aws-sdk-securityhub 1.55.0 → 1.59.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-securityhub/client.rb +325 -5
  5. data/lib/aws-sdk-securityhub/client_api.rb +284 -0
  6. data/lib/aws-sdk-securityhub/types.rb +2667 -9
  7. data/lib/aws-sdk-securityhub.rb +1 -1
  8. metadata +4 -4
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -1414,6 +1414,27 @@ module Aws::SecurityHub
1414
1414
  include Aws::Structure
1415
1415
  end
1416
1416
 
1417
+ # An Availability Zone for the automatic scaling group.
1418
+ #
1419
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
1420
+ # data as a hash:
1421
+ #
1422
+ # {
1423
+ # value: "NonEmptyString",
1424
+ # }
1425
+ #
1426
+ # @!attribute [rw] value
1427
+ # The name of the Availability Zone.
1428
+ # @return [String]
1429
+ #
1430
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails AWS API Documentation
1431
+ #
1432
+ class AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails < Struct.new(
1433
+ :value)
1434
+ SENSITIVE = []
1435
+ include Aws::Structure
1436
+ end
1437
+
1417
1438
  # Provides details about an auto scaling group.
1418
1439
  #
1419
1440
  # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupDetails
@@ -1425,6 +1446,34 @@ module Aws::SecurityHub
1425
1446
  # health_check_type: "NonEmptyString",
1426
1447
  # health_check_grace_period: 1,
1427
1448
  # created_time: "NonEmptyString",
1449
+ # mixed_instances_policy: {
1450
+ # instances_distribution: {
1451
+ # on_demand_allocation_strategy: "NonEmptyString",
1452
+ # on_demand_base_capacity: 1,
1453
+ # on_demand_percentage_above_base_capacity: 1,
1454
+ # spot_allocation_strategy: "NonEmptyString",
1455
+ # spot_instance_pools: 1,
1456
+ # spot_max_price: "NonEmptyString",
1457
+ # },
1458
+ # launch_template: {
1459
+ # launch_template_specification: {
1460
+ # launch_template_id: "NonEmptyString",
1461
+ # launch_template_name: "NonEmptyString",
1462
+ # version: "NonEmptyString",
1463
+ # },
1464
+ # overrides: [
1465
+ # {
1466
+ # instance_type: "NonEmptyString",
1467
+ # weighted_capacity: "NonEmptyString",
1468
+ # },
1469
+ # ],
1470
+ # },
1471
+ # },
1472
+ # availability_zones: [
1473
+ # {
1474
+ # value: "NonEmptyString",
1475
+ # },
1476
+ # ],
1428
1477
  # }
1429
1478
  #
1430
1479
  # @!attribute [rw] launch_configuration_name
@@ -1457,6 +1506,14 @@ module Aws::SecurityHub
1457
1506
  # [1]: https://tools.ietf.org/html/rfc3339#section-5.6
1458
1507
  # @return [String]
1459
1508
  #
1509
+ # @!attribute [rw] mixed_instances_policy
1510
+ # The mixed instances policy for the automatic scaling group.
1511
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails]
1512
+ #
1513
+ # @!attribute [rw] availability_zones
1514
+ # The list of Availability Zones for the automatic scaling group.
1515
+ # @return [Array<Types::AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails>]
1516
+ #
1460
1517
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupDetails AWS API Documentation
1461
1518
  #
1462
1519
  class AwsAutoScalingAutoScalingGroupDetails < Struct.new(
@@ -1464,7 +1521,217 @@ module Aws::SecurityHub
1464
1521
  :load_balancer_names,
1465
1522
  :health_check_type,
1466
1523
  :health_check_grace_period,
1467
- :created_time)
1524
+ :created_time,
1525
+ :mixed_instances_policy,
1526
+ :availability_zones)
1527
+ SENSITIVE = []
1528
+ include Aws::Structure
1529
+ end
1530
+
1531
+ # The mixed instances policy for the automatic scaling group.
1532
+ #
1533
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
1534
+ # data as a hash:
1535
+ #
1536
+ # {
1537
+ # instances_distribution: {
1538
+ # on_demand_allocation_strategy: "NonEmptyString",
1539
+ # on_demand_base_capacity: 1,
1540
+ # on_demand_percentage_above_base_capacity: 1,
1541
+ # spot_allocation_strategy: "NonEmptyString",
1542
+ # spot_instance_pools: 1,
1543
+ # spot_max_price: "NonEmptyString",
1544
+ # },
1545
+ # launch_template: {
1546
+ # launch_template_specification: {
1547
+ # launch_template_id: "NonEmptyString",
1548
+ # launch_template_name: "NonEmptyString",
1549
+ # version: "NonEmptyString",
1550
+ # },
1551
+ # overrides: [
1552
+ # {
1553
+ # instance_type: "NonEmptyString",
1554
+ # weighted_capacity: "NonEmptyString",
1555
+ # },
1556
+ # ],
1557
+ # },
1558
+ # }
1559
+ #
1560
+ # @!attribute [rw] instances_distribution
1561
+ # The instances distribution. The instances distribution specifies the
1562
+ # distribution of On-Demand Instances and Spot Instances, the maximum
1563
+ # price to pay for Spot Instances, and how the Auto Scaling group
1564
+ # allocates instance types to fulfill On-Demand and Spot capacity.
1565
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails]
1566
+ #
1567
+ # @!attribute [rw] launch_template
1568
+ # The launch template to use and the instance types (overrides) to use
1569
+ # to provision EC2 instances to fulfill On-Demand and Spot capacities.
1570
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails]
1571
+ #
1572
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails AWS API Documentation
1573
+ #
1574
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails < Struct.new(
1575
+ :instances_distribution,
1576
+ :launch_template)
1577
+ SENSITIVE = []
1578
+ include Aws::Structure
1579
+ end
1580
+
1581
+ # Information about the instances distribution.
1582
+ #
1583
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
1584
+ # data as a hash:
1585
+ #
1586
+ # {
1587
+ # on_demand_allocation_strategy: "NonEmptyString",
1588
+ # on_demand_base_capacity: 1,
1589
+ # on_demand_percentage_above_base_capacity: 1,
1590
+ # spot_allocation_strategy: "NonEmptyString",
1591
+ # spot_instance_pools: 1,
1592
+ # spot_max_price: "NonEmptyString",
1593
+ # }
1594
+ #
1595
+ # @!attribute [rw] on_demand_allocation_strategy
1596
+ # How to allocate instance types to fulfill On-Demand capacity.
1597
+ # @return [String]
1598
+ #
1599
+ # @!attribute [rw] on_demand_base_capacity
1600
+ # The minimum amount of the Auto Scaling group's capacity that must
1601
+ # be fulfilled by On-Demand Instances.
1602
+ # @return [Integer]
1603
+ #
1604
+ # @!attribute [rw] on_demand_percentage_above_base_capacity
1605
+ # The percentage of On-Demand Instances and Spot Instances for
1606
+ # additional capacity beyond `OnDemandBaseCapacity`.
1607
+ # @return [Integer]
1608
+ #
1609
+ # @!attribute [rw] spot_allocation_strategy
1610
+ # How to allocate instances across Spot Instance pools.
1611
+ # @return [String]
1612
+ #
1613
+ # @!attribute [rw] spot_instance_pools
1614
+ # The number of Spot Instance pools across which to allocate your Spot
1615
+ # Instances.
1616
+ # @return [Integer]
1617
+ #
1618
+ # @!attribute [rw] spot_max_price
1619
+ # The maximum price per unit hour that you are willing to pay for a
1620
+ # Spot Instance.
1621
+ # @return [String]
1622
+ #
1623
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails AWS API Documentation
1624
+ #
1625
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails < Struct.new(
1626
+ :on_demand_allocation_strategy,
1627
+ :on_demand_base_capacity,
1628
+ :on_demand_percentage_above_base_capacity,
1629
+ :spot_allocation_strategy,
1630
+ :spot_instance_pools,
1631
+ :spot_max_price)
1632
+ SENSITIVE = []
1633
+ include Aws::Structure
1634
+ end
1635
+
1636
+ # Describes a launch template and overrides for a mixed instances
1637
+ # policy.
1638
+ #
1639
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
1640
+ # data as a hash:
1641
+ #
1642
+ # {
1643
+ # launch_template_specification: {
1644
+ # launch_template_id: "NonEmptyString",
1645
+ # launch_template_name: "NonEmptyString",
1646
+ # version: "NonEmptyString",
1647
+ # },
1648
+ # overrides: [
1649
+ # {
1650
+ # instance_type: "NonEmptyString",
1651
+ # weighted_capacity: "NonEmptyString",
1652
+ # },
1653
+ # ],
1654
+ # }
1655
+ #
1656
+ # @!attribute [rw] launch_template_specification
1657
+ # The launch template to use.
1658
+ # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification]
1659
+ #
1660
+ # @!attribute [rw] overrides
1661
+ # Property values to use to override the values in the launch
1662
+ # template.
1663
+ # @return [Array<Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails>]
1664
+ #
1665
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails AWS API Documentation
1666
+ #
1667
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails < Struct.new(
1668
+ :launch_template_specification,
1669
+ :overrides)
1670
+ SENSITIVE = []
1671
+ include Aws::Structure
1672
+ end
1673
+
1674
+ # Details about the launch template to use.
1675
+ #
1676
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
1677
+ # data as a hash:
1678
+ #
1679
+ # {
1680
+ # launch_template_id: "NonEmptyString",
1681
+ # launch_template_name: "NonEmptyString",
1682
+ # version: "NonEmptyString",
1683
+ # }
1684
+ #
1685
+ # @!attribute [rw] launch_template_id
1686
+ # The identifier of the launch template. You must specify either
1687
+ # `LaunchTemplateId` or `LaunchTemplateName`.
1688
+ # @return [String]
1689
+ #
1690
+ # @!attribute [rw] launch_template_name
1691
+ # The name of the launch template. You must specify either
1692
+ # `LaunchTemplateId` or `LaunchTemplateName`.
1693
+ # @return [String]
1694
+ #
1695
+ # @!attribute [rw] version
1696
+ # Identifies the version of the launch template. You can specify a
1697
+ # version identifier, or use the values `$Latest` or `$Default`.
1698
+ # @return [String]
1699
+ #
1700
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification AWS API Documentation
1701
+ #
1702
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification < Struct.new(
1703
+ :launch_template_id,
1704
+ :launch_template_name,
1705
+ :version)
1706
+ SENSITIVE = []
1707
+ include Aws::Structure
1708
+ end
1709
+
1710
+ # Property values to use to override the values in the launch template.
1711
+ #
1712
+ # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
1713
+ # data as a hash:
1714
+ #
1715
+ # {
1716
+ # instance_type: "NonEmptyString",
1717
+ # weighted_capacity: "NonEmptyString",
1718
+ # }
1719
+ #
1720
+ # @!attribute [rw] instance_type
1721
+ # The instance type. For example, `m3.xlarge`.
1722
+ # @return [String]
1723
+ #
1724
+ # @!attribute [rw] weighted_capacity
1725
+ # The number of capacity units provided by the specified instance type
1726
+ # in terms of virtual CPUs, memory, storage, throughput, or other
1727
+ # relative performance characteristic.
1728
+ # @return [String]
1729
+ #
1730
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails AWS API Documentation
1731
+ #
1732
+ class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails < Struct.new(
1733
+ :instance_type,
1734
+ :weighted_capacity)
1468
1735
  SENSITIVE = []
1469
1736
  include Aws::Structure
1470
1737
  end
@@ -1633,6 +1900,11 @@ module Aws::SecurityHub
1633
1900
  # security_groups: ["NonEmptyString"],
1634
1901
  # spot_price: "NonEmptyString",
1635
1902
  # user_data: "NonEmptyString",
1903
+ # metadata_options: {
1904
+ # http_endpoint: "NonEmptyString",
1905
+ # http_put_response_hop_limit: 1,
1906
+ # http_tokens: "NonEmptyString",
1907
+ # },
1636
1908
  # }
1637
1909
  #
1638
1910
  # @!attribute [rw] associate_public_ip_address
@@ -1725,6 +1997,10 @@ module Aws::SecurityHub
1725
1997
  # be base64-encoded text.
1726
1998
  # @return [String]
1727
1999
  #
2000
+ # @!attribute [rw] metadata_options
2001
+ # The metadata options for the instances.
2002
+ # @return [Types::AwsAutoScalingLaunchConfigurationMetadataOptions]
2003
+ #
1728
2004
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationDetails AWS API Documentation
1729
2005
  #
1730
2006
  class AwsAutoScalingLaunchConfigurationDetails < Struct.new(
@@ -1745,7 +2021,8 @@ module Aws::SecurityHub
1745
2021
  :ramdisk_id,
1746
2022
  :security_groups,
1747
2023
  :spot_price,
1748
- :user_data)
2024
+ :user_data,
2025
+ :metadata_options)
1749
2026
  SENSITIVE = []
1750
2027
  include Aws::Structure
1751
2028
  end
@@ -1775,6 +2052,43 @@ module Aws::SecurityHub
1775
2052
  include Aws::Structure
1776
2053
  end
1777
2054
 
2055
+ # The metadata options for the instances.
2056
+ #
2057
+ # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationMetadataOptions
2058
+ # data as a hash:
2059
+ #
2060
+ # {
2061
+ # http_endpoint: "NonEmptyString",
2062
+ # http_put_response_hop_limit: 1,
2063
+ # http_tokens: "NonEmptyString",
2064
+ # }
2065
+ #
2066
+ # @!attribute [rw] http_endpoint
2067
+ # Enables or disables the HTTP metadata endpoint on your instances. By
2068
+ # default, the metadata endpoint is enabled.
2069
+ # @return [String]
2070
+ #
2071
+ # @!attribute [rw] http_put_response_hop_limit
2072
+ # The HTTP `PUT` response hop limit for instance metadata requests.
2073
+ # The larger the number, the further instance metadata requests can
2074
+ # travel.
2075
+ # @return [Integer]
2076
+ #
2077
+ # @!attribute [rw] http_tokens
2078
+ # Indicates whether token usage is `required` or `optional` for
2079
+ # metadata requests. By default, token usage is `optional`.
2080
+ # @return [String]
2081
+ #
2082
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationMetadataOptions AWS API Documentation
2083
+ #
2084
+ class AwsAutoScalingLaunchConfigurationMetadataOptions < Struct.new(
2085
+ :http_endpoint,
2086
+ :http_put_response_hop_limit,
2087
+ :http_tokens)
2088
+ SENSITIVE = []
2089
+ include Aws::Structure
2090
+ end
2091
+
1778
2092
  # Provides details about an Certificate Manager certificate.
1779
2093
  #
1780
2094
  # @note When making an API call, you may pass AwsCertificateManagerCertificateDetails
@@ -12004,6 +12318,340 @@ module Aws::SecurityHub
12004
12318
  include Aws::Structure
12005
12319
  end
12006
12320
 
12321
+ # Details about an Network Firewall firewall.
12322
+ #
12323
+ # @note When making an API call, you may pass AwsNetworkFirewallFirewallDetails
12324
+ # data as a hash:
12325
+ #
12326
+ # {
12327
+ # delete_protection: false,
12328
+ # description: "NonEmptyString",
12329
+ # firewall_arn: "NonEmptyString",
12330
+ # firewall_id: "NonEmptyString",
12331
+ # firewall_name: "NonEmptyString",
12332
+ # firewall_policy_arn: "NonEmptyString",
12333
+ # firewall_policy_change_protection: false,
12334
+ # subnet_change_protection: false,
12335
+ # subnet_mappings: [
12336
+ # {
12337
+ # subnet_id: "NonEmptyString",
12338
+ # },
12339
+ # ],
12340
+ # vpc_id: "NonEmptyString",
12341
+ # }
12342
+ #
12343
+ # @!attribute [rw] delete_protection
12344
+ # Whether the firewall is protected from deletion. If set to `true`,
12345
+ # then the firewall cannot be deleted.
12346
+ # @return [Boolean]
12347
+ #
12348
+ # @!attribute [rw] description
12349
+ # A description of the firewall.
12350
+ # @return [String]
12351
+ #
12352
+ # @!attribute [rw] firewall_arn
12353
+ # The ARN of the firewall.
12354
+ # @return [String]
12355
+ #
12356
+ # @!attribute [rw] firewall_id
12357
+ # The identifier of the firewall.
12358
+ # @return [String]
12359
+ #
12360
+ # @!attribute [rw] firewall_name
12361
+ # A descriptive name of the firewall.
12362
+ # @return [String]
12363
+ #
12364
+ # @!attribute [rw] firewall_policy_arn
12365
+ # The ARN of the firewall policy.
12366
+ # @return [String]
12367
+ #
12368
+ # @!attribute [rw] firewall_policy_change_protection
12369
+ # Whether the firewall is protected from a change to the firewall
12370
+ # policy. If set to `true`, you cannot associate a different policy
12371
+ # with the firewall.
12372
+ # @return [Boolean]
12373
+ #
12374
+ # @!attribute [rw] subnet_change_protection
12375
+ # Whether the firewall is protected from a change to the subnet
12376
+ # associations. If set to `true`, you cannot map different subnets to
12377
+ # the firewall.
12378
+ # @return [Boolean]
12379
+ #
12380
+ # @!attribute [rw] subnet_mappings
12381
+ # The public subnets that Network Firewall uses for the firewall. Each
12382
+ # subnet must belong to a different Availability Zone.
12383
+ # @return [Array<Types::AwsNetworkFirewallFirewallSubnetMappingsDetails>]
12384
+ #
12385
+ # @!attribute [rw] vpc_id
12386
+ # The identifier of the VPC where the firewall is used.
12387
+ # @return [String]
12388
+ #
12389
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallDetails AWS API Documentation
12390
+ #
12391
+ class AwsNetworkFirewallFirewallDetails < Struct.new(
12392
+ :delete_protection,
12393
+ :description,
12394
+ :firewall_arn,
12395
+ :firewall_id,
12396
+ :firewall_name,
12397
+ :firewall_policy_arn,
12398
+ :firewall_policy_change_protection,
12399
+ :subnet_change_protection,
12400
+ :subnet_mappings,
12401
+ :vpc_id)
12402
+ SENSITIVE = []
12403
+ include Aws::Structure
12404
+ end
12405
+
12406
+ # Details about a firewall policy. A firewall policy defines the
12407
+ # behavior of a network firewall.
12408
+ #
12409
+ # @note When making an API call, you may pass AwsNetworkFirewallFirewallPolicyDetails
12410
+ # data as a hash:
12411
+ #
12412
+ # {
12413
+ # firewall_policy: {
12414
+ # stateful_rule_group_references: [
12415
+ # {
12416
+ # resource_arn: "NonEmptyString",
12417
+ # },
12418
+ # ],
12419
+ # stateless_custom_actions: [
12420
+ # {
12421
+ # action_definition: {
12422
+ # publish_metric_action: {
12423
+ # dimensions: [
12424
+ # {
12425
+ # value: "NonEmptyString",
12426
+ # },
12427
+ # ],
12428
+ # },
12429
+ # },
12430
+ # action_name: "NonEmptyString",
12431
+ # },
12432
+ # ],
12433
+ # stateless_default_actions: ["NonEmptyString"],
12434
+ # stateless_fragment_default_actions: ["NonEmptyString"],
12435
+ # stateless_rule_group_references: [
12436
+ # {
12437
+ # priority: 1,
12438
+ # resource_arn: "NonEmptyString",
12439
+ # },
12440
+ # ],
12441
+ # },
12442
+ # firewall_policy_arn: "NonEmptyString",
12443
+ # firewall_policy_id: "NonEmptyString",
12444
+ # firewall_policy_name: "NonEmptyString",
12445
+ # description: "NonEmptyString",
12446
+ # }
12447
+ #
12448
+ # @!attribute [rw] firewall_policy
12449
+ # The firewall policy configuration.
12450
+ # @return [Types::FirewallPolicyDetails]
12451
+ #
12452
+ # @!attribute [rw] firewall_policy_arn
12453
+ # The ARN of the firewall policy.
12454
+ # @return [String]
12455
+ #
12456
+ # @!attribute [rw] firewall_policy_id
12457
+ # The identifier of the firewall policy.
12458
+ # @return [String]
12459
+ #
12460
+ # @!attribute [rw] firewall_policy_name
12461
+ # The name of the firewall policy.
12462
+ # @return [String]
12463
+ #
12464
+ # @!attribute [rw] description
12465
+ # A description of the firewall policy.
12466
+ # @return [String]
12467
+ #
12468
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallPolicyDetails AWS API Documentation
12469
+ #
12470
+ class AwsNetworkFirewallFirewallPolicyDetails < Struct.new(
12471
+ :firewall_policy,
12472
+ :firewall_policy_arn,
12473
+ :firewall_policy_id,
12474
+ :firewall_policy_name,
12475
+ :description)
12476
+ SENSITIVE = []
12477
+ include Aws::Structure
12478
+ end
12479
+
12480
+ # A public subnet that Network Firewall uses for the firewall.
12481
+ #
12482
+ # @note When making an API call, you may pass AwsNetworkFirewallFirewallSubnetMappingsDetails
12483
+ # data as a hash:
12484
+ #
12485
+ # {
12486
+ # subnet_id: "NonEmptyString",
12487
+ # }
12488
+ #
12489
+ # @!attribute [rw] subnet_id
12490
+ # The identifier of the subnet
12491
+ # @return [String]
12492
+ #
12493
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallSubnetMappingsDetails AWS API Documentation
12494
+ #
12495
+ class AwsNetworkFirewallFirewallSubnetMappingsDetails < Struct.new(
12496
+ :subnet_id)
12497
+ SENSITIVE = []
12498
+ include Aws::Structure
12499
+ end
12500
+
12501
+ # Details about an Network Firewall rule group. Rule groups are used to
12502
+ # inspect and control network traffic. Stateless rule groups apply to
12503
+ # individual packets. Stateful rule groups apply to packets in the
12504
+ # context of their traffic flow.
12505
+ #
12506
+ # Rule groups are referenced in firewall policies.
12507
+ #
12508
+ # @note When making an API call, you may pass AwsNetworkFirewallRuleGroupDetails
12509
+ # data as a hash:
12510
+ #
12511
+ # {
12512
+ # capacity: 1,
12513
+ # description: "NonEmptyString",
12514
+ # rule_group: {
12515
+ # rule_variables: {
12516
+ # ip_sets: {
12517
+ # definition: ["NonEmptyString"],
12518
+ # },
12519
+ # port_sets: {
12520
+ # definition: ["NonEmptyString"],
12521
+ # },
12522
+ # },
12523
+ # rules_source: {
12524
+ # rules_source_list: {
12525
+ # generated_rules_type: "NonEmptyString",
12526
+ # target_types: ["NonEmptyString"],
12527
+ # targets: ["NonEmptyString"],
12528
+ # },
12529
+ # rules_string: "NonEmptyString",
12530
+ # stateful_rules: [
12531
+ # {
12532
+ # action: "NonEmptyString",
12533
+ # header: {
12534
+ # destination: "NonEmptyString",
12535
+ # destination_port: "NonEmptyString",
12536
+ # direction: "NonEmptyString",
12537
+ # protocol: "NonEmptyString",
12538
+ # source: "NonEmptyString",
12539
+ # source_port: "NonEmptyString",
12540
+ # },
12541
+ # rule_options: [
12542
+ # {
12543
+ # keyword: "NonEmptyString",
12544
+ # settings: ["NonEmptyString"],
12545
+ # },
12546
+ # ],
12547
+ # },
12548
+ # ],
12549
+ # stateless_rules_and_custom_actions: {
12550
+ # custom_actions: [
12551
+ # {
12552
+ # action_definition: {
12553
+ # publish_metric_action: {
12554
+ # dimensions: [
12555
+ # {
12556
+ # value: "NonEmptyString",
12557
+ # },
12558
+ # ],
12559
+ # },
12560
+ # },
12561
+ # action_name: "NonEmptyString",
12562
+ # },
12563
+ # ],
12564
+ # stateless_rules: [
12565
+ # {
12566
+ # priority: 1,
12567
+ # rule_definition: {
12568
+ # actions: ["NonEmptyString"],
12569
+ # match_attributes: {
12570
+ # destination_ports: [
12571
+ # {
12572
+ # from_port: 1,
12573
+ # to_port: 1,
12574
+ # },
12575
+ # ],
12576
+ # destinations: [
12577
+ # {
12578
+ # address_definition: "NonEmptyString",
12579
+ # },
12580
+ # ],
12581
+ # protocols: [1],
12582
+ # source_ports: [
12583
+ # {
12584
+ # from_port: 1,
12585
+ # to_port: 1,
12586
+ # },
12587
+ # ],
12588
+ # sources: [
12589
+ # {
12590
+ # address_definition: "NonEmptyString",
12591
+ # },
12592
+ # ],
12593
+ # tcp_flags: [
12594
+ # {
12595
+ # flags: ["NonEmptyString"],
12596
+ # masks: ["NonEmptyString"],
12597
+ # },
12598
+ # ],
12599
+ # },
12600
+ # },
12601
+ # },
12602
+ # ],
12603
+ # },
12604
+ # },
12605
+ # },
12606
+ # rule_group_arn: "NonEmptyString",
12607
+ # rule_group_id: "NonEmptyString",
12608
+ # rule_group_name: "NonEmptyString",
12609
+ # type: "NonEmptyString",
12610
+ # }
12611
+ #
12612
+ # @!attribute [rw] capacity
12613
+ # The maximum number of operating resources that this rule group can
12614
+ # use.
12615
+ # @return [Integer]
12616
+ #
12617
+ # @!attribute [rw] description
12618
+ # A description of the rule group.
12619
+ # @return [String]
12620
+ #
12621
+ # @!attribute [rw] rule_group
12622
+ # Details about the rule group.
12623
+ # @return [Types::RuleGroupDetails]
12624
+ #
12625
+ # @!attribute [rw] rule_group_arn
12626
+ # The ARN of the rule group.
12627
+ # @return [String]
12628
+ #
12629
+ # @!attribute [rw] rule_group_id
12630
+ # The identifier of the rule group.
12631
+ # @return [String]
12632
+ #
12633
+ # @!attribute [rw] rule_group_name
12634
+ # The descriptive name of the rule group.
12635
+ # @return [String]
12636
+ #
12637
+ # @!attribute [rw] type
12638
+ # The type of rule group. A rule group can be stateful or stateless.
12639
+ # @return [String]
12640
+ #
12641
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallRuleGroupDetails AWS API Documentation
12642
+ #
12643
+ class AwsNetworkFirewallRuleGroupDetails < Struct.new(
12644
+ :capacity,
12645
+ :description,
12646
+ :rule_group,
12647
+ :rule_group_arn,
12648
+ :rule_group_id,
12649
+ :rule_group_name,
12650
+ :type)
12651
+ SENSITIVE = []
12652
+ include Aws::Structure
12653
+ end
12654
+
12007
12655
  # Details about the configuration of an OpenSearch cluster.
12008
12656
  #
12009
12657
  # @note When making an API call, you may pass AwsOpenSearchServiceDomainClusterConfigDetails
@@ -15965,6 +16613,35 @@ module Aws::SecurityHub
15965
16613
  include Aws::Structure
15966
16614
  end
15967
16615
 
16616
+ # Describes the versioning state of an S3 bucket.
16617
+ #
16618
+ # @note When making an API call, you may pass AwsS3BucketBucketVersioningConfiguration
16619
+ # data as a hash:
16620
+ #
16621
+ # {
16622
+ # is_mfa_delete_enabled: false,
16623
+ # status: "NonEmptyString",
16624
+ # }
16625
+ #
16626
+ # @!attribute [rw] is_mfa_delete_enabled
16627
+ # Specifies whether MFA delete is currently enabled in the S3 bucket
16628
+ # versioning configuration. If the S3 bucket was never configured with
16629
+ # MFA delete, then this attribute is not included.
16630
+ # @return [Boolean]
16631
+ #
16632
+ # @!attribute [rw] status
16633
+ # The versioning status of the S3 bucket.
16634
+ # @return [String]
16635
+ #
16636
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketVersioningConfiguration AWS API Documentation
16637
+ #
16638
+ class AwsS3BucketBucketVersioningConfiguration < Struct.new(
16639
+ :is_mfa_delete_enabled,
16640
+ :status)
16641
+ SENSITIVE = []
16642
+ include Aws::Structure
16643
+ end
16644
+
15968
16645
  # The details of an Amazon S3 bucket.
15969
16646
  #
15970
16647
  # @note When making an API call, you may pass AwsS3BucketDetails
@@ -16087,6 +16764,10 @@ module Aws::SecurityHub
16087
16764
  # },
16088
16765
  # ],
16089
16766
  # },
16767
+ # bucket_versioning_configuration: {
16768
+ # is_mfa_delete_enabled: false,
16769
+ # status: "NonEmptyString",
16770
+ # },
16090
16771
  # }
16091
16772
  #
16092
16773
  # @!attribute [rw] owner_id
@@ -16143,6 +16824,10 @@ module Aws::SecurityHub
16143
16824
  # The notification configuration for the S3 bucket.
16144
16825
  # @return [Types::AwsS3BucketNotificationConfiguration]
16145
16826
  #
16827
+ # @!attribute [rw] bucket_versioning_configuration
16828
+ # The versioning state of an S3 bucket.
16829
+ # @return [Types::AwsS3BucketBucketVersioningConfiguration]
16830
+ #
16146
16831
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
16147
16832
  #
16148
16833
  class AwsS3BucketDetails < Struct.new(
@@ -16156,7 +16841,8 @@ module Aws::SecurityHub
16156
16841
  :access_control_list,
16157
16842
  :bucket_logging_configuration,
16158
16843
  :bucket_website_configuration,
16159
- :bucket_notification_configuration)
16844
+ :bucket_notification_configuration,
16845
+ :bucket_versioning_configuration)
16160
16846
  SENSITIVE = []
16161
16847
  include Aws::Structure
16162
16848
  end
@@ -17077,6 +17763,34 @@ module Aws::SecurityHub
17077
17763
  # health_check_type: "NonEmptyString",
17078
17764
  # health_check_grace_period: 1,
17079
17765
  # created_time: "NonEmptyString",
17766
+ # mixed_instances_policy: {
17767
+ # instances_distribution: {
17768
+ # on_demand_allocation_strategy: "NonEmptyString",
17769
+ # on_demand_base_capacity: 1,
17770
+ # on_demand_percentage_above_base_capacity: 1,
17771
+ # spot_allocation_strategy: "NonEmptyString",
17772
+ # spot_instance_pools: 1,
17773
+ # spot_max_price: "NonEmptyString",
17774
+ # },
17775
+ # launch_template: {
17776
+ # launch_template_specification: {
17777
+ # launch_template_id: "NonEmptyString",
17778
+ # launch_template_name: "NonEmptyString",
17779
+ # version: "NonEmptyString",
17780
+ # },
17781
+ # overrides: [
17782
+ # {
17783
+ # instance_type: "NonEmptyString",
17784
+ # weighted_capacity: "NonEmptyString",
17785
+ # },
17786
+ # ],
17787
+ # },
17788
+ # },
17789
+ # availability_zones: [
17790
+ # {
17791
+ # value: "NonEmptyString",
17792
+ # },
17793
+ # ],
17080
17794
  # },
17081
17795
  # aws_code_build_project: {
17082
17796
  # encryption_key: "NonEmptyString",
@@ -17647,6 +18361,10 @@ module Aws::SecurityHub
17647
18361
  # },
17648
18362
  # ],
17649
18363
  # },
18364
+ # bucket_versioning_configuration: {
18365
+ # is_mfa_delete_enabled: false,
18366
+ # status: "NonEmptyString",
18367
+ # },
17650
18368
  # },
17651
18369
  # aws_s3_account_public_access_block: {
17652
18370
  # block_public_acls: false,
@@ -19061,6 +19779,11 @@ module Aws::SecurityHub
19061
19779
  # security_groups: ["NonEmptyString"],
19062
19780
  # spot_price: "NonEmptyString",
19063
19781
  # user_data: "NonEmptyString",
19782
+ # metadata_options: {
19783
+ # http_endpoint: "NonEmptyString",
19784
+ # http_put_response_hop_limit: 1,
19785
+ # http_tokens: "NonEmptyString",
19786
+ # },
19064
19787
  # },
19065
19788
  # aws_ec2_vpn_connection: {
19066
19789
  # vpn_connection_id: "NonEmptyString",
@@ -19270,6 +19993,157 @@ module Aws::SecurityHub
19270
19993
  # ],
19271
19994
  # },
19272
19995
  # },
19996
+ # aws_network_firewall_firewall_policy: {
19997
+ # firewall_policy: {
19998
+ # stateful_rule_group_references: [
19999
+ # {
20000
+ # resource_arn: "NonEmptyString",
20001
+ # },
20002
+ # ],
20003
+ # stateless_custom_actions: [
20004
+ # {
20005
+ # action_definition: {
20006
+ # publish_metric_action: {
20007
+ # dimensions: [
20008
+ # {
20009
+ # value: "NonEmptyString",
20010
+ # },
20011
+ # ],
20012
+ # },
20013
+ # },
20014
+ # action_name: "NonEmptyString",
20015
+ # },
20016
+ # ],
20017
+ # stateless_default_actions: ["NonEmptyString"],
20018
+ # stateless_fragment_default_actions: ["NonEmptyString"],
20019
+ # stateless_rule_group_references: [
20020
+ # {
20021
+ # priority: 1,
20022
+ # resource_arn: "NonEmptyString",
20023
+ # },
20024
+ # ],
20025
+ # },
20026
+ # firewall_policy_arn: "NonEmptyString",
20027
+ # firewall_policy_id: "NonEmptyString",
20028
+ # firewall_policy_name: "NonEmptyString",
20029
+ # description: "NonEmptyString",
20030
+ # },
20031
+ # aws_network_firewall_firewall: {
20032
+ # delete_protection: false,
20033
+ # description: "NonEmptyString",
20034
+ # firewall_arn: "NonEmptyString",
20035
+ # firewall_id: "NonEmptyString",
20036
+ # firewall_name: "NonEmptyString",
20037
+ # firewall_policy_arn: "NonEmptyString",
20038
+ # firewall_policy_change_protection: false,
20039
+ # subnet_change_protection: false,
20040
+ # subnet_mappings: [
20041
+ # {
20042
+ # subnet_id: "NonEmptyString",
20043
+ # },
20044
+ # ],
20045
+ # vpc_id: "NonEmptyString",
20046
+ # },
20047
+ # aws_network_firewall_rule_group: {
20048
+ # capacity: 1,
20049
+ # description: "NonEmptyString",
20050
+ # rule_group: {
20051
+ # rule_variables: {
20052
+ # ip_sets: {
20053
+ # definition: ["NonEmptyString"],
20054
+ # },
20055
+ # port_sets: {
20056
+ # definition: ["NonEmptyString"],
20057
+ # },
20058
+ # },
20059
+ # rules_source: {
20060
+ # rules_source_list: {
20061
+ # generated_rules_type: "NonEmptyString",
20062
+ # target_types: ["NonEmptyString"],
20063
+ # targets: ["NonEmptyString"],
20064
+ # },
20065
+ # rules_string: "NonEmptyString",
20066
+ # stateful_rules: [
20067
+ # {
20068
+ # action: "NonEmptyString",
20069
+ # header: {
20070
+ # destination: "NonEmptyString",
20071
+ # destination_port: "NonEmptyString",
20072
+ # direction: "NonEmptyString",
20073
+ # protocol: "NonEmptyString",
20074
+ # source: "NonEmptyString",
20075
+ # source_port: "NonEmptyString",
20076
+ # },
20077
+ # rule_options: [
20078
+ # {
20079
+ # keyword: "NonEmptyString",
20080
+ # settings: ["NonEmptyString"],
20081
+ # },
20082
+ # ],
20083
+ # },
20084
+ # ],
20085
+ # stateless_rules_and_custom_actions: {
20086
+ # custom_actions: [
20087
+ # {
20088
+ # action_definition: {
20089
+ # publish_metric_action: {
20090
+ # dimensions: [
20091
+ # {
20092
+ # value: "NonEmptyString",
20093
+ # },
20094
+ # ],
20095
+ # },
20096
+ # },
20097
+ # action_name: "NonEmptyString",
20098
+ # },
20099
+ # ],
20100
+ # stateless_rules: [
20101
+ # {
20102
+ # priority: 1,
20103
+ # rule_definition: {
20104
+ # actions: ["NonEmptyString"],
20105
+ # match_attributes: {
20106
+ # destination_ports: [
20107
+ # {
20108
+ # from_port: 1,
20109
+ # to_port: 1,
20110
+ # },
20111
+ # ],
20112
+ # destinations: [
20113
+ # {
20114
+ # address_definition: "NonEmptyString",
20115
+ # },
20116
+ # ],
20117
+ # protocols: [1],
20118
+ # source_ports: [
20119
+ # {
20120
+ # from_port: 1,
20121
+ # to_port: 1,
20122
+ # },
20123
+ # ],
20124
+ # sources: [
20125
+ # {
20126
+ # address_definition: "NonEmptyString",
20127
+ # },
20128
+ # ],
20129
+ # tcp_flags: [
20130
+ # {
20131
+ # flags: ["NonEmptyString"],
20132
+ # masks: ["NonEmptyString"],
20133
+ # },
20134
+ # ],
20135
+ # },
20136
+ # },
20137
+ # },
20138
+ # ],
20139
+ # },
20140
+ # },
20141
+ # },
20142
+ # rule_group_arn: "NonEmptyString",
20143
+ # rule_group_id: "NonEmptyString",
20144
+ # rule_group_name: "NonEmptyString",
20145
+ # type: "NonEmptyString",
20146
+ # },
19273
20147
  # },
19274
20148
  # },
19275
20149
  # ],
@@ -20805,9 +21679,9 @@ module Aws::SecurityHub
20805
21679
  # Security Hub also resets the workflow status from `NOTIFIED` or
20806
21680
  # `RESOLVED` to `NEW` in the following cases:
20807
21681
  #
20808
- # * The record state changes from `ARCHIVED` to `ACTIVE`.
21682
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
20809
21683
  #
20810
- # * The compliance status changes from `PASSED` to either `WARNING`,
21684
+ # * `Compliance.Status` changes from `PASSED` to either `WARNING`,
20811
21685
  # `FAILED`, or `NOT_AVAILABLE`.
20812
21686
  #
20813
21687
  # * `NOTIFIED` - Indicates that the resource owner has been notified
@@ -20815,11 +21689,36 @@ module Aws::SecurityHub
20815
21689
  # the resource owner, and needs intervention from the resource
20816
21690
  # owner.
20817
21691
  #
20818
- # * `SUPPRESSED` - The finding will not be reviewed again and will not
20819
- # be acted upon.
21692
+ # If one of the following occurs, the workflow status is changed
21693
+ # automatically from `NOTIFIED` to `NEW`\:
21694
+ #
21695
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
21696
+ #
21697
+ # * `Compliance.Status` changes from `PASSED` to `FAILED`,
21698
+ # `WARNING`, or `NOT_AVAILABLE`.
21699
+ #
21700
+ # * `SUPPRESSED` - Indicates that you reviewed the finding and do not
21701
+ # believe that any action is needed.
21702
+ #
21703
+ # The workflow status of a `SUPPRESSED` finding does not change if
21704
+ # `RecordState` changes from `ARCHIVED` to `ACTIVE`.
20820
21705
  #
20821
21706
  # * `RESOLVED` - The finding was reviewed and remediated and is now
20822
21707
  # considered resolved.
21708
+ #
21709
+ # The finding remains `RESOLVED` unless one of the following occurs:
21710
+ #
21711
+ # * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
21712
+ #
21713
+ # * `Compliance.Status` changes from `PASSED` to `FAILED`,
21714
+ # `WARNING`, or `NOT_AVAILABLE`.
21715
+ #
21716
+ # In those cases, the workflow status is automatically reset to
21717
+ # `NEW`.
21718
+ #
21719
+ # For findings from controls, if `Compliance.Status` is `PASSED`,
21720
+ # then Security Hub automatically sets the workflow status to
21721
+ # `RESOLVED`.
20823
21722
  # @return [Array<Types::StringFilter>]
20824
21723
  #
20825
21724
  # @!attribute [rw] record_state
@@ -22102,6 +23001,34 @@ module Aws::SecurityHub
22102
23001
  # health_check_type: "NonEmptyString",
22103
23002
  # health_check_grace_period: 1,
22104
23003
  # created_time: "NonEmptyString",
23004
+ # mixed_instances_policy: {
23005
+ # instances_distribution: {
23006
+ # on_demand_allocation_strategy: "NonEmptyString",
23007
+ # on_demand_base_capacity: 1,
23008
+ # on_demand_percentage_above_base_capacity: 1,
23009
+ # spot_allocation_strategy: "NonEmptyString",
23010
+ # spot_instance_pools: 1,
23011
+ # spot_max_price: "NonEmptyString",
23012
+ # },
23013
+ # launch_template: {
23014
+ # launch_template_specification: {
23015
+ # launch_template_id: "NonEmptyString",
23016
+ # launch_template_name: "NonEmptyString",
23017
+ # version: "NonEmptyString",
23018
+ # },
23019
+ # overrides: [
23020
+ # {
23021
+ # instance_type: "NonEmptyString",
23022
+ # weighted_capacity: "NonEmptyString",
23023
+ # },
23024
+ # ],
23025
+ # },
23026
+ # },
23027
+ # availability_zones: [
23028
+ # {
23029
+ # value: "NonEmptyString",
23030
+ # },
23031
+ # ],
22105
23032
  # },
22106
23033
  # aws_code_build_project: {
22107
23034
  # encryption_key: "NonEmptyString",
@@ -22672,6 +23599,10 @@ module Aws::SecurityHub
22672
23599
  # },
22673
23600
  # ],
22674
23601
  # },
23602
+ # bucket_versioning_configuration: {
23603
+ # is_mfa_delete_enabled: false,
23604
+ # status: "NonEmptyString",
23605
+ # },
22675
23606
  # },
22676
23607
  # aws_s3_account_public_access_block: {
22677
23608
  # block_public_acls: false,
@@ -24086,6 +25017,11 @@ module Aws::SecurityHub
24086
25017
  # security_groups: ["NonEmptyString"],
24087
25018
  # spot_price: "NonEmptyString",
24088
25019
  # user_data: "NonEmptyString",
25020
+ # metadata_options: {
25021
+ # http_endpoint: "NonEmptyString",
25022
+ # http_put_response_hop_limit: 1,
25023
+ # http_tokens: "NonEmptyString",
25024
+ # },
24089
25025
  # },
24090
25026
  # aws_ec2_vpn_connection: {
24091
25027
  # vpn_connection_id: "NonEmptyString",
@@ -24295,6 +25231,157 @@ module Aws::SecurityHub
24295
25231
  # ],
24296
25232
  # },
24297
25233
  # },
25234
+ # aws_network_firewall_firewall_policy: {
25235
+ # firewall_policy: {
25236
+ # stateful_rule_group_references: [
25237
+ # {
25238
+ # resource_arn: "NonEmptyString",
25239
+ # },
25240
+ # ],
25241
+ # stateless_custom_actions: [
25242
+ # {
25243
+ # action_definition: {
25244
+ # publish_metric_action: {
25245
+ # dimensions: [
25246
+ # {
25247
+ # value: "NonEmptyString",
25248
+ # },
25249
+ # ],
25250
+ # },
25251
+ # },
25252
+ # action_name: "NonEmptyString",
25253
+ # },
25254
+ # ],
25255
+ # stateless_default_actions: ["NonEmptyString"],
25256
+ # stateless_fragment_default_actions: ["NonEmptyString"],
25257
+ # stateless_rule_group_references: [
25258
+ # {
25259
+ # priority: 1,
25260
+ # resource_arn: "NonEmptyString",
25261
+ # },
25262
+ # ],
25263
+ # },
25264
+ # firewall_policy_arn: "NonEmptyString",
25265
+ # firewall_policy_id: "NonEmptyString",
25266
+ # firewall_policy_name: "NonEmptyString",
25267
+ # description: "NonEmptyString",
25268
+ # },
25269
+ # aws_network_firewall_firewall: {
25270
+ # delete_protection: false,
25271
+ # description: "NonEmptyString",
25272
+ # firewall_arn: "NonEmptyString",
25273
+ # firewall_id: "NonEmptyString",
25274
+ # firewall_name: "NonEmptyString",
25275
+ # firewall_policy_arn: "NonEmptyString",
25276
+ # firewall_policy_change_protection: false,
25277
+ # subnet_change_protection: false,
25278
+ # subnet_mappings: [
25279
+ # {
25280
+ # subnet_id: "NonEmptyString",
25281
+ # },
25282
+ # ],
25283
+ # vpc_id: "NonEmptyString",
25284
+ # },
25285
+ # aws_network_firewall_rule_group: {
25286
+ # capacity: 1,
25287
+ # description: "NonEmptyString",
25288
+ # rule_group: {
25289
+ # rule_variables: {
25290
+ # ip_sets: {
25291
+ # definition: ["NonEmptyString"],
25292
+ # },
25293
+ # port_sets: {
25294
+ # definition: ["NonEmptyString"],
25295
+ # },
25296
+ # },
25297
+ # rules_source: {
25298
+ # rules_source_list: {
25299
+ # generated_rules_type: "NonEmptyString",
25300
+ # target_types: ["NonEmptyString"],
25301
+ # targets: ["NonEmptyString"],
25302
+ # },
25303
+ # rules_string: "NonEmptyString",
25304
+ # stateful_rules: [
25305
+ # {
25306
+ # action: "NonEmptyString",
25307
+ # header: {
25308
+ # destination: "NonEmptyString",
25309
+ # destination_port: "NonEmptyString",
25310
+ # direction: "NonEmptyString",
25311
+ # protocol: "NonEmptyString",
25312
+ # source: "NonEmptyString",
25313
+ # source_port: "NonEmptyString",
25314
+ # },
25315
+ # rule_options: [
25316
+ # {
25317
+ # keyword: "NonEmptyString",
25318
+ # settings: ["NonEmptyString"],
25319
+ # },
25320
+ # ],
25321
+ # },
25322
+ # ],
25323
+ # stateless_rules_and_custom_actions: {
25324
+ # custom_actions: [
25325
+ # {
25326
+ # action_definition: {
25327
+ # publish_metric_action: {
25328
+ # dimensions: [
25329
+ # {
25330
+ # value: "NonEmptyString",
25331
+ # },
25332
+ # ],
25333
+ # },
25334
+ # },
25335
+ # action_name: "NonEmptyString",
25336
+ # },
25337
+ # ],
25338
+ # stateless_rules: [
25339
+ # {
25340
+ # priority: 1,
25341
+ # rule_definition: {
25342
+ # actions: ["NonEmptyString"],
25343
+ # match_attributes: {
25344
+ # destination_ports: [
25345
+ # {
25346
+ # from_port: 1,
25347
+ # to_port: 1,
25348
+ # },
25349
+ # ],
25350
+ # destinations: [
25351
+ # {
25352
+ # address_definition: "NonEmptyString",
25353
+ # },
25354
+ # ],
25355
+ # protocols: [1],
25356
+ # source_ports: [
25357
+ # {
25358
+ # from_port: 1,
25359
+ # to_port: 1,
25360
+ # },
25361
+ # ],
25362
+ # sources: [
25363
+ # {
25364
+ # address_definition: "NonEmptyString",
25365
+ # },
25366
+ # ],
25367
+ # tcp_flags: [
25368
+ # {
25369
+ # flags: ["NonEmptyString"],
25370
+ # masks: ["NonEmptyString"],
25371
+ # },
25372
+ # ],
25373
+ # },
25374
+ # },
25375
+ # },
25376
+ # ],
25377
+ # },
25378
+ # },
25379
+ # },
25380
+ # rule_group_arn: "NonEmptyString",
25381
+ # rule_group_id: "NonEmptyString",
25382
+ # rule_group_name: "NonEmptyString",
25383
+ # type: "NonEmptyString",
25384
+ # },
24298
25385
  # },
24299
25386
  # },
24300
25387
  # ],
@@ -27232,6 +28319,167 @@ module Aws::SecurityHub
27232
28319
  include Aws::Structure
27233
28320
  end
27234
28321
 
28322
+ # Defines the behavior of the firewall.
28323
+ #
28324
+ # @note When making an API call, you may pass FirewallPolicyDetails
28325
+ # data as a hash:
28326
+ #
28327
+ # {
28328
+ # stateful_rule_group_references: [
28329
+ # {
28330
+ # resource_arn: "NonEmptyString",
28331
+ # },
28332
+ # ],
28333
+ # stateless_custom_actions: [
28334
+ # {
28335
+ # action_definition: {
28336
+ # publish_metric_action: {
28337
+ # dimensions: [
28338
+ # {
28339
+ # value: "NonEmptyString",
28340
+ # },
28341
+ # ],
28342
+ # },
28343
+ # },
28344
+ # action_name: "NonEmptyString",
28345
+ # },
28346
+ # ],
28347
+ # stateless_default_actions: ["NonEmptyString"],
28348
+ # stateless_fragment_default_actions: ["NonEmptyString"],
28349
+ # stateless_rule_group_references: [
28350
+ # {
28351
+ # priority: 1,
28352
+ # resource_arn: "NonEmptyString",
28353
+ # },
28354
+ # ],
28355
+ # }
28356
+ #
28357
+ # @!attribute [rw] stateful_rule_group_references
28358
+ # The stateful rule groups that are used in the firewall policy.
28359
+ # @return [Array<Types::FirewallPolicyStatefulRuleGroupReferencesDetails>]
28360
+ #
28361
+ # @!attribute [rw] stateless_custom_actions
28362
+ # The custom action definitions that are available to use in the
28363
+ # firewall policy's `StatelessDefaultActions` setting.
28364
+ # @return [Array<Types::FirewallPolicyStatelessCustomActionsDetails>]
28365
+ #
28366
+ # @!attribute [rw] stateless_default_actions
28367
+ # The actions to take on a packet if it doesn't match any of the
28368
+ # stateless rules in the policy.
28369
+ #
28370
+ # You must specify a standard action (`aws:pass`, `aws:drop`,
28371
+ # `aws:forward_to_sfe`), and can optionally include a custom action
28372
+ # from `StatelessCustomActions`.
28373
+ # @return [Array<String>]
28374
+ #
28375
+ # @!attribute [rw] stateless_fragment_default_actions
28376
+ # The actions to take on a fragmented UDP packet if it doesn't match
28377
+ # any of the stateless rules in the policy.
28378
+ #
28379
+ # You must specify a standard action (`aws:pass`, `aws:drop`,
28380
+ # `aws:forward_to_sfe`), and can optionally include a custom action
28381
+ # from `StatelessCustomActions`.
28382
+ # @return [Array<String>]
28383
+ #
28384
+ # @!attribute [rw] stateless_rule_group_references
28385
+ # The stateless rule groups that are used in the firewall policy.
28386
+ # @return [Array<Types::FirewallPolicyStatelessRuleGroupReferencesDetails>]
28387
+ #
28388
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyDetails AWS API Documentation
28389
+ #
28390
+ class FirewallPolicyDetails < Struct.new(
28391
+ :stateful_rule_group_references,
28392
+ :stateless_custom_actions,
28393
+ :stateless_default_actions,
28394
+ :stateless_fragment_default_actions,
28395
+ :stateless_rule_group_references)
28396
+ SENSITIVE = []
28397
+ include Aws::Structure
28398
+ end
28399
+
28400
+ # A stateful rule group that is used by the firewall policy.
28401
+ #
28402
+ # @note When making an API call, you may pass FirewallPolicyStatefulRuleGroupReferencesDetails
28403
+ # data as a hash:
28404
+ #
28405
+ # {
28406
+ # resource_arn: "NonEmptyString",
28407
+ # }
28408
+ #
28409
+ # @!attribute [rw] resource_arn
28410
+ # The ARN of the stateful rule group.
28411
+ # @return [String]
28412
+ #
28413
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatefulRuleGroupReferencesDetails AWS API Documentation
28414
+ #
28415
+ class FirewallPolicyStatefulRuleGroupReferencesDetails < Struct.new(
28416
+ :resource_arn)
28417
+ SENSITIVE = []
28418
+ include Aws::Structure
28419
+ end
28420
+
28421
+ # A custom action that can be used for stateless packet handling.
28422
+ #
28423
+ # @note When making an API call, you may pass FirewallPolicyStatelessCustomActionsDetails
28424
+ # data as a hash:
28425
+ #
28426
+ # {
28427
+ # action_definition: {
28428
+ # publish_metric_action: {
28429
+ # dimensions: [
28430
+ # {
28431
+ # value: "NonEmptyString",
28432
+ # },
28433
+ # ],
28434
+ # },
28435
+ # },
28436
+ # action_name: "NonEmptyString",
28437
+ # }
28438
+ #
28439
+ # @!attribute [rw] action_definition
28440
+ # The definition of the custom action.
28441
+ # @return [Types::StatelessCustomActionDefinition]
28442
+ #
28443
+ # @!attribute [rw] action_name
28444
+ # The name of the custom action.
28445
+ # @return [String]
28446
+ #
28447
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessCustomActionsDetails AWS API Documentation
28448
+ #
28449
+ class FirewallPolicyStatelessCustomActionsDetails < Struct.new(
28450
+ :action_definition,
28451
+ :action_name)
28452
+ SENSITIVE = []
28453
+ include Aws::Structure
28454
+ end
28455
+
28456
+ # A stateless rule group that is used by the firewall policy.
28457
+ #
28458
+ # @note When making an API call, you may pass FirewallPolicyStatelessRuleGroupReferencesDetails
28459
+ # data as a hash:
28460
+ #
28461
+ # {
28462
+ # priority: 1,
28463
+ # resource_arn: "NonEmptyString",
28464
+ # }
28465
+ #
28466
+ # @!attribute [rw] priority
28467
+ # The order in which to run the stateless rule group.
28468
+ # @return [Integer]
28469
+ #
28470
+ # @!attribute [rw] resource_arn
28471
+ # The ARN of the stateless rule group.
28472
+ # @return [String]
28473
+ #
28474
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessRuleGroupReferencesDetails AWS API Documentation
28475
+ #
28476
+ class FirewallPolicyStatelessRuleGroupReferencesDetails < Struct.new(
28477
+ :priority,
28478
+ :resource_arn)
28479
+ SENSITIVE = []
28480
+ include Aws::Structure
28481
+ end
28482
+
27235
28483
  # Provides the latitude and longitude coordinates of a location.
27236
28484
  #
27237
28485
  # @note When making an API call, you may pass GeoLocation
@@ -30408,6 +31656,34 @@ module Aws::SecurityHub
30408
31656
  # health_check_type: "NonEmptyString",
30409
31657
  # health_check_grace_period: 1,
30410
31658
  # created_time: "NonEmptyString",
31659
+ # mixed_instances_policy: {
31660
+ # instances_distribution: {
31661
+ # on_demand_allocation_strategy: "NonEmptyString",
31662
+ # on_demand_base_capacity: 1,
31663
+ # on_demand_percentage_above_base_capacity: 1,
31664
+ # spot_allocation_strategy: "NonEmptyString",
31665
+ # spot_instance_pools: 1,
31666
+ # spot_max_price: "NonEmptyString",
31667
+ # },
31668
+ # launch_template: {
31669
+ # launch_template_specification: {
31670
+ # launch_template_id: "NonEmptyString",
31671
+ # launch_template_name: "NonEmptyString",
31672
+ # version: "NonEmptyString",
31673
+ # },
31674
+ # overrides: [
31675
+ # {
31676
+ # instance_type: "NonEmptyString",
31677
+ # weighted_capacity: "NonEmptyString",
31678
+ # },
31679
+ # ],
31680
+ # },
31681
+ # },
31682
+ # availability_zones: [
31683
+ # {
31684
+ # value: "NonEmptyString",
31685
+ # },
31686
+ # ],
30411
31687
  # },
30412
31688
  # aws_code_build_project: {
30413
31689
  # encryption_key: "NonEmptyString",
@@ -30978,6 +32254,10 @@ module Aws::SecurityHub
30978
32254
  # },
30979
32255
  # ],
30980
32256
  # },
32257
+ # bucket_versioning_configuration: {
32258
+ # is_mfa_delete_enabled: false,
32259
+ # status: "NonEmptyString",
32260
+ # },
30981
32261
  # },
30982
32262
  # aws_s3_account_public_access_block: {
30983
32263
  # block_public_acls: false,
@@ -32392,6 +33672,11 @@ module Aws::SecurityHub
32392
33672
  # security_groups: ["NonEmptyString"],
32393
33673
  # spot_price: "NonEmptyString",
32394
33674
  # user_data: "NonEmptyString",
33675
+ # metadata_options: {
33676
+ # http_endpoint: "NonEmptyString",
33677
+ # http_put_response_hop_limit: 1,
33678
+ # http_tokens: "NonEmptyString",
33679
+ # },
32395
33680
  # },
32396
33681
  # aws_ec2_vpn_connection: {
32397
33682
  # vpn_connection_id: "NonEmptyString",
@@ -32601,6 +33886,157 @@ module Aws::SecurityHub
32601
33886
  # ],
32602
33887
  # },
32603
33888
  # },
33889
+ # aws_network_firewall_firewall_policy: {
33890
+ # firewall_policy: {
33891
+ # stateful_rule_group_references: [
33892
+ # {
33893
+ # resource_arn: "NonEmptyString",
33894
+ # },
33895
+ # ],
33896
+ # stateless_custom_actions: [
33897
+ # {
33898
+ # action_definition: {
33899
+ # publish_metric_action: {
33900
+ # dimensions: [
33901
+ # {
33902
+ # value: "NonEmptyString",
33903
+ # },
33904
+ # ],
33905
+ # },
33906
+ # },
33907
+ # action_name: "NonEmptyString",
33908
+ # },
33909
+ # ],
33910
+ # stateless_default_actions: ["NonEmptyString"],
33911
+ # stateless_fragment_default_actions: ["NonEmptyString"],
33912
+ # stateless_rule_group_references: [
33913
+ # {
33914
+ # priority: 1,
33915
+ # resource_arn: "NonEmptyString",
33916
+ # },
33917
+ # ],
33918
+ # },
33919
+ # firewall_policy_arn: "NonEmptyString",
33920
+ # firewall_policy_id: "NonEmptyString",
33921
+ # firewall_policy_name: "NonEmptyString",
33922
+ # description: "NonEmptyString",
33923
+ # },
33924
+ # aws_network_firewall_firewall: {
33925
+ # delete_protection: false,
33926
+ # description: "NonEmptyString",
33927
+ # firewall_arn: "NonEmptyString",
33928
+ # firewall_id: "NonEmptyString",
33929
+ # firewall_name: "NonEmptyString",
33930
+ # firewall_policy_arn: "NonEmptyString",
33931
+ # firewall_policy_change_protection: false,
33932
+ # subnet_change_protection: false,
33933
+ # subnet_mappings: [
33934
+ # {
33935
+ # subnet_id: "NonEmptyString",
33936
+ # },
33937
+ # ],
33938
+ # vpc_id: "NonEmptyString",
33939
+ # },
33940
+ # aws_network_firewall_rule_group: {
33941
+ # capacity: 1,
33942
+ # description: "NonEmptyString",
33943
+ # rule_group: {
33944
+ # rule_variables: {
33945
+ # ip_sets: {
33946
+ # definition: ["NonEmptyString"],
33947
+ # },
33948
+ # port_sets: {
33949
+ # definition: ["NonEmptyString"],
33950
+ # },
33951
+ # },
33952
+ # rules_source: {
33953
+ # rules_source_list: {
33954
+ # generated_rules_type: "NonEmptyString",
33955
+ # target_types: ["NonEmptyString"],
33956
+ # targets: ["NonEmptyString"],
33957
+ # },
33958
+ # rules_string: "NonEmptyString",
33959
+ # stateful_rules: [
33960
+ # {
33961
+ # action: "NonEmptyString",
33962
+ # header: {
33963
+ # destination: "NonEmptyString",
33964
+ # destination_port: "NonEmptyString",
33965
+ # direction: "NonEmptyString",
33966
+ # protocol: "NonEmptyString",
33967
+ # source: "NonEmptyString",
33968
+ # source_port: "NonEmptyString",
33969
+ # },
33970
+ # rule_options: [
33971
+ # {
33972
+ # keyword: "NonEmptyString",
33973
+ # settings: ["NonEmptyString"],
33974
+ # },
33975
+ # ],
33976
+ # },
33977
+ # ],
33978
+ # stateless_rules_and_custom_actions: {
33979
+ # custom_actions: [
33980
+ # {
33981
+ # action_definition: {
33982
+ # publish_metric_action: {
33983
+ # dimensions: [
33984
+ # {
33985
+ # value: "NonEmptyString",
33986
+ # },
33987
+ # ],
33988
+ # },
33989
+ # },
33990
+ # action_name: "NonEmptyString",
33991
+ # },
33992
+ # ],
33993
+ # stateless_rules: [
33994
+ # {
33995
+ # priority: 1,
33996
+ # rule_definition: {
33997
+ # actions: ["NonEmptyString"],
33998
+ # match_attributes: {
33999
+ # destination_ports: [
34000
+ # {
34001
+ # from_port: 1,
34002
+ # to_port: 1,
34003
+ # },
34004
+ # ],
34005
+ # destinations: [
34006
+ # {
34007
+ # address_definition: "NonEmptyString",
34008
+ # },
34009
+ # ],
34010
+ # protocols: [1],
34011
+ # source_ports: [
34012
+ # {
34013
+ # from_port: 1,
34014
+ # to_port: 1,
34015
+ # },
34016
+ # ],
34017
+ # sources: [
34018
+ # {
34019
+ # address_definition: "NonEmptyString",
34020
+ # },
34021
+ # ],
34022
+ # tcp_flags: [
34023
+ # {
34024
+ # flags: ["NonEmptyString"],
34025
+ # masks: ["NonEmptyString"],
34026
+ # },
34027
+ # ],
34028
+ # },
34029
+ # },
34030
+ # },
34031
+ # ],
34032
+ # },
34033
+ # },
34034
+ # },
34035
+ # rule_group_arn: "NonEmptyString",
34036
+ # rule_group_id: "NonEmptyString",
34037
+ # rule_group_name: "NonEmptyString",
34038
+ # type: "NonEmptyString",
34039
+ # },
32604
34040
  # },
32605
34041
  # }
32606
34042
  #
@@ -32703,6 +34139,34 @@ module Aws::SecurityHub
32703
34139
  # health_check_type: "NonEmptyString",
32704
34140
  # health_check_grace_period: 1,
32705
34141
  # created_time: "NonEmptyString",
34142
+ # mixed_instances_policy: {
34143
+ # instances_distribution: {
34144
+ # on_demand_allocation_strategy: "NonEmptyString",
34145
+ # on_demand_base_capacity: 1,
34146
+ # on_demand_percentage_above_base_capacity: 1,
34147
+ # spot_allocation_strategy: "NonEmptyString",
34148
+ # spot_instance_pools: 1,
34149
+ # spot_max_price: "NonEmptyString",
34150
+ # },
34151
+ # launch_template: {
34152
+ # launch_template_specification: {
34153
+ # launch_template_id: "NonEmptyString",
34154
+ # launch_template_name: "NonEmptyString",
34155
+ # version: "NonEmptyString",
34156
+ # },
34157
+ # overrides: [
34158
+ # {
34159
+ # instance_type: "NonEmptyString",
34160
+ # weighted_capacity: "NonEmptyString",
34161
+ # },
34162
+ # ],
34163
+ # },
34164
+ # },
34165
+ # availability_zones: [
34166
+ # {
34167
+ # value: "NonEmptyString",
34168
+ # },
34169
+ # ],
32706
34170
  # },
32707
34171
  # aws_code_build_project: {
32708
34172
  # encryption_key: "NonEmptyString",
@@ -33273,6 +34737,10 @@ module Aws::SecurityHub
33273
34737
  # },
33274
34738
  # ],
33275
34739
  # },
34740
+ # bucket_versioning_configuration: {
34741
+ # is_mfa_delete_enabled: false,
34742
+ # status: "NonEmptyString",
34743
+ # },
33276
34744
  # },
33277
34745
  # aws_s3_account_public_access_block: {
33278
34746
  # block_public_acls: false,
@@ -34687,6 +36155,11 @@ module Aws::SecurityHub
34687
36155
  # security_groups: ["NonEmptyString"],
34688
36156
  # spot_price: "NonEmptyString",
34689
36157
  # user_data: "NonEmptyString",
36158
+ # metadata_options: {
36159
+ # http_endpoint: "NonEmptyString",
36160
+ # http_put_response_hop_limit: 1,
36161
+ # http_tokens: "NonEmptyString",
36162
+ # },
34690
36163
  # },
34691
36164
  # aws_ec2_vpn_connection: {
34692
36165
  # vpn_connection_id: "NonEmptyString",
@@ -34896,6 +36369,157 @@ module Aws::SecurityHub
34896
36369
  # ],
34897
36370
  # },
34898
36371
  # },
36372
+ # aws_network_firewall_firewall_policy: {
36373
+ # firewall_policy: {
36374
+ # stateful_rule_group_references: [
36375
+ # {
36376
+ # resource_arn: "NonEmptyString",
36377
+ # },
36378
+ # ],
36379
+ # stateless_custom_actions: [
36380
+ # {
36381
+ # action_definition: {
36382
+ # publish_metric_action: {
36383
+ # dimensions: [
36384
+ # {
36385
+ # value: "NonEmptyString",
36386
+ # },
36387
+ # ],
36388
+ # },
36389
+ # },
36390
+ # action_name: "NonEmptyString",
36391
+ # },
36392
+ # ],
36393
+ # stateless_default_actions: ["NonEmptyString"],
36394
+ # stateless_fragment_default_actions: ["NonEmptyString"],
36395
+ # stateless_rule_group_references: [
36396
+ # {
36397
+ # priority: 1,
36398
+ # resource_arn: "NonEmptyString",
36399
+ # },
36400
+ # ],
36401
+ # },
36402
+ # firewall_policy_arn: "NonEmptyString",
36403
+ # firewall_policy_id: "NonEmptyString",
36404
+ # firewall_policy_name: "NonEmptyString",
36405
+ # description: "NonEmptyString",
36406
+ # },
36407
+ # aws_network_firewall_firewall: {
36408
+ # delete_protection: false,
36409
+ # description: "NonEmptyString",
36410
+ # firewall_arn: "NonEmptyString",
36411
+ # firewall_id: "NonEmptyString",
36412
+ # firewall_name: "NonEmptyString",
36413
+ # firewall_policy_arn: "NonEmptyString",
36414
+ # firewall_policy_change_protection: false,
36415
+ # subnet_change_protection: false,
36416
+ # subnet_mappings: [
36417
+ # {
36418
+ # subnet_id: "NonEmptyString",
36419
+ # },
36420
+ # ],
36421
+ # vpc_id: "NonEmptyString",
36422
+ # },
36423
+ # aws_network_firewall_rule_group: {
36424
+ # capacity: 1,
36425
+ # description: "NonEmptyString",
36426
+ # rule_group: {
36427
+ # rule_variables: {
36428
+ # ip_sets: {
36429
+ # definition: ["NonEmptyString"],
36430
+ # },
36431
+ # port_sets: {
36432
+ # definition: ["NonEmptyString"],
36433
+ # },
36434
+ # },
36435
+ # rules_source: {
36436
+ # rules_source_list: {
36437
+ # generated_rules_type: "NonEmptyString",
36438
+ # target_types: ["NonEmptyString"],
36439
+ # targets: ["NonEmptyString"],
36440
+ # },
36441
+ # rules_string: "NonEmptyString",
36442
+ # stateful_rules: [
36443
+ # {
36444
+ # action: "NonEmptyString",
36445
+ # header: {
36446
+ # destination: "NonEmptyString",
36447
+ # destination_port: "NonEmptyString",
36448
+ # direction: "NonEmptyString",
36449
+ # protocol: "NonEmptyString",
36450
+ # source: "NonEmptyString",
36451
+ # source_port: "NonEmptyString",
36452
+ # },
36453
+ # rule_options: [
36454
+ # {
36455
+ # keyword: "NonEmptyString",
36456
+ # settings: ["NonEmptyString"],
36457
+ # },
36458
+ # ],
36459
+ # },
36460
+ # ],
36461
+ # stateless_rules_and_custom_actions: {
36462
+ # custom_actions: [
36463
+ # {
36464
+ # action_definition: {
36465
+ # publish_metric_action: {
36466
+ # dimensions: [
36467
+ # {
36468
+ # value: "NonEmptyString",
36469
+ # },
36470
+ # ],
36471
+ # },
36472
+ # },
36473
+ # action_name: "NonEmptyString",
36474
+ # },
36475
+ # ],
36476
+ # stateless_rules: [
36477
+ # {
36478
+ # priority: 1,
36479
+ # rule_definition: {
36480
+ # actions: ["NonEmptyString"],
36481
+ # match_attributes: {
36482
+ # destination_ports: [
36483
+ # {
36484
+ # from_port: 1,
36485
+ # to_port: 1,
36486
+ # },
36487
+ # ],
36488
+ # destinations: [
36489
+ # {
36490
+ # address_definition: "NonEmptyString",
36491
+ # },
36492
+ # ],
36493
+ # protocols: [1],
36494
+ # source_ports: [
36495
+ # {
36496
+ # from_port: 1,
36497
+ # to_port: 1,
36498
+ # },
36499
+ # ],
36500
+ # sources: [
36501
+ # {
36502
+ # address_definition: "NonEmptyString",
36503
+ # },
36504
+ # ],
36505
+ # tcp_flags: [
36506
+ # {
36507
+ # flags: ["NonEmptyString"],
36508
+ # masks: ["NonEmptyString"],
36509
+ # },
36510
+ # ],
36511
+ # },
36512
+ # },
36513
+ # },
36514
+ # ],
36515
+ # },
36516
+ # },
36517
+ # },
36518
+ # rule_group_arn: "NonEmptyString",
36519
+ # rule_group_id: "NonEmptyString",
36520
+ # rule_group_name: "NonEmptyString",
36521
+ # type: "NonEmptyString",
36522
+ # },
34899
36523
  # }
34900
36524
  #
34901
36525
  # @!attribute [rw] aws_auto_scaling_auto_scaling_group
@@ -35149,6 +36773,18 @@ module Aws::SecurityHub
35149
36773
  # Details about an Amazon EKS cluster.
35150
36774
  # @return [Types::AwsEksClusterDetails]
35151
36775
  #
36776
+ # @!attribute [rw] aws_network_firewall_firewall_policy
36777
+ # Details about an Network Firewall firewall policy.
36778
+ # @return [Types::AwsNetworkFirewallFirewallPolicyDetails]
36779
+ #
36780
+ # @!attribute [rw] aws_network_firewall_firewall
36781
+ # Details about an Network Firewall firewall.
36782
+ # @return [Types::AwsNetworkFirewallFirewallDetails]
36783
+ #
36784
+ # @!attribute [rw] aws_network_firewall_rule_group
36785
+ # Details about an Network Firewall rule group.
36786
+ # @return [Types::AwsNetworkFirewallRuleGroupDetails]
36787
+ #
35152
36788
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
35153
36789
  #
35154
36790
  class ResourceDetails < Struct.new(
@@ -35210,7 +36846,10 @@ module Aws::SecurityHub
35210
36846
  :aws_waf_rate_based_rule,
35211
36847
  :aws_waf_regional_rate_based_rule,
35212
36848
  :aws_ecr_repository,
35213
- :aws_eks_cluster)
36849
+ :aws_eks_cluster,
36850
+ :aws_network_firewall_firewall_policy,
36851
+ :aws_network_firewall_firewall,
36852
+ :aws_network_firewall_rule_group)
35214
36853
  SENSITIVE = []
35215
36854
  include Aws::Structure
35216
36855
  end
@@ -35253,6 +36892,931 @@ module Aws::SecurityHub
35253
36892
  include Aws::Structure
35254
36893
  end
35255
36894
 
36895
+ # Details about the rule group.
36896
+ #
36897
+ # @note When making an API call, you may pass RuleGroupDetails
36898
+ # data as a hash:
36899
+ #
36900
+ # {
36901
+ # rule_variables: {
36902
+ # ip_sets: {
36903
+ # definition: ["NonEmptyString"],
36904
+ # },
36905
+ # port_sets: {
36906
+ # definition: ["NonEmptyString"],
36907
+ # },
36908
+ # },
36909
+ # rules_source: {
36910
+ # rules_source_list: {
36911
+ # generated_rules_type: "NonEmptyString",
36912
+ # target_types: ["NonEmptyString"],
36913
+ # targets: ["NonEmptyString"],
36914
+ # },
36915
+ # rules_string: "NonEmptyString",
36916
+ # stateful_rules: [
36917
+ # {
36918
+ # action: "NonEmptyString",
36919
+ # header: {
36920
+ # destination: "NonEmptyString",
36921
+ # destination_port: "NonEmptyString",
36922
+ # direction: "NonEmptyString",
36923
+ # protocol: "NonEmptyString",
36924
+ # source: "NonEmptyString",
36925
+ # source_port: "NonEmptyString",
36926
+ # },
36927
+ # rule_options: [
36928
+ # {
36929
+ # keyword: "NonEmptyString",
36930
+ # settings: ["NonEmptyString"],
36931
+ # },
36932
+ # ],
36933
+ # },
36934
+ # ],
36935
+ # stateless_rules_and_custom_actions: {
36936
+ # custom_actions: [
36937
+ # {
36938
+ # action_definition: {
36939
+ # publish_metric_action: {
36940
+ # dimensions: [
36941
+ # {
36942
+ # value: "NonEmptyString",
36943
+ # },
36944
+ # ],
36945
+ # },
36946
+ # },
36947
+ # action_name: "NonEmptyString",
36948
+ # },
36949
+ # ],
36950
+ # stateless_rules: [
36951
+ # {
36952
+ # priority: 1,
36953
+ # rule_definition: {
36954
+ # actions: ["NonEmptyString"],
36955
+ # match_attributes: {
36956
+ # destination_ports: [
36957
+ # {
36958
+ # from_port: 1,
36959
+ # to_port: 1,
36960
+ # },
36961
+ # ],
36962
+ # destinations: [
36963
+ # {
36964
+ # address_definition: "NonEmptyString",
36965
+ # },
36966
+ # ],
36967
+ # protocols: [1],
36968
+ # source_ports: [
36969
+ # {
36970
+ # from_port: 1,
36971
+ # to_port: 1,
36972
+ # },
36973
+ # ],
36974
+ # sources: [
36975
+ # {
36976
+ # address_definition: "NonEmptyString",
36977
+ # },
36978
+ # ],
36979
+ # tcp_flags: [
36980
+ # {
36981
+ # flags: ["NonEmptyString"],
36982
+ # masks: ["NonEmptyString"],
36983
+ # },
36984
+ # ],
36985
+ # },
36986
+ # },
36987
+ # },
36988
+ # ],
36989
+ # },
36990
+ # },
36991
+ # }
36992
+ #
36993
+ # @!attribute [rw] rule_variables
36994
+ # Additional settings to use in the specified rules.
36995
+ # @return [Types::RuleGroupVariables]
36996
+ #
36997
+ # @!attribute [rw] rules_source
36998
+ # The rules and actions for the rule group.
36999
+ #
37000
+ # For stateful rule groups, can contain `RulesString`,
37001
+ # `RulesSourceList`, or `StatefulRules`.
37002
+ #
37003
+ # For stateless rule groups, contains
37004
+ # `StatelessRulesAndCustomActions`.
37005
+ # @return [Types::RuleGroupSource]
37006
+ #
37007
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupDetails AWS API Documentation
37008
+ #
37009
+ class RuleGroupDetails < Struct.new(
37010
+ :rule_variables,
37011
+ :rules_source)
37012
+ SENSITIVE = []
37013
+ include Aws::Structure
37014
+ end
37015
+
37016
+ # The rules and actions for the rule group.
37017
+ #
37018
+ # @note When making an API call, you may pass RuleGroupSource
37019
+ # data as a hash:
37020
+ #
37021
+ # {
37022
+ # rules_source_list: {
37023
+ # generated_rules_type: "NonEmptyString",
37024
+ # target_types: ["NonEmptyString"],
37025
+ # targets: ["NonEmptyString"],
37026
+ # },
37027
+ # rules_string: "NonEmptyString",
37028
+ # stateful_rules: [
37029
+ # {
37030
+ # action: "NonEmptyString",
37031
+ # header: {
37032
+ # destination: "NonEmptyString",
37033
+ # destination_port: "NonEmptyString",
37034
+ # direction: "NonEmptyString",
37035
+ # protocol: "NonEmptyString",
37036
+ # source: "NonEmptyString",
37037
+ # source_port: "NonEmptyString",
37038
+ # },
37039
+ # rule_options: [
37040
+ # {
37041
+ # keyword: "NonEmptyString",
37042
+ # settings: ["NonEmptyString"],
37043
+ # },
37044
+ # ],
37045
+ # },
37046
+ # ],
37047
+ # stateless_rules_and_custom_actions: {
37048
+ # custom_actions: [
37049
+ # {
37050
+ # action_definition: {
37051
+ # publish_metric_action: {
37052
+ # dimensions: [
37053
+ # {
37054
+ # value: "NonEmptyString",
37055
+ # },
37056
+ # ],
37057
+ # },
37058
+ # },
37059
+ # action_name: "NonEmptyString",
37060
+ # },
37061
+ # ],
37062
+ # stateless_rules: [
37063
+ # {
37064
+ # priority: 1,
37065
+ # rule_definition: {
37066
+ # actions: ["NonEmptyString"],
37067
+ # match_attributes: {
37068
+ # destination_ports: [
37069
+ # {
37070
+ # from_port: 1,
37071
+ # to_port: 1,
37072
+ # },
37073
+ # ],
37074
+ # destinations: [
37075
+ # {
37076
+ # address_definition: "NonEmptyString",
37077
+ # },
37078
+ # ],
37079
+ # protocols: [1],
37080
+ # source_ports: [
37081
+ # {
37082
+ # from_port: 1,
37083
+ # to_port: 1,
37084
+ # },
37085
+ # ],
37086
+ # sources: [
37087
+ # {
37088
+ # address_definition: "NonEmptyString",
37089
+ # },
37090
+ # ],
37091
+ # tcp_flags: [
37092
+ # {
37093
+ # flags: ["NonEmptyString"],
37094
+ # masks: ["NonEmptyString"],
37095
+ # },
37096
+ # ],
37097
+ # },
37098
+ # },
37099
+ # },
37100
+ # ],
37101
+ # },
37102
+ # }
37103
+ #
37104
+ # @!attribute [rw] rules_source_list
37105
+ # Stateful inspection criteria for a domain list rule group. A domain
37106
+ # list rule group determines access by specific protocols to specific
37107
+ # domains.
37108
+ # @return [Types::RuleGroupSourceListDetails]
37109
+ #
37110
+ # @!attribute [rw] rules_string
37111
+ # Stateful inspection criteria, provided in Suricata compatible
37112
+ # intrusion prevention system (IPS) rules.
37113
+ # @return [String]
37114
+ #
37115
+ # @!attribute [rw] stateful_rules
37116
+ # Suricata rule specifications.
37117
+ # @return [Array<Types::RuleGroupSourceStatefulRulesDetails>]
37118
+ #
37119
+ # @!attribute [rw] stateless_rules_and_custom_actions
37120
+ # The stateless rules and custom actions used by a stateless rule
37121
+ # group.
37122
+ # @return [Types::RuleGroupSourceStatelessRulesAndCustomActionsDetails]
37123
+ #
37124
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSource AWS API Documentation
37125
+ #
37126
+ class RuleGroupSource < Struct.new(
37127
+ :rules_source_list,
37128
+ :rules_string,
37129
+ :stateful_rules,
37130
+ :stateless_rules_and_custom_actions)
37131
+ SENSITIVE = []
37132
+ include Aws::Structure
37133
+ end
37134
+
37135
+ # A custom action definition. A custom action is an optional,
37136
+ # non-standard action to use for stateless packet handling.
37137
+ #
37138
+ # @note When making an API call, you may pass RuleGroupSourceCustomActionsDetails
37139
+ # data as a hash:
37140
+ #
37141
+ # {
37142
+ # action_definition: {
37143
+ # publish_metric_action: {
37144
+ # dimensions: [
37145
+ # {
37146
+ # value: "NonEmptyString",
37147
+ # },
37148
+ # ],
37149
+ # },
37150
+ # },
37151
+ # action_name: "NonEmptyString",
37152
+ # }
37153
+ #
37154
+ # @!attribute [rw] action_definition
37155
+ # The definition of a custom action.
37156
+ # @return [Types::StatelessCustomActionDefinition]
37157
+ #
37158
+ # @!attribute [rw] action_name
37159
+ # A descriptive name of the custom action.
37160
+ # @return [String]
37161
+ #
37162
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceCustomActionsDetails AWS API Documentation
37163
+ #
37164
+ class RuleGroupSourceCustomActionsDetails < Struct.new(
37165
+ :action_definition,
37166
+ :action_name)
37167
+ SENSITIVE = []
37168
+ include Aws::Structure
37169
+ end
37170
+
37171
+ # Stateful inspection criteria for a domain list rule group.
37172
+ #
37173
+ # @note When making an API call, you may pass RuleGroupSourceListDetails
37174
+ # data as a hash:
37175
+ #
37176
+ # {
37177
+ # generated_rules_type: "NonEmptyString",
37178
+ # target_types: ["NonEmptyString"],
37179
+ # targets: ["NonEmptyString"],
37180
+ # }
37181
+ #
37182
+ # @!attribute [rw] generated_rules_type
37183
+ # Indicates whether to allow or deny access to the domains listed in
37184
+ # `Targets`.
37185
+ # @return [String]
37186
+ #
37187
+ # @!attribute [rw] target_types
37188
+ # The protocols that you want to inspect. Specify `LS_SNI` for HTTPS.
37189
+ # Specify `HTTP_HOST` for HTTP. You can specify either or both.
37190
+ # @return [Array<String>]
37191
+ #
37192
+ # @!attribute [rw] targets
37193
+ # The domains that you want to inspect for in your traffic flows. You
37194
+ # can provide full domain names, or use the '.' prefix as a
37195
+ # wildcard. For example, `.example.com` matches all domains that end
37196
+ # with `example.com`.
37197
+ # @return [Array<String>]
37198
+ #
37199
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceListDetails AWS API Documentation
37200
+ #
37201
+ class RuleGroupSourceListDetails < Struct.new(
37202
+ :generated_rules_type,
37203
+ :target_types,
37204
+ :targets)
37205
+ SENSITIVE = []
37206
+ include Aws::Structure
37207
+ end
37208
+
37209
+ # A Suricata rule specification.
37210
+ #
37211
+ # @note When making an API call, you may pass RuleGroupSourceStatefulRulesDetails
37212
+ # data as a hash:
37213
+ #
37214
+ # {
37215
+ # action: "NonEmptyString",
37216
+ # header: {
37217
+ # destination: "NonEmptyString",
37218
+ # destination_port: "NonEmptyString",
37219
+ # direction: "NonEmptyString",
37220
+ # protocol: "NonEmptyString",
37221
+ # source: "NonEmptyString",
37222
+ # source_port: "NonEmptyString",
37223
+ # },
37224
+ # rule_options: [
37225
+ # {
37226
+ # keyword: "NonEmptyString",
37227
+ # settings: ["NonEmptyString"],
37228
+ # },
37229
+ # ],
37230
+ # }
37231
+ #
37232
+ # @!attribute [rw] action
37233
+ # Defines what Network Firewall should do with the packets in a
37234
+ # traffic flow when the flow matches the stateful rule criteria.
37235
+ # @return [String]
37236
+ #
37237
+ # @!attribute [rw] header
37238
+ # The stateful inspection criteria for the rule.
37239
+ # @return [Types::RuleGroupSourceStatefulRulesHeaderDetails]
37240
+ #
37241
+ # @!attribute [rw] rule_options
37242
+ # Additional options for the rule.
37243
+ # @return [Array<Types::RuleGroupSourceStatefulRulesOptionsDetails>]
37244
+ #
37245
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesDetails AWS API Documentation
37246
+ #
37247
+ class RuleGroupSourceStatefulRulesDetails < Struct.new(
37248
+ :action,
37249
+ :header,
37250
+ :rule_options)
37251
+ SENSITIVE = []
37252
+ include Aws::Structure
37253
+ end
37254
+
37255
+ # The inspection criteria for a stateful rule.
37256
+ #
37257
+ # @note When making an API call, you may pass RuleGroupSourceStatefulRulesHeaderDetails
37258
+ # data as a hash:
37259
+ #
37260
+ # {
37261
+ # destination: "NonEmptyString",
37262
+ # destination_port: "NonEmptyString",
37263
+ # direction: "NonEmptyString",
37264
+ # protocol: "NonEmptyString",
37265
+ # source: "NonEmptyString",
37266
+ # source_port: "NonEmptyString",
37267
+ # }
37268
+ #
37269
+ # @!attribute [rw] destination
37270
+ # The destination IP address or address range to inspect for, in CIDR
37271
+ # notation. To match with any address, specify `ANY`.
37272
+ # @return [String]
37273
+ #
37274
+ # @!attribute [rw] destination_port
37275
+ # The destination port to inspect for. You can specify an individual
37276
+ # port, such as `1994`. You also can specify a port range, such as
37277
+ # `1990:1994`. To match with any port, specify `ANY`.
37278
+ # @return [String]
37279
+ #
37280
+ # @!attribute [rw] direction
37281
+ # The direction of traffic flow to inspect. If set to `ANY`, the
37282
+ # inspection matches bidirectional traffic, both from the source to
37283
+ # the destination and from the destination to the source. If set to
37284
+ # `FORWARD`, the inspection only matches traffic going from the source
37285
+ # to the destination.
37286
+ # @return [String]
37287
+ #
37288
+ # @!attribute [rw] protocol
37289
+ # The protocol to inspect for. To inspector for all protocols, use
37290
+ # `IP`.
37291
+ # @return [String]
37292
+ #
37293
+ # @!attribute [rw] source
37294
+ # The source IP address or address range to inspect for, in CIDR
37295
+ # notation. To match with any address, specify `ANY`.
37296
+ # @return [String]
37297
+ #
37298
+ # @!attribute [rw] source_port
37299
+ # The source port to inspect for. You can specify an individual port,
37300
+ # such as `1994`. You also can specify a port range, such as
37301
+ # `1990:1994`. To match with any port, specify `ANY`.
37302
+ # @return [String]
37303
+ #
37304
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesHeaderDetails AWS API Documentation
37305
+ #
37306
+ class RuleGroupSourceStatefulRulesHeaderDetails < Struct.new(
37307
+ :destination,
37308
+ :destination_port,
37309
+ :direction,
37310
+ :protocol,
37311
+ :source,
37312
+ :source_port)
37313
+ SENSITIVE = []
37314
+ include Aws::Structure
37315
+ end
37316
+
37317
+ # A rule option for a stateful rule.
37318
+ #
37319
+ # @note When making an API call, you may pass RuleGroupSourceStatefulRulesOptionsDetails
37320
+ # data as a hash:
37321
+ #
37322
+ # {
37323
+ # keyword: "NonEmptyString",
37324
+ # settings: ["NonEmptyString"],
37325
+ # }
37326
+ #
37327
+ # @!attribute [rw] keyword
37328
+ # A keyword to look for.
37329
+ # @return [String]
37330
+ #
37331
+ # @!attribute [rw] settings
37332
+ # A list of settings.
37333
+ # @return [Array<String>]
37334
+ #
37335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesOptionsDetails AWS API Documentation
37336
+ #
37337
+ class RuleGroupSourceStatefulRulesOptionsDetails < Struct.new(
37338
+ :keyword,
37339
+ :settings)
37340
+ SENSITIVE = []
37341
+ include Aws::Structure
37342
+ end
37343
+
37344
+ # The definition of the stateless rule.
37345
+ #
37346
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleDefinition
37347
+ # data as a hash:
37348
+ #
37349
+ # {
37350
+ # actions: ["NonEmptyString"],
37351
+ # match_attributes: {
37352
+ # destination_ports: [
37353
+ # {
37354
+ # from_port: 1,
37355
+ # to_port: 1,
37356
+ # },
37357
+ # ],
37358
+ # destinations: [
37359
+ # {
37360
+ # address_definition: "NonEmptyString",
37361
+ # },
37362
+ # ],
37363
+ # protocols: [1],
37364
+ # source_ports: [
37365
+ # {
37366
+ # from_port: 1,
37367
+ # to_port: 1,
37368
+ # },
37369
+ # ],
37370
+ # sources: [
37371
+ # {
37372
+ # address_definition: "NonEmptyString",
37373
+ # },
37374
+ # ],
37375
+ # tcp_flags: [
37376
+ # {
37377
+ # flags: ["NonEmptyString"],
37378
+ # masks: ["NonEmptyString"],
37379
+ # },
37380
+ # ],
37381
+ # },
37382
+ # }
37383
+ #
37384
+ # @!attribute [rw] actions
37385
+ # The actions to take on a packet that matches one of the stateless
37386
+ # rule definition's match attributes. You must specify a standard
37387
+ # action (`aws:pass`, `aws:drop`, or `aws:forward_to_sfe`). You can
37388
+ # then add custom actions.
37389
+ # @return [Array<String>]
37390
+ #
37391
+ # @!attribute [rw] match_attributes
37392
+ # The criteria for Network Firewall to use to inspect an individual
37393
+ # packet in a stateless rule inspection.
37394
+ # @return [Types::RuleGroupSourceStatelessRuleMatchAttributes]
37395
+ #
37396
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleDefinition AWS API Documentation
37397
+ #
37398
+ class RuleGroupSourceStatelessRuleDefinition < Struct.new(
37399
+ :actions,
37400
+ :match_attributes)
37401
+ SENSITIVE = []
37402
+ include Aws::Structure
37403
+ end
37404
+
37405
+ # Criteria for the stateless rule.
37406
+ #
37407
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributes
37408
+ # data as a hash:
37409
+ #
37410
+ # {
37411
+ # destination_ports: [
37412
+ # {
37413
+ # from_port: 1,
37414
+ # to_port: 1,
37415
+ # },
37416
+ # ],
37417
+ # destinations: [
37418
+ # {
37419
+ # address_definition: "NonEmptyString",
37420
+ # },
37421
+ # ],
37422
+ # protocols: [1],
37423
+ # source_ports: [
37424
+ # {
37425
+ # from_port: 1,
37426
+ # to_port: 1,
37427
+ # },
37428
+ # ],
37429
+ # sources: [
37430
+ # {
37431
+ # address_definition: "NonEmptyString",
37432
+ # },
37433
+ # ],
37434
+ # tcp_flags: [
37435
+ # {
37436
+ # flags: ["NonEmptyString"],
37437
+ # masks: ["NonEmptyString"],
37438
+ # },
37439
+ # ],
37440
+ # }
37441
+ #
37442
+ # @!attribute [rw] destination_ports
37443
+ # A list of port ranges to specify the destination ports to inspect
37444
+ # for.
37445
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts>]
37446
+ #
37447
+ # @!attribute [rw] destinations
37448
+ # The destination IP addresses and address ranges to inspect for, in
37449
+ # CIDR notation.
37450
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesDestinations>]
37451
+ #
37452
+ # @!attribute [rw] protocols
37453
+ # The protocols to inspect for.
37454
+ # @return [Array<Integer>]
37455
+ #
37456
+ # @!attribute [rw] source_ports
37457
+ # A list of port ranges to specify the source ports to inspect for.
37458
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesSourcePorts>]
37459
+ #
37460
+ # @!attribute [rw] sources
37461
+ # The source IP addresses and address ranges to inspect for, in CIDR
37462
+ # notation.
37463
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesSources>]
37464
+ #
37465
+ # @!attribute [rw] tcp_flags
37466
+ # The TCP flags and masks to inspect for.
37467
+ # @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesTcpFlags>]
37468
+ #
37469
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributes AWS API Documentation
37470
+ #
37471
+ class RuleGroupSourceStatelessRuleMatchAttributes < Struct.new(
37472
+ :destination_ports,
37473
+ :destinations,
37474
+ :protocols,
37475
+ :source_ports,
37476
+ :sources,
37477
+ :tcp_flags)
37478
+ SENSITIVE = []
37479
+ include Aws::Structure
37480
+ end
37481
+
37482
+ # A port range to specify the destination ports to inspect for.
37483
+ #
37484
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
37485
+ # data as a hash:
37486
+ #
37487
+ # {
37488
+ # from_port: 1,
37489
+ # to_port: 1,
37490
+ # }
37491
+ #
37492
+ # @!attribute [rw] from_port
37493
+ # The starting port value for the port range.
37494
+ # @return [Integer]
37495
+ #
37496
+ # @!attribute [rw] to_port
37497
+ # The ending port value for the port range.
37498
+ # @return [Integer]
37499
+ #
37500
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts AWS API Documentation
37501
+ #
37502
+ class RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts < Struct.new(
37503
+ :from_port,
37504
+ :to_port)
37505
+ SENSITIVE = []
37506
+ include Aws::Structure
37507
+ end
37508
+
37509
+ # A destination IP address or range.
37510
+ #
37511
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinations
37512
+ # data as a hash:
37513
+ #
37514
+ # {
37515
+ # address_definition: "NonEmptyString",
37516
+ # }
37517
+ #
37518
+ # @!attribute [rw] address_definition
37519
+ # An IP address or a block of IP addresses.
37520
+ # @return [String]
37521
+ #
37522
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinations AWS API Documentation
37523
+ #
37524
+ class RuleGroupSourceStatelessRuleMatchAttributesDestinations < Struct.new(
37525
+ :address_definition)
37526
+ SENSITIVE = []
37527
+ include Aws::Structure
37528
+ end
37529
+
37530
+ # A port range to specify the source ports to inspect for.
37531
+ #
37532
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
37533
+ # data as a hash:
37534
+ #
37535
+ # {
37536
+ # from_port: 1,
37537
+ # to_port: 1,
37538
+ # }
37539
+ #
37540
+ # @!attribute [rw] from_port
37541
+ # The starting port value for the port range.
37542
+ # @return [Integer]
37543
+ #
37544
+ # @!attribute [rw] to_port
37545
+ # The ending port value for the port range.
37546
+ # @return [Integer]
37547
+ #
37548
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts AWS API Documentation
37549
+ #
37550
+ class RuleGroupSourceStatelessRuleMatchAttributesSourcePorts < Struct.new(
37551
+ :from_port,
37552
+ :to_port)
37553
+ SENSITIVE = []
37554
+ include Aws::Structure
37555
+ end
37556
+
37557
+ # A source IP addresses and address range to inspect for.
37558
+ #
37559
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSources
37560
+ # data as a hash:
37561
+ #
37562
+ # {
37563
+ # address_definition: "NonEmptyString",
37564
+ # }
37565
+ #
37566
+ # @!attribute [rw] address_definition
37567
+ # An IP address or a block of IP addresses.
37568
+ # @return [String]
37569
+ #
37570
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSources AWS API Documentation
37571
+ #
37572
+ class RuleGroupSourceStatelessRuleMatchAttributesSources < Struct.new(
37573
+ :address_definition)
37574
+ SENSITIVE = []
37575
+ include Aws::Structure
37576
+ end
37577
+
37578
+ # A set of TCP flags and masks to inspect for.
37579
+ #
37580
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
37581
+ # data as a hash:
37582
+ #
37583
+ # {
37584
+ # flags: ["NonEmptyString"],
37585
+ # masks: ["NonEmptyString"],
37586
+ # }
37587
+ #
37588
+ # @!attribute [rw] flags
37589
+ # Defines the flags from the `Masks` setting that must be set in order
37590
+ # for the packet to match. Flags that are listed must be set. Flags
37591
+ # that are not listed must not be set.
37592
+ # @return [Array<String>]
37593
+ #
37594
+ # @!attribute [rw] masks
37595
+ # The set of flags to consider in the inspection. If not specified,
37596
+ # then all flags are inspected.
37597
+ # @return [Array<String>]
37598
+ #
37599
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags AWS API Documentation
37600
+ #
37601
+ class RuleGroupSourceStatelessRuleMatchAttributesTcpFlags < Struct.new(
37602
+ :flags,
37603
+ :masks)
37604
+ SENSITIVE = []
37605
+ include Aws::Structure
37606
+ end
37607
+
37608
+ # Stateless rules and custom actions for a stateless rule group.
37609
+ #
37610
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRulesAndCustomActionsDetails
37611
+ # data as a hash:
37612
+ #
37613
+ # {
37614
+ # custom_actions: [
37615
+ # {
37616
+ # action_definition: {
37617
+ # publish_metric_action: {
37618
+ # dimensions: [
37619
+ # {
37620
+ # value: "NonEmptyString",
37621
+ # },
37622
+ # ],
37623
+ # },
37624
+ # },
37625
+ # action_name: "NonEmptyString",
37626
+ # },
37627
+ # ],
37628
+ # stateless_rules: [
37629
+ # {
37630
+ # priority: 1,
37631
+ # rule_definition: {
37632
+ # actions: ["NonEmptyString"],
37633
+ # match_attributes: {
37634
+ # destination_ports: [
37635
+ # {
37636
+ # from_port: 1,
37637
+ # to_port: 1,
37638
+ # },
37639
+ # ],
37640
+ # destinations: [
37641
+ # {
37642
+ # address_definition: "NonEmptyString",
37643
+ # },
37644
+ # ],
37645
+ # protocols: [1],
37646
+ # source_ports: [
37647
+ # {
37648
+ # from_port: 1,
37649
+ # to_port: 1,
37650
+ # },
37651
+ # ],
37652
+ # sources: [
37653
+ # {
37654
+ # address_definition: "NonEmptyString",
37655
+ # },
37656
+ # ],
37657
+ # tcp_flags: [
37658
+ # {
37659
+ # flags: ["NonEmptyString"],
37660
+ # masks: ["NonEmptyString"],
37661
+ # },
37662
+ # ],
37663
+ # },
37664
+ # },
37665
+ # },
37666
+ # ],
37667
+ # }
37668
+ #
37669
+ # @!attribute [rw] custom_actions
37670
+ # Custom actions for the rule group.
37671
+ # @return [Array<Types::RuleGroupSourceCustomActionsDetails>]
37672
+ #
37673
+ # @!attribute [rw] stateless_rules
37674
+ # Stateless rules for the rule group.
37675
+ # @return [Array<Types::RuleGroupSourceStatelessRulesDetails>]
37676
+ #
37677
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesAndCustomActionsDetails AWS API Documentation
37678
+ #
37679
+ class RuleGroupSourceStatelessRulesAndCustomActionsDetails < Struct.new(
37680
+ :custom_actions,
37681
+ :stateless_rules)
37682
+ SENSITIVE = []
37683
+ include Aws::Structure
37684
+ end
37685
+
37686
+ # A stateless rule in the rule group.
37687
+ #
37688
+ # @note When making an API call, you may pass RuleGroupSourceStatelessRulesDetails
37689
+ # data as a hash:
37690
+ #
37691
+ # {
37692
+ # priority: 1,
37693
+ # rule_definition: {
37694
+ # actions: ["NonEmptyString"],
37695
+ # match_attributes: {
37696
+ # destination_ports: [
37697
+ # {
37698
+ # from_port: 1,
37699
+ # to_port: 1,
37700
+ # },
37701
+ # ],
37702
+ # destinations: [
37703
+ # {
37704
+ # address_definition: "NonEmptyString",
37705
+ # },
37706
+ # ],
37707
+ # protocols: [1],
37708
+ # source_ports: [
37709
+ # {
37710
+ # from_port: 1,
37711
+ # to_port: 1,
37712
+ # },
37713
+ # ],
37714
+ # sources: [
37715
+ # {
37716
+ # address_definition: "NonEmptyString",
37717
+ # },
37718
+ # ],
37719
+ # tcp_flags: [
37720
+ # {
37721
+ # flags: ["NonEmptyString"],
37722
+ # masks: ["NonEmptyString"],
37723
+ # },
37724
+ # ],
37725
+ # },
37726
+ # },
37727
+ # }
37728
+ #
37729
+ # @!attribute [rw] priority
37730
+ # Indicates the order in which to run this rule relative to all of the
37731
+ # rules in the stateless rule group.
37732
+ # @return [Integer]
37733
+ #
37734
+ # @!attribute [rw] rule_definition
37735
+ # Provides the definition of the stateless rule.
37736
+ # @return [Types::RuleGroupSourceStatelessRuleDefinition]
37737
+ #
37738
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesDetails AWS API Documentation
37739
+ #
37740
+ class RuleGroupSourceStatelessRulesDetails < Struct.new(
37741
+ :priority,
37742
+ :rule_definition)
37743
+ SENSITIVE = []
37744
+ include Aws::Structure
37745
+ end
37746
+
37747
+ # Additional settings to use in the specified rules.
37748
+ #
37749
+ # @note When making an API call, you may pass RuleGroupVariables
37750
+ # data as a hash:
37751
+ #
37752
+ # {
37753
+ # ip_sets: {
37754
+ # definition: ["NonEmptyString"],
37755
+ # },
37756
+ # port_sets: {
37757
+ # definition: ["NonEmptyString"],
37758
+ # },
37759
+ # }
37760
+ #
37761
+ # @!attribute [rw] ip_sets
37762
+ # A list of IP addresses and address ranges, in CIDR notation.
37763
+ # @return [Types::RuleGroupVariablesIpSetsDetails]
37764
+ #
37765
+ # @!attribute [rw] port_sets
37766
+ # A list of port ranges.
37767
+ # @return [Types::RuleGroupVariablesPortSetsDetails]
37768
+ #
37769
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariables AWS API Documentation
37770
+ #
37771
+ class RuleGroupVariables < Struct.new(
37772
+ :ip_sets,
37773
+ :port_sets)
37774
+ SENSITIVE = []
37775
+ include Aws::Structure
37776
+ end
37777
+
37778
+ # A list of IP addresses and address ranges, in CIDR notation.
37779
+ #
37780
+ # @note When making an API call, you may pass RuleGroupVariablesIpSetsDetails
37781
+ # data as a hash:
37782
+ #
37783
+ # {
37784
+ # definition: ["NonEmptyString"],
37785
+ # }
37786
+ #
37787
+ # @!attribute [rw] definition
37788
+ # The list of IP addresses and ranges.
37789
+ # @return [Array<String>]
37790
+ #
37791
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesIpSetsDetails AWS API Documentation
37792
+ #
37793
+ class RuleGroupVariablesIpSetsDetails < Struct.new(
37794
+ :definition)
37795
+ SENSITIVE = []
37796
+ include Aws::Structure
37797
+ end
37798
+
37799
+ # A list of port ranges.
37800
+ #
37801
+ # @note When making an API call, you may pass RuleGroupVariablesPortSetsDetails
37802
+ # data as a hash:
37803
+ #
37804
+ # {
37805
+ # definition: ["NonEmptyString"],
37806
+ # }
37807
+ #
37808
+ # @!attribute [rw] definition
37809
+ # The list of port ranges.
37810
+ # @return [Array<String>]
37811
+ #
37812
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesPortSetsDetails AWS API Documentation
37813
+ #
37814
+ class RuleGroupVariablesPortSetsDetails < Struct.new(
37815
+ :definition)
37816
+ SENSITIVE = []
37817
+ include Aws::Structure
37818
+ end
37819
+
35256
37820
  # The list of detected instances of sensitive data.
35257
37821
  #
35258
37822
  # @note When making an API call, you may pass SensitiveDataDetections
@@ -35761,6 +38325,21 @@ module Aws::SecurityHub
35761
38325
  include Aws::Structure
35762
38326
  end
35763
38327
 
38328
+ # The reason for the current status of a standard subscription.
38329
+ #
38330
+ # @!attribute [rw] status_reason_code
38331
+ # The reason code that represents the reason for the current status of
38332
+ # a standard subscription.
38333
+ # @return [String]
38334
+ #
38335
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsStatusReason AWS API Documentation
38336
+ #
38337
+ class StandardsStatusReason < Struct.new(
38338
+ :status_reason_code)
38339
+ SENSITIVE = []
38340
+ include Aws::Structure
38341
+ end
38342
+
35764
38343
  # A resource that represents your subscription to a supported standard.
35765
38344
  #
35766
38345
  # @!attribute [rw] standards_subscription_arn
@@ -35793,13 +38372,18 @@ module Aws::SecurityHub
35793
38372
  # * `FAILED` - Standard could not be disabled.
35794
38373
  # @return [String]
35795
38374
  #
38375
+ # @!attribute [rw] standards_status_reason
38376
+ # The reason for the current status.
38377
+ # @return [Types::StandardsStatusReason]
38378
+ #
35796
38379
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
35797
38380
  #
35798
38381
  class StandardsSubscription < Struct.new(
35799
38382
  :standards_subscription_arn,
35800
38383
  :standards_arn,
35801
38384
  :standards_input,
35802
- :standards_status)
38385
+ :standards_status,
38386
+ :standards_status_reason)
35803
38387
  SENSITIVE = []
35804
38388
  include Aws::Structure
35805
38389
  end
@@ -35835,6 +38419,80 @@ module Aws::SecurityHub
35835
38419
  include Aws::Structure
35836
38420
  end
35837
38421
 
38422
+ # The definition of a custom action that can be used for stateless
38423
+ # packet handling.
38424
+ #
38425
+ # @note When making an API call, you may pass StatelessCustomActionDefinition
38426
+ # data as a hash:
38427
+ #
38428
+ # {
38429
+ # publish_metric_action: {
38430
+ # dimensions: [
38431
+ # {
38432
+ # value: "NonEmptyString",
38433
+ # },
38434
+ # ],
38435
+ # },
38436
+ # }
38437
+ #
38438
+ # @!attribute [rw] publish_metric_action
38439
+ # Information about metrics to publish to CloudWatch.
38440
+ # @return [Types::StatelessCustomPublishMetricAction]
38441
+ #
38442
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomActionDefinition AWS API Documentation
38443
+ #
38444
+ class StatelessCustomActionDefinition < Struct.new(
38445
+ :publish_metric_action)
38446
+ SENSITIVE = []
38447
+ include Aws::Structure
38448
+ end
38449
+
38450
+ # Information about metrics to publish to CloudWatch.
38451
+ #
38452
+ # @note When making an API call, you may pass StatelessCustomPublishMetricAction
38453
+ # data as a hash:
38454
+ #
38455
+ # {
38456
+ # dimensions: [
38457
+ # {
38458
+ # value: "NonEmptyString",
38459
+ # },
38460
+ # ],
38461
+ # }
38462
+ #
38463
+ # @!attribute [rw] dimensions
38464
+ # Defines CloudWatch dimension values to publish.
38465
+ # @return [Array<Types::StatelessCustomPublishMetricActionDimension>]
38466
+ #
38467
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricAction AWS API Documentation
38468
+ #
38469
+ class StatelessCustomPublishMetricAction < Struct.new(
38470
+ :dimensions)
38471
+ SENSITIVE = []
38472
+ include Aws::Structure
38473
+ end
38474
+
38475
+ # Defines a CloudWatch dimension value to publish.
38476
+ #
38477
+ # @note When making an API call, you may pass StatelessCustomPublishMetricActionDimension
38478
+ # data as a hash:
38479
+ #
38480
+ # {
38481
+ # value: "NonEmptyString",
38482
+ # }
38483
+ #
38484
+ # @!attribute [rw] value
38485
+ # The value to use for the custom metric dimension.
38486
+ # @return [String]
38487
+ #
38488
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricActionDimension AWS API Documentation
38489
+ #
38490
+ class StatelessCustomPublishMetricActionDimension < Struct.new(
38491
+ :value)
38492
+ SENSITIVE = []
38493
+ include Aws::Structure
38494
+ end
38495
+
35838
38496
  # Provides additional context for the value of `Compliance.Status`.
35839
38497
  #
35840
38498
  # @note When making an API call, you may pass StatusReason