aws-sdk-securityhub 1.154.0 → 1.155.0

data/lib/aws-sdk-securityhub/client_api.rb

@@ -830,6 +830,7 @@ module Aws::SecurityHub
     DateFilter = Shapes::StructureShape.new(name: 'DateFilter')
     DateFilterList = Shapes::ListShape.new(name: 'DateFilterList')
     DateRange = Shapes::StructureShape.new(name: 'DateRange')
+    DateRangeComparison = Shapes::StringShape.new(name: 'DateRangeComparison')
     DateRangeUnit = Shapes::StringShape.new(name: 'DateRangeUnit')
     DeclineInvitationsRequest = Shapes::StructureShape.new(name: 'DeclineInvitationsRequest')
     DeclineInvitationsResponse = Shapes::StructureShape.new(name: 'DeclineInvitationsResponse')
@@ -926,6 +927,8 @@ module Aws::SecurityHub
     FirewallPolicyStatelessCustomActionsList = Shapes::ListShape.new(name: 'FirewallPolicyStatelessCustomActionsList')
     FirewallPolicyStatelessRuleGroupReferencesDetails = Shapes::StructureShape.new(name: 'FirewallPolicyStatelessRuleGroupReferencesDetails')
     FirewallPolicyStatelessRuleGroupReferencesList = Shapes::ListShape.new(name: 'FirewallPolicyStatelessRuleGroupReferencesList')
+    GenerateRecommendedPolicyV2Request = Shapes::StructureShape.new(name: 'GenerateRecommendedPolicyV2Request')
+    GenerateRecommendedPolicyV2Response = Shapes::StructureShape.new(name: 'GenerateRecommendedPolicyV2Response')
     GeneratorDetails = Shapes::StructureShape.new(name: 'GeneratorDetails')
     GeoLocation = Shapes::StructureShape.new(name: 'GeoLocation')
     GetAdministratorAccountRequest = Shapes::StructureShape.new(name: 'GetAdministratorAccountRequest')
@@ -964,6 +967,8 @@ module Aws::SecurityHub
     GetMasterAccountResponse = Shapes::StructureShape.new(name: 'GetMasterAccountResponse')
     GetMembersRequest = Shapes::StructureShape.new(name: 'GetMembersRequest')
     GetMembersResponse = Shapes::StructureShape.new(name: 'GetMembersResponse')
+    GetRecommendedPolicyV2Request = Shapes::StructureShape.new(name: 'GetRecommendedPolicyV2Request')
+    GetRecommendedPolicyV2Response = Shapes::StructureShape.new(name: 'GetRecommendedPolicyV2Response')
     GetResourcesStatisticsV2Request = Shapes::StructureShape.new(name: 'GetResourcesStatisticsV2Request')
     GetResourcesStatisticsV2Response = Shapes::StructureShape.new(name: 'GetResourcesStatisticsV2Response')
     GetResourcesTrendsV2Request = Shapes::StructureShape.new(name: 'GetResourcesTrendsV2Request')
@@ -1141,6 +1146,11 @@ module Aws::SecurityHub
     Ranges = Shapes::ListShape.new(name: 'Ranges')
     RatioScale = Shapes::IntegerShape.new(name: 'RatioScale')
     Recommendation = Shapes::StructureShape.new(name: 'Recommendation')
+    RecommendationError = Shapes::StructureShape.new(name: 'RecommendationError')
+    RecommendationStatus = Shapes::StringShape.new(name: 'RecommendationStatus')
+    RecommendationStep = Shapes::UnionShape.new(name: 'RecommendationStep')
+    RecommendationSteps = Shapes::ListShape.new(name: 'RecommendationSteps')
+    RecommendationType = Shapes::StringShape.new(name: 'RecommendationType')
     Record = Shapes::StructureShape.new(name: 'Record')
     RecordState = Shapes::StringShape.new(name: 'RecordState')
     Records = Shapes::ListShape.new(name: 'Records')
@@ -1344,6 +1354,7 @@ module Aws::SecurityHub
     UnprocessedStandardsControlAssociations = Shapes::ListShape.new(name: 'UnprocessedStandardsControlAssociations')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
+    UnusedPermissionsRecommendationStep = Shapes::StructureShape.new(name: 'UnusedPermissionsRecommendationStep')
     UpdateActionTargetRequest = Shapes::StructureShape.new(name: 'UpdateActionTargetRequest')
     UpdateActionTargetResponse = Shapes::StructureShape.new(name: 'UpdateActionTargetResponse')
     UpdateAggregatorV2Request = Shapes::StructureShape.new(name: 'UpdateAggregatorV2Request')
@@ -5779,6 +5790,7 @@ module Aws::SecurityHub
 
     DateRange.add_member(:value, Shapes::ShapeRef.new(shape: Integer, location_name: "Value"))
     DateRange.add_member(:unit, Shapes::ShapeRef.new(shape: DateRangeUnit, location_name: "Unit"))
+    DateRange.add_member(:comparison, Shapes::ShapeRef.new(shape: DateRangeComparison, location_name: "Comparison"))
     DateRange.struct_class = Types::DateRange
 
     DeclineInvitationsRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, required: true, location_name: "AccountIds"))
@@ -6084,6 +6096,11 @@ module Aws::SecurityHub
 
     FirewallPolicyStatelessRuleGroupReferencesList.member = Shapes::ShapeRef.new(shape: FirewallPolicyStatelessRuleGroupReferencesDetails)
 
+    GenerateRecommendedPolicyV2Request.add_member(:metadata_uid, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location: "uri", location_name: "MetadataUid"))
+    GenerateRecommendedPolicyV2Request.struct_class = Types::GenerateRecommendedPolicyV2Request
+
+    GenerateRecommendedPolicyV2Response.struct_class = Types::GenerateRecommendedPolicyV2Response
+
     GeneratorDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
     GeneratorDetails.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
     GeneratorDetails.add_member(:labels, Shapes::ShapeRef.new(shape: TypeList, location_name: "Labels"))
@@ -6263,6 +6280,19 @@ module Aws::SecurityHub
     GetMembersResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: ResultList, location_name: "UnprocessedAccounts"))
     GetMembersResponse.struct_class = Types::GetMembersResponse
 
+    GetRecommendedPolicyV2Request.add_member(:metadata_uid, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location: "uri", location_name: "MetadataUid"))
+    GetRecommendedPolicyV2Request.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "NextToken"))
+    GetRecommendedPolicyV2Request.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "MaxResults"))
+    GetRecommendedPolicyV2Request.struct_class = Types::GetRecommendedPolicyV2Request
+
+    GetRecommendedPolicyV2Response.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
+    GetRecommendedPolicyV2Response.add_member(:recommendation_type, Shapes::ShapeRef.new(shape: RecommendationType, location_name: "RecommendationType"))
+    GetRecommendedPolicyV2Response.add_member(:recommendation_steps, Shapes::ShapeRef.new(shape: RecommendationSteps, location_name: "RecommendationSteps"))
+    GetRecommendedPolicyV2Response.add_member(:error, Shapes::ShapeRef.new(shape: RecommendationError, location_name: "Error"))
+    GetRecommendedPolicyV2Response.add_member(:status, Shapes::ShapeRef.new(shape: RecommendationStatus, location_name: "Status"))
+    GetRecommendedPolicyV2Response.add_member(:resource_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ResourceArn"))
+    GetRecommendedPolicyV2Response.struct_class = Types::GetRecommendedPolicyV2Response
+
     GetResourcesStatisticsV2Request.add_member(:group_by_rules, Shapes::ShapeRef.new(shape: ResourceGroupByRules, required: true, location_name: "GroupByRules"))
     GetResourcesStatisticsV2Request.add_member(:scopes, Shapes::ShapeRef.new(shape: ResourceScopes, location_name: "Scopes"))
     GetResourcesStatisticsV2Request.add_member(:sort_order, Shapes::ShapeRef.new(shape: SortOrder, location_name: "SortOrder"))
@@ -6911,6 +6941,18 @@ module Aws::SecurityHub
     Recommendation.add_member(:url, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Url"))
     Recommendation.struct_class = Types::Recommendation
 
+    RecommendationError.add_member(:code, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Code"))
+    RecommendationError.add_member(:message, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Message"))
+    RecommendationError.struct_class = Types::RecommendationError
+
+    RecommendationStep.add_member(:unused_permissions, Shapes::ShapeRef.new(shape: UnusedPermissionsRecommendationStep, location_name: "UnusedPermissions"))
+    RecommendationStep.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    RecommendationStep.add_member_subclass(:unused_permissions, Types::RecommendationStep::UnusedPermissions)
+    RecommendationStep.add_member_subclass(:unknown, Types::RecommendationStep::Unknown)
+    RecommendationStep.struct_class = Types::RecommendationStep
+
+    RecommendationSteps.member = Shapes::ShapeRef.new(shape: RecommendationStep)
+
     Record.add_member(:json_path, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "JsonPath"))
     Record.add_member(:record_index, Shapes::ShapeRef.new(shape: Long, location_name: "RecordIndex"))
     Record.struct_class = Types::Record
@@ -7704,6 +7746,13 @@ module Aws::SecurityHub
 
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
 
+    UnusedPermissionsRecommendationStep.add_member(:recommended_action, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "RecommendedAction"))
+    UnusedPermissionsRecommendationStep.add_member(:existing_policy, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ExistingPolicy"))
+    UnusedPermissionsRecommendationStep.add_member(:existing_policy_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ExistingPolicyId"))
+    UnusedPermissionsRecommendationStep.add_member(:policy_updated_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "PolicyUpdatedAt"))
+    UnusedPermissionsRecommendationStep.add_member(:recommended_policy, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "RecommendedPolicy"))
+    UnusedPermissionsRecommendationStep.struct_class = Types::UnusedPermissionsRecommendationStep
+
     UpdateActionTargetRequest.add_member(:action_target_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location: "uri", location_name: "ActionTargetArn"))
     UpdateActionTargetRequest.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
     UpdateActionTargetRequest.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
@@ -8639,6 +8688,20 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
       end)
 
+      api.add_operation(:generate_recommended_policy_v2, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GenerateRecommendedPolicyV2"
+        o.http_method = "POST"
+        o.http_request_uri = "/recommendedPolicyV2/{MetadataUid}"
+        o.input = Shapes::ShapeRef.new(shape: GenerateRecommendedPolicyV2Request)
+        o.output = Shapes::ShapeRef.new(shape: GenerateRecommendedPolicyV2Response)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+      end)
+
       api.add_operation(:get_administrator_account, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetAdministratorAccount"
         o.http_method = "GET"
@@ -8915,6 +8978,26 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:get_recommended_policy_v2, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetRecommendedPolicyV2"
+        o.http_method = "GET"
+        o.http_request_uri = "/recommendedPolicyV2/{MetadataUid}"
+        o.input = Shapes::ShapeRef.new(shape: GetRecommendedPolicyV2Request)
+        o.output = Shapes::ShapeRef.new(shape: GetRecommendedPolicyV2Response)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:get_resources_statistics_v2, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetResourcesStatisticsV2"
         o.http_method = "POST"

data/lib/aws-sdk-securityhub/types.rb

@@ -23755,11 +23755,20 @@ module Aws::SecurityHub
     #   A date range unit for the date filter.
     #   @return [String]
     #
+    # @!attribute [rw] comparison
+    #   The condition to apply to a date range filter. If you specify
+    #   `WITHIN`, Security Hub filters for dates within the specified date
+    #   range. If you specify `OLDER_THAN`, Security Hub filters for dates
+    #   before the specified date range. If you don't specify a value, the
+    #   default is `WITHIN`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DateRange AWS API Documentation
     #
     class DateRange < Struct.new(
       :value,
-      :unit)
+      :unit,
+      :comparison)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -25230,6 +25239,23 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @!attribute [rw] metadata_uid
+    #   The unique identifier (ID) of Security Hub OCSF findings found under
+    #   the `metadata.uid` field of the finding.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GenerateRecommendedPolicyV2Request AWS API Documentation
+    #
+    class GenerateRecommendedPolicyV2Request < Struct.new(
+      :metadata_uid)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GenerateRecommendedPolicyV2Response AWS API Documentation
+    #
+    class GenerateRecommendedPolicyV2Response < Aws::EmptyStructure; end
+
     # Provides metadata for the Amazon CodeGuru detector associated with a
     # finding. This field pertains to findings that relate to Lambda
     # functions. Amazon Inspector identifies policy violations and
@@ -26170,6 +26196,70 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @!attribute [rw] metadata_uid
+    #   The unique identifier (ID) of Security Hub OCSF findings found under
+    #   the `metadata.uid` field of the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   The token used to paginate the `RecommendationSteps` list returned.
+    #   On your first call to `GetRecommendedPolicyV2`, omit this parameter
+    #   or set it to `NULL`. For subsequent calls, use the `NextToken` value
+    #   returned in the previous response to retrieve the next page of
+    #   results.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of recommendation steps to return.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetRecommendedPolicyV2Request AWS API Documentation
+    #
+    class GetRecommendedPolicyV2Request < Struct.new(
+      :metadata_uid,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   The pagination token to use to request the next page of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] recommendation_type
+    #   The type of recommendation for the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] recommendation_steps
+    #   The recommended steps to take to resolve the finding.
+    #   @return [Array<Types::RecommendationStep>]
+    #
+    # @!attribute [rw] error
+    #   Detailed information for a `FAILED` retrieval status.
+    #   @return [Types::RecommendationError]
+    #
+    # @!attribute [rw] status
+    #   The current status of the recommended policy retrieval.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource of the finding.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetRecommendedPolicyV2Response AWS API Documentation
+    #
+    class GetRecommendedPolicyV2Response < Struct.new(
+      :next_token,
+      :recommendation_type,
+      :recommendation_steps,
+      :error,
+      :status,
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] group_by_rules
     #   How resource statistics should be aggregated and organized in the
     #   response.
@@ -29309,6 +29399,50 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Contains information about the reason that the retrieval of a
+    # recommended policy for a finding failed.
+    #
+    # @!attribute [rw] code
+    #   The error code for a failed retrieval of a recommended policy for a
+    #   finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   The error message for a failed retrieval of a recommended policy for
+    #   a finding.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RecommendationError AWS API Documentation
+    #
+    class RecommendationError < Struct.new(
+      :code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about a recommended step to remediate a Security
+    # Hub finding.
+    #
+    # @note RecommendationStep is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RecommendationStep corresponding to the set member.
+    #
+    # @!attribute [rw] unused_permissions
+    #   A recommended step to remediate an unused permissions finding.
+    #   @return [Types::UnusedPermissionsRecommendationStep]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RecommendationStep AWS API Documentation
+    #
+    class RecommendationStep < Struct.new(
+      :unused_permissions,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class UnusedPermissions < RecommendationStep; end
+      class Unknown < RecommendationStep; end
+    end
+
     # An occurrence of sensitive data in an Apache Avro object container or
     # an Apache Parquet file.
     #
@@ -32740,9 +32874,10 @@ module Aws::SecurityHub
     #
     #   * `ResourceType NOT_EQUALS AwsEc2NetworkInterface`
     #
-    #   `CONTAINS` and `NOT_CONTAINS` operators can be used only with
-    #   automation rules V1. `CONTAINS_WORD` operator is only supported in
-    #   `GetFindingsV2`, `GetFindingStatisticsV2`, `GetResourcesV2`, and
+    #   The `CONTAINS` operator works with automation rules V1 and V2. The
+    #   `NOT_CONTAINS` operator works only with automation rules V1. The
+    #   `CONTAINS_WORD` operator works only in the `GetFindingsV2`,
+    #   `GetFindingStatisticsV2`, `GetResourcesV2`, and
     #   `GetResourcesStatisticsV2` APIs. For more information, see
     #   [Automation rules][1] in the *Security Hub CSPM User Guide*.
     #
@@ -33186,6 +33321,46 @@ module Aws::SecurityHub
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # Contains information about the action to take for a policy in an
+    # unused permissions finding.
+    #
+    # @!attribute [rw] recommended_action
+    #   A recommendation of whether to create or detach a policy for an
+    #   unused permissions finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] existing_policy
+    #   The contents of the existing policy identified by `ExistingPolicyId`
+    #   which needs to be replaced, when the `RecommendedAction` is
+    #   `CREATE_POLICY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] existing_policy_id
+    #   The ID of an existing policy to be replaced or detached.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_updated_at
+    #   The time at which the existing policy for the unused permissions
+    #   finding was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] recommended_policy
+    #   The contents of the least-privileged recommended replacement for
+    #   `ExistingPolicyId`, when the `RecommendedAction` is `CREATE_POLICY`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnusedPermissionsRecommendationStep AWS API Documentation
+    #
+    class UnusedPermissionsRecommendationStep < Struct.new(
+      :recommended_action,
+      :existing_policy,
+      :existing_policy_id,
+      :policy_updated_at,
+      :recommended_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] action_target_arn
     #   The ARN of the custom action target to update.
     #   @return [String]

data/lib/aws-sdk-securityhub.rb

@@ -54,7 +54,7 @@ module Aws::SecurityHub
   autoload :EndpointProvider, 'aws-sdk-securityhub/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-securityhub/endpoints'
 
-  GEM_VERSION = '1.154.0'
+  GEM_VERSION = '1.155.0'
 
 end