aws-sdk-securityhub 1.31.0 → 1.36.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-securityhub.rb +3 -2
  3. data/lib/aws-sdk-securityhub/client.rb +1109 -41
  4. data/lib/aws-sdk-securityhub/client_api.rb +736 -7
  5. data/lib/aws-sdk-securityhub/types.rb +9768 -3531
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0e0c6a61da4fcb83e55e54af8c07b96f29899528b028cde4b7255845806f9682
4
- data.tar.gz: f787db956bb62779c2cdd989d449232d08f6fd98c54a4c68af518745addbfb7b
3
+ metadata.gz: dfd2b4dd950ff3c25ffe4aa522baa557f0e9b09f17eb33f4d8b28390d478e8e9
4
+ data.tar.gz: 86aa091badb2a21ef8ff863b04aeb46648c99e0c682923f8d5380a655c4978ed
5
5
  SHA512:
6
- metadata.gz: 6d82161620ac7ab7b0f0145f0eaa736709dbd8381f79eb4ced39afdb57114e5af3ab0c92293709c428c465249e4210bf6276b3056655c75bd7cf75f8448e92d1
7
- data.tar.gz: 2e41b85e09f7605f7b7a0b70830c1f1f26cef5bd4e005afc9991cdd511798a211a97162a554f551ce76625c43678f8ad21014d076468cdc971105502db4047e3
6
+ metadata.gz: 3c8d78f445024a95159b48fb25c611bc089179fa9e76acba2cf14293b56f0eb354448ebf2586540b98f16420e9ba13150e6b4a9205adb574e43470e0362e77ae
7
+ data.tar.gz: 7be711077e56e1bdb730542a70eab2b5036eb5ad04ebcf707b3977608264365df7a27473a0543a21adeab03bc9a889bed5efd6705e2371d717c3d256aabe69af
data/lib/aws-sdk-securityhub.rb CHANGED
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-securityhub/customizations'
44
45
  #
45
46
  # See {Errors} for more information.
46
47
  #
47
- # @service
48
+ # @!group service
48
49
  module Aws::SecurityHub
49
50
 
50
- GEM_VERSION = '1.31.0'
51
+ GEM_VERSION = '1.36.0'
51
52
 
52
53
  end
data/lib/aws-sdk-securityhub/client.rb CHANGED
@@ -85,13 +85,28 @@ module Aws::SecurityHub
85
85
  # * `Aws::Credentials` - Used for configuring static, non-refreshing
86
86
  # credentials.
87
87
  #
88
+ # * `Aws::SharedCredentials` - Used for loading static credentials from a
89
+ # shared file, such as `~/.aws/config`.
90
+ #
91
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
92
+ #
93
+ # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
94
+ # assume a role after providing credentials via the web.
95
+ #
96
+ # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
97
+ # access token generated from `aws login`.
98
+ #
99
+ # * `Aws::ProcessCredentials` - Used for loading credentials from a
100
+ # process that outputs to stdout.
101
+ #
88
102
  # * `Aws::InstanceProfileCredentials` - Used for loading credentials
89
103
  # from an EC2 IMDS on an EC2 instance.
90
104
  #
91
- # * `Aws::SharedCredentials` - Used for loading credentials from a
92
- # shared file, such as `~/.aws/config`.
105
+ # * `Aws::ECSCredentials` - Used for loading credentials from
106
+ # instances running in ECS.
93
107
  #
94
- # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
108
+ # * `Aws::CognitoIdentityCredentials` - Used for loading credentials
109
+ # from the Cognito Identity service.
95
110
  #
96
111
  # When `:credentials` are not configured directly, the following
97
112
  # locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::SecurityHub
101
116
  # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
102
117
  # * `~/.aws/credentials`
103
118
  # * `~/.aws/config`
104
- # * EC2 IMDS instance profile - When used by default, the timeouts are
105
- # very aggressive. Construct and pass an instance of
106
- # `Aws::InstanceProfileCredentails` to enable retries and extended
107
- # timeouts.
119
+ # * EC2/ECS IMDS instance profile - When used by default, the timeouts
120
+ # are very aggressive. Construct and pass an instance of
121
+ # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
122
+ # enable retries and extended timeouts.
108
123
  #
109
124
  # @option options [required, String] :region
110
125
  # The AWS region to connect to. The configured `:region` is
@@ -315,6 +330,9 @@ module Aws::SecurityHub
315
330
  # Accepts the invitation to be a member account and be monitored by the
316
331
  # Security Hub master account that the invitation was sent from.
317
332
  #
333
+ # This operation is only used by member accounts that are not added
334
+ # through Organizations.
335
+ #
318
336
  # When the member account accepts the invitation, permission is granted
319
337
  # to the master account to view findings generated in the member
320
338
  # account.
@@ -613,6 +631,7 @@ module Aws::SecurityHub
613
631
  # id: "NonEmptyString", # required
614
632
  # partition: "aws", # accepts aws, aws-cn, aws-us-gov
615
633
  # region: "NonEmptyString",
634
+ # resource_role: "NonEmptyString",
616
635
  # tags: {
617
636
  # "NonEmptyString" => "NonEmptyString",
618
637
  # },
@@ -650,6 +669,17 @@ module Aws::SecurityHub
650
669
  # },
651
670
  # },
652
671
  # aws_cloud_front_distribution: {
672
+ # cache_behaviors: {
673
+ # items: [
674
+ # {
675
+ # viewer_protocol_policy: "NonEmptyString",
676
+ # },
677
+ # ],
678
+ # },
679
+ # default_cache_behavior: {
680
+ # viewer_protocol_policy: "NonEmptyString",
681
+ # },
682
+ # default_root_object: "NonEmptyString",
653
683
  # domain_name: "NonEmptyString",
654
684
  # etag: "NonEmptyString",
655
685
  # last_modified_time: "NonEmptyString",
@@ -665,6 +695,21 @@ module Aws::SecurityHub
665
695
  # domain_name: "NonEmptyString",
666
696
  # id: "NonEmptyString",
667
697
  # origin_path: "NonEmptyString",
698
+ # s3_origin_config: {
699
+ # origin_access_identity: "NonEmptyString",
700
+ # },
701
+ # },
702
+ # ],
703
+ # },
704
+ # origin_groups: {
705
+ # items: [
706
+ # {
707
+ # failover_criteria: {
708
+ # status_codes: {
709
+ # items: [1],
710
+ # quantity: 1,
711
+ # },
712
+ # },
668
713
  # },
669
714
  # ],
670
715
  # },
@@ -906,6 +951,21 @@ module Aws::SecurityHub
906
951
  # principal_id: "NonEmptyString",
907
952
  # principal_type: "NonEmptyString",
908
953
  # principal_name: "NonEmptyString",
954
+ # account_id: "NonEmptyString",
955
+ # access_key_id: "NonEmptyString",
956
+ # session_context: {
957
+ # attributes: {
958
+ # mfa_authenticated: false,
959
+ # creation_date: "NonEmptyString",
960
+ # },
961
+ # session_issuer: {
962
+ # type: "NonEmptyString",
963
+ # principal_id: "NonEmptyString",
964
+ # arn: "NonEmptyString",
965
+ # account_id: "NonEmptyString",
966
+ # user_name: "NonEmptyString",
967
+ # },
968
+ # },
909
969
  # },
910
970
  # aws_iam_user: {
911
971
  # attached_managed_policies: [
@@ -948,6 +1008,56 @@ module Aws::SecurityHub
948
1008
  # ],
949
1009
  # update_date: "NonEmptyString",
950
1010
  # },
1011
+ # aws_api_gateway_v2_stage: {
1012
+ # created_date: "NonEmptyString",
1013
+ # description: "NonEmptyString",
1014
+ # default_route_settings: {
1015
+ # detailed_metrics_enabled: false,
1016
+ # logging_level: "NonEmptyString",
1017
+ # data_trace_enabled: false,
1018
+ # throttling_burst_limit: 1,
1019
+ # throttling_rate_limit: 1.0,
1020
+ # },
1021
+ # deployment_id: "NonEmptyString",
1022
+ # last_updated_date: "NonEmptyString",
1023
+ # route_settings: {
1024
+ # detailed_metrics_enabled: false,
1025
+ # logging_level: "NonEmptyString",
1026
+ # data_trace_enabled: false,
1027
+ # throttling_burst_limit: 1,
1028
+ # throttling_rate_limit: 1.0,
1029
+ # },
1030
+ # stage_name: "NonEmptyString",
1031
+ # stage_variables: {
1032
+ # "NonEmptyString" => "NonEmptyString",
1033
+ # },
1034
+ # access_log_settings: {
1035
+ # format: "NonEmptyString",
1036
+ # destination_arn: "NonEmptyString",
1037
+ # },
1038
+ # auto_deploy: false,
1039
+ # last_deployment_status_message: "NonEmptyString",
1040
+ # api_gateway_managed: false,
1041
+ # },
1042
+ # aws_api_gateway_v2_api: {
1043
+ # api_endpoint: "NonEmptyString",
1044
+ # api_id: "NonEmptyString",
1045
+ # api_key_selection_expression: "NonEmptyString",
1046
+ # created_date: "NonEmptyString",
1047
+ # description: "NonEmptyString",
1048
+ # version: "NonEmptyString",
1049
+ # name: "NonEmptyString",
1050
+ # protocol_type: "NonEmptyString",
1051
+ # route_selection_expression: "NonEmptyString",
1052
+ # cors_configuration: {
1053
+ # allow_origins: ["NonEmptyString"],
1054
+ # allow_credentials: false,
1055
+ # expose_headers: ["NonEmptyString"],
1056
+ # max_age: 1,
1057
+ # allow_methods: ["NonEmptyString"],
1058
+ # allow_headers: ["NonEmptyString"],
1059
+ # },
1060
+ # },
951
1061
  # aws_dynamo_db_table: {
952
1062
  # attribute_definitions: [
953
1063
  # {
@@ -1060,11 +1170,404 @@ module Aws::SecurityHub
1060
1170
  # table_size_bytes: 1,
1061
1171
  # table_status: "NonEmptyString",
1062
1172
  # },
1173
+ # aws_api_gateway_stage: {
1174
+ # deployment_id: "NonEmptyString",
1175
+ # client_certificate_id: "NonEmptyString",
1176
+ # stage_name: "NonEmptyString",
1177
+ # description: "NonEmptyString",
1178
+ # cache_cluster_enabled: false,
1179
+ # cache_cluster_size: "NonEmptyString",
1180
+ # cache_cluster_status: "NonEmptyString",
1181
+ # method_settings: [
1182
+ # {
1183
+ # metrics_enabled: false,
1184
+ # logging_level: "NonEmptyString",
1185
+ # data_trace_enabled: false,
1186
+ # throttling_burst_limit: 1,
1187
+ # throttling_rate_limit: 1.0,
1188
+ # caching_enabled: false,
1189
+ # cache_ttl_in_seconds: 1,
1190
+ # cache_data_encrypted: false,
1191
+ # require_authorization_for_cache_control: false,
1192
+ # unauthorized_cache_control_header_strategy: "NonEmptyString",
1193
+ # http_method: "NonEmptyString",
1194
+ # resource_path: "NonEmptyString",
1195
+ # },
1196
+ # ],
1197
+ # variables: {
1198
+ # "NonEmptyString" => "NonEmptyString",
1199
+ # },
1200
+ # documentation_version: "NonEmptyString",
1201
+ # access_log_settings: {
1202
+ # format: "NonEmptyString",
1203
+ # destination_arn: "NonEmptyString",
1204
+ # },
1205
+ # canary_settings: {
1206
+ # percent_traffic: 1.0,
1207
+ # deployment_id: "NonEmptyString",
1208
+ # stage_variable_overrides: {
1209
+ # "NonEmptyString" => "NonEmptyString",
1210
+ # },
1211
+ # use_stage_cache: false,
1212
+ # },
1213
+ # tracing_enabled: false,
1214
+ # created_date: "NonEmptyString",
1215
+ # last_updated_date: "NonEmptyString",
1216
+ # web_acl_arn: "NonEmptyString",
1217
+ # },
1218
+ # aws_api_gateway_rest_api: {
1219
+ # id: "NonEmptyString",
1220
+ # name: "NonEmptyString",
1221
+ # description: "NonEmptyString",
1222
+ # created_date: "NonEmptyString",
1223
+ # version: "NonEmptyString",
1224
+ # binary_media_types: ["NonEmptyString"],
1225
+ # minimum_compression_size: 1,
1226
+ # api_key_source: "NonEmptyString",
1227
+ # endpoint_configuration: {
1228
+ # types: ["NonEmptyString"],
1229
+ # },
1230
+ # },
1231
+ # aws_cloud_trail_trail: {
1232
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
1233
+ # cloud_watch_logs_role_arn: "NonEmptyString",
1234
+ # has_custom_event_selectors: false,
1235
+ # home_region: "NonEmptyString",
1236
+ # include_global_service_events: false,
1237
+ # is_multi_region_trail: false,
1238
+ # is_organization_trail: false,
1239
+ # kms_key_id: "NonEmptyString",
1240
+ # log_file_validation_enabled: false,
1241
+ # name: "NonEmptyString",
1242
+ # s3_bucket_name: "NonEmptyString",
1243
+ # s3_key_prefix: "NonEmptyString",
1244
+ # sns_topic_arn: "NonEmptyString",
1245
+ # sns_topic_name: "NonEmptyString",
1246
+ # trail_arn: "NonEmptyString",
1247
+ # },
1248
+ # aws_certificate_manager_certificate: {
1249
+ # certificate_authority_arn: "NonEmptyString",
1250
+ # created_at: "NonEmptyString",
1251
+ # domain_name: "NonEmptyString",
1252
+ # domain_validation_options: [
1253
+ # {
1254
+ # domain_name: "NonEmptyString",
1255
+ # resource_record: {
1256
+ # name: "NonEmptyString",
1257
+ # type: "NonEmptyString",
1258
+ # value: "NonEmptyString",
1259
+ # },
1260
+ # validation_domain: "NonEmptyString",
1261
+ # validation_emails: ["NonEmptyString"],
1262
+ # validation_method: "NonEmptyString",
1263
+ # validation_status: "NonEmptyString",
1264
+ # },
1265
+ # ],
1266
+ # extended_key_usages: [
1267
+ # {
1268
+ # name: "NonEmptyString",
1269
+ # o_id: "NonEmptyString",
1270
+ # },
1271
+ # ],
1272
+ # failure_reason: "NonEmptyString",
1273
+ # imported_at: "NonEmptyString",
1274
+ # in_use_by: ["NonEmptyString"],
1275
+ # issued_at: "NonEmptyString",
1276
+ # issuer: "NonEmptyString",
1277
+ # key_algorithm: "NonEmptyString",
1278
+ # key_usages: [
1279
+ # {
1280
+ # name: "NonEmptyString",
1281
+ # },
1282
+ # ],
1283
+ # not_after: "NonEmptyString",
1284
+ # not_before: "NonEmptyString",
1285
+ # options: {
1286
+ # certificate_transparency_logging_preference: "NonEmptyString",
1287
+ # },
1288
+ # renewal_eligibility: "NonEmptyString",
1289
+ # renewal_summary: {
1290
+ # domain_validation_options: [
1291
+ # {
1292
+ # domain_name: "NonEmptyString",
1293
+ # resource_record: {
1294
+ # name: "NonEmptyString",
1295
+ # type: "NonEmptyString",
1296
+ # value: "NonEmptyString",
1297
+ # },
1298
+ # validation_domain: "NonEmptyString",
1299
+ # validation_emails: ["NonEmptyString"],
1300
+ # validation_method: "NonEmptyString",
1301
+ # validation_status: "NonEmptyString",
1302
+ # },
1303
+ # ],
1304
+ # renewal_status: "NonEmptyString",
1305
+ # renewal_status_reason: "NonEmptyString",
1306
+ # updated_at: "NonEmptyString",
1307
+ # },
1308
+ # serial: "NonEmptyString",
1309
+ # signature_algorithm: "NonEmptyString",
1310
+ # status: "NonEmptyString",
1311
+ # subject: "NonEmptyString",
1312
+ # subject_alternative_names: ["NonEmptyString"],
1313
+ # type: "NonEmptyString",
1314
+ # },
1315
+ # aws_redshift_cluster: {
1316
+ # allow_version_upgrade: false,
1317
+ # automated_snapshot_retention_period: 1,
1318
+ # availability_zone: "NonEmptyString",
1319
+ # cluster_availability_status: "NonEmptyString",
1320
+ # cluster_create_time: "NonEmptyString",
1321
+ # cluster_identifier: "NonEmptyString",
1322
+ # cluster_nodes: [
1323
+ # {
1324
+ # node_role: "NonEmptyString",
1325
+ # private_ip_address: "NonEmptyString",
1326
+ # public_ip_address: "NonEmptyString",
1327
+ # },
1328
+ # ],
1329
+ # cluster_parameter_groups: [
1330
+ # {
1331
+ # cluster_parameter_status_list: [
1332
+ # {
1333
+ # parameter_name: "NonEmptyString",
1334
+ # parameter_apply_status: "NonEmptyString",
1335
+ # parameter_apply_error_description: "NonEmptyString",
1336
+ # },
1337
+ # ],
1338
+ # parameter_apply_status: "NonEmptyString",
1339
+ # parameter_group_name: "NonEmptyString",
1340
+ # },
1341
+ # ],
1342
+ # cluster_public_key: "NonEmptyString",
1343
+ # cluster_revision_number: "NonEmptyString",
1344
+ # cluster_security_groups: [
1345
+ # {
1346
+ # cluster_security_group_name: "NonEmptyString",
1347
+ # status: "NonEmptyString",
1348
+ # },
1349
+ # ],
1350
+ # cluster_snapshot_copy_status: {
1351
+ # destination_region: "NonEmptyString",
1352
+ # manual_snapshot_retention_period: 1,
1353
+ # retention_period: 1,
1354
+ # snapshot_copy_grant_name: "NonEmptyString",
1355
+ # },
1356
+ # cluster_status: "NonEmptyString",
1357
+ # cluster_subnet_group_name: "NonEmptyString",
1358
+ # cluster_version: "NonEmptyString",
1359
+ # db_name: "NonEmptyString",
1360
+ # deferred_maintenance_windows: [
1361
+ # {
1362
+ # defer_maintenance_end_time: "NonEmptyString",
1363
+ # defer_maintenance_identifier: "NonEmptyString",
1364
+ # defer_maintenance_start_time: "NonEmptyString",
1365
+ # },
1366
+ # ],
1367
+ # elastic_ip_status: {
1368
+ # elastic_ip: "NonEmptyString",
1369
+ # status: "NonEmptyString",
1370
+ # },
1371
+ # elastic_resize_number_of_node_options: "NonEmptyString",
1372
+ # encrypted: false,
1373
+ # endpoint: {
1374
+ # address: "NonEmptyString",
1375
+ # port: 1,
1376
+ # },
1377
+ # enhanced_vpc_routing: false,
1378
+ # expected_next_snapshot_schedule_time: "NonEmptyString",
1379
+ # expected_next_snapshot_schedule_time_status: "NonEmptyString",
1380
+ # hsm_status: {
1381
+ # hsm_client_certificate_identifier: "NonEmptyString",
1382
+ # hsm_configuration_identifier: "NonEmptyString",
1383
+ # status: "NonEmptyString",
1384
+ # },
1385
+ # iam_roles: [
1386
+ # {
1387
+ # apply_status: "NonEmptyString",
1388
+ # iam_role_arn: "NonEmptyString",
1389
+ # },
1390
+ # ],
1391
+ # kms_key_id: "NonEmptyString",
1392
+ # maintenance_track_name: "NonEmptyString",
1393
+ # manual_snapshot_retention_period: 1,
1394
+ # master_username: "NonEmptyString",
1395
+ # next_maintenance_window_start_time: "NonEmptyString",
1396
+ # node_type: "NonEmptyString",
1397
+ # number_of_nodes: 1,
1398
+ # pending_actions: ["NonEmptyString"],
1399
+ # pending_modified_values: {
1400
+ # automated_snapshot_retention_period: 1,
1401
+ # cluster_identifier: "NonEmptyString",
1402
+ # cluster_type: "NonEmptyString",
1403
+ # cluster_version: "NonEmptyString",
1404
+ # encryption_type: "NonEmptyString",
1405
+ # enhanced_vpc_routing: false,
1406
+ # maintenance_track_name: "NonEmptyString",
1407
+ # master_user_password: "NonEmptyString",
1408
+ # node_type: "NonEmptyString",
1409
+ # number_of_nodes: 1,
1410
+ # publicly_accessible: false,
1411
+ # },
1412
+ # preferred_maintenance_window: "NonEmptyString",
1413
+ # publicly_accessible: false,
1414
+ # resize_info: {
1415
+ # allow_cancel_resize: false,
1416
+ # resize_type: "NonEmptyString",
1417
+ # },
1418
+ # restore_status: {
1419
+ # current_restore_rate_in_mega_bytes_per_second: 1.0,
1420
+ # elapsed_time_in_seconds: 1,
1421
+ # estimated_time_to_completion_in_seconds: 1,
1422
+ # progress_in_mega_bytes: 1,
1423
+ # snapshot_size_in_mega_bytes: 1,
1424
+ # status: "NonEmptyString",
1425
+ # },
1426
+ # snapshot_schedule_identifier: "NonEmptyString",
1427
+ # snapshot_schedule_state: "NonEmptyString",
1428
+ # vpc_id: "NonEmptyString",
1429
+ # vpc_security_groups: [
1430
+ # {
1431
+ # status: "NonEmptyString",
1432
+ # vpc_security_group_id: "NonEmptyString",
1433
+ # },
1434
+ # ],
1435
+ # },
1436
+ # aws_elb_load_balancer: {
1437
+ # availability_zones: ["NonEmptyString"],
1438
+ # backend_server_descriptions: [
1439
+ # {
1440
+ # instance_port: 1,
1441
+ # policy_names: ["NonEmptyString"],
1442
+ # },
1443
+ # ],
1444
+ # canonical_hosted_zone_name: "NonEmptyString",
1445
+ # canonical_hosted_zone_name_id: "NonEmptyString",
1446
+ # created_time: "NonEmptyString",
1447
+ # dns_name: "NonEmptyString",
1448
+ # health_check: {
1449
+ # healthy_threshold: 1,
1450
+ # interval: 1,
1451
+ # target: "NonEmptyString",
1452
+ # timeout: 1,
1453
+ # unhealthy_threshold: 1,
1454
+ # },
1455
+ # instances: [
1456
+ # {
1457
+ # instance_id: "NonEmptyString",
1458
+ # },
1459
+ # ],
1460
+ # listener_descriptions: [
1461
+ # {
1462
+ # listener: {
1463
+ # instance_port: 1,
1464
+ # instance_protocol: "NonEmptyString",
1465
+ # load_balancer_port: 1,
1466
+ # protocol: "NonEmptyString",
1467
+ # ssl_certificate_id: "NonEmptyString",
1468
+ # },
1469
+ # policy_names: ["NonEmptyString"],
1470
+ # },
1471
+ # ],
1472
+ # load_balancer_attributes: {
1473
+ # access_log: {
1474
+ # emit_interval: 1,
1475
+ # enabled: false,
1476
+ # s3_bucket_name: "NonEmptyString",
1477
+ # s3_bucket_prefix: "NonEmptyString",
1478
+ # },
1479
+ # connection_draining: {
1480
+ # enabled: false,
1481
+ # timeout: 1,
1482
+ # },
1483
+ # connection_settings: {
1484
+ # idle_timeout: 1,
1485
+ # },
1486
+ # cross_zone_load_balancing: {
1487
+ # enabled: false,
1488
+ # },
1489
+ # },
1490
+ # load_balancer_name: "NonEmptyString",
1491
+ # policies: {
1492
+ # app_cookie_stickiness_policies: [
1493
+ # {
1494
+ # cookie_name: "NonEmptyString",
1495
+ # policy_name: "NonEmptyString",
1496
+ # },
1497
+ # ],
1498
+ # lb_cookie_stickiness_policies: [
1499
+ # {
1500
+ # cookie_expiration_period: 1,
1501
+ # policy_name: "NonEmptyString",
1502
+ # },
1503
+ # ],
1504
+ # other_policies: ["NonEmptyString"],
1505
+ # },
1506
+ # scheme: "NonEmptyString",
1507
+ # security_groups: ["NonEmptyString"],
1508
+ # source_security_group: {
1509
+ # group_name: "NonEmptyString",
1510
+ # owner_alias: "NonEmptyString",
1511
+ # },
1512
+ # subnets: ["NonEmptyString"],
1513
+ # vpc_id: "NonEmptyString",
1514
+ # },
1515
+ # aws_iam_group: {
1516
+ # attached_managed_policies: [
1517
+ # {
1518
+ # policy_name: "NonEmptyString",
1519
+ # policy_arn: "NonEmptyString",
1520
+ # },
1521
+ # ],
1522
+ # create_date: "NonEmptyString",
1523
+ # group_id: "NonEmptyString",
1524
+ # group_name: "NonEmptyString",
1525
+ # group_policy_list: [
1526
+ # {
1527
+ # policy_name: "NonEmptyString",
1528
+ # },
1529
+ # ],
1530
+ # path: "NonEmptyString",
1531
+ # },
1063
1532
  # aws_iam_role: {
1064
1533
  # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1534
+ # attached_managed_policies: [
1535
+ # {
1536
+ # policy_name: "NonEmptyString",
1537
+ # policy_arn: "NonEmptyString",
1538
+ # },
1539
+ # ],
1065
1540
  # create_date: "NonEmptyString",
1541
+ # instance_profile_list: [
1542
+ # {
1543
+ # arn: "NonEmptyString",
1544
+ # create_date: "NonEmptyString",
1545
+ # instance_profile_id: "NonEmptyString",
1546
+ # instance_profile_name: "NonEmptyString",
1547
+ # path: "NonEmptyString",
1548
+ # roles: [
1549
+ # {
1550
+ # arn: "NonEmptyString",
1551
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1552
+ # create_date: "NonEmptyString",
1553
+ # path: "NonEmptyString",
1554
+ # role_id: "NonEmptyString",
1555
+ # role_name: "NonEmptyString",
1556
+ # },
1557
+ # ],
1558
+ # },
1559
+ # ],
1560
+ # permissions_boundary: {
1561
+ # permissions_boundary_arn: "NonEmptyString",
1562
+ # permissions_boundary_type: "NonEmptyString",
1563
+ # },
1066
1564
  # role_id: "NonEmptyString",
1067
1565
  # role_name: "NonEmptyString",
1566
+ # role_policy_list: [
1567
+ # {
1568
+ # policy_name: "NonEmptyString",
1569
+ # },
1570
+ # ],
1068
1571
  # max_session_duration: 1,
1069
1572
  # path: "NonEmptyString",
1070
1573
  # },
@@ -1505,6 +2008,19 @@ module Aws::SecurityHub
1505
2008
  # reference_urls: ["NonEmptyString"],
1506
2009
  # },
1507
2010
  # ],
2011
+ # patch_summary: {
2012
+ # id: "NonEmptyString", # required
2013
+ # installed_count: 1,
2014
+ # missing_count: 1,
2015
+ # failed_count: 1,
2016
+ # installed_other_count: 1,
2017
+ # installed_rejected_count: 1,
2018
+ # installed_pending_reboot: 1,
2019
+ # operation_start_time: "NonEmptyString",
2020
+ # operation_end_time: "NonEmptyString",
2021
+ # reboot_option: "NonEmptyString",
2022
+ # operation: "NonEmptyString",
2023
+ # },
1508
2024
  # },
1509
2025
  # ],
1510
2026
  # })
@@ -1536,8 +2052,8 @@ module Aws::SecurityHub
1536
2052
  # Updates from `BatchUpdateFindings` do not affect the value of
1537
2053
  # `UpdatedAt` for a finding.
1538
2054
  #
1539
- # Master accounts can use `BatchUpdateFindings` to update the following
1540
- # finding fields and objects.
2055
+ # Master and member accounts can use `BatchUpdateFindings` to update the
2056
+ # following finding fields and objects.
1541
2057
  #
1542
2058
  # * `Confidence`
1543
2059
  #
@@ -1557,8 +2073,15 @@ module Aws::SecurityHub
1557
2073
  #
1558
2074
  # * `Workflow`
1559
2075
  #
1560
- # Member accounts can only use `BatchUpdateFindings` to update the Note
1561
- # object.
2076
+ # You can configure IAM policies to restrict access to fields and field
2077
+ # values. For example, you might not want member accounts to be able to
2078
+ # suppress findings or change the finding severity. See [Configuring
2079
+ # access to BatchUpdateFindings][1] in the *AWS Security Hub User
2080
+ # Guide*.
2081
+ #
2082
+ #
2083
+ #
2084
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access
1562
2085
  #
1563
2086
  # @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
1564
2087
  # The list of findings to update. `BatchUpdateFindings` can be used to
@@ -2334,29 +2857,48 @@ module Aws::SecurityHub
2334
2857
 
2335
2858
  # Creates a member association in Security Hub between the specified
2336
2859
  # accounts and the account used to make the request, which is the master
2337
- # account. To successfully create a member, you must use this action
2338
- # from an account that already has Security Hub enabled. To enable
2339
- # Security Hub, you can use the ` EnableSecurityHub ` operation.
2860
+ # account. If you are integrated with Organizations, then the master
2861
+ # account is the Security Hub administrator account that is designated
2862
+ # by the organization management account.
2863
+ #
2864
+ # `CreateMembers` is always used to add accounts that are not
2865
+ # organization members.
2866
+ #
2867
+ # For accounts that are part of an organization, `CreateMembers` is only
2868
+ # used in the following cases:
2869
+ #
2870
+ # * Security Hub is not configured to automatically add new accounts in
2871
+ # an organization.
2872
+ #
2873
+ # * The account was disassociated or deleted in Security Hub.
2874
+ #
2875
+ # This action can only be used by an account that has Security Hub
2876
+ # enabled. To enable Security Hub, you can use the ` EnableSecurityHub `
2877
+ # operation.
2878
+ #
2879
+ # For accounts that are not organization members, you create the account
2880
+ # association and then send an invitation to the member account. To send
2881
+ # the invitation, you use the ` InviteMembers ` operation. If the
2882
+ # account owner accepts the invitation, the account becomes a member
2883
+ # account in Security Hub.
2340
2884
  #
2341
- # After you use `CreateMembers` to create member account associations in
2342
- # Security Hub, you must use the ` InviteMembers ` operation to invite
2343
- # the accounts to enable Security Hub and become member accounts in
2344
- # Security Hub.
2885
+ # Accounts that are part of an organization do not receive an
2886
+ # invitation. They automatically become a member account in Security
2887
+ # Hub.
2345
2888
  #
2346
- # If the account owner accepts the invitation, the account becomes a
2347
- # member account in Security Hub. A permissions policy is added that
2348
- # permits the master account to view the findings generated in the
2349
- # member account. When Security Hub is enabled in the invited account,
2350
- # findings start to be sent to both the member and master accounts.
2889
+ # A permissions policy is added that permits the master account to view
2890
+ # the findings generated in the member account. When Security Hub is
2891
+ # enabled in a member account, findings are sent to both the member and
2892
+ # master accounts.
2351
2893
  #
2352
2894
  # To remove the association between the master and member accounts, use
2353
2895
  # the ` DisassociateFromMasterAccount ` or ` DisassociateMembers `
2354
2896
  # operation.
2355
2897
  #
2356
- # @option params [Array<Types::AccountDetails>] :account_details
2898
+ # @option params [required, Array<Types::AccountDetails>] :account_details
2357
2899
  # The list of accounts to associate with the Security Hub master
2358
- # account. For each account, the list includes the account ID and the
2359
- # email address.
2900
+ # account. For each account, the list includes the account ID and
2901
+ # optionally the email address.
2360
2902
  #
2361
2903
  # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2362
2904
  #
@@ -2365,9 +2907,9 @@ module Aws::SecurityHub
2365
2907
  # @example Request syntax with placeholder values
2366
2908
  #
2367
2909
  # resp = client.create_members({
2368
- # account_details: [
2910
+ # account_details: [ # required
2369
2911
  # {
2370
- # account_id: "AccountId",
2912
+ # account_id: "AccountId", # required
2371
2913
  # email: "NonEmptyString",
2372
2914
  # },
2373
2915
  # ],
@@ -2390,6 +2932,9 @@ module Aws::SecurityHub
2390
2932
 
2391
2933
  # Declines invitations to become a member account.
2392
2934
  #
2935
+ # This operation is only used by accounts that are not part of an
2936
+ # organization. Organization accounts do not receive invitations.
2937
+ #
2393
2938
  # @option params [required, Array<String>] :account_ids
2394
2939
  # The list of account IDs for the accounts from which to decline the
2395
2940
  # invitations to Security Hub.
@@ -2482,6 +3027,9 @@ module Aws::SecurityHub
2482
3027
  # Deletes invitations received by the AWS account to become a member
2483
3028
  # account.
2484
3029
  #
3030
+ # This operation is only used by accounts that are not part of an
3031
+ # organization. Organization accounts do not receive invitations.
3032
+ #
2485
3033
  # @option params [required, Array<String>] :account_ids
2486
3034
  # The list of the account IDs that sent the invitations to delete.
2487
3035
  #
@@ -2512,7 +3060,10 @@ module Aws::SecurityHub
2512
3060
 
2513
3061
  # Deletes the specified member accounts from Security Hub.
2514
3062
  #
2515
- # @option params [Array<String>] :account_ids
3063
+ # Can be used to delete member accounts that belong to an organization
3064
+ # as well as member accounts that were invited manually.
3065
+ #
3066
+ # @option params [required, Array<String>] :account_ids
2516
3067
  # The list of account IDs for the member accounts to delete.
2517
3068
  #
2518
3069
  # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -2522,7 +3073,7 @@ module Aws::SecurityHub
2522
3073
  # @example Request syntax with placeholder values
2523
3074
  #
2524
3075
  # resp = client.delete_members({
2525
- # account_ids: ["NonEmptyString"],
3076
+ # account_ids: ["NonEmptyString"], # required
2526
3077
  # })
2527
3078
  #
2528
3079
  # @example Response structure
@@ -2624,6 +3175,28 @@ module Aws::SecurityHub
2624
3175
  req.send_request(options)
2625
3176
  end
2626
3177
 
3178
+ # Returns information about the Organizations configuration for Security
3179
+ # Hub. Can only be called from a Security Hub administrator account.
3180
+ #
3181
+ # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3182
+ #
3183
+ # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
3184
+ # * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
3185
+ #
3186
+ # @example Response structure
3187
+ #
3188
+ # resp.auto_enable #=> Boolean
3189
+ # resp.member_account_limit_reached #=> Boolean
3190
+ #
3191
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
3192
+ #
3193
+ # @overload describe_organization_configuration(params = {})
3194
+ # @param [Hash] params ({})
3195
+ def describe_organization_configuration(params = {}, options = {})
3196
+ req = build_request(:describe_organization_configuration, params)
3197
+ req.send_request(options)
3198
+ end
3199
+
2627
3200
  # Returns information about the available products that you can
2628
3201
  # subscribe to and integrate with Security Hub in order to consolidate
2629
3202
  # findings.
@@ -2736,7 +3309,8 @@ module Aws::SecurityHub
2736
3309
  #
2737
3310
  # @option params [required, String] :standards_subscription_arn
2738
3311
  # The ARN of a resource that represents your subscription to a supported
2739
- # standard.
3312
+ # standard. To get the subscription ARNs of the standards you have
3313
+ # enabled, use the ` GetEnabledStandards ` operation.
2740
3314
  #
2741
3315
  # @option params [String] :next_token
2742
3316
  # The token that is required for pagination. On your first call to the
@@ -2814,6 +3388,29 @@ module Aws::SecurityHub
2814
3388
  req.send_request(options)
2815
3389
  end
2816
3390
 
3391
+ # Disables a Security Hub administrator account. Can only be called by
3392
+ # the organization management account.
3393
+ #
3394
+ # @option params [required, String] :admin_account_id
3395
+ # The AWS account identifier of the Security Hub administrator account.
3396
+ #
3397
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3398
+ #
3399
+ # @example Request syntax with placeholder values
3400
+ #
3401
+ # resp = client.disable_organization_admin_account({
3402
+ # admin_account_id: "NonEmptyString", # required
3403
+ # })
3404
+ #
3405
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
3406
+ #
3407
+ # @overload disable_organization_admin_account(params = {})
3408
+ # @param [Hash] params ({})
3409
+ def disable_organization_admin_account(params = {}, options = {})
3410
+ req = build_request(:disable_organization_admin_account, params)
3411
+ req.send_request(options)
3412
+ end
3413
+
2817
3414
  # Disables Security Hub in your account only in the current Region. To
2818
3415
  # disable Security Hub in all Regions, you must submit one request per
2819
3416
  # Region where you have enabled Security Hub.
@@ -2843,6 +3440,11 @@ module Aws::SecurityHub
2843
3440
  # Disassociates the current Security Hub member account from the
2844
3441
  # associated master account.
2845
3442
  #
3443
+ # This operation is only used by accounts that are not part of an
3444
+ # organization. For organization accounts, only the master account (the
3445
+ # designated Security Hub administrator) can disassociate a member
3446
+ # account.
3447
+ #
2846
3448
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2847
3449
  #
2848
3450
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount AWS API Documentation
@@ -2857,7 +3459,10 @@ module Aws::SecurityHub
2857
3459
  # Disassociates the specified member accounts from the associated master
2858
3460
  # account.
2859
3461
  #
2860
- # @option params [Array<String>] :account_ids
3462
+ # Can be used to disassociate both accounts that are in an organization
3463
+ # and accounts that were invited manually.
3464
+ #
3465
+ # @option params [required, Array<String>] :account_ids
2861
3466
  # The account IDs of the member accounts to disassociate from the master
2862
3467
  # account.
2863
3468
  #
@@ -2866,7 +3471,7 @@ module Aws::SecurityHub
2866
3471
  # @example Request syntax with placeholder values
2867
3472
  #
2868
3473
  # resp = client.disassociate_members({
2869
- # account_ids: ["NonEmptyString"],
3474
+ # account_ids: ["NonEmptyString"], # required
2870
3475
  # })
2871
3476
  #
2872
3477
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembers AWS API Documentation
@@ -2911,6 +3516,30 @@ module Aws::SecurityHub
2911
3516
  req.send_request(options)
2912
3517
  end
2913
3518
 
3519
+ # Designates the Security Hub administrator account for an organization.
3520
+ # Can only be called by the organization management account.
3521
+ #
3522
+ # @option params [required, String] :admin_account_id
3523
+ # The AWS account identifier of the account to designate as the Security
3524
+ # Hub administrator account.
3525
+ #
3526
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3527
+ #
3528
+ # @example Request syntax with placeholder values
3529
+ #
3530
+ # resp = client.enable_organization_admin_account({
3531
+ # admin_account_id: "NonEmptyString", # required
3532
+ # })
3533
+ #
3534
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
3535
+ #
3536
+ # @overload enable_organization_admin_account(params = {})
3537
+ # @param [Hash] params ({})
3538
+ def enable_organization_admin_account(params = {}, options = {})
3539
+ req = build_request(:enable_organization_admin_account, params)
3540
+ req.send_request(options)
3541
+ end
3542
+
2914
3543
  # Enables Security Hub for your account in the current Region or the
2915
3544
  # Region you specify in the request.
2916
3545
  #
@@ -3030,6 +3659,9 @@ module Aws::SecurityHub
3030
3659
  # The finding attributes used to define a condition to filter the
3031
3660
  # returned findings.
3032
3661
  #
3662
+ # You can filter by up to 10 finding attributes. For each attribute, you
3663
+ # can provide up to 20 filter values.
3664
+ #
3033
3665
  # Note that in the available filter fields, `WorkflowState` is
3034
3666
  # deprecated. To search for a finding based on its workflow status, use
3035
3667
  # `WorkflowStatus`.
@@ -3713,6 +4345,7 @@ module Aws::SecurityHub
3713
4345
  # resp.findings[0].resources[0].id #=> String
3714
4346
  # resp.findings[0].resources[0].partition #=> String, one of "aws", "aws-cn", "aws-us-gov"
3715
4347
  # resp.findings[0].resources[0].region #=> String
4348
+ # resp.findings[0].resources[0].resource_role #=> String
3716
4349
  # resp.findings[0].resources[0].tags #=> Hash
3717
4350
  # resp.findings[0].resources[0].tags["NonEmptyString"] #=> String
3718
4351
  # resp.findings[0].resources[0].details.aws_auto_scaling_auto_scaling_group.launch_configuration_name #=> String
@@ -3738,6 +4371,10 @@ module Aws::SecurityHub
3738
4371
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.subnets[0] #=> String
3739
4372
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids #=> Array
3740
4373
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids[0] #=> String
4374
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items #=> Array
4375
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items[0].viewer_protocol_policy #=> String
4376
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_cache_behavior.viewer_protocol_policy #=> String
4377
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_root_object #=> String
3741
4378
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.domain_name #=> String
3742
4379
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.etag #=> String
3743
4380
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.last_modified_time #=> String
@@ -3749,6 +4386,11 @@ module Aws::SecurityHub
3749
4386
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].domain_name #=> String
3750
4387
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].id #=> String
3751
4388
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].origin_path #=> String
4389
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].s3_origin_config.origin_access_identity #=> String
4390
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items #=> Array
4391
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items #=> Array
4392
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items[0] #=> Integer
4393
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.quantity #=> Integer
3752
4394
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.status #=> String
3753
4395
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.web_acl_id #=> String
3754
4396
  # resp.findings[0].resources[0].details.aws_ec2_instance.type #=> String
@@ -3902,6 +4544,15 @@ module Aws::SecurityHub
3902
4544
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_id #=> String
3903
4545
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_type #=> String
3904
4546
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_name #=> String
4547
+ # resp.findings[0].resources[0].details.aws_iam_access_key.account_id #=> String
4548
+ # resp.findings[0].resources[0].details.aws_iam_access_key.access_key_id #=> String
4549
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.mfa_authenticated #=> Boolean
4550
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.creation_date #=> String
4551
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.type #=> String
4552
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.principal_id #=> String
4553
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.arn #=> String
4554
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.account_id #=> String
4555
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.user_name #=> String
3905
4556
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies #=> Array
3906
4557
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_name #=> String
3907
4558
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_arn #=> String
@@ -3929,6 +4580,47 @@ module Aws::SecurityHub
3929
4580
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].is_default_version #=> Boolean
3930
4581
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].create_date #=> String
3931
4582
  # resp.findings[0].resources[0].details.aws_iam_policy.update_date #=> String
4583
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.created_date #=> String
4584
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.description #=> String
4585
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.detailed_metrics_enabled #=> Boolean
4586
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.logging_level #=> String
4587
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.data_trace_enabled #=> Boolean
4588
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_burst_limit #=> Integer
4589
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_rate_limit #=> Float
4590
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.deployment_id #=> String
4591
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_updated_date #=> String
4592
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.detailed_metrics_enabled #=> Boolean
4593
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.logging_level #=> String
4594
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.data_trace_enabled #=> Boolean
4595
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_burst_limit #=> Integer
4596
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_rate_limit #=> Float
4597
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_name #=> String
4598
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables #=> Hash
4599
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables["NonEmptyString"] #=> String
4600
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.format #=> String
4601
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.destination_arn #=> String
4602
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.auto_deploy #=> Boolean
4603
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_deployment_status_message #=> String
4604
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.api_gateway_managed #=> Boolean
4605
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_endpoint #=> String
4606
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_id #=> String
4607
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_key_selection_expression #=> String
4608
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.created_date #=> String
4609
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.description #=> String
4610
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.version #=> String
4611
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.name #=> String
4612
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.protocol_type #=> String
4613
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.route_selection_expression #=> String
4614
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins #=> Array
4615
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins[0] #=> String
4616
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_credentials #=> Boolean
4617
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers #=> Array
4618
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers[0] #=> String
4619
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.max_age #=> Integer
4620
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods #=> Array
4621
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods[0] #=> String
4622
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers #=> Array
4623
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers[0] #=> String
3932
4624
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions #=> Array
3933
4625
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_name #=> String
3934
4626
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_type #=> String
@@ -3997,10 +4689,283 @@ module Aws::SecurityHub
3997
4689
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_name #=> String
3998
4690
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_size_bytes #=> Integer
3999
4691
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_status #=> String
4692
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.deployment_id #=> String
4693
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.client_certificate_id #=> String
4694
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.stage_name #=> String
4695
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.description #=> String
4696
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_enabled #=> Boolean
4697
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_size #=> String
4698
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_status #=> String
4699
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings #=> Array
4700
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].metrics_enabled #=> Boolean
4701
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].logging_level #=> String
4702
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].data_trace_enabled #=> Boolean
4703
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_burst_limit #=> Integer
4704
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_rate_limit #=> Float
4705
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].caching_enabled #=> Boolean
4706
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_ttl_in_seconds #=> Integer
4707
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_data_encrypted #=> Boolean
4708
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].require_authorization_for_cache_control #=> Boolean
4709
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].unauthorized_cache_control_header_strategy #=> String
4710
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].http_method #=> String
4711
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].resource_path #=> String
4712
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables #=> Hash
4713
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables["NonEmptyString"] #=> String
4714
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.documentation_version #=> String
4715
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.format #=> String
4716
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.destination_arn #=> String
4717
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.percent_traffic #=> Float
4718
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.deployment_id #=> String
4719
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides #=> Hash
4720
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides["NonEmptyString"] #=> String
4721
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.use_stage_cache #=> Boolean
4722
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.tracing_enabled #=> Boolean
4723
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.created_date #=> String
4724
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.last_updated_date #=> String
4725
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.web_acl_arn #=> String
4726
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.id #=> String
4727
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.name #=> String
4728
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.description #=> String
4729
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.created_date #=> String
4730
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.version #=> String
4731
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types #=> Array
4732
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types[0] #=> String
4733
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.minimum_compression_size #=> Integer
4734
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.api_key_source #=> String
4735
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types #=> Array
4736
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types[0] #=> String
4737
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_log_group_arn #=> String
4738
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_role_arn #=> String
4739
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.has_custom_event_selectors #=> Boolean
4740
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.home_region #=> String
4741
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.include_global_service_events #=> Boolean
4742
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_multi_region_trail #=> Boolean
4743
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_organization_trail #=> Boolean
4744
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.kms_key_id #=> String
4745
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.log_file_validation_enabled #=> Boolean
4746
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.name #=> String
4747
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_bucket_name #=> String
4748
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_key_prefix #=> String
4749
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_arn #=> String
4750
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_name #=> String
4751
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.trail_arn #=> String
4752
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.certificate_authority_arn #=> String
4753
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.created_at #=> String
4754
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_name #=> String
4755
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options #=> Array
4756
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].domain_name #=> String
4757
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.name #=> String
4758
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.type #=> String
4759
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.value #=> String
4760
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_domain #=> String
4761
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails #=> Array
4762
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails[0] #=> String
4763
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_method #=> String
4764
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_status #=> String
4765
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages #=> Array
4766
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].name #=> String
4767
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].o_id #=> String
4768
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.failure_reason #=> String
4769
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.imported_at #=> String
4770
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by #=> Array
4771
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by[0] #=> String
4772
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issued_at #=> String
4773
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issuer #=> String
4774
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_algorithm #=> String
4775
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages #=> Array
4776
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages[0].name #=> String
4777
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_after #=> String
4778
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_before #=> String
4779
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.options.certificate_transparency_logging_preference #=> String
4780
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_eligibility #=> String
4781
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options #=> Array
4782
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].domain_name #=> String
4783
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.name #=> String
4784
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.type #=> String
4785
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.value #=> String
4786
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_domain #=> String
4787
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails #=> Array
4788
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails[0] #=> String
4789
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_method #=> String
4790
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_status #=> String
4791
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status #=> String
4792
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status_reason #=> String
4793
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.updated_at #=> String
4794
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.serial #=> String
4795
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.signature_algorithm #=> String
4796
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.status #=> String
4797
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject #=> String
4798
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names #=> Array
4799
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names[0] #=> String
4800
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.type #=> String
4801
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.allow_version_upgrade #=> Boolean
4802
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.automated_snapshot_retention_period #=> Integer
4803
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.availability_zone #=> String
4804
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_availability_status #=> String
4805
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_create_time #=> String
4806
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_identifier #=> String
4807
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes #=> Array
4808
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].node_role #=> String
4809
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].private_ip_address #=> String
4810
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].public_ip_address #=> String
4811
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups #=> Array
4812
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list #=> Array
4813
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_name #=> String
4814
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_status #=> String
4815
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_error_description #=> String
4816
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_apply_status #=> String
4817
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_group_name #=> String
4818
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_public_key #=> String
4819
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_revision_number #=> String
4820
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups #=> Array
4821
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].cluster_security_group_name #=> String
4822
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].status #=> String
4823
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.destination_region #=> String
4824
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.manual_snapshot_retention_period #=> Integer
4825
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.retention_period #=> Integer
4826
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.snapshot_copy_grant_name #=> String
4827
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_status #=> String
4828
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_subnet_group_name #=> String
4829
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_version #=> String
4830
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.db_name #=> String
4831
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows #=> Array
4832
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_end_time #=> String
4833
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_identifier #=> String
4834
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_start_time #=> String
4835
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.elastic_ip #=> String
4836
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.status #=> String
4837
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_resize_number_of_node_options #=> String
4838
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.encrypted #=> Boolean
4839
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.address #=> String
4840
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.port #=> Integer
4841
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.enhanced_vpc_routing #=> Boolean
4842
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time #=> String
4843
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time_status #=> String
4844
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_client_certificate_identifier #=> String
4845
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_configuration_identifier #=> String
4846
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.status #=> String
4847
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles #=> Array
4848
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].apply_status #=> String
4849
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].iam_role_arn #=> String
4850
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.kms_key_id #=> String
4851
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.maintenance_track_name #=> String
4852
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.manual_snapshot_retention_period #=> Integer
4853
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.master_username #=> String
4854
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.next_maintenance_window_start_time #=> String
4855
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.node_type #=> String
4856
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.number_of_nodes #=> Integer
4857
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions #=> Array
4858
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions[0] #=> String
4859
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.automated_snapshot_retention_period #=> Integer
4860
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_identifier #=> String
4861
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_type #=> String
4862
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_version #=> String
4863
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.encryption_type #=> String
4864
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.enhanced_vpc_routing #=> Boolean
4865
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.maintenance_track_name #=> String
4866
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.master_user_password #=> String
4867
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.node_type #=> String
4868
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.number_of_nodes #=> Integer
4869
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.publicly_accessible #=> Boolean
4870
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.preferred_maintenance_window #=> String
4871
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.publicly_accessible #=> Boolean
4872
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.allow_cancel_resize #=> Boolean
4873
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.resize_type #=> String
4874
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.current_restore_rate_in_mega_bytes_per_second #=> Float
4875
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.elapsed_time_in_seconds #=> Integer
4876
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.estimated_time_to_completion_in_seconds #=> Integer
4877
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.progress_in_mega_bytes #=> Integer
4878
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.snapshot_size_in_mega_bytes #=> Integer
4879
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.status #=> String
4880
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_identifier #=> String
4881
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_state #=> String
4882
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_id #=> String
4883
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups #=> Array
4884
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].status #=> String
4885
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].vpc_security_group_id #=> String
4886
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones #=> Array
4887
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones[0] #=> String
4888
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions #=> Array
4889
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].instance_port #=> Integer
4890
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names #=> Array
4891
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names[0] #=> String
4892
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name #=> String
4893
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name_id #=> String
4894
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.created_time #=> String
4895
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.dns_name #=> String
4896
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.healthy_threshold #=> Integer
4897
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.interval #=> Integer
4898
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.target #=> String
4899
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.timeout #=> Integer
4900
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.unhealthy_threshold #=> Integer
4901
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances #=> Array
4902
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances[0].instance_id #=> String
4903
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions #=> Array
4904
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_port #=> Integer
4905
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_protocol #=> String
4906
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.load_balancer_port #=> Integer
4907
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.protocol #=> String
4908
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.ssl_certificate_id #=> String
4909
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names #=> Array
4910
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names[0] #=> String
4911
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.emit_interval #=> Integer
4912
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.enabled #=> Boolean
4913
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_name #=> String
4914
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_prefix #=> String
4915
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.enabled #=> Boolean
4916
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.timeout #=> Integer
4917
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_settings.idle_timeout #=> Integer
4918
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.cross_zone_load_balancing.enabled #=> Boolean
4919
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_name #=> String
4920
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies #=> Array
4921
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].cookie_name #=> String
4922
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].policy_name #=> String
4923
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies #=> Array
4924
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].cookie_expiration_period #=> Integer
4925
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].policy_name #=> String
4926
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies #=> Array
4927
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies[0] #=> String
4928
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.scheme #=> String
4929
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups #=> Array
4930
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups[0] #=> String
4931
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.group_name #=> String
4932
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.owner_alias #=> String
4933
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets #=> Array
4934
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets[0] #=> String
4935
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.vpc_id #=> String
4936
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies #=> Array
4937
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_name #=> String
4938
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_arn #=> String
4939
+ # resp.findings[0].resources[0].details.aws_iam_group.create_date #=> String
4940
+ # resp.findings[0].resources[0].details.aws_iam_group.group_id #=> String
4941
+ # resp.findings[0].resources[0].details.aws_iam_group.group_name #=> String
4942
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list #=> Array
4943
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list[0].policy_name #=> String
4944
+ # resp.findings[0].resources[0].details.aws_iam_group.path #=> String
4000
4945
  # resp.findings[0].resources[0].details.aws_iam_role.assume_role_policy_document #=> String
4946
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies #=> Array
4947
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_name #=> String
4948
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_arn #=> String
4001
4949
  # resp.findings[0].resources[0].details.aws_iam_role.create_date #=> String
4950
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list #=> Array
4951
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].arn #=> String
4952
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].create_date #=> String
4953
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_id #=> String
4954
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_name #=> String
4955
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].path #=> String
4956
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles #=> Array
4957
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].arn #=> String
4958
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].assume_role_policy_document #=> String
4959
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].create_date #=> String
4960
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].path #=> String
4961
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_id #=> String
4962
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_name #=> String
4963
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_arn #=> String
4964
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_type #=> String
4002
4965
  # resp.findings[0].resources[0].details.aws_iam_role.role_id #=> String
4003
4966
  # resp.findings[0].resources[0].details.aws_iam_role.role_name #=> String
4967
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list #=> Array
4968
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list[0].policy_name #=> String
4004
4969
  # resp.findings[0].resources[0].details.aws_iam_role.max_session_duration #=> Integer
4005
4970
  # resp.findings[0].resources[0].details.aws_iam_role.path #=> String
4006
4971
  # resp.findings[0].resources[0].details.aws_kms_key.aws_account_id #=> String
@@ -4322,6 +5287,17 @@ module Aws::SecurityHub
4322
5287
  # resp.findings[0].vulnerabilities[0].vendor.vendor_updated_at #=> String
4323
5288
  # resp.findings[0].vulnerabilities[0].reference_urls #=> Array
4324
5289
  # resp.findings[0].vulnerabilities[0].reference_urls[0] #=> String
5290
+ # resp.findings[0].patch_summary.id #=> String
5291
+ # resp.findings[0].patch_summary.installed_count #=> Integer
5292
+ # resp.findings[0].patch_summary.missing_count #=> Integer
5293
+ # resp.findings[0].patch_summary.failed_count #=> Integer
5294
+ # resp.findings[0].patch_summary.installed_other_count #=> Integer
5295
+ # resp.findings[0].patch_summary.installed_rejected_count #=> Integer
5296
+ # resp.findings[0].patch_summary.installed_pending_reboot #=> Integer
5297
+ # resp.findings[0].patch_summary.operation_start_time #=> String
5298
+ # resp.findings[0].patch_summary.operation_end_time #=> String
5299
+ # resp.findings[0].patch_summary.reboot_option #=> String
5300
+ # resp.findings[0].patch_summary.operation #=> String
4325
5301
  # resp.next_token #=> String
4326
5302
  #
4327
5303
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings AWS API Documentation
@@ -4719,6 +5695,9 @@ module Aws::SecurityHub
4719
5695
  # Provides the details for the Security Hub master account for the
4720
5696
  # current member account.
4721
5697
  #
5698
+ # Can be used by both member accounts that are in an organization and
5699
+ # accounts that were invited manually.
5700
+ #
4722
5701
  # @return [Types::GetMasterAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4723
5702
  #
4724
5703
  # * {Types::GetMasterAccountResponse#master #master} => Types::Invitation
@@ -4742,6 +5721,13 @@ module Aws::SecurityHub
4742
5721
  # Returns the details for the Security Hub member accounts for the
4743
5722
  # specified account IDs.
4744
5723
  #
5724
+ # A master account can be either a delegated Security Hub administrator
5725
+ # account for an organization or a master account that enabled Security
5726
+ # Hub manually.
5727
+ #
5728
+ # The results include both member accounts that are in an organization
5729
+ # and accounts that were invited manually.
5730
+ #
4745
5731
  # @option params [required, Array<String>] :account_ids
4746
5732
  # The list of account IDs for the Security Hub member accounts to return
4747
5733
  # the details for.
@@ -4782,15 +5768,18 @@ module Aws::SecurityHub
4782
5768
  # Invites other AWS accounts to become member accounts for the Security
4783
5769
  # Hub master account that the invitation is sent from.
4784
5770
  #
5771
+ # This operation is only used to invite accounts that do not belong to
5772
+ # an organization. Organization accounts do not receive invitations.
5773
+ #
4785
5774
  # Before you can use this action to invite a member, you must first use
4786
5775
  # the ` CreateMembers ` action to create the member account in Security
4787
5776
  # Hub.
4788
5777
  #
4789
- # When the account owner accepts the invitation to become a member
4790
- # account and enables Security Hub, the master account can view the
4791
- # findings generated from the member account.
5778
+ # When the account owner enables Security Hub and accepts the invitation
5779
+ # to become a member account, the master account can view the findings
5780
+ # generated from the member account.
4792
5781
  #
4793
- # @option params [Array<String>] :account_ids
5782
+ # @option params [required, Array<String>] :account_ids
4794
5783
  # The list of account IDs of the AWS accounts to invite to Security Hub
4795
5784
  # as members.
4796
5785
  #
@@ -4801,7 +5790,7 @@ module Aws::SecurityHub
4801
5790
  # @example Request syntax with placeholder values
4802
5791
  #
4803
5792
  # resp = client.invite_members({
4804
- # account_ids: ["NonEmptyString"],
5793
+ # account_ids: ["NonEmptyString"], # required
4805
5794
  # })
4806
5795
  #
4807
5796
  # @example Response structure
@@ -4866,6 +5855,9 @@ module Aws::SecurityHub
4866
5855
  # Lists all Security Hub membership invitations that were sent to the
4867
5856
  # current AWS account.
4868
5857
  #
5858
+ # This operation is only used by accounts that do not belong to an
5859
+ # organization. Organization accounts do not receive invitations.
5860
+ #
4869
5861
  # @option params [Integer] :max_results
4870
5862
  # The maximum number of items to return in the response.
4871
5863
  #
@@ -4913,14 +5905,17 @@ module Aws::SecurityHub
4913
5905
  # Lists details about all member accounts for the current Security Hub
4914
5906
  # master account.
4915
5907
  #
5908
+ # The results include both member accounts that belong to an
5909
+ # organization and member accounts that were invited manually.
5910
+ #
4916
5911
  # @option params [Boolean] :only_associated
4917
5912
  # Specifies which member accounts to include in the response based on
4918
5913
  # their relationship status with the master account. The default value
4919
5914
  # is `TRUE`.
4920
5915
  #
4921
5916
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
4922
- # accounts whose relationship status with the master is set to `ENABLED`
4923
- # or `DISABLED`.
5917
+ # accounts whose relationship status with the master is set to
5918
+ # `ENABLED`.
4924
5919
  #
4925
5920
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
4926
5921
  # existing member accounts.
@@ -4971,6 +5966,49 @@ module Aws::SecurityHub
4971
5966
  req.send_request(options)
4972
5967
  end
4973
5968
 
5969
+ # Lists the Security Hub administrator accounts. Can only be called by
5970
+ # the organization management account.
5971
+ #
5972
+ # @option params [Integer] :max_results
5973
+ # The maximum number of items to return in the response.
5974
+ #
5975
+ # @option params [String] :next_token
5976
+ # The token that is required for pagination. On your first call to the
5977
+ # `ListOrganizationAdminAccounts` operation, set the value of this
5978
+ # parameter to `NULL`. For subsequent calls to the operation, to
5979
+ # continue listing data, set the value of this parameter to the value
5980
+ # returned from the previous response.
5981
+ #
5982
+ # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5983
+ #
5984
+ # * {Types::ListOrganizationAdminAccountsResponse#admin_accounts #admin_accounts} => Array&lt;Types::AdminAccount&gt;
5985
+ # * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
5986
+ #
5987
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
5988
+ #
5989
+ # @example Request syntax with placeholder values
5990
+ #
5991
+ # resp = client.list_organization_admin_accounts({
5992
+ # max_results: 1,
5993
+ # next_token: "NextToken",
5994
+ # })
5995
+ #
5996
+ # @example Response structure
5997
+ #
5998
+ # resp.admin_accounts #=> Array
5999
+ # resp.admin_accounts[0].account_id #=> String
6000
+ # resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
6001
+ # resp.next_token #=> String
6002
+ #
6003
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
6004
+ #
6005
+ # @overload list_organization_admin_accounts(params = {})
6006
+ # @param [Hash] params ({})
6007
+ def list_organization_admin_accounts(params = {}, options = {})
6008
+ req = build_request(:list_organization_admin_accounts, params)
6009
+ req.send_request(options)
6010
+ end
6011
+
4974
6012
  # Returns a list of tags associated with a resource.
4975
6013
  #
4976
6014
  # @option params [required, String] :resource_arn
@@ -6267,6 +7305,36 @@ module Aws::SecurityHub
6267
7305
  req.send_request(options)
6268
7306
  end
6269
7307
 
7308
+ # Used to update the configuration related to Organizations. Can only be
7309
+ # called from a Security Hub administrator account.
7310
+ #
7311
+ # @option params [required, Boolean] :auto_enable
7312
+ # Whether to automatically enable Security Hub for new accounts in the
7313
+ # organization.
7314
+ #
7315
+ # By default, this is `false`, and new accounts are not added
7316
+ # automatically.
7317
+ #
7318
+ # To automatically enable Security Hub for new accounts, set this to
7319
+ # `true`.
7320
+ #
7321
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
7322
+ #
7323
+ # @example Request syntax with placeholder values
7324
+ #
7325
+ # resp = client.update_organization_configuration({
7326
+ # auto_enable: false, # required
7327
+ # })
7328
+ #
7329
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
7330
+ #
7331
+ # @overload update_organization_configuration(params = {})
7332
+ # @param [Hash] params ({})
7333
+ def update_organization_configuration(params = {}, options = {})
7334
+ req = build_request(:update_organization_configuration, params)
7335
+ req.send_request(options)
7336
+ end
7337
+
6270
7338
  # Updates configuration options for Security Hub.
6271
7339
  #
6272
7340
  # @option params [Boolean] :auto_enable_controls
@@ -6339,7 +7407,7 @@ module Aws::SecurityHub
6339
7407
  params: params,
6340
7408
  config: config)
6341
7409
  context[:gem_name] = 'aws-sdk-securityhub'
6342
- context[:gem_version] = '1.31.0'
7410
+ context[:gem_version] = '1.36.0'
6343
7411
  Seahorse::Client::Request.new(handlers, context)
6344
7412
  end
6345
7413