aws-sdk-securityhub 1.23.0 → 1.28.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 30f9432948141e40b7ffa3b8ec2e46961dbd576fc0be05339d9366cd89d55db0
-  data.tar.gz: 77269af12aa9be0bb09e45692521b3d03742f48957d53cb47d9ee39d80d8dd84
+  metadata.gz: a603aa340ceda544e27258ac758211dbfe9146a6339c72d415db0ada8d5f149a
+  data.tar.gz: 75825c633442da73a736cfdbf2b11365ea90287ce999bf955a29647af81f7be5
 SHA512:
-  metadata.gz: 3181280a3670c8984b53bece68f13d99aba9a7efe90ea00b9c18f8050c8e0bcf912672996f3cfedddb24c7078785171fc65c7d4ec1085e35d86d0b111fbe24c8
-  data.tar.gz: ee57bbffe585c0bc84ea4c8bdbc843cf09af6e68dadbe0ae0b0e383e5a032fac8d86dc6943083807684bd62f086fbaf8479f35c84bab8f089d48f255f2ea8648
+  metadata.gz: 12a8b31aef1c80b793eafa8723e58a0c8e16f81db4a72af3a23b71b0d03cfb3caabc98c849134f438f32212e79c114de52e6ffa686fe288563d6330da6c2660c
+  data.tar.gz: ef2d6cb6971fc42f33d0938a67d5ab759e1ffe95a13b729871881c5992b3fcfb0c257eba0ab2b9004efff65f2c77b11200fa11cedd4c310883290e567f7d9a99

data/lib/aws-sdk-securityhub.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -45,6 +47,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @service
 module Aws::SecurityHub
 
-  GEM_VERSION = '1.23.0'
+  GEM_VERSION = '1.28.0'
 
 end

data/lib/aws-sdk-securityhub/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -24,6 +26,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
@@ -69,6 +72,7 @@ module Aws::SecurityHub
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::RestJson)
 
@@ -105,7 +109,7 @@ module Aws::SecurityHub
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
     #     used to determine the service `:endpoint`. When not passed,
-    #     a default `:region` is search for in the following locations:
+    #     a default `:region` is searched for in the following locations:
     #
     #     * `Aws.config[:region]`
     #     * `ENV['AWS_REGION']`
@@ -161,7 +165,7 @@ module Aws::SecurityHub
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be avalid HTTP(S) URI.
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -176,7 +180,7 @@ module Aws::SecurityHub
     #     requests fetching endpoints information. Defaults to 60 sec.
     #
     #   @option options [Boolean] :endpoint_discovery (false)
-    #     When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
+    #     When set to `true`, endpoint discovery will be enabled for operations when available.
     #
     #   @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
     #     The log formatter.
@@ -493,6 +497,7 @@ module Aws::SecurityHub
     #           product: 1.0,
     #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #           normalized: 1,
+    #           original: "NonEmptyString",
     #         },
     #         confidence: 1,
     #         criticality: 1,
@@ -943,6 +948,12 @@ module Aws::SecurityHub
     #         compliance: {
     #           status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #           related_requirements: ["NonEmptyString"],
+    #           status_reasons: [
+    #             {
+    #               reason_code: "NonEmptyString", # required
+    #               description: "NonEmptyString",
+    #             },
+    #           ],
     #         },
     #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #         workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
@@ -1800,7 +1811,7 @@ module Aws::SecurityHub
     # Security Hub.
     #
     # If the account owner accepts the invitation, the account becomes a
-    # member account in Security Hub, and a permission policy is added that
+    # member account in Security Hub. A permissions policy is added that
     # permits the master account to view the findings generated in the
     # member account. When Security Hub is enabled in the invited account,
     # findings start to be sent to both the member and master accounts.
@@ -2335,8 +2346,8 @@ module Aws::SecurityHub
     # Enables the integration of a partner product with Security Hub.
     # Integrated products send findings to Security Hub.
     #
-    # When you enable a product integration, a permission policy that grants
-    # permission for the product to send findings to Security Hub is
+    # When you enable a product integration, a permissions policy that
+    # grants permission for the product to send findings to Security Hub is
     # applied.
     #
     # @option params [required, String] :product_arn
@@ -2373,9 +2384,16 @@ module Aws::SecurityHub
     # integrated with Security Hub.
     #
     # When you use the `EnableSecurityHub` operation to enable Security Hub,
-    # you also automatically enable the CIS AWS Foundations standard. You do
-    # not enable the Payment Card Industry Data Security Standard (PCI DSS)
-    # standard. To not enable the CIS AWS Foundations standard, set
+    # you also automatically enable the following standards.
+    #
+    # * CIS AWS Foundations
+    #
+    # * AWS Foundational Security Best Practices
+    #
+    # You do not enable the Payment Card Industry Data Security Standard
+    # (PCI DSS) standard.
+    #
+    # To not enable the automatically enabled standards, set
     # `EnableDefaultStandards` to `false`.
     #
     # After you enable Security Hub, to enable a standard, use the `
@@ -2390,7 +2408,7 @@ module Aws::SecurityHub
     # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html
     #
     # @option params [Hash<String,String>] :tags
-    #   The tags to add to the Hub resource when you enable Security Hub.
+    #   The tags to add to the hub resource when you enable Security Hub.
     #
     # @option params [Boolean] :enable_default_standards
     #   Whether to enable the security standards that Security Hub has
@@ -3083,6 +3101,7 @@ module Aws::SecurityHub
     #   resp.findings[0].severity.product #=> Float
     #   resp.findings[0].severity.label #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
     #   resp.findings[0].severity.normalized #=> Integer
+    #   resp.findings[0].severity.original #=> String
     #   resp.findings[0].confidence #=> Integer
     #   resp.findings[0].criticality #=> Integer
     #   resp.findings[0].title #=> String
@@ -3374,6 +3393,9 @@ module Aws::SecurityHub
     #   resp.findings[0].compliance.status #=> String, one of "PASSED", "WARNING", "FAILED", "NOT_AVAILABLE"
     #   resp.findings[0].compliance.related_requirements #=> Array
     #   resp.findings[0].compliance.related_requirements[0] #=> String
+    #   resp.findings[0].compliance.status_reasons #=> Array
+    #   resp.findings[0].compliance.status_reasons[0].reason_code #=> String
+    #   resp.findings[0].compliance.status_reasons[0].description #=> String
     #   resp.findings[0].verification_state #=> String, one of "UNKNOWN", "TRUE_POSITIVE", "FALSE_POSITIVE", "BENIGN_POSITIVE"
     #   resp.findings[0].workflow_state #=> String, one of "NEW", "ASSIGNED", "IN_PROGRESS", "DEFERRED", "RESOLVED"
     #   resp.findings[0].workflow.status #=> String, one of "NEW", "NOTIFIED", "RESOLVED", "SUPPRESSED"
@@ -5374,7 +5396,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.23.0'
+      context[:gem_version] = '1.28.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -258,6 +260,8 @@ module Aws::SecurityHub
     StandardsSubscriptionRequest = Shapes::StructureShape.new(name: 'StandardsSubscriptionRequest')
     StandardsSubscriptionRequests = Shapes::ListShape.new(name: 'StandardsSubscriptionRequests')
     StandardsSubscriptions = Shapes::ListShape.new(name: 'StandardsSubscriptions')
+    StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
+    StatusReasonsList = Shapes::ListShape.new(name: 'StatusReasonsList')
     StringFilter = Shapes::StructureShape.new(name: 'StringFilter')
     StringFilterComparison = Shapes::StringShape.new(name: 'StringFilterComparison')
     StringFilterList = Shapes::ListShape.new(name: 'StringFilterList')
@@ -851,6 +855,7 @@ module Aws::SecurityHub
 
     Compliance.add_member(:status, Shapes::ShapeRef.new(shape: ComplianceStatus, location_name: "Status"))
     Compliance.add_member(:related_requirements, Shapes::ShapeRef.new(shape: RelatedRequirementsList, location_name: "RelatedRequirements"))
+    Compliance.add_member(:status_reasons, Shapes::ShapeRef.new(shape: StatusReasonsList, location_name: "StatusReasons"))
     Compliance.struct_class = Types::Compliance
 
     ContainerDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
@@ -1295,6 +1300,7 @@ module Aws::SecurityHub
     Severity.add_member(:product, Shapes::ShapeRef.new(shape: Double, location_name: "Product"))
     Severity.add_member(:label, Shapes::ShapeRef.new(shape: SeverityLabel, location_name: "Label"))
     Severity.add_member(:normalized, Shapes::ShapeRef.new(shape: Integer, location_name: "Normalized"))
+    Severity.add_member(:original, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Original"))
     Severity.struct_class = Types::Severity
 
     SeverityUpdate.add_member(:normalized, Shapes::ShapeRef.new(shape: RatioScale, location_name: "Normalized"))
@@ -1349,6 +1355,12 @@ module Aws::SecurityHub
 
     StandardsSubscriptions.member = Shapes::ShapeRef.new(shape: StandardsSubscription)
 
+    StatusReason.add_member(:reason_code, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "ReasonCode"))
+    StatusReason.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
+    StatusReason.struct_class = Types::StatusReason
+
+    StatusReasonsList.member = Shapes::ShapeRef.new(shape: StatusReason)
+
     StringFilter.add_member(:value, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Value"))
     StringFilter.add_member(:comparison, Shapes::ShapeRef.new(shape: StringFilterComparison, location_name: "Comparison"))
     StringFilter.struct_class = Types::StringFilter

data/lib/aws-sdk-securityhub/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-securityhub/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-securityhub/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -30,6 +32,7 @@ module Aws::SecurityHub
     class AcceptInvitationRequest < Struct.new(
       :master_id,
       :invitation_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -51,6 +54,7 @@ module Aws::SecurityHub
     class AccessDeniedException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -77,6 +81,7 @@ module Aws::SecurityHub
     class AccountDetails < Struct.new(
       :account_id,
       :email)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -100,6 +105,7 @@ module Aws::SecurityHub
       :action_target_arn,
       :name,
       :description)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -127,6 +133,7 @@ module Aws::SecurityHub
     class AvailabilityZone < Struct.new(
       :zone_name,
       :subnet_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -199,6 +206,7 @@ module Aws::SecurityHub
       :origins,
       :status,
       :web_acl_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -241,12 +249,13 @@ module Aws::SecurityHub
       :enabled,
       :include_cookies,
       :prefix)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # A complex type that describes the Amazon S3 bucket, HTTP server (for
-    # example, a web server), Amazon MediaStore, or other server from which
-    # CloudFront gets your files.
+    # example, a web server), Amazon Elemental MediaStore, or other server
+    # from which CloudFront gets your files.
     #
     # @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
     #   data as a hash:
@@ -277,6 +286,7 @@ module Aws::SecurityHub
       :domain_name,
       :id,
       :origin_path)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -305,6 +315,7 @@ module Aws::SecurityHub
     #
     class AwsCloudFrontDistributionOrigins < Struct.new(
       :items)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -378,6 +389,7 @@ module Aws::SecurityHub
       :source,
       :service_role,
       :vpc_config)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -425,13 +437,13 @@ module Aws::SecurityHub
     # @!attribute [rw] type
     #   The type of build environment to use for related builds.
     #
-    #   The environment type `ARM_CONTAINER` is available only in regions US
+    #   The environment type `ARM_CONTAINER` is available only in Regions US
     #   East (N. Virginia), US East (Ohio), US West (Oregon), Europe
     #   (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific
     #   (Sydney), and Europe (Frankfurt).
     #
     #   The environment type `LINUX_CONTAINER` with compute type
-    #   build.general1.2xlarge is available only in regions US East (N.
+    #   build.general1.2xlarge is available only in Regions US East (N.
     #   Virginia), US East (N. Virginia), US West (Oregon), Canada
     #   (Central), Europe (Ireland), Europe (London), Europe (Frankfurt),
     #   Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific
@@ -439,10 +451,10 @@ module Aws::SecurityHub
     #   (Ningxia).
     #
     #   The environment type `LINUX_GPU_CONTAINER` is available only in
-    #   regions US East (N. Virginia), US East (N. Virginia), US West
+    #   Regions US East (N. Virginia), US East (N. Virginia), US West
     #   (Oregon), Canada (Central), Europe (Ireland), Europe (London),
     #   Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia
-    #   Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and
+    #   Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and
     #   China (Ningxia).
     #
     #   Valid values: `WINDOWS_CONTAINER` \| `LINUX_CONTAINER` \|
@@ -456,6 +468,7 @@ module Aws::SecurityHub
       :image_pull_credentials_type,
       :registry_credential,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -491,6 +504,7 @@ module Aws::SecurityHub
     class AwsCodeBuildProjectEnvironmentRegistryCredential < Struct.new(
       :credential,
       :credential_provider)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -539,8 +553,8 @@ module Aws::SecurityHub
     #     source action instead of this value.
     #
     #   * For source code in an AWS CodeCommit repository, the HTTPS clone
-    #     URL to the repository that contains the source code and the
-    #     buildspec file (for example,
+    #     URL to the repository that contains the source code and the build
+    #     spec file (for example,
     #     `https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name`
     #     ).
     #
@@ -553,10 +567,10 @@ module Aws::SecurityHub
     #       example, `bucket-name/path/to/source-code/folder/`).
     #
     #   * For source code in a GitHub repository, the HTTPS clone URL to the
-    #     repository that contains the source and the buildspec file.
+    #     repository that contains the source and the build spec file.
     #
     #   * For source code in a Bitbucket repository, the HTTPS clone URL to
-    #     the repository that contains the source and the buildspec file.
+    #     the repository that contains the source and the build spec file.
     #   @return [String]
     #
     # @!attribute [rw] git_clone_depth
@@ -575,6 +589,7 @@ module Aws::SecurityHub
       :location,
       :git_clone_depth,
       :insecure_ssl)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -607,6 +622,7 @@ module Aws::SecurityHub
       :vpc_id,
       :subnets,
       :security_group_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -675,6 +691,7 @@ module Aws::SecurityHub
       :vpc_id,
       :subnet_id,
       :launched_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -735,6 +752,7 @@ module Aws::SecurityHub
       :instance_id,
       :instance_owner_id,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -786,6 +804,7 @@ module Aws::SecurityHub
       :network_interface_id,
       :security_groups,
       :source_dest_check)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -812,6 +831,7 @@ module Aws::SecurityHub
     class AwsEc2NetworkInterfaceSecurityGroup < Struct.new(
       :group_name,
       :group_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -924,6 +944,7 @@ module Aws::SecurityHub
       :vpc_id,
       :ip_permissions,
       :ip_permissions_egress)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1022,6 +1043,7 @@ module Aws::SecurityHub
       :ip_ranges,
       :ipv_6_ranges,
       :prefix_list_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1035,15 +1057,16 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] cidr_ip
-    #   The IPv4 CIDR range. You can either specify either a CIDR range or a
-    #   source security group, but not both. To specify a single IPv4
-    #   address, use the /32 prefix length.
+    #   The IPv4 CIDR range. You can specify either a CIDR range or a source
+    #   security group, but not both. To specify a single IPv4 address, use
+    #   the /32 prefix length.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpRange AWS API Documentation
     #
     class AwsEc2SecurityGroupIpRange < Struct.new(
       :cidr_ip)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1057,15 +1080,16 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] cidr_ipv_6
-    #   The IPv6 CIDR range. You can either specify either a CIDR range or a
-    #   source security group, but not both. To specify a single IPv6
-    #   address, use the /128 prefix length.
+    #   The IPv6 CIDR range. You can specify either a CIDR range or a source
+    #   security group, but not both. To specify a single IPv6 address, use
+    #   the /128 prefix length.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpv6Range AWS API Documentation
     #
     class AwsEc2SecurityGroupIpv6Range < Struct.new(
       :cidr_ipv_6)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1086,6 +1110,7 @@ module Aws::SecurityHub
     #
     class AwsEc2SecurityGroupPrefixListId < Struct.new(
       :prefix_list_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1143,6 +1168,7 @@ module Aws::SecurityHub
       :user_id,
       :vpc_id,
       :vpc_peering_connection_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1246,6 +1272,7 @@ module Aws::SecurityHub
       :encryption_at_rest_options,
       :node_to_node_encryption_options,
       :vpc_options)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1280,6 +1307,7 @@ module Aws::SecurityHub
     class AwsElasticsearchDomainDomainEndpointOptions < Struct.new(
       :enforce_https,
       :tls_security_policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1306,6 +1334,7 @@ module Aws::SecurityHub
     class AwsElasticsearchDomainEncryptionAtRestOptions < Struct.new(
       :enabled,
       :kms_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1326,6 +1355,7 @@ module Aws::SecurityHub
     #
     class AwsElasticsearchDomainNodeToNodeEncryptionOptions < Struct.new(
       :enabled)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1367,6 +1397,7 @@ module Aws::SecurityHub
       :security_group_ids,
       :subnet_ids,
       :vpc_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1453,6 +1484,7 @@ module Aws::SecurityHub
       :state,
       :type,
       :vpc_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1507,6 +1539,7 @@ module Aws::SecurityHub
       :principal_id,
       :principal_type,
       :principal_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1560,6 +1593,7 @@ module Aws::SecurityHub
       :role_name,
       :max_session_duration,
       :path)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1620,6 +1654,7 @@ module Aws::SecurityHub
       :key_manager,
       :key_state,
       :origin)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1662,6 +1697,7 @@ module Aws::SecurityHub
       :s3_key,
       :s3_object_version,
       :zip_file)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1683,6 +1719,7 @@ module Aws::SecurityHub
     #
     class AwsLambdaFunctionDeadLetterConfig < Struct.new(
       :target_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1835,6 +1872,7 @@ module Aws::SecurityHub
       :tracing_config,
       :vpc_config,
       :version)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1866,6 +1904,7 @@ module Aws::SecurityHub
     class AwsLambdaFunctionEnvironment < Struct.new(
       :variables,
       :error)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1892,6 +1931,7 @@ module Aws::SecurityHub
     class AwsLambdaFunctionEnvironmentError < Struct.new(
       :error_code,
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1918,6 +1958,7 @@ module Aws::SecurityHub
     class AwsLambdaFunctionLayer < Struct.new(
       :arn,
       :code_size)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1938,6 +1979,7 @@ module Aws::SecurityHub
     #
     class AwsLambdaFunctionTracingConfig < Struct.new(
       :mode)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1971,6 +2013,7 @@ module Aws::SecurityHub
       :security_group_ids,
       :subnet_ids,
       :vpc_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1990,7 +2033,7 @@ module Aws::SecurityHub
     #   @return [Integer]
     #
     # @!attribute [rw] compatible_runtimes
-    #   The layer's compatible runtimes. Maximum number of 5 items.
+    #   The layer's compatible runtimes. Maximum number of five items.
     #
     #   Valid values: `nodejs10.x` \| `nodejs12.x` \| `java8` \| `java11` \|
     #   `python2.7` \| `python3.6` \| `python3.7` \| `python3.8` \|
@@ -2009,6 +2052,7 @@ module Aws::SecurityHub
       :version,
       :compatible_runtimes,
       :created_date)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2038,14 +2082,14 @@ module Aws::SecurityHub
     #   DB instance. The `Status` property returns one of the following
     #   values:
     #
-    #   * `ACTIVE` - the IAM role ARN is associated with the DB instance and
+    #   * `ACTIVE` - The IAM role ARN is associated with the DB instance and
     #     can be used to access other AWS services on your behalf.
     #
-    #   * `PENDING` - the IAM role ARN is being associated with the DB
+    #   * `PENDING` - The IAM role ARN is being associated with the DB
     #     instance.
     #
-    #   * `INVALID` - the IAM role ARN is associated with the DB instance,
-    #     but the DB instance is unable to assume the IAM role in order to
+    #   * `INVALID` - The IAM role ARN is associated with the DB instance.
+    #     But the DB instance is unable to assume the IAM role in order to
     #     access other AWS services on your behalf.
     #   @return [String]
     #
@@ -2055,6 +2099,7 @@ module Aws::SecurityHub
       :role_arn,
       :feature_name,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2241,6 +2286,7 @@ module Aws::SecurityHub
       :storage_encrypted,
       :tde_credential_arn,
       :vpc_security_groups)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2274,6 +2320,7 @@ module Aws::SecurityHub
       :address,
       :port,
       :hosted_zone_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2300,6 +2347,7 @@ module Aws::SecurityHub
     class AwsRdsDbInstanceVpcSecurityGroup < Struct.new(
       :vpc_security_group_id,
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2347,6 +2395,7 @@ module Aws::SecurityHub
       :owner_name,
       :created_at,
       :server_side_encryption_configuration)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2375,6 +2424,7 @@ module Aws::SecurityHub
     class AwsS3BucketServerSideEncryptionByDefault < Struct.new(
       :sse_algorithm,
       :kms_master_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2402,6 +2452,7 @@ module Aws::SecurityHub
     #
     class AwsS3BucketServerSideEncryptionConfiguration < Struct.new(
       :rules)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2419,7 +2470,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] apply_server_side_encryption_by_default
     #   Specifies the default server-side encryption to apply to new objects
-    #   in the bucket. If a `PUT` Object request doesn't specify any
+    #   in the bucket. If a `PUT` object request doesn't specify any
     #   server-side encryption, this default encryption is applied.
     #   @return [Types::AwsS3BucketServerSideEncryptionByDefault]
     #
@@ -2427,10 +2478,11 @@ module Aws::SecurityHub
     #
     class AwsS3BucketServerSideEncryptionRule < Struct.new(
       :apply_server_side_encryption_by_default)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # Details about an AWS S3 object.
+    # Details about an Amazon S3 object.
     #
     # @note When making an API call, you may pass AwsS3ObjectDetails
     #   data as a hash:
@@ -2482,6 +2534,7 @@ module Aws::SecurityHub
       :content_type,
       :server_side_encryption,
       :ssekms_key_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -2514,6 +2567,7 @@ module Aws::SecurityHub
     #           product: 1.0,
     #           label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #           normalized: 1,
+    #           original: "NonEmptyString",
     #         },
     #         confidence: 1,
     #         criticality: 1,
@@ -2964,6 +3018,12 @@ module Aws::SecurityHub
     #         compliance: {
     #           status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #           related_requirements: ["NonEmptyString"],
+    #           status_reasons: [
+    #             {
+    #               reason_code: "NonEmptyString", # required
+    #               description: "NonEmptyString",
+    #             },
+    #           ],
     #         },
     #         verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #         workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
@@ -3003,7 +3063,7 @@ module Aws::SecurityHub
     #   The identifier for the solution-specific component (a discrete unit
     #   of logic) that generated a finding. In various security-findings
     #   providers' solutions, this generator can be called a rule, a check,
-    #   a detector, a plug-in, etc.
+    #   a detector, a plugin, etc.
     #   @return [String]
     #
     # @!attribute [rw] aws_account_id
@@ -3187,6 +3247,7 @@ module Aws::SecurityHub
       :record_state,
       :related_findings,
       :note)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -3772,7 +3833,7 @@ module Aws::SecurityHub
     #   The identifier for the solution-specific component (a discrete unit
     #   of logic) that generated a finding. In various security-findings
     #   providers' solutions, this generator can be called a rule, a check,
-    #   a detector, a plug-in, etc.
+    #   a detector, a plugin, etc.
     #   @return [Array<Types::StringFilter>]
     #
     # @!attribute [rw] type
@@ -4234,6 +4295,7 @@ module Aws::SecurityHub
       :note_updated_at,
       :note_updated_by,
       :keyword)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4264,6 +4326,7 @@ module Aws::SecurityHub
     class AwsSecurityFindingIdentifier < Struct.new(
       :id,
       :product_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4285,7 +4348,7 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] kms_master_key_id
-    #   The ID of an AWS-managed customer master key (CMK) for Amazon SNS or
+    #   The ID of an AWS managed customer master key (CMK) for Amazon SNS or
     #   a custom CMK.
     #   @return [String]
     #
@@ -4309,6 +4372,7 @@ module Aws::SecurityHub
       :subscription,
       :topic_name,
       :owner)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4335,6 +4399,7 @@ module Aws::SecurityHub
     class AwsSnsTopicSubscription < Struct.new(
       :endpoint,
       :protocol)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4357,7 +4422,7 @@ module Aws::SecurityHub
     #   @return [Integer]
     #
     # @!attribute [rw] kms_master_key_id
-    #   The ID of an AWS-managed customer master key (CMK) for Amazon SQS or
+    #   The ID of an AWS managed customer master key (CMK) for Amazon SQS or
     #   a custom CMK.
     #   @return [String]
     #
@@ -4378,6 +4443,7 @@ module Aws::SecurityHub
       :kms_master_key_id,
       :queue_name,
       :dead_letter_target_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4416,7 +4482,7 @@ module Aws::SecurityHub
     #   @return [String]
     #
     # @!attribute [rw] default_action
-    #   The action to perform if none of the Rules contained in the WebACL
+    #   The action to perform if none of the rules contained in the WebACL
     #   match.
     #   @return [String]
     #
@@ -4436,6 +4502,7 @@ module Aws::SecurityHub
       :default_action,
       :rules,
       :web_acl_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4463,7 +4530,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] action
     #   Specifies the action that CloudFront or AWS WAF takes when a web
-    #   request matches the conditions in the Rule.
+    #   request matches the conditions in the rule.
     #   @return [Types::WafAction]
     #
     # @!attribute [rw] excluded_rules
@@ -4491,15 +4558,15 @@ module Aws::SecurityHub
     #   @return [Types::WafOverrideAction]
     #
     # @!attribute [rw] priority
-    #   Specifies the order in which the Rules in a WebACL are evaluated.
-    #   Rules with a lower value for Priority are evaluated before Rules
+    #   Specifies the order in which the rules in a WebACL are evaluated.
+    #   Rules with a lower value for `Priority` are evaluated before rules
     #   with a higher value. The value must be a unique integer. If you add
-    #   multiple Rules to a WebACL, the values do not need to be
+    #   multiple rules to a WebACL, the values do not need to be
     #   consecutive.
     #   @return [Integer]
     #
     # @!attribute [rw] rule_id
-    #   The identifier for a Rule.
+    #   The identifier for a rule.
     #   @return [String]
     #
     # @!attribute [rw] type
@@ -4519,6 +4586,7 @@ module Aws::SecurityHub
       :priority,
       :rule_id,
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4537,6 +4605,7 @@ module Aws::SecurityHub
     #
     class BatchDisableStandardsRequest < Struct.new(
       :standards_subscription_arns)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4548,6 +4617,7 @@ module Aws::SecurityHub
     #
     class BatchDisableStandardsResponse < Struct.new(
       :standards_subscriptions)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4573,6 +4643,7 @@ module Aws::SecurityHub
     #
     class BatchEnableStandardsRequest < Struct.new(
       :standards_subscription_requests)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4584,6 +4655,7 @@ module Aws::SecurityHub
     #
     class BatchEnableStandardsResponse < Struct.new(
       :standards_subscriptions)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -4607,6 +4679,7 @@ module Aws::SecurityHub
     #               product: 1.0,
     #               label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #               normalized: 1,
+    #               original: "NonEmptyString",
     #             },
     #             confidence: 1,
     #             criticality: 1,
@@ -5057,6 +5130,12 @@ module Aws::SecurityHub
     #             compliance: {
     #               status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #               related_requirements: ["NonEmptyString"],
+    #               status_reasons: [
+    #                 {
+    #                   reason_code: "NonEmptyString", # required
+    #                   description: "NonEmptyString",
+    #                 },
+    #               ],
     #             },
     #             verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE
     #             workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED
@@ -5093,6 +5172,7 @@ module Aws::SecurityHub
     #
     class BatchImportFindingsRequest < Struct.new(
       :findings)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5114,6 +5194,7 @@ module Aws::SecurityHub
       :failed_count,
       :success_count,
       :failed_findings)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5250,6 +5331,7 @@ module Aws::SecurityHub
       :user_defined_fields,
       :workflow,
       :related_findings)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5266,6 +5348,7 @@ module Aws::SecurityHub
     class BatchUpdateFindingsResponse < Struct.new(
       :processed_findings,
       :unprocessed_findings)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5290,30 +5373,12 @@ module Aws::SecurityHub
       :finding_identifier,
       :error_code,
       :error_message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # Exclusive to findings that are generated as the result of a check run
-    # against a specific rule in a supported security standard, such as CIS
-    # AWS Foundations. Contains security standard-related finding details.
-    #
-    # Values include the following:
-    #
-    # * Allowed values are the following:
-    #
-    #   * `PASSED` - Standards check passed for all evaluated resources.
-    #
-    #   * `WARNING` - Some information is missing or this check is not
-    #     supported given your configuration.
-    #
-    #   * `FAILED` - Standards check failed for at least one evaluated
-    #     resource.
-    #
-    #   * `NOT_AVAILABLE` - Check could not be performed due to a service
-    #     outage, API error, or because the result of the AWS Config
-    #     evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
-    #     result was ` NOT_APPLICABLE`, then after 3 days, Security Hub
-    #     automatically archives the finding.
+    # Contains finding details that are specific to control-based findings.
+    # Only returned for findings generated from controls.
     #
     # @note When making an API call, you may pass Compliance
     #   data as a hash:
@@ -5321,21 +5386,58 @@ module Aws::SecurityHub
     #       {
     #         status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE
     #         related_requirements: ["NonEmptyString"],
+    #         status_reasons: [
+    #           {
+    #             reason_code: "NonEmptyString", # required
+    #             description: "NonEmptyString",
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] status
     #   The result of a standards check.
+    #
+    #   The valid values for `Status` are as follows.
+    #
+    #   * * `PASSED` - Standards check passed for all evaluated resources.
+    #
+    #     * `WARNING` - Some information is missing or this check is not
+    #       supported for your configuration.
+    #
+    #     * `FAILED` - Standards check failed for at least one evaluated
+    #       resource.
+    #
+    #     * `NOT_AVAILABLE` - Check could not be performed due to a service
+    #       outage, API error, or because the result of the AWS Config
+    #       evaluation was `NOT_APPLICABLE`. If the AWS Config evaluation
+    #       result was `NOT_APPLICABLE`, then after 3 days, Security Hub
+    #       automatically archives the finding.
     #   @return [String]
     #
     # @!attribute [rw] related_requirements
-    #   List of requirements that are related to a standards control.
+    #   For a control, the industry or regulatory framework requirements
+    #   that are related to the control. The check for that control is
+    #   aligned with these requirements.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] status_reasons
+    #   For findings generated from controls, a list of reasons behind the
+    #   value of `Status`. For the list of status reason codes and their
+    #   meanings, see [Standards-related information in the ASFF][1] in the
+    #   *AWS Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
+    #   @return [Array<Types::StatusReason>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation
     #
     class Compliance < Struct.new(
       :status,
-      :related_requirements)
+      :related_requirements,
+      :status_reasons)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5374,6 +5476,7 @@ module Aws::SecurityHub
       :image_id,
       :image_name,
       :launched_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5404,6 +5507,7 @@ module Aws::SecurityHub
       :name,
       :description,
       :id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -5415,6 +5519,7 @@ module Aws::SecurityHub
     #
     class CreateActionTargetResponse < Struct.new(
       :action_target_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6005,6 +6110,7 @@ module Aws::SecurityHub
       :name,
       :filters,
       :group_by_attribute)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6016,6 +6122,7 @@ module Aws::SecurityHub
     #
     class CreateInsightResponse < Struct.new(
       :insight_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6041,6 +6148,7 @@ module Aws::SecurityHub
     #
     class CreateMembersRequest < Struct.new(
       :account_details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6053,6 +6161,7 @@ module Aws::SecurityHub
     #
     class CreateMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6088,6 +6197,7 @@ module Aws::SecurityHub
       :start,
       :end,
       :date_range)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6114,6 +6224,7 @@ module Aws::SecurityHub
     class DateRange < Struct.new(
       :value,
       :unit)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6133,6 +6244,7 @@ module Aws::SecurityHub
     #
     class DeclineInvitationsRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6145,6 +6257,7 @@ module Aws::SecurityHub
     #
     class DeclineInvitationsResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6163,6 +6276,7 @@ module Aws::SecurityHub
     #
     class DeleteActionTargetRequest < Struct.new(
       :action_target_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6174,6 +6288,7 @@ module Aws::SecurityHub
     #
     class DeleteActionTargetResponse < Struct.new(
       :action_target_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6192,6 +6307,7 @@ module Aws::SecurityHub
     #
     class DeleteInsightRequest < Struct.new(
       :insight_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6203,6 +6319,7 @@ module Aws::SecurityHub
     #
     class DeleteInsightResponse < Struct.new(
       :insight_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6221,6 +6338,7 @@ module Aws::SecurityHub
     #
     class DeleteInvitationsRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6234,6 +6352,7 @@ module Aws::SecurityHub
     #
     class DeleteInvitationsResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6252,6 +6371,7 @@ module Aws::SecurityHub
     #
     class DeleteMembersRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6264,6 +6384,7 @@ module Aws::SecurityHub
     #
     class DeleteMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6301,6 +6422,7 @@ module Aws::SecurityHub
       :action_target_arns,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6319,6 +6441,7 @@ module Aws::SecurityHub
     class DescribeActionTargetsResponse < Struct.new(
       :action_targets,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6337,6 +6460,7 @@ module Aws::SecurityHub
     #
     class DescribeHubRequest < Struct.new(
       :hub_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6353,6 +6477,7 @@ module Aws::SecurityHub
     class DescribeHubResponse < Struct.new(
       :hub_arn,
       :subscribed_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6383,6 +6508,7 @@ module Aws::SecurityHub
     class DescribeProductsRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6399,6 +6525,7 @@ module Aws::SecurityHub
     class DescribeProductsResponse < Struct.new(
       :products,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6436,6 +6563,7 @@ module Aws::SecurityHub
       :standards_subscription_arn,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6452,6 +6580,7 @@ module Aws::SecurityHub
     class DescribeStandardsControlsResponse < Struct.new(
       :controls,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6482,6 +6611,7 @@ module Aws::SecurityHub
     class DescribeStandardsRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6498,6 +6628,7 @@ module Aws::SecurityHub
     class DescribeStandardsResponse < Struct.new(
       :standards,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6516,6 +6647,7 @@ module Aws::SecurityHub
     #
     class DisableImportFindingsForProductRequest < Struct.new(
       :product_subscription_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6559,6 +6691,7 @@ module Aws::SecurityHub
     #
     class DisassociateMembersRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6581,6 +6714,7 @@ module Aws::SecurityHub
     #
     class EnableImportFindingsForProductRequest < Struct.new(
       :product_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6593,6 +6727,7 @@ module Aws::SecurityHub
     #
     class EnableImportFindingsForProductResponse < Struct.new(
       :product_subscription_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6607,7 +6742,7 @@ module Aws::SecurityHub
     #       }
     #
     # @!attribute [rw] tags
-    #   The tags to add to the Hub resource when you enable Security Hub.
+    #   The tags to add to the hub resource when you enable Security Hub.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] enable_default_standards
@@ -6623,6 +6758,7 @@ module Aws::SecurityHub
     class EnableSecurityHubRequest < Struct.new(
       :tags,
       :enable_default_standards)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6664,6 +6800,7 @@ module Aws::SecurityHub
       :standards_subscription_arns,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -6681,6 +6818,7 @@ module Aws::SecurityHub
     class GetEnabledStandardsResponse < Struct.new(
       :standards_subscriptions,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7282,6 +7420,7 @@ module Aws::SecurityHub
       :sort_criteria,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7298,6 +7437,7 @@ module Aws::SecurityHub
     class GetFindingsResponse < Struct.new(
       :findings,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7316,6 +7456,7 @@ module Aws::SecurityHub
     #
     class GetInsightResultsRequest < Struct.new(
       :insight_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7327,6 +7468,7 @@ module Aws::SecurityHub
     #
     class GetInsightResultsResponse < Struct.new(
       :insight_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7364,6 +7506,7 @@ module Aws::SecurityHub
       :insight_arns,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7380,6 +7523,7 @@ module Aws::SecurityHub
     class GetInsightsResponse < Struct.new(
       :insights,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7398,6 +7542,7 @@ module Aws::SecurityHub
     #
     class GetInvitationsCountResponse < Struct.new(
       :invitations_count)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7416,6 +7561,7 @@ module Aws::SecurityHub
     #
     class GetMasterAccountResponse < Struct.new(
       :master)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7435,6 +7581,7 @@ module Aws::SecurityHub
     #
     class GetMembersRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7452,6 +7599,7 @@ module Aws::SecurityHub
     class GetMembersResponse < Struct.new(
       :members,
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7478,6 +7626,7 @@ module Aws::SecurityHub
       :id,
       :error_code,
       :error_message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7512,6 +7661,7 @@ module Aws::SecurityHub
       :name,
       :filters,
       :group_by_attribute)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7533,6 +7683,7 @@ module Aws::SecurityHub
     class InsightResultValue < Struct.new(
       :group_by_attribute_value,
       :count)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7559,6 +7710,7 @@ module Aws::SecurityHub
       :insight_arn,
       :group_by_attribute,
       :result_values)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7575,6 +7727,7 @@ module Aws::SecurityHub
     class InternalException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7592,6 +7745,7 @@ module Aws::SecurityHub
     class InvalidAccessException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7609,6 +7763,7 @@ module Aws::SecurityHub
     class InvalidInputException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7639,6 +7794,7 @@ module Aws::SecurityHub
       :invitation_id,
       :invited_at,
       :member_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7658,6 +7814,7 @@ module Aws::SecurityHub
     #
     class InviteMembersRequest < Struct.new(
       :account_ids)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7670,6 +7827,7 @@ module Aws::SecurityHub
     #
     class InviteMembersResponse < Struct.new(
       :unprocessed_accounts)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7690,6 +7848,7 @@ module Aws::SecurityHub
     #
     class IpFilter < Struct.new(
       :cidr)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7710,6 +7869,7 @@ module Aws::SecurityHub
     #
     class KeywordFilter < Struct.new(
       :value)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7728,6 +7888,7 @@ module Aws::SecurityHub
     class LimitExceededException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7758,6 +7919,7 @@ module Aws::SecurityHub
     class ListEnabledProductsForImportRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7775,6 +7937,7 @@ module Aws::SecurityHub
     class ListEnabledProductsForImportResponse < Struct.new(
       :product_subscriptions,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7805,6 +7968,7 @@ module Aws::SecurityHub
     class ListInvitationsRequest < Struct.new(
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7821,6 +7985,7 @@ module Aws::SecurityHub
     class ListInvitationsResponse < Struct.new(
       :invitations,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7865,6 +8030,7 @@ module Aws::SecurityHub
       :only_associated,
       :max_results,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7881,6 +8047,7 @@ module Aws::SecurityHub
     class ListMembersResponse < Struct.new(
       :members,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7899,6 +8066,7 @@ module Aws::SecurityHub
     #
     class ListTagsForResourceRequest < Struct.new(
       :resource_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7910,6 +8078,7 @@ module Aws::SecurityHub
     #
     class ListTagsForResourceResponse < Struct.new(
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7942,6 +8111,7 @@ module Aws::SecurityHub
     class LoadBalancerState < Struct.new(
       :code,
       :reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -7980,6 +8150,7 @@ module Aws::SecurityHub
       :type,
       :path,
       :state)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8013,6 +8184,7 @@ module Aws::SecurityHub
       :key,
       :value,
       :comparison)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8055,6 +8227,7 @@ module Aws::SecurityHub
       :member_status,
       :invited_at,
       :updated_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8141,6 +8314,7 @@ module Aws::SecurityHub
       :destination_ip_v6,
       :destination_port,
       :destination_domain)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8173,6 +8347,7 @@ module Aws::SecurityHub
       :text,
       :updated_by,
       :updated_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8199,6 +8374,7 @@ module Aws::SecurityHub
     class NoteUpdate < Struct.new(
       :text,
       :updated_by)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8234,6 +8410,7 @@ module Aws::SecurityHub
       :gte,
       :lte,
       :eq)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8284,6 +8461,7 @@ module Aws::SecurityHub
       :parent_pid,
       :launched_at,
       :terminated_at)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8345,6 +8523,7 @@ module Aws::SecurityHub
       :marketplace_url,
       :activation_url,
       :product_subscription_resource_policy)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8374,6 +8553,7 @@ module Aws::SecurityHub
     class Recommendation < Struct.new(
       :text,
       :url)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8400,6 +8580,7 @@ module Aws::SecurityHub
     class RelatedFinding < Struct.new(
       :product_arn,
       :id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8424,6 +8605,7 @@ module Aws::SecurityHub
     #
     class Remediation < Struct.new(
       :recommendation)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8862,6 +9044,7 @@ module Aws::SecurityHub
       :region,
       :tags,
       :details)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -8879,6 +9062,7 @@ module Aws::SecurityHub
     class ResourceConflictException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9291,7 +9475,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsEc2InstanceDetails]
     #
     # @!attribute [rw] aws_ec2_network_interface
-    #   Details for an AWS EC2 network interface.
+    #   Details for an Amazon EC2 network interface.
     #   @return [Types::AwsEc2NetworkInterfaceDetails]
     #
     # @!attribute [rw] aws_ec2_security_group
@@ -9307,7 +9491,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsElasticsearchDomainDetails]
     #
     # @!attribute [rw] aws_s3_bucket
-    #   Details about an Amazon S3 Bucket related to a finding.
+    #   Details about an Amazon S3 bucket related to a finding.
     #   @return [Types::AwsS3BucketDetails]
     #
     # @!attribute [rw] aws_s3_object
@@ -9335,7 +9519,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsLambdaLayerVersionDetails]
     #
     # @!attribute [rw] aws_rds_db_instance
-    #   Details for an RDS database instance.
+    #   Details for an Amazon RDS database instance.
     #   @return [Types::AwsRdsDbInstanceDetails]
     #
     # @!attribute [rw] aws_sns_topic
@@ -9391,6 +9575,7 @@ module Aws::SecurityHub
       :aws_waf_web_acl,
       :container,
       :other)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9408,6 +9593,7 @@ module Aws::SecurityHub
     class ResourceNotFoundException < Struct.new(
       :message,
       :code)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9426,6 +9612,7 @@ module Aws::SecurityHub
     class Result < Struct.new(
       :account_id,
       :processing_result)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9438,9 +9625,13 @@ module Aws::SecurityHub
     #         product: 1.0,
     #         label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL
     #         normalized: 1,
+    #         original: "NonEmptyString",
     #       }
     #
     # @!attribute [rw] product
+    #   Deprecated. This attribute is being deprecated. Instead of providing
+    #   `Product`, provide `Original`.
+    #
     #   The native severity as defined by the AWS service or integrated
     #   partner product that generated the finding.
     #   @return [Float]
@@ -9479,12 +9670,19 @@ module Aws::SecurityHub
     #   * 90–100 - `CRITICAL`
     #   @return [Integer]
     #
+    # @!attribute [rw] original
+    #   The native severity from the finding product that generated the
+    #   finding.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation
     #
     class Severity < Struct.new(
       :product,
       :label,
-      :normalized)
+      :normalized,
+      :original)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9544,6 +9742,7 @@ module Aws::SecurityHub
       :normalized,
       :product,
       :label)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9570,6 +9769,7 @@ module Aws::SecurityHub
     class SortCriterion < Struct.new(
       :field,
       :sort_order)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9604,6 +9804,7 @@ module Aws::SecurityHub
       :name,
       :description,
       :enabled_by_default)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9672,6 +9873,7 @@ module Aws::SecurityHub
       :remediation_url,
       :severity_rating,
       :related_requirements)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9701,6 +9903,7 @@ module Aws::SecurityHub
       :standards_arn,
       :standards_input,
       :standards_status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9731,6 +9934,40 @@ module Aws::SecurityHub
     class StandardsSubscriptionRequest < Struct.new(
       :standards_arn,
       :standards_input)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides additional context for the value of `Compliance.Status`.
+    #
+    # @note When making an API call, you may pass StatusReason
+    #   data as a hash:
+    #
+    #       {
+    #         reason_code: "NonEmptyString", # required
+    #         description: "NonEmptyString",
+    #       }
+    #
+    # @!attribute [rw] reason_code
+    #   A code that represents a reason for the control status. For the list
+    #   of status reason codes and their meanings, see [Standards-related
+    #   information in the ASFF][1] in the *AWS Security Hub User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   The corresponding description for the status reason code.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatusReason AWS API Documentation
+    #
+    class StatusReason < Struct.new(
+      :reason_code,
+      :description)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9758,6 +9995,7 @@ module Aws::SecurityHub
     class StringFilter < Struct.new(
       :value,
       :comparison)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9784,6 +10022,7 @@ module Aws::SecurityHub
     class TagResourceRequest < Struct.new(
       :resource_arn,
       :tags)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9840,6 +10079,7 @@ module Aws::SecurityHub
       :last_observed_at,
       :source,
       :source_url)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9864,6 +10104,7 @@ module Aws::SecurityHub
     class UntagResourceRequest < Struct.new(
       :resource_arn,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -9898,6 +10139,7 @@ module Aws::SecurityHub
       :action_target_arn,
       :name,
       :description)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -10490,6 +10732,7 @@ module Aws::SecurityHub
       :filters,
       :note,
       :record_state)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11084,6 +11327,7 @@ module Aws::SecurityHub
       :name,
       :filters,
       :group_by_attribute)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11119,6 +11363,7 @@ module Aws::SecurityHub
       :standards_control_arn,
       :control_status,
       :disabled_reason)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11127,7 +11372,7 @@ module Aws::SecurityHub
     class UpdateStandardsControlResponse < Aws::EmptyStructure; end
 
     # Details about the action that CloudFront or AWS WAF takes when a web
-    # request matches the conditions in the Rule.
+    # request matches the conditions in the rule.
     #
     # @note When making an API call, you may pass WafAction
     #   data as a hash:
@@ -11138,7 +11383,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] type
     #   Specifies how you want AWS WAF to respond to requests that match the
-    #   settings in a Rule.
+    #   settings in a rule.
     #
     #   Valid settings include the following:
     #
@@ -11157,6 +11402,7 @@ module Aws::SecurityHub
     #
     class WafAction < Struct.new(
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11177,6 +11423,7 @@ module Aws::SecurityHub
     #
     class WafExcludedRule < Struct.new(
       :rule_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11191,7 +11438,7 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] type
     #   `COUNT` overrides the action specified by the individual rule within
-    #   a RuleGroup .
+    #   a `RuleGroup` .
     #
     #   If set to `NONE`, the rule's action takes place.
     #   @return [String]
@@ -11200,6 +11447,7 @@ module Aws::SecurityHub
     #
     class WafOverrideAction < Struct.new(
       :type)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11234,6 +11482,7 @@ module Aws::SecurityHub
     #
     class Workflow < Struct.new(
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -11267,6 +11516,7 @@ module Aws::SecurityHub
     #
     class WorkflowUpdate < Struct.new(
       :status)
+      SENSITIVE = []
       include Aws::Structure
     end