aws-sdk-securityhub 1.14.0 → 1.15.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-securityhub.rb +1 -1
  3. data/lib/aws-sdk-securityhub/client.rb +211 -3
  4. data/lib/aws-sdk-securityhub/client_api.rb +174 -1
  5. data/lib/aws-sdk-securityhub/types.rb +1525 -62
  6. metadata +2 -2
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -103,103 +103,876 @@ module Aws::SecurityHub
103
103
  include Aws::Structure
104
104
  end
105
105
 
106
+ # Information about an Availability Zone.
107
+ #
108
+ # @note When making an API call, you may pass AvailabilityZone
109
+ # data as a hash:
110
+ #
111
+ # {
112
+ # zone_name: "NonEmptyString",
113
+ # subnet_id: "NonEmptyString",
114
+ # }
115
+ #
116
+ # @!attribute [rw] zone_name
117
+ # The name of the Availability Zone.
118
+ # @return [String]
119
+ #
120
+ # @!attribute [rw] subnet_id
121
+ # The ID of the subnet. You can specify one subnet per Availability
122
+ # Zone.
123
+ # @return [String]
124
+ #
125
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AvailabilityZone AWS API Documentation
126
+ #
127
+ class AvailabilityZone < Struct.new(
128
+ :zone_name,
129
+ :subnet_id)
130
+ include Aws::Structure
131
+ end
132
+
133
+ # A distribution configuration.
134
+ #
135
+ # @note When making an API call, you may pass AwsCloudFrontDistributionDetails
136
+ # data as a hash:
137
+ #
138
+ # {
139
+ # domain_name: "NonEmptyString",
140
+ # etag: "NonEmptyString",
141
+ # last_modified_time: "NonEmptyString",
142
+ # logging: {
143
+ # bucket: "NonEmptyString",
144
+ # enabled: false,
145
+ # include_cookies: false,
146
+ # prefix: "NonEmptyString",
147
+ # },
148
+ # origins: {
149
+ # items: [
150
+ # {
151
+ # domain_name: "NonEmptyString",
152
+ # id: "NonEmptyString",
153
+ # origin_path: "NonEmptyString",
154
+ # },
155
+ # ],
156
+ # },
157
+ # status: "NonEmptyString",
158
+ # web_acl_id: "NonEmptyString",
159
+ # }
160
+ #
161
+ # @!attribute [rw] domain_name
162
+ # The domain name corresponding to the distribution.
163
+ # @return [String]
164
+ #
165
+ # @!attribute [rw] etag
166
+ # The entity tag is a hash of the object.
167
+ # @return [String]
168
+ #
169
+ # @!attribute [rw] last_modified_time
170
+ # The date and time that the distribution was last modified.
171
+ # @return [String]
172
+ #
173
+ # @!attribute [rw] logging
174
+ # A complex type that controls whether access logs are written for the
175
+ # distribution.
176
+ # @return [Types::AwsCloudFrontDistributionLogging]
177
+ #
178
+ # @!attribute [rw] origins
179
+ # A complex type that contains information about origins for this
180
+ # distribution.
181
+ # @return [Types::AwsCloudFrontDistributionOrigins]
182
+ #
183
+ # @!attribute [rw] status
184
+ # Indicates the current status of the distribution.
185
+ # @return [String]
186
+ #
187
+ # @!attribute [rw] web_acl_id
188
+ # A unique identifier that specifies the AWS WAF web ACL, if any, to
189
+ # associate with this distribution.
190
+ # @return [String]
191
+ #
192
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionDetails AWS API Documentation
193
+ #
194
+ class AwsCloudFrontDistributionDetails < Struct.new(
195
+ :domain_name,
196
+ :etag,
197
+ :last_modified_time,
198
+ :logging,
199
+ :origins,
200
+ :status,
201
+ :web_acl_id)
202
+ include Aws::Structure
203
+ end
204
+
205
+ # A complex type that controls whether access logs are written for the
206
+ # distribution.
207
+ #
208
+ # @note When making an API call, you may pass AwsCloudFrontDistributionLogging
209
+ # data as a hash:
210
+ #
211
+ # {
212
+ # bucket: "NonEmptyString",
213
+ # enabled: false,
214
+ # include_cookies: false,
215
+ # prefix: "NonEmptyString",
216
+ # }
217
+ #
218
+ # @!attribute [rw] bucket
219
+ # The Amazon S3 bucket to store the access logs in.
220
+ # @return [String]
221
+ #
222
+ # @!attribute [rw] enabled
223
+ # With this field, you can enable or disable the selected
224
+ # distribution.
225
+ # @return [Boolean]
226
+ #
227
+ # @!attribute [rw] include_cookies
228
+ # Specifies whether you want CloudFront to include cookies in access
229
+ # logs.
230
+ # @return [Boolean]
231
+ #
232
+ # @!attribute [rw] prefix
233
+ # An optional string that you want CloudFront to prefix to the access
234
+ # log filenames for this distribution.
235
+ # @return [String]
236
+ #
237
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionLogging AWS API Documentation
238
+ #
239
+ class AwsCloudFrontDistributionLogging < Struct.new(
240
+ :bucket,
241
+ :enabled,
242
+ :include_cookies,
243
+ :prefix)
244
+ include Aws::Structure
245
+ end
246
+
247
+ # A complex type that describes the Amazon S3 bucket, HTTP server (for
248
+ # example, a web server), Amazon MediaStore, or other server from which
249
+ # CloudFront gets your files.
250
+ #
251
+ # @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
252
+ # data as a hash:
253
+ #
254
+ # {
255
+ # domain_name: "NonEmptyString",
256
+ # id: "NonEmptyString",
257
+ # origin_path: "NonEmptyString",
258
+ # }
259
+ #
260
+ # @!attribute [rw] domain_name
261
+ # Amazon S3 origins: The DNS name of the Amazon S3 bucket from which
262
+ # you want CloudFront to get objects for this origin.
263
+ # @return [String]
264
+ #
265
+ # @!attribute [rw] id
266
+ # A unique identifier for the origin or origin group.
267
+ # @return [String]
268
+ #
269
+ # @!attribute [rw] origin_path
270
+ # An optional element that causes CloudFront to request your content
271
+ # from a directory in your Amazon S3 bucket or your custom origin.
272
+ # @return [String]
273
+ #
274
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginItem AWS API Documentation
275
+ #
276
+ class AwsCloudFrontDistributionOriginItem < Struct.new(
277
+ :domain_name,
278
+ :id,
279
+ :origin_path)
280
+ include Aws::Structure
281
+ end
282
+
283
+ # A complex type that contains information about origins and origin
284
+ # groups for this distribution.
285
+ #
286
+ # @note When making an API call, you may pass AwsCloudFrontDistributionOrigins
287
+ # data as a hash:
288
+ #
289
+ # {
290
+ # items: [
291
+ # {
292
+ # domain_name: "NonEmptyString",
293
+ # id: "NonEmptyString",
294
+ # origin_path: "NonEmptyString",
295
+ # },
296
+ # ],
297
+ # }
298
+ #
299
+ # @!attribute [rw] items
300
+ # A complex type that contains origins or origin groups for this
301
+ # distribution.
302
+ # @return [Array<Types::AwsCloudFrontDistributionOriginItem>]
303
+ #
304
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOrigins AWS API Documentation
305
+ #
306
+ class AwsCloudFrontDistributionOrigins < Struct.new(
307
+ :items)
308
+ include Aws::Structure
309
+ end
310
+
106
311
  # The details of an Amazon EC2 instance.
107
312
  #
108
313
  # @note When making an API call, you may pass AwsEc2InstanceDetails
109
314
  # data as a hash:
110
315
  #
111
316
  # {
112
- # type: "NonEmptyString",
113
- # image_id: "NonEmptyString",
114
- # ip_v4_addresses: ["NonEmptyString"],
115
- # ip_v6_addresses: ["NonEmptyString"],
116
- # key_name: "NonEmptyString",
117
- # iam_instance_profile_arn: "NonEmptyString",
118
- # vpc_id: "NonEmptyString",
119
- # subnet_id: "NonEmptyString",
120
- # launched_at: "NonEmptyString",
317
+ # type: "NonEmptyString",
318
+ # image_id: "NonEmptyString",
319
+ # ip_v4_addresses: ["NonEmptyString"],
320
+ # ip_v6_addresses: ["NonEmptyString"],
321
+ # key_name: "NonEmptyString",
322
+ # iam_instance_profile_arn: "NonEmptyString",
323
+ # vpc_id: "NonEmptyString",
324
+ # subnet_id: "NonEmptyString",
325
+ # launched_at: "NonEmptyString",
326
+ # }
327
+ #
328
+ # @!attribute [rw] type
329
+ # The instance type of the instance.
330
+ # @return [String]
331
+ #
332
+ # @!attribute [rw] image_id
333
+ # The Amazon Machine Image (AMI) ID of the instance.
334
+ # @return [String]
335
+ #
336
+ # @!attribute [rw] ip_v4_addresses
337
+ # The IPv4 addresses associated with the instance.
338
+ # @return [Array<String>]
339
+ #
340
+ # @!attribute [rw] ip_v6_addresses
341
+ # The IPv6 addresses associated with the instance.
342
+ # @return [Array<String>]
343
+ #
344
+ # @!attribute [rw] key_name
345
+ # The key name associated with the instance.
346
+ # @return [String]
347
+ #
348
+ # @!attribute [rw] iam_instance_profile_arn
349
+ # The IAM profile ARN of the instance.
350
+ # @return [String]
351
+ #
352
+ # @!attribute [rw] vpc_id
353
+ # The identifier of the VPC that the instance was launched in.
354
+ # @return [String]
355
+ #
356
+ # @!attribute [rw] subnet_id
357
+ # The identifier of the subnet that the instance was launched in.
358
+ # @return [String]
359
+ #
360
+ # @!attribute [rw] launched_at
361
+ # The date/time the instance was launched.
362
+ # @return [String]
363
+ #
364
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
365
+ #
366
+ class AwsEc2InstanceDetails < Struct.new(
367
+ :type,
368
+ :image_id,
369
+ :ip_v4_addresses,
370
+ :ip_v6_addresses,
371
+ :key_name,
372
+ :iam_instance_profile_arn,
373
+ :vpc_id,
374
+ :subnet_id,
375
+ :launched_at)
376
+ include Aws::Structure
377
+ end
378
+
379
+ # Information about a load balancer.
380
+ #
381
+ # @note When making an API call, you may pass AwsElbv2LoadBalancerDetails
382
+ # data as a hash:
383
+ #
384
+ # {
385
+ # availability_zones: [
386
+ # {
387
+ # zone_name: "NonEmptyString",
388
+ # subnet_id: "NonEmptyString",
389
+ # },
390
+ # ],
391
+ # canonical_hosted_zone_id: "NonEmptyString",
392
+ # created_time: "NonEmptyString",
393
+ # dns_name: "NonEmptyString",
394
+ # ip_address_type: "NonEmptyString",
395
+ # scheme: "NonEmptyString",
396
+ # security_groups: ["NonEmptyString"],
397
+ # state: {
398
+ # code: "NonEmptyString",
399
+ # reason: "NonEmptyString",
400
+ # },
401
+ # type: "NonEmptyString",
402
+ # vpc_id: "NonEmptyString",
403
+ # }
404
+ #
405
+ # @!attribute [rw] availability_zones
406
+ # The Availability Zones for the load balancer.
407
+ # @return [Array<Types::AvailabilityZone>]
408
+ #
409
+ # @!attribute [rw] canonical_hosted_zone_id
410
+ # The ID of the Amazon Route 53 hosted zone associated with the load
411
+ # balancer.
412
+ # @return [String]
413
+ #
414
+ # @!attribute [rw] created_time
415
+ # The date and time the load balancer was created.
416
+ # @return [String]
417
+ #
418
+ # @!attribute [rw] dns_name
419
+ # The public DNS name of the load balancer.
420
+ # @return [String]
421
+ #
422
+ # @!attribute [rw] ip_address_type
423
+ # The type of IP addresses used by the subnets for your load balancer.
424
+ # The possible values are ipv4 (for IPv4 addresses) and dualstack (for
425
+ # IPv4 and IPv6 addresses).
426
+ # @return [String]
427
+ #
428
+ # @!attribute [rw] scheme
429
+ # The nodes of an Internet-facing load balancer have public IP
430
+ # addresses.
431
+ # @return [String]
432
+ #
433
+ # @!attribute [rw] security_groups
434
+ # The IDs of the security groups for the load balancer.
435
+ # @return [Array<String>]
436
+ #
437
+ # @!attribute [rw] state
438
+ # The state of the load balancer.
439
+ # @return [Types::LoadBalancerState]
440
+ #
441
+ # @!attribute [rw] type
442
+ # The type of load balancer.
443
+ # @return [String]
444
+ #
445
+ # @!attribute [rw] vpc_id
446
+ # The ID of the VPC for the load balancer.
447
+ # @return [String]
448
+ #
449
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbv2LoadBalancerDetails AWS API Documentation
450
+ #
451
+ class AwsElbv2LoadBalancerDetails < Struct.new(
452
+ :availability_zones,
453
+ :canonical_hosted_zone_id,
454
+ :created_time,
455
+ :dns_name,
456
+ :ip_address_type,
457
+ :scheme,
458
+ :security_groups,
459
+ :state,
460
+ :type,
461
+ :vpc_id)
462
+ include Aws::Structure
463
+ end
464
+
465
+ # IAM access key details related to a finding.
466
+ #
467
+ # @note When making an API call, you may pass AwsIamAccessKeyDetails
468
+ # data as a hash:
469
+ #
470
+ # {
471
+ # user_name: "NonEmptyString",
472
+ # status: "Active", # accepts Active, Inactive
473
+ # created_at: "NonEmptyString",
474
+ # principal_id: "NonEmptyString",
475
+ # principal_type: "NonEmptyString",
476
+ # principal_name: "NonEmptyString",
477
+ # }
478
+ #
479
+ # @!attribute [rw] user_name
480
+ # The user associated with the IAM access key related to a finding.
481
+ #
482
+ # The `UserName` parameter has been replaced with the `PrincipalName`
483
+ # parameter because access keys can also be assigned to principals
484
+ # that are not IAM users.
485
+ # @return [String]
486
+ #
487
+ # @!attribute [rw] status
488
+ # The status of the IAM access key related to a finding.
489
+ # @return [String]
490
+ #
491
+ # @!attribute [rw] created_at
492
+ # The creation date/time of the IAM access key related to a finding.
493
+ # @return [String]
494
+ #
495
+ # @!attribute [rw] principal_id
496
+ # The ID of the principal associated with an access key.
497
+ # @return [String]
498
+ #
499
+ # @!attribute [rw] principal_type
500
+ # The type of principal associated with an access key.
501
+ # @return [String]
502
+ #
503
+ # @!attribute [rw] principal_name
504
+ # The name of the principal.
505
+ # @return [String]
506
+ #
507
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation
508
+ #
509
+ class AwsIamAccessKeyDetails < Struct.new(
510
+ :user_name,
511
+ :status,
512
+ :created_at,
513
+ :principal_id,
514
+ :principal_type,
515
+ :principal_name)
516
+ include Aws::Structure
517
+ end
518
+
519
+ # Contains information about an IAM role, including all of the role's
520
+ # policies.
521
+ #
522
+ # @note When making an API call, you may pass AwsIamRoleDetails
523
+ # data as a hash:
524
+ #
525
+ # {
526
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
527
+ # create_date: "NonEmptyString",
528
+ # role_id: "NonEmptyString",
529
+ # role_name: "NonEmptyString",
530
+ # max_session_duration: 1,
531
+ # path: "NonEmptyString",
532
+ # }
533
+ #
534
+ # @!attribute [rw] assume_role_policy_document
535
+ # The trust policy that grants permission to assume the role.
536
+ # @return [String]
537
+ #
538
+ # @!attribute [rw] create_date
539
+ # The date and time, in ISO 8601 date-time format, when the role was
540
+ # created.
541
+ # @return [String]
542
+ #
543
+ # @!attribute [rw] role_id
544
+ # The stable and unique string identifying the role.
545
+ # @return [String]
546
+ #
547
+ # @!attribute [rw] role_name
548
+ # The friendly name that identifies the role.
549
+ # @return [String]
550
+ #
551
+ # @!attribute [rw] max_session_duration
552
+ # The maximum session duration (in seconds) that you want to set for
553
+ # the specified role.
554
+ # @return [Integer]
555
+ #
556
+ # @!attribute [rw] path
557
+ # The path to the role.
558
+ # @return [String]
559
+ #
560
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamRoleDetails AWS API Documentation
561
+ #
562
+ class AwsIamRoleDetails < Struct.new(
563
+ :assume_role_policy_document,
564
+ :create_date,
565
+ :role_id,
566
+ :role_name,
567
+ :max_session_duration,
568
+ :path)
569
+ include Aws::Structure
570
+ end
571
+
572
+ # Contains metadata about a customer master key (CMK).
573
+ #
574
+ # @note When making an API call, you may pass AwsKmsKeyDetails
575
+ # data as a hash:
576
+ #
577
+ # {
578
+ # aws_account_id: "NonEmptyString",
579
+ # creation_date: 1.0,
580
+ # key_id: "NonEmptyString",
581
+ # key_manager: "NonEmptyString",
582
+ # key_state: "NonEmptyString",
583
+ # origin: "NonEmptyString",
584
+ # }
585
+ #
586
+ # @!attribute [rw] aws_account_id
587
+ # The twelve-digit account ID of the AWS account that owns the CMK.
588
+ # @return [String]
589
+ #
590
+ # @!attribute [rw] creation_date
591
+ # The date and time when the CMK was created.
592
+ # @return [Float]
593
+ #
594
+ # @!attribute [rw] key_id
595
+ # The globally unique identifier for the CMK.
596
+ # @return [String]
597
+ #
598
+ # @!attribute [rw] key_manager
599
+ # The manager of the CMK. CMKs in your AWS account are either customer
600
+ # managed or AWS managed.
601
+ # @return [String]
602
+ #
603
+ # @!attribute [rw] key_state
604
+ # The state of the CMK.
605
+ # @return [String]
606
+ #
607
+ # @!attribute [rw] origin
608
+ # The source of the CMK's key material. When this value is AWS\_KMS,
609
+ # AWS KMS created the key material. When this value is EXTERNAL, the
610
+ # key material was imported from your existing key management
611
+ # infrastructure or the CMK lacks key material. When this value is
612
+ # AWS\_CLOUDHSM, the key material was created in the AWS CloudHSM
613
+ # cluster associated with a custom key store.
614
+ # @return [String]
615
+ #
616
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKmsKeyDetails AWS API Documentation
617
+ #
618
+ class AwsKmsKeyDetails < Struct.new(
619
+ :aws_account_id,
620
+ :creation_date,
621
+ :key_id,
622
+ :key_manager,
623
+ :key_state,
624
+ :origin)
625
+ include Aws::Structure
626
+ end
627
+
628
+ # The code for the Lambda function. You can specify either an object in
629
+ # Amazon S3, or upload a deployment package directly.
630
+ #
631
+ # @note When making an API call, you may pass AwsLambdaFunctionCode
632
+ # data as a hash:
633
+ #
634
+ # {
635
+ # s3_bucket: "NonEmptyString",
636
+ # s3_key: "NonEmptyString",
637
+ # s3_object_version: "NonEmptyString",
638
+ # zip_file: "NonEmptyString",
639
+ # }
640
+ #
641
+ # @!attribute [rw] s3_bucket
642
+ # An Amazon S3 bucket in the same AWS Region as your function. The
643
+ # bucket can be in a different AWS account.
644
+ # @return [String]
645
+ #
646
+ # @!attribute [rw] s3_key
647
+ # The Amazon S3 key of the deployment package.
648
+ # @return [String]
649
+ #
650
+ # @!attribute [rw] s3_object_version
651
+ # For versioned objects, the version of the deployment package object
652
+ # to use.
653
+ # @return [String]
654
+ #
655
+ # @!attribute [rw] zip_file
656
+ # The base64-encoded contents of the deployment package. AWS SDK and
657
+ # AWS CLI clients handle the encoding for you.
658
+ # @return [String]
659
+ #
660
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionCode AWS API Documentation
661
+ #
662
+ class AwsLambdaFunctionCode < Struct.new(
663
+ :s3_bucket,
664
+ :s3_key,
665
+ :s3_object_version,
666
+ :zip_file)
667
+ include Aws::Structure
668
+ end
669
+
670
+ # The dead-letter queue for failed asynchronous invocations.
671
+ #
672
+ # @note When making an API call, you may pass AwsLambdaFunctionDeadLetterConfig
673
+ # data as a hash:
674
+ #
675
+ # {
676
+ # target_arn: "NonEmptyString",
677
+ # }
678
+ #
679
+ # @!attribute [rw] target_arn
680
+ # The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS
681
+ # topic.
682
+ # @return [String]
683
+ #
684
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDeadLetterConfig AWS API Documentation
685
+ #
686
+ class AwsLambdaFunctionDeadLetterConfig < Struct.new(
687
+ :target_arn)
688
+ include Aws::Structure
689
+ end
690
+
691
+ # Details about a function's configuration.
692
+ #
693
+ # @note When making an API call, you may pass AwsLambdaFunctionDetails
694
+ # data as a hash:
695
+ #
696
+ # {
697
+ # code: {
698
+ # s3_bucket: "NonEmptyString",
699
+ # s3_key: "NonEmptyString",
700
+ # s3_object_version: "NonEmptyString",
701
+ # zip_file: "NonEmptyString",
702
+ # },
703
+ # code_sha_256: "NonEmptyString",
704
+ # dead_letter_config: {
705
+ # target_arn: "NonEmptyString",
706
+ # },
707
+ # environment: {
708
+ # variables: {
709
+ # "NonEmptyString" => "NonEmptyString",
710
+ # },
711
+ # error: {
712
+ # error_code: "NonEmptyString",
713
+ # message: "NonEmptyString",
714
+ # },
715
+ # },
716
+ # function_name: "NonEmptyString",
717
+ # handler: "NonEmptyString",
718
+ # kms_key_arn: "NonEmptyString",
719
+ # last_modified: "NonEmptyString",
720
+ # layers: [
721
+ # {
722
+ # arn: "NonEmptyString",
723
+ # code_size: 1,
724
+ # },
725
+ # ],
726
+ # master_arn: "NonEmptyString",
727
+ # memory_size: 1,
728
+ # revision_id: "NonEmptyString",
729
+ # role: "NonEmptyString",
730
+ # runtime: "NonEmptyString",
731
+ # timeout: 1,
732
+ # tracing_config: {
733
+ # mode: "NonEmptyString",
734
+ # },
735
+ # vpc_config: {
736
+ # security_group_ids: ["NonEmptyString"],
737
+ # subnet_ids: ["NonEmptyString"],
738
+ # vpc_id: "NonEmptyString",
739
+ # },
740
+ # version: "NonEmptyString",
741
+ # }
742
+ #
743
+ # @!attribute [rw] code
744
+ # An `AwsLambdaFunctionCode` object.
745
+ # @return [Types::AwsLambdaFunctionCode]
746
+ #
747
+ # @!attribute [rw] code_sha_256
748
+ # The SHA256 hash of the function's deployment package.
749
+ # @return [String]
750
+ #
751
+ # @!attribute [rw] dead_letter_config
752
+ # The function's dead letter queue.
753
+ # @return [Types::AwsLambdaFunctionDeadLetterConfig]
754
+ #
755
+ # @!attribute [rw] environment
756
+ # The function's environment variables.
757
+ # @return [Types::AwsLambdaFunctionEnvironment]
758
+ #
759
+ # @!attribute [rw] function_name
760
+ # The name of the function.
761
+ # @return [String]
762
+ #
763
+ # @!attribute [rw] handler
764
+ # The function that Lambda calls to begin executing your function.
765
+ # @return [String]
766
+ #
767
+ # @!attribute [rw] kms_key_arn
768
+ # The KMS key that's used to encrypt the function's environment
769
+ # variables. This key is only returned if you've configured a
770
+ # customer managed CMK.
771
+ # @return [String]
772
+ #
773
+ # @!attribute [rw] last_modified
774
+ # The date and time that the function was last updated, in ISO-8601
775
+ # format (YYYY-MM-DDThh:mm:ss.sTZD).
776
+ # @return [String]
777
+ #
778
+ # @!attribute [rw] layers
779
+ # The function's layers.
780
+ # @return [Array<Types::AwsLambdaFunctionLayer>]
781
+ #
782
+ # @!attribute [rw] master_arn
783
+ # For Lambda@Edge functions, the ARN of the master function.
784
+ # @return [String]
785
+ #
786
+ # @!attribute [rw] memory_size
787
+ # The memory that's allocated to the function.
788
+ # @return [Integer]
789
+ #
790
+ # @!attribute [rw] revision_id
791
+ # The latest updated revision of the function or alias.
792
+ # @return [String]
793
+ #
794
+ # @!attribute [rw] role
795
+ # The function's execution role.
796
+ # @return [String]
797
+ #
798
+ # @!attribute [rw] runtime
799
+ # The runtime environment for the Lambda function.
800
+ # @return [String]
801
+ #
802
+ # @!attribute [rw] timeout
803
+ # The amount of time that Lambda allows a function to run before
804
+ # stopping it.
805
+ # @return [Integer]
806
+ #
807
+ # @!attribute [rw] tracing_config
808
+ # The function's AWS X-Ray tracing configuration.
809
+ # @return [Types::AwsLambdaFunctionTracingConfig]
810
+ #
811
+ # @!attribute [rw] vpc_config
812
+ # The function's networking configuration.
813
+ # @return [Types::AwsLambdaFunctionVpcConfig]
814
+ #
815
+ # @!attribute [rw] version
816
+ # The version of the Lambda function.
817
+ # @return [String]
818
+ #
819
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDetails AWS API Documentation
820
+ #
821
+ class AwsLambdaFunctionDetails < Struct.new(
822
+ :code,
823
+ :code_sha_256,
824
+ :dead_letter_config,
825
+ :environment,
826
+ :function_name,
827
+ :handler,
828
+ :kms_key_arn,
829
+ :last_modified,
830
+ :layers,
831
+ :master_arn,
832
+ :memory_size,
833
+ :revision_id,
834
+ :role,
835
+ :runtime,
836
+ :timeout,
837
+ :tracing_config,
838
+ :vpc_config,
839
+ :version)
840
+ include Aws::Structure
841
+ end
842
+
843
+ # A function's environment variable settings.
844
+ #
845
+ # @note When making an API call, you may pass AwsLambdaFunctionEnvironment
846
+ # data as a hash:
847
+ #
848
+ # {
849
+ # variables: {
850
+ # "NonEmptyString" => "NonEmptyString",
851
+ # },
852
+ # error: {
853
+ # error_code: "NonEmptyString",
854
+ # message: "NonEmptyString",
855
+ # },
856
+ # }
857
+ #
858
+ # @!attribute [rw] variables
859
+ # Environment variable key-value pairs.
860
+ # @return [Hash<String,String>]
861
+ #
862
+ # @!attribute [rw] error
863
+ # An `AwsLambdaFunctionEnvironmentError` object.
864
+ # @return [Types::AwsLambdaFunctionEnvironmentError]
865
+ #
866
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironment AWS API Documentation
867
+ #
868
+ class AwsLambdaFunctionEnvironment < Struct.new(
869
+ :variables,
870
+ :error)
871
+ include Aws::Structure
872
+ end
873
+
874
+ # Error messages for environment variables that couldn't be applied.
875
+ #
876
+ # @note When making an API call, you may pass AwsLambdaFunctionEnvironmentError
877
+ # data as a hash:
878
+ #
879
+ # {
880
+ # error_code: "NonEmptyString",
881
+ # message: "NonEmptyString",
121
882
  # }
122
883
  #
123
- # @!attribute [rw] type
124
- # The instance type of the instance.
884
+ # @!attribute [rw] error_code
885
+ # The error code.
125
886
  # @return [String]
126
887
  #
127
- # @!attribute [rw] image_id
128
- # The Amazon Machine Image (AMI) ID of the instance.
888
+ # @!attribute [rw] message
889
+ # The error message.
129
890
  # @return [String]
130
891
  #
131
- # @!attribute [rw] ip_v4_addresses
132
- # The IPv4 addresses associated with the instance.
133
- # @return [Array<String>]
892
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironmentError AWS API Documentation
134
893
  #
135
- # @!attribute [rw] ip_v6_addresses
136
- # The IPv6 addresses associated with the instance.
137
- # @return [Array<String>]
894
+ class AwsLambdaFunctionEnvironmentError < Struct.new(
895
+ :error_code,
896
+ :message)
897
+ include Aws::Structure
898
+ end
899
+
900
+ # An AWS Lambda layer.
138
901
  #
139
- # @!attribute [rw] key_name
140
- # The key name associated with the instance.
141
- # @return [String]
902
+ # @note When making an API call, you may pass AwsLambdaFunctionLayer
903
+ # data as a hash:
142
904
  #
143
- # @!attribute [rw] iam_instance_profile_arn
144
- # The IAM profile ARN of the instance.
145
- # @return [String]
905
+ # {
906
+ # arn: "NonEmptyString",
907
+ # code_size: 1,
908
+ # }
146
909
  #
147
- # @!attribute [rw] vpc_id
148
- # The identifier of the VPC that the instance was launched in.
910
+ # @!attribute [rw] arn
911
+ # The Amazon Resource Name (ARN) of the function layer.
149
912
  # @return [String]
150
913
  #
151
- # @!attribute [rw] subnet_id
152
- # The identifier of the subnet that the instance was launched in.
153
- # @return [String]
914
+ # @!attribute [rw] code_size
915
+ # The size of the layer archive in bytes.
916
+ # @return [Integer]
154
917
  #
155
- # @!attribute [rw] launched_at
156
- # The date/time the instance was launched.
918
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionLayer AWS API Documentation
919
+ #
920
+ class AwsLambdaFunctionLayer < Struct.new(
921
+ :arn,
922
+ :code_size)
923
+ include Aws::Structure
924
+ end
925
+
926
+ # The function's AWS X-Ray tracing configuration.
927
+ #
928
+ # @note When making an API call, you may pass AwsLambdaFunctionTracingConfig
929
+ # data as a hash:
930
+ #
931
+ # {
932
+ # mode: "NonEmptyString",
933
+ # }
934
+ #
935
+ # @!attribute [rw] mode
936
+ # The tracing mode.
157
937
  # @return [String]
158
938
  #
159
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
939
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionTracingConfig AWS API Documentation
160
940
  #
161
- class AwsEc2InstanceDetails < Struct.new(
162
- :type,
163
- :image_id,
164
- :ip_v4_addresses,
165
- :ip_v6_addresses,
166
- :key_name,
167
- :iam_instance_profile_arn,
168
- :vpc_id,
169
- :subnet_id,
170
- :launched_at)
941
+ class AwsLambdaFunctionTracingConfig < Struct.new(
942
+ :mode)
171
943
  include Aws::Structure
172
944
  end
173
945
 
174
- # IAM access key details related to a finding.
946
+ # The VPC security groups and subnets that are attached to a Lambda
947
+ # function. For more information, see VPC Settings.
175
948
  #
176
- # @note When making an API call, you may pass AwsIamAccessKeyDetails
949
+ # @note When making an API call, you may pass AwsLambdaFunctionVpcConfig
177
950
  # data as a hash:
178
951
  #
179
952
  # {
180
- # user_name: "NonEmptyString",
181
- # status: "Active", # accepts Active, Inactive
182
- # created_at: "NonEmptyString",
953
+ # security_group_ids: ["NonEmptyString"],
954
+ # subnet_ids: ["NonEmptyString"],
955
+ # vpc_id: "NonEmptyString",
183
956
  # }
184
957
  #
185
- # @!attribute [rw] user_name
186
- # The user associated with the IAM access key related to a finding.
187
- # @return [String]
958
+ # @!attribute [rw] security_group_ids
959
+ # A list of VPC security groups IDs.
960
+ # @return [Array<String>]
188
961
  #
189
- # @!attribute [rw] status
190
- # The status of the IAM access key related to a finding.
191
- # @return [String]
962
+ # @!attribute [rw] subnet_ids
963
+ # A list of VPC subnet IDs.
964
+ # @return [Array<String>]
192
965
  #
193
- # @!attribute [rw] created_at
194
- # The creation date/time of the IAM access key related to a finding.
966
+ # @!attribute [rw] vpc_id
967
+ # The ID of the VPC.
195
968
  # @return [String]
196
969
  #
197
- # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation
970
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionVpcConfig AWS API Documentation
198
971
  #
199
- class AwsIamAccessKeyDetails < Struct.new(
200
- :user_name,
201
- :status,
202
- :created_at)
972
+ class AwsLambdaFunctionVpcConfig < Struct.new(
973
+ :security_group_ids,
974
+ :subnet_ids,
975
+ :vpc_id)
203
976
  include Aws::Structure
204
977
  end
205
978
 
@@ -324,6 +1097,28 @@ module Aws::SecurityHub
324
1097
  # "NonEmptyString" => "NonEmptyString",
325
1098
  # },
326
1099
  # details: {
1100
+ # aws_cloud_front_distribution: {
1101
+ # domain_name: "NonEmptyString",
1102
+ # etag: "NonEmptyString",
1103
+ # last_modified_time: "NonEmptyString",
1104
+ # logging: {
1105
+ # bucket: "NonEmptyString",
1106
+ # enabled: false,
1107
+ # include_cookies: false,
1108
+ # prefix: "NonEmptyString",
1109
+ # },
1110
+ # origins: {
1111
+ # items: [
1112
+ # {
1113
+ # domain_name: "NonEmptyString",
1114
+ # id: "NonEmptyString",
1115
+ # origin_path: "NonEmptyString",
1116
+ # },
1117
+ # ],
1118
+ # },
1119
+ # status: "NonEmptyString",
1120
+ # web_acl_id: "NonEmptyString",
1121
+ # },
327
1122
  # aws_ec2_instance: {
328
1123
  # type: "NonEmptyString",
329
1124
  # image_id: "NonEmptyString",
@@ -335,6 +1130,26 @@ module Aws::SecurityHub
335
1130
  # subnet_id: "NonEmptyString",
336
1131
  # launched_at: "NonEmptyString",
337
1132
  # },
1133
+ # aws_elbv_2_load_balancer: {
1134
+ # availability_zones: [
1135
+ # {
1136
+ # zone_name: "NonEmptyString",
1137
+ # subnet_id: "NonEmptyString",
1138
+ # },
1139
+ # ],
1140
+ # canonical_hosted_zone_id: "NonEmptyString",
1141
+ # created_time: "NonEmptyString",
1142
+ # dns_name: "NonEmptyString",
1143
+ # ip_address_type: "NonEmptyString",
1144
+ # scheme: "NonEmptyString",
1145
+ # security_groups: ["NonEmptyString"],
1146
+ # state: {
1147
+ # code: "NonEmptyString",
1148
+ # reason: "NonEmptyString",
1149
+ # },
1150
+ # type: "NonEmptyString",
1151
+ # vpc_id: "NonEmptyString",
1152
+ # },
338
1153
  # aws_s3_bucket: {
339
1154
  # owner_id: "NonEmptyString",
340
1155
  # owner_name: "NonEmptyString",
@@ -343,6 +1158,88 @@ module Aws::SecurityHub
343
1158
  # user_name: "NonEmptyString",
344
1159
  # status: "Active", # accepts Active, Inactive
345
1160
  # created_at: "NonEmptyString",
1161
+ # principal_id: "NonEmptyString",
1162
+ # principal_type: "NonEmptyString",
1163
+ # principal_name: "NonEmptyString",
1164
+ # },
1165
+ # aws_iam_role: {
1166
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1167
+ # create_date: "NonEmptyString",
1168
+ # role_id: "NonEmptyString",
1169
+ # role_name: "NonEmptyString",
1170
+ # max_session_duration: 1,
1171
+ # path: "NonEmptyString",
1172
+ # },
1173
+ # aws_kms_key: {
1174
+ # aws_account_id: "NonEmptyString",
1175
+ # creation_date: 1.0,
1176
+ # key_id: "NonEmptyString",
1177
+ # key_manager: "NonEmptyString",
1178
+ # key_state: "NonEmptyString",
1179
+ # origin: "NonEmptyString",
1180
+ # },
1181
+ # aws_lambda_function: {
1182
+ # code: {
1183
+ # s3_bucket: "NonEmptyString",
1184
+ # s3_key: "NonEmptyString",
1185
+ # s3_object_version: "NonEmptyString",
1186
+ # zip_file: "NonEmptyString",
1187
+ # },
1188
+ # code_sha_256: "NonEmptyString",
1189
+ # dead_letter_config: {
1190
+ # target_arn: "NonEmptyString",
1191
+ # },
1192
+ # environment: {
1193
+ # variables: {
1194
+ # "NonEmptyString" => "NonEmptyString",
1195
+ # },
1196
+ # error: {
1197
+ # error_code: "NonEmptyString",
1198
+ # message: "NonEmptyString",
1199
+ # },
1200
+ # },
1201
+ # function_name: "NonEmptyString",
1202
+ # handler: "NonEmptyString",
1203
+ # kms_key_arn: "NonEmptyString",
1204
+ # last_modified: "NonEmptyString",
1205
+ # layers: [
1206
+ # {
1207
+ # arn: "NonEmptyString",
1208
+ # code_size: 1,
1209
+ # },
1210
+ # ],
1211
+ # master_arn: "NonEmptyString",
1212
+ # memory_size: 1,
1213
+ # revision_id: "NonEmptyString",
1214
+ # role: "NonEmptyString",
1215
+ # runtime: "NonEmptyString",
1216
+ # timeout: 1,
1217
+ # tracing_config: {
1218
+ # mode: "NonEmptyString",
1219
+ # },
1220
+ # vpc_config: {
1221
+ # security_group_ids: ["NonEmptyString"],
1222
+ # subnet_ids: ["NonEmptyString"],
1223
+ # vpc_id: "NonEmptyString",
1224
+ # },
1225
+ # version: "NonEmptyString",
1226
+ # },
1227
+ # aws_sns_topic: {
1228
+ # kms_master_key_id: "NonEmptyString",
1229
+ # subscription: [
1230
+ # {
1231
+ # endpoint: "NonEmptyString",
1232
+ # protocol: "NonEmptyString",
1233
+ # },
1234
+ # ],
1235
+ # topic_name: "NonEmptyString",
1236
+ # owner: "NonEmptyString",
1237
+ # },
1238
+ # aws_sqs_queue: {
1239
+ # kms_data_key_reuse_period_seconds: 1,
1240
+ # kms_master_key_id: "NonEmptyString",
1241
+ # queue_name: "NonEmptyString",
1242
+ # dead_letter_target_arn: "NonEmptyString",
346
1243
  # },
347
1244
  # container: {
348
1245
  # name: "NonEmptyString",
@@ -1590,6 +2487,120 @@ module Aws::SecurityHub
1590
2487
  include Aws::Structure
1591
2488
  end
1592
2489
 
2490
+ # A wrapper type for the topic's Amazon Resource Name (ARN).
2491
+ #
2492
+ # @note When making an API call, you may pass AwsSnsTopicDetails
2493
+ # data as a hash:
2494
+ #
2495
+ # {
2496
+ # kms_master_key_id: "NonEmptyString",
2497
+ # subscription: [
2498
+ # {
2499
+ # endpoint: "NonEmptyString",
2500
+ # protocol: "NonEmptyString",
2501
+ # },
2502
+ # ],
2503
+ # topic_name: "NonEmptyString",
2504
+ # owner: "NonEmptyString",
2505
+ # }
2506
+ #
2507
+ # @!attribute [rw] kms_master_key_id
2508
+ # The ID of an AWS-managed customer master key (CMK) for Amazon SNS or
2509
+ # a custom CMK.
2510
+ # @return [String]
2511
+ #
2512
+ # @!attribute [rw] subscription
2513
+ # Subscription is an embedded property that describes the subscription
2514
+ # endpoints of an Amazon SNS topic.
2515
+ # @return [Array<Types::AwsSnsTopicSubscription>]
2516
+ #
2517
+ # @!attribute [rw] topic_name
2518
+ # The name of the topic.
2519
+ # @return [String]
2520
+ #
2521
+ # @!attribute [rw] owner
2522
+ # The subscription's owner.
2523
+ # @return [String]
2524
+ #
2525
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicDetails AWS API Documentation
2526
+ #
2527
+ class AwsSnsTopicDetails < Struct.new(
2528
+ :kms_master_key_id,
2529
+ :subscription,
2530
+ :topic_name,
2531
+ :owner)
2532
+ include Aws::Structure
2533
+ end
2534
+
2535
+ # A wrapper type for the attributes of an Amazon SNS subscription.
2536
+ #
2537
+ # @note When making an API call, you may pass AwsSnsTopicSubscription
2538
+ # data as a hash:
2539
+ #
2540
+ # {
2541
+ # endpoint: "NonEmptyString",
2542
+ # protocol: "NonEmptyString",
2543
+ # }
2544
+ #
2545
+ # @!attribute [rw] endpoint
2546
+ # The subscription's endpoint (format depends on the protocol).
2547
+ # @return [String]
2548
+ #
2549
+ # @!attribute [rw] protocol
2550
+ # The subscription's protocol.
2551
+ # @return [String]
2552
+ #
2553
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicSubscription AWS API Documentation
2554
+ #
2555
+ class AwsSnsTopicSubscription < Struct.new(
2556
+ :endpoint,
2557
+ :protocol)
2558
+ include Aws::Structure
2559
+ end
2560
+
2561
+ # Data about a queue.
2562
+ #
2563
+ # @note When making an API call, you may pass AwsSqsQueueDetails
2564
+ # data as a hash:
2565
+ #
2566
+ # {
2567
+ # kms_data_key_reuse_period_seconds: 1,
2568
+ # kms_master_key_id: "NonEmptyString",
2569
+ # queue_name: "NonEmptyString",
2570
+ # dead_letter_target_arn: "NonEmptyString",
2571
+ # }
2572
+ #
2573
+ # @!attribute [rw] kms_data_key_reuse_period_seconds
2574
+ # The length of time, in seconds, for which Amazon SQS can reuse a
2575
+ # data key to encrypt or decrypt messages before calling AWS KMS
2576
+ # again.
2577
+ # @return [Integer]
2578
+ #
2579
+ # @!attribute [rw] kms_master_key_id
2580
+ # The ID of an AWS-managed customer master key (CMK) for Amazon SQS or
2581
+ # a custom CMK.
2582
+ # @return [String]
2583
+ #
2584
+ # @!attribute [rw] queue_name
2585
+ # The name of the new queue.
2586
+ # @return [String]
2587
+ #
2588
+ # @!attribute [rw] dead_letter_target_arn
2589
+ # The Amazon Resource Name (ARN) of the dead-letter queue to which
2590
+ # Amazon SQS moves messages after the value of maxReceiveCount is
2591
+ # exceeded.
2592
+ # @return [String]
2593
+ #
2594
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSqsQueueDetails AWS API Documentation
2595
+ #
2596
+ class AwsSqsQueueDetails < Struct.new(
2597
+ :kms_data_key_reuse_period_seconds,
2598
+ :kms_master_key_id,
2599
+ :queue_name,
2600
+ :dead_letter_target_arn)
2601
+ include Aws::Structure
2602
+ end
2603
+
1593
2604
  # @note When making an API call, you may pass BatchDisableStandardsRequest
1594
2605
  # data as a hash:
1595
2606
  #
@@ -1747,6 +2758,28 @@ module Aws::SecurityHub
1747
2758
  # "NonEmptyString" => "NonEmptyString",
1748
2759
  # },
1749
2760
  # details: {
2761
+ # aws_cloud_front_distribution: {
2762
+ # domain_name: "NonEmptyString",
2763
+ # etag: "NonEmptyString",
2764
+ # last_modified_time: "NonEmptyString",
2765
+ # logging: {
2766
+ # bucket: "NonEmptyString",
2767
+ # enabled: false,
2768
+ # include_cookies: false,
2769
+ # prefix: "NonEmptyString",
2770
+ # },
2771
+ # origins: {
2772
+ # items: [
2773
+ # {
2774
+ # domain_name: "NonEmptyString",
2775
+ # id: "NonEmptyString",
2776
+ # origin_path: "NonEmptyString",
2777
+ # },
2778
+ # ],
2779
+ # },
2780
+ # status: "NonEmptyString",
2781
+ # web_acl_id: "NonEmptyString",
2782
+ # },
1750
2783
  # aws_ec2_instance: {
1751
2784
  # type: "NonEmptyString",
1752
2785
  # image_id: "NonEmptyString",
@@ -1758,6 +2791,26 @@ module Aws::SecurityHub
1758
2791
  # subnet_id: "NonEmptyString",
1759
2792
  # launched_at: "NonEmptyString",
1760
2793
  # },
2794
+ # aws_elbv_2_load_balancer: {
2795
+ # availability_zones: [
2796
+ # {
2797
+ # zone_name: "NonEmptyString",
2798
+ # subnet_id: "NonEmptyString",
2799
+ # },
2800
+ # ],
2801
+ # canonical_hosted_zone_id: "NonEmptyString",
2802
+ # created_time: "NonEmptyString",
2803
+ # dns_name: "NonEmptyString",
2804
+ # ip_address_type: "NonEmptyString",
2805
+ # scheme: "NonEmptyString",
2806
+ # security_groups: ["NonEmptyString"],
2807
+ # state: {
2808
+ # code: "NonEmptyString",
2809
+ # reason: "NonEmptyString",
2810
+ # },
2811
+ # type: "NonEmptyString",
2812
+ # vpc_id: "NonEmptyString",
2813
+ # },
1761
2814
  # aws_s3_bucket: {
1762
2815
  # owner_id: "NonEmptyString",
1763
2816
  # owner_name: "NonEmptyString",
@@ -1766,6 +2819,88 @@ module Aws::SecurityHub
1766
2819
  # user_name: "NonEmptyString",
1767
2820
  # status: "Active", # accepts Active, Inactive
1768
2821
  # created_at: "NonEmptyString",
2822
+ # principal_id: "NonEmptyString",
2823
+ # principal_type: "NonEmptyString",
2824
+ # principal_name: "NonEmptyString",
2825
+ # },
2826
+ # aws_iam_role: {
2827
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
2828
+ # create_date: "NonEmptyString",
2829
+ # role_id: "NonEmptyString",
2830
+ # role_name: "NonEmptyString",
2831
+ # max_session_duration: 1,
2832
+ # path: "NonEmptyString",
2833
+ # },
2834
+ # aws_kms_key: {
2835
+ # aws_account_id: "NonEmptyString",
2836
+ # creation_date: 1.0,
2837
+ # key_id: "NonEmptyString",
2838
+ # key_manager: "NonEmptyString",
2839
+ # key_state: "NonEmptyString",
2840
+ # origin: "NonEmptyString",
2841
+ # },
2842
+ # aws_lambda_function: {
2843
+ # code: {
2844
+ # s3_bucket: "NonEmptyString",
2845
+ # s3_key: "NonEmptyString",
2846
+ # s3_object_version: "NonEmptyString",
2847
+ # zip_file: "NonEmptyString",
2848
+ # },
2849
+ # code_sha_256: "NonEmptyString",
2850
+ # dead_letter_config: {
2851
+ # target_arn: "NonEmptyString",
2852
+ # },
2853
+ # environment: {
2854
+ # variables: {
2855
+ # "NonEmptyString" => "NonEmptyString",
2856
+ # },
2857
+ # error: {
2858
+ # error_code: "NonEmptyString",
2859
+ # message: "NonEmptyString",
2860
+ # },
2861
+ # },
2862
+ # function_name: "NonEmptyString",
2863
+ # handler: "NonEmptyString",
2864
+ # kms_key_arn: "NonEmptyString",
2865
+ # last_modified: "NonEmptyString",
2866
+ # layers: [
2867
+ # {
2868
+ # arn: "NonEmptyString",
2869
+ # code_size: 1,
2870
+ # },
2871
+ # ],
2872
+ # master_arn: "NonEmptyString",
2873
+ # memory_size: 1,
2874
+ # revision_id: "NonEmptyString",
2875
+ # role: "NonEmptyString",
2876
+ # runtime: "NonEmptyString",
2877
+ # timeout: 1,
2878
+ # tracing_config: {
2879
+ # mode: "NonEmptyString",
2880
+ # },
2881
+ # vpc_config: {
2882
+ # security_group_ids: ["NonEmptyString"],
2883
+ # subnet_ids: ["NonEmptyString"],
2884
+ # vpc_id: "NonEmptyString",
2885
+ # },
2886
+ # version: "NonEmptyString",
2887
+ # },
2888
+ # aws_sns_topic: {
2889
+ # kms_master_key_id: "NonEmptyString",
2890
+ # subscription: [
2891
+ # {
2892
+ # endpoint: "NonEmptyString",
2893
+ # protocol: "NonEmptyString",
2894
+ # },
2895
+ # ],
2896
+ # topic_name: "NonEmptyString",
2897
+ # owner: "NonEmptyString",
2898
+ # },
2899
+ # aws_sqs_queue: {
2900
+ # kms_data_key_reuse_period_seconds: 1,
2901
+ # kms_master_key_id: "NonEmptyString",
2902
+ # queue_name: "NonEmptyString",
2903
+ # dead_letter_target_arn: "NonEmptyString",
1769
2904
  # },
1770
2905
  # container: {
1771
2906
  # name: "NonEmptyString",
@@ -1802,7 +2937,8 @@ module Aws::SecurityHub
1802
2937
  #
1803
2938
  # @!attribute [rw] findings
1804
2939
  # A list of findings to import. To successfully import a finding, it
1805
- # must follow the [AWS Security Finding Format][1].
2940
+ # must follow the [AWS Security Finding Format][1]. Maximum of 100
2941
+ # findings per request.
1806
2942
  #
1807
2943
  #
1808
2944
  #
@@ -1841,6 +2977,21 @@ module Aws::SecurityHub
1841
2977
  # against a specific rule in a supported standard (for example, CIS AWS
1842
2978
  # Foundations). Contains compliance-related finding details.
1843
2979
  #
2980
+ # Values include the following:
2981
+ #
2982
+ # * Allowed values are the following:
2983
+ #
2984
+ # * `PASSED` - Compliance check passed for all evaluated resources.
2985
+ #
2986
+ # * `WARNING` - Some information is missing or this check is not
2987
+ # supported given your configuration.
2988
+ #
2989
+ # * `FAILED` - Compliance check failed for at least one evaluated
2990
+ # resource.
2991
+ #
2992
+ # * `NOT_AVAILABLE` - Check could not be performed due to a service
2993
+ # outage or API error.
2994
+ #
1844
2995
  # @note When making an API call, you may pass Compliance
1845
2996
  # data as a hash:
1846
2997
  #
@@ -4277,6 +5428,35 @@ module Aws::SecurityHub
4277
5428
  include Aws::Structure
4278
5429
  end
4279
5430
 
5431
+ # Information about the state of the load balancer.
5432
+ #
5433
+ # @note When making an API call, you may pass LoadBalancerState
5434
+ # data as a hash:
5435
+ #
5436
+ # {
5437
+ # code: "NonEmptyString",
5438
+ # reason: "NonEmptyString",
5439
+ # }
5440
+ #
5441
+ # @!attribute [rw] code
5442
+ # The state code. The initial state of the load balancer is
5443
+ # provisioning. After the load balancer is fully set up and ready to
5444
+ # route traffic, its state is active. If the load balancer could not
5445
+ # be set up, its state is failed.
5446
+ # @return [String]
5447
+ #
5448
+ # @!attribute [rw] reason
5449
+ # A description of the state.
5450
+ # @return [String]
5451
+ #
5452
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/LoadBalancerState AWS API Documentation
5453
+ #
5454
+ class LoadBalancerState < Struct.new(
5455
+ :code,
5456
+ :reason)
5457
+ include Aws::Structure
5458
+ end
5459
+
4280
5460
  # A list of malware related to a finding.
4281
5461
  #
4282
5462
  # @note When making an API call, you may pass Malware
@@ -4761,6 +5941,28 @@ module Aws::SecurityHub
4761
5941
  # "NonEmptyString" => "NonEmptyString",
4762
5942
  # },
4763
5943
  # details: {
5944
+ # aws_cloud_front_distribution: {
5945
+ # domain_name: "NonEmptyString",
5946
+ # etag: "NonEmptyString",
5947
+ # last_modified_time: "NonEmptyString",
5948
+ # logging: {
5949
+ # bucket: "NonEmptyString",
5950
+ # enabled: false,
5951
+ # include_cookies: false,
5952
+ # prefix: "NonEmptyString",
5953
+ # },
5954
+ # origins: {
5955
+ # items: [
5956
+ # {
5957
+ # domain_name: "NonEmptyString",
5958
+ # id: "NonEmptyString",
5959
+ # origin_path: "NonEmptyString",
5960
+ # },
5961
+ # ],
5962
+ # },
5963
+ # status: "NonEmptyString",
5964
+ # web_acl_id: "NonEmptyString",
5965
+ # },
4764
5966
  # aws_ec2_instance: {
4765
5967
  # type: "NonEmptyString",
4766
5968
  # image_id: "NonEmptyString",
@@ -4772,6 +5974,26 @@ module Aws::SecurityHub
4772
5974
  # subnet_id: "NonEmptyString",
4773
5975
  # launched_at: "NonEmptyString",
4774
5976
  # },
5977
+ # aws_elbv_2_load_balancer: {
5978
+ # availability_zones: [
5979
+ # {
5980
+ # zone_name: "NonEmptyString",
5981
+ # subnet_id: "NonEmptyString",
5982
+ # },
5983
+ # ],
5984
+ # canonical_hosted_zone_id: "NonEmptyString",
5985
+ # created_time: "NonEmptyString",
5986
+ # dns_name: "NonEmptyString",
5987
+ # ip_address_type: "NonEmptyString",
5988
+ # scheme: "NonEmptyString",
5989
+ # security_groups: ["NonEmptyString"],
5990
+ # state: {
5991
+ # code: "NonEmptyString",
5992
+ # reason: "NonEmptyString",
5993
+ # },
5994
+ # type: "NonEmptyString",
5995
+ # vpc_id: "NonEmptyString",
5996
+ # },
4775
5997
  # aws_s3_bucket: {
4776
5998
  # owner_id: "NonEmptyString",
4777
5999
  # owner_name: "NonEmptyString",
@@ -4780,6 +6002,88 @@ module Aws::SecurityHub
4780
6002
  # user_name: "NonEmptyString",
4781
6003
  # status: "Active", # accepts Active, Inactive
4782
6004
  # created_at: "NonEmptyString",
6005
+ # principal_id: "NonEmptyString",
6006
+ # principal_type: "NonEmptyString",
6007
+ # principal_name: "NonEmptyString",
6008
+ # },
6009
+ # aws_iam_role: {
6010
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
6011
+ # create_date: "NonEmptyString",
6012
+ # role_id: "NonEmptyString",
6013
+ # role_name: "NonEmptyString",
6014
+ # max_session_duration: 1,
6015
+ # path: "NonEmptyString",
6016
+ # },
6017
+ # aws_kms_key: {
6018
+ # aws_account_id: "NonEmptyString",
6019
+ # creation_date: 1.0,
6020
+ # key_id: "NonEmptyString",
6021
+ # key_manager: "NonEmptyString",
6022
+ # key_state: "NonEmptyString",
6023
+ # origin: "NonEmptyString",
6024
+ # },
6025
+ # aws_lambda_function: {
6026
+ # code: {
6027
+ # s3_bucket: "NonEmptyString",
6028
+ # s3_key: "NonEmptyString",
6029
+ # s3_object_version: "NonEmptyString",
6030
+ # zip_file: "NonEmptyString",
6031
+ # },
6032
+ # code_sha_256: "NonEmptyString",
6033
+ # dead_letter_config: {
6034
+ # target_arn: "NonEmptyString",
6035
+ # },
6036
+ # environment: {
6037
+ # variables: {
6038
+ # "NonEmptyString" => "NonEmptyString",
6039
+ # },
6040
+ # error: {
6041
+ # error_code: "NonEmptyString",
6042
+ # message: "NonEmptyString",
6043
+ # },
6044
+ # },
6045
+ # function_name: "NonEmptyString",
6046
+ # handler: "NonEmptyString",
6047
+ # kms_key_arn: "NonEmptyString",
6048
+ # last_modified: "NonEmptyString",
6049
+ # layers: [
6050
+ # {
6051
+ # arn: "NonEmptyString",
6052
+ # code_size: 1,
6053
+ # },
6054
+ # ],
6055
+ # master_arn: "NonEmptyString",
6056
+ # memory_size: 1,
6057
+ # revision_id: "NonEmptyString",
6058
+ # role: "NonEmptyString",
6059
+ # runtime: "NonEmptyString",
6060
+ # timeout: 1,
6061
+ # tracing_config: {
6062
+ # mode: "NonEmptyString",
6063
+ # },
6064
+ # vpc_config: {
6065
+ # security_group_ids: ["NonEmptyString"],
6066
+ # subnet_ids: ["NonEmptyString"],
6067
+ # vpc_id: "NonEmptyString",
6068
+ # },
6069
+ # version: "NonEmptyString",
6070
+ # },
6071
+ # aws_sns_topic: {
6072
+ # kms_master_key_id: "NonEmptyString",
6073
+ # subscription: [
6074
+ # {
6075
+ # endpoint: "NonEmptyString",
6076
+ # protocol: "NonEmptyString",
6077
+ # },
6078
+ # ],
6079
+ # topic_name: "NonEmptyString",
6080
+ # owner: "NonEmptyString",
6081
+ # },
6082
+ # aws_sqs_queue: {
6083
+ # kms_data_key_reuse_period_seconds: 1,
6084
+ # kms_master_key_id: "NonEmptyString",
6085
+ # queue_name: "NonEmptyString",
6086
+ # dead_letter_target_arn: "NonEmptyString",
4783
6087
  # },
4784
6088
  # container: {
4785
6089
  # name: "NonEmptyString",
@@ -4854,6 +6158,28 @@ module Aws::SecurityHub
4854
6158
  # data as a hash:
4855
6159
  #
4856
6160
  # {
6161
+ # aws_cloud_front_distribution: {
6162
+ # domain_name: "NonEmptyString",
6163
+ # etag: "NonEmptyString",
6164
+ # last_modified_time: "NonEmptyString",
6165
+ # logging: {
6166
+ # bucket: "NonEmptyString",
6167
+ # enabled: false,
6168
+ # include_cookies: false,
6169
+ # prefix: "NonEmptyString",
6170
+ # },
6171
+ # origins: {
6172
+ # items: [
6173
+ # {
6174
+ # domain_name: "NonEmptyString",
6175
+ # id: "NonEmptyString",
6176
+ # origin_path: "NonEmptyString",
6177
+ # },
6178
+ # ],
6179
+ # },
6180
+ # status: "NonEmptyString",
6181
+ # web_acl_id: "NonEmptyString",
6182
+ # },
4857
6183
  # aws_ec2_instance: {
4858
6184
  # type: "NonEmptyString",
4859
6185
  # image_id: "NonEmptyString",
@@ -4865,6 +6191,26 @@ module Aws::SecurityHub
4865
6191
  # subnet_id: "NonEmptyString",
4866
6192
  # launched_at: "NonEmptyString",
4867
6193
  # },
6194
+ # aws_elbv_2_load_balancer: {
6195
+ # availability_zones: [
6196
+ # {
6197
+ # zone_name: "NonEmptyString",
6198
+ # subnet_id: "NonEmptyString",
6199
+ # },
6200
+ # ],
6201
+ # canonical_hosted_zone_id: "NonEmptyString",
6202
+ # created_time: "NonEmptyString",
6203
+ # dns_name: "NonEmptyString",
6204
+ # ip_address_type: "NonEmptyString",
6205
+ # scheme: "NonEmptyString",
6206
+ # security_groups: ["NonEmptyString"],
6207
+ # state: {
6208
+ # code: "NonEmptyString",
6209
+ # reason: "NonEmptyString",
6210
+ # },
6211
+ # type: "NonEmptyString",
6212
+ # vpc_id: "NonEmptyString",
6213
+ # },
4868
6214
  # aws_s3_bucket: {
4869
6215
  # owner_id: "NonEmptyString",
4870
6216
  # owner_name: "NonEmptyString",
@@ -4873,6 +6219,88 @@ module Aws::SecurityHub
4873
6219
  # user_name: "NonEmptyString",
4874
6220
  # status: "Active", # accepts Active, Inactive
4875
6221
  # created_at: "NonEmptyString",
6222
+ # principal_id: "NonEmptyString",
6223
+ # principal_type: "NonEmptyString",
6224
+ # principal_name: "NonEmptyString",
6225
+ # },
6226
+ # aws_iam_role: {
6227
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
6228
+ # create_date: "NonEmptyString",
6229
+ # role_id: "NonEmptyString",
6230
+ # role_name: "NonEmptyString",
6231
+ # max_session_duration: 1,
6232
+ # path: "NonEmptyString",
6233
+ # },
6234
+ # aws_kms_key: {
6235
+ # aws_account_id: "NonEmptyString",
6236
+ # creation_date: 1.0,
6237
+ # key_id: "NonEmptyString",
6238
+ # key_manager: "NonEmptyString",
6239
+ # key_state: "NonEmptyString",
6240
+ # origin: "NonEmptyString",
6241
+ # },
6242
+ # aws_lambda_function: {
6243
+ # code: {
6244
+ # s3_bucket: "NonEmptyString",
6245
+ # s3_key: "NonEmptyString",
6246
+ # s3_object_version: "NonEmptyString",
6247
+ # zip_file: "NonEmptyString",
6248
+ # },
6249
+ # code_sha_256: "NonEmptyString",
6250
+ # dead_letter_config: {
6251
+ # target_arn: "NonEmptyString",
6252
+ # },
6253
+ # environment: {
6254
+ # variables: {
6255
+ # "NonEmptyString" => "NonEmptyString",
6256
+ # },
6257
+ # error: {
6258
+ # error_code: "NonEmptyString",
6259
+ # message: "NonEmptyString",
6260
+ # },
6261
+ # },
6262
+ # function_name: "NonEmptyString",
6263
+ # handler: "NonEmptyString",
6264
+ # kms_key_arn: "NonEmptyString",
6265
+ # last_modified: "NonEmptyString",
6266
+ # layers: [
6267
+ # {
6268
+ # arn: "NonEmptyString",
6269
+ # code_size: 1,
6270
+ # },
6271
+ # ],
6272
+ # master_arn: "NonEmptyString",
6273
+ # memory_size: 1,
6274
+ # revision_id: "NonEmptyString",
6275
+ # role: "NonEmptyString",
6276
+ # runtime: "NonEmptyString",
6277
+ # timeout: 1,
6278
+ # tracing_config: {
6279
+ # mode: "NonEmptyString",
6280
+ # },
6281
+ # vpc_config: {
6282
+ # security_group_ids: ["NonEmptyString"],
6283
+ # subnet_ids: ["NonEmptyString"],
6284
+ # vpc_id: "NonEmptyString",
6285
+ # },
6286
+ # version: "NonEmptyString",
6287
+ # },
6288
+ # aws_sns_topic: {
6289
+ # kms_master_key_id: "NonEmptyString",
6290
+ # subscription: [
6291
+ # {
6292
+ # endpoint: "NonEmptyString",
6293
+ # protocol: "NonEmptyString",
6294
+ # },
6295
+ # ],
6296
+ # topic_name: "NonEmptyString",
6297
+ # owner: "NonEmptyString",
6298
+ # },
6299
+ # aws_sqs_queue: {
6300
+ # kms_data_key_reuse_period_seconds: 1,
6301
+ # kms_master_key_id: "NonEmptyString",
6302
+ # queue_name: "NonEmptyString",
6303
+ # dead_letter_target_arn: "NonEmptyString",
4876
6304
  # },
4877
6305
  # container: {
4878
6306
  # name: "NonEmptyString",
@@ -4885,10 +6313,18 @@ module Aws::SecurityHub
4885
6313
  # },
4886
6314
  # }
4887
6315
  #
6316
+ # @!attribute [rw] aws_cloud_front_distribution
6317
+ # Details about a CloudFront distribution.
6318
+ # @return [Types::AwsCloudFrontDistributionDetails]
6319
+ #
4888
6320
  # @!attribute [rw] aws_ec2_instance
4889
6321
  # Details about an Amazon EC2 instance related to a finding.
4890
6322
  # @return [Types::AwsEc2InstanceDetails]
4891
6323
  #
6324
+ # @!attribute [rw] aws_elbv_2_load_balancer
6325
+ # Details about a load balancer.
6326
+ # @return [Types::AwsElbv2LoadBalancerDetails]
6327
+ #
4892
6328
  # @!attribute [rw] aws_s3_bucket
4893
6329
  # Details about an Amazon S3 Bucket related to a finding.
4894
6330
  # @return [Types::AwsS3BucketDetails]
@@ -4897,6 +6333,26 @@ module Aws::SecurityHub
4897
6333
  # Details about an IAM access key related to a finding.
4898
6334
  # @return [Types::AwsIamAccessKeyDetails]
4899
6335
  #
6336
+ # @!attribute [rw] aws_iam_role
6337
+ # Details about an IAM role.
6338
+ # @return [Types::AwsIamRoleDetails]
6339
+ #
6340
+ # @!attribute [rw] aws_kms_key
6341
+ # Details about a KMS key.
6342
+ # @return [Types::AwsKmsKeyDetails]
6343
+ #
6344
+ # @!attribute [rw] aws_lambda_function
6345
+ # Details about a Lambda function.
6346
+ # @return [Types::AwsLambdaFunctionDetails]
6347
+ #
6348
+ # @!attribute [rw] aws_sns_topic
6349
+ # Details about an SNS topic.
6350
+ # @return [Types::AwsSnsTopicDetails]
6351
+ #
6352
+ # @!attribute [rw] aws_sqs_queue
6353
+ # Details about an SQS queue.
6354
+ # @return [Types::AwsSqsQueueDetails]
6355
+ #
4900
6356
  # @!attribute [rw] container
4901
6357
  # Details about a container resource related to a finding.
4902
6358
  # @return [Types::ContainerDetails]
@@ -4908,9 +6364,16 @@ module Aws::SecurityHub
4908
6364
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
4909
6365
  #
4910
6366
  class ResourceDetails < Struct.new(
6367
+ :aws_cloud_front_distribution,
4911
6368
  :aws_ec2_instance,
6369
+ :aws_elbv_2_load_balancer,
4912
6370
  :aws_s3_bucket,
4913
6371
  :aws_iam_access_key,
6372
+ :aws_iam_role,
6373
+ :aws_kms_key,
6374
+ :aws_lambda_function,
6375
+ :aws_sns_topic,
6376
+ :aws_sqs_queue,
4914
6377
  :container,
4915
6378
  :other)
4916
6379
  include Aws::Structure