aws-sdk-securityhub 1.55.0 → 1.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-securityhub/client.rb +325 -5
  5. data/lib/aws-sdk-securityhub/client_api.rb +284 -0
  6. data/lib/aws-sdk-securityhub/types.rb +2667 -9
  7. data/lib/aws-sdk-securityhub.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -1414,6 +1414,27 @@ module Aws::SecurityHub
1414
1414
  include Aws::Structure
1415
1415
  end
1416
1416
 
1417
+ # An Availability Zone for the automatic scaling group.
1418
+ #
1419
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
1420
+ # data as a hash:
1421
+ #
1422
+ # {
1423
+ # value: "NonEmptyString",
1424
+ # }
1425
+ #
1426
+ # @!attribute [rw] value
1427
+ # The name of the Availability Zone.
1428
+ # @return [String]
1429
+ #
1430
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails AWS API Documentation
1431
+ #
1432
+ class AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails < Struct.new(
1433
+ :value)
1434
+ SENSITIVE = []
1435
+ include Aws::Structure
1436
+ end
1437
+
1417
1438
  # Provides details about an auto scaling group.
1418
1439
  #
1419
1440
  # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupDetails
@@ -1425,6 +1446,34 @@ module Aws::SecurityHub
1425
1446
  # health_check_type: "NonEmptyString",
1426
1447
  # health_check_grace_period: 1,
1427
1448
  # created_time: "NonEmptyString",
1449
+ # mixed_instances_policy: {
1450
+ # instances_distribution: {
1451
+ # on_demand_allocation_strategy: "NonEmptyString",
1452
+ # on_demand_base_capacity: 1,
1453
+ # on_demand_percentage_above_base_capacity: 1,
1454
+ # spot_allocation_strategy: "NonEmptyString",
1455
+ # spot_instance_pools: 1,
1456
+ # spot_max_price: "NonEmptyString",
1457
+ # },
1458
+ # launch_template: {
1459
+ # launch_template_specification: {
1460
+ # launch_template_id: "NonEmptyString",
1461
+ # launch_template_name: "NonEmptyString",
1462
+ # version: "NonEmptyString",
1463
+ # },
1464
+ # overrides: [
1465
+ # {
1466
+ # instance_type: "NonEmptyString",
1467
+ # weighted_capacity: "NonEmptyString",
1468
+ # },
1469
+ # ],
1470
+ # },
1471
+ # },
1472
+ # availability_zones: [
1473
+ # {
1474
+ # value: "NonEmptyString",
1475
+ # },
1476
+ # ],
1428
1477
  # }
1429
1478
  #
1430
1479
  # @!attribute [rw] launch_configuration_name
@@ -1457,6 +1506,14 @@ module Aws::SecurityHub
1457
1506
  # [1]: https://tools.ietf.org/html/rfc3339#section-5.6
1458
1507
  # @return [String]
1459
1508
  #
1509
+ # @!attribute [rw] mixed_instances_policy
1510
+ # The mixed instances policy for the automatic scaling group.
1511
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails]
1512
+ #
1513
+ # @!attribute [rw] availability_zones
1514
+ # The list of Availability Zones for the automatic scaling group.
1515
+ # @return [Array<Types::AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails>]
1516
+ #
1460
1517
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupDetails AWS API Documentation
1461
1518
  #
1462
1519
  class AwsAutoScalingAutoScalingGroupDetails < Struct.new(
@@ -1464,7 +1521,217 @@ module Aws::SecurityHub
1464
1521
  :load_balancer_names,
1465
1522
  :health_check_type,
1466
1523
  :health_check_grace_period,
1467
- :created_time)
1524
+ :created_time,
1525
+ :mixed_instances_policy,
1526
+ :availability_zones)
1527
+ SENSITIVE = []
1528
+ include Aws::Structure
1529
+ end
1530
+
1531
+ # The mixed instances policy for the automatic scaling group.
1532
+ #
1533
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
1534
+ # data as a hash:
1535
+ #
1536
+ # {
1537
+ # instances_distribution: {
1538
+ # on_demand_allocation_strategy: "NonEmptyString",
1539
+ # on_demand_base_capacity: 1,
1540
+ # on_demand_percentage_above_base_capacity: 1,
1541
+ # spot_allocation_strategy: "NonEmptyString",
1542
+ # spot_instance_pools: 1,
1543
+ # spot_max_price: "NonEmptyString",
1544
+ # },
1545
+ # launch_template: {
1546
+ # launch_template_specification: {
1547
+ # launch_template_id: "NonEmptyString",
1548
+ # launch_template_name: "NonEmptyString",
1549
+ # version: "NonEmptyString",
1550
+ # },
1551
+ # overrides: [
1552
+ # {
1553
+ # instance_type: "NonEmptyString",
1554
+ # weighted_capacity: "NonEmptyString",
1555
+ # },
1556
+ # ],
1557
+ # },
1558
+ # }
1559
+ #
1560
+ # @!attribute [rw] instances_distribution
1561
+ # The instances distribution. The instances distribution specifies the
1562
+ # distribution of On-Demand Instances and Spot Instances, the maximum
1563
+ # price to pay for Spot Instances, and how the Auto Scaling group
1564
+ # allocates instance types to fulfill On-Demand and Spot capacity.
1565
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails]
1566
+ #
1567
+ # @!attribute [rw] launch_template
1568
+ # The launch template to use and the instance types (overrides) to use
1569
+ # to provision EC2 instances to fulfill On-Demand and Spot capacities.
1570
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails]
1571
+ #
1572
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails AWS API Documentation
1573
+ #
1574
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails < Struct.new(
1575
+ :instances_distribution,
1576
+ :launch_template)
1577
+ SENSITIVE = []
1578
+ include Aws::Structure
1579
+ end
1580
+
1581
+ # Information about the instances distribution.
1582
+ #
1583
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
1584
+ # data as a hash:
1585
+ #
1586
+ # {
1587
+ # on_demand_allocation_strategy: "NonEmptyString",
1588
+ # on_demand_base_capacity: 1,
1589
+ # on_demand_percentage_above_base_capacity: 1,
1590
+ # spot_allocation_strategy: "NonEmptyString",
1591
+ # spot_instance_pools: 1,
1592
+ # spot_max_price: "NonEmptyString",
1593
+ # }
1594
+ #
1595
+ # @!attribute [rw] on_demand_allocation_strategy
1596
+ # How to allocate instance types to fulfill On-Demand capacity.
1597
+ # @return [String]
1598
+ #
1599
+ # @!attribute [rw] on_demand_base_capacity
1600
+ # The minimum amount of the Auto Scaling group's capacity that must
1601
+ # be fulfilled by On-Demand Instances.
1602
+ # @return [Integer]
1603
+ #
1604
+ # @!attribute [rw] on_demand_percentage_above_base_capacity
1605
+ # The percentage of On-Demand Instances and Spot Instances for
1606
+ # additional capacity beyond `OnDemandBaseCapacity`.
1607
+ # @return [Integer]
1608
+ #
1609
+ # @!attribute [rw] spot_allocation_strategy
1610
+ # How to allocate instances across Spot Instance pools.
1611
+ # @return [String]
1612
+ #
1613
+ # @!attribute [rw] spot_instance_pools
1614
+ # The number of Spot Instance pools across which to allocate your Spot
1615
+ # Instances.
1616
+ # @return [Integer]
1617
+ #
1618
+ # @!attribute [rw] spot_max_price
1619
+ # The maximum price per unit hour that you are willing to pay for a
1620
+ # Spot Instance.
1621
+ # @return [String]
1622
+ #
1623
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails AWS API Documentation
1624
+ #
1625
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails < Struct.new(
1626
+ :on_demand_allocation_strategy,
1627
+ :on_demand_base_capacity,
1628
+ :on_demand_percentage_above_base_capacity,
1629
+ :spot_allocation_strategy,
1630
+ :spot_instance_pools,
1631
+ :spot_max_price)
1632
+ SENSITIVE = []
1633
+ include Aws::Structure
1634
+ end
1635
+
1636
+ # Describes a launch template and overrides for a mixed instances
1637
+ # policy.
1638
+ #
1639
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
1640
+ # data as a hash:
1641
+ #
1642
+ # {
1643
+ # launch_template_specification: {
1644
+ # launch_template_id: "NonEmptyString",
1645
+ # launch_template_name: "NonEmptyString",
1646
+ # version: "NonEmptyString",
1647
+ # },
1648
+ # overrides: [
1649
+ # {
1650
+ # instance_type: "NonEmptyString",
1651
+ # weighted_capacity: "NonEmptyString",
1652
+ # },
1653
+ # ],
1654
+ # }
1655
+ #
1656
+ # @!attribute [rw] launch_template_specification
1657
+ # The launch template to use.
1658
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification]
1659
+ #
1660
+ # @!attribute [rw] overrides
1661
+ # Property values to use to override the values in the launch
1662
+ # template.
1663
+ # @return [Array<Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails>]
1664
+ #
1665
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails AWS API Documentation
1666
+ #
1667
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails < Struct.new(
1668
+ :launch_template_specification,
1669
+ :overrides)
1670
+ SENSITIVE = []
1671
+ include Aws::Structure
1672
+ end
1673
+
1674
+ # Details about the launch template to use.
1675
+ #
1676
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
1677
+ # data as a hash:
1678
+ #
1679
+ # {
1680
+ # launch_template_id: "NonEmptyString",
1681
+ # launch_template_name: "NonEmptyString",
1682
+ # version: "NonEmptyString",
1683
+ # }
1684
+ #
1685
+ # @!attribute [rw] launch_template_id
1686
+ # The identifier of the launch template. You must specify either
1687
+ # `LaunchTemplateId` or `LaunchTemplateName`.
1688
+ # @return [String]
1689
+ #
1690
+ # @!attribute [rw] launch_template_name
1691
+ # The name of the launch template. You must specify either
1692
+ # `LaunchTemplateId` or `LaunchTemplateName`.
1693
+ # @return [String]
1694
+ #
1695
+ # @!attribute [rw] version
1696
+ # Identifies the version of the launch template. You can specify a
1697
+ # version identifier, or use the values `$Latest` or `$Default`.
1698
+ # @return [String]
1699
+ #
1700
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification AWS API Documentation
1701
+ #
1702
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification < Struct.new(
1703
+ :launch_template_id,
1704
+ :launch_template_name,
1705
+ :version)
1706
+ SENSITIVE = []
1707
+ include Aws::Structure
1708
+ end
1709
+
1710
+ # Property values to use to override the values in the launch template.
1711
+ #
1712
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
1713
+ # data as a hash:
1714
+ #
1715
+ # {
1716
+ # instance_type: "NonEmptyString",
1717
+ # weighted_capacity: "NonEmptyString",
1718
+ # }
1719
+ #
1720
+ # @!attribute [rw] instance_type
1721
+ # The instance type. For example, `m3.xlarge`.
1722
+ # @return [String]
1723
+ #
1724
+ # @!attribute [rw] weighted_capacity
1725
+ # The number of capacity units provided by the specified instance type
1726
+ # in terms of virtual CPUs, memory, storage, throughput, or other
1727
+ # relative performance characteristic.
1728
+ # @return [String]
1729
+ #
1730
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails AWS API Documentation
1731
+ #
1732
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails < Struct.new(
1733
+ :instance_type,
1734
+ :weighted_capacity)
1468
1735
  SENSITIVE = []
1469
1736
  include Aws::Structure
1470
1737
  end
@@ -1633,6 +1900,11 @@ module Aws::SecurityHub
1633
1900
  # security_groups: ["NonEmptyString"],
1634
1901
  # spot_price: "NonEmptyString",
1635
1902
  # user_data: "NonEmptyString",
1903
+ # metadata_options: {
1904
+ # http_endpoint: "NonEmptyString",
1905
+ # http_put_response_hop_limit: 1,
1906
+ # http_tokens: "NonEmptyString",
1907
+ # },
1636
1908
  # }
1637
1909
  #
1638
1910
  # @!attribute [rw] associate_public_ip_address
@@ -1725,6 +1997,10 @@ module Aws::SecurityHub
1725
1997
  # be base64-encoded text.
1726
1998
  # @return [String]
1727
1999
  #
2000
+ # @!attribute [rw] metadata_options
2001
+ # The metadata options for the instances.
2002
+ # @return [Types::AwsAutoScalingLaunchConfigurationMetadataOptions]
2003
+ #
1728
2004
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationDetails AWS API Documentation
1729
2005
  #
1730
2006
  class AwsAutoScalingLaunchConfigurationDetails < Struct.new(
@@ -1745,7 +2021,8 @@ module Aws::SecurityHub
1745
2021
  :ramdisk_id,
1746
2022
  :security_groups,
1747
2023
  :spot_price,
1748
- :user_data)
2024
+ :user_data,
2025
+ :metadata_options)
1749
2026
  SENSITIVE = []
1750
2027
  include Aws::Structure
1751
2028
  end
@@ -1775,6 +2052,43 @@ module Aws::SecurityHub
1775
2052
  include Aws::Structure
1776
2053
  end
1777
2054
 
2055
+ # The metadata options for the instances.
2056
+ #
2057
+ # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationMetadataOptions
2058
+ # data as a hash:
2059
+ #
2060
+ # {
2061
+ # http_endpoint: "NonEmptyString",
2062
+ # http_put_response_hop_limit: 1,
2063
+ # http_tokens: "NonEmptyString",
2064
+ # }
2065
+ #
2066
+ # @!attribute [rw] http_endpoint
2067
+ # Enables or disables the HTTP metadata endpoint on your instances. By
2068
+ # default, the metadata endpoint is enabled.
2069
+ # @return [String]
2070
+ #
2071
+ # @!attribute [rw] http_put_response_hop_limit
2072
+ # The HTTP `PUT` response hop limit for instance metadata requests.
2073
+ # The larger the number, the further instance metadata requests can
2074
+ # travel.
2075
+ # @return [Integer]
2076
+ #
2077
+ # @!attribute [rw] http_tokens
2078
+ # Indicates whether token usage is `required` or `optional` for
2079
+ # metadata requests. By default, token usage is `optional`.
2080
+ # @return [String]
2081
+ #
2082
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationMetadataOptions AWS API Documentation
2083
+ #
2084
+ class AwsAutoScalingLaunchConfigurationMetadataOptions < Struct.new(
2085
+ :http_endpoint,
2086
+ :http_put_response_hop_limit,
2087
+ :http_tokens)
2088
+ SENSITIVE = []
2089
+ include Aws::Structure
2090
+ end
2091
+
1778
2092
  # Provides details about an Certificate Manager certificate.
1779
2093
  #
1780
2094
  # @note When making an API call, you may pass AwsCertificateManagerCertificateDetails
@@ -12004,6 +12318,340 @@ module Aws::SecurityHub
12004
12318
  include Aws::Structure
12005
12319
  end
12006
12320
 
12321
+ # Details about an Network Firewall firewall.
12322
+ #
12323
+ # @note When making an API call, you may pass AwsNetworkFirewallFirewallDetails
12324
+ # data as a hash:
12325
+ #
12326
+ # {
12327
+ # delete_protection: false,
12328
+ # description: "NonEmptyString",
12329
+ # firewall_arn: "NonEmptyString",
12330
+ # firewall_id: "NonEmptyString",
12331
+ # firewall_name: "NonEmptyString",
12332
+ # firewall_policy_arn: "NonEmptyString",
12333
+ # firewall_policy_change_protection: false,
12334
+ # subnet_change_protection: false,
12335
+ # subnet_mappings: [
12336
+ # {
12337
+ # subnet_id: "NonEmptyString",
12338
+ # },
12339
+ # ],
12340
+ # vpc_id: "NonEmptyString",
12341
+ # }
12342
+ #
12343
+ # @!attribute [rw] delete_protection
12344
+ # Whether the firewall is protected from deletion. If set to `true`,
12345
+ # then the firewall cannot be deleted.
12346
+ # @return [Boolean]
12347
+ #
12348
+ # @!attribute [rw] description
12349
+ # A description of the firewall.
12350
+ # @return [String]
12351
+ #
12352
+ # @!attribute [rw] firewall_arn
12353
+ # The ARN of the firewall.
12354
+ # @return [String]
12355
+ #
12356
+ # @!attribute [rw] firewall_id
12357
+ # The identifier of the firewall.
12358
+ # @return [String]
12359
+ #
12360
+ # @!attribute [rw] firewall_name
12361
+ # A descriptive name of the firewall.
12362
+ # @return [String]
12363
+ #
12364
+ # @!attribute [rw] firewall_policy_arn
12365
+ # The ARN of the firewall policy.
12366
+ # @return [String]
12367
+ #
12368
+ # @!attribute [rw] firewall_policy_change_protection
12369
+ # Whether the firewall is protected from a change to the firewall
12370
+ # policy. If set to `true`, you cannot associate a different policy
12371
+ # with the firewall.
12372
+ # @return [Boolean]
12373
+ #
12374
+ # @!attribute [rw] subnet_change_protection
12375
+ # Whether the firewall is protected from a change to the subnet
12376
+ # associations. If set to `true`, you cannot map different subnets to
12377
+ # the firewall.
12378
+ # @return [Boolean]
12379
+ #
12380
+ # @!attribute [rw] subnet_mappings
12381
+ # The public subnets that Network Firewall uses for the firewall. Each
12382
+ # subnet must belong to a different Availability Zone.
12383
+ # @return [Array<Types::AwsNetworkFirewallFirewallSubnetMappingsDetails>]
12384
+ #
12385
+ # @!attribute [rw] vpc_id
12386
+ # The identifier of the VPC where the firewall is used.
12387
+ # @return [String]
12388
+ #
12389
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallDetails AWS API Documentation
12390
+ #
12391
+ class AwsNetworkFirewallFirewallDetails < Struct.new(
12392
+ :delete_protection,
12393
+ :description,
12394
+ :firewall_arn,
12395
+ :firewall_id,
12396
+ :firewall_name,
12397
+ :firewall_policy_arn,
12398
+ :firewall_policy_change_protection,
12399
+ :subnet_change_protection,
12400
+ :subnet_mappings,
12401
+ :vpc_id)
12402
+ SENSITIVE = []
12403
+ include Aws::Structure
12404
+ end
12405
+
12406
+ # Details about a firewall policy. A firewall policy defines the
12407
+ # behavior of a network firewall.
12408
+ #
12409
+ # @note When making an API call, you may pass AwsNetworkFirewallFirewallPolicyDetails
12410
+ # data as a hash:
12411
+ #
12412
+ # {
12413
+ # firewall_policy: {
12414
+ # stateful_rule_group_references: [
12415
+ # {
12416
+ # resource_arn: "NonEmptyString",
12417
+ # },
12418
+ # ],
12419
+ # stateless_custom_actions: [
12420
+ # {
12421
+ # action_definition: {
12422
+ # publish_metric_action: {
12423
+ # dimensions: [
12424
+ # {
12425
+ # value: "NonEmptyString",
12426
+ # },
12427
+ # ],
12428
+ # },
12429
+ # },
12430
+ # action_name: "NonEmptyString",
12431
+ # },
12432
+ # ],
12433
+ # stateless_default_actions: ["NonEmptyString"],
12434
+ # stateless_fragment_default_actions: ["NonEmptyString"],
12435
+ # stateless_rule_group_references: [
12436
+ # {
12437
+ # priority: 1,
12438
+ # resource_arn: "NonEmptyString",
12439
+ # },
12440
+ # ],
12441
+ # },
12442
+ # firewall_policy_arn: "NonEmptyString",
12443
+ # firewall_policy_id: "NonEmptyString",
12444
+ # firewall_policy_name: "NonEmptyString",
12445
+ # description: "NonEmptyString",
12446
+ # }
12447
+ #
12448
+ # @!attribute [rw] firewall_policy
12449
+ # The firewall policy configuration.
12450
+ # @return [Types::FirewallPolicyDetails]
12451
+ #
12452
+ # @!attribute [rw] firewall_policy_arn
12453
+ # The ARN of the firewall policy.
12454
+ # @return [String]
12455
+ #
12456
+ # @!attribute [rw] firewall_policy_id
12457
+ # The identifier of the firewall policy.
12458
+ # @return [String]
12459
+ #
12460
+ # @!attribute [rw] firewall_policy_name
12461
+ # The name of the firewall policy.
12462
+ # @return [String]
12463
+ #
12464
+ # @!attribute [rw] description
12465
+ # A description of the firewall policy.
12466
+ # @return [String]
12467
+ #
12468
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallPolicyDetails AWS API Documentation
12469
+ #
12470
+ class AwsNetworkFirewallFirewallPolicyDetails < Struct.new(
12471
+ :firewall_policy,
12472
+ :firewall_policy_arn,
12473
+ :firewall_policy_id,
12474
+ :firewall_policy_name,
12475
+ :description)
12476
+ SENSITIVE = []
12477
+ include Aws::Structure
12478
+ end
12479
+
12480
+ # A public subnet that Network Firewall uses for the firewall.
12481
+ #
12482
+ # @note When making an API call, you may pass AwsNetworkFirewallFirewallSubnetMappingsDetails
12483
+ # data as a hash:
12484
+ #
12485
+ # {
12486
+ # subnet_id: "NonEmptyString",
12487
+ # }
12488
+ #
12489
+ # @!attribute [rw] subnet_id
12490
+ # The identifier of the subnet
12491
+ # @return [String]
12492
+ #
12493
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallSubnetMappingsDetails AWS API Documentation
12494
+ #
12495
+ class AwsNetworkFirewallFirewallSubnetMappingsDetails < Struct.new(
12496
+ :subnet_id)
12497
+ SENSITIVE = []
12498
+ include Aws::Structure
12499
+ end
12500
+
12501
+ # Details about an Network Firewall rule group. Rule groups are used to
12502
+ # inspect and control network traffic. Stateless rule groups apply to
12503
+ # individual packets. Stateful rule groups apply to packets in the
12504
+ # context of their traffic flow.
12505
+ #
12506
+ # Rule groups are referenced in firewall policies.
12507
+ #
12508
+ # @note When making an API call, you may pass AwsNetworkFirewallRuleGroupDetails
12509
+ # data as a hash:
12510
+ #
12511
+ # {
12512
+ # capacity: 1,
12513
+ # description: "NonEmptyString",
12514
+ # rule_group: {
12515
+ # rule_variables: {
12516
+ # ip_sets: {
12517
+ # definition: ["NonEmptyString"],
12518
+ # },
12519
+ # port_sets: {
12520
+ # definition: ["NonEmptyString"],
12521
+ # },
12522
+ # },
12523
+ # rules_source: {
12524
+ # rules_source_list: {
12525
+ # generated_rules_type: "NonEmptyString",
12526
+ # target_types: ["NonEmptyString"],
12527
+ # targets: ["NonEmptyString"],
12528
+ # },
12529
+ # rules_string: "NonEmptyString",
12530
+ # stateful_rules: [
12531
+ # {
12532
+ # action: "NonEmptyString",
12533
+ # header: {
12534
+ # destination: "NonEmptyString",
12535
+ # destination_port: "NonEmptyString",
12536
+ # direction: "NonEmptyString",
12537
+ # protocol: "NonEmptyString",
12538
+ # source: "NonEmptyString",
12539
+ # source_port: "NonEmptyString",
12540
+ # },
12541
+ # rule_options: [
12542
+ # {
12543
+ # keyword: "NonEmptyString",
12544
+ # settings: ["NonEmptyString"],
12545
+ # },
12546
+ # ],
12547
+ # },
12548
+ # ],
12549
+ # stateless_rules_and_custom_actions: {
12550
+ # custom_actions: [
12551
+ # {
12552
+ # action_definition: {
12553
+ # publish_metric_action: {
12554
+ # dimensions: [
12555
+ # {
12556
+ # value: "NonEmptyString",
12557
+ # },
12558
+ # ],
12559
+ # },
12560
+ # },
12561
+ # action_name: "NonEmptyString",
12562
+ # },
12563
+ # ],
12564
+ # stateless_rules: [
12565
+ # {
12566
+ # priority: 1,
12567
+ # rule_definition: {
12568
+ # actions: ["NonEmptyString"],
12569
+ # match_attributes: {
12570
+ # destination_ports: [
12571
+ # {
12572
+ # from_port: 1,
12573
+ # to_port: 1,
12574
+ # },
12575
+ # ],
12576
+ # destinations: [
12577
+ # {
12578
+ # address_definition: "NonEmptyString",
12579
+ # },
12580
+ # ],
12581
+ # protocols: [1],
12582
+ # source_ports: [
12583
+ # {
12584
+ # from_port: 1,
12585
+ # to_port: 1,
12586
+ # },
12587
+ # ],
12588
+ # sources: [
12589
+ # {
12590
+ # address_definition: "NonEmptyString",
12591
+ # },
12592
+ # ],
12593
+ # tcp_flags: [
12594
+ # {
12595
+ # flags: ["NonEmptyString"],
12596
+ # masks: ["NonEmptyString"],
12597
+ # },
12598
+ # ],
12599
+ # },
12600
+ # },
12601
+ # },
12602
+ # ],
12603
+ # },
12604
+ # },
12605
+ # },
12606
+ # rule_group_arn: "NonEmptyString",
12607
+ # rule_group_id: "NonEmptyString",
12608
+ # rule_group_name: "NonEmptyString",
12609
+ # type: "NonEmptyString",
12610
+ # }
12611
+ #
12612
+ # @!attribute [rw] capacity
12613
+ # The maximum number of operating resources that this rule group can
12614
+ # use.
12615
+ # @return [Integer]
12616
+ #
12617
+ # @!attribute [rw] description
12618
+ # A description of the rule group.
12619
+ # @return [String]
12620
+ #
12621
+ # @!attribute [rw] rule_group
12622
+ # Details about the rule group.
12623
+ # @return [Types::RuleGroupDetails]
12624
+ #
12625
+ # @!attribute [rw] rule_group_arn
12626
+ # The ARN of the rule group.
12627
+ # @return [String]
12628
+ #
12629
+ # @!attribute [rw] rule_group_id
12630
+ # The identifier of the rule group.
12631
+ # @return [String]
12632
+ #
12633
+ # @!attribute [rw] rule_group_name
12634
+ # The descriptive name of the rule group.
12635
+ # @return [String]
12636
+ #
12637
+ # @!attribute [rw] type
12638
+ # The type of rule group. A rule group can be stateful or stateless.
12639
+ # @return [String]
12640
+ #
12641
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallRuleGroupDetails AWS API Documentation
12642
+ #
12643
+ class AwsNetworkFirewallRuleGroupDetails < Struct.new(
12644
+ :capacity,
12645
+ :description,
12646
+ :rule_group,
12647
+ :rule_group_arn,
12648
+ :rule_group_id,
12649
+ :rule_group_name,
12650
+ :type)
12651
+ SENSITIVE = []
12652
+ include Aws::Structure
12653
+ end
12654
+
12007
12655
  # Details about the configuration of an OpenSearch cluster.
12008
12656
  #
12009
12657
  # @note When making an API call, you may pass AwsOpenSearchServiceDomainClusterConfigDetails
@@ -15965,6 +16613,35 @@ module Aws::SecurityHub
15965
16613
  include Aws::Structure
15966
16614
  end
15967
16615
 
16616
+ # Describes the versioning state of an S3 bucket.
16617
+ #
16618
+ # @note When making an API call, you may pass AwsS3BucketBucketVersioningConfiguration
16619
+ # data as a hash:
16620
+ #
16621
+ # {
16622
+ # is_mfa_delete_enabled: false,
16623
+ # status: "NonEmptyString",
16624
+ # }
16625
+ #
16626
+ # @!attribute [rw] is_mfa_delete_enabled
16627
+ # Specifies whether MFA delete is currently enabled in the S3 bucket
16628
+ # versioning configuration. If the S3 bucket was never configured with
16629
+ # MFA delete, then this attribute is not included.
16630
+ # @return [Boolean]
16631
+ #
16632
+ # @!attribute [rw] status
16633
+ # The versioning status of the S3 bucket.
16634
+ # @return [String]
16635
+ #
16636
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketVersioningConfiguration AWS API Documentation
16637
+ #
16638
+ class AwsS3BucketBucketVersioningConfiguration < Struct.new(
16639
+ :is_mfa_delete_enabled,
16640
+ :status)
16641
+ SENSITIVE = []
16642
+ include Aws::Structure
16643
+ end
16644
+
15968
16645
  # The details of an Amazon S3 bucket.
15969
16646
  #
15970
16647
  # @note When making an API call, you may pass AwsS3BucketDetails
@@ -16087,6 +16764,10 @@ module Aws::SecurityHub
16087
16764
  # },
16088
16765
  # ],
16089
16766
  # },
16767
+ # bucket_versioning_configuration: {
16768
+ # is_mfa_delete_enabled: false,
16769
+ # status: "NonEmptyString",
16770
+ # },
16090
16771
  # }
16091
16772
  #
16092
16773
  # @!attribute [rw] owner_id
@@ -16143,6 +16824,10 @@ module Aws::SecurityHub
16143
16824
  # The notification configuration for the S3 bucket.
16144
16825
  # @return [Types::AwsS3BucketNotificationConfiguration]
16145
16826
  #
16827
+ # @!attribute [rw] bucket_versioning_configuration
16828
+ # The versioning state of an S3 bucket.
16829
+ # @return [Types::AwsS3BucketBucketVersioningConfiguration]
16830
+ #
16146
16831
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
16147
16832
  #
16148
16833
  class AwsS3BucketDetails < Struct.new(
@@ -16156,7 +16841,8 @@ module Aws::SecurityHub
16156
16841
  :access_control_list,
16157
16842
  :bucket_logging_configuration,
16158
16843
  :bucket_website_configuration,
16159
- :bucket_notification_configuration)
16844
+ :bucket_notification_configuration,
16845
+ :bucket_versioning_configuration)
16160
16846
  SENSITIVE = []
16161
16847
  include Aws::Structure
16162
16848
  end
@@ -17077,6 +17763,34 @@ module Aws::SecurityHub
17077
17763
  # health_check_type: "NonEmptyString",
17078
17764
  # health_check_grace_period: 1,
17079
17765
  # created_time: "NonEmptyString",
17766
+ # mixed_instances_policy: {
17767
+ # instances_distribution: {
17768
+ # on_demand_allocation_strategy: "NonEmptyString",
17769
+ # on_demand_base_capacity: 1,
17770
+ # on_demand_percentage_above_base_capacity: 1,
17771
+ # spot_allocation_strategy: "NonEmptyString",
17772
+ # spot_instance_pools: 1,
17773
+ # spot_max_price: "NonEmptyString",
17774
+ # },
17775
+ # launch_template: {
17776
+ # launch_template_specification: {
17777
+ # launch_template_id: "NonEmptyString",
17778
+ # launch_template_name: "NonEmptyString",
17779
+ # version: "NonEmptyString",
17780
+ # },
17781
+ # overrides: [
17782
+ # {
17783
+ # instance_type: "NonEmptyString",
17784
+ # weighted_capacity: "NonEmptyString",
17785
+ # },
17786
+ # ],
17787
+ # },
17788
+ # },
17789
+ # availability_zones: [
17790
+ # {
17791
+ # value: "NonEmptyString",
17792
+ # },
17793
+ # ],
17080
17794
  # },
17081
17795
  # aws_code_build_project: {
17082
17796
  # encryption_key: "NonEmptyString",
@@ -17647,6 +18361,10 @@ module Aws::SecurityHub
17647
18361
  # },
17648
18362
  # ],
17649
18363
  # },
18364
+ # bucket_versioning_configuration: {
18365
+ # is_mfa_delete_enabled: false,
18366
+ # status: "NonEmptyString",
18367
+ # },
17650
18368
  # },
17651
18369
  # aws_s3_account_public_access_block: {
17652
18370
  # block_public_acls: false,
@@ -19061,6 +19779,11 @@ module Aws::SecurityHub
19061
19779
  # security_groups: ["NonEmptyString"],
19062
19780
  # spot_price: "NonEmptyString",
19063
19781
  # user_data: "NonEmptyString",
19782
+ # metadata_options: {
19783
+ # http_endpoint: "NonEmptyString",
19784
+ # http_put_response_hop_limit: 1,
19785
+ # http_tokens: "NonEmptyString",
19786
+ # },
19064
19787
  # },
19065
19788
  # aws_ec2_vpn_connection: {
19066
19789
  # vpn_connection_id: "NonEmptyString",
@@ -19270,6 +19993,157 @@ module Aws::SecurityHub
19270
19993
  # ],
19271
19994
  # },
19272
19995
  # },
19996
+ # aws_network_firewall_firewall_policy: {
19997
+ # firewall_policy: {
19998
+ # stateful_rule_group_references: [
19999
+ # {
20000
+ # resource_arn: "NonEmptyString",
20001
+ # },
20002
+ # ],
20003
+ # stateless_custom_actions: [
20004
+ # {
20005
+ # action_definition: {
20006
+ # publish_metric_action: {
20007
+ # dimensions: [
20008
+ # {
20009
+ # value: "NonEmptyString",
20010
+ # },
20011
+ # ],
20012
+ # },
20013
+ # },
20014
+ # action_name: "NonEmptyString",
20015
+ # },
20016
+ # ],
20017
+ # stateless_default_actions: ["NonEmptyString"],
20018
+ # stateless_fragment_default_actions: ["NonEmptyString"],
20019
+ # stateless_rule_group_references: [
20020
+ # {
20021
+ # priority: 1,
20022
+ # resource_arn: "NonEmptyString",
20023
+ # },
20024
+ # ],
20025
+ # },
20026
+ # firewall_policy_arn: "NonEmptyString",
20027
+ # firewall_policy_id: "NonEmptyString",
20028
+ # firewall_policy_name: "NonEmptyString",
20029
+ # description: "NonEmptyString",
20030
+ # },
20031
+ # aws_network_firewall_firewall: {
20032
+ # delete_protection: false,
20033
+ # description: "NonEmptyString",
20034
+ # firewall_arn: "NonEmptyString",
20035
+ # firewall_id: "NonEmptyString",
20036
+ # firewall_name: "NonEmptyString",
20037
+ # firewall_policy_arn: "NonEmptyString",
20038
+ # firewall_policy_change_protection: false,
20039
+ # subnet_change_protection: false,
20040
+ # subnet_mappings: [
20041
+ # {
20042
+ # subnet_id: "NonEmptyString",
20043
+ # },
20044
+ # ],
20045
+ # vpc_id: "NonEmptyString",
20046
+ # },
20047
+ # aws_network_firewall_rule_group: {
20048
+ # capacity: 1,
20049
+ # description: "NonEmptyString",
20050
+ # rule_group: {
20051
+ # rule_variables: {
20052
+ # ip_sets: {
20053
+ # definition: ["NonEmptyString"],
20054
+ # },
20055
+ # port_sets: {
20056
+ # definition: ["NonEmptyString"],
20057
+ # },
20058
+ # },
20059
+ # rules_source: {
20060
+ # rules_source_list: {
20061
+ # generated_rules_type: "NonEmptyString",
20062
+ # target_types: ["NonEmptyString"],
20063
+ # targets: ["NonEmptyString"],
20064
+ # },
20065
+ # rules_string: "NonEmptyString",
20066
+ # stateful_rules: [
20067
+ # {
20068
+ # action: "NonEmptyString",
20069
+ # header: {
20070
+ # destination: "NonEmptyString",
20071
+ # destination_port: "NonEmptyString",
20072
+ # direction: "NonEmptyString",
20073
+ # protocol: "NonEmptyString",
20074
+ # source: "NonEmptyString",
20075
+ # source_port: "NonEmptyString",
20076
+ # },
20077
+ # rule_options: [
20078
+ # {
20079
+ # keyword: "NonEmptyString",
20080
+ # settings: ["NonEmptyString"],
20081
+ # },
20082
+ # ],
20083
+ # },
20084
+ # ],
20085
+ # stateless_rules_and_custom_actions: {
20086
+ # custom_actions: [
20087
+ # {
20088
+ # action_definition: {
20089
+ # publish_metric_action: {
20090
+ # dimensions: [
20091
+ # {
20092
+ # value: "NonEmptyString",
20093
+ # },
20094
+ # ],
20095
+ # },
20096
+ # },
20097
+ # action_name: "NonEmptyString",
20098
+ # },
20099
+ # ],
20100
+ # stateless_rules: [
20101
+ # {
20102
+ # priority: 1,
20103
+ # rule_definition: {
20104
+ # actions: ["NonEmptyString"],
20105
+ # match_attributes: {
20106
+ # destination_ports: [
20107
+ # {
20108
+ # from_port: 1,
20109
+ # to_port: 1,
20110
+ # },
20111
+ # ],
20112
+ # destinations: [
20113
+ # {
20114
+ # address_definition: "NonEmptyString",
20115
+ # },
20116
+ # ],
20117
+ # protocols: [1],
20118
+ # source_ports: [
20119
+ # {
20120
+ # from_port: 1,
20121
+ # to_port: 1,
20122
+ # },
20123
+ # ],
20124
+ # sources: [
20125
+ # {
20126
+ # address_definition: "NonEmptyString",
20127
+ # },
20128
+ # ],
20129
+ # tcp_flags: [
20130
+ # {
20131
+ # flags: ["NonEmptyString"],
20132
+ # masks: ["NonEmptyString"],
20133
+ # },
20134
+ # ],
20135
+ # },
20136
+ # },
20137
+ # },
20138
+ # ],
20139
+ # },
20140
+ # },
20141
+ # },
20142
+ # rule_group_arn: "NonEmptyString",
20143
+ # rule_group_id: "NonEmptyString",
20144
+ # rule_group_name: "NonEmptyString",
20145
+ # type: "NonEmptyString",
20146
+ # },
19273
20147
  # },
19274
20148
  # },
19275
20149
  # ],
@@ -20805,9 +21679,9 @@ module Aws::SecurityHub
20805
21679
  # Security Hub also resets the workflow status from `NOTIFIED` or
20806
21680
  # `RESOLVED` to `NEW` in the following cases:
20807
21681
  #
20808
- # * The record state changes from `ARCHIVED` to `ACTIVE`.
21682
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
20809
21683
  #
20810
- # * The compliance status changes from `PASSED` to either `WARNING`,
21684
+ # * `Compliance.Status` changes from `PASSED` to either `WARNING`,
20811
21685
  # `FAILED`, or `NOT_AVAILABLE`.
20812
21686
  #
20813
21687
  # * `NOTIFIED` - Indicates that the resource owner has been notified
@@ -20815,11 +21689,36 @@ module Aws::SecurityHub
20815
21689
  # the resource owner, and needs intervention from the resource
20816
21690
  # owner.
20817
21691
  #
20818
- # * `SUPPRESSED` - The finding will not be reviewed again and will not
20819
- # be acted upon.
21692
+ # If one of the following occurs, the workflow status is changed
21693
+ # automatically from `NOTIFIED` to `NEW`\:
21694
+ #
21695
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
21696
+ #
21697
+ # * `Compliance.Status` changes from `PASSED` to `FAILED`,
21698
+ # `WARNING`, or `NOT_AVAILABLE`.
21699
+ #
21700
+ # * `SUPPRESSED` - Indicates that you reviewed the finding and do not
21701
+ # believe that any action is needed.
21702
+ #
21703
+ # The workflow status of a `SUPPRESSED` finding does not change if
21704
+ # `RecordState` changes from `ARCHIVED` to `ACTIVE`.
20820
21705
  #
20821
21706
  # * `RESOLVED` - The finding was reviewed and remediated and is now
20822
21707
  # considered resolved.
21708
+ #
21709
+ # The finding remains `RESOLVED` unless one of the following occurs:
21710
+ #
21711
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
21712
+ #
21713
+ # * `Compliance.Status` changes from `PASSED` to `FAILED`,
21714
+ # `WARNING`, or `NOT_AVAILABLE`.
21715
+ #
21716
+ # In those cases, the workflow status is automatically reset to
21717
+ # `NEW`.
21718
+ #
21719
+ # For findings from controls, if `Compliance.Status` is `PASSED`,
21720
+ # then Security Hub automatically sets the workflow status to
21721
+ # `RESOLVED`.
20823
21722
  # @return [Array<Types::StringFilter>]
20824
21723
  #
20825
21724
  # @!attribute [rw] record_state
@@ -22102,6 +23001,34 @@ module Aws::SecurityHub
22102
23001
  # health_check_type: "NonEmptyString",
22103
23002
  # health_check_grace_period: 1,
22104
23003
  # created_time: "NonEmptyString",
23004
+ # mixed_instances_policy: {
23005
+ # instances_distribution: {
23006
+ # on_demand_allocation_strategy: "NonEmptyString",
23007
+ # on_demand_base_capacity: 1,
23008
+ # on_demand_percentage_above_base_capacity: 1,
23009
+ # spot_allocation_strategy: "NonEmptyString",
23010
+ # spot_instance_pools: 1,
23011
+ # spot_max_price: "NonEmptyString",
23012
+ # },
23013
+ # launch_template: {
23014
+ # launch_template_specification: {
23015
+ # launch_template_id: "NonEmptyString",
23016
+ # launch_template_name: "NonEmptyString",
23017
+ # version: "NonEmptyString",
23018
+ # },
23019
+ # overrides: [
23020
+ # {
23021
+ # instance_type: "NonEmptyString",
23022
+ # weighted_capacity: "NonEmptyString",
23023
+ # },
23024
+ # ],
23025
+ # },
23026
+ # },
23027
+ # availability_zones: [
23028
+ # {
23029
+ # value: "NonEmptyString",
23030
+ # },
23031
+ # ],
22105
23032
  # },
22106
23033
  # aws_code_build_project: {
22107
23034
  # encryption_key: "NonEmptyString",
@@ -22672,6 +23599,10 @@ module Aws::SecurityHub
22672
23599
  # },
22673
23600
  # ],
22674
23601
  # },
23602
+ # bucket_versioning_configuration: {
23603
+ # is_mfa_delete_enabled: false,
23604
+ # status: "NonEmptyString",
23605
+ # },
22675
23606
  # },
22676
23607
  # aws_s3_account_public_access_block: {
22677
23608
  # block_public_acls: false,
@@ -24086,6 +25017,11 @@ module Aws::SecurityHub
24086
25017
  # security_groups: ["NonEmptyString"],
24087
25018
  # spot_price: "NonEmptyString",
24088
25019
  # user_data: "NonEmptyString",
25020
+ # metadata_options: {
25021
+ # http_endpoint: "NonEmptyString",
25022
+ # http_put_response_hop_limit: 1,
25023
+ # http_tokens: "NonEmptyString",
25024
+ # },
24089
25025
  # },
24090
25026
  # aws_ec2_vpn_connection: {
24091
25027
  # vpn_connection_id: "NonEmptyString",
@@ -24295,6 +25231,157 @@ module Aws::SecurityHub
24295
25231
  # ],
24296
25232
  # },
24297
25233
  # },
25234
+ # aws_network_firewall_firewall_policy: {
25235
+ # firewall_policy: {
25236
+ # stateful_rule_group_references: [
25237
+ # {
25238
+ # resource_arn: "NonEmptyString",
25239
+ # },
25240
+ # ],
25241
+ # stateless_custom_actions: [
25242
+ # {
25243
+ # action_definition: {
25244
+ # publish_metric_action: {
25245
+ # dimensions: [
25246
+ # {
25247
+ # value: "NonEmptyString",
25248
+ # },
25249
+ # ],
25250
+ # },
25251
+ # },
25252
+ # action_name: "NonEmptyString",
25253
+ # },
25254
+ # ],
25255
+ # stateless_default_actions: ["NonEmptyString"],
25256
+ # stateless_fragment_default_actions: ["NonEmptyString"],
25257
+ # stateless_rule_group_references: [
25258
+ # {
25259
+ # priority: 1,
25260
+ # resource_arn: "NonEmptyString",
25261
+ # },
25262
+ # ],
25263
+ # },
25264
+ # firewall_policy_arn: "NonEmptyString",
25265
+ # firewall_policy_id: "NonEmptyString",
25266
+ # firewall_policy_name: "NonEmptyString",
25267
+ # description: "NonEmptyString",
25268
+ # },
25269
+ # aws_network_firewall_firewall: {
25270
+ # delete_protection: false,
25271
+ # description: "NonEmptyString",
25272
+ # firewall_arn: "NonEmptyString",
25273
+ # firewall_id: "NonEmptyString",
25274
+ # firewall_name: "NonEmptyString",
25275
+ # firewall_policy_arn: "NonEmptyString",
25276
+ # firewall_policy_change_protection: false,
25277
+ # subnet_change_protection: false,
25278
+ # subnet_mappings: [
25279
+ # {
25280
+ # subnet_id: "NonEmptyString",
25281
+ # },
25282
+ # ],
25283
+ # vpc_id: "NonEmptyString",
25284
+ # },
25285
+ # aws_network_firewall_rule_group: {
25286
+ # capacity: 1,
25287
+ # description: "NonEmptyString",
25288
+ # rule_group: {
25289
+ # rule_variables: {
25290
+ # ip_sets: {
25291
+ # definition: ["NonEmptyString"],
25292
+ # },
25293
+ # port_sets: {
25294
+ # definition: ["NonEmptyString"],
25295
+ # },
25296
+ # },
25297
+ # rules_source: {
25298
+ # rules_source_list: {
25299
+ # generated_rules_type: "NonEmptyString",
25300
+ # target_types: ["NonEmptyString"],
25301
+ # targets: ["NonEmptyString"],
25302
+ # },
25303
+ # rules_string: "NonEmptyString",
25304
+ # stateful_rules: [
25305
+ # {
25306
+ # action: "NonEmptyString",
25307
+ # header: {
25308
+ # destination: "NonEmptyString",
25309
+ # destination_port: "NonEmptyString",
25310
+ # direction: "NonEmptyString",
25311
+ # protocol: "NonEmptyString",
25312
+ # source: "NonEmptyString",
25313
+ # source_port: "NonEmptyString",
25314
+ # },
25315
+ # rule_options: [
25316
+ # {
25317
+ # keyword: "NonEmptyString",
25318
+ # settings: ["NonEmptyString"],
25319
+ # },
25320
+ # ],
25321
+ # },
25322
+ # ],
25323
+ # stateless_rules_and_custom_actions: {
25324
+ # custom_actions: [
25325
+ # {
25326
+ # action_definition: {
25327
+ # publish_metric_action: {
25328
+ # dimensions: [
25329
+ # {
25330
+ # value: "NonEmptyString",
25331
+ # },
25332
+ # ],
25333
+ # },
25334
+ # },
25335
+ # action_name: "NonEmptyString",
25336
+ # },
25337
+ # ],
25338
+ # stateless_rules: [
25339
+ # {
25340
+ # priority: 1,
25341
+ # rule_definition: {
25342
+ # actions: ["NonEmptyString"],
25343
+ # match_attributes: {
25344
+ # destination_ports: [
25345
+ # {
25346
+ # from_port: 1,
25347
+ # to_port: 1,
25348
+ # },
25349
+ # ],
25350
+ # destinations: [
25351
+ # {
25352
+ # address_definition: "NonEmptyString",
25353
+ # },
25354
+ # ],
25355
+ # protocols: [1],
25356
+ # source_ports: [
25357
+ # {
25358
+ # from_port: 1,
25359
+ # to_port: 1,
25360
+ # },
25361
+ # ],
25362
+ # sources: [
25363
+ # {
25364
+ # address_definition: "NonEmptyString",
25365
+ # },
25366
+ # ],
25367
+ # tcp_flags: [
25368
+ # {
25369
+ # flags: ["NonEmptyString"],
25370
+ # masks: ["NonEmptyString"],
25371
+ # },
25372
+ # ],
25373
+ # },
25374
+ # },
25375
+ # },
25376
+ # ],
25377
+ # },
25378
+ # },
25379
+ # },
25380
+ # rule_group_arn: "NonEmptyString",
25381
+ # rule_group_id: "NonEmptyString",
25382
+ # rule_group_name: "NonEmptyString",
25383
+ # type: "NonEmptyString",
25384
+ # },
24298
25385
  # },
24299
25386
  # },
24300
25387
  # ],
@@ -27232,6 +28319,167 @@ module Aws::SecurityHub
27232
28319
  include Aws::Structure
27233
28320
  end
27234
28321
 
28322
+ # Defines the behavior of the firewall.
28323
+ #
28324
+ # @note When making an API call, you may pass FirewallPolicyDetails
28325
+ # data as a hash:
28326
+ #
28327
+ # {
28328
+ # stateful_rule_group_references: [
28329
+ # {
28330
+ # resource_arn: "NonEmptyString",
28331
+ # },
28332
+ # ],
28333
+ # stateless_custom_actions: [
28334
+ # {
28335
+ # action_definition: {
28336
+ # publish_metric_action: {
28337
+ # dimensions: [
28338
+ # {
28339
+ # value: "NonEmptyString",
28340
+ # },
28341
+ # ],
28342
+ # },
28343
+ # },
28344
+ # action_name: "NonEmptyString",
28345
+ # },
28346
+ # ],
28347
+ # stateless_default_actions: ["NonEmptyString"],
28348
+ # stateless_fragment_default_actions: ["NonEmptyString"],
28349
+ # stateless_rule_group_references: [
28350
+ # {
28351
+ # priority: 1,
28352
+ # resource_arn: "NonEmptyString",
28353
+ # },
28354
+ # ],
28355
+ # }
28356
+ #
28357
+ # @!attribute [rw] stateful_rule_group_references
28358
+ # The stateful rule groups that are used in the firewall policy.
28359
+ # @return [Array<Types::FirewallPolicyStatefulRuleGroupReferencesDetails>]
28360
+ #
28361
+ # @!attribute [rw] stateless_custom_actions
28362
+ # The custom action definitions that are available to use in the
28363
+ # firewall policy's `StatelessDefaultActions` setting.
28364
+ # @return [Array<Types::FirewallPolicyStatelessCustomActionsDetails>]
28365
+ #
28366
+ # @!attribute [rw] stateless_default_actions
28367
+ # The actions to take on a packet if it doesn't match any of the
28368
+ # stateless rules in the policy.
28369
+ #
28370
+ # You must specify a standard action (`aws:pass`, `aws:drop`,
28371
+ # `aws:forward_to_sfe`), and can optionally include a custom action
28372
+ # from `StatelessCustomActions`.
28373
+ # @return [Array<String>]
28374
+ #
28375
+ # @!attribute [rw] stateless_fragment_default_actions
28376
+ # The actions to take on a fragmented UDP packet if it doesn't match
28377
+ # any of the stateless rules in the policy.
28378
+ #
28379
+ # You must specify a standard action (`aws:pass`, `aws:drop`,
28380
+ # `aws:forward_to_sfe`), and can optionally include a custom action
28381
+ # from `StatelessCustomActions`.
28382
+ # @return [Array<String>]
28383
+ #
28384
+ # @!attribute [rw] stateless_rule_group_references
28385
+ # The stateless rule groups that are used in the firewall policy.
28386
+ # @return [Array<Types::FirewallPolicyStatelessRuleGroupReferencesDetails>]
28387
+ #
28388
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyDetails AWS API Documentation
28389
+ #
28390
+ class FirewallPolicyDetails < Struct.new(
28391
+ :stateful_rule_group_references,
28392
+ :stateless_custom_actions,
28393
+ :stateless_default_actions,
28394
+ :stateless_fragment_default_actions,
28395
+ :stateless_rule_group_references)
28396
+ SENSITIVE = []
28397
+ include Aws::Structure
28398
+ end
28399
+
28400
+ # A stateful rule group that is used by the firewall policy.
28401
+ #
28402
+ # @note When making an API call, you may pass FirewallPolicyStatefulRuleGroupReferencesDetails
28403
+ # data as a hash:
28404
+ #
28405
+ # {
28406
+ # resource_arn: "NonEmptyString",
28407
+ # }
28408
+ #
28409
+ # @!attribute [rw] resource_arn
28410
+ # The ARN of the stateful rule group.
28411
+ # @return [String]
28412
+ #
28413
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatefulRuleGroupReferencesDetails AWS API Documentation
28414
+ #
28415
+ class FirewallPolicyStatefulRuleGroupReferencesDetails < Struct.new(
28416
+ :resource_arn)
28417
+ SENSITIVE = []
28418
+ include Aws::Structure
28419
+ end
28420
+
28421
+ # A custom action that can be used for stateless packet handling.
28422
+ #
28423
+ # @note When making an API call, you may pass FirewallPolicyStatelessCustomActionsDetails
28424
+ # data as a hash:
28425
+ #
28426
+ # {
28427
+ # action_definition: {
28428
+ # publish_metric_action: {
28429
+ # dimensions: [
28430
+ # {
28431
+ # value: "NonEmptyString",
28432
+ # },
28433
+ # ],
28434
+ # },
28435
+ # },
28436
+ # action_name: "NonEmptyString",
28437
+ # }
28438
+ #
28439
+ # @!attribute [rw] action_definition
28440
+ # The definition of the custom action.
28441
+ # @return [Types::StatelessCustomActionDefinition]
28442
+ #
28443
+ # @!attribute [rw] action_name
28444
+ # The name of the custom action.
28445
+ # @return [String]
28446
+ #
28447
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessCustomActionsDetails AWS API Documentation
28448
+ #
28449
+ class FirewallPolicyStatelessCustomActionsDetails < Struct.new(
28450
+ :action_definition,
28451
+ :action_name)
28452
+ SENSITIVE = []
28453
+ include Aws::Structure
28454
+ end
28455
+
28456
+ # A stateless rule group that is used by the firewall policy.
28457
+ #
28458
+ # @note When making an API call, you may pass FirewallPolicyStatelessRuleGroupReferencesDetails
28459
+ # data as a hash:
28460
+ #
28461
+ # {
28462
+ # priority: 1,
28463
+ # resource_arn: "NonEmptyString",
28464
+ # }
28465
+ #
28466
+ # @!attribute [rw] priority
28467
+ # The order in which to run the stateless rule group.
28468
+ # @return [Integer]
28469
+ #
28470
+ # @!attribute [rw] resource_arn
28471
+ # The ARN of the stateless rule group.
28472
+ # @return [String]
28473
+ #
28474
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessRuleGroupReferencesDetails AWS API Documentation
28475
+ #
28476
+ class FirewallPolicyStatelessRuleGroupReferencesDetails < Struct.new(
28477
+ :priority,
28478
+ :resource_arn)
28479
+ SENSITIVE = []
28480
+ include Aws::Structure
28481
+ end
28482
+
27235
28483
  # Provides the latitude and longitude coordinates of a location.
27236
28484
  #
27237
28485
  # @note When making an API call, you may pass GeoLocation
@@ -30408,6 +31656,34 @@ module Aws::SecurityHub
30408
31656
  # health_check_type: "NonEmptyString",
30409
31657
  # health_check_grace_period: 1,
30410
31658
  # created_time: "NonEmptyString",
31659
+ # mixed_instances_policy: {
31660
+ # instances_distribution: {
31661
+ # on_demand_allocation_strategy: "NonEmptyString",
31662
+ # on_demand_base_capacity: 1,
31663
+ # on_demand_percentage_above_base_capacity: 1,
31664
+ # spot_allocation_strategy: "NonEmptyString",
31665
+ # spot_instance_pools: 1,
31666
+ # spot_max_price: "NonEmptyString",
31667
+ # },
31668
+ # launch_template: {
31669
+ # launch_template_specification: {
31670
+ # launch_template_id: "NonEmptyString",
31671
+ # launch_template_name: "NonEmptyString",
31672
+ # version: "NonEmptyString",
31673
+ # },
31674
+ # overrides: [
31675
+ # {
31676
+ # instance_type: "NonEmptyString",
31677
+ # weighted_capacity: "NonEmptyString",
31678
+ # },
31679
+ # ],
31680
+ # },
31681
+ # },
31682
+ # availability_zones: [
31683
+ # {
31684
+ # value: "NonEmptyString",
31685
+ # },
31686
+ # ],
30411
31687
  # },
30412
31688
  # aws_code_build_project: {
30413
31689
  # encryption_key: "NonEmptyString",
@@ -30978,6 +32254,10 @@ module Aws::SecurityHub
30978
32254
  # },
30979
32255
  # ],
30980
32256
  # },
32257
+ # bucket_versioning_configuration: {
32258
+ # is_mfa_delete_enabled: false,
32259
+ # status: "NonEmptyString",
32260
+ # },
30981
32261
  # },
30982
32262
  # aws_s3_account_public_access_block: {
30983
32263
  # block_public_acls: false,
@@ -32392,6 +33672,11 @@ module Aws::SecurityHub
32392
33672
  # security_groups: ["NonEmptyString"],
32393
33673
  # spot_price: "NonEmptyString",
32394
33674
  # user_data: "NonEmptyString",
33675
+ # metadata_options: {
33676
+ # http_endpoint: "NonEmptyString",
33677
+ # http_put_response_hop_limit: 1,
33678
+ # http_tokens: "NonEmptyString",
33679
+ # },
32395
33680
  # },
32396
33681
  # aws_ec2_vpn_connection: {
32397
33682
  # vpn_connection_id: "NonEmptyString",
@@ -32601,6 +33886,157 @@ module Aws::SecurityHub
32601
33886
  # ],
32602
33887
  # },
32603
33888
  # },
33889
+ # aws_network_firewall_firewall_policy: {
33890
+ # firewall_policy: {
33891
+ # stateful_rule_group_references: [
33892
+ # {
33893
+ # resource_arn: "NonEmptyString",
33894
+ # },
33895
+ # ],
33896
+ # stateless_custom_actions: [
33897
+ # {
33898
+ # action_definition: {
33899
+ # publish_metric_action: {
33900
+ # dimensions: [
33901
+ # {
33902
+ # value: "NonEmptyString",
33903
+ # },
33904
+ # ],
33905
+ # },
33906
+ # },
33907
+ # action_name: "NonEmptyString",
33908
+ # },
33909
+ # ],
33910
+ # stateless_default_actions: ["NonEmptyString"],
33911
+ # stateless_fragment_default_actions: ["NonEmptyString"],
33912
+ # stateless_rule_group_references: [
33913
+ # {
33914
+ # priority: 1,
33915
+ # resource_arn: "NonEmptyString",
33916
+ # },
33917
+ # ],
33918
+ # },
33919
+ # firewall_policy_arn: "NonEmptyString",
33920
+ # firewall_policy_id: "NonEmptyString",
33921
+ # firewall_policy_name: "NonEmptyString",
33922
+ # description: "NonEmptyString",
33923
+ # },
33924
+ # aws_network_firewall_firewall: {
33925
+ # delete_protection: false,
33926
+ # description: "NonEmptyString",
33927
+ # firewall_arn: "NonEmptyString",
33928
+ # firewall_id: "NonEmptyString",
33929
+ # firewall_name: "NonEmptyString",
33930
+ # firewall_policy_arn: "NonEmptyString",
33931
+ # firewall_policy_change_protection: false,
33932
+ # subnet_change_protection: false,
33933
+ # subnet_mappings: [
33934
+ # {
33935
+ # subnet_id: "NonEmptyString",
33936
+ # },
33937
+ # ],
33938
+ # vpc_id: "NonEmptyString",
33939
+ # },
33940
+ # aws_network_firewall_rule_group: {
33941
+ # capacity: 1,
33942
+ # description: "NonEmptyString",
33943
+ # rule_group: {
33944
+ # rule_variables: {
33945
+ # ip_sets: {
33946
+ # definition: ["NonEmptyString"],
33947
+ # },
33948
+ # port_sets: {
33949
+ # definition: ["NonEmptyString"],
33950
+ # },
33951
+ # },
33952
+ # rules_source: {
33953
+ # rules_source_list: {
33954
+ # generated_rules_type: "NonEmptyString",
33955
+ # target_types: ["NonEmptyString"],
33956
+ # targets: ["NonEmptyString"],
33957
+ # },
33958
+ # rules_string: "NonEmptyString",
33959
+ # stateful_rules: [
33960
+ # {
33961
+ # action: "NonEmptyString",
33962
+ # header: {
33963
+ # destination: "NonEmptyString",
33964
+ # destination_port: "NonEmptyString",
33965
+ # direction: "NonEmptyString",
33966
+ # protocol: "NonEmptyString",
33967
+ # source: "NonEmptyString",
33968
+ # source_port: "NonEmptyString",
33969
+ # },
33970
+ # rule_options: [
33971
+ # {
33972
+ # keyword: "NonEmptyString",
33973
+ # settings: ["NonEmptyString"],
33974
+ # },
33975
+ # ],
33976
+ # },
33977
+ # ],
33978
+ # stateless_rules_and_custom_actions: {
33979
+ # custom_actions: [
33980
+ # {
33981
+ # action_definition: {
33982
+ # publish_metric_action: {
33983
+ # dimensions: [
33984
+ # {
33985
+ # value: "NonEmptyString",
33986
+ # },
33987
+ # ],
33988
+ # },
33989
+ # },
33990
+ # action_name: "NonEmptyString",
33991
+ # },
33992
+ # ],
33993
+ # stateless_rules: [
33994
+ # {
33995
+ # priority: 1,
33996
+ # rule_definition: {
33997
+ # actions: ["NonEmptyString"],
33998
+ # match_attributes: {
33999
+ # destination_ports: [
34000
+ # {
34001
+ # from_port: 1,
34002
+ # to_port: 1,
34003
+ # },
34004
+ # ],
34005
+ # destinations: [
34006
+ # {
34007
+ # address_definition: "NonEmptyString",
34008
+ # },
34009
+ # ],
34010
+ # protocols: [1],
34011
+ # source_ports: [
34012
+ # {
34013
+ # from_port: 1,
34014
+ # to_port: 1,
34015
+ # },
34016
+ # ],
34017
+ # sources: [
34018
+ # {
34019
+ # address_definition: "NonEmptyString",
34020
+ # },
34021
+ # ],
34022
+ # tcp_flags: [
34023
+ # {
34024
+ # flags: ["NonEmptyString"],
34025
+ # masks: ["NonEmptyString"],
34026
+ # },
34027
+ # ],
34028
+ # },
34029
+ # },
34030
+ # },
34031
+ # ],
34032
+ # },
34033
+ # },
34034
+ # },
34035
+ # rule_group_arn: "NonEmptyString",
34036
+ # rule_group_id: "NonEmptyString",
34037
+ # rule_group_name: "NonEmptyString",
34038
+ # type: "NonEmptyString",
34039
+ # },
32604
34040
  # },
32605
34041
  # }
32606
34042
  #
@@ -32703,6 +34139,34 @@ module Aws::SecurityHub
32703
34139
  # health_check_type: "NonEmptyString",
32704
34140
  # health_check_grace_period: 1,
32705
34141
  # created_time: "NonEmptyString",
34142
+ # mixed_instances_policy: {
34143
+ # instances_distribution: {
34144
+ # on_demand_allocation_strategy: "NonEmptyString",
34145
+ # on_demand_base_capacity: 1,
34146
+ # on_demand_percentage_above_base_capacity: 1,
34147
+ # spot_allocation_strategy: "NonEmptyString",
34148
+ # spot_instance_pools: 1,
34149
+ # spot_max_price: "NonEmptyString",
34150
+ # },
34151
+ # launch_template: {
34152
+ # launch_template_specification: {
34153
+ # launch_template_id: "NonEmptyString",
34154
+ # launch_template_name: "NonEmptyString",
34155
+ # version: "NonEmptyString",
34156
+ # },
34157
+ # overrides: [
34158
+ # {
34159
+ # instance_type: "NonEmptyString",
34160
+ # weighted_capacity: "NonEmptyString",
34161
+ # },
34162
+ # ],
34163
+ # },
34164
+ # },
34165
+ # availability_zones: [
34166
+ # {
34167
+ # value: "NonEmptyString",
34168
+ # },
34169
+ # ],
32706
34170
  # },
32707
34171
  # aws_code_build_project: {
32708
34172
  # encryption_key: "NonEmptyString",
@@ -33273,6 +34737,10 @@ module Aws::SecurityHub
33273
34737
  # },
33274
34738
  # ],
33275
34739
  # },
34740
+ # bucket_versioning_configuration: {
34741
+ # is_mfa_delete_enabled: false,
34742
+ # status: "NonEmptyString",
34743
+ # },
33276
34744
  # },
33277
34745
  # aws_s3_account_public_access_block: {
33278
34746
  # block_public_acls: false,
@@ -34687,6 +36155,11 @@ module Aws::SecurityHub
34687
36155
  # security_groups: ["NonEmptyString"],
34688
36156
  # spot_price: "NonEmptyString",
34689
36157
  # user_data: "NonEmptyString",
36158
+ # metadata_options: {
36159
+ # http_endpoint: "NonEmptyString",
36160
+ # http_put_response_hop_limit: 1,
36161
+ # http_tokens: "NonEmptyString",
36162
+ # },
34690
36163
  # },
34691
36164
  # aws_ec2_vpn_connection: {
34692
36165
  # vpn_connection_id: "NonEmptyString",
@@ -34896,6 +36369,157 @@ module Aws::SecurityHub
34896
36369
  # ],
34897
36370
  # },
34898
36371
  # },
36372
+ # aws_network_firewall_firewall_policy: {
36373
+ # firewall_policy: {
36374
+ # stateful_rule_group_references: [
36375
+ # {
36376
+ # resource_arn: "NonEmptyString",
36377
+ # },
36378
+ # ],
36379
+ # stateless_custom_actions: [
36380
+ # {
36381
+ # action_definition: {
36382
+ # publish_metric_action: {
36383
+ # dimensions: [
36384
+ # {
36385
+ # value: "NonEmptyString",
36386
+ # },
36387
+ # ],
36388
+ # },
36389
+ # },
36390
+ # action_name: "NonEmptyString",
36391
+ # },
36392
+ # ],
36393
+ # stateless_default_actions: ["NonEmptyString"],
36394
+ # stateless_fragment_default_actions: ["NonEmptyString"],
36395
+ # stateless_rule_group_references: [
36396
+ # {
36397
+ # priority: 1,
36398
+ # resource_arn: "NonEmptyString",
36399
+ # },
36400
+ # ],
36401
+ # },
36402
+ # firewall_policy_arn: "NonEmptyString",
36403
+ # firewall_policy_id: "NonEmptyString",
36404
+ # firewall_policy_name: "NonEmptyString",
36405
+ # description: "NonEmptyString",
36406
+ # },
36407
+ # aws_network_firewall_firewall: {
36408
+ # delete_protection: false,
36409
+ # description: "NonEmptyString",
36410
+ # firewall_arn: "NonEmptyString",
36411
+ # firewall_id: "NonEmptyString",
36412
+ # firewall_name: "NonEmptyString",
36413
+ # firewall_policy_arn: "NonEmptyString",
36414
+ # firewall_policy_change_protection: false,
36415
+ # subnet_change_protection: false,
36416
+ # subnet_mappings: [
36417
+ # {
36418
+ # subnet_id: "NonEmptyString",
36419
+ # },
36420
+ # ],
36421
+ # vpc_id: "NonEmptyString",
36422
+ # },
36423
+ # aws_network_firewall_rule_group: {
36424
+ # capacity: 1,
36425
+ # description: "NonEmptyString",
36426
+ # rule_group: {
36427
+ # rule_variables: {
36428
+ # ip_sets: {
36429
+ # definition: ["NonEmptyString"],
36430
+ # },
36431
+ # port_sets: {
36432
+ # definition: ["NonEmptyString"],
36433
+ # },
36434
+ # },
36435
+ # rules_source: {
36436
+ # rules_source_list: {
36437
+ # generated_rules_type: "NonEmptyString",
36438
+ # target_types: ["NonEmptyString"],
36439
+ # targets: ["NonEmptyString"],
36440
+ # },
36441
+ # rules_string: "NonEmptyString",
36442
+ # stateful_rules: [
36443
+ # {
36444
+ # action: "NonEmptyString",
36445
+ # header: {
36446
+ # destination: "NonEmptyString",
36447
+ # destination_port: "NonEmptyString",
36448
+ # direction: "NonEmptyString",
36449
+ # protocol: "NonEmptyString",
36450
+ # source: "NonEmptyString",
36451
+ # source_port: "NonEmptyString",
36452
+ # },
36453
+ # rule_options: [
36454
+ # {
36455
+ # keyword: "NonEmptyString",
36456
+ # settings: ["NonEmptyString"],
36457
+ # },
36458
+ # ],
36459
+ # },
36460
+ # ],
36461
+ # stateless_rules_and_custom_actions: {
36462
+ # custom_actions: [
36463
+ # {
36464
+ # action_definition: {
36465
+ # publish_metric_action: {
36466
+ # dimensions: [
36467
+ # {
36468
+ # value: "NonEmptyString",
36469
+ # },
36470
+ # ],
36471
+ # },
36472
+ # },
36473
+ # action_name: "NonEmptyString",
36474
+ # },
36475
+ # ],
36476
+ # stateless_rules: [
36477
+ # {
36478
+ # priority: 1,
36479
+ # rule_definition: {
36480
+ # actions: ["NonEmptyString"],
36481
+ # match_attributes: {
36482
+ # destination_ports: [
36483
+ # {
36484
+ # from_port: 1,
36485
+ # to_port: 1,
36486
+ # },
36487
+ # ],
36488
+ # destinations: [
36489
+ # {
36490
+ # address_definition: "NonEmptyString",
36491
+ # },
36492
+ # ],
36493
+ # protocols: [1],
36494
+ # source_ports: [
36495
+ # {
36496
+ # from_port: 1,
36497
+ # to_port: 1,
36498
+ # },
36499
+ # ],
36500
+ # sources: [
36501
+ # {
36502
+ # address_definition: "NonEmptyString",
36503
+ # },
36504
+ # ],
36505
+ # tcp_flags: [
36506
+ # {
36507
+ # flags: ["NonEmptyString"],
36508
+ # masks: ["NonEmptyString"],
36509
+ # },
36510
+ # ],
36511
+ # },
36512
+ # },
36513
+ # },
36514
+ # ],
36515
+ # },
36516
+ # },
36517
+ # },
36518
+ # rule_group_arn: "NonEmptyString",
36519
+ # rule_group_id: "NonEmptyString",
36520
+ # rule_group_name: "NonEmptyString",
36521
+ # type: "NonEmptyString",
36522
+ # },
34899
36523
  # }
34900
36524
  #
34901
36525
  # @!attribute [rw] aws_auto_scaling_auto_scaling_group
@@ -35149,6 +36773,18 @@ module Aws::SecurityHub
35149
36773
  # Details about an Amazon EKS cluster.
35150
36774
  # @return [Types::AwsEksClusterDetails]
35151
36775
  #
36776
+ # @!attribute [rw] aws_network_firewall_firewall_policy
36777
+ # Details about an Network Firewall firewall policy.
36778
+ # @return [Types::AwsNetworkFirewallFirewallPolicyDetails]
36779
+ #
36780
+ # @!attribute [rw] aws_network_firewall_firewall
36781
+ # Details about an Network Firewall firewall.
36782
+ # @return [Types::AwsNetworkFirewallFirewallDetails]
36783
+ #
36784
+ # @!attribute [rw] aws_network_firewall_rule_group
36785
+ # Details about an Network Firewall rule group.
36786
+ # @return [Types::AwsNetworkFirewallRuleGroupDetails]
36787
+ #
35152
36788
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
35153
36789
  #
35154
36790
  class ResourceDetails < Struct.new(
@@ -35210,7 +36846,10 @@ module Aws::SecurityHub
35210
36846
  :aws_waf_rate_based_rule,
35211
36847
  :aws_waf_regional_rate_based_rule,
35212
36848
  :aws_ecr_repository,
35213
- :aws_eks_cluster)
36849
+ :aws_eks_cluster,
36850
+ :aws_network_firewall_firewall_policy,
36851
+ :aws_network_firewall_firewall,
36852
+ :aws_network_firewall_rule_group)
35214
36853
  SENSITIVE = []
35215
36854
  include Aws::Structure
35216
36855
  end
@@ -35253,6 +36892,931 @@ module Aws::SecurityHub
35253
36892
  include Aws::Structure
35254
36893
  end
35255
36894
 
36895
+ # Details about the rule group.
36896
+ #
36897
+ # @note When making an API call, you may pass RuleGroupDetails
36898
+ # data as a hash:
36899
+ #
36900
+ # {
36901
+ # rule_variables: {
36902
+ # ip_sets: {
36903
+ # definition: ["NonEmptyString"],
36904
+ # },
36905
+ # port_sets: {
36906
+ # definition: ["NonEmptyString"],
36907
+ # },
36908
+ # },
36909
+ # rules_source: {
36910
+ # rules_source_list: {
36911
+ # generated_rules_type: "NonEmptyString",
36912
+ # target_types: ["NonEmptyString"],
36913
+ # targets: ["NonEmptyString"],
36914
+ # },
36915
+ # rules_string: "NonEmptyString",
36916
+ # stateful_rules: [
36917
+ # {
36918
+ # action: "NonEmptyString",
36919
+ # header: {
36920
+ # destination: "NonEmptyString",
36921
+ # destination_port: "NonEmptyString",
36922
+ # direction: "NonEmptyString",
36923
+ # protocol: "NonEmptyString",
36924
+ # source: "NonEmptyString",
36925
+ # source_port: "NonEmptyString",
36926
+ # },
36927
+ # rule_options: [
36928
+ # {
36929
+ # keyword: "NonEmptyString",
36930
+ # settings: ["NonEmptyString"],
36931
+ # },
36932
+ # ],
36933
+ # },
36934
+ # ],
36935
+ # stateless_rules_and_custom_actions: {
36936
+ # custom_actions: [
36937
+ # {
36938
+ # action_definition: {
36939
+ # publish_metric_action: {
36940
+ # dimensions: [
36941
+ # {
36942
+ # value: "NonEmptyString",
36943
+ # },
36944
+ # ],
36945
+ # },
36946
+ # },
36947
+ # action_name: "NonEmptyString",
36948
+ # },
36949
+ # ],
36950
+ # stateless_rules: [
36951
+ # {
36952
+ # priority: 1,
36953
+ # rule_definition: {
36954
+ # actions: ["NonEmptyString"],
36955
+ # match_attributes: {
36956
+ # destination_ports: [
36957
+ # {
36958
+ # from_port: 1,
36959
+ # to_port: 1,
36960
+ # },
36961
+ # ],
36962
+ # destinations: [
36963
+ # {
36964
+ # address_definition: "NonEmptyString",
36965
+ # },
36966
+ # ],
36967
+ # protocols: [1],
36968
+ # source_ports: [
36969
+ # {
36970
+ # from_port: 1,
36971
+ # to_port: 1,
36972
+ # },
36973
+ # ],
36974
+ # sources: [
36975
+ # {
36976
+ # address_definition: "NonEmptyString",
36977
+ # },
36978
+ # ],
36979
+ # tcp_flags: [
36980
+ # {
36981
+ # flags: ["NonEmptyString"],
36982
+ # masks: ["NonEmptyString"],
36983
+ # },
36984
+ # ],
36985
+ # },
36986
+ # },
36987
+ # },
36988
+ # ],
36989
+ # },
36990
+ # },
36991
+ # }
36992
+ #
36993
+ # @!attribute [rw] rule_variables
36994
+ # Additional settings to use in the specified rules.
36995
+ # @return [Types::RuleGroupVariables]
36996
+ #
36997
+ # @!attribute [rw] rules_source
36998
+ # The rules and actions for the rule group.
36999
+ #
37000
+ # For stateful rule groups, can contain `RulesString`,
37001
+ # `RulesSourceList`, or `StatefulRules`.
37002
+ #
37003
+ # For stateless rule groups, contains
37004
+ # `StatelessRulesAndCustomActions`.
37005
+ # @return [Types::RuleGroupSource]
37006
+ #
37007
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupDetails AWS API Documentation
37008
+ #
37009
+ class RuleGroupDetails < Struct.new(
37010
+ :rule_variables,
37011
+ :rules_source)
37012
+ SENSITIVE = []
37013
+ include Aws::Structure
37014
+ end
37015
+
37016
+ # The rules and actions for the rule group.
37017
+ #
37018
+ # @note When making an API call, you may pass RuleGroupSource
37019
+ # data as a hash:
37020
+ #
37021
+ # {
37022
+ # rules_source_list: {
37023
+ # generated_rules_type: "NonEmptyString",
37024
+ # target_types: ["NonEmptyString"],
37025
+ # targets: ["NonEmptyString"],
37026
+ # },
37027
+ # rules_string: "NonEmptyString",
37028
+ # stateful_rules: [
37029
+ # {
37030
+ # action: "NonEmptyString",
37031
+ # header: {
37032
+ # destination: "NonEmptyString",
37033
+ # destination_port: "NonEmptyString",
37034
+ # direction: "NonEmptyString",
37035
+ # protocol: "NonEmptyString",
37036
+ # source: "NonEmptyString",
37037
+ # source_port: "NonEmptyString",
37038
+ # },
37039
+ # rule_options: [
37040
+ # {
37041
+ # keyword: "NonEmptyString",
37042
+ # settings: ["NonEmptyString"],
37043
+ # },
37044
+ # ],
37045
+ # },
37046
+ # ],
37047
+ # stateless_rules_and_custom_actions: {
37048
+ # custom_actions: [
37049
+ # {
37050
+ # action_definition: {
37051
+ # publish_metric_action: {
37052
+ # dimensions: [
37053
+ # {
37054
+ # value: "NonEmptyString",
37055
+ # },
37056
+ # ],
37057
+ # },
37058
+ # },
37059
+ # action_name: "NonEmptyString",
37060
+ # },
37061
+ # ],
37062
+ # stateless_rules: [
37063
+ # {
37064
+ # priority: 1,
37065
+ # rule_definition: {
37066
+ # actions: ["NonEmptyString"],
37067
+ # match_attributes: {
37068
+ # destination_ports: [
37069
+ # {
37070
+ # from_port: 1,
37071
+ # to_port: 1,
37072
+ # },
37073
+ # ],
37074
+ # destinations: [
37075
+ # {
37076
+ # address_definition: "NonEmptyString",
37077
+ # },
37078
+ # ],
37079
+ # protocols: [1],
37080
+ # source_ports: [
37081
+ # {
37082
+ # from_port: 1,
37083
+ # to_port: 1,
37084
+ # },
37085
+ # ],
37086
+ # sources: [
37087
+ # {
37088
+ # address_definition: "NonEmptyString",
37089
+ # },
37090
+ # ],
37091
+ # tcp_flags: [
37092
+ # {
37093
+ # flags: ["NonEmptyString"],
37094
+ # masks: ["NonEmptyString"],
37095
+ # },
37096
+ # ],
37097
+ # },
37098
+ # },
37099
+ # },
37100
+ # ],
37101
+ # },
37102
+ # }
37103
+ #
37104
+ # @!attribute [rw] rules_source_list
37105
+ # Stateful inspection criteria for a domain list rule group. A domain
37106
+ # list rule group determines access by specific protocols to specific
37107
+ # domains.
37108
+ # @return [Types::RuleGroupSourceListDetails]
37109
+ #
37110
+ # @!attribute [rw] rules_string
37111
+ # Stateful inspection criteria, provided in Suricata compatible
37112
+ # intrusion prevention system (IPS) rules.
37113
+ # @return [String]
37114
+ #
37115
+ # @!attribute [rw] stateful_rules
37116
+ # Suricata rule specifications.
37117
+ # @return [Array<Types::RuleGroupSourceStatefulRulesDetails>]
37118
+ #
37119
+ # @!attribute [rw] stateless_rules_and_custom_actions
37120
+ # The stateless rules and custom actions used by a stateless rule
37121
+ # group.
37122
+ # @return [Types::RuleGroupSourceStatelessRulesAndCustomActionsDetails]
37123
+ #
37124
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSource AWS API Documentation
37125
+ #
37126
+ class RuleGroupSource < Struct.new(
37127
+ :rules_source_list,
37128
+ :rules_string,
37129
+ :stateful_rules,
37130
+ :stateless_rules_and_custom_actions)
37131
+ SENSITIVE = []
37132
+ include Aws::Structure
37133
+ end
37134
+
37135
+ # A custom action definition. A custom action is an optional,
37136
+ # non-standard action to use for stateless packet handling.
37137
+ #
37138
+ # @note When making an API call, you may pass RuleGroupSourceCustomActionsDetails
37139
+ # data as a hash:
37140
+ #
37141
+ # {
37142
+ # action_definition: {
37143
+ # publish_metric_action: {
37144
+ # dimensions: [
37145
+ # {
37146
+ # value: "NonEmptyString",
37147
+ # },
37148
+ # ],
37149
+ # },
37150
+ # },
37151
+ # action_name: "NonEmptyString",
37152
+ # }
37153
+ #
37154
+ # @!attribute [rw] action_definition
37155
+ # The definition of a custom action.
37156
+ # @return [Types::StatelessCustomActionDefinition]
37157
+ #
37158
+ # @!attribute [rw] action_name
37159
+ # A descriptive name of the custom action.
37160
+ # @return [String]
37161
+ #
37162
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceCustomActionsDetails AWS API Documentation
37163
+ #
37164
+ class RuleGroupSourceCustomActionsDetails < Struct.new(
37165
+ :action_definition,
37166
+ :action_name)
37167
+ SENSITIVE = []
37168
+ include Aws::Structure
37169
+ end
37170
+
37171
+ # Stateful inspection criteria for a domain list rule group.
37172
+ #
37173
+ # @note When making an API call, you may pass RuleGroupSourceListDetails
37174
+ # data as a hash:
37175
+ #
37176
+ # {
37177
+ # generated_rules_type: "NonEmptyString",
37178
+ # target_types: ["NonEmptyString"],
37179
+ # targets: ["NonEmptyString"],
37180
+ # }
37181
+ #
37182
+ # @!attribute [rw] generated_rules_type
37183
+ # Indicates whether to allow or deny access to the domains listed in
37184
+ # `Targets`.
37185
+ # @return [String]
37186
+ #
37187
+ # @!attribute [rw] target_types
37188
+ # The protocols that you want to inspect. Specify `LS_SNI` for HTTPS.
37189
+ # Specify `HTTP_HOST` for HTTP. You can specify either or both.
37190
+ # @return [Array<String>]
37191
+ #
37192
+ # @!attribute [rw] targets
37193
+ # The domains that you want to inspect for in your traffic flows. You
37194
+ # can provide full domain names, or use the '.' prefix as a
37195
+ # wildcard. For example, `.example.com` matches all domains that end
37196
+ # with `example.com`.
37197
+ # @return [Array<String>]
37198
+ #
37199
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceListDetails AWS API Documentation
37200
+ #
37201
+ class RuleGroupSourceListDetails < Struct.new(
37202
+ :generated_rules_type,
37203
+ :target_types,
37204
+ :targets)
37205
+ SENSITIVE = []
37206
+ include Aws::Structure
37207
+ end
37208
+
37209
+ # A Suricata rule specification.
37210
+ #
37211
+ # @note When making an API call, you may pass RuleGroupSourceStatefulRulesDetails
37212
+ # data as a hash:
37213
+ #
37214
+ # {
37215
+ # action: "NonEmptyString",
37216
+ # header: {
37217
+ # destination: "NonEmptyString",
37218
+ # destination_port: "NonEmptyString",
37219
+ # direction: "NonEmptyString",
37220
+ # protocol: "NonEmptyString",
37221
+ # source: "NonEmptyString",
37222
+ # source_port: "NonEmptyString",
37223
+ # },
37224
+ # rule_options: [
37225
+ # {
37226
+ # keyword: "NonEmptyString",
37227
+ # settings: ["NonEmptyString"],
37228
+ # },
37229
+ # ],
37230
+ # }
37231
+ #
37232
+ # @!attribute [rw] action
37233
+ # Defines what Network Firewall should do with the packets in a
37234
+ # traffic flow when the flow matches the stateful rule criteria.
37235
+ # @return [String]
37236
+ #
37237
+ # @!attribute [rw] header
37238
+ # The stateful inspection criteria for the rule.
37239
+ # @return [Types::RuleGroupSourceStatefulRulesHeaderDetails]
37240
+ #
37241
+ # @!attribute [rw] rule_options
37242
+ # Additional options for the rule.
37243
+ # @return [Array<Types::RuleGroupSourceStatefulRulesOptionsDetails>]
37244
+ #
37245
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesDetails AWS API Documentation
37246
+ #
37247
+ class RuleGroupSourceStatefulRulesDetails < Struct.new(
37248
+ :action,
37249
+ :header,
37250
+ :rule_options)
37251
+ SENSITIVE = []
37252
+ include Aws::Structure
37253
+ end
37254
+
37255
+ # The inspection criteria for a stateful rule.
37256
+ #
37257
+ # @note When making an API call, you may pass RuleGroupSourceStatefulRulesHeaderDetails
37258
+ # data as a hash:
37259
+ #
37260
+ # {
37261
+ # destination: "NonEmptyString",
37262
+ # destination_port: "NonEmptyString",
37263
+ # direction: "NonEmptyString",
37264
+ # protocol: "NonEmptyString",
37265
+ # source: "NonEmptyString",
37266
+ # source_port: "NonEmptyString",
37267
+ # }
37268
+ #
37269
+ # @!attribute [rw] destination
37270
+ # The destination IP address or address range to inspect for, in CIDR
37271
+ # notation. To match with any address, specify `ANY`.
37272
+ # @return [String]
37273
+ #
37274
+ # @!attribute [rw] destination_port
37275
+ # The destination port to inspect for. You can specify an individual
37276
+ # port, such as `1994`. You also can specify a port range, such as
37277
+ # `1990:1994`. To match with any port, specify `ANY`.
37278
+ # @return [String]
37279
+ #
37280
+ # @!attribute [rw] direction
37281
+ # The direction of traffic flow to inspect. If set to `ANY`, the
37282
+ # inspection matches bidirectional traffic, both from the source to
37283
+ # the destination and from the destination to the source. If set to
37284
+ # `FORWARD`, the inspection only matches traffic going from the source
37285
+ # to the destination.
37286
+ # @return [String]
37287
+ #
37288
+ # @!attribute [rw] protocol
37289
+ # The protocol to inspect for. To inspector for all protocols, use
37290
+ # `IP`.
37291
+ # @return [String]
37292
+ #
37293
+ # @!attribute [rw] source
37294
+ # The source IP address or address range to inspect for, in CIDR
37295
+ # notation. To match with any address, specify `ANY`.
37296
+ # @return [String]
37297
+ #
37298
+ # @!attribute [rw] source_port
37299
+ # The source port to inspect for. You can specify an individual port,
37300
+ # such as `1994`. You also can specify a port range, such as
37301
+ # `1990:1994`. To match with any port, specify `ANY`.
37302
+ # @return [String]
37303
+ #
37304
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesHeaderDetails AWS API Documentation
37305
+ #
37306
+ class RuleGroupSourceStatefulRulesHeaderDetails < Struct.new(
37307
+ :destination,
37308
+ :destination_port,
37309
+ :direction,
37310
+ :protocol,
37311
+ :source,
37312
+ :source_port)
37313
+ SENSITIVE = []
37314
+ include Aws::Structure
37315
+ end
37316
+
37317
+ # A rule option for a stateful rule.
37318
+ #
37319
+ # @note When making an API call, you may pass RuleGroupSourceStatefulRulesOptionsDetails
37320
+ # data as a hash:
37321
+ #
37322
+ # {
37323
+ # keyword: "NonEmptyString",
37324
+ # settings: ["NonEmptyString"],
37325
+ # }
37326
+ #
37327
+ # @!attribute [rw] keyword
37328
+ # A keyword to look for.
37329
+ # @return [String]
37330
+ #
37331
+ # @!attribute [rw] settings
37332
+ # A list of settings.
37333
+ # @return [Array<String>]
37334
+ #
37335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesOptionsDetails AWS API Documentation
37336
+ #
37337
+ class RuleGroupSourceStatefulRulesOptionsDetails < Struct.new(
37338
+ :keyword,
37339
+ :settings)
37340
+ SENSITIVE = []
37341
+ include Aws::Structure
37342
+ end
37343
+
37344
+ # The definition of the stateless rule.
37345
+ #
37346
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleDefinition
37347
+ # data as a hash:
37348
+ #
37349
+ # {
37350
+ # actions: ["NonEmptyString"],
37351
+ # match_attributes: {
37352
+ # destination_ports: [
37353
+ # {
37354
+ # from_port: 1,
37355
+ # to_port: 1,
37356
+ # },
37357
+ # ],
37358
+ # destinations: [
37359
+ # {
37360
+ # address_definition: "NonEmptyString",
37361
+ # },
37362
+ # ],
37363
+ # protocols: [1],
37364
+ # source_ports: [
37365
+ # {
37366
+ # from_port: 1,
37367
+ # to_port: 1,
37368
+ # },
37369
+ # ],
37370
+ # sources: [
37371
+ # {
37372
+ # address_definition: "NonEmptyString",
37373
+ # },
37374
+ # ],
37375
+ # tcp_flags: [
37376
+ # {
37377
+ # flags: ["NonEmptyString"],
37378
+ # masks: ["NonEmptyString"],
37379
+ # },
37380
+ # ],
37381
+ # },
37382
+ # }
37383
+ #
37384
+ # @!attribute [rw] actions
37385
+ # The actions to take on a packet that matches one of the stateless
37386
+ # rule definition's match attributes. You must specify a standard
37387
+ # action (`aws:pass`, `aws:drop`, or `aws:forward_to_sfe`). You can
37388
+ # then add custom actions.
37389
+ # @return [Array<String>]
37390
+ #
37391
+ # @!attribute [rw] match_attributes
37392
+ # The criteria for Network Firewall to use to inspect an individual
37393
+ # packet in a stateless rule inspection.
37394
+ # @return [Types::RuleGroupSourceStatelessRuleMatchAttributes]
37395
+ #
37396
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleDefinition AWS API Documentation
37397
+ #
37398
+ class RuleGroupSourceStatelessRuleDefinition < Struct.new(
37399
+ :actions,
37400
+ :match_attributes)
37401
+ SENSITIVE = []
37402
+ include Aws::Structure
37403
+ end
37404
+
37405
+ # Criteria for the stateless rule.
37406
+ #
37407
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributes
37408
+ # data as a hash:
37409
+ #
37410
+ # {
37411
+ # destination_ports: [
37412
+ # {
37413
+ # from_port: 1,
37414
+ # to_port: 1,
37415
+ # },
37416
+ # ],
37417
+ # destinations: [
37418
+ # {
37419
+ # address_definition: "NonEmptyString",
37420
+ # },
37421
+ # ],
37422
+ # protocols: [1],
37423
+ # source_ports: [
37424
+ # {
37425
+ # from_port: 1,
37426
+ # to_port: 1,
37427
+ # },
37428
+ # ],
37429
+ # sources: [
37430
+ # {
37431
+ # address_definition: "NonEmptyString",
37432
+ # },
37433
+ # ],
37434
+ # tcp_flags: [
37435
+ # {
37436
+ # flags: ["NonEmptyString"],
37437
+ # masks: ["NonEmptyString"],
37438
+ # },
37439
+ # ],
37440
+ # }
37441
+ #
37442
+ # @!attribute [rw] destination_ports
37443
+ # A list of port ranges to specify the destination ports to inspect
37444
+ # for.
37445
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts>]
37446
+ #
37447
+ # @!attribute [rw] destinations
37448
+ # The destination IP addresses and address ranges to inspect for, in
37449
+ # CIDR notation.
37450
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesDestinations>]
37451
+ #
37452
+ # @!attribute [rw] protocols
37453
+ # The protocols to inspect for.
37454
+ # @return [Array<Integer>]
37455
+ #
37456
+ # @!attribute [rw] source_ports
37457
+ # A list of port ranges to specify the source ports to inspect for.
37458
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesSourcePorts>]
37459
+ #
37460
+ # @!attribute [rw] sources
37461
+ # The source IP addresses and address ranges to inspect for, in CIDR
37462
+ # notation.
37463
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesSources>]
37464
+ #
37465
+ # @!attribute [rw] tcp_flags
37466
+ # The TCP flags and masks to inspect for.
37467
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesTcpFlags>]
37468
+ #
37469
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributes AWS API Documentation
37470
+ #
37471
+ class RuleGroupSourceStatelessRuleMatchAttributes < Struct.new(
37472
+ :destination_ports,
37473
+ :destinations,
37474
+ :protocols,
37475
+ :source_ports,
37476
+ :sources,
37477
+ :tcp_flags)
37478
+ SENSITIVE = []
37479
+ include Aws::Structure
37480
+ end
37481
+
37482
+ # A port range to specify the destination ports to inspect for.
37483
+ #
37484
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
37485
+ # data as a hash:
37486
+ #
37487
+ # {
37488
+ # from_port: 1,
37489
+ # to_port: 1,
37490
+ # }
37491
+ #
37492
+ # @!attribute [rw] from_port
37493
+ # The starting port value for the port range.
37494
+ # @return [Integer]
37495
+ #
37496
+ # @!attribute [rw] to_port
37497
+ # The ending port value for the port range.
37498
+ # @return [Integer]
37499
+ #
37500
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts AWS API Documentation
37501
+ #
37502
+ class RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts < Struct.new(
37503
+ :from_port,
37504
+ :to_port)
37505
+ SENSITIVE = []
37506
+ include Aws::Structure
37507
+ end
37508
+
37509
+ # A destination IP address or range.
37510
+ #
37511
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinations
37512
+ # data as a hash:
37513
+ #
37514
+ # {
37515
+ # address_definition: "NonEmptyString",
37516
+ # }
37517
+ #
37518
+ # @!attribute [rw] address_definition
37519
+ # An IP address or a block of IP addresses.
37520
+ # @return [String]
37521
+ #
37522
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinations AWS API Documentation
37523
+ #
37524
+ class RuleGroupSourceStatelessRuleMatchAttributesDestinations < Struct.new(
37525
+ :address_definition)
37526
+ SENSITIVE = []
37527
+ include Aws::Structure
37528
+ end
37529
+
37530
+ # A port range to specify the source ports to inspect for.
37531
+ #
37532
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
37533
+ # data as a hash:
37534
+ #
37535
+ # {
37536
+ # from_port: 1,
37537
+ # to_port: 1,
37538
+ # }
37539
+ #
37540
+ # @!attribute [rw] from_port
37541
+ # The starting port value for the port range.
37542
+ # @return [Integer]
37543
+ #
37544
+ # @!attribute [rw] to_port
37545
+ # The ending port value for the port range.
37546
+ # @return [Integer]
37547
+ #
37548
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts AWS API Documentation
37549
+ #
37550
+ class RuleGroupSourceStatelessRuleMatchAttributesSourcePorts < Struct.new(
37551
+ :from_port,
37552
+ :to_port)
37553
+ SENSITIVE = []
37554
+ include Aws::Structure
37555
+ end
37556
+
37557
+ # A source IP addresses and address range to inspect for.
37558
+ #
37559
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSources
37560
+ # data as a hash:
37561
+ #
37562
+ # {
37563
+ # address_definition: "NonEmptyString",
37564
+ # }
37565
+ #
37566
+ # @!attribute [rw] address_definition
37567
+ # An IP address or a block of IP addresses.
37568
+ # @return [String]
37569
+ #
37570
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSources AWS API Documentation
37571
+ #
37572
+ class RuleGroupSourceStatelessRuleMatchAttributesSources < Struct.new(
37573
+ :address_definition)
37574
+ SENSITIVE = []
37575
+ include Aws::Structure
37576
+ end
37577
+
37578
+ # A set of TCP flags and masks to inspect for.
37579
+ #
37580
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
37581
+ # data as a hash:
37582
+ #
37583
+ # {
37584
+ # flags: ["NonEmptyString"],
37585
+ # masks: ["NonEmptyString"],
37586
+ # }
37587
+ #
37588
+ # @!attribute [rw] flags
37589
+ # Defines the flags from the `Masks` setting that must be set in order
37590
+ # for the packet to match. Flags that are listed must be set. Flags
37591
+ # that are not listed must not be set.
37592
+ # @return [Array<String>]
37593
+ #
37594
+ # @!attribute [rw] masks
37595
+ # The set of flags to consider in the inspection. If not specified,
37596
+ # then all flags are inspected.
37597
+ # @return [Array<String>]
37598
+ #
37599
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags AWS API Documentation
37600
+ #
37601
+ class RuleGroupSourceStatelessRuleMatchAttributesTcpFlags < Struct.new(
37602
+ :flags,
37603
+ :masks)
37604
+ SENSITIVE = []
37605
+ include Aws::Structure
37606
+ end
37607
+
37608
+ # Stateless rules and custom actions for a stateless rule group.
37609
+ #
37610
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRulesAndCustomActionsDetails
37611
+ # data as a hash:
37612
+ #
37613
+ # {
37614
+ # custom_actions: [
37615
+ # {
37616
+ # action_definition: {
37617
+ # publish_metric_action: {
37618
+ # dimensions: [
37619
+ # {
37620
+ # value: "NonEmptyString",
37621
+ # },
37622
+ # ],
37623
+ # },
37624
+ # },
37625
+ # action_name: "NonEmptyString",
37626
+ # },
37627
+ # ],
37628
+ # stateless_rules: [
37629
+ # {
37630
+ # priority: 1,
37631
+ # rule_definition: {
37632
+ # actions: ["NonEmptyString"],
37633
+ # match_attributes: {
37634
+ # destination_ports: [
37635
+ # {
37636
+ # from_port: 1,
37637
+ # to_port: 1,
37638
+ # },
37639
+ # ],
37640
+ # destinations: [
37641
+ # {
37642
+ # address_definition: "NonEmptyString",
37643
+ # },
37644
+ # ],
37645
+ # protocols: [1],
37646
+ # source_ports: [
37647
+ # {
37648
+ # from_port: 1,
37649
+ # to_port: 1,
37650
+ # },
37651
+ # ],
37652
+ # sources: [
37653
+ # {
37654
+ # address_definition: "NonEmptyString",
37655
+ # },
37656
+ # ],
37657
+ # tcp_flags: [
37658
+ # {
37659
+ # flags: ["NonEmptyString"],
37660
+ # masks: ["NonEmptyString"],
37661
+ # },
37662
+ # ],
37663
+ # },
37664
+ # },
37665
+ # },
37666
+ # ],
37667
+ # }
37668
+ #
37669
+ # @!attribute [rw] custom_actions
37670
+ # Custom actions for the rule group.
37671
+ # @return [Array<Types::RuleGroupSourceCustomActionsDetails>]
37672
+ #
37673
+ # @!attribute [rw] stateless_rules
37674
+ # Stateless rules for the rule group.
37675
+ # @return [Array<Types::RuleGroupSourceStatelessRulesDetails>]
37676
+ #
37677
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesAndCustomActionsDetails AWS API Documentation
37678
+ #
37679
+ class RuleGroupSourceStatelessRulesAndCustomActionsDetails < Struct.new(
37680
+ :custom_actions,
37681
+ :stateless_rules)
37682
+ SENSITIVE = []
37683
+ include Aws::Structure
37684
+ end
37685
+
37686
+ # A stateless rule in the rule group.
37687
+ #
37688
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRulesDetails
37689
+ # data as a hash:
37690
+ #
37691
+ # {
37692
+ # priority: 1,
37693
+ # rule_definition: {
37694
+ # actions: ["NonEmptyString"],
37695
+ # match_attributes: {
37696
+ # destination_ports: [
37697
+ # {
37698
+ # from_port: 1,
37699
+ # to_port: 1,
37700
+ # },
37701
+ # ],
37702
+ # destinations: [
37703
+ # {
37704
+ # address_definition: "NonEmptyString",
37705
+ # },
37706
+ # ],
37707
+ # protocols: [1],
37708
+ # source_ports: [
37709
+ # {
37710
+ # from_port: 1,
37711
+ # to_port: 1,
37712
+ # },
37713
+ # ],
37714
+ # sources: [
37715
+ # {
37716
+ # address_definition: "NonEmptyString",
37717
+ # },
37718
+ # ],
37719
+ # tcp_flags: [
37720
+ # {
37721
+ # flags: ["NonEmptyString"],
37722
+ # masks: ["NonEmptyString"],
37723
+ # },
37724
+ # ],
37725
+ # },
37726
+ # },
37727
+ # }
37728
+ #
37729
+ # @!attribute [rw] priority
37730
+ # Indicates the order in which to run this rule relative to all of the
37731
+ # rules in the stateless rule group.
37732
+ # @return [Integer]
37733
+ #
37734
+ # @!attribute [rw] rule_definition
37735
+ # Provides the definition of the stateless rule.
37736
+ # @return [Types::RuleGroupSourceStatelessRuleDefinition]
37737
+ #
37738
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesDetails AWS API Documentation
37739
+ #
37740
+ class RuleGroupSourceStatelessRulesDetails < Struct.new(
37741
+ :priority,
37742
+ :rule_definition)
37743
+ SENSITIVE = []
37744
+ include Aws::Structure
37745
+ end
37746
+
37747
+ # Additional settings to use in the specified rules.
37748
+ #
37749
+ # @note When making an API call, you may pass RuleGroupVariables
37750
+ # data as a hash:
37751
+ #
37752
+ # {
37753
+ # ip_sets: {
37754
+ # definition: ["NonEmptyString"],
37755
+ # },
37756
+ # port_sets: {
37757
+ # definition: ["NonEmptyString"],
37758
+ # },
37759
+ # }
37760
+ #
37761
+ # @!attribute [rw] ip_sets
37762
+ # A list of IP addresses and address ranges, in CIDR notation.
37763
+ # @return [Types::RuleGroupVariablesIpSetsDetails]
37764
+ #
37765
+ # @!attribute [rw] port_sets
37766
+ # A list of port ranges.
37767
+ # @return [Types::RuleGroupVariablesPortSetsDetails]
37768
+ #
37769
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariables AWS API Documentation
37770
+ #
37771
+ class RuleGroupVariables < Struct.new(
37772
+ :ip_sets,
37773
+ :port_sets)
37774
+ SENSITIVE = []
37775
+ include Aws::Structure
37776
+ end
37777
+
37778
+ # A list of IP addresses and address ranges, in CIDR notation.
37779
+ #
37780
+ # @note When making an API call, you may pass RuleGroupVariablesIpSetsDetails
37781
+ # data as a hash:
37782
+ #
37783
+ # {
37784
+ # definition: ["NonEmptyString"],
37785
+ # }
37786
+ #
37787
+ # @!attribute [rw] definition
37788
+ # The list of IP addresses and ranges.
37789
+ # @return [Array<String>]
37790
+ #
37791
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesIpSetsDetails AWS API Documentation
37792
+ #
37793
+ class RuleGroupVariablesIpSetsDetails < Struct.new(
37794
+ :definition)
37795
+ SENSITIVE = []
37796
+ include Aws::Structure
37797
+ end
37798
+
37799
+ # A list of port ranges.
37800
+ #
37801
+ # @note When making an API call, you may pass RuleGroupVariablesPortSetsDetails
37802
+ # data as a hash:
37803
+ #
37804
+ # {
37805
+ # definition: ["NonEmptyString"],
37806
+ # }
37807
+ #
37808
+ # @!attribute [rw] definition
37809
+ # The list of port ranges.
37810
+ # @return [Array<String>]
37811
+ #
37812
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesPortSetsDetails AWS API Documentation
37813
+ #
37814
+ class RuleGroupVariablesPortSetsDetails < Struct.new(
37815
+ :definition)
37816
+ SENSITIVE = []
37817
+ include Aws::Structure
37818
+ end
37819
+
35256
37820
  # The list of detected instances of sensitive data.
35257
37821
  #
35258
37822
  # @note When making an API call, you may pass SensitiveDataDetections
@@ -35761,6 +38325,21 @@ module Aws::SecurityHub
35761
38325
  include Aws::Structure
35762
38326
  end
35763
38327
 
38328
+ # The reason for the current status of a standard subscription.
38329
+ #
38330
+ # @!attribute [rw] status_reason_code
38331
+ # The reason code that represents the reason for the current status of
38332
+ # a standard subscription.
38333
+ # @return [String]
38334
+ #
38335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsStatusReason AWS API Documentation
38336
+ #
38337
+ class StandardsStatusReason < Struct.new(
38338
+ :status_reason_code)
38339
+ SENSITIVE = []
38340
+ include Aws::Structure
38341
+ end
38342
+
35764
38343
  # A resource that represents your subscription to a supported standard.
35765
38344
  #
35766
38345
  # @!attribute [rw] standards_subscription_arn
@@ -35793,13 +38372,18 @@ module Aws::SecurityHub
35793
38372
  # * `FAILED` - Standard could not be disabled.
35794
38373
  # @return [String]
35795
38374
  #
38375
+ # @!attribute [rw] standards_status_reason
38376
+ # The reason for the current status.
38377
+ # @return [Types::StandardsStatusReason]
38378
+ #
35796
38379
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
35797
38380
  #
35798
38381
  class StandardsSubscription < Struct.new(
35799
38382
  :standards_subscription_arn,
35800
38383
  :standards_arn,
35801
38384
  :standards_input,
35802
- :standards_status)
38385
+ :standards_status,
38386
+ :standards_status_reason)
35803
38387
  SENSITIVE = []
35804
38388
  include Aws::Structure
35805
38389
  end
@@ -35835,6 +38419,80 @@ module Aws::SecurityHub
35835
38419
  include Aws::Structure
35836
38420
  end
35837
38421
 
38422
+ # The definition of a custom action that can be used for stateless
38423
+ # packet handling.
38424
+ #
38425
+ # @note When making an API call, you may pass StatelessCustomActionDefinition
38426
+ # data as a hash:
38427
+ #
38428
+ # {
38429
+ # publish_metric_action: {
38430
+ # dimensions: [
38431
+ # {
38432
+ # value: "NonEmptyString",
38433
+ # },
38434
+ # ],
38435
+ # },
38436
+ # }
38437
+ #
38438
+ # @!attribute [rw] publish_metric_action
38439
+ # Information about metrics to publish to CloudWatch.
38440
+ # @return [Types::StatelessCustomPublishMetricAction]
38441
+ #
38442
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomActionDefinition AWS API Documentation
38443
+ #
38444
+ class StatelessCustomActionDefinition < Struct.new(
38445
+ :publish_metric_action)
38446
+ SENSITIVE = []
38447
+ include Aws::Structure
38448
+ end
38449
+
38450
+ # Information about metrics to publish to CloudWatch.
38451
+ #
38452
+ # @note When making an API call, you may pass StatelessCustomPublishMetricAction
38453
+ # data as a hash:
38454
+ #
38455
+ # {
38456
+ # dimensions: [
38457
+ # {
38458
+ # value: "NonEmptyString",
38459
+ # },
38460
+ # ],
38461
+ # }
38462
+ #
38463
+ # @!attribute [rw] dimensions
38464
+ # Defines CloudWatch dimension values to publish.
38465
+ # @return [Array<Types::StatelessCustomPublishMetricActionDimension>]
38466
+ #
38467
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricAction AWS API Documentation
38468
+ #
38469
+ class StatelessCustomPublishMetricAction < Struct.new(
38470
+ :dimensions)
38471
+ SENSITIVE = []
38472
+ include Aws::Structure
38473
+ end
38474
+
38475
+ # Defines a CloudWatch dimension value to publish.
38476
+ #
38477
+ # @note When making an API call, you may pass StatelessCustomPublishMetricActionDimension
38478
+ # data as a hash:
38479
+ #
38480
+ # {
38481
+ # value: "NonEmptyString",
38482
+ # }
38483
+ #
38484
+ # @!attribute [rw] value
38485
+ # The value to use for the custom metric dimension.
38486
+ # @return [String]
38487
+ #
38488
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricActionDimension AWS API Documentation
38489
+ #
38490
+ class StatelessCustomPublishMetricActionDimension < Struct.new(
38491
+ :value)
38492
+ SENSITIVE = []
38493
+ include Aws::Structure
38494
+ end
38495
+
35838
38496
  # Provides additional context for the value of `Compliance.Status`.
35839
38497
  #
35840
38498
  # @note When making an API call, you may pass StatusReason