aws-sdk-securityhub 1.34.0 → 1.39.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 88ec5526636174298fbaa04dd957dd87360b35e095f6d2c273ecfb0959a92383
4
- data.tar.gz: 3bcfc01d470ef4d2989402ff051a904abc8398d300d8e25868c7d4d6a4ee58cb
3
+ metadata.gz: dbaa3755b40c976c24ebe4d235bc5788cf5b472d6c6be3709044f9f65c38035d
4
+ data.tar.gz: 8063fc4235146737822250dc15b021f8a10a22ddeb2531133ef4224f2006661a
5
5
  SHA512:
6
- metadata.gz: 35f191c5c840d9a7c30e6fcc189ecf1987111e8a785a0d72711453d5b75ea5745073d988c569e4a2b590617df74cdde0dd485b5ef7ca7245e2a8beb8739c19ab
7
- data.tar.gz: f98dac6c1d67cb651c29918dd36072e7108e66ed5f3df9af5a5f54fc178b33c17d6b54cfc935aa779c4556a9f82cbcd90042a71ed111a32a465244fa26906ead
6
+ metadata.gz: 90556a91b0b9b921733e3c7f78a7e5458c389fe583f273bb94ec9d98016db3147bed49e73baf3870d94e0adf360174ae02b8470135ba213d44f0636be4f0fd3d
7
+ data.tar.gz: c0eb8761169d0c81ee1093bc410a64def006becc44f0da658b40af37ed7b1a188440ba55e88d2a7265d9915fb540b21ed2068ccb0540bb8d9602e71e9f7dbfd7
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-securityhub/customizations'
48
48
  # @!group service
49
49
  module Aws::SecurityHub
50
50
 
51
- GEM_VERSION = '1.34.0'
51
+ GEM_VERSION = '1.39.0'
52
52
 
53
53
  end
@@ -330,6 +330,9 @@ module Aws::SecurityHub
330
330
  # Accepts the invitation to be a member account and be monitored by the
331
331
  # Security Hub master account that the invitation was sent from.
332
332
  #
333
+ # This operation is only used by member accounts that are not added
334
+ # through Organizations.
335
+ #
333
336
  # When the member account accepts the invitation, permission is granted
334
337
  # to the master account to view findings generated in the member
335
338
  # account.
@@ -460,24 +463,30 @@ module Aws::SecurityHub
460
463
  # update the following finding fields and objects, which Security Hub
461
464
  # customers use to manage their investigation workflow.
462
465
  #
466
+ # * `Note`
467
+ #
468
+ # * `UserDefinedFields`
469
+ #
470
+ # * `VerificationState`
471
+ #
472
+ # * `Workflow`
473
+ #
474
+ # `BatchImportFindings` can be used to update the following finding
475
+ # fields and objects only if they have not been updated using
476
+ # `BatchUpdateFindings`. After they are updated using
477
+ # `BatchUpdateFindings`, these fields cannot be updated using
478
+ # `BatchImportFindings`.
479
+ #
463
480
  # * `Confidence`
464
481
  #
465
482
  # * `Criticality`
466
483
  #
467
- # * `Note`
468
- #
469
484
  # * `RelatedFindings`
470
485
  #
471
486
  # * `Severity`
472
487
  #
473
488
  # * `Types`
474
489
  #
475
- # * `UserDefinedFields`
476
- #
477
- # * `VerificationState`
478
- #
479
- # * `Workflow`
480
- #
481
490
  # @option params [required, Array<Types::AwsSecurityFinding>] :findings
482
491
  # A list of findings to import. To successfully import a finding, it
483
492
  # must follow the [AWS Security Finding Format][1]. Maximum of 100
@@ -628,6 +637,7 @@ module Aws::SecurityHub
628
637
  # id: "NonEmptyString", # required
629
638
  # partition: "aws", # accepts aws, aws-cn, aws-us-gov
630
639
  # region: "NonEmptyString",
640
+ # resource_role: "NonEmptyString",
631
641
  # tags: {
632
642
  # "NonEmptyString" => "NonEmptyString",
633
643
  # },
@@ -665,6 +675,17 @@ module Aws::SecurityHub
665
675
  # },
666
676
  # },
667
677
  # aws_cloud_front_distribution: {
678
+ # cache_behaviors: {
679
+ # items: [
680
+ # {
681
+ # viewer_protocol_policy: "NonEmptyString",
682
+ # },
683
+ # ],
684
+ # },
685
+ # default_cache_behavior: {
686
+ # viewer_protocol_policy: "NonEmptyString",
687
+ # },
688
+ # default_root_object: "NonEmptyString",
668
689
  # domain_name: "NonEmptyString",
669
690
  # etag: "NonEmptyString",
670
691
  # last_modified_time: "NonEmptyString",
@@ -680,6 +701,21 @@ module Aws::SecurityHub
680
701
  # domain_name: "NonEmptyString",
681
702
  # id: "NonEmptyString",
682
703
  # origin_path: "NonEmptyString",
704
+ # s3_origin_config: {
705
+ # origin_access_identity: "NonEmptyString",
706
+ # },
707
+ # },
708
+ # ],
709
+ # },
710
+ # origin_groups: {
711
+ # items: [
712
+ # {
713
+ # failover_criteria: {
714
+ # status_codes: {
715
+ # items: [1],
716
+ # quantity: 1,
717
+ # },
718
+ # },
683
719
  # },
684
720
  # ],
685
721
  # },
@@ -715,6 +751,19 @@ module Aws::SecurityHub
715
751
  # },
716
752
  # ],
717
753
  # source_dest_check: false,
754
+ # ip_v6_addresses: [
755
+ # {
756
+ # ip_v6_address: "NonEmptyString",
757
+ # },
758
+ # ],
759
+ # private_ip_addresses: [
760
+ # {
761
+ # private_ip_address: "NonEmptyString",
762
+ # private_dns_name: "NonEmptyString",
763
+ # },
764
+ # ],
765
+ # public_dns_name: "NonEmptyString",
766
+ # public_ip: "NonEmptyString",
718
767
  # },
719
768
  # aws_ec2_security_group: {
720
769
  # group_name: "NonEmptyString",
@@ -921,6 +970,21 @@ module Aws::SecurityHub
921
970
  # principal_id: "NonEmptyString",
922
971
  # principal_type: "NonEmptyString",
923
972
  # principal_name: "NonEmptyString",
973
+ # account_id: "NonEmptyString",
974
+ # access_key_id: "NonEmptyString",
975
+ # session_context: {
976
+ # attributes: {
977
+ # mfa_authenticated: false,
978
+ # creation_date: "NonEmptyString",
979
+ # },
980
+ # session_issuer: {
981
+ # type: "NonEmptyString",
982
+ # principal_id: "NonEmptyString",
983
+ # arn: "NonEmptyString",
984
+ # account_id: "NonEmptyString",
985
+ # user_name: "NonEmptyString",
986
+ # },
987
+ # },
924
988
  # },
925
989
  # aws_iam_user: {
926
990
  # attached_managed_policies: [
@@ -963,6 +1027,56 @@ module Aws::SecurityHub
963
1027
  # ],
964
1028
  # update_date: "NonEmptyString",
965
1029
  # },
1030
+ # aws_api_gateway_v2_stage: {
1031
+ # created_date: "NonEmptyString",
1032
+ # description: "NonEmptyString",
1033
+ # default_route_settings: {
1034
+ # detailed_metrics_enabled: false,
1035
+ # logging_level: "NonEmptyString",
1036
+ # data_trace_enabled: false,
1037
+ # throttling_burst_limit: 1,
1038
+ # throttling_rate_limit: 1.0,
1039
+ # },
1040
+ # deployment_id: "NonEmptyString",
1041
+ # last_updated_date: "NonEmptyString",
1042
+ # route_settings: {
1043
+ # detailed_metrics_enabled: false,
1044
+ # logging_level: "NonEmptyString",
1045
+ # data_trace_enabled: false,
1046
+ # throttling_burst_limit: 1,
1047
+ # throttling_rate_limit: 1.0,
1048
+ # },
1049
+ # stage_name: "NonEmptyString",
1050
+ # stage_variables: {
1051
+ # "NonEmptyString" => "NonEmptyString",
1052
+ # },
1053
+ # access_log_settings: {
1054
+ # format: "NonEmptyString",
1055
+ # destination_arn: "NonEmptyString",
1056
+ # },
1057
+ # auto_deploy: false,
1058
+ # last_deployment_status_message: "NonEmptyString",
1059
+ # api_gateway_managed: false,
1060
+ # },
1061
+ # aws_api_gateway_v2_api: {
1062
+ # api_endpoint: "NonEmptyString",
1063
+ # api_id: "NonEmptyString",
1064
+ # api_key_selection_expression: "NonEmptyString",
1065
+ # created_date: "NonEmptyString",
1066
+ # description: "NonEmptyString",
1067
+ # version: "NonEmptyString",
1068
+ # name: "NonEmptyString",
1069
+ # protocol_type: "NonEmptyString",
1070
+ # route_selection_expression: "NonEmptyString",
1071
+ # cors_configuration: {
1072
+ # allow_origins: ["NonEmptyString"],
1073
+ # allow_credentials: false,
1074
+ # expose_headers: ["NonEmptyString"],
1075
+ # max_age: 1,
1076
+ # allow_methods: ["NonEmptyString"],
1077
+ # allow_headers: ["NonEmptyString"],
1078
+ # },
1079
+ # },
966
1080
  # aws_dynamo_db_table: {
967
1081
  # attribute_definitions: [
968
1082
  # {
@@ -1075,11 +1189,428 @@ module Aws::SecurityHub
1075
1189
  # table_size_bytes: 1,
1076
1190
  # table_status: "NonEmptyString",
1077
1191
  # },
1192
+ # aws_api_gateway_stage: {
1193
+ # deployment_id: "NonEmptyString",
1194
+ # client_certificate_id: "NonEmptyString",
1195
+ # stage_name: "NonEmptyString",
1196
+ # description: "NonEmptyString",
1197
+ # cache_cluster_enabled: false,
1198
+ # cache_cluster_size: "NonEmptyString",
1199
+ # cache_cluster_status: "NonEmptyString",
1200
+ # method_settings: [
1201
+ # {
1202
+ # metrics_enabled: false,
1203
+ # logging_level: "NonEmptyString",
1204
+ # data_trace_enabled: false,
1205
+ # throttling_burst_limit: 1,
1206
+ # throttling_rate_limit: 1.0,
1207
+ # caching_enabled: false,
1208
+ # cache_ttl_in_seconds: 1,
1209
+ # cache_data_encrypted: false,
1210
+ # require_authorization_for_cache_control: false,
1211
+ # unauthorized_cache_control_header_strategy: "NonEmptyString",
1212
+ # http_method: "NonEmptyString",
1213
+ # resource_path: "NonEmptyString",
1214
+ # },
1215
+ # ],
1216
+ # variables: {
1217
+ # "NonEmptyString" => "NonEmptyString",
1218
+ # },
1219
+ # documentation_version: "NonEmptyString",
1220
+ # access_log_settings: {
1221
+ # format: "NonEmptyString",
1222
+ # destination_arn: "NonEmptyString",
1223
+ # },
1224
+ # canary_settings: {
1225
+ # percent_traffic: 1.0,
1226
+ # deployment_id: "NonEmptyString",
1227
+ # stage_variable_overrides: {
1228
+ # "NonEmptyString" => "NonEmptyString",
1229
+ # },
1230
+ # use_stage_cache: false,
1231
+ # },
1232
+ # tracing_enabled: false,
1233
+ # created_date: "NonEmptyString",
1234
+ # last_updated_date: "NonEmptyString",
1235
+ # web_acl_arn: "NonEmptyString",
1236
+ # },
1237
+ # aws_api_gateway_rest_api: {
1238
+ # id: "NonEmptyString",
1239
+ # name: "NonEmptyString",
1240
+ # description: "NonEmptyString",
1241
+ # created_date: "NonEmptyString",
1242
+ # version: "NonEmptyString",
1243
+ # binary_media_types: ["NonEmptyString"],
1244
+ # minimum_compression_size: 1,
1245
+ # api_key_source: "NonEmptyString",
1246
+ # endpoint_configuration: {
1247
+ # types: ["NonEmptyString"],
1248
+ # },
1249
+ # },
1250
+ # aws_cloud_trail_trail: {
1251
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
1252
+ # cloud_watch_logs_role_arn: "NonEmptyString",
1253
+ # has_custom_event_selectors: false,
1254
+ # home_region: "NonEmptyString",
1255
+ # include_global_service_events: false,
1256
+ # is_multi_region_trail: false,
1257
+ # is_organization_trail: false,
1258
+ # kms_key_id: "NonEmptyString",
1259
+ # log_file_validation_enabled: false,
1260
+ # name: "NonEmptyString",
1261
+ # s3_bucket_name: "NonEmptyString",
1262
+ # s3_key_prefix: "NonEmptyString",
1263
+ # sns_topic_arn: "NonEmptyString",
1264
+ # sns_topic_name: "NonEmptyString",
1265
+ # trail_arn: "NonEmptyString",
1266
+ # },
1267
+ # aws_ssm_patch_compliance: {
1268
+ # patch: {
1269
+ # compliance_summary: {
1270
+ # status: "NonEmptyString",
1271
+ # compliant_critical_count: 1,
1272
+ # compliant_high_count: 1,
1273
+ # compliant_medium_count: 1,
1274
+ # execution_type: "NonEmptyString",
1275
+ # non_compliant_critical_count: 1,
1276
+ # compliant_informational_count: 1,
1277
+ # non_compliant_informational_count: 1,
1278
+ # compliant_unspecified_count: 1,
1279
+ # non_compliant_low_count: 1,
1280
+ # non_compliant_high_count: 1,
1281
+ # compliant_low_count: 1,
1282
+ # compliance_type: "NonEmptyString",
1283
+ # patch_baseline_id: "NonEmptyString",
1284
+ # overall_severity: "NonEmptyString",
1285
+ # non_compliant_medium_count: 1,
1286
+ # non_compliant_unspecified_count: 1,
1287
+ # patch_group: "NonEmptyString",
1288
+ # },
1289
+ # },
1290
+ # },
1291
+ # aws_certificate_manager_certificate: {
1292
+ # certificate_authority_arn: "NonEmptyString",
1293
+ # created_at: "NonEmptyString",
1294
+ # domain_name: "NonEmptyString",
1295
+ # domain_validation_options: [
1296
+ # {
1297
+ # domain_name: "NonEmptyString",
1298
+ # resource_record: {
1299
+ # name: "NonEmptyString",
1300
+ # type: "NonEmptyString",
1301
+ # value: "NonEmptyString",
1302
+ # },
1303
+ # validation_domain: "NonEmptyString",
1304
+ # validation_emails: ["NonEmptyString"],
1305
+ # validation_method: "NonEmptyString",
1306
+ # validation_status: "NonEmptyString",
1307
+ # },
1308
+ # ],
1309
+ # extended_key_usages: [
1310
+ # {
1311
+ # name: "NonEmptyString",
1312
+ # o_id: "NonEmptyString",
1313
+ # },
1314
+ # ],
1315
+ # failure_reason: "NonEmptyString",
1316
+ # imported_at: "NonEmptyString",
1317
+ # in_use_by: ["NonEmptyString"],
1318
+ # issued_at: "NonEmptyString",
1319
+ # issuer: "NonEmptyString",
1320
+ # key_algorithm: "NonEmptyString",
1321
+ # key_usages: [
1322
+ # {
1323
+ # name: "NonEmptyString",
1324
+ # },
1325
+ # ],
1326
+ # not_after: "NonEmptyString",
1327
+ # not_before: "NonEmptyString",
1328
+ # options: {
1329
+ # certificate_transparency_logging_preference: "NonEmptyString",
1330
+ # },
1331
+ # renewal_eligibility: "NonEmptyString",
1332
+ # renewal_summary: {
1333
+ # domain_validation_options: [
1334
+ # {
1335
+ # domain_name: "NonEmptyString",
1336
+ # resource_record: {
1337
+ # name: "NonEmptyString",
1338
+ # type: "NonEmptyString",
1339
+ # value: "NonEmptyString",
1340
+ # },
1341
+ # validation_domain: "NonEmptyString",
1342
+ # validation_emails: ["NonEmptyString"],
1343
+ # validation_method: "NonEmptyString",
1344
+ # validation_status: "NonEmptyString",
1345
+ # },
1346
+ # ],
1347
+ # renewal_status: "NonEmptyString",
1348
+ # renewal_status_reason: "NonEmptyString",
1349
+ # updated_at: "NonEmptyString",
1350
+ # },
1351
+ # serial: "NonEmptyString",
1352
+ # signature_algorithm: "NonEmptyString",
1353
+ # status: "NonEmptyString",
1354
+ # subject: "NonEmptyString",
1355
+ # subject_alternative_names: ["NonEmptyString"],
1356
+ # type: "NonEmptyString",
1357
+ # },
1358
+ # aws_redshift_cluster: {
1359
+ # allow_version_upgrade: false,
1360
+ # automated_snapshot_retention_period: 1,
1361
+ # availability_zone: "NonEmptyString",
1362
+ # cluster_availability_status: "NonEmptyString",
1363
+ # cluster_create_time: "NonEmptyString",
1364
+ # cluster_identifier: "NonEmptyString",
1365
+ # cluster_nodes: [
1366
+ # {
1367
+ # node_role: "NonEmptyString",
1368
+ # private_ip_address: "NonEmptyString",
1369
+ # public_ip_address: "NonEmptyString",
1370
+ # },
1371
+ # ],
1372
+ # cluster_parameter_groups: [
1373
+ # {
1374
+ # cluster_parameter_status_list: [
1375
+ # {
1376
+ # parameter_name: "NonEmptyString",
1377
+ # parameter_apply_status: "NonEmptyString",
1378
+ # parameter_apply_error_description: "NonEmptyString",
1379
+ # },
1380
+ # ],
1381
+ # parameter_apply_status: "NonEmptyString",
1382
+ # parameter_group_name: "NonEmptyString",
1383
+ # },
1384
+ # ],
1385
+ # cluster_public_key: "NonEmptyString",
1386
+ # cluster_revision_number: "NonEmptyString",
1387
+ # cluster_security_groups: [
1388
+ # {
1389
+ # cluster_security_group_name: "NonEmptyString",
1390
+ # status: "NonEmptyString",
1391
+ # },
1392
+ # ],
1393
+ # cluster_snapshot_copy_status: {
1394
+ # destination_region: "NonEmptyString",
1395
+ # manual_snapshot_retention_period: 1,
1396
+ # retention_period: 1,
1397
+ # snapshot_copy_grant_name: "NonEmptyString",
1398
+ # },
1399
+ # cluster_status: "NonEmptyString",
1400
+ # cluster_subnet_group_name: "NonEmptyString",
1401
+ # cluster_version: "NonEmptyString",
1402
+ # db_name: "NonEmptyString",
1403
+ # deferred_maintenance_windows: [
1404
+ # {
1405
+ # defer_maintenance_end_time: "NonEmptyString",
1406
+ # defer_maintenance_identifier: "NonEmptyString",
1407
+ # defer_maintenance_start_time: "NonEmptyString",
1408
+ # },
1409
+ # ],
1410
+ # elastic_ip_status: {
1411
+ # elastic_ip: "NonEmptyString",
1412
+ # status: "NonEmptyString",
1413
+ # },
1414
+ # elastic_resize_number_of_node_options: "NonEmptyString",
1415
+ # encrypted: false,
1416
+ # endpoint: {
1417
+ # address: "NonEmptyString",
1418
+ # port: 1,
1419
+ # },
1420
+ # enhanced_vpc_routing: false,
1421
+ # expected_next_snapshot_schedule_time: "NonEmptyString",
1422
+ # expected_next_snapshot_schedule_time_status: "NonEmptyString",
1423
+ # hsm_status: {
1424
+ # hsm_client_certificate_identifier: "NonEmptyString",
1425
+ # hsm_configuration_identifier: "NonEmptyString",
1426
+ # status: "NonEmptyString",
1427
+ # },
1428
+ # iam_roles: [
1429
+ # {
1430
+ # apply_status: "NonEmptyString",
1431
+ # iam_role_arn: "NonEmptyString",
1432
+ # },
1433
+ # ],
1434
+ # kms_key_id: "NonEmptyString",
1435
+ # maintenance_track_name: "NonEmptyString",
1436
+ # manual_snapshot_retention_period: 1,
1437
+ # master_username: "NonEmptyString",
1438
+ # next_maintenance_window_start_time: "NonEmptyString",
1439
+ # node_type: "NonEmptyString",
1440
+ # number_of_nodes: 1,
1441
+ # pending_actions: ["NonEmptyString"],
1442
+ # pending_modified_values: {
1443
+ # automated_snapshot_retention_period: 1,
1444
+ # cluster_identifier: "NonEmptyString",
1445
+ # cluster_type: "NonEmptyString",
1446
+ # cluster_version: "NonEmptyString",
1447
+ # encryption_type: "NonEmptyString",
1448
+ # enhanced_vpc_routing: false,
1449
+ # maintenance_track_name: "NonEmptyString",
1450
+ # master_user_password: "NonEmptyString",
1451
+ # node_type: "NonEmptyString",
1452
+ # number_of_nodes: 1,
1453
+ # publicly_accessible: false,
1454
+ # },
1455
+ # preferred_maintenance_window: "NonEmptyString",
1456
+ # publicly_accessible: false,
1457
+ # resize_info: {
1458
+ # allow_cancel_resize: false,
1459
+ # resize_type: "NonEmptyString",
1460
+ # },
1461
+ # restore_status: {
1462
+ # current_restore_rate_in_mega_bytes_per_second: 1.0,
1463
+ # elapsed_time_in_seconds: 1,
1464
+ # estimated_time_to_completion_in_seconds: 1,
1465
+ # progress_in_mega_bytes: 1,
1466
+ # snapshot_size_in_mega_bytes: 1,
1467
+ # status: "NonEmptyString",
1468
+ # },
1469
+ # snapshot_schedule_identifier: "NonEmptyString",
1470
+ # snapshot_schedule_state: "NonEmptyString",
1471
+ # vpc_id: "NonEmptyString",
1472
+ # vpc_security_groups: [
1473
+ # {
1474
+ # status: "NonEmptyString",
1475
+ # vpc_security_group_id: "NonEmptyString",
1476
+ # },
1477
+ # ],
1478
+ # },
1479
+ # aws_elb_load_balancer: {
1480
+ # availability_zones: ["NonEmptyString"],
1481
+ # backend_server_descriptions: [
1482
+ # {
1483
+ # instance_port: 1,
1484
+ # policy_names: ["NonEmptyString"],
1485
+ # },
1486
+ # ],
1487
+ # canonical_hosted_zone_name: "NonEmptyString",
1488
+ # canonical_hosted_zone_name_id: "NonEmptyString",
1489
+ # created_time: "NonEmptyString",
1490
+ # dns_name: "NonEmptyString",
1491
+ # health_check: {
1492
+ # healthy_threshold: 1,
1493
+ # interval: 1,
1494
+ # target: "NonEmptyString",
1495
+ # timeout: 1,
1496
+ # unhealthy_threshold: 1,
1497
+ # },
1498
+ # instances: [
1499
+ # {
1500
+ # instance_id: "NonEmptyString",
1501
+ # },
1502
+ # ],
1503
+ # listener_descriptions: [
1504
+ # {
1505
+ # listener: {
1506
+ # instance_port: 1,
1507
+ # instance_protocol: "NonEmptyString",
1508
+ # load_balancer_port: 1,
1509
+ # protocol: "NonEmptyString",
1510
+ # ssl_certificate_id: "NonEmptyString",
1511
+ # },
1512
+ # policy_names: ["NonEmptyString"],
1513
+ # },
1514
+ # ],
1515
+ # load_balancer_attributes: {
1516
+ # access_log: {
1517
+ # emit_interval: 1,
1518
+ # enabled: false,
1519
+ # s3_bucket_name: "NonEmptyString",
1520
+ # s3_bucket_prefix: "NonEmptyString",
1521
+ # },
1522
+ # connection_draining: {
1523
+ # enabled: false,
1524
+ # timeout: 1,
1525
+ # },
1526
+ # connection_settings: {
1527
+ # idle_timeout: 1,
1528
+ # },
1529
+ # cross_zone_load_balancing: {
1530
+ # enabled: false,
1531
+ # },
1532
+ # },
1533
+ # load_balancer_name: "NonEmptyString",
1534
+ # policies: {
1535
+ # app_cookie_stickiness_policies: [
1536
+ # {
1537
+ # cookie_name: "NonEmptyString",
1538
+ # policy_name: "NonEmptyString",
1539
+ # },
1540
+ # ],
1541
+ # lb_cookie_stickiness_policies: [
1542
+ # {
1543
+ # cookie_expiration_period: 1,
1544
+ # policy_name: "NonEmptyString",
1545
+ # },
1546
+ # ],
1547
+ # other_policies: ["NonEmptyString"],
1548
+ # },
1549
+ # scheme: "NonEmptyString",
1550
+ # security_groups: ["NonEmptyString"],
1551
+ # source_security_group: {
1552
+ # group_name: "NonEmptyString",
1553
+ # owner_alias: "NonEmptyString",
1554
+ # },
1555
+ # subnets: ["NonEmptyString"],
1556
+ # vpc_id: "NonEmptyString",
1557
+ # },
1558
+ # aws_iam_group: {
1559
+ # attached_managed_policies: [
1560
+ # {
1561
+ # policy_name: "NonEmptyString",
1562
+ # policy_arn: "NonEmptyString",
1563
+ # },
1564
+ # ],
1565
+ # create_date: "NonEmptyString",
1566
+ # group_id: "NonEmptyString",
1567
+ # group_name: "NonEmptyString",
1568
+ # group_policy_list: [
1569
+ # {
1570
+ # policy_name: "NonEmptyString",
1571
+ # },
1572
+ # ],
1573
+ # path: "NonEmptyString",
1574
+ # },
1078
1575
  # aws_iam_role: {
1079
1576
  # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1577
+ # attached_managed_policies: [
1578
+ # {
1579
+ # policy_name: "NonEmptyString",
1580
+ # policy_arn: "NonEmptyString",
1581
+ # },
1582
+ # ],
1080
1583
  # create_date: "NonEmptyString",
1584
+ # instance_profile_list: [
1585
+ # {
1586
+ # arn: "NonEmptyString",
1587
+ # create_date: "NonEmptyString",
1588
+ # instance_profile_id: "NonEmptyString",
1589
+ # instance_profile_name: "NonEmptyString",
1590
+ # path: "NonEmptyString",
1591
+ # roles: [
1592
+ # {
1593
+ # arn: "NonEmptyString",
1594
+ # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument",
1595
+ # create_date: "NonEmptyString",
1596
+ # path: "NonEmptyString",
1597
+ # role_id: "NonEmptyString",
1598
+ # role_name: "NonEmptyString",
1599
+ # },
1600
+ # ],
1601
+ # },
1602
+ # ],
1603
+ # permissions_boundary: {
1604
+ # permissions_boundary_arn: "NonEmptyString",
1605
+ # permissions_boundary_type: "NonEmptyString",
1606
+ # },
1081
1607
  # role_id: "NonEmptyString",
1082
1608
  # role_name: "NonEmptyString",
1609
+ # role_policy_list: [
1610
+ # {
1611
+ # policy_name: "NonEmptyString",
1612
+ # },
1613
+ # ],
1083
1614
  # max_session_duration: 1,
1084
1615
  # path: "NonEmptyString",
1085
1616
  # },
@@ -1533,6 +2064,114 @@ module Aws::SecurityHub
1533
2064
  # reboot_option: "NonEmptyString",
1534
2065
  # operation: "NonEmptyString",
1535
2066
  # },
2067
+ # action: {
2068
+ # action_type: "NonEmptyString",
2069
+ # network_connection_action: {
2070
+ # connection_direction: "NonEmptyString",
2071
+ # remote_ip_details: {
2072
+ # ip_address_v4: "NonEmptyString",
2073
+ # organization: {
2074
+ # asn: 1,
2075
+ # asn_org: "NonEmptyString",
2076
+ # isp: "NonEmptyString",
2077
+ # org: "NonEmptyString",
2078
+ # },
2079
+ # country: {
2080
+ # country_code: "NonEmptyString",
2081
+ # country_name: "NonEmptyString",
2082
+ # },
2083
+ # city: {
2084
+ # city_name: "NonEmptyString",
2085
+ # },
2086
+ # geo_location: {
2087
+ # lon: 1.0,
2088
+ # lat: 1.0,
2089
+ # },
2090
+ # },
2091
+ # remote_port_details: {
2092
+ # port: 1,
2093
+ # port_name: "NonEmptyString",
2094
+ # },
2095
+ # local_port_details: {
2096
+ # port: 1,
2097
+ # port_name: "NonEmptyString",
2098
+ # },
2099
+ # protocol: "NonEmptyString",
2100
+ # blocked: false,
2101
+ # },
2102
+ # aws_api_call_action: {
2103
+ # api: "NonEmptyString",
2104
+ # service_name: "NonEmptyString",
2105
+ # caller_type: "NonEmptyString",
2106
+ # remote_ip_details: {
2107
+ # ip_address_v4: "NonEmptyString",
2108
+ # organization: {
2109
+ # asn: 1,
2110
+ # asn_org: "NonEmptyString",
2111
+ # isp: "NonEmptyString",
2112
+ # org: "NonEmptyString",
2113
+ # },
2114
+ # country: {
2115
+ # country_code: "NonEmptyString",
2116
+ # country_name: "NonEmptyString",
2117
+ # },
2118
+ # city: {
2119
+ # city_name: "NonEmptyString",
2120
+ # },
2121
+ # geo_location: {
2122
+ # lon: 1.0,
2123
+ # lat: 1.0,
2124
+ # },
2125
+ # },
2126
+ # domain_details: {
2127
+ # domain: "NonEmptyString",
2128
+ # },
2129
+ # affected_resources: {
2130
+ # "NonEmptyString" => "NonEmptyString",
2131
+ # },
2132
+ # first_seen: "NonEmptyString",
2133
+ # last_seen: "NonEmptyString",
2134
+ # },
2135
+ # dns_request_action: {
2136
+ # domain: "NonEmptyString",
2137
+ # protocol: "NonEmptyString",
2138
+ # blocked: false,
2139
+ # },
2140
+ # port_probe_action: {
2141
+ # port_probe_details: [
2142
+ # {
2143
+ # local_port_details: {
2144
+ # port: 1,
2145
+ # port_name: "NonEmptyString",
2146
+ # },
2147
+ # local_ip_details: {
2148
+ # ip_address_v4: "NonEmptyString",
2149
+ # },
2150
+ # remote_ip_details: {
2151
+ # ip_address_v4: "NonEmptyString",
2152
+ # organization: {
2153
+ # asn: 1,
2154
+ # asn_org: "NonEmptyString",
2155
+ # isp: "NonEmptyString",
2156
+ # org: "NonEmptyString",
2157
+ # },
2158
+ # country: {
2159
+ # country_code: "NonEmptyString",
2160
+ # country_name: "NonEmptyString",
2161
+ # },
2162
+ # city: {
2163
+ # city_name: "NonEmptyString",
2164
+ # },
2165
+ # geo_location: {
2166
+ # lon: 1.0,
2167
+ # lat: 1.0,
2168
+ # },
2169
+ # },
2170
+ # },
2171
+ # ],
2172
+ # blocked: false,
2173
+ # },
2174
+ # },
1536
2175
  # },
1537
2176
  # ],
1538
2177
  # })
@@ -1564,8 +2203,8 @@ module Aws::SecurityHub
1564
2203
  # Updates from `BatchUpdateFindings` do not affect the value of
1565
2204
  # `UpdatedAt` for a finding.
1566
2205
  #
1567
- # Master accounts can use `BatchUpdateFindings` to update the following
1568
- # finding fields and objects.
2206
+ # Master and member accounts can use `BatchUpdateFindings` to update the
2207
+ # following finding fields and objects.
1569
2208
  #
1570
2209
  # * `Confidence`
1571
2210
  #
@@ -1585,8 +2224,15 @@ module Aws::SecurityHub
1585
2224
  #
1586
2225
  # * `Workflow`
1587
2226
  #
1588
- # Member accounts can only use `BatchUpdateFindings` to update the Note
1589
- # object.
2227
+ # You can configure IAM policies to restrict access to fields and field
2228
+ # values. For example, you might not want member accounts to be able to
2229
+ # suppress findings or change the finding severity. See [Configuring
2230
+ # access to BatchUpdateFindings][1] in the *AWS Security Hub User
2231
+ # Guide*.
2232
+ #
2233
+ #
2234
+ #
2235
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access
1590
2236
  #
1591
2237
  # @option params [required, Array<Types::AwsSecurityFindingIdentifier>] :finding_identifiers
1592
2238
  # The list of findings to update. `BatchUpdateFindings` can be used to
@@ -2362,29 +3008,48 @@ module Aws::SecurityHub
2362
3008
 
2363
3009
  # Creates a member association in Security Hub between the specified
2364
3010
  # accounts and the account used to make the request, which is the master
2365
- # account. To successfully create a member, you must use this action
2366
- # from an account that already has Security Hub enabled. To enable
2367
- # Security Hub, you can use the ` EnableSecurityHub ` operation.
3011
+ # account. If you are integrated with Organizations, then the master
3012
+ # account is the Security Hub administrator account that is designated
3013
+ # by the organization management account.
3014
+ #
3015
+ # `CreateMembers` is always used to add accounts that are not
3016
+ # organization members.
3017
+ #
3018
+ # For accounts that are part of an organization, `CreateMembers` is only
3019
+ # used in the following cases:
2368
3020
  #
2369
- # After you use `CreateMembers` to create member account associations in
2370
- # Security Hub, you must use the ` InviteMembers ` operation to invite
2371
- # the accounts to enable Security Hub and become member accounts in
2372
- # Security Hub.
3021
+ # * Security Hub is not configured to automatically add new accounts in
3022
+ # an organization.
2373
3023
  #
2374
- # If the account owner accepts the invitation, the account becomes a
2375
- # member account in Security Hub. A permissions policy is added that
2376
- # permits the master account to view the findings generated in the
2377
- # member account. When Security Hub is enabled in the invited account,
2378
- # findings start to be sent to both the member and master accounts.
3024
+ # * The account was disassociated or deleted in Security Hub.
3025
+ #
3026
+ # This action can only be used by an account that has Security Hub
3027
+ # enabled. To enable Security Hub, you can use the ` EnableSecurityHub `
3028
+ # operation.
3029
+ #
3030
+ # For accounts that are not organization members, you create the account
3031
+ # association and then send an invitation to the member account. To send
3032
+ # the invitation, you use the ` InviteMembers ` operation. If the
3033
+ # account owner accepts the invitation, the account becomes a member
3034
+ # account in Security Hub.
3035
+ #
3036
+ # Accounts that are part of an organization do not receive an
3037
+ # invitation. They automatically become a member account in Security
3038
+ # Hub.
3039
+ #
3040
+ # A permissions policy is added that permits the master account to view
3041
+ # the findings generated in the member account. When Security Hub is
3042
+ # enabled in a member account, findings are sent to both the member and
3043
+ # master accounts.
2379
3044
  #
2380
3045
  # To remove the association between the master and member accounts, use
2381
3046
  # the ` DisassociateFromMasterAccount ` or ` DisassociateMembers `
2382
3047
  # operation.
2383
3048
  #
2384
- # @option params [Array<Types::AccountDetails>] :account_details
3049
+ # @option params [required, Array<Types::AccountDetails>] :account_details
2385
3050
  # The list of accounts to associate with the Security Hub master
2386
- # account. For each account, the list includes the account ID and the
2387
- # email address.
3051
+ # account. For each account, the list includes the account ID and
3052
+ # optionally the email address.
2388
3053
  #
2389
3054
  # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2390
3055
  #
@@ -2393,9 +3058,9 @@ module Aws::SecurityHub
2393
3058
  # @example Request syntax with placeholder values
2394
3059
  #
2395
3060
  # resp = client.create_members({
2396
- # account_details: [
3061
+ # account_details: [ # required
2397
3062
  # {
2398
- # account_id: "AccountId",
3063
+ # account_id: "AccountId", # required
2399
3064
  # email: "NonEmptyString",
2400
3065
  # },
2401
3066
  # ],
@@ -2418,6 +3083,9 @@ module Aws::SecurityHub
2418
3083
 
2419
3084
  # Declines invitations to become a member account.
2420
3085
  #
3086
+ # This operation is only used by accounts that are not part of an
3087
+ # organization. Organization accounts do not receive invitations.
3088
+ #
2421
3089
  # @option params [required, Array<String>] :account_ids
2422
3090
  # The list of account IDs for the accounts from which to decline the
2423
3091
  # invitations to Security Hub.
@@ -2510,6 +3178,9 @@ module Aws::SecurityHub
2510
3178
  # Deletes invitations received by the AWS account to become a member
2511
3179
  # account.
2512
3180
  #
3181
+ # This operation is only used by accounts that are not part of an
3182
+ # organization. Organization accounts do not receive invitations.
3183
+ #
2513
3184
  # @option params [required, Array<String>] :account_ids
2514
3185
  # The list of the account IDs that sent the invitations to delete.
2515
3186
  #
@@ -2540,7 +3211,10 @@ module Aws::SecurityHub
2540
3211
 
2541
3212
  # Deletes the specified member accounts from Security Hub.
2542
3213
  #
2543
- # @option params [Array<String>] :account_ids
3214
+ # Can be used to delete member accounts that belong to an organization
3215
+ # as well as member accounts that were invited manually.
3216
+ #
3217
+ # @option params [required, Array<String>] :account_ids
2544
3218
  # The list of account IDs for the member accounts to delete.
2545
3219
  #
2546
3220
  # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -2550,7 +3224,7 @@ module Aws::SecurityHub
2550
3224
  # @example Request syntax with placeholder values
2551
3225
  #
2552
3226
  # resp = client.delete_members({
2553
- # account_ids: ["NonEmptyString"],
3227
+ # account_ids: ["NonEmptyString"], # required
2554
3228
  # })
2555
3229
  #
2556
3230
  # @example Response structure
@@ -2652,6 +3326,28 @@ module Aws::SecurityHub
2652
3326
  req.send_request(options)
2653
3327
  end
2654
3328
 
3329
+ # Returns information about the Organizations configuration for Security
3330
+ # Hub. Can only be called from a Security Hub administrator account.
3331
+ #
3332
+ # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3333
+ #
3334
+ # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
3335
+ # * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
3336
+ #
3337
+ # @example Response structure
3338
+ #
3339
+ # resp.auto_enable #=> Boolean
3340
+ # resp.member_account_limit_reached #=> Boolean
3341
+ #
3342
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
3343
+ #
3344
+ # @overload describe_organization_configuration(params = {})
3345
+ # @param [Hash] params ({})
3346
+ def describe_organization_configuration(params = {}, options = {})
3347
+ req = build_request(:describe_organization_configuration, params)
3348
+ req.send_request(options)
3349
+ end
3350
+
2655
3351
  # Returns information about the available products that you can
2656
3352
  # subscribe to and integrate with Security Hub in order to consolidate
2657
3353
  # findings.
@@ -2764,7 +3460,8 @@ module Aws::SecurityHub
2764
3460
  #
2765
3461
  # @option params [required, String] :standards_subscription_arn
2766
3462
  # The ARN of a resource that represents your subscription to a supported
2767
- # standard.
3463
+ # standard. To get the subscription ARNs of the standards you have
3464
+ # enabled, use the ` GetEnabledStandards ` operation.
2768
3465
  #
2769
3466
  # @option params [String] :next_token
2770
3467
  # The token that is required for pagination. On your first call to the
@@ -2842,6 +3539,29 @@ module Aws::SecurityHub
2842
3539
  req.send_request(options)
2843
3540
  end
2844
3541
 
3542
+ # Disables a Security Hub administrator account. Can only be called by
3543
+ # the organization management account.
3544
+ #
3545
+ # @option params [required, String] :admin_account_id
3546
+ # The AWS account identifier of the Security Hub administrator account.
3547
+ #
3548
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3549
+ #
3550
+ # @example Request syntax with placeholder values
3551
+ #
3552
+ # resp = client.disable_organization_admin_account({
3553
+ # admin_account_id: "NonEmptyString", # required
3554
+ # })
3555
+ #
3556
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
3557
+ #
3558
+ # @overload disable_organization_admin_account(params = {})
3559
+ # @param [Hash] params ({})
3560
+ def disable_organization_admin_account(params = {}, options = {})
3561
+ req = build_request(:disable_organization_admin_account, params)
3562
+ req.send_request(options)
3563
+ end
3564
+
2845
3565
  # Disables Security Hub in your account only in the current Region. To
2846
3566
  # disable Security Hub in all Regions, you must submit one request per
2847
3567
  # Region where you have enabled Security Hub.
@@ -2871,6 +3591,11 @@ module Aws::SecurityHub
2871
3591
  # Disassociates the current Security Hub member account from the
2872
3592
  # associated master account.
2873
3593
  #
3594
+ # This operation is only used by accounts that are not part of an
3595
+ # organization. For organization accounts, only the master account (the
3596
+ # designated Security Hub administrator) can disassociate a member
3597
+ # account.
3598
+ #
2874
3599
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2875
3600
  #
2876
3601
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount AWS API Documentation
@@ -2885,7 +3610,10 @@ module Aws::SecurityHub
2885
3610
  # Disassociates the specified member accounts from the associated master
2886
3611
  # account.
2887
3612
  #
2888
- # @option params [Array<String>] :account_ids
3613
+ # Can be used to disassociate both accounts that are in an organization
3614
+ # and accounts that were invited manually.
3615
+ #
3616
+ # @option params [required, Array<String>] :account_ids
2889
3617
  # The account IDs of the member accounts to disassociate from the master
2890
3618
  # account.
2891
3619
  #
@@ -2894,7 +3622,7 @@ module Aws::SecurityHub
2894
3622
  # @example Request syntax with placeholder values
2895
3623
  #
2896
3624
  # resp = client.disassociate_members({
2897
- # account_ids: ["NonEmptyString"],
3625
+ # account_ids: ["NonEmptyString"], # required
2898
3626
  # })
2899
3627
  #
2900
3628
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembers AWS API Documentation
@@ -2939,6 +3667,30 @@ module Aws::SecurityHub
2939
3667
  req.send_request(options)
2940
3668
  end
2941
3669
 
3670
+ # Designates the Security Hub administrator account for an organization.
3671
+ # Can only be called by the organization management account.
3672
+ #
3673
+ # @option params [required, String] :admin_account_id
3674
+ # The AWS account identifier of the account to designate as the Security
3675
+ # Hub administrator account.
3676
+ #
3677
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
3678
+ #
3679
+ # @example Request syntax with placeholder values
3680
+ #
3681
+ # resp = client.enable_organization_admin_account({
3682
+ # admin_account_id: "NonEmptyString", # required
3683
+ # })
3684
+ #
3685
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
3686
+ #
3687
+ # @overload enable_organization_admin_account(params = {})
3688
+ # @param [Hash] params ({})
3689
+ def enable_organization_admin_account(params = {}, options = {})
3690
+ req = build_request(:enable_organization_admin_account, params)
3691
+ req.send_request(options)
3692
+ end
3693
+
2942
3694
  # Enables Security Hub for your account in the current Region or the
2943
3695
  # Region you specify in the request.
2944
3696
  #
@@ -3058,6 +3810,9 @@ module Aws::SecurityHub
3058
3810
  # The finding attributes used to define a condition to filter the
3059
3811
  # returned findings.
3060
3812
  #
3813
+ # You can filter by up to 10 finding attributes. For each attribute, you
3814
+ # can provide up to 20 filter values.
3815
+ #
3061
3816
  # Note that in the available filter fields, `WorkflowState` is
3062
3817
  # deprecated. To search for a finding based on its workflow status, use
3063
3818
  # `WorkflowStatus`.
@@ -3741,6 +4496,7 @@ module Aws::SecurityHub
3741
4496
  # resp.findings[0].resources[0].id #=> String
3742
4497
  # resp.findings[0].resources[0].partition #=> String, one of "aws", "aws-cn", "aws-us-gov"
3743
4498
  # resp.findings[0].resources[0].region #=> String
4499
+ # resp.findings[0].resources[0].resource_role #=> String
3744
4500
  # resp.findings[0].resources[0].tags #=> Hash
3745
4501
  # resp.findings[0].resources[0].tags["NonEmptyString"] #=> String
3746
4502
  # resp.findings[0].resources[0].details.aws_auto_scaling_auto_scaling_group.launch_configuration_name #=> String
@@ -3766,6 +4522,10 @@ module Aws::SecurityHub
3766
4522
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.subnets[0] #=> String
3767
4523
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids #=> Array
3768
4524
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.security_group_ids[0] #=> String
4525
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items #=> Array
4526
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.cache_behaviors.items[0].viewer_protocol_policy #=> String
4527
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_cache_behavior.viewer_protocol_policy #=> String
4528
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.default_root_object #=> String
3769
4529
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.domain_name #=> String
3770
4530
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.etag #=> String
3771
4531
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.last_modified_time #=> String
@@ -3777,6 +4537,11 @@ module Aws::SecurityHub
3777
4537
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].domain_name #=> String
3778
4538
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].id #=> String
3779
4539
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].origin_path #=> String
4540
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origins.items[0].s3_origin_config.origin_access_identity #=> String
4541
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items #=> Array
4542
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items #=> Array
4543
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items[0] #=> Integer
4544
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.quantity #=> Integer
3780
4545
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.status #=> String
3781
4546
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.web_acl_id #=> String
3782
4547
  # resp.findings[0].resources[0].details.aws_ec2_instance.type #=> String
@@ -3802,6 +4567,13 @@ module Aws::SecurityHub
3802
4567
  # resp.findings[0].resources[0].details.aws_ec2_network_interface.security_groups[0].group_name #=> String
3803
4568
  # resp.findings[0].resources[0].details.aws_ec2_network_interface.security_groups[0].group_id #=> String
3804
4569
  # resp.findings[0].resources[0].details.aws_ec2_network_interface.source_dest_check #=> Boolean
4570
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.ip_v6_addresses #=> Array
4571
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.ip_v6_addresses[0].ip_v6_address #=> String
4572
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.private_ip_addresses #=> Array
4573
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.private_ip_addresses[0].private_ip_address #=> String
4574
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.private_ip_addresses[0].private_dns_name #=> String
4575
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.public_dns_name #=> String
4576
+ # resp.findings[0].resources[0].details.aws_ec2_network_interface.public_ip #=> String
3805
4577
  # resp.findings[0].resources[0].details.aws_ec2_security_group.group_name #=> String
3806
4578
  # resp.findings[0].resources[0].details.aws_ec2_security_group.group_id #=> String
3807
4579
  # resp.findings[0].resources[0].details.aws_ec2_security_group.owner_id #=> String
@@ -3930,6 +4702,15 @@ module Aws::SecurityHub
3930
4702
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_id #=> String
3931
4703
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_type #=> String
3932
4704
  # resp.findings[0].resources[0].details.aws_iam_access_key.principal_name #=> String
4705
+ # resp.findings[0].resources[0].details.aws_iam_access_key.account_id #=> String
4706
+ # resp.findings[0].resources[0].details.aws_iam_access_key.access_key_id #=> String
4707
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.mfa_authenticated #=> Boolean
4708
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.attributes.creation_date #=> String
4709
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.type #=> String
4710
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.principal_id #=> String
4711
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.arn #=> String
4712
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.account_id #=> String
4713
+ # resp.findings[0].resources[0].details.aws_iam_access_key.session_context.session_issuer.user_name #=> String
3933
4714
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies #=> Array
3934
4715
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_name #=> String
3935
4716
  # resp.findings[0].resources[0].details.aws_iam_user.attached_managed_policies[0].policy_arn #=> String
@@ -3957,6 +4738,47 @@ module Aws::SecurityHub
3957
4738
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].is_default_version #=> Boolean
3958
4739
  # resp.findings[0].resources[0].details.aws_iam_policy.policy_version_list[0].create_date #=> String
3959
4740
  # resp.findings[0].resources[0].details.aws_iam_policy.update_date #=> String
4741
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.created_date #=> String
4742
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.description #=> String
4743
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.detailed_metrics_enabled #=> Boolean
4744
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.logging_level #=> String
4745
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.data_trace_enabled #=> Boolean
4746
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_burst_limit #=> Integer
4747
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.default_route_settings.throttling_rate_limit #=> Float
4748
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.deployment_id #=> String
4749
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_updated_date #=> String
4750
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.detailed_metrics_enabled #=> Boolean
4751
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.logging_level #=> String
4752
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.data_trace_enabled #=> Boolean
4753
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_burst_limit #=> Integer
4754
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.route_settings.throttling_rate_limit #=> Float
4755
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_name #=> String
4756
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables #=> Hash
4757
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.stage_variables["NonEmptyString"] #=> String
4758
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.format #=> String
4759
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.access_log_settings.destination_arn #=> String
4760
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.auto_deploy #=> Boolean
4761
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.last_deployment_status_message #=> String
4762
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_stage.api_gateway_managed #=> Boolean
4763
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_endpoint #=> String
4764
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_id #=> String
4765
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.api_key_selection_expression #=> String
4766
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.created_date #=> String
4767
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.description #=> String
4768
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.version #=> String
4769
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.name #=> String
4770
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.protocol_type #=> String
4771
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.route_selection_expression #=> String
4772
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins #=> Array
4773
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_origins[0] #=> String
4774
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_credentials #=> Boolean
4775
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers #=> Array
4776
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.expose_headers[0] #=> String
4777
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.max_age #=> Integer
4778
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods #=> Array
4779
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_methods[0] #=> String
4780
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers #=> Array
4781
+ # resp.findings[0].resources[0].details.aws_api_gateway_v2_api.cors_configuration.allow_headers[0] #=> String
3960
4782
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions #=> Array
3961
4783
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_name #=> String
3962
4784
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.attribute_definitions[0].attribute_type #=> String
@@ -4025,10 +4847,301 @@ module Aws::SecurityHub
4025
4847
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_name #=> String
4026
4848
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_size_bytes #=> Integer
4027
4849
  # resp.findings[0].resources[0].details.aws_dynamo_db_table.table_status #=> String
4850
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.deployment_id #=> String
4851
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.client_certificate_id #=> String
4852
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.stage_name #=> String
4853
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.description #=> String
4854
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_enabled #=> Boolean
4855
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_size #=> String
4856
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.cache_cluster_status #=> String
4857
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings #=> Array
4858
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].metrics_enabled #=> Boolean
4859
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].logging_level #=> String
4860
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].data_trace_enabled #=> Boolean
4861
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_burst_limit #=> Integer
4862
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].throttling_rate_limit #=> Float
4863
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].caching_enabled #=> Boolean
4864
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_ttl_in_seconds #=> Integer
4865
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].cache_data_encrypted #=> Boolean
4866
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].require_authorization_for_cache_control #=> Boolean
4867
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].unauthorized_cache_control_header_strategy #=> String
4868
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].http_method #=> String
4869
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.method_settings[0].resource_path #=> String
4870
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables #=> Hash
4871
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.variables["NonEmptyString"] #=> String
4872
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.documentation_version #=> String
4873
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.format #=> String
4874
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.access_log_settings.destination_arn #=> String
4875
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.percent_traffic #=> Float
4876
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.deployment_id #=> String
4877
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides #=> Hash
4878
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.stage_variable_overrides["NonEmptyString"] #=> String
4879
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.canary_settings.use_stage_cache #=> Boolean
4880
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.tracing_enabled #=> Boolean
4881
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.created_date #=> String
4882
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.last_updated_date #=> String
4883
+ # resp.findings[0].resources[0].details.aws_api_gateway_stage.web_acl_arn #=> String
4884
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.id #=> String
4885
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.name #=> String
4886
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.description #=> String
4887
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.created_date #=> String
4888
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.version #=> String
4889
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types #=> Array
4890
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.binary_media_types[0] #=> String
4891
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.minimum_compression_size #=> Integer
4892
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.api_key_source #=> String
4893
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types #=> Array
4894
+ # resp.findings[0].resources[0].details.aws_api_gateway_rest_api.endpoint_configuration.types[0] #=> String
4895
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_log_group_arn #=> String
4896
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.cloud_watch_logs_role_arn #=> String
4897
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.has_custom_event_selectors #=> Boolean
4898
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.home_region #=> String
4899
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.include_global_service_events #=> Boolean
4900
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_multi_region_trail #=> Boolean
4901
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.is_organization_trail #=> Boolean
4902
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.kms_key_id #=> String
4903
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.log_file_validation_enabled #=> Boolean
4904
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.name #=> String
4905
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_bucket_name #=> String
4906
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.s3_key_prefix #=> String
4907
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_arn #=> String
4908
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.sns_topic_name #=> String
4909
+ # resp.findings[0].resources[0].details.aws_cloud_trail_trail.trail_arn #=> String
4910
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.status #=> String
4911
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliant_critical_count #=> Integer
4912
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliant_high_count #=> Integer
4913
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliant_medium_count #=> Integer
4914
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.execution_type #=> String
4915
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.non_compliant_critical_count #=> Integer
4916
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliant_informational_count #=> Integer
4917
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.non_compliant_informational_count #=> Integer
4918
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliant_unspecified_count #=> Integer
4919
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.non_compliant_low_count #=> Integer
4920
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.non_compliant_high_count #=> Integer
4921
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliant_low_count #=> Integer
4922
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.compliance_type #=> String
4923
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.patch_baseline_id #=> String
4924
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.overall_severity #=> String
4925
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.non_compliant_medium_count #=> Integer
4926
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.non_compliant_unspecified_count #=> Integer
4927
+ # resp.findings[0].resources[0].details.aws_ssm_patch_compliance.patch.compliance_summary.patch_group #=> String
4928
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.certificate_authority_arn #=> String
4929
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.created_at #=> String
4930
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_name #=> String
4931
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options #=> Array
4932
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].domain_name #=> String
4933
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.name #=> String
4934
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.type #=> String
4935
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].resource_record.value #=> String
4936
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_domain #=> String
4937
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails #=> Array
4938
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_emails[0] #=> String
4939
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_method #=> String
4940
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.domain_validation_options[0].validation_status #=> String
4941
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages #=> Array
4942
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].name #=> String
4943
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.extended_key_usages[0].o_id #=> String
4944
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.failure_reason #=> String
4945
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.imported_at #=> String
4946
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by #=> Array
4947
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.in_use_by[0] #=> String
4948
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issued_at #=> String
4949
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.issuer #=> String
4950
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_algorithm #=> String
4951
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages #=> Array
4952
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.key_usages[0].name #=> String
4953
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_after #=> String
4954
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.not_before #=> String
4955
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.options.certificate_transparency_logging_preference #=> String
4956
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_eligibility #=> String
4957
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options #=> Array
4958
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].domain_name #=> String
4959
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.name #=> String
4960
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.type #=> String
4961
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].resource_record.value #=> String
4962
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_domain #=> String
4963
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails #=> Array
4964
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_emails[0] #=> String
4965
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_method #=> String
4966
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.domain_validation_options[0].validation_status #=> String
4967
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status #=> String
4968
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.renewal_status_reason #=> String
4969
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.renewal_summary.updated_at #=> String
4970
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.serial #=> String
4971
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.signature_algorithm #=> String
4972
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.status #=> String
4973
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject #=> String
4974
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names #=> Array
4975
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.subject_alternative_names[0] #=> String
4976
+ # resp.findings[0].resources[0].details.aws_certificate_manager_certificate.type #=> String
4977
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.allow_version_upgrade #=> Boolean
4978
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.automated_snapshot_retention_period #=> Integer
4979
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.availability_zone #=> String
4980
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_availability_status #=> String
4981
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_create_time #=> String
4982
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_identifier #=> String
4983
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes #=> Array
4984
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].node_role #=> String
4985
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].private_ip_address #=> String
4986
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_nodes[0].public_ip_address #=> String
4987
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups #=> Array
4988
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list #=> Array
4989
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_name #=> String
4990
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_status #=> String
4991
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].cluster_parameter_status_list[0].parameter_apply_error_description #=> String
4992
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_apply_status #=> String
4993
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_parameter_groups[0].parameter_group_name #=> String
4994
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_public_key #=> String
4995
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_revision_number #=> String
4996
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups #=> Array
4997
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].cluster_security_group_name #=> String
4998
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_security_groups[0].status #=> String
4999
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.destination_region #=> String
5000
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.manual_snapshot_retention_period #=> Integer
5001
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.retention_period #=> Integer
5002
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_snapshot_copy_status.snapshot_copy_grant_name #=> String
5003
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_status #=> String
5004
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_subnet_group_name #=> String
5005
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.cluster_version #=> String
5006
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.db_name #=> String
5007
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows #=> Array
5008
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_end_time #=> String
5009
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_identifier #=> String
5010
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.deferred_maintenance_windows[0].defer_maintenance_start_time #=> String
5011
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.elastic_ip #=> String
5012
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_ip_status.status #=> String
5013
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.elastic_resize_number_of_node_options #=> String
5014
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.encrypted #=> Boolean
5015
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.address #=> String
5016
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.endpoint.port #=> Integer
5017
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.enhanced_vpc_routing #=> Boolean
5018
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time #=> String
5019
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.expected_next_snapshot_schedule_time_status #=> String
5020
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_client_certificate_identifier #=> String
5021
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.hsm_configuration_identifier #=> String
5022
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.hsm_status.status #=> String
5023
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles #=> Array
5024
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].apply_status #=> String
5025
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.iam_roles[0].iam_role_arn #=> String
5026
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.kms_key_id #=> String
5027
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.maintenance_track_name #=> String
5028
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.manual_snapshot_retention_period #=> Integer
5029
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.master_username #=> String
5030
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.next_maintenance_window_start_time #=> String
5031
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.node_type #=> String
5032
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.number_of_nodes #=> Integer
5033
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions #=> Array
5034
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_actions[0] #=> String
5035
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.automated_snapshot_retention_period #=> Integer
5036
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_identifier #=> String
5037
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_type #=> String
5038
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.cluster_version #=> String
5039
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.encryption_type #=> String
5040
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.enhanced_vpc_routing #=> Boolean
5041
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.maintenance_track_name #=> String
5042
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.master_user_password #=> String
5043
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.node_type #=> String
5044
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.number_of_nodes #=> Integer
5045
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.pending_modified_values.publicly_accessible #=> Boolean
5046
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.preferred_maintenance_window #=> String
5047
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.publicly_accessible #=> Boolean
5048
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.allow_cancel_resize #=> Boolean
5049
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.resize_info.resize_type #=> String
5050
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.current_restore_rate_in_mega_bytes_per_second #=> Float
5051
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.elapsed_time_in_seconds #=> Integer
5052
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.estimated_time_to_completion_in_seconds #=> Integer
5053
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.progress_in_mega_bytes #=> Integer
5054
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.snapshot_size_in_mega_bytes #=> Integer
5055
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.restore_status.status #=> String
5056
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_identifier #=> String
5057
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.snapshot_schedule_state #=> String
5058
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_id #=> String
5059
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups #=> Array
5060
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].status #=> String
5061
+ # resp.findings[0].resources[0].details.aws_redshift_cluster.vpc_security_groups[0].vpc_security_group_id #=> String
5062
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones #=> Array
5063
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.availability_zones[0] #=> String
5064
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions #=> Array
5065
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].instance_port #=> Integer
5066
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names #=> Array
5067
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.backend_server_descriptions[0].policy_names[0] #=> String
5068
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name #=> String
5069
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.canonical_hosted_zone_name_id #=> String
5070
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.created_time #=> String
5071
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.dns_name #=> String
5072
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.healthy_threshold #=> Integer
5073
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.interval #=> Integer
5074
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.target #=> String
5075
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.timeout #=> Integer
5076
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.health_check.unhealthy_threshold #=> Integer
5077
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances #=> Array
5078
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.instances[0].instance_id #=> String
5079
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions #=> Array
5080
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_port #=> Integer
5081
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.instance_protocol #=> String
5082
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.load_balancer_port #=> Integer
5083
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.protocol #=> String
5084
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].listener.ssl_certificate_id #=> String
5085
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names #=> Array
5086
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.listener_descriptions[0].policy_names[0] #=> String
5087
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.emit_interval #=> Integer
5088
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.enabled #=> Boolean
5089
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_name #=> String
5090
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.access_log.s3_bucket_prefix #=> String
5091
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.enabled #=> Boolean
5092
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_draining.timeout #=> Integer
5093
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.connection_settings.idle_timeout #=> Integer
5094
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_attributes.cross_zone_load_balancing.enabled #=> Boolean
5095
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.load_balancer_name #=> String
5096
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies #=> Array
5097
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].cookie_name #=> String
5098
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.app_cookie_stickiness_policies[0].policy_name #=> String
5099
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies #=> Array
5100
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].cookie_expiration_period #=> Integer
5101
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.lb_cookie_stickiness_policies[0].policy_name #=> String
5102
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies #=> Array
5103
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.policies.other_policies[0] #=> String
5104
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.scheme #=> String
5105
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups #=> Array
5106
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.security_groups[0] #=> String
5107
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.group_name #=> String
5108
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.source_security_group.owner_alias #=> String
5109
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets #=> Array
5110
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.subnets[0] #=> String
5111
+ # resp.findings[0].resources[0].details.aws_elb_load_balancer.vpc_id #=> String
5112
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies #=> Array
5113
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_name #=> String
5114
+ # resp.findings[0].resources[0].details.aws_iam_group.attached_managed_policies[0].policy_arn #=> String
5115
+ # resp.findings[0].resources[0].details.aws_iam_group.create_date #=> String
5116
+ # resp.findings[0].resources[0].details.aws_iam_group.group_id #=> String
5117
+ # resp.findings[0].resources[0].details.aws_iam_group.group_name #=> String
5118
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list #=> Array
5119
+ # resp.findings[0].resources[0].details.aws_iam_group.group_policy_list[0].policy_name #=> String
5120
+ # resp.findings[0].resources[0].details.aws_iam_group.path #=> String
4028
5121
  # resp.findings[0].resources[0].details.aws_iam_role.assume_role_policy_document #=> String
5122
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies #=> Array
5123
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_name #=> String
5124
+ # resp.findings[0].resources[0].details.aws_iam_role.attached_managed_policies[0].policy_arn #=> String
4029
5125
  # resp.findings[0].resources[0].details.aws_iam_role.create_date #=> String
5126
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list #=> Array
5127
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].arn #=> String
5128
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].create_date #=> String
5129
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_id #=> String
5130
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].instance_profile_name #=> String
5131
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].path #=> String
5132
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles #=> Array
5133
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].arn #=> String
5134
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].assume_role_policy_document #=> String
5135
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].create_date #=> String
5136
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].path #=> String
5137
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_id #=> String
5138
+ # resp.findings[0].resources[0].details.aws_iam_role.instance_profile_list[0].roles[0].role_name #=> String
5139
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_arn #=> String
5140
+ # resp.findings[0].resources[0].details.aws_iam_role.permissions_boundary.permissions_boundary_type #=> String
4030
5141
  # resp.findings[0].resources[0].details.aws_iam_role.role_id #=> String
4031
5142
  # resp.findings[0].resources[0].details.aws_iam_role.role_name #=> String
5143
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list #=> Array
5144
+ # resp.findings[0].resources[0].details.aws_iam_role.role_policy_list[0].policy_name #=> String
4032
5145
  # resp.findings[0].resources[0].details.aws_iam_role.max_session_duration #=> Integer
4033
5146
  # resp.findings[0].resources[0].details.aws_iam_role.path #=> String
4034
5147
  # resp.findings[0].resources[0].details.aws_kms_key.aws_account_id #=> String
@@ -4361,6 +5474,60 @@ module Aws::SecurityHub
4361
5474
  # resp.findings[0].patch_summary.operation_end_time #=> String
4362
5475
  # resp.findings[0].patch_summary.reboot_option #=> String
4363
5476
  # resp.findings[0].patch_summary.operation #=> String
5477
+ # resp.findings[0].action.action_type #=> String
5478
+ # resp.findings[0].action.network_connection_action.connection_direction #=> String
5479
+ # resp.findings[0].action.network_connection_action.remote_ip_details.ip_address_v4 #=> String
5480
+ # resp.findings[0].action.network_connection_action.remote_ip_details.organization.asn #=> Integer
5481
+ # resp.findings[0].action.network_connection_action.remote_ip_details.organization.asn_org #=> String
5482
+ # resp.findings[0].action.network_connection_action.remote_ip_details.organization.isp #=> String
5483
+ # resp.findings[0].action.network_connection_action.remote_ip_details.organization.org #=> String
5484
+ # resp.findings[0].action.network_connection_action.remote_ip_details.country.country_code #=> String
5485
+ # resp.findings[0].action.network_connection_action.remote_ip_details.country.country_name #=> String
5486
+ # resp.findings[0].action.network_connection_action.remote_ip_details.city.city_name #=> String
5487
+ # resp.findings[0].action.network_connection_action.remote_ip_details.geo_location.lon #=> Float
5488
+ # resp.findings[0].action.network_connection_action.remote_ip_details.geo_location.lat #=> Float
5489
+ # resp.findings[0].action.network_connection_action.remote_port_details.port #=> Integer
5490
+ # resp.findings[0].action.network_connection_action.remote_port_details.port_name #=> String
5491
+ # resp.findings[0].action.network_connection_action.local_port_details.port #=> Integer
5492
+ # resp.findings[0].action.network_connection_action.local_port_details.port_name #=> String
5493
+ # resp.findings[0].action.network_connection_action.protocol #=> String
5494
+ # resp.findings[0].action.network_connection_action.blocked #=> Boolean
5495
+ # resp.findings[0].action.aws_api_call_action.api #=> String
5496
+ # resp.findings[0].action.aws_api_call_action.service_name #=> String
5497
+ # resp.findings[0].action.aws_api_call_action.caller_type #=> String
5498
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.ip_address_v4 #=> String
5499
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.organization.asn #=> Integer
5500
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.organization.asn_org #=> String
5501
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.organization.isp #=> String
5502
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.organization.org #=> String
5503
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.country.country_code #=> String
5504
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.country.country_name #=> String
5505
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.city.city_name #=> String
5506
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.geo_location.lon #=> Float
5507
+ # resp.findings[0].action.aws_api_call_action.remote_ip_details.geo_location.lat #=> Float
5508
+ # resp.findings[0].action.aws_api_call_action.domain_details.domain #=> String
5509
+ # resp.findings[0].action.aws_api_call_action.affected_resources #=> Hash
5510
+ # resp.findings[0].action.aws_api_call_action.affected_resources["NonEmptyString"] #=> String
5511
+ # resp.findings[0].action.aws_api_call_action.first_seen #=> String
5512
+ # resp.findings[0].action.aws_api_call_action.last_seen #=> String
5513
+ # resp.findings[0].action.dns_request_action.domain #=> String
5514
+ # resp.findings[0].action.dns_request_action.protocol #=> String
5515
+ # resp.findings[0].action.dns_request_action.blocked #=> Boolean
5516
+ # resp.findings[0].action.port_probe_action.port_probe_details #=> Array
5517
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].local_port_details.port #=> Integer
5518
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].local_port_details.port_name #=> String
5519
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].local_ip_details.ip_address_v4 #=> String
5520
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.ip_address_v4 #=> String
5521
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn #=> Integer
5522
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn_org #=> String
5523
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.organization.isp #=> String
5524
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.organization.org #=> String
5525
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_code #=> String
5526
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_name #=> String
5527
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.city.city_name #=> String
5528
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lon #=> Float
5529
+ # resp.findings[0].action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lat #=> Float
5530
+ # resp.findings[0].action.port_probe_action.blocked #=> Boolean
4364
5531
  # resp.next_token #=> String
4365
5532
  #
4366
5533
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindings AWS API Documentation
@@ -4758,6 +5925,9 @@ module Aws::SecurityHub
4758
5925
  # Provides the details for the Security Hub master account for the
4759
5926
  # current member account.
4760
5927
  #
5928
+ # Can be used by both member accounts that are in an organization and
5929
+ # accounts that were invited manually.
5930
+ #
4761
5931
  # @return [Types::GetMasterAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4762
5932
  #
4763
5933
  # * {Types::GetMasterAccountResponse#master #master} => Types::Invitation
@@ -4781,6 +5951,13 @@ module Aws::SecurityHub
4781
5951
  # Returns the details for the Security Hub member accounts for the
4782
5952
  # specified account IDs.
4783
5953
  #
5954
+ # A master account can be either a delegated Security Hub administrator
5955
+ # account for an organization or a master account that enabled Security
5956
+ # Hub manually.
5957
+ #
5958
+ # The results include both member accounts that are in an organization
5959
+ # and accounts that were invited manually.
5960
+ #
4784
5961
  # @option params [required, Array<String>] :account_ids
4785
5962
  # The list of account IDs for the Security Hub member accounts to return
4786
5963
  # the details for.
@@ -4821,15 +5998,18 @@ module Aws::SecurityHub
4821
5998
  # Invites other AWS accounts to become member accounts for the Security
4822
5999
  # Hub master account that the invitation is sent from.
4823
6000
  #
6001
+ # This operation is only used to invite accounts that do not belong to
6002
+ # an organization. Organization accounts do not receive invitations.
6003
+ #
4824
6004
  # Before you can use this action to invite a member, you must first use
4825
6005
  # the ` CreateMembers ` action to create the member account in Security
4826
6006
  # Hub.
4827
6007
  #
4828
- # When the account owner accepts the invitation to become a member
4829
- # account and enables Security Hub, the master account can view the
4830
- # findings generated from the member account.
6008
+ # When the account owner enables Security Hub and accepts the invitation
6009
+ # to become a member account, the master account can view the findings
6010
+ # generated from the member account.
4831
6011
  #
4832
- # @option params [Array<String>] :account_ids
6012
+ # @option params [required, Array<String>] :account_ids
4833
6013
  # The list of account IDs of the AWS accounts to invite to Security Hub
4834
6014
  # as members.
4835
6015
  #
@@ -4840,7 +6020,7 @@ module Aws::SecurityHub
4840
6020
  # @example Request syntax with placeholder values
4841
6021
  #
4842
6022
  # resp = client.invite_members({
4843
- # account_ids: ["NonEmptyString"],
6023
+ # account_ids: ["NonEmptyString"], # required
4844
6024
  # })
4845
6025
  #
4846
6026
  # @example Response structure
@@ -4905,6 +6085,9 @@ module Aws::SecurityHub
4905
6085
  # Lists all Security Hub membership invitations that were sent to the
4906
6086
  # current AWS account.
4907
6087
  #
6088
+ # This operation is only used by accounts that do not belong to an
6089
+ # organization. Organization accounts do not receive invitations.
6090
+ #
4908
6091
  # @option params [Integer] :max_results
4909
6092
  # The maximum number of items to return in the response.
4910
6093
  #
@@ -4952,14 +6135,17 @@ module Aws::SecurityHub
4952
6135
  # Lists details about all member accounts for the current Security Hub
4953
6136
  # master account.
4954
6137
  #
6138
+ # The results include both member accounts that belong to an
6139
+ # organization and member accounts that were invited manually.
6140
+ #
4955
6141
  # @option params [Boolean] :only_associated
4956
6142
  # Specifies which member accounts to include in the response based on
4957
6143
  # their relationship status with the master account. The default value
4958
6144
  # is `TRUE`.
4959
6145
  #
4960
6146
  # If `OnlyAssociated` is set to `TRUE`, the response includes member
4961
- # accounts whose relationship status with the master is set to `ENABLED`
4962
- # or `DISABLED`.
6147
+ # accounts whose relationship status with the master is set to
6148
+ # `ENABLED`.
4963
6149
  #
4964
6150
  # If `OnlyAssociated` is set to `FALSE`, the response includes all
4965
6151
  # existing member accounts.
@@ -5010,6 +6196,49 @@ module Aws::SecurityHub
5010
6196
  req.send_request(options)
5011
6197
  end
5012
6198
 
6199
+ # Lists the Security Hub administrator accounts. Can only be called by
6200
+ # the organization management account.
6201
+ #
6202
+ # @option params [Integer] :max_results
6203
+ # The maximum number of items to return in the response.
6204
+ #
6205
+ # @option params [String] :next_token
6206
+ # The token that is required for pagination. On your first call to the
6207
+ # `ListOrganizationAdminAccounts` operation, set the value of this
6208
+ # parameter to `NULL`. For subsequent calls to the operation, to
6209
+ # continue listing data, set the value of this parameter to the value
6210
+ # returned from the previous response.
6211
+ #
6212
+ # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6213
+ #
6214
+ # * {Types::ListOrganizationAdminAccountsResponse#admin_accounts #admin_accounts} => Array&lt;Types::AdminAccount&gt;
6215
+ # * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
6216
+ #
6217
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
6218
+ #
6219
+ # @example Request syntax with placeholder values
6220
+ #
6221
+ # resp = client.list_organization_admin_accounts({
6222
+ # max_results: 1,
6223
+ # next_token: "NextToken",
6224
+ # })
6225
+ #
6226
+ # @example Response structure
6227
+ #
6228
+ # resp.admin_accounts #=> Array
6229
+ # resp.admin_accounts[0].account_id #=> String
6230
+ # resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
6231
+ # resp.next_token #=> String
6232
+ #
6233
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
6234
+ #
6235
+ # @overload list_organization_admin_accounts(params = {})
6236
+ # @param [Hash] params ({})
6237
+ def list_organization_admin_accounts(params = {}, options = {})
6238
+ req = build_request(:list_organization_admin_accounts, params)
6239
+ req.send_request(options)
6240
+ end
6241
+
5013
6242
  # Returns a list of tags associated with a resource.
5014
6243
  #
5015
6244
  # @option params [required, String] :resource_arn
@@ -6306,6 +7535,36 @@ module Aws::SecurityHub
6306
7535
  req.send_request(options)
6307
7536
  end
6308
7537
 
7538
+ # Used to update the configuration related to Organizations. Can only be
7539
+ # called from a Security Hub administrator account.
7540
+ #
7541
+ # @option params [required, Boolean] :auto_enable
7542
+ # Whether to automatically enable Security Hub for new accounts in the
7543
+ # organization.
7544
+ #
7545
+ # By default, this is `false`, and new accounts are not added
7546
+ # automatically.
7547
+ #
7548
+ # To automatically enable Security Hub for new accounts, set this to
7549
+ # `true`.
7550
+ #
7551
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
7552
+ #
7553
+ # @example Request syntax with placeholder values
7554
+ #
7555
+ # resp = client.update_organization_configuration({
7556
+ # auto_enable: false, # required
7557
+ # })
7558
+ #
7559
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
7560
+ #
7561
+ # @overload update_organization_configuration(params = {})
7562
+ # @param [Hash] params ({})
7563
+ def update_organization_configuration(params = {}, options = {})
7564
+ req = build_request(:update_organization_configuration, params)
7565
+ req.send_request(options)
7566
+ end
7567
+
6309
7568
  # Updates configuration options for Security Hub.
6310
7569
  #
6311
7570
  # @option params [Boolean] :auto_enable_controls
@@ -6378,7 +7637,7 @@ module Aws::SecurityHub
6378
7637
  params: params,
6379
7638
  config: config)
6380
7639
  context[:gem_name] = 'aws-sdk-securityhub'
6381
- context[:gem_version] = '1.34.0'
7640
+ context[:gem_version] = '1.39.0'
6382
7641
  Seahorse::Client::Request.new(handlers, context)
6383
7642
  end
6384
7643