844
|
+
# s3_bucket: "NonEmptyString",
|
2845
|
+
# s3_key: "NonEmptyString",
|
2846
|
+
# s3_object_version: "NonEmptyString",
|
2847
|
+
# zip_file: "NonEmptyString",
|
2848
|
+
# },
|
2849
|
+
# code_sha_256: "NonEmptyString",
|
2850
|
+
# dead_letter_config: {
|
2851
|
+
# target_arn: "NonEmptyString",
|
2852
|
+
# },
|
2853
|
+
# environment: {
|
2854
|
+
# variables: {
|
2855
|
+
# "NonEmptyString" => "NonEmptyString",
|
2856
|
+
# },
|
2857
|
+
# error: {
|
2858
|
+
# error_code: "NonEmptyString",
|
2859
|
+
# message: "NonEmptyString",
|
2860
|
+
# },
|
2861
|
+
# },
|
2862
|
+
# function_name: "NonEmptyString",
|
2863
|
+
# handler: "NonEmptyString",
|
2864
|
+
# kms_key_arn: "NonEmptyString",
|
2865
|
+
# last_modified: "NonEmptyString",
|
2866
|
+
# layers: [
|
2867
|
+
# {
|
2868
|
+
# arn: "NonEmptyString",
|
2869
|
+
# code_size: 1,
|
2870
|
+
# },
|
2871
|
+
# ],
|
2872
|
+
# master_arn: "NonEmptyString",
|
2873
|
+
# memory_size: 1,
|
2874
|
+
# revision_id: "NonEmptyString",
|
2875
|
+
# role: "NonEmptyString",
|
2876
|
+
# runtime: "NonEmptyString",
|
2877
|
+
# timeout: 1,
|
2878
|
+
# tracing_config: {
|
2879
|
+
# mode: "NonEmptyString",
|
2880
|
+
# },
|
2881
|
+
# vpc_config: {
|
2882
|
+
# security_group_ids: ["NonEmptyString"],
|
2883
|
+
# subnet_ids: ["NonEmptyString"],
|
2884
|
+
# vpc_id: "NonEmptyString",
|
2885
|
+
# },
|
2886
|
+
# version: "NonEmptyString",
|
2887
|
+
# },
|
2888
|
+
# aws_sns_topic: {
|
2889
|
+
# kms_master_key_id: "NonEmptyString",
|
2890
|
+
# subscription: [
|
2891
|
+
# {
|
2892
|
+
# endpoint: "NonEmptyString",
|
2893
|
+
# protocol: "NonEmptyString",
|
2894
|
+
# },
|
2895
|
+
# ],
|
2896
|
+
# topic_name: "NonEmptyString",
|
2897
|
+
# owner: "NonEmptyString",
|
2898
|
+
# },
|
2899
|
+
# aws_sqs_queue: {
|
2900
|
+
# kms_data_key_reuse_period_seconds: 1,
|
2901
|
+
# kms_master_key_id: "NonEmptyString",
|
2902
|
+
# queue_name: "NonEmptyString",
|
2903
|
+
# dead_letter_target_arn: "NonEmptyString",
|
1769
2904
|
# },
|
1770
2905
|
# container: {
|
1771
2906
|
# name: "NonEmptyString",
|
@@ -1802,7 +2937,8 @@ module Aws::SecurityHub
|
|
1802
2937
|
#
|
1803
2938
|
# @!attribute [rw] findings
|
1804
2939
|
# A list of findings to import. To successfully import a finding, it
|
1805
|
-
# must follow the [AWS Security Finding Format][1].
|
2940
|
+
# must follow the [AWS Security Finding Format][1]. Maximum of 100
|
2941
|
+
# findings per request.
|
1806
2942
|
#
|
1807
2943
|
#
|
1808
2944
|
#
|
@@ -1841,6 +2977,21 @@ module Aws::SecurityHub
|
|
1841
2977
|
# against a specific rule in a supported standard (for example, CIS AWS
|
1842
2978
|
# Foundations). Contains compliance-related finding details.
|
1843
2979
|
#
|
2980
|
+
# Values include the following:
|
2981
|
+
#
|
2982
|
+
# * Allowed values are the following:
|
2983
|
+
#
|
2984
|
+
# * `PASSED` - Compliance check passed for all evaluated resources.
|
2985
|
+
#
|
2986
|
+
# * `WARNING` - Some information is missing or this check is not
|
2987
|
+
# supported given your configuration.
|
2988
|
+
#
|
2989
|
+
# * `FAILED` - Compliance check failed for at least one evaluated
|
2990
|
+
# resource.
|
2991
|
+
#
|
2992
|
+
# * `NOT_AVAILABLE` - Check could not be performed due to a service
|
2993
|
+
# outage or API error.
|
2994
|
+
#
|
1844
2995
|
# @note When making an API call, you may pass Compliance
|
1845
2996
|
# data as a hash:
|
1846
2997
|
#
|
@@ -4277,6 +5428,35 @@ module Aws::SecurityHub
|
|
4277
5428
|
include Aws::Structure
|
4278
5429
|
end
|
4279
5430
|
|
5431
|
+
# Information about the state of the load balancer.
|
5432
|
+
#
|
5433
|
+
# @note When making an API call, you may pass LoadBalancerState
|
5434
|
+
# data as a hash:
|
5435
|
+
#
|
5436
|
+
# {
|
5437
|
+
# code: "NonEmptyString",
|
5438
|
+
# reason: "NonEmptyString",
|
5439
|
+
# }
|
5440
|
+
#
|
5441
|
+
# @!attribute [rw] code
|
5442
|
+
# The state code. The initial state of the load balancer is
|
5443
|
+
# provisioning. After the load balancer is fully set up and ready to
|
5444
|
+
# route traffic, its state is active. If the load balancer could not
|
5445
|
+
# be set up, its state is failed.
|
5446
|
+
# @return [String]
|
5447
|
+
#
|
5448
|
+
# @!attribute [rw] reason
|
5449
|
+
# A description of the state.
|
5450
|
+
# @return [String]
|
5451
|
+
#
|
5452
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/LoadBalancerState AWS API Documentation
|
5453
|
+
#
|
5454
|
+
class LoadBalancerState < Struct.new(
|
5455
|
+
:code,
|
5456
|
+
:reason)
|
5457
|
+
include Aws::Structure
|
5458
|
+
end
|
5459
|
+
|
4280
5460
|
# A list of malware related to a finding.
|
4281
5461
|
#
|
4282
5462
|
# @note When making an API call, you may pass Malware
|
@@ -4761,6 +5941,28 @@ module Aws::SecurityHub
|
|
4761
5941
|
# "NonEmptyString" => "NonEmptyString",
|
4762
5942
|
# },
|
4763
5943
|
# details: {
|
5944
|
+
# aws_cloud_front_distribution: {
|
5945
|
+
# domain_name: "NonEmptyString",
|
5946
|
+
# etag: "NonEmptyString",
|
5947
|
+
# last_modified_time: "NonEmptyString",
|
5948
|
+
# logging: {
|
5949
|
+
# bucket: "NonEmptyString",
|
5950
|
+
# enabled: false,
|
5951
|
+
# include_cookies: false,
|
5952
|
+
# prefix: "NonEmptyString",
|
5953
|
+
# },
|
5954
|
+
# origins: {
|
5955
|
+
# items: [
|
5956
|
+
# {
|
5957
|
+
# domain_name: "NonEmptyString",
|
5958
|
+
# id: "NonEmptyString",
|
5959
|
+
# origin_path: "NonEmptyString",
|
5960
|
+
# },
|
5961
|
+
# ],
|
5962
|
+
# },
|
5963
|
+
# status: "NonEmptyString",
|
5964
|
+
# web_acl_id: "NonEmptyString",
|
5965
|
+
# },
|
4764
5966
|
# aws_ec2_instance: {
|
4765
5967
|
# type: "NonEmptyString",
|
4766
5968
|
# image_id: "NonEmptyString",
|
@@ -4772,6 +5974,26 @@ module Aws::SecurityHub
|
|
4772
5974
|
# subnet_id: "NonEmptyString",
|
4773
5975
|
# launched_at: "NonEmptyString",
|
4774
5976
|
# },
|
5977
|
+
# aws_elbv_2_load_balancer: {
|
5978
|
+
# availability_zones: [
|
5979
|
+
# {
|
5980
|
+
# zone_name: "NonEmptyString",
|
5981
|
+
# subnet_id: "NonEmptyString",
|
5982
|
+
# },
|
5983
|
+
# ],
|
5984
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
5985
|
+
# created_time: "NonEmptyString",
|
5986
|
+
# dns_name: "NonEmptyString",
|
5987
|
+
# ip_address_type: "NonEmptyString",
|
5988
|
+
# scheme: "NonEmptyString",
|
5989
|
+
# security_groups: ["NonEmptyString"],
|
5990
|
+
# state: {
|
5991
|
+
# code: "NonEmptyString",
|
5992
|
+
# reason: "NonEmptyString",
|
5993
|
+
# },
|
5994
|
+
# type: "NonEmptyString",
|
5995
|
+
# vpc_id: "NonEmptyString",
|
5996
|
+
# },
|
4775
5997
|
# aws_s3_bucket: {
|
4776
5998
|
# owner_id: "NonEmptyString",
|
4777
5999
|
# owner_name: "NonEmptyString",
|
@@ -4780,6 +6002,88 @@ module Aws::SecurityHub
|
|
4780
6002
|
# user_name: "NonEmptyString",
|
4781
6003
|
# status: "Active", # accepts Active, Inactive
|
4782
6004
|
# created_at: "NonEmptyString",
|
6005
|
+
# principal_id: "NonEmptyString",
|
6006
|
+
# principal_type: "NonEmptyString",
|
6007
|
+
# principal_name: "NonEmptyString",
|
6008
|
+
# },
|
6009
|
+
# aws_iam_role: {
|
6010
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
6011
|
+
# create_date: "NonEmptyString",
|
6012
|
+
# role_id: "NonEmptyString",
|
6013
|
+
# role_name: "NonEmptyString",
|
6014
|
+
# max_session_duration: 1,
|
6015
|
+
# path: "NonEmptyString",
|
6016
|
+
# },
|
6017
|
+
# aws_kms_key: {
|
6018
|
+
# aws_account_id: "NonEmptyString",
|
6019
|
+
# creation_date: 1.0,
|
6020
|
+
# key_id: "NonEmptyString",
|
6021
|
+
# key_manager: "NonEmptyString",
|
6022
|
+
# key_state: "NonEmptyString",
|
6023
|
+
# origin: "NonEmptyString",
|
6024
|
+
# },
|
6025
|
+
# aws_lambda_function: {
|
6026
|
+
# code: {
|
6027
|
+
# s3_bucket: "NonEmptyString",
|
6028
|
+
# s3_key: "NonEmptyString",
|
6029
|
+
# s3_object_version: "NonEmptyString",
|
6030
|
+
# zip_file: "NonEmptyString",
|
6031
|
+
# },
|
6032
|
+
# code_sha_256: "NonEmptyString",
|
6033
|
+
# dead_letter_config: {
|
6034
|
+
# target_arn: "NonEmptyString",
|
6035
|
+
# },
|
6036
|
+
# environment: {
|
6037
|
+
# variables: {
|
6038
|
+
# "NonEmptyString" => "NonEmptyString",
|
6039
|
+
# },
|
6040
|
+
# error: {
|
6041
|
+
# error_code: "NonEmptyString",
|
6042
|
+
# message: "NonEmptyString",
|
6043
|
+
# },
|
6044
|
+
# },
|
6045
|
+
# function_name: "NonEmptyString",
|
6046
|
+
# handler: "NonEmptyString",
|
6047
|
+
# kms_key_arn: "NonEmptyString",
|
6048
|
+
# last_modified: "NonEmptyString",
|
6049
|
+
# layers: [
|
6050
|
+
# {
|
6051
|
+
# arn: "NonEmptyString",
|
6052
|
+
# code_size: 1,
|
6053
|
+
# },
|
6054
|
+
# ],
|
6055
|
+
# master_arn: "NonEmptyString",
|
6056
|
+
# memory_size: 1,
|
6057
|
+
# revision_id: "NonEmptyString",
|
6058
|
+
# role: "NonEmptyString",
|
6059
|
+
# runtime: "NonEmptyString",
|
6060
|
+
# timeout: 1,
|
6061
|
+
# tracing_config: {
|
6062
|
+
# mode: "NonEmptyString",
|
6063
|
+
# },
|
6064
|
+
# vpc_config: {
|
6065
|
+
# security_group_ids: ["NonEmptyString"],
|
6066
|
+
# subnet_ids: ["NonEmptyString"],
|
6067
|
+
# vpc_id: "NonEmptyString",
|
6068
|
+
# },
|
6069
|
+
# version: "NonEmptyString",
|
6070
|
+
# },
|
6071
|
+
# aws_sns_topic: {
|
6072
|
+
# kms_master_key_id: "NonEmptyString",
|
6073
|
+
# subscription: [
|
6074
|
+
# {
|
6075
|
+
# endpoint: "NonEmptyString",
|
6076
|
+
# protocol: "NonEmptyString",
|
6077
|
+
# },
|
6078
|
+
# ],
|
6079
|
+
# topic_name: "NonEmptyString",
|
6080
|
+
# owner: "NonEmptyString",
|
6081
|
+
# },
|
6082
|
+
# aws_sqs_queue: {
|
6083
|
+
# kms_data_key_reuse_period_seconds: 1,
|
6084
|
+
# kms_master_key_id: "NonEmptyString",
|
6085
|
+
# queue_name: "NonEmptyString",
|
6086
|
+
# dead_letter_target_arn: "NonEmptyString",
|
4783
6087
|
# },
|
4784
6088
|
# container: {
|
4785
6089
|
# name: "NonEmptyString",
|
@@ -4854,6 +6158,28 @@ module Aws::SecurityHub
|
|
4854
6158
|
# data as a hash:
|
4855
6159
|
#
|
4856
6160
|
# {
|
6161
|
+
# aws_cloud_front_distribution: {
|
6162
|
+
# domain_name: "NonEmptyString",
|
6163
|
+
# etag: "NonEmptyString",
|
6164
|
+
# last_modified_time: "NonEmptyString",
|
6165
|
+
# logging: {
|
6166
|
+
# bucket: "NonEmptyString",
|
6167
|
+
# enabled: false,
|
6168
|
+
# include_cookies: false,
|
6169
|
+
# prefix: "NonEmptyString",
|
6170
|
+
# },
|
6171
|
+
# origins: {
|
6172
|
+
# items: [
|
6173
|
+
# {
|
6174
|
+
# domain_name: "NonEmptyString",
|
6175
|
+
# id: "NonEmptyString",
|
6176
|
+
# origin_path: "NonEmptyString",
|
6177
|
+
# },
|
6178
|
+
# ],
|
6179
|
+
# },
|
6180
|
+
# status: "NonEmptyString",
|
6181
|
+
# web_acl_id: "NonEmptyString",
|
6182
|
+
# },
|
4857
6183
|
# aws_ec2_instance: {
|
4858
6184
|
# type: "NonEmptyString",
|
4859
6185
|
# image_id: "NonEmptyString",
|
@@ -4865,6 +6191,26 @@ module Aws::SecurityHub
|
|
4865
6191
|
# subnet_id: "NonEmptyString",
|
4866
6192
|
# launched_at: "NonEmptyString",
|
4867
6193
|
# },
|
6194
|
+
# aws_elbv_2_load_balancer: {
|
6195
|
+
# availability_zones: [
|
6196
|
+
# {
|
6197
|
+
# zone_name: "NonEmptyString",
|
6198
|
+
# subnet_id: "NonEmptyString",
|
6199
|
+
# },
|
6200
|
+
# ],
|
6201
|
+
# canonical_hosted_zone_id: "NonEmptyString",
|
6202
|
+
# created_time: "NonEmptyString",
|
6203
|
+
# dns_name: "NonEmptyString",
|
6204
|
+
# ip_address_type: "NonEmptyString",
|
6205
|
+
# scheme: "NonEmptyString",
|
6206
|
+
# security_groups: ["NonEmptyString"],
|
6207
|
+
# state: {
|
6208
|
+
# code: "NonEmptyString",
|
6209
|
+
# reason: "NonEmptyString",
|
6210
|
+
# },
|
6211
|
+
# type: "NonEmptyString",
|
6212
|
+
# vpc_id: "NonEmptyString",
|
6213
|
+
# },
|
4868
6214
|
# aws_s3_bucket: {
|
4869
6215
|
# owner_id: "NonEmptyString",
|
4870
6216
|
# owner_name: "NonEmptyString",
|
@@ -4873,6 +6219,88 @@ module Aws::SecurityHub
|
|
4873
6219
|
# user_name: "NonEmptyString",
|
4874
6220
|
# status: "Active", # accepts Active, Inactive
|
4875
6221
|
# created_at: "NonEmptyString",
|
6222
|
+
# principal_id: "NonEmptyString",
|
6223
|
+
# principal_type: "NonEmptyString",
|
6224
|
+
# principal_name: "NonEmptyString",
|
6225
|
+
# },
|
6226
|
+
# aws_iam_role: {
|
6227
|
+
# assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
|
6228
|
+
# create_date: "NonEmptyString",
|
6229
|
+
# role_id: "NonEmptyString",
|
6230
|
+
# role_name: "NonEmptyString",
|
6231
|
+
# max_session_duration: 1,
|
6232
|
+
# path: "NonEmptyString",
|
6233
|
+
# },
|
6234
|
+
# aws_kms_key: {
|
6235
|
+
# aws_account_id: "NonEmptyString",
|
6236
|
+
# creation_date: 1.0,
|
6237
|
+
# key_id: "NonEmptyString",
|
6238
|
+
# key_manager: "NonEmptyString",
|
6239
|
+
# key_state: "NonEmptyString",
|
6240
|
+
# origin: "NonEmptyString",
|
6241
|
+
# },
|
6242
|
+
# aws_lambda_function: {
|
6243
|
+
# code: {
|
6244
|
+
# s3_bucket: "NonEmptyString",
|
6245
|
+
# s3_key: "NonEmptyString",
|
6246
|
+
# s3_object_version: "NonEmptyString",
|
6247
|
+
# zip_file: "NonEmptyString",
|
6248
|
+
# },
|
6249
|
+
# code_sha_256: "NonEmptyString",
|
6250
|
+
# dead_letter_config: {
|
6251
|
+
# target_arn: "NonEmptyString",
|
6252
|
+
# },
|
6253
|
+
# environment: {
|
6254
|
+
# variables: {
|
6255
|
+
# "NonEmptyString" => "NonEmptyString",
|
6256
|
+
# },
|
6257
|
+
# error: {
|
6258
|
+
# error_code: "NonEmptyString",
|
6259
|
+
# message: "NonEmptyString",
|
6260
|
+
# },
|
6261
|
+
# },
|
6262
|
+
# function_name: "NonEmptyString",
|
6263
|
+
# handler: "NonEmptyString",
|
6264
|
+
# kms_key_arn: "NonEmptyString",
|
6265
|
+
# last_modified: "NonEmptyString",
|
6266
|
+
# layers: [
|
6267
|
+
# {
|
6268
|
+
# arn: "NonEmptyString",
|
6269
|
+
# code_size: 1,
|
6270
|
+
# },
|
6271
|
+
# ],
|
6272
|
+
# master_arn: "NonEmptyString",
|
6273
|
+
# memory_size: 1,
|
6274
|
+
# revision_id: "NonEmptyString",
|
6275
|
+
# role: "NonEmptyString",
|
6276
|
+
# runtime: "NonEmptyString",
|
6277
|
+
# timeout: 1,
|
6278
|
+
# tracing_config: {
|
6279
|
+
# mode: "NonEmptyString",
|
6280
|
+
# },
|
6281
|
+
# vpc_config: {
|
6282
|
+
# security_group_ids: ["NonEmptyString"],
|
6283
|
+
# subnet_ids: ["NonEmptyString"],
|
6284
|
+
# vpc_id: "NonEmptyString",
|
6285
|
+
# },
|
6286
|
+
# version: "NonEmptyString",
|
6287
|
+
# },
|
6288
|
+
# aws_sns_topic: {
|
6289
|
+
# kms_master_key_id: "NonEmptyString",
|
6290
|
+
# subscription: [
|
6291
|
+
# {
|
6292
|
+
# endpoint: "NonEmptyString",
|
6293
|
+
# protocol: "NonEmptyString",
|
6294
|
+
# },
|
6295
|
+
# ],
|
6296
|
+
# topic_name: "NonEmptyString",
|
6297
|
+
# owner: "NonEmptyString",
|
6298
|
+
# },
|
6299
|
+
# aws_sqs_queue: {
|
6300
|
+
# kms_data_key_reuse_period_seconds: 1,
|
6301
|
+
# kms_master_key_id: "NonEmptyString",
|
6302
|
+
# queue_name: "NonEmptyString",
|
6303
|
+
# dead_letter_target_arn: "NonEmptyString",
|
4876
6304
|
# },
|
4877
6305
|
# container: {
|
4878
6306
|
# name: "NonEmptyString",
|
@@ -4885,10 +6313,18 @@ module Aws::SecurityHub
|
|
4885
6313
|
# },
|
4886
6314
|
# }
|
4887
6315
|
#
|
6316
|
+
# @!attribute [rw] aws_cloud_front_distribution
|
6317
|
+
# Details about a CloudFront distribution.
|
6318
|
+
# @return [Types::AwsCloudFrontDistributionDetails]
|
6319
|
+
#
|
4888
6320
|
# @!attribute [rw] aws_ec2_instance
|
4889
6321
|
# Details about an Amazon EC2 instance related to a finding.
|
4890
6322
|
# @return [Types::AwsEc2InstanceDetails]
|
4891
6323
|
#
|
6324
|
+
# @!attribute [rw] aws_elbv_2_load_balancer
|
6325
|
+
# Details about a load balancer.
|
6326
|
+
# @return [Types::AwsElbv2LoadBalancerDetails]
|
6327
|
+
#
|
4892
6328
|
# @!attribute [rw] aws_s3_bucket
|
4893
6329
|
# Details about an Amazon S3 Bucket related to a finding.
|
4894
6330
|
# @return [Types::AwsS3BucketDetails]
|
@@ -4897,6 +6333,26 @@ module Aws::SecurityHub
|
|
4897
6333
|
# Details about an IAM access key related to a finding.
|
4898
6334
|
# @return [Types::AwsIamAccessKeyDetails]
|
4899
6335
|
#
|
6336
|
+
# @!attribute [rw] aws_iam_role
|
6337
|
+
# Details about an IAM role.
|
6338
|
+
# @return [Types::AwsIamRoleDetails]
|
6339
|
+
#
|
6340
|
+
# @!attribute [rw] aws_kms_key
|
6341
|
+
# Details about a KMS key.
|
6342
|
+
# @return [Types::AwsKmsKeyDetails]
|
6343
|
+
#
|
6344
|
+
# @!attribute [rw] aws_lambda_function
|
6345
|
+
# Details about a Lambda function.
|
6346
|
+
# @return [Types::AwsLambdaFunctionDetails]
|
6347
|
+
#
|
6348
|
+
# @!attribute [rw] aws_sns_topic
|
6349
|
+
# Details about an SNS topic.
|
6350
|
+
# @return [Types::AwsSnsTopicDetails]
|
6351
|
+
#
|
6352
|
+
# @!attribute [rw] aws_sqs_queue
|
6353
|
+
# Details about an SQS queue.
|
6354
|
+
# @return [Types::AwsSqsQueueDetails]
|
6355
|
+
#
|
4900
6356
|
# @!attribute [rw] container
|
4901
6357
|
# Details about a container resource related to a finding.
|
4902
6358
|
# @return [Types::ContainerDetails]
|
@@ -4908,9 +6364,16 @@ module Aws::SecurityHub
|
|
4908
6364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
4909
6365
|
#
|
4910
6366
|
class ResourceDetails < Struct.new(
|
6367
|
+
:aws_cloud_front_distribution,
|
4911
6368
|
:aws_ec2_instance,
|
6369
|
+
:aws_elbv_2_load_balancer,
|
4912
6370
|
:aws_s3_bucket,
|
4913
6371
|
:aws_iam_access_key,
|
6372
|
+
:aws_iam_role,
|
6373
|
+
:aws_kms_key,
|
6374
|
+
:aws_lambda_function,
|
6375
|
+
:aws_sns_topic,
|
6376
|
+
:aws_sqs_queue,
|
4914
6377
|
:container,
|
4915
6378
|
:other)
|
4916
6379
|
include Aws::Structure
|