aws-sdk-securityhub 1.51.0 → 1.52.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-securityhub/client.rb +260 -1
  5. data/lib/aws-sdk-securityhub/client_api.rb +209 -0
  6. data/lib/aws-sdk-securityhub/types.rb +1938 -47
  7. data/lib/aws-sdk-securityhub.rb +1 -1
  8. metadata +2 -2
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -448,6 +448,33 @@ module Aws::SecurityHub
448
448
  include Aws::Structure
449
449
  end
450
450
 
451
+ # An adjustment to the CVSS metric.
452
+ #
453
+ # @note When making an API call, you may pass Adjustment
454
+ # data as a hash:
455
+ #
456
+ # {
457
+ # metric: "NonEmptyString",
458
+ # reason: "NonEmptyString",
459
+ # }
460
+ #
461
+ # @!attribute [rw] metric
462
+ # The metric to adjust.
463
+ # @return [String]
464
+ #
465
+ # @!attribute [rw] reason
466
+ # The reason for the adjustment.
467
+ # @return [String]
468
+ #
469
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Adjustment AWS API Documentation
470
+ #
471
+ class Adjustment < Struct.new(
472
+ :metric,
473
+ :reason)
474
+ SENSITIVE = []
475
+ include Aws::Structure
476
+ end
477
+
451
478
  # Represents a Security Hub administrator account designated by an
452
479
  # organization management account.
453
480
  #
@@ -1442,6 +1469,312 @@ module Aws::SecurityHub
1442
1469
  include Aws::Structure
1443
1470
  end
1444
1471
 
1472
+ # A block device for the instance.
1473
+ #
1474
+ # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
1475
+ # data as a hash:
1476
+ #
1477
+ # {
1478
+ # device_name: "NonEmptyString",
1479
+ # ebs: {
1480
+ # delete_on_termination: false,
1481
+ # encrypted: false,
1482
+ # iops: 1,
1483
+ # snapshot_id: "NonEmptyString",
1484
+ # volume_size: 1,
1485
+ # volume_type: "NonEmptyString",
1486
+ # },
1487
+ # no_device: false,
1488
+ # virtual_name: "NonEmptyString",
1489
+ # }
1490
+ #
1491
+ # @!attribute [rw] device_name
1492
+ # The device name that is exposed to the EC2 instance. For example,
1493
+ # `/dev/sdh` or `xvdh`.
1494
+ # @return [String]
1495
+ #
1496
+ # @!attribute [rw] ebs
1497
+ # Parameters that are used to automatically set up Amazon EBS volumes
1498
+ # when an instance is launched.
1499
+ # @return [Types::AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails]
1500
+ #
1501
+ # @!attribute [rw] no_device
1502
+ # Whether to suppress the device that is included in the block device
1503
+ # mapping of the Amazon Machine Image (AMI).
1504
+ #
1505
+ # If `NoDevice` is `true`, then you cannot specify `Ebs`.&gt;
1506
+ # @return [Boolean]
1507
+ #
1508
+ # @!attribute [rw] virtual_name
1509
+ # The name of the virtual device (for example, `ephemeral0`).
1510
+ #
1511
+ # You can provide either `VirtualName` or `Ebs`, but not both.
1512
+ # @return [String]
1513
+ #
1514
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails AWS API Documentation
1515
+ #
1516
+ class AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails < Struct.new(
1517
+ :device_name,
1518
+ :ebs,
1519
+ :no_device,
1520
+ :virtual_name)
1521
+ SENSITIVE = []
1522
+ include Aws::Structure
1523
+ end
1524
+
1525
+ # Parameters that are used to automatically set up EBS volumes when an
1526
+ # instance is launched.
1527
+ #
1528
+ # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
1529
+ # data as a hash:
1530
+ #
1531
+ # {
1532
+ # delete_on_termination: false,
1533
+ # encrypted: false,
1534
+ # iops: 1,
1535
+ # snapshot_id: "NonEmptyString",
1536
+ # volume_size: 1,
1537
+ # volume_type: "NonEmptyString",
1538
+ # }
1539
+ #
1540
+ # @!attribute [rw] delete_on_termination
1541
+ # Whether to delete the volume when the instance is terminated.
1542
+ # @return [Boolean]
1543
+ #
1544
+ # @!attribute [rw] encrypted
1545
+ # Whether to encrypt the volume.
1546
+ # @return [Boolean]
1547
+ #
1548
+ # @!attribute [rw] iops
1549
+ # The number of input/output (I/O) operations per second (IOPS) to
1550
+ # provision for the volume.
1551
+ #
1552
+ # Only supported for `gp3` or `io1` volumes. Required for `io1`
1553
+ # volumes. Not used with `standard`, `gp2`, `st1`, or `sc1` volumes.
1554
+ # @return [Integer]
1555
+ #
1556
+ # @!attribute [rw] snapshot_id
1557
+ # The snapshot ID of the volume to use.
1558
+ #
1559
+ # You must specify either `VolumeSize` or `SnapshotId`.
1560
+ # @return [String]
1561
+ #
1562
+ # @!attribute [rw] volume_size
1563
+ # The volume size, in GiBs. The following are the supported volumes
1564
+ # sizes for each volume type:
1565
+ #
1566
+ # * gp2 and gp3: 1-16,384
1567
+ #
1568
+ # * io1: 4-16,384
1569
+ #
1570
+ # * st1 and sc1: 125-16,384
1571
+ #
1572
+ # * standard: 1-1,024
1573
+ #
1574
+ # You must specify either `SnapshotId` or `VolumeSize`. If you specify
1575
+ # both `SnapshotId` and `VolumeSize`, the volume size must be equal or
1576
+ # greater than the size of the snapshot.
1577
+ # @return [Integer]
1578
+ #
1579
+ # @!attribute [rw] volume_type
1580
+ # The volume type.
1581
+ # @return [String]
1582
+ #
1583
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails AWS API Documentation
1584
+ #
1585
+ class AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails < Struct.new(
1586
+ :delete_on_termination,
1587
+ :encrypted,
1588
+ :iops,
1589
+ :snapshot_id,
1590
+ :volume_size,
1591
+ :volume_type)
1592
+ SENSITIVE = []
1593
+ include Aws::Structure
1594
+ end
1595
+
1596
+ # Details about a launch configuration.
1597
+ #
1598
+ # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationDetails
1599
+ # data as a hash:
1600
+ #
1601
+ # {
1602
+ # associate_public_ip_address: false,
1603
+ # block_device_mappings: [
1604
+ # {
1605
+ # device_name: "NonEmptyString",
1606
+ # ebs: {
1607
+ # delete_on_termination: false,
1608
+ # encrypted: false,
1609
+ # iops: 1,
1610
+ # snapshot_id: "NonEmptyString",
1611
+ # volume_size: 1,
1612
+ # volume_type: "NonEmptyString",
1613
+ # },
1614
+ # no_device: false,
1615
+ # virtual_name: "NonEmptyString",
1616
+ # },
1617
+ # ],
1618
+ # classic_link_vpc_id: "NonEmptyString",
1619
+ # classic_link_vpc_security_groups: ["NonEmptyString"],
1620
+ # created_time: "NonEmptyString",
1621
+ # ebs_optimized: false,
1622
+ # iam_instance_profile: "NonEmptyString",
1623
+ # image_id: "NonEmptyString",
1624
+ # instance_monitoring: {
1625
+ # enabled: false,
1626
+ # },
1627
+ # instance_type: "NonEmptyString",
1628
+ # kernel_id: "NonEmptyString",
1629
+ # key_name: "NonEmptyString",
1630
+ # launch_configuration_name: "NonEmptyString",
1631
+ # placement_tenancy: "NonEmptyString",
1632
+ # ramdisk_id: "NonEmptyString",
1633
+ # security_groups: ["NonEmptyString"],
1634
+ # spot_price: "NonEmptyString",
1635
+ # user_data: "NonEmptyString",
1636
+ # }
1637
+ #
1638
+ # @!attribute [rw] associate_public_ip_address
1639
+ # For Auto Scaling groups that run in a VPC, specifies whether to
1640
+ # assign a public IP address to the group's instances.
1641
+ # @return [Boolean]
1642
+ #
1643
+ # @!attribute [rw] block_device_mappings
1644
+ # Specifies the block devices for the instance.
1645
+ # @return [Array<Types::AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails>]
1646
+ #
1647
+ # @!attribute [rw] classic_link_vpc_id
1648
+ # The identifier of a ClassicLink-enabled VPC that EC2-Classic
1649
+ # instances are linked to.
1650
+ # @return [String]
1651
+ #
1652
+ # @!attribute [rw] classic_link_vpc_security_groups
1653
+ # The identifiers of one or more security groups for the VPC that is
1654
+ # specified in `ClassicLinkVPCId`.
1655
+ # @return [Array<String>]
1656
+ #
1657
+ # @!attribute [rw] created_time
1658
+ # The creation date and time for the launch configuration.
1659
+ #
1660
+ # Uses the `date-time` format specified in [RFC 3339 section 5.6,
1661
+ # Internet Date/Time Format][1]. The value cannot contain spaces. For
1662
+ # example, `2020-03-22T13:22:13.933Z`.
1663
+ #
1664
+ #
1665
+ #
1666
+ # [1]: https://tools.ietf.org/html/rfc3339#section-5.6
1667
+ # @return [String]
1668
+ #
1669
+ # @!attribute [rw] ebs_optimized
1670
+ # Whether the launch configuration is optimized for Amazon EBS I/O.
1671
+ # @return [Boolean]
1672
+ #
1673
+ # @!attribute [rw] iam_instance_profile
1674
+ # The name or the ARN of the instance profile associated with the IAM
1675
+ # role for the instance. The instance profile contains the IAM role.
1676
+ # @return [String]
1677
+ #
1678
+ # @!attribute [rw] image_id
1679
+ # The identifier of the Amazon Machine Image (AMI) that is used to
1680
+ # launch EC2 instances.
1681
+ # @return [String]
1682
+ #
1683
+ # @!attribute [rw] instance_monitoring
1684
+ # Indicates the type of monitoring for instances in the group.
1685
+ # @return [Types::AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails]
1686
+ #
1687
+ # @!attribute [rw] instance_type
1688
+ # The instance type for the instances.
1689
+ # @return [String]
1690
+ #
1691
+ # @!attribute [rw] kernel_id
1692
+ # The identifier of the kernel associated with the AMI.
1693
+ # @return [String]
1694
+ #
1695
+ # @!attribute [rw] key_name
1696
+ # The name of the key pair.
1697
+ # @return [String]
1698
+ #
1699
+ # @!attribute [rw] launch_configuration_name
1700
+ # The name of the launch configuration.
1701
+ # @return [String]
1702
+ #
1703
+ # @!attribute [rw] placement_tenancy
1704
+ # The tenancy of the instance. An instance with `dedicated` tenancy
1705
+ # runs on isolated, single-tenant hardware and can only be launched
1706
+ # into a VPC.
1707
+ # @return [String]
1708
+ #
1709
+ # @!attribute [rw] ramdisk_id
1710
+ # The identifier of the RAM disk associated with the AMI.
1711
+ # @return [String]
1712
+ #
1713
+ # @!attribute [rw] security_groups
1714
+ # The security groups to assign to the instances in the Auto Scaling
1715
+ # group.
1716
+ # @return [Array<String>]
1717
+ #
1718
+ # @!attribute [rw] spot_price
1719
+ # The maximum hourly price to be paid for any Spot Instance that is
1720
+ # launched to fulfill the request.
1721
+ # @return [String]
1722
+ #
1723
+ # @!attribute [rw] user_data
1724
+ # The user data to make available to the launched EC2 instances. Must
1725
+ # be base64-encoded text.
1726
+ # @return [String]
1727
+ #
1728
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationDetails AWS API Documentation
1729
+ #
1730
+ class AwsAutoScalingLaunchConfigurationDetails < Struct.new(
1731
+ :associate_public_ip_address,
1732
+ :block_device_mappings,
1733
+ :classic_link_vpc_id,
1734
+ :classic_link_vpc_security_groups,
1735
+ :created_time,
1736
+ :ebs_optimized,
1737
+ :iam_instance_profile,
1738
+ :image_id,
1739
+ :instance_monitoring,
1740
+ :instance_type,
1741
+ :kernel_id,
1742
+ :key_name,
1743
+ :launch_configuration_name,
1744
+ :placement_tenancy,
1745
+ :ramdisk_id,
1746
+ :security_groups,
1747
+ :spot_price,
1748
+ :user_data)
1749
+ SENSITIVE = []
1750
+ include Aws::Structure
1751
+ end
1752
+
1753
+ # Information about the type of monitoring for instances in the group.
1754
+ #
1755
+ # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
1756
+ # data as a hash:
1757
+ #
1758
+ # {
1759
+ # enabled: false,
1760
+ # }
1761
+ #
1762
+ # @!attribute [rw] enabled
1763
+ # If set to `true`, then instances in the group launch with detailed
1764
+ # monitoring.
1765
+ #
1766
+ # If set to `false`, then instances in the group launch with basic
1767
+ # monitoring.
1768
+ # @return [Boolean]
1769
+ #
1770
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails AWS API Documentation
1771
+ #
1772
+ class AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails < Struct.new(
1773
+ :enabled)
1774
+ SENSITIVE = []
1775
+ include Aws::Structure
1776
+ end
1777
+
1445
1778
  # Provides details about an Certificate Manager certificate.
1446
1779
  #
1447
1780
  # @note When making an API call, you may pass AwsCertificateManagerCertificateDetails
@@ -2585,11 +2918,10 @@ module Aws::SecurityHub
2585
2918
  # }
2586
2919
  #
2587
2920
  # @!attribute [rw] encryption_key
2588
- # The KMS customer master key (CMK) used to encrypt the build output
2589
- # artifacts.
2921
+ # The KMS key used to encrypt the build output artifacts.
2590
2922
  #
2591
- # You can specify either the ARN of the CMK or, if available, the CMK
2592
- # alias (using the format alias/alias-name).
2923
+ # You can specify either the ARN of the KMS key or, if available, the
2924
+ # KMS key alias (using the format alias/alias-name).
2593
2925
  # @return [String]
2594
2926
  #
2595
2927
  # @!attribute [rw] environment
@@ -3510,8 +3842,8 @@ module Aws::SecurityHub
3510
3842
  # @return [Array<Types::AwsDynamoDbTableReplicaGlobalSecondaryIndex>]
3511
3843
  #
3512
3844
  # @!attribute [rw] kms_master_key_id
3513
- # The identifier of the KMS customer master key (CMK) that will be
3514
- # used for KMS encryption for the replica.
3845
+ # The identifier of the KMS key that will be used for KMS encryption
3846
+ # for the replica.
3515
3847
  # @return [String]
3516
3848
  #
3517
3849
  # @!attribute [rw] provisioned_throughput_override
@@ -3655,8 +3987,7 @@ module Aws::SecurityHub
3655
3987
  # @return [String]
3656
3988
  #
3657
3989
  # @!attribute [rw] kms_master_key_arn
3658
- # The ARN of the KMS customer master key (CMK) that is used for the
3659
- # KMS encryption.
3990
+ # The ARN of the KMS key that is used for the KMS encryption.
3660
3991
  # @return [String]
3661
3992
  #
3662
3993
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableSseDescription AWS API Documentation
@@ -4840,8 +5171,8 @@ module Aws::SecurityHub
4840
5171
  # @return [String]
4841
5172
  #
4842
5173
  # @!attribute [rw] kms_key_id
4843
- # The ARN of the KMS customer master key (CMK) that was used to
4844
- # protect the volume encryption key for the volume.
5174
+ # The ARN of the KMS key that was used to protect the volume
5175
+ # encryption key for the volume.
4845
5176
  # @return [String]
4846
5177
  #
4847
5178
  # @!attribute [rw] attachments
@@ -4915,6 +5246,447 @@ module Aws::SecurityHub
4915
5246
  include Aws::Structure
4916
5247
  end
4917
5248
 
5249
+ # Details about an Amazon EC2 VPN connection.
5250
+ #
5251
+ # @note When making an API call, you may pass AwsEc2VpnConnectionDetails
5252
+ # data as a hash:
5253
+ #
5254
+ # {
5255
+ # vpn_connection_id: "NonEmptyString",
5256
+ # state: "NonEmptyString",
5257
+ # customer_gateway_id: "NonEmptyString",
5258
+ # customer_gateway_configuration: "NonEmptyString",
5259
+ # type: "NonEmptyString",
5260
+ # vpn_gateway_id: "NonEmptyString",
5261
+ # category: "NonEmptyString",
5262
+ # vgw_telemetry: [
5263
+ # {
5264
+ # accepted_route_count: 1,
5265
+ # certificate_arn: "NonEmptyString",
5266
+ # last_status_change: "NonEmptyString",
5267
+ # outside_ip_address: "NonEmptyString",
5268
+ # status: "NonEmptyString",
5269
+ # status_message: "NonEmptyString",
5270
+ # },
5271
+ # ],
5272
+ # options: {
5273
+ # static_routes_only: false,
5274
+ # tunnel_options: [
5275
+ # {
5276
+ # dpd_timeout_seconds: 1,
5277
+ # ike_versions: ["NonEmptyString"],
5278
+ # outside_ip_address: "NonEmptyString",
5279
+ # phase_1_dh_group_numbers: [1],
5280
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
5281
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
5282
+ # phase_1_lifetime_seconds: 1,
5283
+ # phase_2_dh_group_numbers: [1],
5284
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
5285
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
5286
+ # phase_2_lifetime_seconds: 1,
5287
+ # pre_shared_key: "NonEmptyString",
5288
+ # rekey_fuzz_percentage: 1,
5289
+ # rekey_margin_time_seconds: 1,
5290
+ # replay_window_size: 1,
5291
+ # tunnel_inside_cidr: "NonEmptyString",
5292
+ # },
5293
+ # ],
5294
+ # },
5295
+ # routes: [
5296
+ # {
5297
+ # destination_cidr_block: "NonEmptyString",
5298
+ # state: "NonEmptyString",
5299
+ # },
5300
+ # ],
5301
+ # transit_gateway_id: "NonEmptyString",
5302
+ # }
5303
+ #
5304
+ # @!attribute [rw] vpn_connection_id
5305
+ # The identifier of the VPN connection.
5306
+ # @return [String]
5307
+ #
5308
+ # @!attribute [rw] state
5309
+ # The current state of the VPN connection.
5310
+ # @return [String]
5311
+ #
5312
+ # @!attribute [rw] customer_gateway_id
5313
+ # The identifier of the customer gateway that is at your end of the
5314
+ # VPN connection.
5315
+ # @return [String]
5316
+ #
5317
+ # @!attribute [rw] customer_gateway_configuration
5318
+ # The configuration information for the VPN connection's customer
5319
+ # gateway, in the native XML format.
5320
+ # @return [String]
5321
+ #
5322
+ # @!attribute [rw] type
5323
+ # The type of VPN connection.
5324
+ # @return [String]
5325
+ #
5326
+ # @!attribute [rw] vpn_gateway_id
5327
+ # The identifier of the virtual private gateway that is at the Amazon
5328
+ # Web Services side of the VPN connection.
5329
+ # @return [String]
5330
+ #
5331
+ # @!attribute [rw] category
5332
+ # The category of the VPN connection. `VPN` indicates an Amazon Web
5333
+ # Services VPN connection. `VPN-Classic` indicates an Amazon Web
5334
+ # Services Classic VPN connection.
5335
+ # @return [String]
5336
+ #
5337
+ # @!attribute [rw] vgw_telemetry
5338
+ # Information about the VPN tunnel.
5339
+ # @return [Array<Types::AwsEc2VpnConnectionVgwTelemetryDetails>]
5340
+ #
5341
+ # @!attribute [rw] options
5342
+ # The VPN connection options.
5343
+ # @return [Types::AwsEc2VpnConnectionOptionsDetails]
5344
+ #
5345
+ # @!attribute [rw] routes
5346
+ # The static routes that are associated with the VPN connection.
5347
+ # @return [Array<Types::AwsEc2VpnConnectionRoutesDetails>]
5348
+ #
5349
+ # @!attribute [rw] transit_gateway_id
5350
+ # The identifier of the transit gateway that is associated with the
5351
+ # VPN connection.
5352
+ # @return [String]
5353
+ #
5354
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionDetails AWS API Documentation
5355
+ #
5356
+ class AwsEc2VpnConnectionDetails < Struct.new(
5357
+ :vpn_connection_id,
5358
+ :state,
5359
+ :customer_gateway_id,
5360
+ :customer_gateway_configuration,
5361
+ :type,
5362
+ :vpn_gateway_id,
5363
+ :category,
5364
+ :vgw_telemetry,
5365
+ :options,
5366
+ :routes,
5367
+ :transit_gateway_id)
5368
+ SENSITIVE = []
5369
+ include Aws::Structure
5370
+ end
5371
+
5372
+ # VPN connection options.
5373
+ #
5374
+ # @note When making an API call, you may pass AwsEc2VpnConnectionOptionsDetails
5375
+ # data as a hash:
5376
+ #
5377
+ # {
5378
+ # static_routes_only: false,
5379
+ # tunnel_options: [
5380
+ # {
5381
+ # dpd_timeout_seconds: 1,
5382
+ # ike_versions: ["NonEmptyString"],
5383
+ # outside_ip_address: "NonEmptyString",
5384
+ # phase_1_dh_group_numbers: [1],
5385
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
5386
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
5387
+ # phase_1_lifetime_seconds: 1,
5388
+ # phase_2_dh_group_numbers: [1],
5389
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
5390
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
5391
+ # phase_2_lifetime_seconds: 1,
5392
+ # pre_shared_key: "NonEmptyString",
5393
+ # rekey_fuzz_percentage: 1,
5394
+ # rekey_margin_time_seconds: 1,
5395
+ # replay_window_size: 1,
5396
+ # tunnel_inside_cidr: "NonEmptyString",
5397
+ # },
5398
+ # ],
5399
+ # }
5400
+ #
5401
+ # @!attribute [rw] static_routes_only
5402
+ # Whether the VPN connection uses static routes only.
5403
+ # @return [Boolean]
5404
+ #
5405
+ # @!attribute [rw] tunnel_options
5406
+ # The VPN tunnel options.
5407
+ # @return [Array<Types::AwsEc2VpnConnectionOptionsTunnelOptionsDetails>]
5408
+ #
5409
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionOptionsDetails AWS API Documentation
5410
+ #
5411
+ class AwsEc2VpnConnectionOptionsDetails < Struct.new(
5412
+ :static_routes_only,
5413
+ :tunnel_options)
5414
+ SENSITIVE = []
5415
+ include Aws::Structure
5416
+ end
5417
+
5418
+ # The VPN tunnel options.
5419
+ #
5420
+ # @note When making an API call, you may pass AwsEc2VpnConnectionOptionsTunnelOptionsDetails
5421
+ # data as a hash:
5422
+ #
5423
+ # {
5424
+ # dpd_timeout_seconds: 1,
5425
+ # ike_versions: ["NonEmptyString"],
5426
+ # outside_ip_address: "NonEmptyString",
5427
+ # phase_1_dh_group_numbers: [1],
5428
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
5429
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
5430
+ # phase_1_lifetime_seconds: 1,
5431
+ # phase_2_dh_group_numbers: [1],
5432
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
5433
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
5434
+ # phase_2_lifetime_seconds: 1,
5435
+ # pre_shared_key: "NonEmptyString",
5436
+ # rekey_fuzz_percentage: 1,
5437
+ # rekey_margin_time_seconds: 1,
5438
+ # replay_window_size: 1,
5439
+ # tunnel_inside_cidr: "NonEmptyString",
5440
+ # }
5441
+ #
5442
+ # @!attribute [rw] dpd_timeout_seconds
5443
+ # The number of seconds after which a Dead Peer Detection (DPD)
5444
+ # timeout occurs.
5445
+ # @return [Integer]
5446
+ #
5447
+ # @!attribute [rw] ike_versions
5448
+ # The Internet Key Exchange (IKE) versions that are permitted for the
5449
+ # VPN tunnel.
5450
+ # @return [Array<String>]
5451
+ #
5452
+ # @!attribute [rw] outside_ip_address
5453
+ # The external IP address of the VPN tunnel.
5454
+ # @return [String]
5455
+ #
5456
+ # @!attribute [rw] phase_1_dh_group_numbers
5457
+ # The permitted Diffie-Hellman group numbers for the VPN tunnel for
5458
+ # phase 1 IKE negotiations.
5459
+ # @return [Array<Integer>]
5460
+ #
5461
+ # @!attribute [rw] phase_1_encryption_algorithms
5462
+ # The permitted encryption algorithms for the VPN tunnel for phase 1
5463
+ # IKE negotiations.
5464
+ # @return [Array<String>]
5465
+ #
5466
+ # @!attribute [rw] phase_1_integrity_algorithms
5467
+ # The permitted integrity algorithms for the VPN tunnel for phase 1
5468
+ # IKE negotiations.
5469
+ # @return [Array<String>]
5470
+ #
5471
+ # @!attribute [rw] phase_1_lifetime_seconds
5472
+ # The lifetime for phase 1 of the IKE negotiation, in seconds.
5473
+ # @return [Integer]
5474
+ #
5475
+ # @!attribute [rw] phase_2_dh_group_numbers
5476
+ # The permitted Diffie-Hellman group numbers for the VPN tunnel for
5477
+ # phase 2 IKE negotiations.
5478
+ # @return [Array<Integer>]
5479
+ #
5480
+ # @!attribute [rw] phase_2_encryption_algorithms
5481
+ # The permitted encryption algorithms for the VPN tunnel for phase 2
5482
+ # IKE negotiations.
5483
+ # @return [Array<String>]
5484
+ #
5485
+ # @!attribute [rw] phase_2_integrity_algorithms
5486
+ # The permitted integrity algorithms for the VPN tunnel for phase 2
5487
+ # IKE negotiations.
5488
+ # @return [Array<String>]
5489
+ #
5490
+ # @!attribute [rw] phase_2_lifetime_seconds
5491
+ # The lifetime for phase 2 of the IKE negotiation, in seconds.
5492
+ # @return [Integer]
5493
+ #
5494
+ # @!attribute [rw] pre_shared_key
5495
+ # The preshared key to establish initial authentication between the
5496
+ # virtual private gateway and the customer gateway.
5497
+ # @return [String]
5498
+ #
5499
+ # @!attribute [rw] rekey_fuzz_percentage
5500
+ # The percentage of the rekey window, which is determined by
5501
+ # `RekeyMarginTimeSeconds` during which the rekey time is randomly
5502
+ # selected.
5503
+ # @return [Integer]
5504
+ #
5505
+ # @!attribute [rw] rekey_margin_time_seconds
5506
+ # The margin time, in seconds, before the phase 2 lifetime expires,
5507
+ # during which the Amazon Web Services side of the VPN connection
5508
+ # performs an IKE rekey.
5509
+ # @return [Integer]
5510
+ #
5511
+ # @!attribute [rw] replay_window_size
5512
+ # The number of packets in an IKE replay window.
5513
+ # @return [Integer]
5514
+ #
5515
+ # @!attribute [rw] tunnel_inside_cidr
5516
+ # The range of inside IPv4 addresses for the tunnel.
5517
+ # @return [String]
5518
+ #
5519
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionOptionsTunnelOptionsDetails AWS API Documentation
5520
+ #
5521
+ class AwsEc2VpnConnectionOptionsTunnelOptionsDetails < Struct.new(
5522
+ :dpd_timeout_seconds,
5523
+ :ike_versions,
5524
+ :outside_ip_address,
5525
+ :phase_1_dh_group_numbers,
5526
+ :phase_1_encryption_algorithms,
5527
+ :phase_1_integrity_algorithms,
5528
+ :phase_1_lifetime_seconds,
5529
+ :phase_2_dh_group_numbers,
5530
+ :phase_2_encryption_algorithms,
5531
+ :phase_2_integrity_algorithms,
5532
+ :phase_2_lifetime_seconds,
5533
+ :pre_shared_key,
5534
+ :rekey_fuzz_percentage,
5535
+ :rekey_margin_time_seconds,
5536
+ :replay_window_size,
5537
+ :tunnel_inside_cidr)
5538
+ SENSITIVE = []
5539
+ include Aws::Structure
5540
+ end
5541
+
5542
+ # A static routes associated with the VPN connection.
5543
+ #
5544
+ # @note When making an API call, you may pass AwsEc2VpnConnectionRoutesDetails
5545
+ # data as a hash:
5546
+ #
5547
+ # {
5548
+ # destination_cidr_block: "NonEmptyString",
5549
+ # state: "NonEmptyString",
5550
+ # }
5551
+ #
5552
+ # @!attribute [rw] destination_cidr_block
5553
+ # The CIDR block associated with the local subnet of the customer data
5554
+ # center.
5555
+ # @return [String]
5556
+ #
5557
+ # @!attribute [rw] state
5558
+ # The current state of the static route.
5559
+ # @return [String]
5560
+ #
5561
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionRoutesDetails AWS API Documentation
5562
+ #
5563
+ class AwsEc2VpnConnectionRoutesDetails < Struct.new(
5564
+ :destination_cidr_block,
5565
+ :state)
5566
+ SENSITIVE = []
5567
+ include Aws::Structure
5568
+ end
5569
+
5570
+ # Information about the VPN tunnel.
5571
+ #
5572
+ # @note When making an API call, you may pass AwsEc2VpnConnectionVgwTelemetryDetails
5573
+ # data as a hash:
5574
+ #
5575
+ # {
5576
+ # accepted_route_count: 1,
5577
+ # certificate_arn: "NonEmptyString",
5578
+ # last_status_change: "NonEmptyString",
5579
+ # outside_ip_address: "NonEmptyString",
5580
+ # status: "NonEmptyString",
5581
+ # status_message: "NonEmptyString",
5582
+ # }
5583
+ #
5584
+ # @!attribute [rw] accepted_route_count
5585
+ # The number of accepted routes.
5586
+ # @return [Integer]
5587
+ #
5588
+ # @!attribute [rw] certificate_arn
5589
+ # The ARN of the VPN tunnel endpoint certificate.
5590
+ # @return [String]
5591
+ #
5592
+ # @!attribute [rw] last_status_change
5593
+ # The date and time of the last change in status.
5594
+ #
5595
+ # Uses the `date-time` format specified in [RFC 3339 section 5.6,
5596
+ # Internet Date/Time Format][1]. The value cannot contain spaces. For
5597
+ # example, `2020-03-22T13:22:13.933Z`.
5598
+ #
5599
+ #
5600
+ #
5601
+ # [1]: https://tools.ietf.org/html/rfc3339#section-5.6
5602
+ # @return [String]
5603
+ #
5604
+ # @!attribute [rw] outside_ip_address
5605
+ # The Internet-routable IP address of the virtual private gateway's
5606
+ # outside interface.
5607
+ # @return [String]
5608
+ #
5609
+ # @!attribute [rw] status
5610
+ # The status of the VPN tunnel.
5611
+ # @return [String]
5612
+ #
5613
+ # @!attribute [rw] status_message
5614
+ # If an error occurs, a description of the error.
5615
+ # @return [String]
5616
+ #
5617
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionVgwTelemetryDetails AWS API Documentation
5618
+ #
5619
+ class AwsEc2VpnConnectionVgwTelemetryDetails < Struct.new(
5620
+ :accepted_route_count,
5621
+ :certificate_arn,
5622
+ :last_status_change,
5623
+ :outside_ip_address,
5624
+ :status,
5625
+ :status_message)
5626
+ SENSITIVE = []
5627
+ include Aws::Structure
5628
+ end
5629
+
5630
+ # Information about an Amazon ECR image.
5631
+ #
5632
+ # @note When making an API call, you may pass AwsEcrContainerImageDetails
5633
+ # data as a hash:
5634
+ #
5635
+ # {
5636
+ # registry_id: "NonEmptyString",
5637
+ # repository_name: "NonEmptyString",
5638
+ # architecture: "NonEmptyString",
5639
+ # image_digest: "NonEmptyString",
5640
+ # image_tags: ["NonEmptyString"],
5641
+ # image_published_at: "NonEmptyString",
5642
+ # }
5643
+ #
5644
+ # @!attribute [rw] registry_id
5645
+ # The Amazon Web Services account identifier that is associated with
5646
+ # the registry that the image belongs to.
5647
+ # @return [String]
5648
+ #
5649
+ # @!attribute [rw] repository_name
5650
+ # The name of the repository that the image belongs to.
5651
+ # @return [String]
5652
+ #
5653
+ # @!attribute [rw] architecture
5654
+ # The architecture of the image.
5655
+ # @return [String]
5656
+ #
5657
+ # @!attribute [rw] image_digest
5658
+ # The sha256 digest of the image manifest.
5659
+ # @return [String]
5660
+ #
5661
+ # @!attribute [rw] image_tags
5662
+ # The list of tags that are associated with the image.
5663
+ # @return [Array<String>]
5664
+ #
5665
+ # @!attribute [rw] image_published_at
5666
+ # The date and time when the image was pushed to the repository.
5667
+ #
5668
+ # Uses the `date-time` format specified in [RFC 3339 section 5.6,
5669
+ # Internet Date/Time Format][1]. The value cannot contain spaces. For
5670
+ # example, `2020-03-22T13:22:13.933Z`.
5671
+ #
5672
+ #
5673
+ #
5674
+ # [1]: https://tools.ietf.org/html/rfc3339#section-5.6
5675
+ # @return [String]
5676
+ #
5677
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcrContainerImageDetails AWS API Documentation
5678
+ #
5679
+ class AwsEcrContainerImageDetails < Struct.new(
5680
+ :registry_id,
5681
+ :repository_name,
5682
+ :architecture,
5683
+ :image_digest,
5684
+ :image_tags,
5685
+ :image_published_at)
5686
+ SENSITIVE = []
5687
+ include Aws::Structure
5688
+ end
5689
+
4918
5690
  # Indicates whether to enable CloudWatch Container Insights for the ECS
4919
5691
  # cluster.
4920
5692
  #
@@ -9960,7 +10732,7 @@ module Aws::SecurityHub
9960
10732
  include Aws::Structure
9961
10733
  end
9962
10734
 
9963
- # Contains metadata about a customer master key (CMK).
10735
+ # Contains metadata about an KMS key.
9964
10736
  #
9965
10737
  # @note When making an API call, you may pass AwsKmsKeyDetails
9966
10738
  # data as a hash:
@@ -9973,15 +10745,16 @@ module Aws::SecurityHub
9973
10745
  # key_state: "NonEmptyString",
9974
10746
  # origin: "NonEmptyString",
9975
10747
  # description: "NonEmptyString",
10748
+ # key_rotation_status: false,
9976
10749
  # }
9977
10750
  #
9978
10751
  # @!attribute [rw] aws_account_id
9979
10752
  # The twelve-digit account ID of the Amazon Web Services account that
9980
- # owns the CMK.
10753
+ # owns the KMS key.
9981
10754
  # @return [String]
9982
10755
  #
9983
10756
  # @!attribute [rw] creation_date
9984
- # Indicates when the CMK was created.
10757
+ # Indicates when the KMS key was created.
9985
10758
  #
9986
10759
  # Uses the `date-time` format specified in [RFC 3339 section 5.6,
9987
10760
  # Internet Date/Time Format][1]. The value cannot contain spaces. For
@@ -9993,25 +10766,25 @@ module Aws::SecurityHub
9993
10766
  # @return [Float]
9994
10767
  #
9995
10768
  # @!attribute [rw] key_id
9996
- # The globally unique identifier for the CMK.
10769
+ # The globally unique identifier for the KMS key.
9997
10770
  # @return [String]
9998
10771
  #
9999
10772
  # @!attribute [rw] key_manager
10000
- # The manager of the CMK. CMKs in your Amazon Web Services account are
10001
- # either customer managed or Amazon Web Services managed.
10773
+ # The manager of the KMS key. KMS keys in your Amazon Web Services
10774
+ # account are either customer managed or Amazon Web Services managed.
10002
10775
  # @return [String]
10003
10776
  #
10004
10777
  # @!attribute [rw] key_state
10005
- # The state of the CMK.
10778
+ # The state of the KMS key.
10006
10779
  # @return [String]
10007
10780
  #
10008
10781
  # @!attribute [rw] origin
10009
- # The source of the CMK's key material.
10782
+ # The source of the KMS key material.
10010
10783
  #
10011
10784
  # When this value is `AWS_KMS`, KMS created the key material.
10012
10785
  #
10013
10786
  # When this value is `EXTERNAL`, the key material was imported from
10014
- # your existing key management infrastructure or the CMK lacks key
10787
+ # your existing key management infrastructure or the KMS key lacks key
10015
10788
  # material.
10016
10789
  #
10017
10790
  # When this value is `AWS_CLOUDHSM`, the key material was created in
@@ -10022,6 +10795,10 @@ module Aws::SecurityHub
10022
10795
  # A description of the key.
10023
10796
  # @return [String]
10024
10797
  #
10798
+ # @!attribute [rw] key_rotation_status
10799
+ # Whether the key has key rotation enabled.
10800
+ # @return [Boolean]
10801
+ #
10025
10802
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKmsKeyDetails AWS API Documentation
10026
10803
  #
10027
10804
  class AwsKmsKeyDetails < Struct.new(
@@ -10031,7 +10808,8 @@ module Aws::SecurityHub
10031
10808
  :key_manager,
10032
10809
  :key_state,
10033
10810
  :origin,
10034
- :description)
10811
+ :description,
10812
+ :key_rotation_status)
10035
10813
  SENSITIVE = []
10036
10814
  include Aws::Structure
10037
10815
  end
@@ -10181,7 +10959,7 @@ module Aws::SecurityHub
10181
10959
  # @!attribute [rw] kms_key_arn
10182
10960
  # The KMS key that is used to encrypt the function's environment
10183
10961
  # variables. This key is only returned if you've configured a
10184
- # customer managed CMK.
10962
+ # customer managed customer managed key.
10185
10963
  # @return [String]
10186
10964
  #
10187
10965
  # @!attribute [rw] last_modified
@@ -13953,6 +14731,53 @@ module Aws::SecurityHub
13953
14731
  # ignore_public_acls: false,
13954
14732
  # restrict_public_buckets: false,
13955
14733
  # },
14734
+ # access_control_list: "NonEmptyString",
14735
+ # bucket_logging_configuration: {
14736
+ # destination_bucket_name: "NonEmptyString",
14737
+ # log_file_prefix: "NonEmptyString",
14738
+ # },
14739
+ # bucket_website_configuration: {
14740
+ # error_document: "NonEmptyString",
14741
+ # index_document_suffix: "NonEmptyString",
14742
+ # redirect_all_requests_to: {
14743
+ # hostname: "NonEmptyString",
14744
+ # protocol: "NonEmptyString",
14745
+ # },
14746
+ # routing_rules: [
14747
+ # {
14748
+ # condition: {
14749
+ # http_error_code_returned_equals: "NonEmptyString",
14750
+ # key_prefix_equals: "NonEmptyString",
14751
+ # },
14752
+ # redirect: {
14753
+ # hostname: "NonEmptyString",
14754
+ # http_redirect_code: "NonEmptyString",
14755
+ # protocol: "NonEmptyString",
14756
+ # replace_key_prefix_with: "NonEmptyString",
14757
+ # replace_key_with: "NonEmptyString",
14758
+ # },
14759
+ # },
14760
+ # ],
14761
+ # },
14762
+ # bucket_notification_configuration: {
14763
+ # configurations: [
14764
+ # {
14765
+ # events: ["NonEmptyString"],
14766
+ # filter: {
14767
+ # s3_key_filter: {
14768
+ # filter_rules: [
14769
+ # {
14770
+ # name: "Prefix", # accepts Prefix, Suffix
14771
+ # value: "NonEmptyString",
14772
+ # },
14773
+ # ],
14774
+ # },
14775
+ # },
14776
+ # destination: "NonEmptyString",
14777
+ # type: "NonEmptyString",
14778
+ # },
14779
+ # ],
14780
+ # },
13956
14781
  # }
13957
14782
  #
13958
14783
  # @!attribute [rw] owner_id
@@ -13988,6 +14813,22 @@ module Aws::SecurityHub
13988
14813
  # configuration for the S3 bucket.
13989
14814
  # @return [Types::AwsS3AccountPublicAccessBlockDetails]
13990
14815
  #
14816
+ # @!attribute [rw] access_control_list
14817
+ # The access control list for the S3 bucket.
14818
+ # @return [String]
14819
+ #
14820
+ # @!attribute [rw] bucket_logging_configuration
14821
+ # The logging configuration for the S3 bucket.
14822
+ # @return [Types::AwsS3BucketLoggingConfiguration]
14823
+ #
14824
+ # @!attribute [rw] bucket_website_configuration
14825
+ # The website configuration parameters for the S3 bucket.
14826
+ # @return [Types::AwsS3BucketWebsiteConfiguration]
14827
+ #
14828
+ # @!attribute [rw] bucket_notification_configuration
14829
+ # The notification configuration for the S3 bucket.
14830
+ # @return [Types::AwsS3BucketNotificationConfiguration]
14831
+ #
13991
14832
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
13992
14833
  #
13993
14834
  class AwsS3BucketDetails < Struct.new(
@@ -13996,7 +14837,209 @@ module Aws::SecurityHub
13996
14837
  :created_at,
13997
14838
  :server_side_encryption_configuration,
13998
14839
  :bucket_lifecycle_configuration,
13999
- :public_access_block_configuration)
14840
+ :public_access_block_configuration,
14841
+ :access_control_list,
14842
+ :bucket_logging_configuration,
14843
+ :bucket_website_configuration,
14844
+ :bucket_notification_configuration)
14845
+ SENSITIVE = []
14846
+ include Aws::Structure
14847
+ end
14848
+
14849
+ # Information about logging for the S3 bucket
14850
+ #
14851
+ # @note When making an API call, you may pass AwsS3BucketLoggingConfiguration
14852
+ # data as a hash:
14853
+ #
14854
+ # {
14855
+ # destination_bucket_name: "NonEmptyString",
14856
+ # log_file_prefix: "NonEmptyString",
14857
+ # }
14858
+ #
14859
+ # @!attribute [rw] destination_bucket_name
14860
+ # The name of the S3 bucket where log files for the S3 bucket are
14861
+ # stored.
14862
+ # @return [String]
14863
+ #
14864
+ # @!attribute [rw] log_file_prefix
14865
+ # The prefix added to log files for the S3 bucket.
14866
+ # @return [String]
14867
+ #
14868
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketLoggingConfiguration AWS API Documentation
14869
+ #
14870
+ class AwsS3BucketLoggingConfiguration < Struct.new(
14871
+ :destination_bucket_name,
14872
+ :log_file_prefix)
14873
+ SENSITIVE = []
14874
+ include Aws::Structure
14875
+ end
14876
+
14877
+ # The notification configuration for the S3 bucket.
14878
+ #
14879
+ # @note When making an API call, you may pass AwsS3BucketNotificationConfiguration
14880
+ # data as a hash:
14881
+ #
14882
+ # {
14883
+ # configurations: [
14884
+ # {
14885
+ # events: ["NonEmptyString"],
14886
+ # filter: {
14887
+ # s3_key_filter: {
14888
+ # filter_rules: [
14889
+ # {
14890
+ # name: "Prefix", # accepts Prefix, Suffix
14891
+ # value: "NonEmptyString",
14892
+ # },
14893
+ # ],
14894
+ # },
14895
+ # },
14896
+ # destination: "NonEmptyString",
14897
+ # type: "NonEmptyString",
14898
+ # },
14899
+ # ],
14900
+ # }
14901
+ #
14902
+ # @!attribute [rw] configurations
14903
+ # Configurations for S3 bucket notifications.
14904
+ # @return [Array<Types::AwsS3BucketNotificationConfigurationDetail>]
14905
+ #
14906
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfiguration AWS API Documentation
14907
+ #
14908
+ class AwsS3BucketNotificationConfiguration < Struct.new(
14909
+ :configurations)
14910
+ SENSITIVE = []
14911
+ include Aws::Structure
14912
+ end
14913
+
14914
+ # Details for an S3 bucket notification configuration.
14915
+ #
14916
+ # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationDetail
14917
+ # data as a hash:
14918
+ #
14919
+ # {
14920
+ # events: ["NonEmptyString"],
14921
+ # filter: {
14922
+ # s3_key_filter: {
14923
+ # filter_rules: [
14924
+ # {
14925
+ # name: "Prefix", # accepts Prefix, Suffix
14926
+ # value: "NonEmptyString",
14927
+ # },
14928
+ # ],
14929
+ # },
14930
+ # },
14931
+ # destination: "NonEmptyString",
14932
+ # type: "NonEmptyString",
14933
+ # }
14934
+ #
14935
+ # @!attribute [rw] events
14936
+ # The list of events that trigger a notification.
14937
+ # @return [Array<String>]
14938
+ #
14939
+ # @!attribute [rw] filter
14940
+ # The filters that determine which S3 buckets generate notifications.
14941
+ # @return [Types::AwsS3BucketNotificationConfigurationFilter]
14942
+ #
14943
+ # @!attribute [rw] destination
14944
+ # The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS
14945
+ # topic that generates the notification.
14946
+ # @return [String]
14947
+ #
14948
+ # @!attribute [rw] type
14949
+ # Indicates the type of notification. Notifications can be generated
14950
+ # using Lambda functions, Amazon SQS queues or Amazon SNS topics.
14951
+ # @return [String]
14952
+ #
14953
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationDetail AWS API Documentation
14954
+ #
14955
+ class AwsS3BucketNotificationConfigurationDetail < Struct.new(
14956
+ :events,
14957
+ :filter,
14958
+ :destination,
14959
+ :type)
14960
+ SENSITIVE = []
14961
+ include Aws::Structure
14962
+ end
14963
+
14964
+ # Filtering information for the notifications. The filtering is based on
14965
+ # Amazon S3 key names.
14966
+ #
14967
+ # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationFilter
14968
+ # data as a hash:
14969
+ #
14970
+ # {
14971
+ # s3_key_filter: {
14972
+ # filter_rules: [
14973
+ # {
14974
+ # name: "Prefix", # accepts Prefix, Suffix
14975
+ # value: "NonEmptyString",
14976
+ # },
14977
+ # ],
14978
+ # },
14979
+ # }
14980
+ #
14981
+ # @!attribute [rw] s3_key_filter
14982
+ # Details for an Amazon S3 filter.
14983
+ # @return [Types::AwsS3BucketNotificationConfigurationS3KeyFilter]
14984
+ #
14985
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationFilter AWS API Documentation
14986
+ #
14987
+ class AwsS3BucketNotificationConfigurationFilter < Struct.new(
14988
+ :s3_key_filter)
14989
+ SENSITIVE = []
14990
+ include Aws::Structure
14991
+ end
14992
+
14993
+ # Details for an Amazon S3 filter.
14994
+ #
14995
+ # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationS3KeyFilter
14996
+ # data as a hash:
14997
+ #
14998
+ # {
14999
+ # filter_rules: [
15000
+ # {
15001
+ # name: "Prefix", # accepts Prefix, Suffix
15002
+ # value: "NonEmptyString",
15003
+ # },
15004
+ # ],
15005
+ # }
15006
+ #
15007
+ # @!attribute [rw] filter_rules
15008
+ # The filter rules for the filter.
15009
+ # @return [Array<Types::AwsS3BucketNotificationConfigurationS3KeyFilterRule>]
15010
+ #
15011
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationS3KeyFilter AWS API Documentation
15012
+ #
15013
+ class AwsS3BucketNotificationConfigurationS3KeyFilter < Struct.new(
15014
+ :filter_rules)
15015
+ SENSITIVE = []
15016
+ include Aws::Structure
15017
+ end
15018
+
15019
+ # Details for a filter rule.
15020
+ #
15021
+ # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationS3KeyFilterRule
15022
+ # data as a hash:
15023
+ #
15024
+ # {
15025
+ # name: "Prefix", # accepts Prefix, Suffix
15026
+ # value: "NonEmptyString",
15027
+ # }
15028
+ #
15029
+ # @!attribute [rw] name
15030
+ # Indicates whether the filter is based on the prefix or suffix of the
15031
+ # Amazon S3 key.
15032
+ # @return [String]
15033
+ #
15034
+ # @!attribute [rw] value
15035
+ # The filter value.
15036
+ # @return [String]
15037
+ #
15038
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationS3KeyFilterRule AWS API Documentation
15039
+ #
15040
+ class AwsS3BucketNotificationConfigurationS3KeyFilterRule < Struct.new(
15041
+ :name,
15042
+ :value)
14000
15043
  SENSITIVE = []
14001
15044
  include Aws::Structure
14002
15045
  end
@@ -14017,7 +15060,7 @@ module Aws::SecurityHub
14017
15060
  # @return [String]
14018
15061
  #
14019
15062
  # @!attribute [rw] kms_master_key_id
14020
- # KMS customer master key (CMK) ID to use for the default encryption.
15063
+ # KMS key ID to use for the default encryption.
14021
15064
  # @return [String]
14022
15065
  #
14023
15066
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionByDefault AWS API Documentation
@@ -14083,6 +15126,208 @@ module Aws::SecurityHub
14083
15126
  include Aws::Structure
14084
15127
  end
14085
15128
 
15129
+ # Website parameters for the S3 bucket.
15130
+ #
15131
+ # @note When making an API call, you may pass AwsS3BucketWebsiteConfiguration
15132
+ # data as a hash:
15133
+ #
15134
+ # {
15135
+ # error_document: "NonEmptyString",
15136
+ # index_document_suffix: "NonEmptyString",
15137
+ # redirect_all_requests_to: {
15138
+ # hostname: "NonEmptyString",
15139
+ # protocol: "NonEmptyString",
15140
+ # },
15141
+ # routing_rules: [
15142
+ # {
15143
+ # condition: {
15144
+ # http_error_code_returned_equals: "NonEmptyString",
15145
+ # key_prefix_equals: "NonEmptyString",
15146
+ # },
15147
+ # redirect: {
15148
+ # hostname: "NonEmptyString",
15149
+ # http_redirect_code: "NonEmptyString",
15150
+ # protocol: "NonEmptyString",
15151
+ # replace_key_prefix_with: "NonEmptyString",
15152
+ # replace_key_with: "NonEmptyString",
15153
+ # },
15154
+ # },
15155
+ # ],
15156
+ # }
15157
+ #
15158
+ # @!attribute [rw] error_document
15159
+ # The name of the error document for the website.
15160
+ # @return [String]
15161
+ #
15162
+ # @!attribute [rw] index_document_suffix
15163
+ # The name of the index document for the website.
15164
+ # @return [String]
15165
+ #
15166
+ # @!attribute [rw] redirect_all_requests_to
15167
+ # The redirect behavior for requests to the website.
15168
+ # @return [Types::AwsS3BucketWebsiteConfigurationRedirectTo]
15169
+ #
15170
+ # @!attribute [rw] routing_rules
15171
+ # The rules for applying redirects for requests to the website.
15172
+ # @return [Array<Types::AwsS3BucketWebsiteConfigurationRoutingRule>]
15173
+ #
15174
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfiguration AWS API Documentation
15175
+ #
15176
+ class AwsS3BucketWebsiteConfiguration < Struct.new(
15177
+ :error_document,
15178
+ :index_document_suffix,
15179
+ :redirect_all_requests_to,
15180
+ :routing_rules)
15181
+ SENSITIVE = []
15182
+ include Aws::Structure
15183
+ end
15184
+
15185
+ # The redirect behavior for requests to the website.
15186
+ #
15187
+ # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRedirectTo
15188
+ # data as a hash:
15189
+ #
15190
+ # {
15191
+ # hostname: "NonEmptyString",
15192
+ # protocol: "NonEmptyString",
15193
+ # }
15194
+ #
15195
+ # @!attribute [rw] hostname
15196
+ # The name of the host to redirect requests to.
15197
+ # @return [String]
15198
+ #
15199
+ # @!attribute [rw] protocol
15200
+ # The protocol to use when redirecting requests. By default, uses the
15201
+ # same protocol as the original request.
15202
+ # @return [String]
15203
+ #
15204
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRedirectTo AWS API Documentation
15205
+ #
15206
+ class AwsS3BucketWebsiteConfigurationRedirectTo < Struct.new(
15207
+ :hostname,
15208
+ :protocol)
15209
+ SENSITIVE = []
15210
+ include Aws::Structure
15211
+ end
15212
+
15213
+ # A rule for redirecting requests to the website.
15214
+ #
15215
+ # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRoutingRule
15216
+ # data as a hash:
15217
+ #
15218
+ # {
15219
+ # condition: {
15220
+ # http_error_code_returned_equals: "NonEmptyString",
15221
+ # key_prefix_equals: "NonEmptyString",
15222
+ # },
15223
+ # redirect: {
15224
+ # hostname: "NonEmptyString",
15225
+ # http_redirect_code: "NonEmptyString",
15226
+ # protocol: "NonEmptyString",
15227
+ # replace_key_prefix_with: "NonEmptyString",
15228
+ # replace_key_with: "NonEmptyString",
15229
+ # },
15230
+ # }
15231
+ #
15232
+ # @!attribute [rw] condition
15233
+ # Provides the condition that must be met in order to apply the
15234
+ # routing rule.
15235
+ # @return [Types::AwsS3BucketWebsiteConfigurationRoutingRuleCondition]
15236
+ #
15237
+ # @!attribute [rw] redirect
15238
+ # Provides the rules to redirect the request if the condition in
15239
+ # `Condition` is met.
15240
+ # @return [Types::AwsS3BucketWebsiteConfigurationRoutingRuleRedirect]
15241
+ #
15242
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRoutingRule AWS API Documentation
15243
+ #
15244
+ class AwsS3BucketWebsiteConfigurationRoutingRule < Struct.new(
15245
+ :condition,
15246
+ :redirect)
15247
+ SENSITIVE = []
15248
+ include Aws::Structure
15249
+ end
15250
+
15251
+ # The condition that must be met in order to apply the routing rule.
15252
+ #
15253
+ # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRoutingRuleCondition
15254
+ # data as a hash:
15255
+ #
15256
+ # {
15257
+ # http_error_code_returned_equals: "NonEmptyString",
15258
+ # key_prefix_equals: "NonEmptyString",
15259
+ # }
15260
+ #
15261
+ # @!attribute [rw] http_error_code_returned_equals
15262
+ # Indicates to redirect the request if the HTTP error code matches
15263
+ # this value.
15264
+ # @return [String]
15265
+ #
15266
+ # @!attribute [rw] key_prefix_equals
15267
+ # Indicates to redirect the request if the key prefix matches this
15268
+ # value.
15269
+ # @return [String]
15270
+ #
15271
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRoutingRuleCondition AWS API Documentation
15272
+ #
15273
+ class AwsS3BucketWebsiteConfigurationRoutingRuleCondition < Struct.new(
15274
+ :http_error_code_returned_equals,
15275
+ :key_prefix_equals)
15276
+ SENSITIVE = []
15277
+ include Aws::Structure
15278
+ end
15279
+
15280
+ # The rules to redirect the request if the condition in `Condition` is
15281
+ # met.
15282
+ #
15283
+ # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
15284
+ # data as a hash:
15285
+ #
15286
+ # {
15287
+ # hostname: "NonEmptyString",
15288
+ # http_redirect_code: "NonEmptyString",
15289
+ # protocol: "NonEmptyString",
15290
+ # replace_key_prefix_with: "NonEmptyString",
15291
+ # replace_key_with: "NonEmptyString",
15292
+ # }
15293
+ #
15294
+ # @!attribute [rw] hostname
15295
+ # The host name to use in the redirect request.
15296
+ # @return [String]
15297
+ #
15298
+ # @!attribute [rw] http_redirect_code
15299
+ # The HTTP redirect code to use in the response.
15300
+ # @return [String]
15301
+ #
15302
+ # @!attribute [rw] protocol
15303
+ # The protocol to use to redirect the request. By default, uses the
15304
+ # protocol from the original request.
15305
+ # @return [String]
15306
+ #
15307
+ # @!attribute [rw] replace_key_prefix_with
15308
+ # The object key prefix to use in the redirect request.
15309
+ #
15310
+ # Cannot be provided if `ReplaceKeyWith` is present.
15311
+ # @return [String]
15312
+ #
15313
+ # @!attribute [rw] replace_key_with
15314
+ # The specific object key to use in the redirect request.
15315
+ #
15316
+ # Cannot be provided if `ReplaceKeyPrefixWith` is present.
15317
+ # @return [String]
15318
+ #
15319
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRoutingRuleRedirect AWS API Documentation
15320
+ #
15321
+ class AwsS3BucketWebsiteConfigurationRoutingRuleRedirect < Struct.new(
15322
+ :hostname,
15323
+ :http_redirect_code,
15324
+ :protocol,
15325
+ :replace_key_prefix_with,
15326
+ :replace_key_with)
15327
+ SENSITIVE = []
15328
+ include Aws::Structure
15329
+ end
15330
+
14086
15331
  # Details about an Amazon S3 object.
14087
15332
  #
14088
15333
  # @note When making an API call, you may pass AwsS3ObjectDetails
@@ -14129,8 +15374,8 @@ module Aws::SecurityHub
14129
15374
  # @return [String]
14130
15375
  #
14131
15376
  # @!attribute [rw] ssekms_key_id
14132
- # The identifier of the KMS symmetric customer managed customer master
14133
- # key (CMK) that was used for the object.
15377
+ # The identifier of the KMS symmetric customer managed key that was
15378
+ # used for the object.
14134
15379
  # @return [String]
14135
15380
  #
14136
15381
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3ObjectDetails AWS API Documentation
@@ -14174,9 +15419,8 @@ module Aws::SecurityHub
14174
15419
  # @return [Boolean]
14175
15420
  #
14176
15421
  # @!attribute [rw] kms_key_id
14177
- # The ARN, Key ID, or alias of the KMS customer master key (CMK) used
14178
- # to encrypt the `SecretString` or `SecretBinary` values for versions
14179
- # of this secret.
15422
+ # The ARN, Key ID, or alias of the KMS key used to encrypt the
15423
+ # `SecretString` or `SecretBinary` values for versions of this secret.
14180
15424
  # @return [String]
14181
15425
  #
14182
15426
  # @!attribute [rw] rotation_enabled
@@ -14992,6 +16236,53 @@ module Aws::SecurityHub
14992
16236
  # ignore_public_acls: false,
14993
16237
  # restrict_public_buckets: false,
14994
16238
  # },
16239
+ # access_control_list: "NonEmptyString",
16240
+ # bucket_logging_configuration: {
16241
+ # destination_bucket_name: "NonEmptyString",
16242
+ # log_file_prefix: "NonEmptyString",
16243
+ # },
16244
+ # bucket_website_configuration: {
16245
+ # error_document: "NonEmptyString",
16246
+ # index_document_suffix: "NonEmptyString",
16247
+ # redirect_all_requests_to: {
16248
+ # hostname: "NonEmptyString",
16249
+ # protocol: "NonEmptyString",
16250
+ # },
16251
+ # routing_rules: [
16252
+ # {
16253
+ # condition: {
16254
+ # http_error_code_returned_equals: "NonEmptyString",
16255
+ # key_prefix_equals: "NonEmptyString",
16256
+ # },
16257
+ # redirect: {
16258
+ # hostname: "NonEmptyString",
16259
+ # http_redirect_code: "NonEmptyString",
16260
+ # protocol: "NonEmptyString",
16261
+ # replace_key_prefix_with: "NonEmptyString",
16262
+ # replace_key_with: "NonEmptyString",
16263
+ # },
16264
+ # },
16265
+ # ],
16266
+ # },
16267
+ # bucket_notification_configuration: {
16268
+ # configurations: [
16269
+ # {
16270
+ # events: ["NonEmptyString"],
16271
+ # filter: {
16272
+ # s3_key_filter: {
16273
+ # filter_rules: [
16274
+ # {
16275
+ # name: "Prefix", # accepts Prefix, Suffix
16276
+ # value: "NonEmptyString",
16277
+ # },
16278
+ # ],
16279
+ # },
16280
+ # },
16281
+ # destination: "NonEmptyString",
16282
+ # type: "NonEmptyString",
16283
+ # },
16284
+ # ],
16285
+ # },
14995
16286
  # },
14996
16287
  # aws_s3_account_public_access_block: {
14997
16288
  # block_public_acls: false,
@@ -15679,6 +16970,7 @@ module Aws::SecurityHub
15679
16970
  # key_state: "NonEmptyString",
15680
16971
  # origin: "NonEmptyString",
15681
16972
  # description: "NonEmptyString",
16973
+ # key_rotation_status: false,
15682
16974
  # },
15683
16975
  # aws_lambda_function: {
15684
16976
  # code: {
@@ -16370,6 +17662,99 @@ module Aws::SecurityHub
16370
17662
  # ],
16371
17663
  # task_definition: "NonEmptyString",
16372
17664
  # },
17665
+ # aws_auto_scaling_launch_configuration: {
17666
+ # associate_public_ip_address: false,
17667
+ # block_device_mappings: [
17668
+ # {
17669
+ # device_name: "NonEmptyString",
17670
+ # ebs: {
17671
+ # delete_on_termination: false,
17672
+ # encrypted: false,
17673
+ # iops: 1,
17674
+ # snapshot_id: "NonEmptyString",
17675
+ # volume_size: 1,
17676
+ # volume_type: "NonEmptyString",
17677
+ # },
17678
+ # no_device: false,
17679
+ # virtual_name: "NonEmptyString",
17680
+ # },
17681
+ # ],
17682
+ # classic_link_vpc_id: "NonEmptyString",
17683
+ # classic_link_vpc_security_groups: ["NonEmptyString"],
17684
+ # created_time: "NonEmptyString",
17685
+ # ebs_optimized: false,
17686
+ # iam_instance_profile: "NonEmptyString",
17687
+ # image_id: "NonEmptyString",
17688
+ # instance_monitoring: {
17689
+ # enabled: false,
17690
+ # },
17691
+ # instance_type: "NonEmptyString",
17692
+ # kernel_id: "NonEmptyString",
17693
+ # key_name: "NonEmptyString",
17694
+ # launch_configuration_name: "NonEmptyString",
17695
+ # placement_tenancy: "NonEmptyString",
17696
+ # ramdisk_id: "NonEmptyString",
17697
+ # security_groups: ["NonEmptyString"],
17698
+ # spot_price: "NonEmptyString",
17699
+ # user_data: "NonEmptyString",
17700
+ # },
17701
+ # aws_ec2_vpn_connection: {
17702
+ # vpn_connection_id: "NonEmptyString",
17703
+ # state: "NonEmptyString",
17704
+ # customer_gateway_id: "NonEmptyString",
17705
+ # customer_gateway_configuration: "NonEmptyString",
17706
+ # type: "NonEmptyString",
17707
+ # vpn_gateway_id: "NonEmptyString",
17708
+ # category: "NonEmptyString",
17709
+ # vgw_telemetry: [
17710
+ # {
17711
+ # accepted_route_count: 1,
17712
+ # certificate_arn: "NonEmptyString",
17713
+ # last_status_change: "NonEmptyString",
17714
+ # outside_ip_address: "NonEmptyString",
17715
+ # status: "NonEmptyString",
17716
+ # status_message: "NonEmptyString",
17717
+ # },
17718
+ # ],
17719
+ # options: {
17720
+ # static_routes_only: false,
17721
+ # tunnel_options: [
17722
+ # {
17723
+ # dpd_timeout_seconds: 1,
17724
+ # ike_versions: ["NonEmptyString"],
17725
+ # outside_ip_address: "NonEmptyString",
17726
+ # phase_1_dh_group_numbers: [1],
17727
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
17728
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
17729
+ # phase_1_lifetime_seconds: 1,
17730
+ # phase_2_dh_group_numbers: [1],
17731
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
17732
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
17733
+ # phase_2_lifetime_seconds: 1,
17734
+ # pre_shared_key: "NonEmptyString",
17735
+ # rekey_fuzz_percentage: 1,
17736
+ # rekey_margin_time_seconds: 1,
17737
+ # replay_window_size: 1,
17738
+ # tunnel_inside_cidr: "NonEmptyString",
17739
+ # },
17740
+ # ],
17741
+ # },
17742
+ # routes: [
17743
+ # {
17744
+ # destination_cidr_block: "NonEmptyString",
17745
+ # state: "NonEmptyString",
17746
+ # },
17747
+ # ],
17748
+ # transit_gateway_id: "NonEmptyString",
17749
+ # },
17750
+ # aws_ecr_container_image: {
17751
+ # registry_id: "NonEmptyString",
17752
+ # repository_name: "NonEmptyString",
17753
+ # architecture: "NonEmptyString",
17754
+ # image_digest: "NonEmptyString",
17755
+ # image_tags: ["NonEmptyString"],
17756
+ # image_published_at: "NonEmptyString",
17757
+ # },
16373
17758
  # },
16374
17759
  # },
16375
17760
  # ],
@@ -16410,6 +17795,8 @@ module Aws::SecurityHub
16410
17795
  # epoch: "NonEmptyString",
16411
17796
  # release: "NonEmptyString",
16412
17797
  # architecture: "NonEmptyString",
17798
+ # package_manager: "NonEmptyString",
17799
+ # file_path: "NonEmptyString",
16413
17800
  # },
16414
17801
  # ],
16415
17802
  # cvss: [
@@ -16417,6 +17804,13 @@ module Aws::SecurityHub
16417
17804
  # version: "NonEmptyString",
16418
17805
  # base_score: 1.0,
16419
17806
  # base_vector: "NonEmptyString",
17807
+ # source: "NonEmptyString",
17808
+ # adjustments: [
17809
+ # {
17810
+ # metric: "NonEmptyString",
17811
+ # reason: "NonEmptyString",
17812
+ # },
17813
+ # ],
16420
17814
  # },
16421
17815
  # ],
16422
17816
  # related_vulnerabilities: ["NonEmptyString"],
@@ -16595,7 +17989,7 @@ module Aws::SecurityHub
16595
17989
  # name, you use this attribute.
16596
17990
  #
16597
17991
  # When you use the Security Hub API to filter findings by product
16598
- # name, you use the `aws/securityhub/ProductyName` attribute under
17992
+ # name, you use the `aws/securityhub/ProductName` attribute under
16599
17993
  # `ProductFields`.
16600
17994
  #
16601
17995
  # Security Hub does not synchronize those two attributes.
@@ -18137,8 +19531,8 @@ module Aws::SecurityHub
18137
19531
  # }
18138
19532
  #
18139
19533
  # @!attribute [rw] kms_master_key_id
18140
- # The ID of an Amazon Web Services managed customer master key (CMK)
18141
- # for Amazon SNS or a custom CMK.
19534
+ # The ID of an Amazon Web Services managed key for Amazon SNS or a
19535
+ # customer managed key.
18142
19536
  # @return [String]
18143
19537
  #
18144
19538
  # @!attribute [rw] subscription
@@ -18210,8 +19604,8 @@ module Aws::SecurityHub
18210
19604
  # @return [Integer]
18211
19605
  #
18212
19606
  # @!attribute [rw] kms_master_key_id
18213
- # The ID of an Amazon Web Services managed customer master key (CMK)
18214
- # for Amazon SQS or a custom CMK.
19607
+ # The ID of an Amazon Web Services managed key for Amazon SQS or a
19608
+ # custom KMS key.
18215
19609
  # @return [String]
18216
19610
  #
18217
19611
  # @!attribute [rw] queue_name
@@ -19424,6 +20818,53 @@ module Aws::SecurityHub
19424
20818
  # ignore_public_acls: false,
19425
20819
  # restrict_public_buckets: false,
19426
20820
  # },
20821
+ # access_control_list: "NonEmptyString",
20822
+ # bucket_logging_configuration: {
20823
+ # destination_bucket_name: "NonEmptyString",
20824
+ # log_file_prefix: "NonEmptyString",
20825
+ # },
20826
+ # bucket_website_configuration: {
20827
+ # error_document: "NonEmptyString",
20828
+ # index_document_suffix: "NonEmptyString",
20829
+ # redirect_all_requests_to: {
20830
+ # hostname: "NonEmptyString",
20831
+ # protocol: "NonEmptyString",
20832
+ # },
20833
+ # routing_rules: [
20834
+ # {
20835
+ # condition: {
20836
+ # http_error_code_returned_equals: "NonEmptyString",
20837
+ # key_prefix_equals: "NonEmptyString",
20838
+ # },
20839
+ # redirect: {
20840
+ # hostname: "NonEmptyString",
20841
+ # http_redirect_code: "NonEmptyString",
20842
+ # protocol: "NonEmptyString",
20843
+ # replace_key_prefix_with: "NonEmptyString",
20844
+ # replace_key_with: "NonEmptyString",
20845
+ # },
20846
+ # },
20847
+ # ],
20848
+ # },
20849
+ # bucket_notification_configuration: {
20850
+ # configurations: [
20851
+ # {
20852
+ # events: ["NonEmptyString"],
20853
+ # filter: {
20854
+ # s3_key_filter: {
20855
+ # filter_rules: [
20856
+ # {
20857
+ # name: "Prefix", # accepts Prefix, Suffix
20858
+ # value: "NonEmptyString",
20859
+ # },
20860
+ # ],
20861
+ # },
20862
+ # },
20863
+ # destination: "NonEmptyString",
20864
+ # type: "NonEmptyString",
20865
+ # },
20866
+ # ],
20867
+ # },
19427
20868
  # },
19428
20869
  # aws_s3_account_public_access_block: {
19429
20870
  # block_public_acls: false,
@@ -20111,6 +21552,7 @@ module Aws::SecurityHub
20111
21552
  # key_state: "NonEmptyString",
20112
21553
  # origin: "NonEmptyString",
20113
21554
  # description: "NonEmptyString",
21555
+ # key_rotation_status: false,
20114
21556
  # },
20115
21557
  # aws_lambda_function: {
20116
21558
  # code: {
@@ -20802,6 +22244,99 @@ module Aws::SecurityHub
20802
22244
  # ],
20803
22245
  # task_definition: "NonEmptyString",
20804
22246
  # },
22247
+ # aws_auto_scaling_launch_configuration: {
22248
+ # associate_public_ip_address: false,
22249
+ # block_device_mappings: [
22250
+ # {
22251
+ # device_name: "NonEmptyString",
22252
+ # ebs: {
22253
+ # delete_on_termination: false,
22254
+ # encrypted: false,
22255
+ # iops: 1,
22256
+ # snapshot_id: "NonEmptyString",
22257
+ # volume_size: 1,
22258
+ # volume_type: "NonEmptyString",
22259
+ # },
22260
+ # no_device: false,
22261
+ # virtual_name: "NonEmptyString",
22262
+ # },
22263
+ # ],
22264
+ # classic_link_vpc_id: "NonEmptyString",
22265
+ # classic_link_vpc_security_groups: ["NonEmptyString"],
22266
+ # created_time: "NonEmptyString",
22267
+ # ebs_optimized: false,
22268
+ # iam_instance_profile: "NonEmptyString",
22269
+ # image_id: "NonEmptyString",
22270
+ # instance_monitoring: {
22271
+ # enabled: false,
22272
+ # },
22273
+ # instance_type: "NonEmptyString",
22274
+ # kernel_id: "NonEmptyString",
22275
+ # key_name: "NonEmptyString",
22276
+ # launch_configuration_name: "NonEmptyString",
22277
+ # placement_tenancy: "NonEmptyString",
22278
+ # ramdisk_id: "NonEmptyString",
22279
+ # security_groups: ["NonEmptyString"],
22280
+ # spot_price: "NonEmptyString",
22281
+ # user_data: "NonEmptyString",
22282
+ # },
22283
+ # aws_ec2_vpn_connection: {
22284
+ # vpn_connection_id: "NonEmptyString",
22285
+ # state: "NonEmptyString",
22286
+ # customer_gateway_id: "NonEmptyString",
22287
+ # customer_gateway_configuration: "NonEmptyString",
22288
+ # type: "NonEmptyString",
22289
+ # vpn_gateway_id: "NonEmptyString",
22290
+ # category: "NonEmptyString",
22291
+ # vgw_telemetry: [
22292
+ # {
22293
+ # accepted_route_count: 1,
22294
+ # certificate_arn: "NonEmptyString",
22295
+ # last_status_change: "NonEmptyString",
22296
+ # outside_ip_address: "NonEmptyString",
22297
+ # status: "NonEmptyString",
22298
+ # status_message: "NonEmptyString",
22299
+ # },
22300
+ # ],
22301
+ # options: {
22302
+ # static_routes_only: false,
22303
+ # tunnel_options: [
22304
+ # {
22305
+ # dpd_timeout_seconds: 1,
22306
+ # ike_versions: ["NonEmptyString"],
22307
+ # outside_ip_address: "NonEmptyString",
22308
+ # phase_1_dh_group_numbers: [1],
22309
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
22310
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
22311
+ # phase_1_lifetime_seconds: 1,
22312
+ # phase_2_dh_group_numbers: [1],
22313
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
22314
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
22315
+ # phase_2_lifetime_seconds: 1,
22316
+ # pre_shared_key: "NonEmptyString",
22317
+ # rekey_fuzz_percentage: 1,
22318
+ # rekey_margin_time_seconds: 1,
22319
+ # replay_window_size: 1,
22320
+ # tunnel_inside_cidr: "NonEmptyString",
22321
+ # },
22322
+ # ],
22323
+ # },
22324
+ # routes: [
22325
+ # {
22326
+ # destination_cidr_block: "NonEmptyString",
22327
+ # state: "NonEmptyString",
22328
+ # },
22329
+ # ],
22330
+ # transit_gateway_id: "NonEmptyString",
22331
+ # },
22332
+ # aws_ecr_container_image: {
22333
+ # registry_id: "NonEmptyString",
22334
+ # repository_name: "NonEmptyString",
22335
+ # architecture: "NonEmptyString",
22336
+ # image_digest: "NonEmptyString",
22337
+ # image_tags: ["NonEmptyString"],
22338
+ # image_published_at: "NonEmptyString",
22339
+ # },
20805
22340
  # },
20806
22341
  # },
20807
22342
  # ],
@@ -20842,6 +22377,8 @@ module Aws::SecurityHub
20842
22377
  # epoch: "NonEmptyString",
20843
22378
  # release: "NonEmptyString",
20844
22379
  # architecture: "NonEmptyString",
22380
+ # package_manager: "NonEmptyString",
22381
+ # file_path: "NonEmptyString",
20845
22382
  # },
20846
22383
  # ],
20847
22384
  # cvss: [
@@ -20849,6 +22386,13 @@ module Aws::SecurityHub
20849
22386
  # version: "NonEmptyString",
20850
22387
  # base_score: 1.0,
20851
22388
  # base_vector: "NonEmptyString",
22389
+ # source: "NonEmptyString",
22390
+ # adjustments: [
22391
+ # {
22392
+ # metric: "NonEmptyString",
22393
+ # reason: "NonEmptyString",
22394
+ # },
22395
+ # ],
20852
22396
  # },
20853
22397
  # ],
20854
22398
  # related_vulnerabilities: ["NonEmptyString"],
@@ -22579,6 +24123,13 @@ module Aws::SecurityHub
22579
24123
  # version: "NonEmptyString",
22580
24124
  # base_score: 1.0,
22581
24125
  # base_vector: "NonEmptyString",
24126
+ # source: "NonEmptyString",
24127
+ # adjustments: [
24128
+ # {
24129
+ # metric: "NonEmptyString",
24130
+ # reason: "NonEmptyString",
24131
+ # },
24132
+ # ],
22582
24133
  # }
22583
24134
  #
22584
24135
  # @!attribute [rw] version
@@ -22593,12 +24144,22 @@ module Aws::SecurityHub
22593
24144
  # The base scoring vector for the CVSS score.
22594
24145
  # @return [String]
22595
24146
  #
24147
+ # @!attribute [rw] source
24148
+ # The origin of the original CVSS score and vector.
24149
+ # @return [String]
24150
+ #
24151
+ # @!attribute [rw] adjustments
24152
+ # Adjustments to the CVSS metrics.
24153
+ # @return [Array<Types::Adjustment>]
24154
+ #
22596
24155
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Cvss AWS API Documentation
22597
24156
  #
22598
24157
  class Cvss < Struct.new(
22599
24158
  :version,
22600
24159
  :base_score,
22601
- :base_vector)
24160
+ :base_vector,
24161
+ :source,
24162
+ :adjustments)
22602
24163
  SENSITIVE = []
22603
24164
  include Aws::Structure
22604
24165
  end
@@ -26341,8 +27902,8 @@ module Aws::SecurityHub
26341
27902
  # For integrations with Amazon Web Services services, the Amazon Web
26342
27903
  # Services Console URL from which to activate the service.
26343
27904
  #
26344
- # For integrations with third-party products, the Marketplace URL from
26345
- # which to subscribe to or purchase the product.
27905
+ # For integrations with third-party products, the Amazon Web Services
27906
+ # Marketplace URL from which to subscribe to or purchase the product.
26346
27907
  # @return [String]
26347
27908
  #
26348
27909
  # @!attribute [rw] activation_url
@@ -27142,6 +28703,53 @@ module Aws::SecurityHub
27142
28703
  # ignore_public_acls: false,
27143
28704
  # restrict_public_buckets: false,
27144
28705
  # },
28706
+ # access_control_list: "NonEmptyString",
28707
+ # bucket_logging_configuration: {
28708
+ # destination_bucket_name: "NonEmptyString",
28709
+ # log_file_prefix: "NonEmptyString",
28710
+ # },
28711
+ # bucket_website_configuration: {
28712
+ # error_document: "NonEmptyString",
28713
+ # index_document_suffix: "NonEmptyString",
28714
+ # redirect_all_requests_to: {
28715
+ # hostname: "NonEmptyString",
28716
+ # protocol: "NonEmptyString",
28717
+ # },
28718
+ # routing_rules: [
28719
+ # {
28720
+ # condition: {
28721
+ # http_error_code_returned_equals: "NonEmptyString",
28722
+ # key_prefix_equals: "NonEmptyString",
28723
+ # },
28724
+ # redirect: {
28725
+ # hostname: "NonEmptyString",
28726
+ # http_redirect_code: "NonEmptyString",
28727
+ # protocol: "NonEmptyString",
28728
+ # replace_key_prefix_with: "NonEmptyString",
28729
+ # replace_key_with: "NonEmptyString",
28730
+ # },
28731
+ # },
28732
+ # ],
28733
+ # },
28734
+ # bucket_notification_configuration: {
28735
+ # configurations: [
28736
+ # {
28737
+ # events: ["NonEmptyString"],
28738
+ # filter: {
28739
+ # s3_key_filter: {
28740
+ # filter_rules: [
28741
+ # {
28742
+ # name: "Prefix", # accepts Prefix, Suffix
28743
+ # value: "NonEmptyString",
28744
+ # },
28745
+ # ],
28746
+ # },
28747
+ # },
28748
+ # destination: "NonEmptyString",
28749
+ # type: "NonEmptyString",
28750
+ # },
28751
+ # ],
28752
+ # },
27145
28753
  # },
27146
28754
  # aws_s3_account_public_access_block: {
27147
28755
  # block_public_acls: false,
@@ -27829,6 +29437,7 @@ module Aws::SecurityHub
27829
29437
  # key_state: "NonEmptyString",
27830
29438
  # origin: "NonEmptyString",
27831
29439
  # description: "NonEmptyString",
29440
+ # key_rotation_status: false,
27832
29441
  # },
27833
29442
  # aws_lambda_function: {
27834
29443
  # code: {
@@ -28520,6 +30129,99 @@ module Aws::SecurityHub
28520
30129
  # ],
28521
30130
  # task_definition: "NonEmptyString",
28522
30131
  # },
30132
+ # aws_auto_scaling_launch_configuration: {
30133
+ # associate_public_ip_address: false,
30134
+ # block_device_mappings: [
30135
+ # {
30136
+ # device_name: "NonEmptyString",
30137
+ # ebs: {
30138
+ # delete_on_termination: false,
30139
+ # encrypted: false,
30140
+ # iops: 1,
30141
+ # snapshot_id: "NonEmptyString",
30142
+ # volume_size: 1,
30143
+ # volume_type: "NonEmptyString",
30144
+ # },
30145
+ # no_device: false,
30146
+ # virtual_name: "NonEmptyString",
30147
+ # },
30148
+ # ],
30149
+ # classic_link_vpc_id: "NonEmptyString",
30150
+ # classic_link_vpc_security_groups: ["NonEmptyString"],
30151
+ # created_time: "NonEmptyString",
30152
+ # ebs_optimized: false,
30153
+ # iam_instance_profile: "NonEmptyString",
30154
+ # image_id: "NonEmptyString",
30155
+ # instance_monitoring: {
30156
+ # enabled: false,
30157
+ # },
30158
+ # instance_type: "NonEmptyString",
30159
+ # kernel_id: "NonEmptyString",
30160
+ # key_name: "NonEmptyString",
30161
+ # launch_configuration_name: "NonEmptyString",
30162
+ # placement_tenancy: "NonEmptyString",
30163
+ # ramdisk_id: "NonEmptyString",
30164
+ # security_groups: ["NonEmptyString"],
30165
+ # spot_price: "NonEmptyString",
30166
+ # user_data: "NonEmptyString",
30167
+ # },
30168
+ # aws_ec2_vpn_connection: {
30169
+ # vpn_connection_id: "NonEmptyString",
30170
+ # state: "NonEmptyString",
30171
+ # customer_gateway_id: "NonEmptyString",
30172
+ # customer_gateway_configuration: "NonEmptyString",
30173
+ # type: "NonEmptyString",
30174
+ # vpn_gateway_id: "NonEmptyString",
30175
+ # category: "NonEmptyString",
30176
+ # vgw_telemetry: [
30177
+ # {
30178
+ # accepted_route_count: 1,
30179
+ # certificate_arn: "NonEmptyString",
30180
+ # last_status_change: "NonEmptyString",
30181
+ # outside_ip_address: "NonEmptyString",
30182
+ # status: "NonEmptyString",
30183
+ # status_message: "NonEmptyString",
30184
+ # },
30185
+ # ],
30186
+ # options: {
30187
+ # static_routes_only: false,
30188
+ # tunnel_options: [
30189
+ # {
30190
+ # dpd_timeout_seconds: 1,
30191
+ # ike_versions: ["NonEmptyString"],
30192
+ # outside_ip_address: "NonEmptyString",
30193
+ # phase_1_dh_group_numbers: [1],
30194
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
30195
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
30196
+ # phase_1_lifetime_seconds: 1,
30197
+ # phase_2_dh_group_numbers: [1],
30198
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
30199
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
30200
+ # phase_2_lifetime_seconds: 1,
30201
+ # pre_shared_key: "NonEmptyString",
30202
+ # rekey_fuzz_percentage: 1,
30203
+ # rekey_margin_time_seconds: 1,
30204
+ # replay_window_size: 1,
30205
+ # tunnel_inside_cidr: "NonEmptyString",
30206
+ # },
30207
+ # ],
30208
+ # },
30209
+ # routes: [
30210
+ # {
30211
+ # destination_cidr_block: "NonEmptyString",
30212
+ # state: "NonEmptyString",
30213
+ # },
30214
+ # ],
30215
+ # transit_gateway_id: "NonEmptyString",
30216
+ # },
30217
+ # aws_ecr_container_image: {
30218
+ # registry_id: "NonEmptyString",
30219
+ # repository_name: "NonEmptyString",
30220
+ # architecture: "NonEmptyString",
30221
+ # image_digest: "NonEmptyString",
30222
+ # image_tags: ["NonEmptyString"],
30223
+ # image_published_at: "NonEmptyString",
30224
+ # },
28523
30225
  # },
28524
30226
  # }
28525
30227
  #
@@ -29096,6 +30798,53 @@ module Aws::SecurityHub
29096
30798
  # ignore_public_acls: false,
29097
30799
  # restrict_public_buckets: false,
29098
30800
  # },
30801
+ # access_control_list: "NonEmptyString",
30802
+ # bucket_logging_configuration: {
30803
+ # destination_bucket_name: "NonEmptyString",
30804
+ # log_file_prefix: "NonEmptyString",
30805
+ # },
30806
+ # bucket_website_configuration: {
30807
+ # error_document: "NonEmptyString",
30808
+ # index_document_suffix: "NonEmptyString",
30809
+ # redirect_all_requests_to: {
30810
+ # hostname: "NonEmptyString",
30811
+ # protocol: "NonEmptyString",
30812
+ # },
30813
+ # routing_rules: [
30814
+ # {
30815
+ # condition: {
30816
+ # http_error_code_returned_equals: "NonEmptyString",
30817
+ # key_prefix_equals: "NonEmptyString",
30818
+ # },
30819
+ # redirect: {
30820
+ # hostname: "NonEmptyString",
30821
+ # http_redirect_code: "NonEmptyString",
30822
+ # protocol: "NonEmptyString",
30823
+ # replace_key_prefix_with: "NonEmptyString",
30824
+ # replace_key_with: "NonEmptyString",
30825
+ # },
30826
+ # },
30827
+ # ],
30828
+ # },
30829
+ # bucket_notification_configuration: {
30830
+ # configurations: [
30831
+ # {
30832
+ # events: ["NonEmptyString"],
30833
+ # filter: {
30834
+ # s3_key_filter: {
30835
+ # filter_rules: [
30836
+ # {
30837
+ # name: "Prefix", # accepts Prefix, Suffix
30838
+ # value: "NonEmptyString",
30839
+ # },
30840
+ # ],
30841
+ # },
30842
+ # },
30843
+ # destination: "NonEmptyString",
30844
+ # type: "NonEmptyString",
30845
+ # },
30846
+ # ],
30847
+ # },
29099
30848
  # },
29100
30849
  # aws_s3_account_public_access_block: {
29101
30850
  # block_public_acls: false,
@@ -29783,6 +31532,7 @@ module Aws::SecurityHub
29783
31532
  # key_state: "NonEmptyString",
29784
31533
  # origin: "NonEmptyString",
29785
31534
  # description: "NonEmptyString",
31535
+ # key_rotation_status: false,
29786
31536
  # },
29787
31537
  # aws_lambda_function: {
29788
31538
  # code: {
@@ -30474,6 +32224,99 @@ module Aws::SecurityHub
30474
32224
  # ],
30475
32225
  # task_definition: "NonEmptyString",
30476
32226
  # },
32227
+ # aws_auto_scaling_launch_configuration: {
32228
+ # associate_public_ip_address: false,
32229
+ # block_device_mappings: [
32230
+ # {
32231
+ # device_name: "NonEmptyString",
32232
+ # ebs: {
32233
+ # delete_on_termination: false,
32234
+ # encrypted: false,
32235
+ # iops: 1,
32236
+ # snapshot_id: "NonEmptyString",
32237
+ # volume_size: 1,
32238
+ # volume_type: "NonEmptyString",
32239
+ # },
32240
+ # no_device: false,
32241
+ # virtual_name: "NonEmptyString",
32242
+ # },
32243
+ # ],
32244
+ # classic_link_vpc_id: "NonEmptyString",
32245
+ # classic_link_vpc_security_groups: ["NonEmptyString"],
32246
+ # created_time: "NonEmptyString",
32247
+ # ebs_optimized: false,
32248
+ # iam_instance_profile: "NonEmptyString",
32249
+ # image_id: "NonEmptyString",
32250
+ # instance_monitoring: {
32251
+ # enabled: false,
32252
+ # },
32253
+ # instance_type: "NonEmptyString",
32254
+ # kernel_id: "NonEmptyString",
32255
+ # key_name: "NonEmptyString",
32256
+ # launch_configuration_name: "NonEmptyString",
32257
+ # placement_tenancy: "NonEmptyString",
32258
+ # ramdisk_id: "NonEmptyString",
32259
+ # security_groups: ["NonEmptyString"],
32260
+ # spot_price: "NonEmptyString",
32261
+ # user_data: "NonEmptyString",
32262
+ # },
32263
+ # aws_ec2_vpn_connection: {
32264
+ # vpn_connection_id: "NonEmptyString",
32265
+ # state: "NonEmptyString",
32266
+ # customer_gateway_id: "NonEmptyString",
32267
+ # customer_gateway_configuration: "NonEmptyString",
32268
+ # type: "NonEmptyString",
32269
+ # vpn_gateway_id: "NonEmptyString",
32270
+ # category: "NonEmptyString",
32271
+ # vgw_telemetry: [
32272
+ # {
32273
+ # accepted_route_count: 1,
32274
+ # certificate_arn: "NonEmptyString",
32275
+ # last_status_change: "NonEmptyString",
32276
+ # outside_ip_address: "NonEmptyString",
32277
+ # status: "NonEmptyString",
32278
+ # status_message: "NonEmptyString",
32279
+ # },
32280
+ # ],
32281
+ # options: {
32282
+ # static_routes_only: false,
32283
+ # tunnel_options: [
32284
+ # {
32285
+ # dpd_timeout_seconds: 1,
32286
+ # ike_versions: ["NonEmptyString"],
32287
+ # outside_ip_address: "NonEmptyString",
32288
+ # phase_1_dh_group_numbers: [1],
32289
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
32290
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
32291
+ # phase_1_lifetime_seconds: 1,
32292
+ # phase_2_dh_group_numbers: [1],
32293
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
32294
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
32295
+ # phase_2_lifetime_seconds: 1,
32296
+ # pre_shared_key: "NonEmptyString",
32297
+ # rekey_fuzz_percentage: 1,
32298
+ # rekey_margin_time_seconds: 1,
32299
+ # replay_window_size: 1,
32300
+ # tunnel_inside_cidr: "NonEmptyString",
32301
+ # },
32302
+ # ],
32303
+ # },
32304
+ # routes: [
32305
+ # {
32306
+ # destination_cidr_block: "NonEmptyString",
32307
+ # state: "NonEmptyString",
32308
+ # },
32309
+ # ],
32310
+ # transit_gateway_id: "NonEmptyString",
32311
+ # },
32312
+ # aws_ecr_container_image: {
32313
+ # registry_id: "NonEmptyString",
32314
+ # repository_name: "NonEmptyString",
32315
+ # architecture: "NonEmptyString",
32316
+ # image_digest: "NonEmptyString",
32317
+ # image_tags: ["NonEmptyString"],
32318
+ # image_published_at: "NonEmptyString",
32319
+ # },
30477
32320
  # }
30478
32321
  #
30479
32322
  # @!attribute [rw] aws_auto_scaling_auto_scaling_group
@@ -30600,7 +32443,7 @@ module Aws::SecurityHub
30600
32443
  # @return [Types::AwsRedshiftClusterDetails]
30601
32444
  #
30602
32445
  # @!attribute [rw] aws_elb_load_balancer
30603
- # contains details about a Classic Load Balancer.
32446
+ # Contains details about a Classic Load Balancer.
30604
32447
  # @return [Types::AwsElbLoadBalancerDetails]
30605
32448
  #
30606
32449
  # @!attribute [rw] aws_iam_group
@@ -30687,6 +32530,18 @@ module Aws::SecurityHub
30687
32530
  # Details about a service within an ECS cluster.
30688
32531
  # @return [Types::AwsEcsServiceDetails]
30689
32532
  #
32533
+ # @!attribute [rw] aws_auto_scaling_launch_configuration
32534
+ # Provides details about a launch configuration.
32535
+ # @return [Types::AwsAutoScalingLaunchConfigurationDetails]
32536
+ #
32537
+ # @!attribute [rw] aws_ec2_vpn_connection
32538
+ # Details about an EC2 VPN connection.
32539
+ # @return [Types::AwsEc2VpnConnectionDetails]
32540
+ #
32541
+ # @!attribute [rw] aws_ecr_container_image
32542
+ # information about an Amazon ECR image.
32543
+ # @return [Types::AwsEcrContainerImageDetails]
32544
+ #
30690
32545
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
30691
32546
  #
30692
32547
  class ResourceDetails < Struct.new(
@@ -30738,7 +32593,10 @@ module Aws::SecurityHub
30738
32593
  :container,
30739
32594
  :other,
30740
32595
  :aws_rds_event_subscription,
30741
- :aws_ecs_service)
32596
+ :aws_ecs_service,
32597
+ :aws_auto_scaling_launch_configuration,
32598
+ :aws_ec2_vpn_connection,
32599
+ :aws_ecr_container_image)
30742
32600
  SENSITIVE = []
30743
32601
  include Aws::Structure
30744
32602
  end
@@ -31111,6 +32969,8 @@ module Aws::SecurityHub
31111
32969
  # epoch: "NonEmptyString",
31112
32970
  # release: "NonEmptyString",
31113
32971
  # architecture: "NonEmptyString",
32972
+ # package_manager: "NonEmptyString",
32973
+ # file_path: "NonEmptyString",
31114
32974
  # }
31115
32975
  #
31116
32976
  # @!attribute [rw] name
@@ -31133,6 +32993,14 @@ module Aws::SecurityHub
31133
32993
  # The architecture used for the software package.
31134
32994
  # @return [String]
31135
32995
  #
32996
+ # @!attribute [rw] package_manager
32997
+ # The source of the package.
32998
+ # @return [String]
32999
+ #
33000
+ # @!attribute [rw] file_path
33001
+ # The file system path to the package manager inventory file.
33002
+ # @return [String]
33003
+ #
31136
33004
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SoftwarePackage AWS API Documentation
31137
33005
  #
31138
33006
  class SoftwarePackage < Struct.new(
@@ -31140,7 +33008,9 @@ module Aws::SecurityHub
31140
33008
  :version,
31141
33009
  :epoch,
31142
33010
  :release,
31143
- :architecture)
33011
+ :architecture,
33012
+ :package_manager,
33013
+ :file_path)
31144
33014
  SENSITIVE = []
31145
33015
  include Aws::Structure
31146
33016
  end
@@ -33061,6 +34931,8 @@ module Aws::SecurityHub
33061
34931
  # epoch: "NonEmptyString",
33062
34932
  # release: "NonEmptyString",
33063
34933
  # architecture: "NonEmptyString",
34934
+ # package_manager: "NonEmptyString",
34935
+ # file_path: "NonEmptyString",
33064
34936
  # },
33065
34937
  # ],
33066
34938
  # cvss: [
@@ -33068,6 +34940,13 @@ module Aws::SecurityHub
33068
34940
  # version: "NonEmptyString",
33069
34941
  # base_score: 1.0,
33070
34942
  # base_vector: "NonEmptyString",
34943
+ # source: "NonEmptyString",
34944
+ # adjustments: [
34945
+ # {
34946
+ # metric: "NonEmptyString",
34947
+ # reason: "NonEmptyString",
34948
+ # },
34949
+ # ],
33071
34950
  # },
33072
34951
  # ],
33073
34952
  # related_vulnerabilities: ["NonEmptyString"],
@@ -33271,8 +35150,13 @@ module Aws::SecurityHub
33271
35150
  # }
33272
35151
  #
33273
35152
  # @!attribute [rw] status
33274
- # The status of the investigation into the finding. The allowed values
33275
- # are the following.
35153
+ # The status of the investigation into the finding. The workflow
35154
+ # status is specific to an individual finding. It does not affect the
35155
+ # generation of new findings. For example, setting the workflow status
35156
+ # to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the
35157
+ # same issue.
35158
+ #
35159
+ # The allowed values are the following.
33276
35160
  #
33277
35161
  # * `NEW` - The initial state of a finding, before it is reviewed.
33278
35162
  #
@@ -33288,8 +35172,9 @@ module Aws::SecurityHub
33288
35172
  # the security issue. Used when the initial reviewer is not the
33289
35173
  # resource owner, and needs intervention from the resource owner.
33290
35174
  #
33291
- # * `SUPPRESSED` - The finding will not be reviewed again and will not
33292
- # be acted upon.
35175
+ # * `SUPPRESSED` - Indicates that you reviewed the finding and do not
35176
+ # believe that any action is needed. The finding is no longer
35177
+ # updated.
33293
35178
  #
33294
35179
  # * `RESOLVED` - The finding was reviewed and remediated and is now
33295
35180
  # considered resolved.
@@ -33313,8 +35198,13 @@ module Aws::SecurityHub
33313
35198
  # }
33314
35199
  #
33315
35200
  # @!attribute [rw] status
33316
- # The status of the investigation into the finding. The allowed values
33317
- # are the following.
35201
+ # The status of the investigation into the finding. The workflow
35202
+ # status is specific to an individual finding. It does not affect the
35203
+ # generation of new findings. For example, setting the workflow status
35204
+ # to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the
35205
+ # same issue.
35206
+ #
35207
+ # The allowed values are the following.
33318
35208
  #
33319
35209
  # * `NEW` - The initial state of a finding, before it is reviewed.
33320
35210
  #
@@ -33333,8 +35223,9 @@ module Aws::SecurityHub
33333
35223
  # * `RESOLVED` - The finding was reviewed and remediated and is now
33334
35224
  # considered resolved.
33335
35225
  #
33336
- # * `SUPPRESSED` - The finding will not be reviewed again and will not
33337
- # be acted upon.
35226
+ # * `SUPPRESSED` - Indicates that you reviewed the finding and do not
35227
+ # believe that any action is needed. The finding is no longer
35228
+ # updated.
33338
35229
  # @return [String]
33339
35230
  #
33340
35231
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WorkflowUpdate AWS API Documentation