aws-sdk-securityhub 1.51.0 → 1.55.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-securityhub/client.rb +870 -9
  5. data/lib/aws-sdk-securityhub/client_api.rb +604 -0
  6. data/lib/aws-sdk-securityhub/types.rb +4655 -60
  7. data/lib/aws-sdk-securityhub.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-securityhub/client.rb CHANGED
@@ -825,8 +825,29 @@ module Aws::SecurityHub
825
825
  # },
826
826
  # aws_code_build_project: {
827
827
  # encryption_key: "NonEmptyString",
828
+ # artifacts: [
829
+ # {
830
+ # artifact_identifier: "NonEmptyString",
831
+ # encryption_disabled: false,
832
+ # location: "NonEmptyString",
833
+ # name: "NonEmptyString",
834
+ # namespace_type: "NonEmptyString",
835
+ # override_artifact_name: false,
836
+ # packaging: "NonEmptyString",
837
+ # path: "NonEmptyString",
838
+ # type: "NonEmptyString",
839
+ # },
840
+ # ],
828
841
  # environment: {
829
842
  # certificate: "NonEmptyString",
843
+ # environment_variables: [
844
+ # {
845
+ # name: "NonEmptyString",
846
+ # type: "NonEmptyString",
847
+ # value: "NonEmptyString",
848
+ # },
849
+ # ],
850
+ # privileged_mode: false,
830
851
  # image_pull_credentials_type: "NonEmptyString",
831
852
  # registry_credential: {
832
853
  # credential: "NonEmptyString",
@@ -842,6 +863,18 @@ module Aws::SecurityHub
842
863
  # insecure_ssl: false,
843
864
  # },
844
865
  # service_role: "NonEmptyString",
866
+ # logs_config: {
867
+ # cloud_watch_logs: {
868
+ # group_name: "NonEmptyString",
869
+ # status: "NonEmptyString",
870
+ # stream_name: "NonEmptyString",
871
+ # },
872
+ # s3_logs: {
873
+ # encryption_disabled: false,
874
+ # location: "NonEmptyString",
875
+ # status: "NonEmptyString",
876
+ # },
877
+ # },
845
878
  # vpc_config: {
846
879
  # vpc_id: "NonEmptyString",
847
880
  # subnets: ["NonEmptyString"],
@@ -893,6 +926,15 @@ module Aws::SecurityHub
893
926
  # },
894
927
  # ],
895
928
  # },
929
+ # viewer_certificate: {
930
+ # acm_certificate_arn: "NonEmptyString",
931
+ # certificate: "NonEmptyString",
932
+ # certificate_source: "NonEmptyString",
933
+ # cloud_front_default_certificate: false,
934
+ # iam_certificate_id: "NonEmptyString",
935
+ # minimum_protocol_version: "NonEmptyString",
936
+ # ssl_support_method: "NonEmptyString",
937
+ # },
896
938
  # status: "NonEmptyString",
897
939
  # web_acl_id: "NonEmptyString",
898
940
  # },
@@ -1131,6 +1173,12 @@ module Aws::SecurityHub
1131
1173
  # },
1132
1174
  # type: "NonEmptyString",
1133
1175
  # vpc_id: "NonEmptyString",
1176
+ # load_balancer_attributes: [
1177
+ # {
1178
+ # key: "NonEmptyString",
1179
+ # value: "NonEmptyString",
1180
+ # },
1181
+ # ],
1134
1182
  # },
1135
1183
  # aws_elastic_beanstalk_environment: {
1136
1184
  # application_name: "NonEmptyString",
@@ -1230,6 +1278,7 @@ module Aws::SecurityHub
1230
1278
  # aws_s3_bucket: {
1231
1279
  # owner_id: "NonEmptyString",
1232
1280
  # owner_name: "NonEmptyString",
1281
+ # owner_account_id: "NonEmptyString",
1233
1282
  # created_at: "NonEmptyString",
1234
1283
  # server_side_encryption_configuration: {
1235
1284
  # rules: [
@@ -1296,6 +1345,53 @@ module Aws::SecurityHub
1296
1345
  # ignore_public_acls: false,
1297
1346
  # restrict_public_buckets: false,
1298
1347
  # },
1348
+ # access_control_list: "NonEmptyString",
1349
+ # bucket_logging_configuration: {
1350
+ # destination_bucket_name: "NonEmptyString",
1351
+ # log_file_prefix: "NonEmptyString",
1352
+ # },
1353
+ # bucket_website_configuration: {
1354
+ # error_document: "NonEmptyString",
1355
+ # index_document_suffix: "NonEmptyString",
1356
+ # redirect_all_requests_to: {
1357
+ # hostname: "NonEmptyString",
1358
+ # protocol: "NonEmptyString",
1359
+ # },
1360
+ # routing_rules: [
1361
+ # {
1362
+ # condition: {
1363
+ # http_error_code_returned_equals: "NonEmptyString",
1364
+ # key_prefix_equals: "NonEmptyString",
1365
+ # },
1366
+ # redirect: {
1367
+ # hostname: "NonEmptyString",
1368
+ # http_redirect_code: "NonEmptyString",
1369
+ # protocol: "NonEmptyString",
1370
+ # replace_key_prefix_with: "NonEmptyString",
1371
+ # replace_key_with: "NonEmptyString",
1372
+ # },
1373
+ # },
1374
+ # ],
1375
+ # },
1376
+ # bucket_notification_configuration: {
1377
+ # configurations: [
1378
+ # {
1379
+ # events: ["NonEmptyString"],
1380
+ # filter: {
1381
+ # s3_key_filter: {
1382
+ # filter_rules: [
1383
+ # {
1384
+ # name: "Prefix", # accepts Prefix, Suffix
1385
+ # value: "NonEmptyString",
1386
+ # },
1387
+ # ],
1388
+ # },
1389
+ # },
1390
+ # destination: "NonEmptyString",
1391
+ # type: "NonEmptyString",
1392
+ # },
1393
+ # ],
1394
+ # },
1299
1395
  # },
1300
1396
  # aws_s3_account_public_access_block: {
1301
1397
  # block_public_acls: false,
@@ -1983,6 +2079,7 @@ module Aws::SecurityHub
1983
2079
  # key_state: "NonEmptyString",
1984
2080
  # origin: "NonEmptyString",
1985
2081
  # description: "NonEmptyString",
2082
+ # key_rotation_status: false,
1986
2083
  # },
1987
2084
  # aws_lambda_function: {
1988
2085
  # code: {
@@ -2674,6 +2771,250 @@ module Aws::SecurityHub
2674
2771
  # ],
2675
2772
  # task_definition: "NonEmptyString",
2676
2773
  # },
2774
+ # aws_auto_scaling_launch_configuration: {
2775
+ # associate_public_ip_address: false,
2776
+ # block_device_mappings: [
2777
+ # {
2778
+ # device_name: "NonEmptyString",
2779
+ # ebs: {
2780
+ # delete_on_termination: false,
2781
+ # encrypted: false,
2782
+ # iops: 1,
2783
+ # snapshot_id: "NonEmptyString",
2784
+ # volume_size: 1,
2785
+ # volume_type: "NonEmptyString",
2786
+ # },
2787
+ # no_device: false,
2788
+ # virtual_name: "NonEmptyString",
2789
+ # },
2790
+ # ],
2791
+ # classic_link_vpc_id: "NonEmptyString",
2792
+ # classic_link_vpc_security_groups: ["NonEmptyString"],
2793
+ # created_time: "NonEmptyString",
2794
+ # ebs_optimized: false,
2795
+ # iam_instance_profile: "NonEmptyString",
2796
+ # image_id: "NonEmptyString",
2797
+ # instance_monitoring: {
2798
+ # enabled: false,
2799
+ # },
2800
+ # instance_type: "NonEmptyString",
2801
+ # kernel_id: "NonEmptyString",
2802
+ # key_name: "NonEmptyString",
2803
+ # launch_configuration_name: "NonEmptyString",
2804
+ # placement_tenancy: "NonEmptyString",
2805
+ # ramdisk_id: "NonEmptyString",
2806
+ # security_groups: ["NonEmptyString"],
2807
+ # spot_price: "NonEmptyString",
2808
+ # user_data: "NonEmptyString",
2809
+ # },
2810
+ # aws_ec2_vpn_connection: {
2811
+ # vpn_connection_id: "NonEmptyString",
2812
+ # state: "NonEmptyString",
2813
+ # customer_gateway_id: "NonEmptyString",
2814
+ # customer_gateway_configuration: "NonEmptyString",
2815
+ # type: "NonEmptyString",
2816
+ # vpn_gateway_id: "NonEmptyString",
2817
+ # category: "NonEmptyString",
2818
+ # vgw_telemetry: [
2819
+ # {
2820
+ # accepted_route_count: 1,
2821
+ # certificate_arn: "NonEmptyString",
2822
+ # last_status_change: "NonEmptyString",
2823
+ # outside_ip_address: "NonEmptyString",
2824
+ # status: "NonEmptyString",
2825
+ # status_message: "NonEmptyString",
2826
+ # },
2827
+ # ],
2828
+ # options: {
2829
+ # static_routes_only: false,
2830
+ # tunnel_options: [
2831
+ # {
2832
+ # dpd_timeout_seconds: 1,
2833
+ # ike_versions: ["NonEmptyString"],
2834
+ # outside_ip_address: "NonEmptyString",
2835
+ # phase_1_dh_group_numbers: [1],
2836
+ # phase_1_encryption_algorithms: ["NonEmptyString"],
2837
+ # phase_1_integrity_algorithms: ["NonEmptyString"],
2838
+ # phase_1_lifetime_seconds: 1,
2839
+ # phase_2_dh_group_numbers: [1],
2840
+ # phase_2_encryption_algorithms: ["NonEmptyString"],
2841
+ # phase_2_integrity_algorithms: ["NonEmptyString"],
2842
+ # phase_2_lifetime_seconds: 1,
2843
+ # pre_shared_key: "NonEmptyString",
2844
+ # rekey_fuzz_percentage: 1,
2845
+ # rekey_margin_time_seconds: 1,
2846
+ # replay_window_size: 1,
2847
+ # tunnel_inside_cidr: "NonEmptyString",
2848
+ # },
2849
+ # ],
2850
+ # },
2851
+ # routes: [
2852
+ # {
2853
+ # destination_cidr_block: "NonEmptyString",
2854
+ # state: "NonEmptyString",
2855
+ # },
2856
+ # ],
2857
+ # transit_gateway_id: "NonEmptyString",
2858
+ # },
2859
+ # aws_ecr_container_image: {
2860
+ # registry_id: "NonEmptyString",
2861
+ # repository_name: "NonEmptyString",
2862
+ # architecture: "NonEmptyString",
2863
+ # image_digest: "NonEmptyString",
2864
+ # image_tags: ["NonEmptyString"],
2865
+ # image_published_at: "NonEmptyString",
2866
+ # },
2867
+ # aws_open_search_service_domain: {
2868
+ # arn: "NonEmptyString",
2869
+ # access_policies: "NonEmptyString",
2870
+ # domain_name: "NonEmptyString",
2871
+ # id: "NonEmptyString",
2872
+ # domain_endpoint: "NonEmptyString",
2873
+ # engine_version: "NonEmptyString",
2874
+ # encryption_at_rest_options: {
2875
+ # enabled: false,
2876
+ # kms_key_id: "NonEmptyString",
2877
+ # },
2878
+ # node_to_node_encryption_options: {
2879
+ # enabled: false,
2880
+ # },
2881
+ # service_software_options: {
2882
+ # automated_update_date: "NonEmptyString",
2883
+ # cancellable: false,
2884
+ # current_version: "NonEmptyString",
2885
+ # description: "NonEmptyString",
2886
+ # new_version: "NonEmptyString",
2887
+ # update_available: false,
2888
+ # update_status: "NonEmptyString",
2889
+ # optional_deployment: false,
2890
+ # },
2891
+ # cluster_config: {
2892
+ # instance_count: 1,
2893
+ # warm_enabled: false,
2894
+ # warm_count: 1,
2895
+ # dedicated_master_enabled: false,
2896
+ # zone_awareness_config: {
2897
+ # availability_zone_count: 1,
2898
+ # },
2899
+ # dedicated_master_count: 1,
2900
+ # instance_type: "NonEmptyString",
2901
+ # warm_type: "NonEmptyString",
2902
+ # zone_awareness_enabled: false,
2903
+ # dedicated_master_type: "NonEmptyString",
2904
+ # },
2905
+ # domain_endpoint_options: {
2906
+ # custom_endpoint_certificate_arn: "NonEmptyString",
2907
+ # custom_endpoint_enabled: false,
2908
+ # enforce_https: false,
2909
+ # custom_endpoint: "NonEmptyString",
2910
+ # tls_security_policy: "NonEmptyString",
2911
+ # },
2912
+ # vpc_options: {
2913
+ # security_group_ids: ["NonEmptyString"],
2914
+ # subnet_ids: ["NonEmptyString"],
2915
+ # },
2916
+ # log_publishing_options: {
2917
+ # index_slow_logs: {
2918
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
2919
+ # enabled: false,
2920
+ # },
2921
+ # search_slow_logs: {
2922
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
2923
+ # enabled: false,
2924
+ # },
2925
+ # audit_logs: {
2926
+ # cloud_watch_logs_log_group_arn: "NonEmptyString",
2927
+ # enabled: false,
2928
+ # },
2929
+ # },
2930
+ # domain_endpoints: {
2931
+ # "NonEmptyString" => "NonEmptyString",
2932
+ # },
2933
+ # },
2934
+ # aws_ec2_vpc_endpoint_service: {
2935
+ # acceptance_required: false,
2936
+ # availability_zones: ["NonEmptyString"],
2937
+ # base_endpoint_dns_names: ["NonEmptyString"],
2938
+ # manages_vpc_endpoints: false,
2939
+ # gateway_load_balancer_arns: ["NonEmptyString"],
2940
+ # network_load_balancer_arns: ["NonEmptyString"],
2941
+ # private_dns_name: "NonEmptyString",
2942
+ # service_id: "NonEmptyString",
2943
+ # service_name: "NonEmptyString",
2944
+ # service_state: "NonEmptyString",
2945
+ # service_type: [
2946
+ # {
2947
+ # service_type: "NonEmptyString",
2948
+ # },
2949
+ # ],
2950
+ # },
2951
+ # aws_xray_encryption_config: {
2952
+ # key_id: "NonEmptyString",
2953
+ # status: "NonEmptyString",
2954
+ # type: "NonEmptyString",
2955
+ # },
2956
+ # aws_waf_rate_based_rule: {
2957
+ # metric_name: "NonEmptyString",
2958
+ # name: "NonEmptyString",
2959
+ # rate_key: "NonEmptyString",
2960
+ # rate_limit: 1,
2961
+ # rule_id: "NonEmptyString",
2962
+ # match_predicates: [
2963
+ # {
2964
+ # data_id: "NonEmptyString",
2965
+ # negated: false,
2966
+ # type: "NonEmptyString",
2967
+ # },
2968
+ # ],
2969
+ # },
2970
+ # aws_waf_regional_rate_based_rule: {
2971
+ # metric_name: "NonEmptyString",
2972
+ # name: "NonEmptyString",
2973
+ # rate_key: "NonEmptyString",
2974
+ # rate_limit: 1,
2975
+ # rule_id: "NonEmptyString",
2976
+ # match_predicates: [
2977
+ # {
2978
+ # data_id: "NonEmptyString",
2979
+ # negated: false,
2980
+ # type: "NonEmptyString",
2981
+ # },
2982
+ # ],
2983
+ # },
2984
+ # aws_ecr_repository: {
2985
+ # arn: "NonEmptyString",
2986
+ # image_scanning_configuration: {
2987
+ # scan_on_push: false,
2988
+ # },
2989
+ # image_tag_mutability: "NonEmptyString",
2990
+ # lifecycle_policy: {
2991
+ # lifecycle_policy_text: "NonEmptyString",
2992
+ # registry_id: "NonEmptyString",
2993
+ # },
2994
+ # repository_name: "NonEmptyString",
2995
+ # repository_policy_text: "NonEmptyString",
2996
+ # },
2997
+ # aws_eks_cluster: {
2998
+ # arn: "NonEmptyString",
2999
+ # certificate_authority_data: "NonEmptyString",
3000
+ # cluster_status: "NonEmptyString",
3001
+ # endpoint: "NonEmptyString",
3002
+ # name: "NonEmptyString",
3003
+ # resources_vpc_config: {
3004
+ # security_group_ids: ["NonEmptyString"],
3005
+ # subnet_ids: ["NonEmptyString"],
3006
+ # },
3007
+ # role_arn: "NonEmptyString",
3008
+ # version: "NonEmptyString",
3009
+ # logging: {
3010
+ # cluster_logging: [
3011
+ # {
3012
+ # enabled: false,
3013
+ # types: ["NonEmptyString"],
3014
+ # },
3015
+ # ],
3016
+ # },
3017
+ # },
2677
3018
  # },
2678
3019
  # },
2679
3020
  # ],
@@ -2714,6 +3055,8 @@ module Aws::SecurityHub
2714
3055
  # epoch: "NonEmptyString",
2715
3056
  # release: "NonEmptyString",
2716
3057
  # architecture: "NonEmptyString",
3058
+ # package_manager: "NonEmptyString",
3059
+ # file_path: "NonEmptyString",
2717
3060
  # },
2718
3061
  # ],
2719
3062
  # cvss: [
@@ -2721,6 +3064,13 @@ module Aws::SecurityHub
2721
3064
  # version: "NonEmptyString",
2722
3065
  # base_score: 1.0,
2723
3066
  # base_vector: "NonEmptyString",
3067
+ # source: "NonEmptyString",
3068
+ # adjustments: [
3069
+ # {
3070
+ # metric: "NonEmptyString",
3071
+ # reason: "NonEmptyString",
3072
+ # },
3073
+ # ],
2724
3074
  # },
2725
3075
  # ],
2726
3076
  # related_vulnerabilities: ["NonEmptyString"],
@@ -3104,6 +3454,80 @@ module Aws::SecurityHub
3104
3454
  req.send_request(options)
3105
3455
  end
3106
3456
 
3457
+ # Used to enable finding aggregation. Must be called from the
3458
+ # aggregation Region.
3459
+ #
3460
+ # For more details about cross-Region replication, see [Configuring
3461
+ # finding
3462
+ # aggregation](securityhub/latest/userguide/finding-aggregation.html) in
3463
+ # the *Security Hub User Guide*.
3464
+ #
3465
+ # @option params [required, String] :region_linking_mode
3466
+ # Indicates whether to aggregate findings from all of the available
3467
+ # Regions in the current partition. Also determines whether to
3468
+ # automatically aggregate findings from new Regions as Security Hub
3469
+ # supports them and you opt into them.
3470
+ #
3471
+ # The selected option also determines how to use the Regions provided in
3472
+ # the Regions list.
3473
+ #
3474
+ # The options are as follows:
3475
+ #
3476
+ # * `ALL_REGIONS` - Indicates to aggregate findings from all of the
3477
+ # Regions where Security Hub is enabled. When you choose this option,
3478
+ # Security Hub also automatically aggregates findings from new Regions
3479
+ # as Security Hub supports them and you opt into them.
3480
+ #
3481
+ # * `ALL_REGIONS_EXCEPT_SPECIFIED` - Indicates to aggregate findings
3482
+ # from all of the Regions where Security Hub is enabled, except for
3483
+ # the Regions listed in the `Regions` parameter. When you choose this
3484
+ # option, Security Hub also automatically aggregates findings from new
3485
+ # Regions as Security Hub supports them and you opt into them.
3486
+ #
3487
+ # * `SPECIFIED_REGIONS` - Indicates to aggregate findings only from the
3488
+ # Regions listed in the `Regions` parameter. Security Hub does not
3489
+ # automatically aggregate findings from new Regions.
3490
+ #
3491
+ # @option params [Array<String>] :regions
3492
+ # If `RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this is
3493
+ # a comma-separated list of Regions that do not aggregate findings to
3494
+ # the aggregation Region.
3495
+ #
3496
+ # If `RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a
3497
+ # comma-separated list of Regions that do aggregate findings to the
3498
+ # aggregation Region.
3499
+ #
3500
+ # @return [Types::CreateFindingAggregatorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3501
+ #
3502
+ # * {Types::CreateFindingAggregatorResponse#finding_aggregator_arn #finding_aggregator_arn} => String
3503
+ # * {Types::CreateFindingAggregatorResponse#finding_aggregation_region #finding_aggregation_region} => String
3504
+ # * {Types::CreateFindingAggregatorResponse#region_linking_mode #region_linking_mode} => String
3505
+ # * {Types::CreateFindingAggregatorResponse#regions #regions} => Array&lt;String&gt;
3506
+ #
3507
+ # @example Request syntax with placeholder values
3508
+ #
3509
+ # resp = client.create_finding_aggregator({
3510
+ # region_linking_mode: "NonEmptyString", # required
3511
+ # regions: ["NonEmptyString"],
3512
+ # })
3513
+ #
3514
+ # @example Response structure
3515
+ #
3516
+ # resp.finding_aggregator_arn #=> String
3517
+ # resp.finding_aggregation_region #=> String
3518
+ # resp.region_linking_mode #=> String
3519
+ # resp.regions #=> Array
3520
+ # resp.regions[0] #=> String
3521
+ #
3522
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateFindingAggregator AWS API Documentation
3523
+ #
3524
+ # @overload create_finding_aggregator(params = {})
3525
+ # @param [Hash] params ({})
3526
+ def create_finding_aggregator(params = {}, options = {})
3527
+ req = build_request(:create_finding_aggregator, params)
3528
+ req.send_request(options)
3529
+ end
3530
+
3107
3531
  # Creates a custom insight in Security Hub. An insight is a
3108
3532
  # consolidation of findings that relate to a security issue that
3109
3533
  # requires attention or remediation.
@@ -3795,16 +4219,21 @@ module Aws::SecurityHub
3795
4219
  #
3796
4220
  # Accounts that are managed using Organizations do not receive an
3797
4221
  # invitation. They automatically become a member account in Security
3798
- # Hub, and Security Hub is automatically enabled for those accounts.
3799
- # Note that Security Hub cannot be enabled automatically for the
3800
- # organization management account. The organization management account
3801
- # must enable Security Hub before the administrator account enables it
3802
- # as a member account.
4222
+ # Hub.
4223
+ #
4224
+ # * If the organization account does not have Security Hub enabled, then
4225
+ # Security Hub and the default standards are automatically enabled.
4226
+ # Note that Security Hub cannot be enabled automatically for the
4227
+ # organization management account. The organization management account
4228
+ # must enable Security Hub before the administrator account enables it
4229
+ # as a member account.
4230
+ #
4231
+ # * For organization accounts that already have Security Hub enabled,
4232
+ # Security Hub does not make any other changes to those accounts. It
4233
+ # does not change their enabled standards or controls.
3803
4234
  #
3804
4235
  # A permissions policy is added that permits the administrator account
3805
- # to view the findings generated in the member account. When Security
3806
- # Hub is enabled in a member account, the member account findings are
3807
- # also visible to the administrator account.
4236
+ # to view the findings generated in the member account.
3808
4237
  #
3809
4238
  # To remove the association between the administrator and member
3810
4239
  # accounts, use the `DisassociateFromMasterAccount` or
@@ -3911,6 +4340,35 @@ module Aws::SecurityHub
3911
4340
  req.send_request(options)
3912
4341
  end
3913
4342
 
4343
+ # Deletes a finding aggregator. When you delete the finding aggregator,
4344
+ # you stop finding aggregation.
4345
+ #
4346
+ # When you stop finding aggregation, findings that were already
4347
+ # aggregated to the aggregation Region are still visible from the
4348
+ # aggregation Region. New findings and finding updates are not
4349
+ # aggregated.
4350
+ #
4351
+ # @option params [required, String] :finding_aggregator_arn
4352
+ # The ARN of the finding aggregator to delete. To obtain the ARN, use
4353
+ # `ListFindingAggregators`.
4354
+ #
4355
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4356
+ #
4357
+ # @example Request syntax with placeholder values
4358
+ #
4359
+ # resp = client.delete_finding_aggregator({
4360
+ # finding_aggregator_arn: "NonEmptyString", # required
4361
+ # })
4362
+ #
4363
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteFindingAggregator AWS API Documentation
4364
+ #
4365
+ # @overload delete_finding_aggregator(params = {})
4366
+ # @param [Hash] params ({})
4367
+ def delete_finding_aggregator(params = {}, options = {})
4368
+ req = build_request(:delete_finding_aggregator, params)
4369
+ req.send_request(options)
4370
+ end
4371
+
3914
4372
  # Deletes the insight specified by the `InsightArn`.
3915
4373
  #
3916
4374
  # @option params [required, String] :insight_arn
@@ -4632,8 +5090,48 @@ module Aws::SecurityHub
4632
5090
  req.send_request(options)
4633
5091
  end
4634
5092
 
5093
+ # Returns the current finding aggregation configuration.
5094
+ #
5095
+ # @option params [required, String] :finding_aggregator_arn
5096
+ # The ARN of the finding aggregator to return details for. To obtain the
5097
+ # ARN, use `ListFindingAggregators`.
5098
+ #
5099
+ # @return [Types::GetFindingAggregatorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5100
+ #
5101
+ # * {Types::GetFindingAggregatorResponse#finding_aggregator_arn #finding_aggregator_arn} => String
5102
+ # * {Types::GetFindingAggregatorResponse#finding_aggregation_region #finding_aggregation_region} => String
5103
+ # * {Types::GetFindingAggregatorResponse#region_linking_mode #region_linking_mode} => String
5104
+ # * {Types::GetFindingAggregatorResponse#regions #regions} => Array&lt;String&gt;
5105
+ #
5106
+ # @example Request syntax with placeholder values
5107
+ #
5108
+ # resp = client.get_finding_aggregator({
5109
+ # finding_aggregator_arn: "NonEmptyString", # required
5110
+ # })
5111
+ #
5112
+ # @example Response structure
5113
+ #
5114
+ # resp.finding_aggregator_arn #=> String
5115
+ # resp.finding_aggregation_region #=> String
5116
+ # resp.region_linking_mode #=> String
5117
+ # resp.regions #=> Array
5118
+ # resp.regions[0] #=> String
5119
+ #
5120
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingAggregator AWS API Documentation
5121
+ #
5122
+ # @overload get_finding_aggregator(params = {})
5123
+ # @param [Hash] params ({})
5124
+ def get_finding_aggregator(params = {}, options = {})
5125
+ req = build_request(:get_finding_aggregator, params)
5126
+ req.send_request(options)
5127
+ end
5128
+
4635
5129
  # Returns a list of findings that match the specified criteria.
4636
5130
  #
5131
+ # If finding aggregation is enabled, then when you call `GetFindings`
5132
+ # from the aggregation Region, the results include all of the matching
5133
+ # findings from both the aggregation Region and the linked Regions.
5134
+ #
4637
5135
  # @option params [Types::AwsSecurityFindingFilters] :filters
4638
5136
  # The finding attributes used to define a condition to filter the
4639
5137
  # returned findings.
@@ -5464,7 +5962,22 @@ module Aws::SecurityHub
5464
5962
  # resp.findings[0].resources[0].details.aws_auto_scaling_auto_scaling_group.health_check_grace_period #=> Integer
5465
5963
  # resp.findings[0].resources[0].details.aws_auto_scaling_auto_scaling_group.created_time #=> String
5466
5964
  # resp.findings[0].resources[0].details.aws_code_build_project.encryption_key #=> String
5965
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts #=> Array
5966
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].artifact_identifier #=> String
5967
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].encryption_disabled #=> Boolean
5968
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].location #=> String
5969
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].name #=> String
5970
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].namespace_type #=> String
5971
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].override_artifact_name #=> Boolean
5972
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].packaging #=> String
5973
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].path #=> String
5974
+ # resp.findings[0].resources[0].details.aws_code_build_project.artifacts[0].type #=> String
5467
5975
  # resp.findings[0].resources[0].details.aws_code_build_project.environment.certificate #=> String
5976
+ # resp.findings[0].resources[0].details.aws_code_build_project.environment.environment_variables #=> Array
5977
+ # resp.findings[0].resources[0].details.aws_code_build_project.environment.environment_variables[0].name #=> String
5978
+ # resp.findings[0].resources[0].details.aws_code_build_project.environment.environment_variables[0].type #=> String
5979
+ # resp.findings[0].resources[0].details.aws_code_build_project.environment.environment_variables[0].value #=> String
5980
+ # resp.findings[0].resources[0].details.aws_code_build_project.environment.privileged_mode #=> Boolean
5468
5981
  # resp.findings[0].resources[0].details.aws_code_build_project.environment.image_pull_credentials_type #=> String
5469
5982
  # resp.findings[0].resources[0].details.aws_code_build_project.environment.registry_credential.credential #=> String
5470
5983
  # resp.findings[0].resources[0].details.aws_code_build_project.environment.registry_credential.credential_provider #=> String
@@ -5475,6 +5988,12 @@ module Aws::SecurityHub
5475
5988
  # resp.findings[0].resources[0].details.aws_code_build_project.source.git_clone_depth #=> Integer
5476
5989
  # resp.findings[0].resources[0].details.aws_code_build_project.source.insecure_ssl #=> Boolean
5477
5990
  # resp.findings[0].resources[0].details.aws_code_build_project.service_role #=> String
5991
+ # resp.findings[0].resources[0].details.aws_code_build_project.logs_config.cloud_watch_logs.group_name #=> String
5992
+ # resp.findings[0].resources[0].details.aws_code_build_project.logs_config.cloud_watch_logs.status #=> String
5993
+ # resp.findings[0].resources[0].details.aws_code_build_project.logs_config.cloud_watch_logs.stream_name #=> String
5994
+ # resp.findings[0].resources[0].details.aws_code_build_project.logs_config.s3_logs.encryption_disabled #=> Boolean
5995
+ # resp.findings[0].resources[0].details.aws_code_build_project.logs_config.s3_logs.location #=> String
5996
+ # resp.findings[0].resources[0].details.aws_code_build_project.logs_config.s3_logs.status #=> String
5478
5997
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.vpc_id #=> String
5479
5998
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.subnets #=> Array
5480
5999
  # resp.findings[0].resources[0].details.aws_code_build_project.vpc_config.subnets[0] #=> String
@@ -5500,6 +6019,13 @@ module Aws::SecurityHub
5500
6019
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items #=> Array
5501
6020
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.items[0] #=> Integer
5502
6021
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.origin_groups.items[0].failover_criteria.status_codes.quantity #=> Integer
6022
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.acm_certificate_arn #=> String
6023
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.certificate #=> String
6024
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.certificate_source #=> String
6025
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.cloud_front_default_certificate #=> Boolean
6026
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.iam_certificate_id #=> String
6027
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.minimum_protocol_version #=> String
6028
+ # resp.findings[0].resources[0].details.aws_cloud_front_distribution.viewer_certificate.ssl_support_method #=> String
5503
6029
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.status #=> String
5504
6030
  # resp.findings[0].resources[0].details.aws_cloud_front_distribution.web_acl_id #=> String
5505
6031
  # resp.findings[0].resources[0].details.aws_ec2_instance.type #=> String
@@ -5652,6 +6178,9 @@ module Aws::SecurityHub
5652
6178
  # resp.findings[0].resources[0].details.aws_elbv_2_load_balancer.state.reason #=> String
5653
6179
  # resp.findings[0].resources[0].details.aws_elbv_2_load_balancer.type #=> String
5654
6180
  # resp.findings[0].resources[0].details.aws_elbv_2_load_balancer.vpc_id #=> String
6181
+ # resp.findings[0].resources[0].details.aws_elbv_2_load_balancer.load_balancer_attributes #=> Array
6182
+ # resp.findings[0].resources[0].details.aws_elbv_2_load_balancer.load_balancer_attributes[0].key #=> String
6183
+ # resp.findings[0].resources[0].details.aws_elbv_2_load_balancer.load_balancer_attributes[0].value #=> String
5655
6184
  # resp.findings[0].resources[0].details.aws_elastic_beanstalk_environment.application_name #=> String
5656
6185
  # resp.findings[0].resources[0].details.aws_elastic_beanstalk_environment.cname #=> String
5657
6186
  # resp.findings[0].resources[0].details.aws_elastic_beanstalk_environment.date_created #=> String
@@ -5717,6 +6246,7 @@ module Aws::SecurityHub
5717
6246
  # resp.findings[0].resources[0].details.aws_elasticsearch_domain.vpc_options.vpc_id #=> String
5718
6247
  # resp.findings[0].resources[0].details.aws_s3_bucket.owner_id #=> String
5719
6248
  # resp.findings[0].resources[0].details.aws_s3_bucket.owner_name #=> String
6249
+ # resp.findings[0].resources[0].details.aws_s3_bucket.owner_account_id #=> String
5720
6250
  # resp.findings[0].resources[0].details.aws_s3_bucket.created_at #=> String
5721
6251
  # resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules #=> Array
5722
6252
  # resp.findings[0].resources[0].details.aws_s3_bucket.server_side_encryption_configuration.rules[0].apply_server_side_encryption_by_default.sse_algorithm #=> String
@@ -5750,6 +6280,29 @@ module Aws::SecurityHub
5750
6280
  # resp.findings[0].resources[0].details.aws_s3_bucket.public_access_block_configuration.block_public_policy #=> Boolean
5751
6281
  # resp.findings[0].resources[0].details.aws_s3_bucket.public_access_block_configuration.ignore_public_acls #=> Boolean
5752
6282
  # resp.findings[0].resources[0].details.aws_s3_bucket.public_access_block_configuration.restrict_public_buckets #=> Boolean
6283
+ # resp.findings[0].resources[0].details.aws_s3_bucket.access_control_list #=> String
6284
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_logging_configuration.destination_bucket_name #=> String
6285
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_logging_configuration.log_file_prefix #=> String
6286
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.error_document #=> String
6287
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.index_document_suffix #=> String
6288
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.redirect_all_requests_to.hostname #=> String
6289
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.redirect_all_requests_to.protocol #=> String
6290
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules #=> Array
6291
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].condition.http_error_code_returned_equals #=> String
6292
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].condition.key_prefix_equals #=> String
6293
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].redirect.hostname #=> String
6294
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].redirect.http_redirect_code #=> String
6295
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].redirect.protocol #=> String
6296
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].redirect.replace_key_prefix_with #=> String
6297
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_website_configuration.routing_rules[0].redirect.replace_key_with #=> String
6298
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations #=> Array
6299
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].events #=> Array
6300
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].events[0] #=> String
6301
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].filter.s3_key_filter.filter_rules #=> Array
6302
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].filter.s3_key_filter.filter_rules[0].name #=> String, one of "Prefix", "Suffix"
6303
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].filter.s3_key_filter.filter_rules[0].value #=> String
6304
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].destination #=> String
6305
+ # resp.findings[0].resources[0].details.aws_s3_bucket.bucket_notification_configuration.configurations[0].type #=> String
5753
6306
  # resp.findings[0].resources[0].details.aws_s3_account_public_access_block.block_public_acls #=> Boolean
5754
6307
  # resp.findings[0].resources[0].details.aws_s3_account_public_access_block.block_public_policy #=> Boolean
5755
6308
  # resp.findings[0].resources[0].details.aws_s3_account_public_access_block.ignore_public_acls #=> Boolean
@@ -6224,6 +6777,7 @@ module Aws::SecurityHub
6224
6777
  # resp.findings[0].resources[0].details.aws_kms_key.key_state #=> String
6225
6778
  # resp.findings[0].resources[0].details.aws_kms_key.origin #=> String
6226
6779
  # resp.findings[0].resources[0].details.aws_kms_key.description #=> String
6780
+ # resp.findings[0].resources[0].details.aws_kms_key.key_rotation_status #=> Boolean
6227
6781
  # resp.findings[0].resources[0].details.aws_lambda_function.code.s3_bucket #=> String
6228
6782
  # resp.findings[0].resources[0].details.aws_lambda_function.code.s3_key #=> String
6229
6783
  # resp.findings[0].resources[0].details.aws_lambda_function.code.s3_object_version #=> String
@@ -6709,6 +7263,188 @@ module Aws::SecurityHub
6709
7263
  # resp.findings[0].resources[0].details.aws_ecs_service.service_registries[0].port #=> Integer
6710
7264
  # resp.findings[0].resources[0].details.aws_ecs_service.service_registries[0].registry_arn #=> String
6711
7265
  # resp.findings[0].resources[0].details.aws_ecs_service.task_definition #=> String
7266
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.associate_public_ip_address #=> Boolean
7267
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings #=> Array
7268
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].device_name #=> String
7269
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].ebs.delete_on_termination #=> Boolean
7270
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].ebs.encrypted #=> Boolean
7271
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].ebs.iops #=> Integer
7272
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].ebs.snapshot_id #=> String
7273
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].ebs.volume_size #=> Integer
7274
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].ebs.volume_type #=> String
7275
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].no_device #=> Boolean
7276
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.block_device_mappings[0].virtual_name #=> String
7277
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.classic_link_vpc_id #=> String
7278
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.classic_link_vpc_security_groups #=> Array
7279
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.classic_link_vpc_security_groups[0] #=> String
7280
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.created_time #=> String
7281
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.ebs_optimized #=> Boolean
7282
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.iam_instance_profile #=> String
7283
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.image_id #=> String
7284
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.instance_monitoring.enabled #=> Boolean
7285
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.instance_type #=> String
7286
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.kernel_id #=> String
7287
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.key_name #=> String
7288
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.launch_configuration_name #=> String
7289
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.placement_tenancy #=> String
7290
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.ramdisk_id #=> String
7291
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.security_groups #=> Array
7292
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.security_groups[0] #=> String
7293
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.spot_price #=> String
7294
+ # resp.findings[0].resources[0].details.aws_auto_scaling_launch_configuration.user_data #=> String
7295
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vpn_connection_id #=> String
7296
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.state #=> String
7297
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.customer_gateway_id #=> String
7298
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.customer_gateway_configuration #=> String
7299
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.type #=> String
7300
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vpn_gateway_id #=> String
7301
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.category #=> String
7302
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry #=> Array
7303
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry[0].accepted_route_count #=> Integer
7304
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry[0].certificate_arn #=> String
7305
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry[0].last_status_change #=> String
7306
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry[0].outside_ip_address #=> String
7307
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry[0].status #=> String
7308
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.vgw_telemetry[0].status_message #=> String
7309
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.static_routes_only #=> Boolean
7310
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options #=> Array
7311
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].dpd_timeout_seconds #=> Integer
7312
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].ike_versions #=> Array
7313
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].ike_versions[0] #=> String
7314
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].outside_ip_address #=> String
7315
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_dh_group_numbers #=> Array
7316
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_dh_group_numbers[0] #=> Integer
7317
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_encryption_algorithms #=> Array
7318
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_encryption_algorithms[0] #=> String
7319
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_integrity_algorithms #=> Array
7320
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_integrity_algorithms[0] #=> String
7321
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_1_lifetime_seconds #=> Integer
7322
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_dh_group_numbers #=> Array
7323
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_dh_group_numbers[0] #=> Integer
7324
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_encryption_algorithms #=> Array
7325
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_encryption_algorithms[0] #=> String
7326
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_integrity_algorithms #=> Array
7327
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_integrity_algorithms[0] #=> String
7328
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].phase_2_lifetime_seconds #=> Integer
7329
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].pre_shared_key #=> String
7330
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].rekey_fuzz_percentage #=> Integer
7331
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].rekey_margin_time_seconds #=> Integer
7332
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].replay_window_size #=> Integer
7333
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.options.tunnel_options[0].tunnel_inside_cidr #=> String
7334
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.routes #=> Array
7335
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.routes[0].destination_cidr_block #=> String
7336
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.routes[0].state #=> String
7337
+ # resp.findings[0].resources[0].details.aws_ec2_vpn_connection.transit_gateway_id #=> String
7338
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.registry_id #=> String
7339
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.repository_name #=> String
7340
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.architecture #=> String
7341
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.image_digest #=> String
7342
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.image_tags #=> Array
7343
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.image_tags[0] #=> String
7344
+ # resp.findings[0].resources[0].details.aws_ecr_container_image.image_published_at #=> String
7345
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.arn #=> String
7346
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.access_policies #=> String
7347
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_name #=> String
7348
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.id #=> String
7349
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoint #=> String
7350
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.engine_version #=> String
7351
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.encryption_at_rest_options.enabled #=> Boolean
7352
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.encryption_at_rest_options.kms_key_id #=> String
7353
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.node_to_node_encryption_options.enabled #=> Boolean
7354
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.automated_update_date #=> String
7355
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.cancellable #=> Boolean
7356
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.current_version #=> String
7357
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.description #=> String
7358
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.new_version #=> String
7359
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.update_available #=> Boolean
7360
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.update_status #=> String
7361
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.service_software_options.optional_deployment #=> Boolean
7362
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.instance_count #=> Integer
7363
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.warm_enabled #=> Boolean
7364
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.warm_count #=> Integer
7365
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.dedicated_master_enabled #=> Boolean
7366
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.zone_awareness_config.availability_zone_count #=> Integer
7367
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.dedicated_master_count #=> Integer
7368
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.instance_type #=> String
7369
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.warm_type #=> String
7370
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.zone_awareness_enabled #=> Boolean
7371
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.cluster_config.dedicated_master_type #=> String
7372
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoint_options.custom_endpoint_certificate_arn #=> String
7373
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoint_options.custom_endpoint_enabled #=> Boolean
7374
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoint_options.enforce_https #=> Boolean
7375
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoint_options.custom_endpoint #=> String
7376
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoint_options.tls_security_policy #=> String
7377
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.vpc_options.security_group_ids #=> Array
7378
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.vpc_options.security_group_ids[0] #=> String
7379
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.vpc_options.subnet_ids #=> Array
7380
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.vpc_options.subnet_ids[0] #=> String
7381
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.log_publishing_options.index_slow_logs.cloud_watch_logs_log_group_arn #=> String
7382
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.log_publishing_options.index_slow_logs.enabled #=> Boolean
7383
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.log_publishing_options.search_slow_logs.cloud_watch_logs_log_group_arn #=> String
7384
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.log_publishing_options.search_slow_logs.enabled #=> Boolean
7385
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.log_publishing_options.audit_logs.cloud_watch_logs_log_group_arn #=> String
7386
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.log_publishing_options.audit_logs.enabled #=> Boolean
7387
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoints #=> Hash
7388
+ # resp.findings[0].resources[0].details.aws_open_search_service_domain.domain_endpoints["NonEmptyString"] #=> String
7389
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.acceptance_required #=> Boolean
7390
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.availability_zones #=> Array
7391
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.availability_zones[0] #=> String
7392
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.base_endpoint_dns_names #=> Array
7393
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.base_endpoint_dns_names[0] #=> String
7394
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.manages_vpc_endpoints #=> Boolean
7395
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.gateway_load_balancer_arns #=> Array
7396
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.gateway_load_balancer_arns[0] #=> String
7397
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.network_load_balancer_arns #=> Array
7398
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.network_load_balancer_arns[0] #=> String
7399
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.private_dns_name #=> String
7400
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.service_id #=> String
7401
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.service_name #=> String
7402
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.service_state #=> String
7403
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.service_type #=> Array
7404
+ # resp.findings[0].resources[0].details.aws_ec2_vpc_endpoint_service.service_type[0].service_type #=> String
7405
+ # resp.findings[0].resources[0].details.aws_xray_encryption_config.key_id #=> String
7406
+ # resp.findings[0].resources[0].details.aws_xray_encryption_config.status #=> String
7407
+ # resp.findings[0].resources[0].details.aws_xray_encryption_config.type #=> String
7408
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.metric_name #=> String
7409
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.name #=> String
7410
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.rate_key #=> String
7411
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.rate_limit #=> Integer
7412
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.rule_id #=> String
7413
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.match_predicates #=> Array
7414
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.match_predicates[0].data_id #=> String
7415
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.match_predicates[0].negated #=> Boolean
7416
+ # resp.findings[0].resources[0].details.aws_waf_rate_based_rule.match_predicates[0].type #=> String
7417
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.metric_name #=> String
7418
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.name #=> String
7419
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.rate_key #=> String
7420
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.rate_limit #=> Integer
7421
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.rule_id #=> String
7422
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.match_predicates #=> Array
7423
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.match_predicates[0].data_id #=> String
7424
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.match_predicates[0].negated #=> Boolean
7425
+ # resp.findings[0].resources[0].details.aws_waf_regional_rate_based_rule.match_predicates[0].type #=> String
7426
+ # resp.findings[0].resources[0].details.aws_ecr_repository.arn #=> String
7427
+ # resp.findings[0].resources[0].details.aws_ecr_repository.image_scanning_configuration.scan_on_push #=> Boolean
7428
+ # resp.findings[0].resources[0].details.aws_ecr_repository.image_tag_mutability #=> String
7429
+ # resp.findings[0].resources[0].details.aws_ecr_repository.lifecycle_policy.lifecycle_policy_text #=> String
7430
+ # resp.findings[0].resources[0].details.aws_ecr_repository.lifecycle_policy.registry_id #=> String
7431
+ # resp.findings[0].resources[0].details.aws_ecr_repository.repository_name #=> String
7432
+ # resp.findings[0].resources[0].details.aws_ecr_repository.repository_policy_text #=> String
7433
+ # resp.findings[0].resources[0].details.aws_eks_cluster.arn #=> String
7434
+ # resp.findings[0].resources[0].details.aws_eks_cluster.certificate_authority_data #=> String
7435
+ # resp.findings[0].resources[0].details.aws_eks_cluster.cluster_status #=> String
7436
+ # resp.findings[0].resources[0].details.aws_eks_cluster.endpoint #=> String
7437
+ # resp.findings[0].resources[0].details.aws_eks_cluster.name #=> String
7438
+ # resp.findings[0].resources[0].details.aws_eks_cluster.resources_vpc_config.security_group_ids #=> Array
7439
+ # resp.findings[0].resources[0].details.aws_eks_cluster.resources_vpc_config.security_group_ids[0] #=> String
7440
+ # resp.findings[0].resources[0].details.aws_eks_cluster.resources_vpc_config.subnet_ids #=> Array
7441
+ # resp.findings[0].resources[0].details.aws_eks_cluster.resources_vpc_config.subnet_ids[0] #=> String
7442
+ # resp.findings[0].resources[0].details.aws_eks_cluster.role_arn #=> String
7443
+ # resp.findings[0].resources[0].details.aws_eks_cluster.version #=> String
7444
+ # resp.findings[0].resources[0].details.aws_eks_cluster.logging.cluster_logging #=> Array
7445
+ # resp.findings[0].resources[0].details.aws_eks_cluster.logging.cluster_logging[0].enabled #=> Boolean
7446
+ # resp.findings[0].resources[0].details.aws_eks_cluster.logging.cluster_logging[0].types #=> Array
7447
+ # resp.findings[0].resources[0].details.aws_eks_cluster.logging.cluster_logging[0].types[0] #=> String
6712
7448
  # resp.findings[0].compliance.status #=> String, one of "PASSED", "WARNING", "FAILED", "NOT_AVAILABLE"
6713
7449
  # resp.findings[0].compliance.related_requirements #=> Array
6714
7450
  # resp.findings[0].compliance.related_requirements[0] #=> String
@@ -6733,10 +7469,16 @@ module Aws::SecurityHub
6733
7469
  # resp.findings[0].vulnerabilities[0].vulnerable_packages[0].epoch #=> String
6734
7470
  # resp.findings[0].vulnerabilities[0].vulnerable_packages[0].release #=> String
6735
7471
  # resp.findings[0].vulnerabilities[0].vulnerable_packages[0].architecture #=> String
7472
+ # resp.findings[0].vulnerabilities[0].vulnerable_packages[0].package_manager #=> String
7473
+ # resp.findings[0].vulnerabilities[0].vulnerable_packages[0].file_path #=> String
6736
7474
  # resp.findings[0].vulnerabilities[0].cvss #=> Array
6737
7475
  # resp.findings[0].vulnerabilities[0].cvss[0].version #=> String
6738
7476
  # resp.findings[0].vulnerabilities[0].cvss[0].base_score #=> Float
6739
7477
  # resp.findings[0].vulnerabilities[0].cvss[0].base_vector #=> String
7478
+ # resp.findings[0].vulnerabilities[0].cvss[0].source #=> String
7479
+ # resp.findings[0].vulnerabilities[0].cvss[0].adjustments #=> Array
7480
+ # resp.findings[0].vulnerabilities[0].cvss[0].adjustments[0].metric #=> String
7481
+ # resp.findings[0].vulnerabilities[0].cvss[0].adjustments[0].reason #=> String
6740
7482
  # resp.findings[0].vulnerabilities[0].related_vulnerabilities #=> Array
6741
7483
  # resp.findings[0].vulnerabilities[0].related_vulnerabilities[0] #=> String
6742
7484
  # resp.findings[0].vulnerabilities[0].vendor.name #=> String
@@ -7417,6 +8159,47 @@ module Aws::SecurityHub
7417
8159
  req.send_request(options)
7418
8160
  end
7419
8161
 
8162
+ # If finding aggregation is enabled, then `ListFindingAggregators`
8163
+ # returns the ARN of the finding aggregator. You can run this operation
8164
+ # from any Region.
8165
+ #
8166
+ # @option params [String] :next_token
8167
+ # The token returned with the previous set of results. Identifies the
8168
+ # next set of results to return.
8169
+ #
8170
+ # @option params [Integer] :max_results
8171
+ # The maximum number of results to return. This operation currently only
8172
+ # returns a single result.
8173
+ #
8174
+ # @return [Types::ListFindingAggregatorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8175
+ #
8176
+ # * {Types::ListFindingAggregatorsResponse#finding_aggregators #finding_aggregators} => Array&lt;Types::FindingAggregator&gt;
8177
+ # * {Types::ListFindingAggregatorsResponse#next_token #next_token} => String
8178
+ #
8179
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
8180
+ #
8181
+ # @example Request syntax with placeholder values
8182
+ #
8183
+ # resp = client.list_finding_aggregators({
8184
+ # next_token: "NextToken",
8185
+ # max_results: 1,
8186
+ # })
8187
+ #
8188
+ # @example Response structure
8189
+ #
8190
+ # resp.finding_aggregators #=> Array
8191
+ # resp.finding_aggregators[0].finding_aggregator_arn #=> String
8192
+ # resp.next_token #=> String
8193
+ #
8194
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListFindingAggregators AWS API Documentation
8195
+ #
8196
+ # @overload list_finding_aggregators(params = {})
8197
+ # @param [Hash] params ({})
8198
+ def list_finding_aggregators(params = {}, options = {})
8199
+ req = build_request(:list_finding_aggregators, params)
8200
+ req.send_request(options)
8201
+ end
8202
+
7420
8203
  # Lists all Security Hub membership invitations that were sent to the
7421
8204
  # current Amazon Web Services account.
7422
8205
  #
@@ -7693,6 +8476,84 @@ module Aws::SecurityHub
7693
8476
  req.send_request(options)
7694
8477
  end
7695
8478
 
8479
+ # Updates the finding aggregation configuration. Used to update the
8480
+ # Region linking mode and the list of included or excluded Regions. You
8481
+ # cannot use `UpdateFindingAggregator` to change the aggregation Region.
8482
+ #
8483
+ # You must run `UpdateFindingAggregator` from the current aggregation
8484
+ # Region.
8485
+ #
8486
+ # @option params [required, String] :finding_aggregator_arn
8487
+ # The ARN of the finding aggregator. To obtain the ARN, use
8488
+ # `ListFindingAggregators`.
8489
+ #
8490
+ # @option params [required, String] :region_linking_mode
8491
+ # Indicates whether to aggregate findings from all of the available
8492
+ # Regions in the current partition. Also determines whether to
8493
+ # automatically aggregate findings from new Regions as Security Hub
8494
+ # supports them and you opt into them.
8495
+ #
8496
+ # The selected option also determines how to use the Regions provided in
8497
+ # the Regions list.
8498
+ #
8499
+ # The options are as follows:
8500
+ #
8501
+ # * `ALL_REGIONS` - Indicates to aggregate findings from all of the
8502
+ # Regions where Security Hub is enabled. When you choose this option,
8503
+ # Security Hub also automatically aggregates findings from new Regions
8504
+ # as Security Hub supports them and you opt into them.
8505
+ #
8506
+ # * `ALL_REGIONS_EXCEPT_SPECIFIED` - Indicates to aggregate findings
8507
+ # from all of the Regions where Security Hub is enabled, except for
8508
+ # the Regions listed in the `Regions` parameter. When you choose this
8509
+ # option, Security Hub also automatically aggregates findings from new
8510
+ # Regions as Security Hub supports them and you opt into them.
8511
+ #
8512
+ # * `SPECIFIED_REGIONS` - Indicates to aggregate findings only from the
8513
+ # Regions listed in the `Regions` parameter. Security Hub does not
8514
+ # automatically aggregate findings from new Regions.
8515
+ #
8516
+ # @option params [Array<String>] :regions
8517
+ # If `RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this is
8518
+ # a comma-separated list of Regions that do not aggregate findings to
8519
+ # the aggregation Region.
8520
+ #
8521
+ # If `RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a
8522
+ # comma-separated list of Regions that do aggregate findings to the
8523
+ # aggregation Region.
8524
+ #
8525
+ # @return [Types::UpdateFindingAggregatorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
8526
+ #
8527
+ # * {Types::UpdateFindingAggregatorResponse#finding_aggregator_arn #finding_aggregator_arn} => String
8528
+ # * {Types::UpdateFindingAggregatorResponse#finding_aggregation_region #finding_aggregation_region} => String
8529
+ # * {Types::UpdateFindingAggregatorResponse#region_linking_mode #region_linking_mode} => String
8530
+ # * {Types::UpdateFindingAggregatorResponse#regions #regions} => Array&lt;String&gt;
8531
+ #
8532
+ # @example Request syntax with placeholder values
8533
+ #
8534
+ # resp = client.update_finding_aggregator({
8535
+ # finding_aggregator_arn: "NonEmptyString", # required
8536
+ # region_linking_mode: "NonEmptyString", # required
8537
+ # regions: ["NonEmptyString"],
8538
+ # })
8539
+ #
8540
+ # @example Response structure
8541
+ #
8542
+ # resp.finding_aggregator_arn #=> String
8543
+ # resp.finding_aggregation_region #=> String
8544
+ # resp.region_linking_mode #=> String
8545
+ # resp.regions #=> Array
8546
+ # resp.regions[0] #=> String
8547
+ #
8548
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateFindingAggregator AWS API Documentation
8549
+ #
8550
+ # @overload update_finding_aggregator(params = {})
8551
+ # @param [Hash] params ({})
8552
+ def update_finding_aggregator(params = {}, options = {})
8553
+ req = build_request(:update_finding_aggregator, params)
8554
+ req.send_request(options)
8555
+ end
8556
+
7696
8557
  # `UpdateFindings` is deprecated. Instead of `UpdateFindings`, use
7697
8558
  # `BatchUpdateFindings`.
7698
8559
  #
@@ -9101,7 +9962,7 @@ module Aws::SecurityHub
9101
9962
  params: params,
9102
9963
  config: config)
9103
9964
  context[:gem_name] = 'aws-sdk-securityhub'
9104
- context[:gem_version] = '1.51.0'
9965
+ context[:gem_version] = '1.55.0'
9105
9966
  Seahorse::Client::Request.new(handlers, context)
9106
9967
  end
9107
9968