aws-sdk-securityhub 1.32.0 → 1.37.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-securityhub.rb +2 -1
  3. data/lib/aws-sdk-securityhub/client.rb +1101 -42
  4. data/lib/aws-sdk-securityhub/client_api.rb +736 -7
  5. data/lib/aws-sdk-securityhub/types.rb +9771 -3534
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 63932fd1ce625cec5453b939af90ffa7f77546d7324135170792577ffd791cfc
4
- data.tar.gz: 0d5ee5baa4d0d2eaa3452369a78f7ef51120b26f739a0204483c62740f169e0a
3
+ metadata.gz: df2a3fc021bc8145f30d7102a52856aeda3cf906ddbc203297b2a32f6694747e
4
+ data.tar.gz: c895cc4b77cb84dac65607b301e3ab0fc9fca94c41d5ea781330c49cfeb28558
5
5
  SHA512:
6
- metadata.gz: a164aa9f60a716f9a0b472b72e49f0191618119ba6a3d8f25a42f8f2ad2fd92f8a81e13a53d1cfed5f92335da7678fecc21be97fe676440e6597fddafb3dc85a
7
- data.tar.gz: 73b42cee94f87e5c016876fcc7ae93e4298bcb4842f653f52b51a6c9088e1b1883ec7cd4f645dfbaa90b5a8768828d8b1cb22cabe58790e65b2312e1e43a2f80
6
+ metadata.gz: b097edccc60d374658696008790e7a3df92bd7480b2e121c067430fb1f6b4106eb6b7af622ea6722ae3d86cec16b08f1d314d17eeecf598889f3d55566b9cd79
7
+ data.tar.gz: 7a8df42380b7f84dac7c2f664a8816656d492e21a0ed9fcbfb5e52bd2d4720d0c6c70acc8be90746cdaa0bb23b3bae58078961d27d620de7cc3809a3c62f596a
data/lib/aws-sdk-securityhub.rb CHANGED
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-securityhub/customizations'
47
48
  # @!group service
48
49
  module Aws::SecurityHub
49
50
 
50
- GEM_VERSION = '1.32.0'
51
+ GEM_VERSION = '1.37.0'
51
52
 
52
53
  end
data/lib/aws-sdk-securityhub/client.rb CHANGED
@@ -330,6 +330,9 @@ module Aws::SecurityHub
330
330
  # Accepts the invitation to be a member account and be monitored by the
331
331
  # Security Hub master account that the invitation was sent from.
332
332
  #
333
+ # This operation is only used by member accounts that are not added
334
+ # through Organizations.
335
+ #
333
336
  # When the member account accepts the invitation, permission is granted
334
337
  # to the master account to view findings generated in the member
335
338
  # account.
@@ -460,24 +463,30 @@ module Aws::SecurityHub
460
463
  # update the following finding fields and objects, which Security Hub
461
464
  # customers use to manage their investigation workflow.
462
465
  #
466
+ # * `Note`
467
+ #
468
+ # * `UserDefinedFields`
469
+ #
470
+ # * `VerificationState`
471
+ #
472
+ # * `Workflow`
473
+ #
474
+ # `BatchImportFindings` can be used to update the following finding
475
+ # fields and objects only if they have not been updated using
476
+ # `BatchUpdateFindings`. After they are updated using
477
+ # `BatchUpdateFindings`, these fields cannot be updated using
478
+ # `BatchImportFindings`.
479
+ #
463
480
  # * `Confidence`
464
481
  #
465
482
  # * `Criticality`
466
483
  #
467
- # * `Note`
468
- #
469
484
  # * `RelatedFindings`
470
485
  #
471
486
  # * `Severity`
472
487
  #
473
488
  # * `Types`
474
489
  #
475
- # * `UserDefinedFields`
476
- #
477
- # * `VerificationState`
478
- #
479
- # * `Workflow`
480
- #
481
490
  # @option params [required, Array<Types::AwsSecurityFinding>] :findings
482
491
  # A list of findings to import. To successfully import a finding, it
483
492
  # must follow the [AWS Security Finding Format][1]. Maximum of 100
@@ -628,6 +637,7 @@ module Aws::SecurityHub
628
637
  # id: "NonEmptyString", # required
629
638
  # partition: "aws", # accepts aws, aws-cn, aws-us-gov
630
639
  # region: "NonEmptyString",
640
+ # resource_role: "NonEmptyString",
631
641
  # tags: {
632
642
  # "NonEmptyString" => "NonEmptyString",
633
643
  # },
@@ -665,6 +675,17 @@ module Aws::SecurityHub
665
675
  # },
666
676
  # },
667
677
  # aws_cloud_front_distribution: {
678
+ # cache_behaviors: {
679
+ # items: [
680
+ # {
681
+ # viewer_protocol_policy: "NonEmptyString",
682
+ # },
683
+ # ],
684
+ # },
685
+ # default_cache_behavior: {
686
+ # viewer_protocol_policy: "NonEmptyString",
687
+ # },
688
+ # default_root_object: "NonEmptyString",
668
689
  # domain_name: "NonEmptyString",
669
690
  # etag: "NonEmptyString",
670
691
  # last_modified_time: "NonEmptyString",
@@ -680,6 +701,21 @@ module Aws::SecurityHub
680
701
  # domain_name: "NonEmptyString",
681
702
  # id: "NonEmptyString",
682
703
  # origin_path: "NonEmptyString",
704
+ # s3_origin_config: {
705
+ # origin_access_identity: "NonEmptyString",
706
+ # },
707
+ # },
708
+ # ],
709
+ # },
710
+ # origin_groups: {
711
+ # items: [
712
+ # {
713
+ # failover_criteria: {
714
+ # status_codes: {
715
+ # items: [1],
716
+ # quantity: 1,
717
+ # },
718
+ # },
683
719
  # },
684
720
  # ],
685
721
  # },
@@ -921,6 +957,21 @@ module Aws::SecurityHub
921
957
  # principal_id: "NonEmptyString",
922
958
  # principal_type: "NonEmptyString",
923
959
  # principal_name: "NonEmptyString",
960
+ # account_id: "NonEmptyString",
961
+ # access_key_id: "NonEmptyString",
962
+ # session_context: {
963
+ # attributes: {
964
+ # mfa_authenticated: false,
965
+ # creation_date: "NonEmptyString",
966
+ # },
967
+ # session_issuer: {
968
+ # type: "NonEmptyString",
969
+ # principal_id: "NonEmptyString",
970
+ # arn: "NonEmptyString",
971
+ # account_id: "NonEmptyString",
972
+ # user_name: "NonEmptyString",
973
+ # },
974
+ # },
924
975
  # },
925
976
  # aws_iam_user: {
926
977
  # attached_managed_policies: [
@@ -963,6 +1014,56 @@ module Aws::SecurityHub
963
1014
  # ],
964
1015
  # update_date: "NonEmptyString",
965
1016
  # },
1017
+ # aws_api_gateway_v2_stage: {
1018
+ # created_date: "NonEmptyString",
1019
+ # description: "NonEmptyString",
1020
+ # default_route_settings: {
1021
+ # detailed_metrics_enabled: false,
1022
+ # logging_level: "NonEmptyString",
1023
+ # data_trace_enabled: false,
1024
+ # throttling_burst_limit: 1,
1025
+ # throttling_rate_limit: 1.0,
1026
+ # },
1027
+ # deployment_id: "NonEmptyString",
1028
+ # last_updated_date: "NonEmptyString",
1029
+ # route_settings: {
1030
+ # detailed_metrics_enabled: false,
1031
+ # logging_level: "NonEmptyString",
1032
+ # data_trace_enabled: false,
1033
+ # throttling_burst_limit: 1,
1034
+ # throttling_rate_limit: 1.0,
1035
+ # },
1036
+ # stage_name: "NonEmptyString",
1037
+ # stage_variables: {
1038
+ # "NonEmptyString" => "NonEmptyString",
1039
+ # },
1040
+ # access_log_settings: {
1041
+ # format: "NonEmptyString",
1042
+ # destination_arn: "NonEmptyString",
1043
+ # },
1044
+ # auto_deploy: false,
1045
+ # last_deployment_status_message: "NonEmptyString",
1046
+ # api_gateway_managed: false,
1047
+ # },
1048
+ # aws_api_gateway_v2_api: {
1049
+ # api_endpoint: "NonEmptyString",
1050
+ # api_id: "NonEmptyString",
1051
+ # api_key_selection_expression: "NonEmptyString",
1052
+ # created_date: "NonEmptyString",
1053
+ # description: "NonEmptyString",
1054
+ # version: "NonEmptyString",
1055
+ # name: "NonEmptyString",
1056
+ # protocol_type: "NonEmptyString",
1057
+ # route_selection_expression: "NonEmptyString",
1058
+ # cors_configuration: {
1059
+ # allow_origins: ["NonEmptyString"],
1060
+ # allow_credentials: false,
1061
+ # expose_headers: ["NonEmptyString"],
1062
+ # max_age: 1,
1063
+ # allow_methods: ["NonEmptyString"],
1064
+ # allow_headers: ["NonEmptyString"],
1065
+ # },
1066
+ # },
966
1067
  # aws_dynamo_db_table: {
967
1068
  # attribute_definitions: [
968
1069
  # {
@@ -1075,11 +1176,404 @@ module Aws::SecurityHub
1075
1176
  # table_size_bytes: 1,
1076
1177
  # table_status: "NonEmptyString",
1077
1178
  # },
1179
+ # aws_api_gateway_stage: {
1180
+ # deployment_id: "NonEmptyString",
1181
+ # client_certificate_id: "NonEmptyString",
1182
+ # stage_name: "NonEmptyString",
1183
+ # description: "NonEmptyString",
1184
+ # cache_cluster_enabled: false,
1185
+ # cache_cluster_size: "NonEmptyString",
1186
+ # cache_cluster_status: "NonEmptyString",
1187
+ # method_settings: [
1188
+ # {
1189
+ # metrics_enabled: false,
1190
+ # logging_level: "NonEmptyString",
1191
+ # data_trace_enabled: false,
1192
+ # throttling_burst_limit: 1,
1193
+ # throttling_rate_limit: 1.0,
1194
+ # caching_enabled: false,
1195
+ # cache_ttl_in_seconds: 1,
1196
+ # cache_data_encrypted: false,
1197
+ # require_authorization_for_cache_control: false,
1198
+ # unauthorized_cache_control_header_strategy: "NonEmptyString",
1199
+ # http_method: "NonEmptyString",
1200
+ # resource_path: "NonEmptyString",
1201
+ # },
1202
+ # ],
1203
+ # variables: {
1204
+ # "NonEmptyString" => "NonEmptyString",
1205
+ # },
1206
+ # documentation_version: "NonEmptyString",
1207
+ # access_log_settings: {
1208
+ # format: "NonEmptyString",
1209
+ # destination_arn: "NonEmptyString",
1210
+ # },
1211
+ # canary_settings: {
1212
+ # percent_traffic: 1.0,
1213
+ # deployment_id: "NonEmptyString",
1214
+ # stage_variable_overrides: {
1215
+ # "NonEmptyString" => "NonEmptyString",
1216
+ # },
1217
+ # use_stage_cache: false,
1218
+ # },
1219
+ # tracing_enabled: false,
1220
+ # created_date: "NonEmptyString",
1221
+ # last_updated_date: "NonEmptyString",
1222
+ # web_acl_arn: "NonEmptyString",
1223
+ # },
1224
+ # aws_api_gateway_rest_api: {
1225
+ # id: "NonEmptyString",
1226
+ # name: "NonEmptyString",
1227
+ # description: "NonEmptyString",
1228
+ # created_date: "NonEmptyString",
1229
+ # version: "NonEmptyString",
1230
+ # binary_media_types: ["NonEmptyString"],
1231
+ # minimum_compression_size: 1,
1232
+ # api_key_source: "NonEmptyString",
1233
+ # endpoint_configuration: {
1234
+ # types: ["NonEmptyString"],
1235
+ # },
1236
+ # },
1237
+ # aws_cloud_trail_trail: {
1238
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
1239
+ # cloud_watch_logs_role_arn: "NonEmptyString",
1240
+ # has_custom_event_selectors: false,
1241
+ # home_region: "NonEmptyString",
1242
+ # include_global_service_events: false,
1243
+ # is_multi_region_trail: false,
1244
+ # is_organization_trail: false,
1245
+ # kms_key_id: "NonEmptyString",
1246
+ # log_file_validation_enabled: false,
1247
+ # name: "NonEmptyString",
1248
+ # s3_bucket_name: "NonEmptyString",
1249
+ # s3_key_prefix: "NonEmptyString",
1250
+ # sns_topic_arn: "NonEmptyString",
1251
+ # sns_topic_name: "NonEmptyString",
1252
+ # trail_arn: "NonEmptyString",
1253
+ # },
1254
+ # aws_certificate_manager_certificate: {
1255
+ # certificate_authority_arn: "NonEmptyString",
1256
+ # created_at: "NonEmptyString",
1257
+ # domain_name: "NonEmptyString",
1258
+ # domain_validation_options: [
1259
+ # {
1260
+ # domain_name: "NonEmptyString",
1261
+ # resource_record: {
1262
+ # name: "NonEmptyString",
1263
+ # type: "NonEmptyString",
1264
+ # value: "NonEmptyString",
1265
+ # },
1266
+ # validation_domain: "NonEmptyString",
1267
+ # validation_emails: ["NonEmptyString"],
1268
+ # validation_method: "NonEmptyString",
1269
+ # validation_status: "NonEmptyString",
1270
+ # },
1271
+ # ],
1272
+ # extended_key_usages: [
1273
+ # {
1274
+ # name: "NonEmptyString",
1275
+ # o_id: "NonEmptyString",
1276
+ # },
1277
+ # ],
1278
+ # failure_reason: "NonEmptyString",
1279
+ # imported_at: "NonEmptyString",
1280
+ # in_use_by: ["NonEmptyString"],
1281
+ # issued_at: "NonEmptyString",
1282
+ # issuer: "NonEmptyString",
1283
+ # key_algorithm: "NonEmptyString",
1284
+ # key_usages: [
1285
+ # {
1286
+ # name: "NonEmptyString",
1287
+ # },
1288
+ # ],
1289
+ # not_after: "NonEmptyString",
1290
+ # not_before: "NonEmptyString",
1291
+ # options: {
1292
+ # certificate_transparency_logging_preference: "NonEmptyString",
1293
+ # },
1294
+ # renewal_eligibility: "NonEmptyString",
1295
+ # renewal_summary: {
1296
+ # domain_validation_options: [
1297
+ # {
1298
+ # domain_name: "NonEmptyString",
1299
+ # resource_record: {
1300
+ # name: "NonEmptyString",
1301
+ # type: "NonEmptyString",
1302
+ # value: "NonEmptyString",
1303
+ # },
1304
+ # validation_domain: "NonEmptyString",
1305
+ # validation_emails: ["NonEmptyString"],
1306
+ # validation_method: "NonEmptyString",
1307
+ # validation_status: "NonEmptyString",
1308
+ # },
1309
+ # ],
1310
+ # renewal_status: "NonEmptyString",
1311
+ # renewal_status_reason: "NonEmptyString",
1312
+ # updated_at: "NonEmptyString",
1313
+ # },
1314
+ # serial: "NonEmptyString",
1315
+ # signature_algorithm: "NonEmptyString",
1316
+ # status: "NonEmptyString",
1317
+ # subject: "NonEmptyString",
1318
+ # subject_alternative_names: ["NonEmptyString"],
1319
+ # type: "NonEmptyString",
1320
+ # },
1321
+ # aws_redshift_cluster: {
1322
+ # allow_version_upgrade: false,
1323
+ # automated_snapshot_retention_period: 1,
1324
+ # availability_zone: "NonEmptyString",
1325
+ # cluster_availability_status: "NonEmptyString",
1326
+ # cluster_create_time: "NonEmptyString",
1327
+ # cluster_identifier: "NonEmptyString",
1328
+ # cluster_nodes: [
1329
+ # {
1330
+ # node_role: "NonEmptyString",
1331
+ # private_ip_address: "NonEmptyString",
1332
+ # public_ip_address: "NonEmptyString",
1333
+ # },
1334
+ # ],
1335
+ # cluster_parameter_groups: [
1336
+ # {
1337
+ # cluster_parameter_status_list: [
1338
+ # {
1339
+ # parameter_name: "NonEmptyString",
1340
+ # parameter_apply_status: "NonEmptyString",
1341
+ # parameter_apply_error_description: "NonEmptyString",
1342
+ # },
1343
+ # ],
1344
+ # parameter_apply_status: "NonEmptyString",
1345
+ # parameter_group_name: "NonEmptyString",
1346
+ # },
1347
+ # ],
1348
+ # cluster_public_key: "NonEmptyString",
1349
+ # cluster_revision_number: "NonEmptyString",
1350
+ # cluster_security_groups: [
1351
+ # {
1352
+ # cluster_security_group_name: "NonEmptyString",
1353
+ # status: "NonEmptyString",
1354
+ # },
1355
+ # ],
1356
+ # cluster_snapshot_copy_status: {
1357
+ # destination_region: "NonEmptyString",
1358
+ # manual_snapshot_retention_period: 1,
1359
+ # retention_period: 1,
1360
+ # snapshot_copy_grant_name: "NonEmptyString",
1361
+ # },
1362
+ # cluster_status: "NonEmptyString",
1363
+ # cluster_subnet_group_name: "NonEmptyString",
1364
+ # cluster_version: "NonEmptyString",
1365
+ # db_name: "NonEmptyString",
1366
+ # deferred_maintenance_windows: [
1367
+ # {
1368
+ # defer_maintenance_end_time: "NonEmptyString",
1369
+ # defer_maintenance_identifier: "NonEmptyString",
1370
+ # defer_maintenance_start_time: "NonEmptyString",
1371
+ # },
1372
+ # ],
1373
+ # elastic_ip_status: {
1374
+ # elastic_ip: "NonEmptyString",
1375
+ # status: "NonEmptyString",
1376
+ # },
1377
+ # elastic_resize_number_of_node_options: "NonEmptyString",
1378
+ # encrypted: false,
1379
+ # endpoint: {
1380
+ # address: "NonEmptyString",
1381
+ # port: 1,
1382
+ # },
1383
+ # enhanced_vpc_routing: false,
1384
+ # expected_next_snapshot_schedule_time: "NonEmptyString",
1385
+ # expected_next_snapshot_schedule_time_status: "NonEmptyString",
1386
+ # hsm_status: {
1387
+ # hsm_client_certificate_identifier: "NonEmptyString",
1388
+ # hsm_configuration_identifier: "NonEmptyString",
1389
+ # status: "NonEmptyString",
1390
+ # },
1391
+ # iam_roles: [
1392
+ # {
1393
+ # apply_status: "NonEmptyString",
1394
+ # iam_role_arn: "NonEmptyString",
1395
+ # },
1396
+ # ],
1397
+ # kms_key_id: "NonEmptyString",
1398
+ # maintenance_track_name: "NonEmptyString",
1399
+ # manual_snapshot_retention_period: 1,
1400
+ # master_username: "NonEmptyString",
1401
+ # next_maintenance_window_start_time: "NonEmptyString",
1402
+ # node_type: "NonEmptyString",
1403
+ # number_of_nodes: 1,
1404
+ # pending_actions: ["NonEmptyString"],
1405
+ # pending_modified_values: {
1406
+ # automated_snapshot_retention_period: 1,
1407
+ # cluster_identifier: "NonEmptyString",
1408
+ # cluster_type: "NonEmptyString",
1409
+ # cluster_version: "NonEmptyString",
1410
+ # encryption_type: "NonEmptyString",
1411
+ # enhanced_vpc_routing: false,
1412
+ # maintenance_track_name: "NonEmptyString",
1413
+ # master_user_password: "NonEmptyString",
1414
+ # node_type: "NonEmptyString",
1415
+ # number_of_nodes: 1,
1416
+ # publicly_accessible: false,
1417
+ # },
1418
+ # preferred_maintenance_window: "NonEmptyString",
1419
+ # publicly_accessible: false,
1420
+ # resize_info: {
1421
+ # allow_cancel_resize: false,
1422
+ # resize_type: "NonEmptyString",
1423
+ # },
1424
+ # restore_status: {
1425
+ # current_restore_rate_in_mega_bytes_per_second: 1.0,
1426
+ # elapsed_time_in_seconds: 1,
1427
+ # estimated_time_to_completion_in_seconds: 1,
1428
+ # progress_in_mega_bytes: 1,
1429
+ # snapshot_size_in_mega_bytes: 1,
1430
+ # status: "NonEmptyString",
1431
+ # },
1432
+ # snapshot_schedule_identifier: "NonEmptyString",
1433
+ # snapshot_schedule_state: "NonEmptyString",
1434
+ # vpc_id: "NonEmptyString",
1435
+ # vpc_security_groups: [
1436
+ # {
1437
+ # status: "NonEmptyString",
1438
+ # vpc_security_group_id: "NonEmptyString",
1439
+ # },
1440
+ # ],
1441
+ # },
1442
+ # aws_elb_load_balancer: {
1443
+ # availability_zones: ["NonEmptyString"],
1444
+ # backend_server_descriptions: [
1445
+ # {
1446
+ # instance_port: 1,
1447
+ # policy_names: ["NonEmptyString"],
1448
+ # },
1449
+ # ],
1450
+ # canonical_hosted_zone_name: "NonEmptyString",
1451
+ # canonical_hosted_zone_name_id: "NonEmptyString",
1452
+ # created_time: "NonEmptyString",
1453
+ # dns_name: "NonEmptyString",
1454
+ # health_check: {
1455
+ # healthy_threshold: 1,
1456
+ # interval: 1,
1457
+ # target: "NonEmptyString",
1458
+ # timeout: 1,
1459
+ # unhealthy_threshold: 1,
1460
+ # },
1461
+ # instances: [
1462
+ # {
1463
+ # instance_id: "NonEmptyString",
1464
+ # },
1465
+ # ],
1466
+ # listener_descriptions: [
1467
+ # {
1468
+ # listener: {
1469
+ # instance_port: 1,
1470
+ # instance_protocol: "NonEmptyString",
1471
+ # load_balancer_port: 1,
1472
+ # protocol: "NonEmptyString",
1473
+ # ssl_certificate_id: "NonEmptyString",
1474
+ # },
1475
+ # policy_names: ["NonEmptyString"],
1476
+ # },
1477
+ # ],
1478
+ # load_balancer_attributes: {
1479
+ # access_log: {
1480
+ # emit_interval: 1,
1481
+ # enabled: false,
1482
+ # s3_bucket_name: "NonEmptyString",
1483
+ # s3_bucket_prefix: "NonEmptyString",
1484
+ # },
1485
+ # connection_draining: {
1486
+ # enabled: false,
1487
+ # timeout: 1,
1488
+ # },
1489
+ # connection_settings: {
1490
+ # idle_timeout: 1,
1491
+ # },
1492
+ # cross_zone_load_balancing: {
1493
+ # enabled: false,
1494
+ # },
1495
+ # },
1496
+ # load_balancer_name: "NonEmptyString",
1497
+ # policies: {
1498
+ # app_cookie_stickiness_policies: [
1499
+ # {
1500
+ # cookie_name: "NonEmptyString",
1501
+ # policy_name: "NonEmptyString",
1502
+ # },
1503
+ # ],
1504
+ # lb_cookie_stickiness_policies: [
1505
+ # {
1506
+ # cookie_expiration_period: 1,
1507
+ # policy_name: "NonEmptyString",
1508
+ # },
1509
+ # ],
1510
+ # other_policies: ["NonEmptyString"],
1511
+ # },
1512
+ # scheme: "NonEmptyString",
1513
+ # security_groups: ["NonEmptyString"],
1514
+ # source_security_group: {
1515
+ # group_name: "NonEmptyString",
1516
+ # owner_alias: "NonEmptyString",
1517
+ # },
1518
+ # subnets: ["NonEmptyString"],
1519
+ # vpc_id: "NonEmptyString",
1520
+ # },
1521
+ # aws_iam_group: {
1522
+ # attached_managed_policies: [
1523
+ # {
1524
+ # policy_name: "NonEmptyString",
1525
+ # policy_arn: "NonEmptyString",
1526
+ # },
1527
+ # ],
1528
+ # create_date: "NonEmptyString",
1529
+ # group_id: "NonEmptyString",
1530
+ # group_name: "NonEmptyString",
1531
+ # group_policy_list: [
1532
+ # {
1533
+ # policy_name: "NonEmptyString",
1534
+ # },
1535
+ # ],
1536
+ # path: "NonEmptyString",
1537
+ # },
1078
1538
  # aws_iam_role: {
1079
1539
  # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1540
+ # attached_managed_policies: [
1541
+ # {
1542
+ # policy_name: "NonEmptyString",
1543
+ # policy_arn: "NonEmptyString",
1544
+ # },
1545
+ # ],
1080
1546
  # create_date: "NonEmptyString",
1547
+ # instance_profile_list: [
1548
+ # {
1549
+ # arn: "NonEmptyString",
1550
+ # create_date: "NonEmptyString",
1551
+ # instance_profile_id: "NonEmptyString",
1552
+ # instance_profile_name: "NonEmptyString",
1553
+ # path: "NonEmptyString",
1554
+ # roles: [
1555
+ # {
1556
+ # arn: "NonEmptyString",
1557
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1558
+ # create_date: "NonEmptyString",
1559
+ # path: "NonEmptyString",
1560
+ # role_id: "NonEmptyString",
1561
+ # role_name: "NonEmptyString",
1562
+ # },
1563
+ # ],
1564
+ # },
1565
+ # ],
1566
+ # permissions_boundary: {
1567
+ # permissions_boundary_arn: "NonEmptyString",
1568
+ # permissions_boundary_type: "NonEmptyString",
1569
+ # },
1081
1570
  # role_id: "NonEmptyString",
1082
1571
  # role_name: "NonEmptyString",
1572
+ # role_policy_list: [
1573
+ # {
1574
+ # policy_name: "NonEmptyString",
1575
+ # },
1576
+ # ],
1083
1577
  # max_session_duration: 1,
1084
1578
  # path: "NonEmptyString",
1085
1579
  # },
@@ -1520,6 +2014,19 @@ module Aws::SecurityHub
1520
2014
  # reference_urls: ["NonEmptyString"],
1521
2015
  # },
1522
2016
  # ],
2017
+ # patch_summary: {
2018
+ # id: "NonEmptyString", # required
2019
+ # installed_count: 1,
2020
+ # missing_count: 1,
2021
+ # failed_count: 1,
2022
+ # installed_other_count: 1,
2023
+ # installed_rejected_count: 1,
2024
+ # installed_pending_reboot: 1,
2025
+ # operation_start_time: "NonEmptyString",
2026
+ # operation_end_time: "NonEmptyString",
2027
+ # reboot_option: "NonEmptyString",
2028
+ # operation: "NonEmptyString",
2029
+ # },
1523
2030
  # },
1524
2031
  # ],
1525
2032
  # })
@@ -1551,8 +2058,8 @@ module Aws::SecurityHub
1551
2058
  # Updates from `BatchUpdateFindings` do not affect the value of
1552
2059
  # `UpdatedAt` for a finding.
1553
2060
  #
1554
- # Master accounts can use `BatchUpdateFindings` to update the following
1555
- # finding fields and objects.
2061
+ # Master and member accounts can use `BatchUpdateFindings` to update the
2062
+ # following finding fields and objects.
1556
2063
  #
1557
2064
  # * `Confidence`
1558
2065
  #
@@ -1572,8 +2079,15 @@ module Aws::SecurityHub
1572
2079
  #
1573
2080
  # * `Workflow`
1574
2081
  #
1575
- # Member accounts can only use `BatchUpdateFindings` to update the Note
1576
- # object.
2082
+ # You can configure IAM policies to restrict access to fields and field
2083
+ # values. For example, you might not want member accounts to be able to
2084
+ # suppress findings or change the finding severity. See [Configuring
2085
+ # access to BatchUpdateFindings][1] in the *AWS Security Hub User
2086
+ # Guide*.
2087
+ #
2088
+ #
2089
+ #
2090
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access
1577
2091
  #
1578
2092
  # @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
1579
2093
  # The list of findings to update. `BatchUpdateFindings` can be used to
@@ -2349,29 +2863,48 @@ module Aws::SecurityHub
2349
2863
 
2350
2864
  # Creates a member association in Security Hub between the specified
2351
2865
  # accounts and the account used to make the request, which is the master
2352
- # account. To successfully create a member, you must use this action
2353
- # from an account that already has Security Hub enabled. To enable
2354
- # Security Hub, you can use the ` EnableSecurityHub ` operation.
2866
+ # account. If you are integrated with Organizations, then the master
2867
+ # account is the Security Hub administrator account that is designated
2868
+ # by the organization management account.
2869
+ #
2870
+ # `CreateMembers` is always used to add accounts that are not
2871
+ # organization members.
2355
2872
  #
2356
- # After you use `CreateMembers` to create member account associations in
2357
- # Security Hub, you must use the ` InviteMembers ` operation to invite
2358
- # the accounts to enable Security Hub and become member accounts in
2359
- # Security Hub.
2873
+ # For accounts that are part of an organization, `CreateMembers` is only
2874
+ # used in the following cases:
2360
2875
  #
2361
- # If the account owner accepts the invitation, the account becomes a
2362
- # member account in Security Hub. A permissions policy is added that
2363
- # permits the master account to view the findings generated in the
2364
- # member account. When Security Hub is enabled in the invited account,
2365
- # findings start to be sent to both the member and master accounts.
2876
+ # * Security Hub is not configured to automatically add new accounts in
2877
+ # an organization.
2878
+ #
2879
+ # * The account was disassociated or deleted in Security Hub.
2880
+ #
2881
+ # This action can only be used by an account that has Security Hub
2882
+ # enabled. To enable Security Hub, you can use the ` EnableSecurityHub `
2883
+ # operation.
2884
+ #
2885
+ # For accounts that are not organization members, you create the account
2886
+ # association and then send an invitation to the member account. To send
2887
+ # the invitation, you use the ` InviteMembers ` operation. If the
2888
+ # account owner accepts the invitation, the account becomes a member
2889
+ # account in Security Hub.
2890
+ #
2891
+ # Accounts that are part of an organization do not receive an
2892
+ # invitation. They automatically become a member account in Security
2893
+ # Hub.
2894
+ #
2895
+ # A permissions policy is added that permits the master account to view
2896
+ # the findings generated in the member account. When Security Hub is
2897
+ # enabled in a member account, findings are sent to both the member and
2898
+ # master accounts.
2366
2899
  #
2367
2900
  # To remove the association between the master and member accounts, use
2368
2901
  # the ` DisassociateFromMasterAccount ` or ` DisassociateMembers `
2369
2902
  # operation.
2370
2903
  #
2371
- # @option params [Array<Types::AccountDetails>] :account_details
2904
+ # @option params [required, Array<Types::AccountDetails>] :account_details
2372
2905
  # The list of accounts to associate with the Security Hub master
2373
- # account. For each account, the list includes the account ID and the
2374
- # email address.
2906
+ # account. For each account, the list includes the account ID and
2907
+ # optionally the email address.
2375
2908
  #
2376
2909
  # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2377
2910
  #
@@ -2380,9 +2913,9 @@ module Aws::SecurityHub
2380
2913
  # @example Request syntax with placeholder values
2381
2914
  #
2382
2915
  # resp = client.create_members({
2383
- # account_details: [
2916
+ # account_details: [ # required
2384
2917
  # {
2385
- # account_id: "AccountId",
2918
+ # account_id: "AccountId", # required
2386
2919
  # email: "NonEmptyString",
2387
2920
  # },
2388
2921
  # ],
@@ -2405,6 +2938,9 @@ module Aws::SecurityHub
2405
2938
 
2406
2939
  # Declines invitations to become a member account.
2407
2940
  #
2941
+ # This operation is only used by accounts that are not part of an
2942
+ # organization. Organization accounts do not receive invitations.
2943
+ #
2408
2944
  # @option params [required, Array<String>] :account_ids
2409
2945
  # The list of account IDs for the accounts from which to decline the
2410
2946
  # invitations to Security Hub.
@@ -2497,6 +3033,9 @@ module Aws::SecurityHub
2497
3033
  # Deletes invitations received by the AWS account to become a member
2498
3034
  # account.
2499
3035
  #
3036
+ # This operation is only used by accounts that are not part of an
3037
+ # organization. Organization accounts do not receive invitations.
3038
+ #
2500
3039
  # @option params [required, Array<String>] :account_ids
2501
3040
  # The list of the account IDs that sent the invitations to delete.
2502
3041
  #
@@ -2527,7 +3066,10 @@ module Aws::SecurityHub
2527
3066
 
2528
3067
  # Deletes the specified member accounts from Security Hub.
2529
3068
  #
2530
- # @option params [Array<String>] :account_ids
3069
+ # Can be used to delete member accounts that belong to an organization
3070
+ # as well as member accounts that were invited manually.
3071
+ #
3072
+ # @option params [required, Array<String>] :account_ids
2531
3073
  # The list of account IDs for the member accounts to delete.
2532
3074
  #
2533
3075
  # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -2537,7 +3079,7 @@ module Aws::SecurityHub
2537
3079
  # @example Request syntax with placeholder values
2538
3080
  #
2539
3081
  # resp = client.delete_members({
2540
- # account_ids: ["NonEmptyString"],
3082
+ # account_ids: ["NonEmptyString"], # required
2541
3083
  # })
2542
3084
  #
2543
3085
  # @example Response structure
@@ -2639,6 +3181,28 @@ module Aws::SecurityHub
2639
3181
  req.send_request(options)
2640
3182
  end
2641
3183
 
3184
+ # Returns information about the Organizations configuration for Security
3185
+ # Hub. Can only be called from a Security Hub administrator account.
3186
+ #
3187
+ # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3188
+ #
3189
+ # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
3190
+ # * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
3191
+ #
3192
+ # @example Response structure
3193
+ #
3194
+ # resp.auto_enable #=> Boolean
3195
+ # resp.member_account_limit_reached #=> Boolean
3196
+ #
3197
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
3198
+ #
3199
+ # @overload describe_organization_configuration(params = {})
3200
+ # @param [Hash] params ({})
3201
+ def describe_organization_configuration(params = {}, options = {})
3202
+ req = build_request(:describe_organization_configuration, params)
3203
+ req.send_request(options)
3204
+ end
3205
+
2642
3206
  # Returns information about the available products that you can
2643
3207
  # subscribe to and integrate with Security Hub in order to consolidate
2644
3208
  # findings.
@@ -2751,7 +3315,8 @@ module Aws::SecurityHub
2751
3315
  #
2752
3316
  # @option params [required, String] :standards_subscription_arn
2753
3317
  # The ARN of a resource that represents your subscription to a supported
2754
- # standard.
3318
+ # standard. To get the subscription ARNs of the standards you have
3319
+ # enabled, use the ` GetEnabledStandards ` operation.
2755
3320
  #
2756
3321
  # @option params [String] :next_token
2757
3322
  # The token that is required for pagination. On your first call to the
@@ -2829,6 +3394,29 @@ module Aws::SecurityHub
2829
3394
  req.send_request(options)
2830
3395
  end
2831
3396
 
3397
+ # Disables a Security Hub administrator account. Can only be called by
3398
+ # the organization management account.
3399
+ #
3400
+ # @option params [required, String] :admin_account_id
3401
+ # The AWS account identifier of the Security Hub administrator account.
3402
+ #
3403
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3404
+ #
3405
+ # @example Request syntax with placeholder values
3406
+ #
3407
+ # resp = client.disable_organization_admin_account({
3408
+ # admin_account_id: "NonEmptyString", # required
3409
+ # })
3410
+ #
3411
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
3412
+ #
3413
+ # @overload disable_organization_admin_account(params = {})
3414
+ # @param [Hash] params ({})
3415
+ def disable_organization_admin_account(params = {}, options = {})
3416
+ req = build_request(:disable_organization_admin_account, params)
3417
+ req.send_request(options)
3418
+ end
3419
+
2832
3420
  # Disables Security Hub in your account only in the current Region. To
2833
3421
  # disable Security Hub in all Regions, you must submit one request per
2834
3422
  # Region where you have enabled Security Hub.
@@ -2858,6 +3446,11 @@ module Aws::SecurityHub
2858
3446
  # Disassociates the current Security Hub member account from the
2859
3447
  # associated master account.
2860
3448
  #
3449
+ # This operation is only used by accounts that are not part of an
3450
+ # organization. For organization accounts, only the master account (the
3451
+ # designated Security Hub administrator) can disassociate a member
3452
+ # account.
3453
+ #
2861
3454
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2862
3455
  #
2863
3456
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount AWS API Documentation
@@ -2872,7 +3465,10 @@ module Aws::SecurityHub
2872
3465
  # Disassociates the specified member accounts from the associated master
2873
3466
  # account.
2874
3467
  #
2875
- # @option params [Array<String>] :account_ids
3468
+ # Can be used to disassociate both accounts that are in an organization
3469
+ # and accounts that were invited manually.
3470
+ #
3471
+ # @option params [required, Array<String>] :account_ids
2876
3472
  # The account IDs of the member accounts to disassociate from the master
2877
3473
  # account.
2878
3474
  #
@@ -2881,7 +3477,7 @@ module Aws::SecurityHub
2881
3477
  # @example Request syntax with placeholder values
2882
3478
  #
2883
3479
  # resp = client.disassociate_members({
2884
- # account_ids: ["NonEmptyString"],
3480
+ # account_ids: ["NonEmptyString"], # required
2885
3481
  # })
2886
3482
  #
2887
3483
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembers AWS API Documentation
@@ -2926,6 +3522,30 @@ module Aws::SecurityHub
2926
3522
  req.send_request(options)
2927
3523
  end
2928
3524
 
3525
+ # Designates the Security Hub administrator account for an organization.
3526
+ # Can only be called by the organization management account.
3527
+ #
3528
+ # @option params [required, String] :admin_account_id
3529
+ # The AWS account identifier of the account to designate as the Security
3530
+ # Hub administrator account.
3531
+ #
3532
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3533
+ #
3534
+ # @example Request syntax with placeholder values
3535
+ #
3536
+ # resp = client.enable_organization_admin_account({
3537
+ # admin_account_id: "NonEmptyString", # required
3538
+ # })
3539
+ #
3540
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
3541
+ #
3542
+ # @overload enable_organization_admin_account(params = {})
3543
+ # @param [Hash] params ({})
3544
+ def enable_organization_admin_account(params = {}, options = {})
3545
+ req = build_request(:enable_organization_admin_account, params)
3546
+ req.send_request(options)
3547
+ end
3548
+
2929
3549
  # Enables Security Hub for your account in the current Region or the
2930
3550
  # Region you specify in the request.
2931
3551
  #
@@ -3045,6 +3665,9 @@ module Aws::SecurityHub
3045
3665
  # The finding attributes used to define a condition to filter the
3046
3666
  # returned findings.
3047
3667
  #
3668
+ # You can filter by up to 10 finding attributes. For each attribute, you
3669
+ # can provide up to 20 filter values.
3670
+ #
3048
3671
  # Note that in the available filter fields, `WorkflowState` is
3049
3672
  # deprecated. To search for a finding based on its workflow status, use
3050
3673
  # `WorkflowStatus`.
@@ -3728,6 +4351,7 @@ module Aws::SecurityHub
3728
4351
  # resp.findings[0].resources[0].id #=> String
3729
4352
  # resp.findings[0].resources[0].partition #=> String, one of "aws", "aws-cn", "aws-us-gov"
3730
4353
  # resp.findings[0].resources[0].region #=> String
4354
+ # resp.findings[0].resources[0].resource_role #=> String
3731
4355
  # resp.findings[0].resources[0].tags #=> Hash
3732
4356
  # resp.findings[0].resources[0].tags["NonEmptyString"] #=> String
3733
4357
  # resp.findings[0].resources[0].details.aws_auto_scaling_auto_scaling_group.launch_configuration_name #=> String
@@ -3753,6 +4377,10 @@ module Aws::SecurityHub
3753
4377
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.subnets[0] #=> String
3754
4378
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids #=> Array
3755
4379
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids[0] #=> String
4380
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items #=> Array
4381
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items[0].viewer_protocol_policy #=> String
4382
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_cache_behavior.viewer_protocol_policy #=> String
4383
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_root_object #=> String
3756
4384
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.domain_name #=> String
3757
4385
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.etag #=> String
3758
4386
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.last_modified_time #=> String
@@ -3764,6 +4392,11 @@ module Aws::SecurityHub
3764
4392
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].domain_name #=> String
3765
4393
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].id #=> String
3766
4394
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].origin_path #=> String
4395
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].s3_origin_config.origin_access_identity #=> String
4396
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items #=> Array
4397
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items #=> Array
4398
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items[0] #=> Integer
4399
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.quantity #=> Integer
3767
4400
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.status #=> String
3768
4401
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.web_acl_id #=> String
3769
4402
  # resp.findings[0].resources[0].details.aws_ec2_instance.type #=> String
@@ -3917,6 +4550,15 @@ module Aws::SecurityHub
3917
4550
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_id #=> String
3918
4551
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_type #=> String
3919
4552
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_name #=> String
4553
+ # resp.findings[0].resources[0].details.aws_iam_access_key.account_id #=> String
4554
+ # resp.findings[0].resources[0].details.aws_iam_access_key.access_key_id #=> String
4555
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.mfa_authenticated #=> Boolean
4556
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.creation_date #=> String
4557
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.type #=> String
4558
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.principal_id #=> String
4559
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.arn #=> String
4560
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.account_id #=> String
4561
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.user_name #=> String
3920
4562
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies #=> Array
3921
4563
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_name #=> String
3922
4564
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_arn #=> String
@@ -3944,6 +4586,47 @@ module Aws::SecurityHub
3944
4586
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].is_default_version #=> Boolean
3945
4587
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].create_date #=> String
3946
4588
  # resp.findings[0].resources[0].details.aws_iam_policy.update_date #=> String
4589
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.created_date #=> String
4590
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.description #=> String
4591
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.detailed_metrics_enabled #=> Boolean
4592
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.logging_level #=> String
4593
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.data_trace_enabled #=> Boolean
4594
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_burst_limit #=> Integer
4595
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_rate_limit #=> Float
4596
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.deployment_id #=> String
4597
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_updated_date #=> String
4598
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.detailed_metrics_enabled #=> Boolean
4599
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.logging_level #=> String
4600
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.data_trace_enabled #=> Boolean
4601
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_burst_limit #=> Integer
4602
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_rate_limit #=> Float
4603
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_name #=> String
4604
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables #=> Hash
4605
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables["NonEmptyString"] #=> String
4606
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.format #=> String
4607
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.destination_arn #=> String
4608
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.auto_deploy #=> Boolean
4609
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_deployment_status_message #=> String
4610
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.api_gateway_managed #=> Boolean
4611
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_endpoint #=> String
4612
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_id #=> String
4613
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_key_selection_expression #=> String
4614
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.created_date #=> String
4615
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.description #=> String
4616
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.version #=> String
4617
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.name #=> String
4618
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.protocol_type #=> String
4619
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.route_selection_expression #=> String
4620
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins #=> Array
4621
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins[0] #=> String
4622
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_credentials #=> Boolean
4623
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers #=> Array
4624
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers[0] #=> String
4625
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.max_age #=> Integer
4626
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods #=> Array
4627
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods[0] #=> String
4628
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers #=> Array
4629
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers[0] #=> String
3947
4630
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions #=> Array
3948
4631
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_name #=> String
3949
4632
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_type #=> String
@@ -4012,10 +4695,283 @@ module Aws::SecurityHub
4012
4695
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_name #=> String
4013
4696
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_size_bytes #=> Integer
4014
4697
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_status #=> String
4698
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.deployment_id #=> String
4699
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.client_certificate_id #=> String
4700
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.stage_name #=> String
4701
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.description #=> String
4702
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_enabled #=> Boolean
4703
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_size #=> String
4704
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_status #=> String
4705
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings #=> Array
4706
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].metrics_enabled #=> Boolean
4707
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].logging_level #=> String
4708
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].data_trace_enabled #=> Boolean
4709
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_burst_limit #=> Integer
4710
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_rate_limit #=> Float
4711
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].caching_enabled #=> Boolean
4712
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_ttl_in_seconds #=> Integer
4713
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_data_encrypted #=> Boolean
4714
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].require_authorization_for_cache_control #=> Boolean
4715
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].unauthorized_cache_control_header_strategy #=> String
4716
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].http_method #=> String
4717
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].resource_path #=> String
4718
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables #=> Hash
4719
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables["NonEmptyString"] #=> String
4720
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.documentation_version #=> String
4721
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.format #=> String
4722
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.destination_arn #=> String
4723
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.percent_traffic #=> Float
4724
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.deployment_id #=> String
4725
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides #=> Hash
4726
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides["NonEmptyString"] #=> String
4727
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.use_stage_cache #=> Boolean
4728
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.tracing_enabled #=> Boolean
4729
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.created_date #=> String
4730
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.last_updated_date #=> String
4731
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.web_acl_arn #=> String
4732
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.id #=> String
4733
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.name #=> String
4734
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.description #=> String
4735
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.created_date #=> String
4736
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.version #=> String
4737
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types #=> Array
4738
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types[0] #=> String
4739
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.minimum_compression_size #=> Integer
4740
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.api_key_source #=> String
4741
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types #=> Array
4742
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types[0] #=> String
4743
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_log_group_arn #=> String
4744
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_role_arn #=> String
4745
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.has_custom_event_selectors #=> Boolean
4746
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.home_region #=> String
4747
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.include_global_service_events #=> Boolean
4748
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_multi_region_trail #=> Boolean
4749
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_organization_trail #=> Boolean
4750
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.kms_key_id #=> String
4751
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.log_file_validation_enabled #=> Boolean
4752
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.name #=> String
4753
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_bucket_name #=> String
4754
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_key_prefix #=> String
4755
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_arn #=> String
4756
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_name #=> String
4757
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.trail_arn #=> String
4758
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.certificate_authority_arn #=> String
4759
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.created_at #=> String
4760
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_name #=> String
4761
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options #=> Array
4762
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].domain_name #=> String
4763
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.name #=> String
4764
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.type #=> String
4765
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.value #=> String
4766
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_domain #=> String
4767
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails #=> Array
4768
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails[0] #=> String
4769
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_method #=> String
4770
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_status #=> String
4771
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages #=> Array
4772
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].name #=> String
4773
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].o_id #=> String
4774
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.failure_reason #=> String
4775
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.imported_at #=> String
4776
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by #=> Array
4777
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by[0] #=> String
4778
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issued_at #=> String
4779
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issuer #=> String
4780
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_algorithm #=> String
4781
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages #=> Array
4782
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages[0].name #=> String
4783
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_after #=> String
4784
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_before #=> String
4785
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.options.certificate_transparency_logging_preference #=> String
4786
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_eligibility #=> String
4787
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options #=> Array
4788
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].domain_name #=> String
4789
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.name #=> String
4790
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.type #=> String
4791
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.value #=> String
4792
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_domain #=> String
4793
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails #=> Array
4794
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails[0] #=> String
4795
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_method #=> String
4796
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_status #=> String
4797
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status #=> String
4798
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status_reason #=> String
4799
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.updated_at #=> String
4800
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.serial #=> String
4801
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.signature_algorithm #=> String
4802
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.status #=> String
4803
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject #=> String
4804
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names #=> Array
4805
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names[0] #=> String
4806
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.type #=> String
4807
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.allow_version_upgrade #=> Boolean
4808
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.automated_snapshot_retention_period #=> Integer
4809
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.availability_zone #=> String
4810
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_availability_status #=> String
4811
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_create_time #=> String
4812
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_identifier #=> String
4813
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes #=> Array
4814
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].node_role #=> String
4815
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].private_ip_address #=> String
4816
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].public_ip_address #=> String
4817
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups #=> Array
4818
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list #=> Array
4819
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_name #=> String
4820
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_status #=> String
4821
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_error_description #=> String
4822
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_apply_status #=> String
4823
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_group_name #=> String
4824
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_public_key #=> String
4825
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_revision_number #=> String
4826
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups #=> Array
4827
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].cluster_security_group_name #=> String
4828
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].status #=> String
4829
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.destination_region #=> String
4830
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.manual_snapshot_retention_period #=> Integer
4831
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.retention_period #=> Integer
4832
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.snapshot_copy_grant_name #=> String
4833
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_status #=> String
4834
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_subnet_group_name #=> String
4835
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_version #=> String
4836
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.db_name #=> String
4837
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows #=> Array
4838
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_end_time #=> String
4839
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_identifier #=> String
4840
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_start_time #=> String
4841
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.elastic_ip #=> String
4842
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.status #=> String
4843
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_resize_number_of_node_options #=> String
4844
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.encrypted #=> Boolean
4845
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.address #=> String
4846
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.port #=> Integer
4847
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.enhanced_vpc_routing #=> Boolean
4848
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time #=> String
4849
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time_status #=> String
4850
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_client_certificate_identifier #=> String
4851
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_configuration_identifier #=> String
4852
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.status #=> String
4853
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles #=> Array
4854
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].apply_status #=> String
4855
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].iam_role_arn #=> String
4856
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.kms_key_id #=> String
4857
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.maintenance_track_name #=> String
4858
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.manual_snapshot_retention_period #=> Integer
4859
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.master_username #=> String
4860
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.next_maintenance_window_start_time #=> String
4861
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.node_type #=> String
4862
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.number_of_nodes #=> Integer
4863
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions #=> Array
4864
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions[0] #=> String
4865
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.automated_snapshot_retention_period #=> Integer
4866
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_identifier #=> String
4867
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_type #=> String
4868
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_version #=> String
4869
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.encryption_type #=> String
4870
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.enhanced_vpc_routing #=> Boolean
4871
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.maintenance_track_name #=> String
4872
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.master_user_password #=> String
4873
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.node_type #=> String
4874
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.number_of_nodes #=> Integer
4875
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.publicly_accessible #=> Boolean
4876
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.preferred_maintenance_window #=> String
4877
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.publicly_accessible #=> Boolean
4878
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.allow_cancel_resize #=> Boolean
4879
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.resize_type #=> String
4880
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.current_restore_rate_in_mega_bytes_per_second #=> Float
4881
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.elapsed_time_in_seconds #=> Integer
4882
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.estimated_time_to_completion_in_seconds #=> Integer
4883
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.progress_in_mega_bytes #=> Integer
4884
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.snapshot_size_in_mega_bytes #=> Integer
4885
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.status #=> String
4886
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_identifier #=> String
4887
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_state #=> String
4888
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_id #=> String
4889
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups #=> Array
4890
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].status #=> String
4891
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].vpc_security_group_id #=> String
4892
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones #=> Array
4893
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones[0] #=> String
4894
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions #=> Array
4895
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].instance_port #=> Integer
4896
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names #=> Array
4897
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names[0] #=> String
4898
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name #=> String
4899
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name_id #=> String
4900
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.created_time #=> String
4901
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.dns_name #=> String
4902
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.healthy_threshold #=> Integer
4903
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.interval #=> Integer
4904
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.target #=> String
4905
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.timeout #=> Integer
4906
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.unhealthy_threshold #=> Integer
4907
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances #=> Array
4908
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances[0].instance_id #=> String
4909
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions #=> Array
4910
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_port #=> Integer
4911
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_protocol #=> String
4912
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.load_balancer_port #=> Integer
4913
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.protocol #=> String
4914
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.ssl_certificate_id #=> String
4915
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names #=> Array
4916
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names[0] #=> String
4917
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.emit_interval #=> Integer
4918
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.enabled #=> Boolean
4919
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_name #=> String
4920
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_prefix #=> String
4921
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.enabled #=> Boolean
4922
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.timeout #=> Integer
4923
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_settings.idle_timeout #=> Integer
4924
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.cross_zone_load_balancing.enabled #=> Boolean
4925
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_name #=> String
4926
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies #=> Array
4927
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].cookie_name #=> String
4928
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].policy_name #=> String
4929
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies #=> Array
4930
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].cookie_expiration_period #=> Integer
4931
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].policy_name #=> String
4932
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies #=> Array
4933
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies[0] #=> String
4934
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.scheme #=> String
4935
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups #=> Array
4936
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups[0] #=> String
4937
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.group_name #=> String
4938
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.owner_alias #=> String
4939
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets #=> Array
4940
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets[0] #=> String
4941
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.vpc_id #=> String
4942
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies #=> Array
4943
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_name #=> String
4944
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_arn #=> String
4945
+ # resp.findings[0].resources[0].details.aws_iam_group.create_date #=> String
4946
+ # resp.findings[0].resources[0].details.aws_iam_group.group_id #=> String
4947
+ # resp.findings[0].resources[0].details.aws_iam_group.group_name #=> String
4948
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list #=> Array
4949
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list[0].policy_name #=> String
4950
+ # resp.findings[0].resources[0].details.aws_iam_group.path #=> String
4015
4951
  # resp.findings[0].resources[0].details.aws_iam_role.assume_role_policy_document #=> String
4952
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies #=> Array
4953
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_name #=> String
4954
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_arn #=> String
4016
4955
  # resp.findings[0].resources[0].details.aws_iam_role.create_date #=> String
4956
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list #=> Array
4957
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].arn #=> String
4958
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].create_date #=> String
4959
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_id #=> String
4960
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_name #=> String
4961
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].path #=> String
4962
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles #=> Array
4963
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].arn #=> String
4964
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].assume_role_policy_document #=> String
4965
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].create_date #=> String
4966
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].path #=> String
4967
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_id #=> String
4968
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_name #=> String
4969
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_arn #=> String
4970
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_type #=> String
4017
4971
  # resp.findings[0].resources[0].details.aws_iam_role.role_id #=> String
4018
4972
  # resp.findings[0].resources[0].details.aws_iam_role.role_name #=> String
4973
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list #=> Array
4974
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list[0].policy_name #=> String
4019
4975
  # resp.findings[0].resources[0].details.aws_iam_role.max_session_duration #=> Integer
4020
4976
  # resp.findings[0].resources[0].details.aws_iam_role.path #=> String
4021
4977
  # resp.findings[0].resources[0].details.aws_kms_key.aws_account_id #=> String
@@ -4337,6 +5293,17 @@ module Aws::SecurityHub
4337
5293
  # resp.findings[0].vulnerabilities[0].vendor.vendor_updated_at #=> String
4338
5294
  # resp.findings[0].vulnerabilities[0].reference_urls #=> Array
4339
5295
  # resp.findings[0].vulnerabilities[0].reference_urls[0] #=> String
5296
+ # resp.findings[0].patch_summary.id #=> String
5297
+ # resp.findings[0].patch_summary.installed_count #=> Integer
5298
+ # resp.findings[0].patch_summary.missing_count #=> Integer
5299
+ # resp.findings[0].patch_summary.failed_count #=> Integer
5300
+ # resp.findings[0].patch_summary.installed_other_count #=> Integer
5301
+ # resp.findings[0].patch_summary.installed_rejected_count #=> Integer
5302
+ # resp.findings[0].patch_summary.installed_pending_reboot #=> Integer
5303
+ # resp.findings[0].patch_summary.operation_start_time #=> String
5304
+ # resp.findings[0].patch_summary.operation_end_time #=> String
5305
+ # resp.findings[0].patch_summary.reboot_option #=> String
5306
+ # resp.findings[0].patch_summary.operation #=> String
4340
5307
  # resp.next_token #=> String
4341
5308
  #
4342
5309
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings AWS API Documentation
@@ -4734,6 +5701,9 @@ module Aws::SecurityHub
4734
5701
  # Provides the details for the Security Hub master account for the
4735
5702
  # current member account.
4736
5703
  #
5704
+ # Can be used by both member accounts that are in an organization and
5705
+ # accounts that were invited manually.
5706
+ #
4737
5707
  # @return [Types::GetMasterAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4738
5708
  #
4739
5709
  # * {Types::GetMasterAccountResponse#master #master} => Types::Invitation
@@ -4757,6 +5727,13 @@ module Aws::SecurityHub
4757
5727
  # Returns the details for the Security Hub member accounts for the
4758
5728
  # specified account IDs.
4759
5729
  #
5730
+ # A master account can be either a delegated Security Hub administrator
5731
+ # account for an organization or a master account that enabled Security
5732
+ # Hub manually.
5733
+ #
5734
+ # The results include both member accounts that are in an organization
5735
+ # and accounts that were invited manually.
5736
+ #
4760
5737
  # @option params [required, Array<String>] :account_ids
4761
5738
  # The list of account IDs for the Security Hub member accounts to return
4762
5739
  # the details for.
@@ -4797,15 +5774,18 @@ module Aws::SecurityHub
4797
5774
  # Invites other AWS accounts to become member accounts for the Security
4798
5775
  # Hub master account that the invitation is sent from.
4799
5776
  #
5777
+ # This operation is only used to invite accounts that do not belong to
5778
+ # an organization. Organization accounts do not receive invitations.
5779
+ #
4800
5780
  # Before you can use this action to invite a member, you must first use
4801
5781
  # the ` CreateMembers ` action to create the member account in Security
4802
5782
  # Hub.
4803
5783
  #
4804
- # When the account owner accepts the invitation to become a member
4805
- # account and enables Security Hub, the master account can view the
4806
- # findings generated from the member account.
5784
+ # When the account owner enables Security Hub and accepts the invitation
5785
+ # to become a member account, the master account can view the findings
5786
+ # generated from the member account.
4807
5787
  #
4808
- # @option params [Array<String>] :account_ids
5788
+ # @option params [required, Array<String>] :account_ids
4809
5789
  # The list of account IDs of the AWS accounts to invite to Security Hub
4810
5790
  # as members.
4811
5791
  #
@@ -4816,7 +5796,7 @@ module Aws::SecurityHub
4816
5796
  # @example Request syntax with placeholder values
4817
5797
  #
4818
5798
  # resp = client.invite_members({
4819
- # account_ids: ["NonEmptyString"],
5799
+ # account_ids: ["NonEmptyString"], # required
4820
5800
  # })
4821
5801
  #
4822
5802
  # @example Response structure
@@ -4881,6 +5861,9 @@ module Aws::SecurityHub
4881
5861
  # Lists all Security Hub membership invitations that were sent to the
4882
5862
  # current AWS account.
4883
5863
  #
5864
+ # This operation is only used by accounts that do not belong to an
5865
+ # organization. Organization accounts do not receive invitations.
5866
+ #
4884
5867
  # @option params [Integer] :max_results
4885
5868
  # The maximum number of items to return in the response.
4886
5869
  #
@@ -4928,14 +5911,17 @@ module Aws::SecurityHub
4928
5911
  # Lists details about all member accounts for the current Security Hub
4929
5912
  # master account.
4930
5913
  #
5914
+ # The results include both member accounts that belong to an
5915
+ # organization and member accounts that were invited manually.
5916
+ #
4931
5917
  # @option params [Boolean] :only_associated
4932
5918
  # Specifies which member accounts to include in the response based on
4933
5919
  # their relationship status with the master account. The default value
4934
5920
  # is `TRUE`.
4935
5921
  #
4936
5922
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
4937
- # accounts whose relationship status with the master is set to `ENABLED`
4938
- # or `DISABLED`.
5923
+ # accounts whose relationship status with the master is set to
5924
+ # `ENABLED`.
4939
5925
  #
4940
5926
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
4941
5927
  # existing member accounts.
@@ -4986,6 +5972,49 @@ module Aws::SecurityHub
4986
5972
  req.send_request(options)
4987
5973
  end
4988
5974
 
5975
+ # Lists the Security Hub administrator accounts. Can only be called by
5976
+ # the organization management account.
5977
+ #
5978
+ # @option params [Integer] :max_results
5979
+ # The maximum number of items to return in the response.
5980
+ #
5981
+ # @option params [String] :next_token
5982
+ # The token that is required for pagination. On your first call to the
5983
+ # `ListOrganizationAdminAccounts` operation, set the value of this
5984
+ # parameter to `NULL`. For subsequent calls to the operation, to
5985
+ # continue listing data, set the value of this parameter to the value
5986
+ # returned from the previous response.
5987
+ #
5988
+ # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5989
+ #
5990
+ # * {Types::ListOrganizationAdminAccountsResponse#admin_accounts #admin_accounts} => Array&lt;Types::AdminAccount&gt;
5991
+ # * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
5992
+ #
5993
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
5994
+ #
5995
+ # @example Request syntax with placeholder values
5996
+ #
5997
+ # resp = client.list_organization_admin_accounts({
5998
+ # max_results: 1,
5999
+ # next_token: "NextToken",
6000
+ # })
6001
+ #
6002
+ # @example Response structure
6003
+ #
6004
+ # resp.admin_accounts #=> Array
6005
+ # resp.admin_accounts[0].account_id #=> String
6006
+ # resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
6007
+ # resp.next_token #=> String
6008
+ #
6009
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
6010
+ #
6011
+ # @overload list_organization_admin_accounts(params = {})
6012
+ # @param [Hash] params ({})
6013
+ def list_organization_admin_accounts(params = {}, options = {})
6014
+ req = build_request(:list_organization_admin_accounts, params)
6015
+ req.send_request(options)
6016
+ end
6017
+
4989
6018
  # Returns a list of tags associated with a resource.
4990
6019
  #
4991
6020
  # @option params [required, String] :resource_arn
@@ -6282,6 +7311,36 @@ module Aws::SecurityHub
6282
7311
  req.send_request(options)
6283
7312
  end
6284
7313
 
7314
+ # Used to update the configuration related to Organizations. Can only be
7315
+ # called from a Security Hub administrator account.
7316
+ #
7317
+ # @option params [required, Boolean] :auto_enable
7318
+ # Whether to automatically enable Security Hub for new accounts in the
7319
+ # organization.
7320
+ #
7321
+ # By default, this is `false`, and new accounts are not added
7322
+ # automatically.
7323
+ #
7324
+ # To automatically enable Security Hub for new accounts, set this to
7325
+ # `true`.
7326
+ #
7327
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
7328
+ #
7329
+ # @example Request syntax with placeholder values
7330
+ #
7331
+ # resp = client.update_organization_configuration({
7332
+ # auto_enable: false, # required
7333
+ # })
7334
+ #
7335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
7336
+ #
7337
+ # @overload update_organization_configuration(params = {})
7338
+ # @param [Hash] params ({})
7339
+ def update_organization_configuration(params = {}, options = {})
7340
+ req = build_request(:update_organization_configuration, params)
7341
+ req.send_request(options)
7342
+ end
7343
+
6285
7344
  # Updates configuration options for Security Hub.
6286
7345
  #
6287
7346
  # @option params [Boolean] :auto_enable_controls
@@ -6354,7 +7413,7 @@ module Aws::SecurityHub
6354
7413
  params: params,
6355
7414
  config: config)
6356
7415
  context[:gem_name] = 'aws-sdk-securityhub'
6357
- context[:gem_version] = '1.32.0'
7416
+ context[:gem_version] = '1.37.0'
6358
7417
  Seahorse::Client::Request.new(handlers, context)
6359
7418
  end
6360
7419