aws-sdk-securityhub 1.32.0 → 1.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-securityhub.rb +2 -1
  3. data/lib/aws-sdk-securityhub/client.rb +1101 -42
  4. data/lib/aws-sdk-securityhub/client_api.rb +736 -7
  5. data/lib/aws-sdk-securityhub/types.rb +9771 -3534
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 63932fd1ce625cec5453b939af90ffa7f77546d7324135170792577ffd791cfc
4
- data.tar.gz: 0d5ee5baa4d0d2eaa3452369a78f7ef51120b26f739a0204483c62740f169e0a
3
+ metadata.gz: df2a3fc021bc8145f30d7102a52856aeda3cf906ddbc203297b2a32f6694747e
4
+ data.tar.gz: c895cc4b77cb84dac65607b301e3ab0fc9fca94c41d5ea781330c49cfeb28558
5
5
  SHA512:
6
- metadata.gz: a164aa9f60a716f9a0b472b72e49f0191618119ba6a3d8f25a42f8f2ad2fd92f8a81e13a53d1cfed5f92335da7678fecc21be97fe676440e6597fddafb3dc85a
7
- data.tar.gz: 73b42cee94f87e5c016876fcc7ae93e4298bcb4842f653f52b51a6c9088e1b1883ec7cd4f645dfbaa90b5a8768828d8b1cb22cabe58790e65b2312e1e43a2f80
6
+ metadata.gz: b097edccc60d374658696008790e7a3df92bd7480b2e121c067430fb1f6b4106eb6b7af622ea6722ae3d86cec16b08f1d314d17eeecf598889f3d55566b9cd79
7
+ data.tar.gz: 7a8df42380b7f84dac7c2f664a8816656d492e21a0ed9fcbfb5e52bd2d4720d0c6c70acc8be90746cdaa0bb23b3bae58078961d27d620de7cc3809a3c62f596a
data/lib/aws-sdk-securityhub.rb CHANGED
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-securityhub/customizations'
47
48
  # @!group service
48
49
  module Aws::SecurityHub
49
50
 
50
- GEM_VERSION = '1.32.0'
51
+ GEM_VERSION = '1.37.0'
51
52
 
52
53
  end
data/lib/aws-sdk-securityhub/client.rb CHANGED
@@ -330,6 +330,9 @@ module Aws::SecurityHub
330
330
  # Accepts the invitation to be a member account and be monitored by the
331
331
  # Security Hub master account that the invitation was sent from.
332
332
  #
333
+ # This operation is only used by member accounts that are not added
334
+ # through Organizations.
335
+ #
333
336
  # When the member account accepts the invitation, permission is granted
334
337
  # to the master account to view findings generated in the member
335
338
  # account.
@@ -460,24 +463,30 @@ module Aws::SecurityHub
460
463
  # update the following finding fields and objects, which Security Hub
461
464
  # customers use to manage their investigation workflow.
462
465
  #
466
+ # * `Note`
467
+ #
468
+ # * `UserDefinedFields`
469
+ #
470
+ # * `VerificationState`
471
+ #
472
+ # * `Workflow`
473
+ #
474
+ # `BatchImportFindings` can be used to update the following finding
475
+ # fields and objects only if they have not been updated using
476
+ # `BatchUpdateFindings`. After they are updated using
477
+ # `BatchUpdateFindings`, these fields cannot be updated using
478
+ # `BatchImportFindings`.
479
+ #
463
480
  # * `Confidence`
464
481
  #
465
482
  # * `Criticality`
466
483
  #
467
- # * `Note`
468
- #
469
484
  # * `RelatedFindings`
470
485
  #
471
486
  # * `Severity`
472
487
  #
473
488
  # * `Types`
474
489
  #
475
- # * `UserDefinedFields`
476
- #
477
- # * `VerificationState`
478
- #
479
- # * `Workflow`
480
- #
481
490
  # @option params [required, Array<Types::AwsSecurityFinding>] :findings
482
491
  # A list of findings to import. To successfully import a finding, it
483
492
  # must follow the [AWS Security Finding Format][1]. Maximum of 100
@@ -628,6 +637,7 @@ module Aws::SecurityHub
628
637
  # id: "NonEmptyString", # required
629
638
  # partition: "aws", # accepts aws, aws-cn, aws-us-gov
630
639
  # region: "NonEmptyString",
640
+ # resource_role: "NonEmptyString",
631
641
  # tags: {
632
642
  # "NonEmptyString" => "NonEmptyString",
633
643
  # },
@@ -665,6 +675,17 @@ module Aws::SecurityHub
665
675
  # },
666
676
  # },
667
677
  # aws_cloud_front_distribution: {
678
+ # cache_behaviors: {
679
+ # items: [
680
+ # {
681
+ # viewer_protocol_policy: "NonEmptyString",
682
+ # },
683
+ # ],
684
+ # },
685
+ # default_cache_behavior: {
686
+ # viewer_protocol_policy: "NonEmptyString",
687
+ # },
688
+ # default_root_object: "NonEmptyString",
668
689
  # domain_name: "NonEmptyString",
669
690
  # etag: "NonEmptyString",
670
691
  # last_modified_time: "NonEmptyString",
@@ -680,6 +701,21 @@ module Aws::SecurityHub
680
701
  # domain_name: "NonEmptyString",
681
702
  # id: "NonEmptyString",
682
703
  # origin_path: "NonEmptyString",
704
+ # s3_origin_config: {
705
+ # origin_access_identity: "NonEmptyString",
706
+ # },
707
+ # },
708
+ # ],
709
+ # },
710
+ # origin_groups: {
711
+ # items: [
712
+ # {
713
+ # failover_criteria: {
714
+ # status_codes: {
715
+ # items: [1],
716
+ # quantity: 1,
717
+ # },
718
+ # },
683
719
  # },
684
720
  # ],
685
721
  # },
@@ -921,6 +957,21 @@ module Aws::SecurityHub
921
957
  # principal_id: "NonEmptyString",
922
958
  # principal_type: "NonEmptyString",
923
959
  # principal_name: "NonEmptyString",
960
+ # account_id: "NonEmptyString",
961
+ # access_key_id: "NonEmptyString",
962
+ # session_context: {
963
+ # attributes: {
964
+ # mfa_authenticated: false,
965
+ # creation_date: "NonEmptyString",
966
+ # },
967
+ # session_issuer: {
968
+ # type: "NonEmptyString",
969
+ # principal_id: "NonEmptyString",
970
+ # arn: "NonEmptyString",
971
+ # account_id: "NonEmptyString",
972
+ # user_name: "NonEmptyString",
973
+ # },
974
+ # },
924
975
  # },
925
976
  # aws_iam_user: {
926
977
  # attached_managed_policies: [
@@ -963,6 +1014,56 @@ module Aws::SecurityHub
963
1014
  # ],
964
1015
  # update_date: "NonEmptyString",
965
1016
  # },
1017
+ # aws_api_gateway_v2_stage: {
1018
+ # created_date: "NonEmptyString",
1019
+ # description: "NonEmptyString",
1020
+ # default_route_settings: {
1021
+ # detailed_metrics_enabled: false,
1022
+ # logging_level: "NonEmptyString",
1023
+ # data_trace_enabled: false,
1024
+ # throttling_burst_limit: 1,
1025
+ # throttling_rate_limit: 1.0,
1026
+ # },
1027
+ # deployment_id: "NonEmptyString",
1028
+ # last_updated_date: "NonEmptyString",
1029
+ # route_settings: {
1030
+ # detailed_metrics_enabled: false,
1031
+ # logging_level: "NonEmptyString",
1032
+ # data_trace_enabled: false,
1033
+ # throttling_burst_limit: 1,
1034
+ # throttling_rate_limit: 1.0,
1035
+ # },
1036
+ # stage_name: "NonEmptyString",
1037
+ # stage_variables: {
1038
+ # "NonEmptyString" => "NonEmptyString",
1039
+ # },
1040
+ # access_log_settings: {
1041
+ # format: "NonEmptyString",
1042
+ # destination_arn: "NonEmptyString",
1043
+ # },
1044
+ # auto_deploy: false,
1045
+ # last_deployment_status_message: "NonEmptyString",
1046
+ # api_gateway_managed: false,
1047
+ # },
1048
+ # aws_api_gateway_v2_api: {
1049
+ # api_endpoint: "NonEmptyString",
1050
+ # api_id: "NonEmptyString",
1051
+ # api_key_selection_expression: "NonEmptyString",
1052
+ # created_date: "NonEmptyString",
1053
+ # description: "NonEmptyString",
1054
+ # version: "NonEmptyString",
1055
+ # name: "NonEmptyString",
1056
+ # protocol_type: "NonEmptyString",
1057
+ # route_selection_expression: "NonEmptyString",
1058
+ # cors_configuration: {
1059
+ # allow_origins: ["NonEmptyString"],
1060
+ # allow_credentials: false,
1061
+ # expose_headers: ["NonEmptyString"],
1062
+ # max_age: 1,
1063
+ # allow_methods: ["NonEmptyString"],
1064
+ # allow_headers: ["NonEmptyString"],
1065
+ # },
1066
+ # },
966
1067
  # aws_dynamo_db_table: {
967
1068
  # attribute_definitions: [
968
1069
  # {
@@ -1075,11 +1176,404 @@ module Aws::SecurityHub
1075
1176
  # table_size_bytes: 1,
1076
1177
  # table_status: "NonEmptyString",
1077
1178
  # },
1179
+ # aws_api_gateway_stage: {
1180
+ # deployment_id: "NonEmptyString",
1181
+ # client_certificate_id: "NonEmptyString",
1182
+ # stage_name: "NonEmptyString",
1183
+ # description: "NonEmptyString",
1184
+ # cache_cluster_enabled: false,
1185
+ # cache_cluster_size: "NonEmptyString",
1186
+ # cache_cluster_status: "NonEmptyString",
1187
+ # method_settings: [
1188
+ # {
1189
+ # metrics_enabled: false,
1190
+ # logging_level: "NonEmptyString",
1191
+ # data_trace_enabled: false,
1192
+ # throttling_burst_limit: 1,
1193
+ # throttling_rate_limit: 1.0,
1194
+ # caching_enabled: false,
1195
+ # cache_ttl_in_seconds: 1,
1196
+ # cache_data_encrypted: false,
1197
+ # require_authorization_for_cache_control: false,
1198
+ # unauthorized_cache_control_header_strategy: "NonEmptyString",
1199
+ # http_method: "NonEmptyString",
1200
+ # resource_path: "NonEmptyString",
1201
+ # },
1202
+ # ],
1203
+ # variables: {
1204
+ # "NonEmptyString" => "NonEmptyString",
1205
+ # },
1206
+ # documentation_version: "NonEmptyString",
1207
+ # access_log_settings: {
1208
+ # format: "NonEmptyString",
1209
+ # destination_arn: "NonEmptyString",
1210
+ # },
1211
+ # canary_settings: {
1212
+ # percent_traffic: 1.0,
1213
+ # deployment_id: "NonEmptyString",
1214
+ # stage_variable_overrides: {
1215
+ # "NonEmptyString" => "NonEmptyString",
1216
+ # },
1217
+ # use_stage_cache: false,
1218
+ # },
1219
+ # tracing_enabled: false,
1220
+ # created_date: "NonEmptyString",
1221
+ # last_updated_date: "NonEmptyString",
1222
+ # web_acl_arn: "NonEmptyString",
1223
+ # },
1224
+ # aws_api_gateway_rest_api: {
1225
+ # id: "NonEmptyString",
1226
+ # name: "NonEmptyString",
1227
+ # description: "NonEmptyString",
1228
+ # created_date: "NonEmptyString",
1229
+ # version: "NonEmptyString",
1230
+ # binary_media_types: ["NonEmptyString"],
1231
+ # minimum_compression_size: 1,
1232
+ # api_key_source: "NonEmptyString",
1233
+ # endpoint_configuration: {
1234
+ # types: ["NonEmptyString"],
1235
+ # },
1236
+ # },
1237
+ # aws_cloud_trail_trail: {
1238
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
1239
+ # cloud_watch_logs_role_arn: "NonEmptyString",
1240
+ # has_custom_event_selectors: false,
1241
+ # home_region: "NonEmptyString",
1242
+ # include_global_service_events: false,
1243
+ # is_multi_region_trail: false,
1244
+ # is_organization_trail: false,
1245
+ # kms_key_id: "NonEmptyString",
1246
+ # log_file_validation_enabled: false,
1247
+ # name: "NonEmptyString",
1248
+ # s3_bucket_name: "NonEmptyString",
1249
+ # s3_key_prefix: "NonEmptyString",
1250
+ # sns_topic_arn: "NonEmptyString",
1251
+ # sns_topic_name: "NonEmptyString",
1252
+ # trail_arn: "NonEmptyString",
1253
+ # },
1254
+ # aws_certificate_manager_certificate: {
1255
+ # certificate_authority_arn: "NonEmptyString",
1256
+ # created_at: "NonEmptyString",
1257
+ # domain_name: "NonEmptyString",
1258
+ # domain_validation_options: [
1259
+ # {
1260
+ # domain_name: "NonEmptyString",
1261
+ # resource_record: {
1262
+ # name: "NonEmptyString",
1263
+ # type: "NonEmptyString",
1264
+ # value: "NonEmptyString",
1265
+ # },
1266
+ # validation_domain: "NonEmptyString",
1267
+ # validation_emails: ["NonEmptyString"],
1268
+ # validation_method: "NonEmptyString",
1269
+ # validation_status: "NonEmptyString",
1270
+ # },
1271
+ # ],
1272
+ # extended_key_usages: [
1273
+ # {
1274
+ # name: "NonEmptyString",
1275
+ # o_id: "NonEmptyString",
1276
+ # },
1277
+ # ],
1278
+ # failure_reason: "NonEmptyString",
1279
+ # imported_at: "NonEmptyString",
1280
+ # in_use_by: ["NonEmptyString"],
1281
+ # issued_at: "NonEmptyString",
1282
+ # issuer: "NonEmptyString",
1283
+ # key_algorithm: "NonEmptyString",
1284
+ # key_usages: [
1285
+ # {
1286
+ # name: "NonEmptyString",
1287
+ # },
1288
+ # ],
1289
+ # not_after: "NonEmptyString",
1290
+ # not_before: "NonEmptyString",
1291
+ # options: {
1292
+ # certificate_transparency_logging_preference: "NonEmptyString",
1293
+ # },
1294
+ # renewal_eligibility: "NonEmptyString",
1295
+ # renewal_summary: {
1296
+ # domain_validation_options: [
1297
+ # {
1298
+ # domain_name: "NonEmptyString",
1299
+ # resource_record: {
1300
+ # name: "NonEmptyString",
1301
+ # type: "NonEmptyString",
1302
+ # value: "NonEmptyString",
1303
+ # },
1304
+ # validation_domain: "NonEmptyString",
1305
+ # validation_emails: ["NonEmptyString"],
1306
+ # validation_method: "NonEmptyString",
1307
+ # validation_status: "NonEmptyString",
1308
+ # },
1309
+ # ],
1310
+ # renewal_status: "NonEmptyString",
1311
+ # renewal_status_reason: "NonEmptyString",
1312
+ # updated_at: "NonEmptyString",
1313
+ # },
1314
+ # serial: "NonEmptyString",
1315
+ # signature_algorithm: "NonEmptyString",
1316
+ # status: "NonEmptyString",
1317
+ # subject: "NonEmptyString",
1318
+ # subject_alternative_names: ["NonEmptyString"],
1319
+ # type: "NonEmptyString",
1320
+ # },
1321
+ # aws_redshift_cluster: {
1322
+ # allow_version_upgrade: false,
1323
+ # automated_snapshot_retention_period: 1,
1324
+ # availability_zone: "NonEmptyString",
1325
+ # cluster_availability_status: "NonEmptyString",
1326
+ # cluster_create_time: "NonEmptyString",
1327
+ # cluster_identifier: "NonEmptyString",
1328
+ # cluster_nodes: [
1329
+ # {
1330
+ # node_role: "NonEmptyString",
1331
+ # private_ip_address: "NonEmptyString",
1332
+ # public_ip_address: "NonEmptyString",
1333
+ # },
1334
+ # ],
1335
+ # cluster_parameter_groups: [
1336
+ # {
1337
+ # cluster_parameter_status_list: [
1338
+ # {
1339
+ # parameter_name: "NonEmptyString",
1340
+ # parameter_apply_status: "NonEmptyString",
1341
+ # parameter_apply_error_description: "NonEmptyString",
1342
+ # },
1343
+ # ],
1344
+ # parameter_apply_status: "NonEmptyString",
1345
+ # parameter_group_name: "NonEmptyString",
1346
+ # },
1347
+ # ],
1348
+ # cluster_public_key: "NonEmptyString",
1349
+ # cluster_revision_number: "NonEmptyString",
1350
+ # cluster_security_groups: [
1351
+ # {
1352
+ # cluster_security_group_name: "NonEmptyString",
1353
+ # status: "NonEmptyString",
1354
+ # },
1355
+ # ],
1356
+ # cluster_snapshot_copy_status: {
1357
+ # destination_region: "NonEmptyString",
1358
+ # manual_snapshot_retention_period: 1,
1359
+ # retention_period: 1,
1360
+ # snapshot_copy_grant_name: "NonEmptyString",
1361
+ # },
1362
+ # cluster_status: "NonEmptyString",
1363
+ # cluster_subnet_group_name: "NonEmptyString",
1364
+ # cluster_version: "NonEmptyString",
1365
+ # db_name: "NonEmptyString",
1366
+ # deferred_maintenance_windows: [
1367
+ # {
1368
+ # defer_maintenance_end_time: "NonEmptyString",
1369
+ # defer_maintenance_identifier: "NonEmptyString",
1370
+ # defer_maintenance_start_time: "NonEmptyString",
1371
+ # },
1372
+ # ],
1373
+ # elastic_ip_status: {
1374
+ # elastic_ip: "NonEmptyString",
1375
+ # status: "NonEmptyString",
1376
+ # },
1377
+ # elastic_resize_number_of_node_options: "NonEmptyString",
1378
+ # encrypted: false,
1379
+ # endpoint: {
1380
+ # address: "NonEmptyString",
1381
+ # port: 1,
1382
+ # },
1383
+ # enhanced_vpc_routing: false,
1384
+ # expected_next_snapshot_schedule_time: "NonEmptyString",
1385
+ # expected_next_snapshot_schedule_time_status: "NonEmptyString",
1386
+ # hsm_status: {
1387
+ # hsm_client_certificate_identifier: "NonEmptyString",
1388
+ # hsm_configuration_identifier: "NonEmptyString",
1389
+ # status: "NonEmptyString",
1390
+ # },
1391
+ # iam_roles: [
1392
+ # {
1393
+ # apply_status: "NonEmptyString",
1394
+ # iam_role_arn: "NonEmptyString",
1395
+ # },
1396
+ # ],
1397
+ # kms_key_id: "NonEmptyString",
1398
+ # maintenance_track_name: "NonEmptyString",
1399
+ # manual_snapshot_retention_period: 1,
1400
+ # master_username: "NonEmptyString",
1401
+ # next_maintenance_window_start_time: "NonEmptyString",
1402
+ # node_type: "NonEmptyString",
1403
+ # number_of_nodes: 1,
1404
+ # pending_actions: ["NonEmptyString"],
1405
+ # pending_modified_values: {
1406
+ # automated_snapshot_retention_period: 1,
1407
+ # cluster_identifier: "NonEmptyString",
1408
+ # cluster_type: "NonEmptyString",
1409
+ # cluster_version: "NonEmptyString",
1410
+ # encryption_type: "NonEmptyString",
1411
+ # enhanced_vpc_routing: false,
1412
+ # maintenance_track_name: "NonEmptyString",
1413
+ # master_user_password: "NonEmptyString",
1414
+ # node_type: "NonEmptyString",
1415
+ # number_of_nodes: 1,
1416
+ # publicly_accessible: false,
1417
+ # },
1418
+ # preferred_maintenance_window: "NonEmptyString",
1419
+ # publicly_accessible: false,
1420
+ # resize_info: {
1421
+ # allow_cancel_resize: false,
1422
+ # resize_type: "NonEmptyString",
1423
+ # },
1424
+ # restore_status: {
1425
+ # current_restore_rate_in_mega_bytes_per_second: 1.0,
1426
+ # elapsed_time_in_seconds: 1,
1427
+ # estimated_time_to_completion_in_seconds: 1,
1428
+ # progress_in_mega_bytes: 1,
1429
+ # snapshot_size_in_mega_bytes: 1,
1430
+ # status: "NonEmptyString",
1431
+ # },
1432
+ # snapshot_schedule_identifier: "NonEmptyString",
1433
+ # snapshot_schedule_state: "NonEmptyString",
1434
+ # vpc_id: "NonEmptyString",
1435
+ # vpc_security_groups: [
1436
+ # {
1437
+ # status: "NonEmptyString",
1438
+ # vpc_security_group_id: "NonEmptyString",
1439
+ # },
1440
+ # ],
1441
+ # },
1442
+ # aws_elb_load_balancer: {
1443
+ # availability_zones: ["NonEmptyString"],
1444
+ # backend_server_descriptions: [
1445
+ # {
1446
+ # instance_port: 1,
1447
+ # policy_names: ["NonEmptyString"],
1448
+ # },
1449
+ # ],
1450
+ # canonical_hosted_zone_name: "NonEmptyString",
1451
+ # canonical_hosted_zone_name_id: "NonEmptyString",
1452
+ # created_time: "NonEmptyString",
1453
+ # dns_name: "NonEmptyString",
1454
+ # health_check: {
1455
+ # healthy_threshold: 1,
1456
+ # interval: 1,
1457
+ # target: "NonEmptyString",
1458
+ # timeout: 1,
1459
+ # unhealthy_threshold: 1,
1460
+ # },
1461
+ # instances: [
1462
+ # {
1463
+ # instance_id: "NonEmptyString",
1464
+ # },
1465
+ # ],
1466
+ # listener_descriptions: [
1467
+ # {
1468
+ # listener: {
1469
+ # instance_port: 1,
1470
+ # instance_protocol: "NonEmptyString",
1471
+ # load_balancer_port: 1,
1472
+ # protocol: "NonEmptyString",
1473
+ # ssl_certificate_id: "NonEmptyString",
1474
+ # },
1475
+ # policy_names: ["NonEmptyString"],
1476
+ # },
1477
+ # ],
1478
+ # load_balancer_attributes: {
1479
+ # access_log: {
1480
+ # emit_interval: 1,
1481
+ # enabled: false,
1482
+ # s3_bucket_name: "NonEmptyString",
1483
+ # s3_bucket_prefix: "NonEmptyString",
1484
+ # },
1485
+ # connection_draining: {
1486
+ # enabled: false,
1487
+ # timeout: 1,
1488
+ # },
1489
+ # connection_settings: {
1490
+ # idle_timeout: 1,
1491
+ # },
1492
+ # cross_zone_load_balancing: {
1493
+ # enabled: false,
1494
+ # },
1495
+ # },
1496
+ # load_balancer_name: "NonEmptyString",
1497
+ # policies: {
1498
+ # app_cookie_stickiness_policies: [
1499
+ # {
1500
+ # cookie_name: "NonEmptyString",
1501
+ # policy_name: "NonEmptyString",
1502
+ # },
1503
+ # ],
1504
+ # lb_cookie_stickiness_policies: [
1505
+ # {
1506
+ # cookie_expiration_period: 1,
1507
+ # policy_name: "NonEmptyString",
1508
+ # },
1509
+ # ],
1510
+ # other_policies: ["NonEmptyString"],
1511
+ # },
1512
+ # scheme: "NonEmptyString",
1513
+ # security_groups: ["NonEmptyString"],
1514
+ # source_security_group: {
1515
+ # group_name: "NonEmptyString",
1516
+ # owner_alias: "NonEmptyString",
1517
+ # },
1518
+ # subnets: ["NonEmptyString"],
1519
+ # vpc_id: "NonEmptyString",
1520
+ # },
1521
+ # aws_iam_group: {
1522
+ # attached_managed_policies: [
1523
+ # {
1524
+ # policy_name: "NonEmptyString",
1525
+ # policy_arn: "NonEmptyString",
1526
+ # },
1527
+ # ],
1528
+ # create_date: "NonEmptyString",
1529
+ # group_id: "NonEmptyString",
1530
+ # group_name: "NonEmptyString",
1531
+ # group_policy_list: [
1532
+ # {
1533
+ # policy_name: "NonEmptyString",
1534
+ # },
1535
+ # ],
1536
+ # path: "NonEmptyString",
1537
+ # },
1078
1538
  # aws_iam_role: {
1079
1539
  # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1540
+ # attached_managed_policies: [
1541
+ # {
1542
+ # policy_name: "NonEmptyString",
1543
+ # policy_arn: "NonEmptyString",
1544
+ # },
1545
+ # ],
1080
1546
  # create_date: "NonEmptyString",
1547
+ # instance_profile_list: [
1548
+ # {
1549
+ # arn: "NonEmptyString",
1550
+ # create_date: "NonEmptyString",
1551
+ # instance_profile_id: "NonEmptyString",
1552
+ # instance_profile_name: "NonEmptyString",
1553
+ # path: "NonEmptyString",
1554
+ # roles: [
1555
+ # {
1556
+ # arn: "NonEmptyString",
1557
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1558
+ # create_date: "NonEmptyString",
1559
+ # path: "NonEmptyString",
1560
+ # role_id: "NonEmptyString",
1561
+ # role_name: "NonEmptyString",
1562
+ # },
1563
+ # ],
1564
+ # },
1565
+ # ],
1566
+ # permissions_boundary: {
1567
+ # permissions_boundary_arn: "NonEmptyString",
1568
+ # permissions_boundary_type: "NonEmptyString",
1569
+ # },
1081
1570
  # role_id: "NonEmptyString",
1082
1571
  # role_name: "NonEmptyString",
1572
+ # role_policy_list: [
1573
+ # {
1574
+ # policy_name: "NonEmptyString",
1575
+ # },
1576
+ # ],
1083
1577
  # max_session_duration: 1,
1084
1578
  # path: "NonEmptyString",
1085
1579
  # },
@@ -1520,6 +2014,19 @@ module Aws::SecurityHub
1520
2014
  # reference_urls: ["NonEmptyString"],
1521
2015
  # },
1522
2016
  # ],
2017
+ # patch_summary: {
2018
+ # id: "NonEmptyString", # required
2019
+ # installed_count: 1,
2020
+ # missing_count: 1,
2021
+ # failed_count: 1,
2022
+ # installed_other_count: 1,
2023
+ # installed_rejected_count: 1,
2024
+ # installed_pending_reboot: 1,
2025
+ # operation_start_time: "NonEmptyString",
2026
+ # operation_end_time: "NonEmptyString",
2027
+ # reboot_option: "NonEmptyString",
2028
+ # operation: "NonEmptyString",
2029
+ # },
1523
2030
  # },
1524
2031
  # ],
1525
2032
  # })
@@ -1551,8 +2058,8 @@ module Aws::SecurityHub
1551
2058
  # Updates from `BatchUpdateFindings` do not affect the value of
1552
2059
  # `UpdatedAt` for a finding.
1553
2060
  #
1554
- # Master accounts can use `BatchUpdateFindings` to update the following
1555
- # finding fields and objects.
2061
+ # Master and member accounts can use `BatchUpdateFindings` to update the
2062
+ # following finding fields and objects.
1556
2063
  #
1557
2064
  # * `Confidence`
1558
2065
  #
@@ -1572,8 +2079,15 @@ module Aws::SecurityHub
1572
2079
  #
1573
2080
  # * `Workflow`
1574
2081
  #
1575
- # Member accounts can only use `BatchUpdateFindings` to update the Note
1576
- # object.
2082
+ # You can configure IAM policies to restrict access to fields and field
2083
+ # values. For example, you might not want member accounts to be able to
2084
+ # suppress findings or change the finding severity. See [Configuring
2085
+ # access to BatchUpdateFindings][1] in the *AWS Security Hub User
2086
+ # Guide*.
2087
+ #
2088
+ #
2089
+ #
2090
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access
1577
2091
  #
1578
2092
  # @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
1579
2093
  # The list of findings to update. `BatchUpdateFindings` can be used to
@@ -2349,29 +2863,48 @@ module Aws::SecurityHub
2349
2863
 
2350
2864
  # Creates a member association in Security Hub between the specified
2351
2865
  # accounts and the account used to make the request, which is the master
2352
- # account. To successfully create a member, you must use this action
2353
- # from an account that already has Security Hub enabled. To enable
2354
- # Security Hub, you can use the ` EnableSecurityHub ` operation.
2866
+ # account. If you are integrated with Organizations, then the master
2867
+ # account is the Security Hub administrator account that is designated
2868
+ # by the organization management account.
2869
+ #
2870
+ # `CreateMembers` is always used to add accounts that are not
2871
+ # organization members.
2355
2872
  #
2356
- # After you use `CreateMembers` to create member account associations in
2357
- # Security Hub, you must use the ` InviteMembers ` operation to invite
2358
- # the accounts to enable Security Hub and become member accounts in
2359
- # Security Hub.
2873
+ # For accounts that are part of an organization, `CreateMembers` is only
2874
+ # used in the following cases:
2360
2875
  #
2361
- # If the account owner accepts the invitation, the account becomes a
2362
- # member account in Security Hub. A permissions policy is added that
2363
- # permits the master account to view the findings generated in the
2364
- # member account. When Security Hub is enabled in the invited account,
2365
- # findings start to be sent to both the member and master accounts.
2876
+ # * Security Hub is not configured to automatically add new accounts in
2877
+ # an organization.
2878
+ #
2879
+ # * The account was disassociated or deleted in Security Hub.
2880
+ #
2881
+ # This action can only be used by an account that has Security Hub
2882
+ # enabled. To enable Security Hub, you can use the ` EnableSecurityHub `
2883
+ # operation.
2884
+ #
2885
+ # For accounts that are not organization members, you create the account
2886
+ # association and then send an invitation to the member account. To send
2887
+ # the invitation, you use the ` InviteMembers ` operation. If the
2888
+ # account owner accepts the invitation, the account becomes a member
2889
+ # account in Security Hub.
2890
+ #
2891
+ # Accounts that are part of an organization do not receive an
2892
+ # invitation. They automatically become a member account in Security
2893
+ # Hub.
2894
+ #
2895
+ # A permissions policy is added that permits the master account to view
2896
+ # the findings generated in the member account. When Security Hub is
2897
+ # enabled in a member account, findings are sent to both the member and
2898
+ # master accounts.
2366
2899
  #
2367
2900
  # To remove the association between the master and member accounts, use
2368
2901
  # the ` DisassociateFromMasterAccount ` or ` DisassociateMembers `
2369
2902
  # operation.
2370
2903
  #
2371
- # @option params [Array<Types::AccountDetails>] :account_details
2904
+ # @option params [required, Array<Types::AccountDetails>] :account_details
2372
2905
  # The list of accounts to associate with the Security Hub master
2373
- # account. For each account, the list includes the account ID and the
2374
- # email address.
2906
+ # account. For each account, the list includes the account ID and
2907
+ # optionally the email address.
2375
2908
  #
2376
2909
  # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2377
2910
  #
@@ -2380,9 +2913,9 @@ module Aws::SecurityHub
2380
2913
  # @example Request syntax with placeholder values
2381
2914
  #
2382
2915
  # resp = client.create_members({
2383
- # account_details: [
2916
+ # account_details: [ # required
2384
2917
  # {
2385
- # account_id: "AccountId",
2918
+ # account_id: "AccountId", # required
2386
2919
  # email: "NonEmptyString",
2387
2920
  # },
2388
2921
  # ],
@@ -2405,6 +2938,9 @@ module Aws::SecurityHub
2405
2938
 
2406
2939
  # Declines invitations to become a member account.
2407
2940
  #
2941
+ # This operation is only used by accounts that are not part of an
2942
+ # organization. Organization accounts do not receive invitations.
2943
+ #
2408
2944
  # @option params [required, Array<String>] :account_ids
2409
2945
  # The list of account IDs for the accounts from which to decline the
2410
2946
  # invitations to Security Hub.
@@ -2497,6 +3033,9 @@ module Aws::SecurityHub
2497
3033
  # Deletes invitations received by the AWS account to become a member
2498
3034
  # account.
2499
3035
  #
3036
+ # This operation is only used by accounts that are not part of an
3037
+ # organization. Organization accounts do not receive invitations.
3038
+ #
2500
3039
  # @option params [required, Array<String>] :account_ids
2501
3040
  # The list of the account IDs that sent the invitations to delete.
2502
3041
  #
@@ -2527,7 +3066,10 @@ module Aws::SecurityHub
2527
3066
 
2528
3067
  # Deletes the specified member accounts from Security Hub.
2529
3068
  #
2530
- # @option params [Array<String>] :account_ids
3069
+ # Can be used to delete member accounts that belong to an organization
3070
+ # as well as member accounts that were invited manually.
3071
+ #
3072
+ # @option params [required, Array<String>] :account_ids
2531
3073
  # The list of account IDs for the member accounts to delete.
2532
3074
  #
2533
3075
  # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -2537,7 +3079,7 @@ module Aws::SecurityHub
2537
3079
  # @example Request syntax with placeholder values
2538
3080
  #
2539
3081
  # resp = client.delete_members({
2540
- # account_ids: ["NonEmptyString"],
3082
+ # account_ids: ["NonEmptyString"], # required
2541
3083
  # })
2542
3084
  #
2543
3085
  # @example Response structure
@@ -2639,6 +3181,28 @@ module Aws::SecurityHub
2639
3181
  req.send_request(options)
2640
3182
  end
2641
3183
 
3184
+ # Returns information about the Organizations configuration for Security
3185
+ # Hub. Can only be called from a Security Hub administrator account.
3186
+ #
3187
+ # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3188
+ #
3189
+ # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
3190
+ # * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
3191
+ #
3192
+ # @example Response structure
3193
+ #
3194
+ # resp.auto_enable #=> Boolean
3195
+ # resp.member_account_limit_reached #=> Boolean
3196
+ #
3197
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
3198
+ #
3199
+ # @overload describe_organization_configuration(params = {})
3200
+ # @param [Hash] params ({})
3201
+ def describe_organization_configuration(params = {}, options = {})
3202
+ req = build_request(:describe_organization_configuration, params)
3203
+ req.send_request(options)
3204
+ end
3205
+
2642
3206
  # Returns information about the available products that you can
2643
3207
  # subscribe to and integrate with Security Hub in order to consolidate
2644
3208
  # findings.
@@ -2751,7 +3315,8 @@ module Aws::SecurityHub
2751
3315
  #
2752
3316
  # @option params [required, String] :standards_subscription_arn
2753
3317
  # The ARN of a resource that represents your subscription to a supported
2754
- # standard.
3318
+ # standard. To get the subscription ARNs of the standards you have
3319
+ # enabled, use the ` GetEnabledStandards ` operation.
2755
3320
  #
2756
3321
  # @option params [String] :next_token
2757
3322
  # The token that is required for pagination. On your first call to the
@@ -2829,6 +3394,29 @@ module Aws::SecurityHub
2829
3394
  req.send_request(options)
2830
3395
  end
2831
3396
 
3397
+ # Disables a Security Hub administrator account. Can only be called by
3398
+ # the organization management account.
3399
+ #
3400
+ # @option params [required, String] :admin_account_id
3401
+ # The AWS account identifier of the Security Hub administrator account.
3402
+ #
3403
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3404
+ #
3405
+ # @example Request syntax with placeholder values
3406
+ #
3407
+ # resp = client.disable_organization_admin_account({
3408
+ # admin_account_id: "NonEmptyString", # required
3409
+ # })
3410
+ #
3411
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
3412
+ #
3413
+ # @overload disable_organization_admin_account(params = {})
3414
+ # @param [Hash] params ({})
3415
+ def disable_organization_admin_account(params = {}, options = {})
3416
+ req = build_request(:disable_organization_admin_account, params)
3417
+ req.send_request(options)
3418
+ end
3419
+
2832
3420
  # Disables Security Hub in your account only in the current Region. To
2833
3421
  # disable Security Hub in all Regions, you must submit one request per
2834
3422
  # Region where you have enabled Security Hub.
@@ -2858,6 +3446,11 @@ module Aws::SecurityHub
2858
3446
  # Disassociates the current Security Hub member account from the
2859
3447
  # associated master account.
2860
3448
  #
3449
+ # This operation is only used by accounts that are not part of an
3450
+ # organization. For organization accounts, only the master account (the
3451
+ # designated Security Hub administrator) can disassociate a member
3452
+ # account.
3453
+ #
2861
3454
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2862
3455
  #
2863
3456
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount AWS API Documentation
@@ -2872,7 +3465,10 @@ module Aws::SecurityHub
2872
3465
  # Disassociates the specified member accounts from the associated master
2873
3466
  # account.
2874
3467
  #
2875
- # @option params [Array<String>] :account_ids
3468
+ # Can be used to disassociate both accounts that are in an organization
3469
+ # and accounts that were invited manually.
3470
+ #
3471
+ # @option params [required, Array<String>] :account_ids
2876
3472
  # The account IDs of the member accounts to disassociate from the master
2877
3473
  # account.
2878
3474
  #
@@ -2881,7 +3477,7 @@ module Aws::SecurityHub
2881
3477
  # @example Request syntax with placeholder values
2882
3478
  #
2883
3479
  # resp = client.disassociate_members({
2884
- # account_ids: ["NonEmptyString"],
3480
+ # account_ids: ["NonEmptyString"], # required
2885
3481
  # })
2886
3482
  #
2887
3483
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembers AWS API Documentation
@@ -2926,6 +3522,30 @@ module Aws::SecurityHub
2926
3522
  req.send_request(options)
2927
3523
  end
2928
3524
 
3525
+ # Designates the Security Hub administrator account for an organization.
3526
+ # Can only be called by the organization management account.
3527
+ #
3528
+ # @option params [required, String] :admin_account_id
3529
+ # The AWS account identifier of the account to designate as the Security
3530
+ # Hub administrator account.
3531
+ #
3532
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3533
+ #
3534
+ # @example Request syntax with placeholder values
3535
+ #
3536
+ # resp = client.enable_organization_admin_account({
3537
+ # admin_account_id: "NonEmptyString", # required
3538
+ # })
3539
+ #
3540
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
3541
+ #
3542
+ # @overload enable_organization_admin_account(params = {})
3543
+ # @param [Hash] params ({})
3544
+ def enable_organization_admin_account(params = {}, options = {})
3545
+ req = build_request(:enable_organization_admin_account, params)
3546
+ req.send_request(options)
3547
+ end
3548
+
2929
3549
  # Enables Security Hub for your account in the current Region or the
2930
3550
  # Region you specify in the request.
2931
3551
  #
@@ -3045,6 +3665,9 @@ module Aws::SecurityHub
3045
3665
  # The finding attributes used to define a condition to filter the
3046
3666
  # returned findings.
3047
3667
  #
3668
+ # You can filter by up to 10 finding attributes. For each attribute, you
3669
+ # can provide up to 20 filter values.
3670
+ #
3048
3671
  # Note that in the available filter fields, `WorkflowState` is
3049
3672
  # deprecated. To search for a finding based on its workflow status, use
3050
3673
  # `WorkflowStatus`.
@@ -3728,6 +4351,7 @@ module Aws::SecurityHub
3728
4351
  # resp.findings[0].resources[0].id #=> String
3729
4352
  # resp.findings[0].resources[0].partition #=> String, one of "aws", "aws-cn", "aws-us-gov"
3730
4353
  # resp.findings[0].resources[0].region #=> String
4354
+ # resp.findings[0].resources[0].resource_role #=> String
3731
4355
  # resp.findings[0].resources[0].tags #=> Hash
3732
4356
  # resp.findings[0].resources[0].tags["NonEmptyString"] #=> String
3733
4357
  # resp.findings[0].resources[0].details.aws_auto_scaling_auto_scaling_group.launch_configuration_name #=> String
@@ -3753,6 +4377,10 @@ module Aws::SecurityHub
3753
4377
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.subnets[0] #=> String
3754
4378
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids #=> Array
3755
4379
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids[0] #=> String
4380
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items #=> Array
4381
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items[0].viewer_protocol_policy #=> String
4382
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_cache_behavior.viewer_protocol_policy #=> String
4383
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_root_object #=> String
3756
4384
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.domain_name #=> String
3757
4385
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.etag #=> String
3758
4386
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.last_modified_time #=> String
@@ -3764,6 +4392,11 @@ module Aws::SecurityHub
3764
4392
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].domain_name #=> String
3765
4393
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].id #=> String
3766
4394
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].origin_path #=> String
4395
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].s3_origin_config.origin_access_identity #=> String
4396
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items #=> Array
4397
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items #=> Array
4398
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items[0] #=> Integer
4399
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.quantity #=> Integer
3767
4400
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.status #=> String
3768
4401
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.web_acl_id #=> String
3769
4402
  # resp.findings[0].resources[0].details.aws_ec2_instance.type #=> String
@@ -3917,6 +4550,15 @@ module Aws::SecurityHub
3917
4550
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_id #=> String
3918
4551
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_type #=> String
3919
4552
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_name #=> String
4553
+ # resp.findings[0].resources[0].details.aws_iam_access_key.account_id #=> String
4554
+ # resp.findings[0].resources[0].details.aws_iam_access_key.access_key_id #=> String
4555
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.mfa_authenticated #=> Boolean
4556
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.creation_date #=> String
4557
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.type #=> String
4558
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.principal_id #=> String
4559
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.arn #=> String
4560
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.account_id #=> String
4561
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.user_name #=> String
3920
4562
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies #=> Array
3921
4563
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_name #=> String
3922
4564
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_arn #=> String
@@ -3944,6 +4586,47 @@ module Aws::SecurityHub
3944
4586
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].is_default_version #=> Boolean
3945
4587
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].create_date #=> String
3946
4588
  # resp.findings[0].resources[0].details.aws_iam_policy.update_date #=> String
4589
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.created_date #=> String
4590
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.description #=> String
4591
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.detailed_metrics_enabled #=> Boolean
4592
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.logging_level #=> String
4593
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.data_trace_enabled #=> Boolean
4594
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_burst_limit #=> Integer
4595
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_rate_limit #=> Float
4596
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.deployment_id #=> String
4597
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_updated_date #=> String
4598
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.detailed_metrics_enabled #=> Boolean
4599
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.logging_level #=> String
4600
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.data_trace_enabled #=> Boolean
4601
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_burst_limit #=> Integer
4602
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_rate_limit #=> Float
4603
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_name #=> String
4604
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables #=> Hash
4605
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables["NonEmptyString"] #=> String
4606
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.format #=> String
4607
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.destination_arn #=> String
4608
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.auto_deploy #=> Boolean
4609
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_deployment_status_message #=> String
4610
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.api_gateway_managed #=> Boolean
4611
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_endpoint #=> String
4612
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_id #=> String
4613
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_key_selection_expression #=> String
4614
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.created_date #=> String
4615
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.description #=> String
4616
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.version #=> String
4617
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.name #=> String
4618
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.protocol_type #=> String
4619
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.route_selection_expression #=> String
4620
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins #=> Array
4621
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins[0] #=> String
4622
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_credentials #=> Boolean
4623
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers #=> Array
4624
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers[0] #=> String
4625
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.max_age #=> Integer
4626
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods #=> Array
4627
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods[0] #=> String
4628
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers #=> Array
4629
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers[0] #=> String
3947
4630
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions #=> Array
3948
4631
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_name #=> String
3949
4632
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_type #=> String
@@ -4012,10 +4695,283 @@ module Aws::SecurityHub
4012
4695
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_name #=> String
4013
4696
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_size_bytes #=> Integer
4014
4697
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_status #=> String
4698
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.deployment_id #=> String
4699
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.client_certificate_id #=> String
4700
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.stage_name #=> String
4701
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.description #=> String
4702
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_enabled #=> Boolean
4703
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_size #=> String
4704
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_status #=> String
4705
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings #=> Array
4706
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].metrics_enabled #=> Boolean
4707
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].logging_level #=> String
4708
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].data_trace_enabled #=> Boolean
4709
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_burst_limit #=> Integer
4710
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_rate_limit #=> Float
4711
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].caching_enabled #=> Boolean
4712
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_ttl_in_seconds #=> Integer
4713
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_data_encrypted #=> Boolean
4714
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].require_authorization_for_cache_control #=> Boolean
4715
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].unauthorized_cache_control_header_strategy #=> String
4716
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].http_method #=> String
4717
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].resource_path #=> String
4718
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables #=> Hash
4719
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables["NonEmptyString"] #=> String
4720
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.documentation_version #=> String
4721
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.format #=> String
4722
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.destination_arn #=> String
4723
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.percent_traffic #=> Float
4724
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.deployment_id #=> String
4725
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides #=> Hash
4726
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides["NonEmptyString"] #=> String
4727
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.use_stage_cache #=> Boolean
4728
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.tracing_enabled #=> Boolean
4729
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.created_date #=> String
4730
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.last_updated_date #=> String
4731
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.web_acl_arn #=> String
4732
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.id #=> String
4733
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.name #=> String
4734
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.description #=> String
4735
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.created_date #=> String
4736
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.version #=> String
4737
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types #=> Array
4738
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types[0] #=> String
4739
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.minimum_compression_size #=> Integer
4740
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.api_key_source #=> String
4741
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types #=> Array
4742
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types[0] #=> String
4743
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_log_group_arn #=> String
4744
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_role_arn #=> String
4745
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.has_custom_event_selectors #=> Boolean
4746
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.home_region #=> String
4747
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.include_global_service_events #=> Boolean
4748
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_multi_region_trail #=> Boolean
4749
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_organization_trail #=> Boolean
4750
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.kms_key_id #=> String
4751
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.log_file_validation_enabled #=> Boolean
4752
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.name #=> String
4753
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_bucket_name #=> String
4754
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_key_prefix #=> String
4755
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_arn #=> String
4756
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_name #=> String
4757
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.trail_arn #=> String
4758
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.certificate_authority_arn #=> String
4759
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.created_at #=> String
4760
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_name #=> String
4761
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options #=> Array
4762
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].domain_name #=> String
4763
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.name #=> String
4764
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.type #=> String
4765
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.value #=> String
4766
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_domain #=> String
4767
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails #=> Array
4768
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails[0] #=> String
4769
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_method #=> String
4770
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_status #=> String
4771
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages #=> Array
4772
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].name #=> String
4773
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].o_id #=> String
4774
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.failure_reason #=> String
4775
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.imported_at #=> String
4776
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by #=> Array
4777
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by[0] #=> String
4778
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issued_at #=> String
4779
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issuer #=> String
4780
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_algorithm #=> String
4781
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages #=> Array
4782
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages[0].name #=> String
4783
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_after #=> String
4784
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_before #=> String
4785
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.options.certificate_transparency_logging_preference #=> String
4786
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_eligibility #=> String
4787
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options #=> Array
4788
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].domain_name #=> String
4789
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.name #=> String
4790
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.type #=> String
4791
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.value #=> String
4792
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_domain #=> String
4793
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails #=> Array
4794
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails[0] #=> String
4795
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_method #=> String
4796
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_status #=> String
4797
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status #=> String
4798
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status_reason #=> String
4799
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.updated_at #=> String
4800
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.serial #=> String
4801
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.signature_algorithm #=> String
4802
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.status #=> String
4803
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject #=> String
4804
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names #=> Array
4805
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names[0] #=> String
4806
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.type #=> String
4807
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.allow_version_upgrade #=> Boolean
4808
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.automated_snapshot_retention_period #=> Integer
4809
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.availability_zone #=> String
4810
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_availability_status #=> String
4811
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_create_time #=> String
4812
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_identifier #=> String
4813
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes #=> Array
4814
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].node_role #=> String
4815
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].private_ip_address #=> String
4816
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].public_ip_address #=> String
4817
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups #=> Array
4818
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list #=> Array
4819
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_name #=> String
4820
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_status #=> String
4821
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_error_description #=> String
4822
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_apply_status #=> String
4823
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_group_name #=> String
4824
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_public_key #=> String
4825
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_revision_number #=> String
4826
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups #=> Array
4827
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].cluster_security_group_name #=> String
4828
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].status #=> String
4829
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.destination_region #=> String
4830
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.manual_snapshot_retention_period #=> Integer
4831
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.retention_period #=> Integer
4832
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.snapshot_copy_grant_name #=> String
4833
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_status #=> String
4834
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_subnet_group_name #=> String
4835
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_version #=> String
4836
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.db_name #=> String
4837
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows #=> Array
4838
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_end_time #=> String
4839
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_identifier #=> String
4840
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_start_time #=> String
4841
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.elastic_ip #=> String
4842
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.status #=> String
4843
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_resize_number_of_node_options #=> String
4844
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.encrypted #=> Boolean
4845
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.address #=> String
4846
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.port #=> Integer
4847
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.enhanced_vpc_routing #=> Boolean
4848
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time #=> String
4849
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time_status #=> String
4850
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_client_certificate_identifier #=> String
4851
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_configuration_identifier #=> String
4852
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.status #=> String
4853
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles #=> Array
4854
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].apply_status #=> String
4855
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].iam_role_arn #=> String
4856
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.kms_key_id #=> String
4857
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.maintenance_track_name #=> String
4858
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.manual_snapshot_retention_period #=> Integer
4859
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.master_username #=> String
4860
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.next_maintenance_window_start_time #=> String
4861
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.node_type #=> String
4862
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.number_of_nodes #=> Integer
4863
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions #=> Array
4864
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions[0] #=> String
4865
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.automated_snapshot_retention_period #=> Integer
4866
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_identifier #=> String
4867
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_type #=> String
4868
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_version #=> String
4869
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.encryption_type #=> String
4870
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.enhanced_vpc_routing #=> Boolean
4871
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.maintenance_track_name #=> String
4872
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.master_user_password #=> String
4873
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.node_type #=> String
4874
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.number_of_nodes #=> Integer
4875
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.publicly_accessible #=> Boolean
4876
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.preferred_maintenance_window #=> String
4877
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.publicly_accessible #=> Boolean
4878
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.allow_cancel_resize #=> Boolean
4879
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.resize_type #=> String
4880
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.current_restore_rate_in_mega_bytes_per_second #=> Float
4881
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.elapsed_time_in_seconds #=> Integer
4882
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.estimated_time_to_completion_in_seconds #=> Integer
4883
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.progress_in_mega_bytes #=> Integer
4884
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.snapshot_size_in_mega_bytes #=> Integer
4885
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.status #=> String
4886
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_identifier #=> String
4887
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_state #=> String
4888
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_id #=> String
4889
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups #=> Array
4890
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].status #=> String
4891
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].vpc_security_group_id #=> String
4892
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones #=> Array
4893
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones[0] #=> String
4894
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions #=> Array
4895
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].instance_port #=> Integer
4896
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names #=> Array
4897
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names[0] #=> String
4898
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name #=> String
4899
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name_id #=> String
4900
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.created_time #=> String
4901
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.dns_name #=> String
4902
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.healthy_threshold #=> Integer
4903
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.interval #=> Integer
4904
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.target #=> String
4905
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.timeout #=> Integer
4906
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.unhealthy_threshold #=> Integer
4907
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances #=> Array
4908
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances[0].instance_id #=> String
4909
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions #=> Array
4910
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_port #=> Integer
4911
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_protocol #=> String
4912
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.load_balancer_port #=> Integer
4913
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.protocol #=> String
4914
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.ssl_certificate_id #=> String
4915
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names #=> Array
4916
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names[0] #=> String
4917
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.emit_interval #=> Integer
4918
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.enabled #=> Boolean
4919
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_name #=> String
4920
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_prefix #=> String
4921
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.enabled #=> Boolean
4922
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.timeout #=> Integer
4923
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_settings.idle_timeout #=> Integer
4924
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.cross_zone_load_balancing.enabled #=> Boolean
4925
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_name #=> String
4926
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies #=> Array
4927
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].cookie_name #=> String
4928
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].policy_name #=> String
4929
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies #=> Array
4930
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].cookie_expiration_period #=> Integer
4931
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].policy_name #=> String
4932
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies #=> Array
4933
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies[0] #=> String
4934
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.scheme #=> String
4935
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups #=> Array
4936
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups[0] #=> String
4937
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.group_name #=> String
4938
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.owner_alias #=> String
4939
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets #=> Array
4940
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets[0] #=> String
4941
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.vpc_id #=> String
4942
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies #=> Array
4943
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_name #=> String
4944
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_arn #=> String
4945
+ # resp.findings[0].resources[0].details.aws_iam_group.create_date #=> String
4946
+ # resp.findings[0].resources[0].details.aws_iam_group.group_id #=> String
4947
+ # resp.findings[0].resources[0].details.aws_iam_group.group_name #=> String
4948
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list #=> Array
4949
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list[0].policy_name #=> String
4950
+ # resp.findings[0].resources[0].details.aws_iam_group.path #=> String
4015
4951
  # resp.findings[0].resources[0].details.aws_iam_role.assume_role_policy_document #=> String
4952
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies #=> Array
4953
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_name #=> String
4954
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_arn #=> String
4016
4955
  # resp.findings[0].resources[0].details.aws_iam_role.create_date #=> String
4956
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list #=> Array
4957
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].arn #=> String
4958
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].create_date #=> String
4959
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_id #=> String
4960
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_name #=> String
4961
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].path #=> String
4962
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles #=> Array
4963
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].arn #=> String
4964
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].assume_role_policy_document #=> String
4965
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].create_date #=> String
4966
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].path #=> String
4967
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_id #=> String
4968
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_name #=> String
4969
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_arn #=> String
4970
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_type #=> String
4017
4971
  # resp.findings[0].resources[0].details.aws_iam_role.role_id #=> String
4018
4972
  # resp.findings[0].resources[0].details.aws_iam_role.role_name #=> String
4973
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list #=> Array
4974
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list[0].policy_name #=> String
4019
4975
  # resp.findings[0].resources[0].details.aws_iam_role.max_session_duration #=> Integer
4020
4976
  # resp.findings[0].resources[0].details.aws_iam_role.path #=> String
4021
4977
  # resp.findings[0].resources[0].details.aws_kms_key.aws_account_id #=> String
@@ -4337,6 +5293,17 @@ module Aws::SecurityHub
4337
5293
  # resp.findings[0].vulnerabilities[0].vendor.vendor_updated_at #=> String
4338
5294
  # resp.findings[0].vulnerabilities[0].reference_urls #=> Array
4339
5295
  # resp.findings[0].vulnerabilities[0].reference_urls[0] #=> String
5296
+ # resp.findings[0].patch_summary.id #=> String
5297
+ # resp.findings[0].patch_summary.installed_count #=> Integer
5298
+ # resp.findings[0].patch_summary.missing_count #=> Integer
5299
+ # resp.findings[0].patch_summary.failed_count #=> Integer
5300
+ # resp.findings[0].patch_summary.installed_other_count #=> Integer
5301
+ # resp.findings[0].patch_summary.installed_rejected_count #=> Integer
5302
+ # resp.findings[0].patch_summary.installed_pending_reboot #=> Integer
5303
+ # resp.findings[0].patch_summary.operation_start_time #=> String
5304
+ # resp.findings[0].patch_summary.operation_end_time #=> String
5305
+ # resp.findings[0].patch_summary.reboot_option #=> String
5306
+ # resp.findings[0].patch_summary.operation #=> String
4340
5307
  # resp.next_token #=> String
4341
5308
  #
4342
5309
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings AWS API Documentation
@@ -4734,6 +5701,9 @@ module Aws::SecurityHub
4734
5701
  # Provides the details for the Security Hub master account for the
4735
5702
  # current member account.
4736
5703
  #
5704
+ # Can be used by both member accounts that are in an organization and
5705
+ # accounts that were invited manually.
5706
+ #
4737
5707
  # @return [Types::GetMasterAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4738
5708
  #
4739
5709
  # * {Types::GetMasterAccountResponse#master #master} => Types::Invitation
@@ -4757,6 +5727,13 @@ module Aws::SecurityHub
4757
5727
  # Returns the details for the Security Hub member accounts for the
4758
5728
  # specified account IDs.
4759
5729
  #
5730
+ # A master account can be either a delegated Security Hub administrator
5731
+ # account for an organization or a master account that enabled Security
5732
+ # Hub manually.
5733
+ #
5734
+ # The results include both member accounts that are in an organization
5735
+ # and accounts that were invited manually.
5736
+ #
4760
5737
  # @option params [required, Array<String>] :account_ids
4761
5738
  # The list of account IDs for the Security Hub member accounts to return
4762
5739
  # the details for.
@@ -4797,15 +5774,18 @@ module Aws::SecurityHub
4797
5774
  # Invites other AWS accounts to become member accounts for the Security
4798
5775
  # Hub master account that the invitation is sent from.
4799
5776
  #
5777
+ # This operation is only used to invite accounts that do not belong to
5778
+ # an organization. Organization accounts do not receive invitations.
5779
+ #
4800
5780
  # Before you can use this action to invite a member, you must first use
4801
5781
  # the ` CreateMembers ` action to create the member account in Security
4802
5782
  # Hub.
4803
5783
  #
4804
- # When the account owner accepts the invitation to become a member
4805
- # account and enables Security Hub, the master account can view the
4806
- # findings generated from the member account.
5784
+ # When the account owner enables Security Hub and accepts the invitation
5785
+ # to become a member account, the master account can view the findings
5786
+ # generated from the member account.
4807
5787
  #
4808
- # @option params [Array<String>] :account_ids
5788
+ # @option params [required, Array<String>] :account_ids
4809
5789
  # The list of account IDs of the AWS accounts to invite to Security Hub
4810
5790
  # as members.
4811
5791
  #
@@ -4816,7 +5796,7 @@ module Aws::SecurityHub
4816
5796
  # @example Request syntax with placeholder values
4817
5797
  #
4818
5798
  # resp = client.invite_members({
4819
- # account_ids: ["NonEmptyString"],
5799
+ # account_ids: ["NonEmptyString"], # required
4820
5800
  # })
4821
5801
  #
4822
5802
  # @example Response structure
@@ -4881,6 +5861,9 @@ module Aws::SecurityHub
4881
5861
  # Lists all Security Hub membership invitations that were sent to the
4882
5862
  # current AWS account.
4883
5863
  #
5864
+ # This operation is only used by accounts that do not belong to an
5865
+ # organization. Organization accounts do not receive invitations.
5866
+ #
4884
5867
  # @option params [Integer] :max_results
4885
5868
  # The maximum number of items to return in the response.
4886
5869
  #
@@ -4928,14 +5911,17 @@ module Aws::SecurityHub
4928
5911
  # Lists details about all member accounts for the current Security Hub
4929
5912
  # master account.
4930
5913
  #
5914
+ # The results include both member accounts that belong to an
5915
+ # organization and member accounts that were invited manually.
5916
+ #
4931
5917
  # @option params [Boolean] :only_associated
4932
5918
  # Specifies which member accounts to include in the response based on
4933
5919
  # their relationship status with the master account. The default value
4934
5920
  # is `TRUE`.
4935
5921
  #
4936
5922
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
4937
- # accounts whose relationship status with the master is set to `ENABLED`
4938
- # or `DISABLED`.
5923
+ # accounts whose relationship status with the master is set to
5924
+ # `ENABLED`.
4939
5925
  #
4940
5926
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
4941
5927
  # existing member accounts.
@@ -4986,6 +5972,49 @@ module Aws::SecurityHub
4986
5972
  req.send_request(options)
4987
5973
  end
4988
5974
 
5975
+ # Lists the Security Hub administrator accounts. Can only be called by
5976
+ # the organization management account.
5977
+ #
5978
+ # @option params [Integer] :max_results
5979
+ # The maximum number of items to return in the response.
5980
+ #
5981
+ # @option params [String] :next_token
5982
+ # The token that is required for pagination. On your first call to the
5983
+ # `ListOrganizationAdminAccounts` operation, set the value of this
5984
+ # parameter to `NULL`. For subsequent calls to the operation, to
5985
+ # continue listing data, set the value of this parameter to the value
5986
+ # returned from the previous response.
5987
+ #
5988
+ # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5989
+ #
5990
+ # * {Types::ListOrganizationAdminAccountsResponse#admin_accounts #admin_accounts} => Array&lt;Types::AdminAccount&gt;
5991
+ # * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
5992
+ #
5993
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
5994
+ #
5995
+ # @example Request syntax with placeholder values
5996
+ #
5997
+ # resp = client.list_organization_admin_accounts({
5998
+ # max_results: 1,
5999
+ # next_token: "NextToken",
6000
+ # })
6001
+ #
6002
+ # @example Response structure
6003
+ #
6004
+ # resp.admin_accounts #=> Array
6005
+ # resp.admin_accounts[0].account_id #=> String
6006
+ # resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
6007
+ # resp.next_token #=> String
6008
+ #
6009
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
6010
+ #
6011
+ # @overload list_organization_admin_accounts(params = {})
6012
+ # @param [Hash] params ({})
6013
+ def list_organization_admin_accounts(params = {}, options = {})
6014
+ req = build_request(:list_organization_admin_accounts, params)
6015
+ req.send_request(options)
6016
+ end
6017
+
4989
6018
  # Returns a list of tags associated with a resource.
4990
6019
  #
4991
6020
  # @option params [required, String] :resource_arn
@@ -6282,6 +7311,36 @@ module Aws::SecurityHub
6282
7311
  req.send_request(options)
6283
7312
  end
6284
7313
 
7314
+ # Used to update the configuration related to Organizations. Can only be
7315
+ # called from a Security Hub administrator account.
7316
+ #
7317
+ # @option params [required, Boolean] :auto_enable
7318
+ # Whether to automatically enable Security Hub for new accounts in the
7319
+ # organization.
7320
+ #
7321
+ # By default, this is `false`, and new accounts are not added
7322
+ # automatically.
7323
+ #
7324
+ # To automatically enable Security Hub for new accounts, set this to
7325
+ # `true`.
7326
+ #
7327
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
7328
+ #
7329
+ # @example Request syntax with placeholder values
7330
+ #
7331
+ # resp = client.update_organization_configuration({
7332
+ # auto_enable: false, # required
7333
+ # })
7334
+ #
7335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
7336
+ #
7337
+ # @overload update_organization_configuration(params = {})
7338
+ # @param [Hash] params ({})
7339
+ def update_organization_configuration(params = {}, options = {})
7340
+ req = build_request(:update_organization_configuration, params)
7341
+ req.send_request(options)
7342
+ end
7343
+
6285
7344
  # Updates configuration options for Security Hub.
6286
7345
  #
6287
7346
  # @option params [Boolean] :auto_enable_controls
@@ -6354,7 +7413,7 @@ module Aws::SecurityHub
6354
7413
  params: params,
6355
7414
  config: config)
6356
7415
  context[:gem_name] = 'aws-sdk-securityhub'
6357
- context[:gem_version] = '1.32.0'
7416
+ context[:gem_version] = '1.37.0'
6358
7417
  Seahorse::Client::Request.new(handlers, context)
6359
7418
  end
6360
7419