aws-sdk-securityhub 1.55.0 → 1.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +325 -5
- data/lib/aws-sdk-securityhub/client_api.rb +284 -0
- data/lib/aws-sdk-securityhub/types.rb +2667 -9
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +4 -4
@@ -1414,6 +1414,27 @@ module Aws::SecurityHub
|
|
1414
1414
|
include Aws::Structure
|
1415
1415
|
end
|
1416
1416
|
|
1417
|
+
# An Availability Zone for the automatic scaling group.
|
1418
|
+
#
|
1419
|
+
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
|
1420
|
+
# data as a hash:
|
1421
|
+
#
|
1422
|
+
# {
|
1423
|
+
# value: "NonEmptyString",
|
1424
|
+
# }
|
1425
|
+
#
|
1426
|
+
# @!attribute [rw] value
|
1427
|
+
# The name of the Availability Zone.
|
1428
|
+
# @return [String]
|
1429
|
+
#
|
1430
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails AWS API Documentation
|
1431
|
+
#
|
1432
|
+
class AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails < Struct.new(
|
1433
|
+
:value)
|
1434
|
+
SENSITIVE = []
|
1435
|
+
include Aws::Structure
|
1436
|
+
end
|
1437
|
+
|
1417
1438
|
# Provides details about an auto scaling group.
|
1418
1439
|
#
|
1419
1440
|
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupDetails
|
@@ -1425,6 +1446,34 @@ module Aws::SecurityHub
|
|
1425
1446
|
# health_check_type: "NonEmptyString",
|
1426
1447
|
# health_check_grace_period: 1,
|
1427
1448
|
# created_time: "NonEmptyString",
|
1449
|
+
# mixed_instances_policy: {
|
1450
|
+
# instances_distribution: {
|
1451
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
1452
|
+
# on_demand_base_capacity: 1,
|
1453
|
+
# on_demand_percentage_above_base_capacity: 1,
|
1454
|
+
# spot_allocation_strategy: "NonEmptyString",
|
1455
|
+
# spot_instance_pools: 1,
|
1456
|
+
# spot_max_price: "NonEmptyString",
|
1457
|
+
# },
|
1458
|
+
# launch_template: {
|
1459
|
+
# launch_template_specification: {
|
1460
|
+
# launch_template_id: "NonEmptyString",
|
1461
|
+
# launch_template_name: "NonEmptyString",
|
1462
|
+
# version: "NonEmptyString",
|
1463
|
+
# },
|
1464
|
+
# overrides: [
|
1465
|
+
# {
|
1466
|
+
# instance_type: "NonEmptyString",
|
1467
|
+
# weighted_capacity: "NonEmptyString",
|
1468
|
+
# },
|
1469
|
+
# ],
|
1470
|
+
# },
|
1471
|
+
# },
|
1472
|
+
# availability_zones: [
|
1473
|
+
# {
|
1474
|
+
# value: "NonEmptyString",
|
1475
|
+
# },
|
1476
|
+
# ],
|
1428
1477
|
# }
|
1429
1478
|
#
|
1430
1479
|
# @!attribute [rw] launch_configuration_name
|
@@ -1457,6 +1506,14 @@ module Aws::SecurityHub
|
|
1457
1506
|
# [1]: https://tools.ietf.org/html/rfc3339#section-5.6
|
1458
1507
|
# @return [String]
|
1459
1508
|
#
|
1509
|
+
# @!attribute [rw] mixed_instances_policy
|
1510
|
+
# The mixed instances policy for the automatic scaling group.
|
1511
|
+
# @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails]
|
1512
|
+
#
|
1513
|
+
# @!attribute [rw] availability_zones
|
1514
|
+
# The list of Availability Zones for the automatic scaling group.
|
1515
|
+
# @return [Array<Types::AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails>]
|
1516
|
+
#
|
1460
1517
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupDetails AWS API Documentation
|
1461
1518
|
#
|
1462
1519
|
class AwsAutoScalingAutoScalingGroupDetails < Struct.new(
|
@@ -1464,7 +1521,217 @@ module Aws::SecurityHub
|
|
1464
1521
|
:load_balancer_names,
|
1465
1522
|
:health_check_type,
|
1466
1523
|
:health_check_grace_period,
|
1467
|
-
:created_time
|
1524
|
+
:created_time,
|
1525
|
+
:mixed_instances_policy,
|
1526
|
+
:availability_zones)
|
1527
|
+
SENSITIVE = []
|
1528
|
+
include Aws::Structure
|
1529
|
+
end
|
1530
|
+
|
1531
|
+
# The mixed instances policy for the automatic scaling group.
|
1532
|
+
#
|
1533
|
+
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
|
1534
|
+
# data as a hash:
|
1535
|
+
#
|
1536
|
+
# {
|
1537
|
+
# instances_distribution: {
|
1538
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
1539
|
+
# on_demand_base_capacity: 1,
|
1540
|
+
# on_demand_percentage_above_base_capacity: 1,
|
1541
|
+
# spot_allocation_strategy: "NonEmptyString",
|
1542
|
+
# spot_instance_pools: 1,
|
1543
|
+
# spot_max_price: "NonEmptyString",
|
1544
|
+
# },
|
1545
|
+
# launch_template: {
|
1546
|
+
# launch_template_specification: {
|
1547
|
+
# launch_template_id: "NonEmptyString",
|
1548
|
+
# launch_template_name: "NonEmptyString",
|
1549
|
+
# version: "NonEmptyString",
|
1550
|
+
# },
|
1551
|
+
# overrides: [
|
1552
|
+
# {
|
1553
|
+
# instance_type: "NonEmptyString",
|
1554
|
+
# weighted_capacity: "NonEmptyString",
|
1555
|
+
# },
|
1556
|
+
# ],
|
1557
|
+
# },
|
1558
|
+
# }
|
1559
|
+
#
|
1560
|
+
# @!attribute [rw] instances_distribution
|
1561
|
+
# The instances distribution. The instances distribution specifies the
|
1562
|
+
# distribution of On-Demand Instances and Spot Instances, the maximum
|
1563
|
+
# price to pay for Spot Instances, and how the Auto Scaling group
|
1564
|
+
# allocates instance types to fulfill On-Demand and Spot capacity.
|
1565
|
+
# @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails]
|
1566
|
+
#
|
1567
|
+
# @!attribute [rw] launch_template
|
1568
|
+
# The launch template to use and the instance types (overrides) to use
|
1569
|
+
# to provision EC2 instances to fulfill On-Demand and Spot capacities.
|
1570
|
+
# @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails]
|
1571
|
+
#
|
1572
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails AWS API Documentation
|
1573
|
+
#
|
1574
|
+
class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails < Struct.new(
|
1575
|
+
:instances_distribution,
|
1576
|
+
:launch_template)
|
1577
|
+
SENSITIVE = []
|
1578
|
+
include Aws::Structure
|
1579
|
+
end
|
1580
|
+
|
1581
|
+
# Information about the instances distribution.
|
1582
|
+
#
|
1583
|
+
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
|
1584
|
+
# data as a hash:
|
1585
|
+
#
|
1586
|
+
# {
|
1587
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
1588
|
+
# on_demand_base_capacity: 1,
|
1589
|
+
# on_demand_percentage_above_base_capacity: 1,
|
1590
|
+
# spot_allocation_strategy: "NonEmptyString",
|
1591
|
+
# spot_instance_pools: 1,
|
1592
|
+
# spot_max_price: "NonEmptyString",
|
1593
|
+
# }
|
1594
|
+
#
|
1595
|
+
# @!attribute [rw] on_demand_allocation_strategy
|
1596
|
+
# How to allocate instance types to fulfill On-Demand capacity.
|
1597
|
+
# @return [String]
|
1598
|
+
#
|
1599
|
+
# @!attribute [rw] on_demand_base_capacity
|
1600
|
+
# The minimum amount of the Auto Scaling group's capacity that must
|
1601
|
+
# be fulfilled by On-Demand Instances.
|
1602
|
+
# @return [Integer]
|
1603
|
+
#
|
1604
|
+
# @!attribute [rw] on_demand_percentage_above_base_capacity
|
1605
|
+
# The percentage of On-Demand Instances and Spot Instances for
|
1606
|
+
# additional capacity beyond `OnDemandBaseCapacity`.
|
1607
|
+
# @return [Integer]
|
1608
|
+
#
|
1609
|
+
# @!attribute [rw] spot_allocation_strategy
|
1610
|
+
# How to allocate instances across Spot Instance pools.
|
1611
|
+
# @return [String]
|
1612
|
+
#
|
1613
|
+
# @!attribute [rw] spot_instance_pools
|
1614
|
+
# The number of Spot Instance pools across which to allocate your Spot
|
1615
|
+
# Instances.
|
1616
|
+
# @return [Integer]
|
1617
|
+
#
|
1618
|
+
# @!attribute [rw] spot_max_price
|
1619
|
+
# The maximum price per unit hour that you are willing to pay for a
|
1620
|
+
# Spot Instance.
|
1621
|
+
# @return [String]
|
1622
|
+
#
|
1623
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails AWS API Documentation
|
1624
|
+
#
|
1625
|
+
class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails < Struct.new(
|
1626
|
+
:on_demand_allocation_strategy,
|
1627
|
+
:on_demand_base_capacity,
|
1628
|
+
:on_demand_percentage_above_base_capacity,
|
1629
|
+
:spot_allocation_strategy,
|
1630
|
+
:spot_instance_pools,
|
1631
|
+
:spot_max_price)
|
1632
|
+
SENSITIVE = []
|
1633
|
+
include Aws::Structure
|
1634
|
+
end
|
1635
|
+
|
1636
|
+
# Describes a launch template and overrides for a mixed instances
|
1637
|
+
# policy.
|
1638
|
+
#
|
1639
|
+
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
|
1640
|
+
# data as a hash:
|
1641
|
+
#
|
1642
|
+
# {
|
1643
|
+
# launch_template_specification: {
|
1644
|
+
# launch_template_id: "NonEmptyString",
|
1645
|
+
# launch_template_name: "NonEmptyString",
|
1646
|
+
# version: "NonEmptyString",
|
1647
|
+
# },
|
1648
|
+
# overrides: [
|
1649
|
+
# {
|
1650
|
+
# instance_type: "NonEmptyString",
|
1651
|
+
# weighted_capacity: "NonEmptyString",
|
1652
|
+
# },
|
1653
|
+
# ],
|
1654
|
+
# }
|
1655
|
+
#
|
1656
|
+
# @!attribute [rw] launch_template_specification
|
1657
|
+
# The launch template to use.
|
1658
|
+
# @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification]
|
1659
|
+
#
|
1660
|
+
# @!attribute [rw] overrides
|
1661
|
+
# Property values to use to override the values in the launch
|
1662
|
+
# template.
|
1663
|
+
# @return [Array<Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails>]
|
1664
|
+
#
|
1665
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails AWS API Documentation
|
1666
|
+
#
|
1667
|
+
class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails < Struct.new(
|
1668
|
+
:launch_template_specification,
|
1669
|
+
:overrides)
|
1670
|
+
SENSITIVE = []
|
1671
|
+
include Aws::Structure
|
1672
|
+
end
|
1673
|
+
|
1674
|
+
# Details about the launch template to use.
|
1675
|
+
#
|
1676
|
+
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
|
1677
|
+
# data as a hash:
|
1678
|
+
#
|
1679
|
+
# {
|
1680
|
+
# launch_template_id: "NonEmptyString",
|
1681
|
+
# launch_template_name: "NonEmptyString",
|
1682
|
+
# version: "NonEmptyString",
|
1683
|
+
# }
|
1684
|
+
#
|
1685
|
+
# @!attribute [rw] launch_template_id
|
1686
|
+
# The identifier of the launch template. You must specify either
|
1687
|
+
# `LaunchTemplateId` or `LaunchTemplateName`.
|
1688
|
+
# @return [String]
|
1689
|
+
#
|
1690
|
+
# @!attribute [rw] launch_template_name
|
1691
|
+
# The name of the launch template. You must specify either
|
1692
|
+
# `LaunchTemplateId` or `LaunchTemplateName`.
|
1693
|
+
# @return [String]
|
1694
|
+
#
|
1695
|
+
# @!attribute [rw] version
|
1696
|
+
# Identifies the version of the launch template. You can specify a
|
1697
|
+
# version identifier, or use the values `$Latest` or `$Default`.
|
1698
|
+
# @return [String]
|
1699
|
+
#
|
1700
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification AWS API Documentation
|
1701
|
+
#
|
1702
|
+
class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification < Struct.new(
|
1703
|
+
:launch_template_id,
|
1704
|
+
:launch_template_name,
|
1705
|
+
:version)
|
1706
|
+
SENSITIVE = []
|
1707
|
+
include Aws::Structure
|
1708
|
+
end
|
1709
|
+
|
1710
|
+
# Property values to use to override the values in the launch template.
|
1711
|
+
#
|
1712
|
+
# @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
|
1713
|
+
# data as a hash:
|
1714
|
+
#
|
1715
|
+
# {
|
1716
|
+
# instance_type: "NonEmptyString",
|
1717
|
+
# weighted_capacity: "NonEmptyString",
|
1718
|
+
# }
|
1719
|
+
#
|
1720
|
+
# @!attribute [rw] instance_type
|
1721
|
+
# The instance type. For example, `m3.xlarge`.
|
1722
|
+
# @return [String]
|
1723
|
+
#
|
1724
|
+
# @!attribute [rw] weighted_capacity
|
1725
|
+
# The number of capacity units provided by the specified instance type
|
1726
|
+
# in terms of virtual CPUs, memory, storage, throughput, or other
|
1727
|
+
# relative performance characteristic.
|
1728
|
+
# @return [String]
|
1729
|
+
#
|
1730
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails AWS API Documentation
|
1731
|
+
#
|
1732
|
+
class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails < Struct.new(
|
1733
|
+
:instance_type,
|
1734
|
+
:weighted_capacity)
|
1468
1735
|
SENSITIVE = []
|
1469
1736
|
include Aws::Structure
|
1470
1737
|
end
|
@@ -1633,6 +1900,11 @@ module Aws::SecurityHub
|
|
1633
1900
|
# security_groups: ["NonEmptyString"],
|
1634
1901
|
# spot_price: "NonEmptyString",
|
1635
1902
|
# user_data: "NonEmptyString",
|
1903
|
+
# metadata_options: {
|
1904
|
+
# http_endpoint: "NonEmptyString",
|
1905
|
+
# http_put_response_hop_limit: 1,
|
1906
|
+
# http_tokens: "NonEmptyString",
|
1907
|
+
# },
|
1636
1908
|
# }
|
1637
1909
|
#
|
1638
1910
|
# @!attribute [rw] associate_public_ip_address
|
@@ -1725,6 +1997,10 @@ module Aws::SecurityHub
|
|
1725
1997
|
# be base64-encoded text.
|
1726
1998
|
# @return [String]
|
1727
1999
|
#
|
2000
|
+
# @!attribute [rw] metadata_options
|
2001
|
+
# The metadata options for the instances.
|
2002
|
+
# @return [Types::AwsAutoScalingLaunchConfigurationMetadataOptions]
|
2003
|
+
#
|
1728
2004
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationDetails AWS API Documentation
|
1729
2005
|
#
|
1730
2006
|
class AwsAutoScalingLaunchConfigurationDetails < Struct.new(
|
@@ -1745,7 +2021,8 @@ module Aws::SecurityHub
|
|
1745
2021
|
:ramdisk_id,
|
1746
2022
|
:security_groups,
|
1747
2023
|
:spot_price,
|
1748
|
-
:user_data
|
2024
|
+
:user_data,
|
2025
|
+
:metadata_options)
|
1749
2026
|
SENSITIVE = []
|
1750
2027
|
include Aws::Structure
|
1751
2028
|
end
|
@@ -1775,6 +2052,43 @@ module Aws::SecurityHub
|
|
1775
2052
|
include Aws::Structure
|
1776
2053
|
end
|
1777
2054
|
|
2055
|
+
# The metadata options for the instances.
|
2056
|
+
#
|
2057
|
+
# @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationMetadataOptions
|
2058
|
+
# data as a hash:
|
2059
|
+
#
|
2060
|
+
# {
|
2061
|
+
# http_endpoint: "NonEmptyString",
|
2062
|
+
# http_put_response_hop_limit: 1,
|
2063
|
+
# http_tokens: "NonEmptyString",
|
2064
|
+
# }
|
2065
|
+
#
|
2066
|
+
# @!attribute [rw] http_endpoint
|
2067
|
+
# Enables or disables the HTTP metadata endpoint on your instances. By
|
2068
|
+
# default, the metadata endpoint is enabled.
|
2069
|
+
# @return [String]
|
2070
|
+
#
|
2071
|
+
# @!attribute [rw] http_put_response_hop_limit
|
2072
|
+
# The HTTP `PUT` response hop limit for instance metadata requests.
|
2073
|
+
# The larger the number, the further instance metadata requests can
|
2074
|
+
# travel.
|
2075
|
+
# @return [Integer]
|
2076
|
+
#
|
2077
|
+
# @!attribute [rw] http_tokens
|
2078
|
+
# Indicates whether token usage is `required` or `optional` for
|
2079
|
+
# metadata requests. By default, token usage is `optional`.
|
2080
|
+
# @return [String]
|
2081
|
+
#
|
2082
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationMetadataOptions AWS API Documentation
|
2083
|
+
#
|
2084
|
+
class AwsAutoScalingLaunchConfigurationMetadataOptions < Struct.new(
|
2085
|
+
:http_endpoint,
|
2086
|
+
:http_put_response_hop_limit,
|
2087
|
+
:http_tokens)
|
2088
|
+
SENSITIVE = []
|
2089
|
+
include Aws::Structure
|
2090
|
+
end
|
2091
|
+
|
1778
2092
|
# Provides details about an Certificate Manager certificate.
|
1779
2093
|
#
|
1780
2094
|
# @note When making an API call, you may pass AwsCertificateManagerCertificateDetails
|
@@ -12004,6 +12318,340 @@ module Aws::SecurityHub
|
|
12004
12318
|
include Aws::Structure
|
12005
12319
|
end
|
12006
12320
|
|
12321
|
+
# Details about an Network Firewall firewall.
|
12322
|
+
#
|
12323
|
+
# @note When making an API call, you may pass AwsNetworkFirewallFirewallDetails
|
12324
|
+
# data as a hash:
|
12325
|
+
#
|
12326
|
+
# {
|
12327
|
+
# delete_protection: false,
|
12328
|
+
# description: "NonEmptyString",
|
12329
|
+
# firewall_arn: "NonEmptyString",
|
12330
|
+
# firewall_id: "NonEmptyString",
|
12331
|
+
# firewall_name: "NonEmptyString",
|
12332
|
+
# firewall_policy_arn: "NonEmptyString",
|
12333
|
+
# firewall_policy_change_protection: false,
|
12334
|
+
# subnet_change_protection: false,
|
12335
|
+
# subnet_mappings: [
|
12336
|
+
# {
|
12337
|
+
# subnet_id: "NonEmptyString",
|
12338
|
+
# },
|
12339
|
+
# ],
|
12340
|
+
# vpc_id: "NonEmptyString",
|
12341
|
+
# }
|
12342
|
+
#
|
12343
|
+
# @!attribute [rw] delete_protection
|
12344
|
+
# Whether the firewall is protected from deletion. If set to `true`,
|
12345
|
+
# then the firewall cannot be deleted.
|
12346
|
+
# @return [Boolean]
|
12347
|
+
#
|
12348
|
+
# @!attribute [rw] description
|
12349
|
+
# A description of the firewall.
|
12350
|
+
# @return [String]
|
12351
|
+
#
|
12352
|
+
# @!attribute [rw] firewall_arn
|
12353
|
+
# The ARN of the firewall.
|
12354
|
+
# @return [String]
|
12355
|
+
#
|
12356
|
+
# @!attribute [rw] firewall_id
|
12357
|
+
# The identifier of the firewall.
|
12358
|
+
# @return [String]
|
12359
|
+
#
|
12360
|
+
# @!attribute [rw] firewall_name
|
12361
|
+
# A descriptive name of the firewall.
|
12362
|
+
# @return [String]
|
12363
|
+
#
|
12364
|
+
# @!attribute [rw] firewall_policy_arn
|
12365
|
+
# The ARN of the firewall policy.
|
12366
|
+
# @return [String]
|
12367
|
+
#
|
12368
|
+
# @!attribute [rw] firewall_policy_change_protection
|
12369
|
+
# Whether the firewall is protected from a change to the firewall
|
12370
|
+
# policy. If set to `true`, you cannot associate a different policy
|
12371
|
+
# with the firewall.
|
12372
|
+
# @return [Boolean]
|
12373
|
+
#
|
12374
|
+
# @!attribute [rw] subnet_change_protection
|
12375
|
+
# Whether the firewall is protected from a change to the subnet
|
12376
|
+
# associations. If set to `true`, you cannot map different subnets to
|
12377
|
+
# the firewall.
|
12378
|
+
# @return [Boolean]
|
12379
|
+
#
|
12380
|
+
# @!attribute [rw] subnet_mappings
|
12381
|
+
# The public subnets that Network Firewall uses for the firewall. Each
|
12382
|
+
# subnet must belong to a different Availability Zone.
|
12383
|
+
# @return [Array<Types::AwsNetworkFirewallFirewallSubnetMappingsDetails>]
|
12384
|
+
#
|
12385
|
+
# @!attribute [rw] vpc_id
|
12386
|
+
# The identifier of the VPC where the firewall is used.
|
12387
|
+
# @return [String]
|
12388
|
+
#
|
12389
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallDetails AWS API Documentation
|
12390
|
+
#
|
12391
|
+
class AwsNetworkFirewallFirewallDetails < Struct.new(
|
12392
|
+
:delete_protection,
|
12393
|
+
:description,
|
12394
|
+
:firewall_arn,
|
12395
|
+
:firewall_id,
|
12396
|
+
:firewall_name,
|
12397
|
+
:firewall_policy_arn,
|
12398
|
+
:firewall_policy_change_protection,
|
12399
|
+
:subnet_change_protection,
|
12400
|
+
:subnet_mappings,
|
12401
|
+
:vpc_id)
|
12402
|
+
SENSITIVE = []
|
12403
|
+
include Aws::Structure
|
12404
|
+
end
|
12405
|
+
|
12406
|
+
# Details about a firewall policy. A firewall policy defines the
|
12407
|
+
# behavior of a network firewall.
|
12408
|
+
#
|
12409
|
+
# @note When making an API call, you may pass AwsNetworkFirewallFirewallPolicyDetails
|
12410
|
+
# data as a hash:
|
12411
|
+
#
|
12412
|
+
# {
|
12413
|
+
# firewall_policy: {
|
12414
|
+
# stateful_rule_group_references: [
|
12415
|
+
# {
|
12416
|
+
# resource_arn: "NonEmptyString",
|
12417
|
+
# },
|
12418
|
+
# ],
|
12419
|
+
# stateless_custom_actions: [
|
12420
|
+
# {
|
12421
|
+
# action_definition: {
|
12422
|
+
# publish_metric_action: {
|
12423
|
+
# dimensions: [
|
12424
|
+
# {
|
12425
|
+
# value: "NonEmptyString",
|
12426
|
+
# },
|
12427
|
+
# ],
|
12428
|
+
# },
|
12429
|
+
# },
|
12430
|
+
# action_name: "NonEmptyString",
|
12431
|
+
# },
|
12432
|
+
# ],
|
12433
|
+
# stateless_default_actions: ["NonEmptyString"],
|
12434
|
+
# stateless_fragment_default_actions: ["NonEmptyString"],
|
12435
|
+
# stateless_rule_group_references: [
|
12436
|
+
# {
|
12437
|
+
# priority: 1,
|
12438
|
+
# resource_arn: "NonEmptyString",
|
12439
|
+
# },
|
12440
|
+
# ],
|
12441
|
+
# },
|
12442
|
+
# firewall_policy_arn: "NonEmptyString",
|
12443
|
+
# firewall_policy_id: "NonEmptyString",
|
12444
|
+
# firewall_policy_name: "NonEmptyString",
|
12445
|
+
# description: "NonEmptyString",
|
12446
|
+
# }
|
12447
|
+
#
|
12448
|
+
# @!attribute [rw] firewall_policy
|
12449
|
+
# The firewall policy configuration.
|
12450
|
+
# @return [Types::FirewallPolicyDetails]
|
12451
|
+
#
|
12452
|
+
# @!attribute [rw] firewall_policy_arn
|
12453
|
+
# The ARN of the firewall policy.
|
12454
|
+
# @return [String]
|
12455
|
+
#
|
12456
|
+
# @!attribute [rw] firewall_policy_id
|
12457
|
+
# The identifier of the firewall policy.
|
12458
|
+
# @return [String]
|
12459
|
+
#
|
12460
|
+
# @!attribute [rw] firewall_policy_name
|
12461
|
+
# The name of the firewall policy.
|
12462
|
+
# @return [String]
|
12463
|
+
#
|
12464
|
+
# @!attribute [rw] description
|
12465
|
+
# A description of the firewall policy.
|
12466
|
+
# @return [String]
|
12467
|
+
#
|
12468
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallPolicyDetails AWS API Documentation
|
12469
|
+
#
|
12470
|
+
class AwsNetworkFirewallFirewallPolicyDetails < Struct.new(
|
12471
|
+
:firewall_policy,
|
12472
|
+
:firewall_policy_arn,
|
12473
|
+
:firewall_policy_id,
|
12474
|
+
:firewall_policy_name,
|
12475
|
+
:description)
|
12476
|
+
SENSITIVE = []
|
12477
|
+
include Aws::Structure
|
12478
|
+
end
|
12479
|
+
|
12480
|
+
# A public subnet that Network Firewall uses for the firewall.
|
12481
|
+
#
|
12482
|
+
# @note When making an API call, you may pass AwsNetworkFirewallFirewallSubnetMappingsDetails
|
12483
|
+
# data as a hash:
|
12484
|
+
#
|
12485
|
+
# {
|
12486
|
+
# subnet_id: "NonEmptyString",
|
12487
|
+
# }
|
12488
|
+
#
|
12489
|
+
# @!attribute [rw] subnet_id
|
12490
|
+
# The identifier of the subnet
|
12491
|
+
# @return [String]
|
12492
|
+
#
|
12493
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallSubnetMappingsDetails AWS API Documentation
|
12494
|
+
#
|
12495
|
+
class AwsNetworkFirewallFirewallSubnetMappingsDetails < Struct.new(
|
12496
|
+
:subnet_id)
|
12497
|
+
SENSITIVE = []
|
12498
|
+
include Aws::Structure
|
12499
|
+
end
|
12500
|
+
|
12501
|
+
# Details about an Network Firewall rule group. Rule groups are used to
|
12502
|
+
# inspect and control network traffic. Stateless rule groups apply to
|
12503
|
+
# individual packets. Stateful rule groups apply to packets in the
|
12504
|
+
# context of their traffic flow.
|
12505
|
+
#
|
12506
|
+
# Rule groups are referenced in firewall policies.
|
12507
|
+
#
|
12508
|
+
# @note When making an API call, you may pass AwsNetworkFirewallRuleGroupDetails
|
12509
|
+
# data as a hash:
|
12510
|
+
#
|
12511
|
+
# {
|
12512
|
+
# capacity: 1,
|
12513
|
+
# description: "NonEmptyString",
|
12514
|
+
# rule_group: {
|
12515
|
+
# rule_variables: {
|
12516
|
+
# ip_sets: {
|
12517
|
+
# definition: ["NonEmptyString"],
|
12518
|
+
# },
|
12519
|
+
# port_sets: {
|
12520
|
+
# definition: ["NonEmptyString"],
|
12521
|
+
# },
|
12522
|
+
# },
|
12523
|
+
# rules_source: {
|
12524
|
+
# rules_source_list: {
|
12525
|
+
# generated_rules_type: "NonEmptyString",
|
12526
|
+
# target_types: ["NonEmptyString"],
|
12527
|
+
# targets: ["NonEmptyString"],
|
12528
|
+
# },
|
12529
|
+
# rules_string: "NonEmptyString",
|
12530
|
+
# stateful_rules: [
|
12531
|
+
# {
|
12532
|
+
# action: "NonEmptyString",
|
12533
|
+
# header: {
|
12534
|
+
# destination: "NonEmptyString",
|
12535
|
+
# destination_port: "NonEmptyString",
|
12536
|
+
# direction: "NonEmptyString",
|
12537
|
+
# protocol: "NonEmptyString",
|
12538
|
+
# source: "NonEmptyString",
|
12539
|
+
# source_port: "NonEmptyString",
|
12540
|
+
# },
|
12541
|
+
# rule_options: [
|
12542
|
+
# {
|
12543
|
+
# keyword: "NonEmptyString",
|
12544
|
+
# settings: ["NonEmptyString"],
|
12545
|
+
# },
|
12546
|
+
# ],
|
12547
|
+
# },
|
12548
|
+
# ],
|
12549
|
+
# stateless_rules_and_custom_actions: {
|
12550
|
+
# custom_actions: [
|
12551
|
+
# {
|
12552
|
+
# action_definition: {
|
12553
|
+
# publish_metric_action: {
|
12554
|
+
# dimensions: [
|
12555
|
+
# {
|
12556
|
+
# value: "NonEmptyString",
|
12557
|
+
# },
|
12558
|
+
# ],
|
12559
|
+
# },
|
12560
|
+
# },
|
12561
|
+
# action_name: "NonEmptyString",
|
12562
|
+
# },
|
12563
|
+
# ],
|
12564
|
+
# stateless_rules: [
|
12565
|
+
# {
|
12566
|
+
# priority: 1,
|
12567
|
+
# rule_definition: {
|
12568
|
+
# actions: ["NonEmptyString"],
|
12569
|
+
# match_attributes: {
|
12570
|
+
# destination_ports: [
|
12571
|
+
# {
|
12572
|
+
# from_port: 1,
|
12573
|
+
# to_port: 1,
|
12574
|
+
# },
|
12575
|
+
# ],
|
12576
|
+
# destinations: [
|
12577
|
+
# {
|
12578
|
+
# address_definition: "NonEmptyString",
|
12579
|
+
# },
|
12580
|
+
# ],
|
12581
|
+
# protocols: [1],
|
12582
|
+
# source_ports: [
|
12583
|
+
# {
|
12584
|
+
# from_port: 1,
|
12585
|
+
# to_port: 1,
|
12586
|
+
# },
|
12587
|
+
# ],
|
12588
|
+
# sources: [
|
12589
|
+
# {
|
12590
|
+
# address_definition: "NonEmptyString",
|
12591
|
+
# },
|
12592
|
+
# ],
|
12593
|
+
# tcp_flags: [
|
12594
|
+
# {
|
12595
|
+
# flags: ["NonEmptyString"],
|
12596
|
+
# masks: ["NonEmptyString"],
|
12597
|
+
# },
|
12598
|
+
# ],
|
12599
|
+
# },
|
12600
|
+
# },
|
12601
|
+
# },
|
12602
|
+
# ],
|
12603
|
+
# },
|
12604
|
+
# },
|
12605
|
+
# },
|
12606
|
+
# rule_group_arn: "NonEmptyString",
|
12607
|
+
# rule_group_id: "NonEmptyString",
|
12608
|
+
# rule_group_name: "NonEmptyString",
|
12609
|
+
# type: "NonEmptyString",
|
12610
|
+
# }
|
12611
|
+
#
|
12612
|
+
# @!attribute [rw] capacity
|
12613
|
+
# The maximum number of operating resources that this rule group can
|
12614
|
+
# use.
|
12615
|
+
# @return [Integer]
|
12616
|
+
#
|
12617
|
+
# @!attribute [rw] description
|
12618
|
+
# A description of the rule group.
|
12619
|
+
# @return [String]
|
12620
|
+
#
|
12621
|
+
# @!attribute [rw] rule_group
|
12622
|
+
# Details about the rule group.
|
12623
|
+
# @return [Types::RuleGroupDetails]
|
12624
|
+
#
|
12625
|
+
# @!attribute [rw] rule_group_arn
|
12626
|
+
# The ARN of the rule group.
|
12627
|
+
# @return [String]
|
12628
|
+
#
|
12629
|
+
# @!attribute [rw] rule_group_id
|
12630
|
+
# The identifier of the rule group.
|
12631
|
+
# @return [String]
|
12632
|
+
#
|
12633
|
+
# @!attribute [rw] rule_group_name
|
12634
|
+
# The descriptive name of the rule group.
|
12635
|
+
# @return [String]
|
12636
|
+
#
|
12637
|
+
# @!attribute [rw] type
|
12638
|
+
# The type of rule group. A rule group can be stateful or stateless.
|
12639
|
+
# @return [String]
|
12640
|
+
#
|
12641
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallRuleGroupDetails AWS API Documentation
|
12642
|
+
#
|
12643
|
+
class AwsNetworkFirewallRuleGroupDetails < Struct.new(
|
12644
|
+
:capacity,
|
12645
|
+
:description,
|
12646
|
+
:rule_group,
|
12647
|
+
:rule_group_arn,
|
12648
|
+
:rule_group_id,
|
12649
|
+
:rule_group_name,
|
12650
|
+
:type)
|
12651
|
+
SENSITIVE = []
|
12652
|
+
include Aws::Structure
|
12653
|
+
end
|
12654
|
+
|
12007
12655
|
# Details about the configuration of an OpenSearch cluster.
|
12008
12656
|
#
|
12009
12657
|
# @note When making an API call, you may pass AwsOpenSearchServiceDomainClusterConfigDetails
|
@@ -15965,6 +16613,35 @@ module Aws::SecurityHub
|
|
15965
16613
|
include Aws::Structure
|
15966
16614
|
end
|
15967
16615
|
|
16616
|
+
# Describes the versioning state of an S3 bucket.
|
16617
|
+
#
|
16618
|
+
# @note When making an API call, you may pass AwsS3BucketBucketVersioningConfiguration
|
16619
|
+
# data as a hash:
|
16620
|
+
#
|
16621
|
+
# {
|
16622
|
+
# is_mfa_delete_enabled: false,
|
16623
|
+
# status: "NonEmptyString",
|
16624
|
+
# }
|
16625
|
+
#
|
16626
|
+
# @!attribute [rw] is_mfa_delete_enabled
|
16627
|
+
# Specifies whether MFA delete is currently enabled in the S3 bucket
|
16628
|
+
# versioning configuration. If the S3 bucket was never configured with
|
16629
|
+
# MFA delete, then this attribute is not included.
|
16630
|
+
# @return [Boolean]
|
16631
|
+
#
|
16632
|
+
# @!attribute [rw] status
|
16633
|
+
# The versioning status of the S3 bucket.
|
16634
|
+
# @return [String]
|
16635
|
+
#
|
16636
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketVersioningConfiguration AWS API Documentation
|
16637
|
+
#
|
16638
|
+
class AwsS3BucketBucketVersioningConfiguration < Struct.new(
|
16639
|
+
:is_mfa_delete_enabled,
|
16640
|
+
:status)
|
16641
|
+
SENSITIVE = []
|
16642
|
+
include Aws::Structure
|
16643
|
+
end
|
16644
|
+
|
15968
16645
|
# The details of an Amazon S3 bucket.
|
15969
16646
|
#
|
15970
16647
|
# @note When making an API call, you may pass AwsS3BucketDetails
|
@@ -16087,6 +16764,10 @@ module Aws::SecurityHub
|
|
16087
16764
|
# },
|
16088
16765
|
# ],
|
16089
16766
|
# },
|
16767
|
+
# bucket_versioning_configuration: {
|
16768
|
+
# is_mfa_delete_enabled: false,
|
16769
|
+
# status: "NonEmptyString",
|
16770
|
+
# },
|
16090
16771
|
# }
|
16091
16772
|
#
|
16092
16773
|
# @!attribute [rw] owner_id
|
@@ -16143,6 +16824,10 @@ module Aws::SecurityHub
|
|
16143
16824
|
# The notification configuration for the S3 bucket.
|
16144
16825
|
# @return [Types::AwsS3BucketNotificationConfiguration]
|
16145
16826
|
#
|
16827
|
+
# @!attribute [rw] bucket_versioning_configuration
|
16828
|
+
# The versioning state of an S3 bucket.
|
16829
|
+
# @return [Types::AwsS3BucketBucketVersioningConfiguration]
|
16830
|
+
#
|
16146
16831
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
|
16147
16832
|
#
|
16148
16833
|
class AwsS3BucketDetails < Struct.new(
|
@@ -16156,7 +16841,8 @@ module Aws::SecurityHub
|
|
16156
16841
|
:access_control_list,
|
16157
16842
|
:bucket_logging_configuration,
|
16158
16843
|
:bucket_website_configuration,
|
16159
|
-
:bucket_notification_configuration
|
16844
|
+
:bucket_notification_configuration,
|
16845
|
+
:bucket_versioning_configuration)
|
16160
16846
|
SENSITIVE = []
|
16161
16847
|
include Aws::Structure
|
16162
16848
|
end
|
@@ -17077,6 +17763,34 @@ module Aws::SecurityHub
|
|
17077
17763
|
# health_check_type: "NonEmptyString",
|
17078
17764
|
# health_check_grace_period: 1,
|
17079
17765
|
# created_time: "NonEmptyString",
|
17766
|
+
# mixed_instances_policy: {
|
17767
|
+
# instances_distribution: {
|
17768
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
17769
|
+
# on_demand_base_capacity: 1,
|
17770
|
+
# on_demand_percentage_above_base_capacity: 1,
|
17771
|
+
# spot_allocation_strategy: "NonEmptyString",
|
17772
|
+
# spot_instance_pools: 1,
|
17773
|
+
# spot_max_price: "NonEmptyString",
|
17774
|
+
# },
|
17775
|
+
# launch_template: {
|
17776
|
+
# launch_template_specification: {
|
17777
|
+
# launch_template_id: "NonEmptyString",
|
17778
|
+
# launch_template_name: "NonEmptyString",
|
17779
|
+
# version: "NonEmptyString",
|
17780
|
+
# },
|
17781
|
+
# overrides: [
|
17782
|
+
# {
|
17783
|
+
# instance_type: "NonEmptyString",
|
17784
|
+
# weighted_capacity: "NonEmptyString",
|
17785
|
+
# },
|
17786
|
+
# ],
|
17787
|
+
# },
|
17788
|
+
# },
|
17789
|
+
# availability_zones: [
|
17790
|
+
# {
|
17791
|
+
# value: "NonEmptyString",
|
17792
|
+
# },
|
17793
|
+
# ],
|
17080
17794
|
# },
|
17081
17795
|
# aws_code_build_project: {
|
17082
17796
|
# encryption_key: "NonEmptyString",
|
@@ -17647,6 +18361,10 @@ module Aws::SecurityHub
|
|
17647
18361
|
# },
|
17648
18362
|
# ],
|
17649
18363
|
# },
|
18364
|
+
# bucket_versioning_configuration: {
|
18365
|
+
# is_mfa_delete_enabled: false,
|
18366
|
+
# status: "NonEmptyString",
|
18367
|
+
# },
|
17650
18368
|
# },
|
17651
18369
|
# aws_s3_account_public_access_block: {
|
17652
18370
|
# block_public_acls: false,
|
@@ -19061,6 +19779,11 @@ module Aws::SecurityHub
|
|
19061
19779
|
# security_groups: ["NonEmptyString"],
|
19062
19780
|
# spot_price: "NonEmptyString",
|
19063
19781
|
# user_data: "NonEmptyString",
|
19782
|
+
# metadata_options: {
|
19783
|
+
# http_endpoint: "NonEmptyString",
|
19784
|
+
# http_put_response_hop_limit: 1,
|
19785
|
+
# http_tokens: "NonEmptyString",
|
19786
|
+
# },
|
19064
19787
|
# },
|
19065
19788
|
# aws_ec2_vpn_connection: {
|
19066
19789
|
# vpn_connection_id: "NonEmptyString",
|
@@ -19270,6 +19993,157 @@ module Aws::SecurityHub
|
|
19270
19993
|
# ],
|
19271
19994
|
# },
|
19272
19995
|
# },
|
19996
|
+
# aws_network_firewall_firewall_policy: {
|
19997
|
+
# firewall_policy: {
|
19998
|
+
# stateful_rule_group_references: [
|
19999
|
+
# {
|
20000
|
+
# resource_arn: "NonEmptyString",
|
20001
|
+
# },
|
20002
|
+
# ],
|
20003
|
+
# stateless_custom_actions: [
|
20004
|
+
# {
|
20005
|
+
# action_definition: {
|
20006
|
+
# publish_metric_action: {
|
20007
|
+
# dimensions: [
|
20008
|
+
# {
|
20009
|
+
# value: "NonEmptyString",
|
20010
|
+
# },
|
20011
|
+
# ],
|
20012
|
+
# },
|
20013
|
+
# },
|
20014
|
+
# action_name: "NonEmptyString",
|
20015
|
+
# },
|
20016
|
+
# ],
|
20017
|
+
# stateless_default_actions: ["NonEmptyString"],
|
20018
|
+
# stateless_fragment_default_actions: ["NonEmptyString"],
|
20019
|
+
# stateless_rule_group_references: [
|
20020
|
+
# {
|
20021
|
+
# priority: 1,
|
20022
|
+
# resource_arn: "NonEmptyString",
|
20023
|
+
# },
|
20024
|
+
# ],
|
20025
|
+
# },
|
20026
|
+
# firewall_policy_arn: "NonEmptyString",
|
20027
|
+
# firewall_policy_id: "NonEmptyString",
|
20028
|
+
# firewall_policy_name: "NonEmptyString",
|
20029
|
+
# description: "NonEmptyString",
|
20030
|
+
# },
|
20031
|
+
# aws_network_firewall_firewall: {
|
20032
|
+
# delete_protection: false,
|
20033
|
+
# description: "NonEmptyString",
|
20034
|
+
# firewall_arn: "NonEmptyString",
|
20035
|
+
# firewall_id: "NonEmptyString",
|
20036
|
+
# firewall_name: "NonEmptyString",
|
20037
|
+
# firewall_policy_arn: "NonEmptyString",
|
20038
|
+
# firewall_policy_change_protection: false,
|
20039
|
+
# subnet_change_protection: false,
|
20040
|
+
# subnet_mappings: [
|
20041
|
+
# {
|
20042
|
+
# subnet_id: "NonEmptyString",
|
20043
|
+
# },
|
20044
|
+
# ],
|
20045
|
+
# vpc_id: "NonEmptyString",
|
20046
|
+
# },
|
20047
|
+
# aws_network_firewall_rule_group: {
|
20048
|
+
# capacity: 1,
|
20049
|
+
# description: "NonEmptyString",
|
20050
|
+
# rule_group: {
|
20051
|
+
# rule_variables: {
|
20052
|
+
# ip_sets: {
|
20053
|
+
# definition: ["NonEmptyString"],
|
20054
|
+
# },
|
20055
|
+
# port_sets: {
|
20056
|
+
# definition: ["NonEmptyString"],
|
20057
|
+
# },
|
20058
|
+
# },
|
20059
|
+
# rules_source: {
|
20060
|
+
# rules_source_list: {
|
20061
|
+
# generated_rules_type: "NonEmptyString",
|
20062
|
+
# target_types: ["NonEmptyString"],
|
20063
|
+
# targets: ["NonEmptyString"],
|
20064
|
+
# },
|
20065
|
+
# rules_string: "NonEmptyString",
|
20066
|
+
# stateful_rules: [
|
20067
|
+
# {
|
20068
|
+
# action: "NonEmptyString",
|
20069
|
+
# header: {
|
20070
|
+
# destination: "NonEmptyString",
|
20071
|
+
# destination_port: "NonEmptyString",
|
20072
|
+
# direction: "NonEmptyString",
|
20073
|
+
# protocol: "NonEmptyString",
|
20074
|
+
# source: "NonEmptyString",
|
20075
|
+
# source_port: "NonEmptyString",
|
20076
|
+
# },
|
20077
|
+
# rule_options: [
|
20078
|
+
# {
|
20079
|
+
# keyword: "NonEmptyString",
|
20080
|
+
# settings: ["NonEmptyString"],
|
20081
|
+
# },
|
20082
|
+
# ],
|
20083
|
+
# },
|
20084
|
+
# ],
|
20085
|
+
# stateless_rules_and_custom_actions: {
|
20086
|
+
# custom_actions: [
|
20087
|
+
# {
|
20088
|
+
# action_definition: {
|
20089
|
+
# publish_metric_action: {
|
20090
|
+
# dimensions: [
|
20091
|
+
# {
|
20092
|
+
# value: "NonEmptyString",
|
20093
|
+
# },
|
20094
|
+
# ],
|
20095
|
+
# },
|
20096
|
+
# },
|
20097
|
+
# action_name: "NonEmptyString",
|
20098
|
+
# },
|
20099
|
+
# ],
|
20100
|
+
# stateless_rules: [
|
20101
|
+
# {
|
20102
|
+
# priority: 1,
|
20103
|
+
# rule_definition: {
|
20104
|
+
# actions: ["NonEmptyString"],
|
20105
|
+
# match_attributes: {
|
20106
|
+
# destination_ports: [
|
20107
|
+
# {
|
20108
|
+
# from_port: 1,
|
20109
|
+
# to_port: 1,
|
20110
|
+
# },
|
20111
|
+
# ],
|
20112
|
+
# destinations: [
|
20113
|
+
# {
|
20114
|
+
# address_definition: "NonEmptyString",
|
20115
|
+
# },
|
20116
|
+
# ],
|
20117
|
+
# protocols: [1],
|
20118
|
+
# source_ports: [
|
20119
|
+
# {
|
20120
|
+
# from_port: 1,
|
20121
|
+
# to_port: 1,
|
20122
|
+
# },
|
20123
|
+
# ],
|
20124
|
+
# sources: [
|
20125
|
+
# {
|
20126
|
+
# address_definition: "NonEmptyString",
|
20127
|
+
# },
|
20128
|
+
# ],
|
20129
|
+
# tcp_flags: [
|
20130
|
+
# {
|
20131
|
+
# flags: ["NonEmptyString"],
|
20132
|
+
# masks: ["NonEmptyString"],
|
20133
|
+
# },
|
20134
|
+
# ],
|
20135
|
+
# },
|
20136
|
+
# },
|
20137
|
+
# },
|
20138
|
+
# ],
|
20139
|
+
# },
|
20140
|
+
# },
|
20141
|
+
# },
|
20142
|
+
# rule_group_arn: "NonEmptyString",
|
20143
|
+
# rule_group_id: "NonEmptyString",
|
20144
|
+
# rule_group_name: "NonEmptyString",
|
20145
|
+
# type: "NonEmptyString",
|
20146
|
+
# },
|
19273
20147
|
# },
|
19274
20148
|
# },
|
19275
20149
|
# ],
|
@@ -20805,9 +21679,9 @@ module Aws::SecurityHub
|
|
20805
21679
|
# Security Hub also resets the workflow status from `NOTIFIED` or
|
20806
21680
|
# `RESOLVED` to `NEW` in the following cases:
|
20807
21681
|
#
|
20808
|
-
# *
|
21682
|
+
# * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
|
20809
21683
|
#
|
20810
|
-
# *
|
21684
|
+
# * `Compliance.Status` changes from `PASSED` to either `WARNING`,
|
20811
21685
|
# `FAILED`, or `NOT_AVAILABLE`.
|
20812
21686
|
#
|
20813
21687
|
# * `NOTIFIED` - Indicates that the resource owner has been notified
|
@@ -20815,11 +21689,36 @@ module Aws::SecurityHub
|
|
20815
21689
|
# the resource owner, and needs intervention from the resource
|
20816
21690
|
# owner.
|
20817
21691
|
#
|
20818
|
-
#
|
20819
|
-
#
|
21692
|
+
# If one of the following occurs, the workflow status is changed
|
21693
|
+
# automatically from `NOTIFIED` to `NEW`\:
|
21694
|
+
#
|
21695
|
+
# * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
|
21696
|
+
#
|
21697
|
+
# * `Compliance.Status` changes from `PASSED` to `FAILED`,
|
21698
|
+
# `WARNING`, or `NOT_AVAILABLE`.
|
21699
|
+
#
|
21700
|
+
# * `SUPPRESSED` - Indicates that you reviewed the finding and do not
|
21701
|
+
# believe that any action is needed.
|
21702
|
+
#
|
21703
|
+
# The workflow status of a `SUPPRESSED` finding does not change if
|
21704
|
+
# `RecordState` changes from `ARCHIVED` to `ACTIVE`.
|
20820
21705
|
#
|
20821
21706
|
# * `RESOLVED` - The finding was reviewed and remediated and is now
|
20822
21707
|
# considered resolved.
|
21708
|
+
#
|
21709
|
+
# The finding remains `RESOLVED` unless one of the following occurs:
|
21710
|
+
#
|
21711
|
+
# * `RecordState` changes from `ARCHIVED` to `ACTIVE`.
|
21712
|
+
#
|
21713
|
+
# * `Compliance.Status` changes from `PASSED` to `FAILED`,
|
21714
|
+
# `WARNING`, or `NOT_AVAILABLE`.
|
21715
|
+
#
|
21716
|
+
# In those cases, the workflow status is automatically reset to
|
21717
|
+
# `NEW`.
|
21718
|
+
#
|
21719
|
+
# For findings from controls, if `Compliance.Status` is `PASSED`,
|
21720
|
+
# then Security Hub automatically sets the workflow status to
|
21721
|
+
# `RESOLVED`.
|
20823
21722
|
# @return [Array<Types::StringFilter>]
|
20824
21723
|
#
|
20825
21724
|
# @!attribute [rw] record_state
|
@@ -22102,6 +23001,34 @@ module Aws::SecurityHub
|
|
22102
23001
|
# health_check_type: "NonEmptyString",
|
22103
23002
|
# health_check_grace_period: 1,
|
22104
23003
|
# created_time: "NonEmptyString",
|
23004
|
+
# mixed_instances_policy: {
|
23005
|
+
# instances_distribution: {
|
23006
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
23007
|
+
# on_demand_base_capacity: 1,
|
23008
|
+
# on_demand_percentage_above_base_capacity: 1,
|
23009
|
+
# spot_allocation_strategy: "NonEmptyString",
|
23010
|
+
# spot_instance_pools: 1,
|
23011
|
+
# spot_max_price: "NonEmptyString",
|
23012
|
+
# },
|
23013
|
+
# launch_template: {
|
23014
|
+
# launch_template_specification: {
|
23015
|
+
# launch_template_id: "NonEmptyString",
|
23016
|
+
# launch_template_name: "NonEmptyString",
|
23017
|
+
# version: "NonEmptyString",
|
23018
|
+
# },
|
23019
|
+
# overrides: [
|
23020
|
+
# {
|
23021
|
+
# instance_type: "NonEmptyString",
|
23022
|
+
# weighted_capacity: "NonEmptyString",
|
23023
|
+
# },
|
23024
|
+
# ],
|
23025
|
+
# },
|
23026
|
+
# },
|
23027
|
+
# availability_zones: [
|
23028
|
+
# {
|
23029
|
+
# value: "NonEmptyString",
|
23030
|
+
# },
|
23031
|
+
# ],
|
22105
23032
|
# },
|
22106
23033
|
# aws_code_build_project: {
|
22107
23034
|
# encryption_key: "NonEmptyString",
|
@@ -22672,6 +23599,10 @@ module Aws::SecurityHub
|
|
22672
23599
|
# },
|
22673
23600
|
# ],
|
22674
23601
|
# },
|
23602
|
+
# bucket_versioning_configuration: {
|
23603
|
+
# is_mfa_delete_enabled: false,
|
23604
|
+
# status: "NonEmptyString",
|
23605
|
+
# },
|
22675
23606
|
# },
|
22676
23607
|
# aws_s3_account_public_access_block: {
|
22677
23608
|
# block_public_acls: false,
|
@@ -24086,6 +25017,11 @@ module Aws::SecurityHub
|
|
24086
25017
|
# security_groups: ["NonEmptyString"],
|
24087
25018
|
# spot_price: "NonEmptyString",
|
24088
25019
|
# user_data: "NonEmptyString",
|
25020
|
+
# metadata_options: {
|
25021
|
+
# http_endpoint: "NonEmptyString",
|
25022
|
+
# http_put_response_hop_limit: 1,
|
25023
|
+
# http_tokens: "NonEmptyString",
|
25024
|
+
# },
|
24089
25025
|
# },
|
24090
25026
|
# aws_ec2_vpn_connection: {
|
24091
25027
|
# vpn_connection_id: "NonEmptyString",
|
@@ -24295,6 +25231,157 @@ module Aws::SecurityHub
|
|
24295
25231
|
# ],
|
24296
25232
|
# },
|
24297
25233
|
# },
|
25234
|
+
# aws_network_firewall_firewall_policy: {
|
25235
|
+
# firewall_policy: {
|
25236
|
+
# stateful_rule_group_references: [
|
25237
|
+
# {
|
25238
|
+
# resource_arn: "NonEmptyString",
|
25239
|
+
# },
|
25240
|
+
# ],
|
25241
|
+
# stateless_custom_actions: [
|
25242
|
+
# {
|
25243
|
+
# action_definition: {
|
25244
|
+
# publish_metric_action: {
|
25245
|
+
# dimensions: [
|
25246
|
+
# {
|
25247
|
+
# value: "NonEmptyString",
|
25248
|
+
# },
|
25249
|
+
# ],
|
25250
|
+
# },
|
25251
|
+
# },
|
25252
|
+
# action_name: "NonEmptyString",
|
25253
|
+
# },
|
25254
|
+
# ],
|
25255
|
+
# stateless_default_actions: ["NonEmptyString"],
|
25256
|
+
# stateless_fragment_default_actions: ["NonEmptyString"],
|
25257
|
+
# stateless_rule_group_references: [
|
25258
|
+
# {
|
25259
|
+
# priority: 1,
|
25260
|
+
# resource_arn: "NonEmptyString",
|
25261
|
+
# },
|
25262
|
+
# ],
|
25263
|
+
# },
|
25264
|
+
# firewall_policy_arn: "NonEmptyString",
|
25265
|
+
# firewall_policy_id: "NonEmptyString",
|
25266
|
+
# firewall_policy_name: "NonEmptyString",
|
25267
|
+
# description: "NonEmptyString",
|
25268
|
+
# },
|
25269
|
+
# aws_network_firewall_firewall: {
|
25270
|
+
# delete_protection: false,
|
25271
|
+
# description: "NonEmptyString",
|
25272
|
+
# firewall_arn: "NonEmptyString",
|
25273
|
+
# firewall_id: "NonEmptyString",
|
25274
|
+
# firewall_name: "NonEmptyString",
|
25275
|
+
# firewall_policy_arn: "NonEmptyString",
|
25276
|
+
# firewall_policy_change_protection: false,
|
25277
|
+
# subnet_change_protection: false,
|
25278
|
+
# subnet_mappings: [
|
25279
|
+
# {
|
25280
|
+
# subnet_id: "NonEmptyString",
|
25281
|
+
# },
|
25282
|
+
# ],
|
25283
|
+
# vpc_id: "NonEmptyString",
|
25284
|
+
# },
|
25285
|
+
# aws_network_firewall_rule_group: {
|
25286
|
+
# capacity: 1,
|
25287
|
+
# description: "NonEmptyString",
|
25288
|
+
# rule_group: {
|
25289
|
+
# rule_variables: {
|
25290
|
+
# ip_sets: {
|
25291
|
+
# definition: ["NonEmptyString"],
|
25292
|
+
# },
|
25293
|
+
# port_sets: {
|
25294
|
+
# definition: ["NonEmptyString"],
|
25295
|
+
# },
|
25296
|
+
# },
|
25297
|
+
# rules_source: {
|
25298
|
+
# rules_source_list: {
|
25299
|
+
# generated_rules_type: "NonEmptyString",
|
25300
|
+
# target_types: ["NonEmptyString"],
|
25301
|
+
# targets: ["NonEmptyString"],
|
25302
|
+
# },
|
25303
|
+
# rules_string: "NonEmptyString",
|
25304
|
+
# stateful_rules: [
|
25305
|
+
# {
|
25306
|
+
# action: "NonEmptyString",
|
25307
|
+
# header: {
|
25308
|
+
# destination: "NonEmptyString",
|
25309
|
+
# destination_port: "NonEmptyString",
|
25310
|
+
# direction: "NonEmptyString",
|
25311
|
+
# protocol: "NonEmptyString",
|
25312
|
+
# source: "NonEmptyString",
|
25313
|
+
# source_port: "NonEmptyString",
|
25314
|
+
# },
|
25315
|
+
# rule_options: [
|
25316
|
+
# {
|
25317
|
+
# keyword: "NonEmptyString",
|
25318
|
+
# settings: ["NonEmptyString"],
|
25319
|
+
# },
|
25320
|
+
# ],
|
25321
|
+
# },
|
25322
|
+
# ],
|
25323
|
+
# stateless_rules_and_custom_actions: {
|
25324
|
+
# custom_actions: [
|
25325
|
+
# {
|
25326
|
+
# action_definition: {
|
25327
|
+
# publish_metric_action: {
|
25328
|
+
# dimensions: [
|
25329
|
+
# {
|
25330
|
+
# value: "NonEmptyString",
|
25331
|
+
# },
|
25332
|
+
# ],
|
25333
|
+
# },
|
25334
|
+
# },
|
25335
|
+
# action_name: "NonEmptyString",
|
25336
|
+
# },
|
25337
|
+
# ],
|
25338
|
+
# stateless_rules: [
|
25339
|
+
# {
|
25340
|
+
# priority: 1,
|
25341
|
+
# rule_definition: {
|
25342
|
+
# actions: ["NonEmptyString"],
|
25343
|
+
# match_attributes: {
|
25344
|
+
# destination_ports: [
|
25345
|
+
# {
|
25346
|
+
# from_port: 1,
|
25347
|
+
# to_port: 1,
|
25348
|
+
# },
|
25349
|
+
# ],
|
25350
|
+
# destinations: [
|
25351
|
+
# {
|
25352
|
+
# address_definition: "NonEmptyString",
|
25353
|
+
# },
|
25354
|
+
# ],
|
25355
|
+
# protocols: [1],
|
25356
|
+
# source_ports: [
|
25357
|
+
# {
|
25358
|
+
# from_port: 1,
|
25359
|
+
# to_port: 1,
|
25360
|
+
# },
|
25361
|
+
# ],
|
25362
|
+
# sources: [
|
25363
|
+
# {
|
25364
|
+
# address_definition: "NonEmptyString",
|
25365
|
+
# },
|
25366
|
+
# ],
|
25367
|
+
# tcp_flags: [
|
25368
|
+
# {
|
25369
|
+
# flags: ["NonEmptyString"],
|
25370
|
+
# masks: ["NonEmptyString"],
|
25371
|
+
# },
|
25372
|
+
# ],
|
25373
|
+
# },
|
25374
|
+
# },
|
25375
|
+
# },
|
25376
|
+
# ],
|
25377
|
+
# },
|
25378
|
+
# },
|
25379
|
+
# },
|
25380
|
+
# rule_group_arn: "NonEmptyString",
|
25381
|
+
# rule_group_id: "NonEmptyString",
|
25382
|
+
# rule_group_name: "NonEmptyString",
|
25383
|
+
# type: "NonEmptyString",
|
25384
|
+
# },
|
24298
25385
|
# },
|
24299
25386
|
# },
|
24300
25387
|
# ],
|
@@ -27232,6 +28319,167 @@ module Aws::SecurityHub
|
|
27232
28319
|
include Aws::Structure
|
27233
28320
|
end
|
27234
28321
|
|
28322
|
+
# Defines the behavior of the firewall.
|
28323
|
+
#
|
28324
|
+
# @note When making an API call, you may pass FirewallPolicyDetails
|
28325
|
+
# data as a hash:
|
28326
|
+
#
|
28327
|
+
# {
|
28328
|
+
# stateful_rule_group_references: [
|
28329
|
+
# {
|
28330
|
+
# resource_arn: "NonEmptyString",
|
28331
|
+
# },
|
28332
|
+
# ],
|
28333
|
+
# stateless_custom_actions: [
|
28334
|
+
# {
|
28335
|
+
# action_definition: {
|
28336
|
+
# publish_metric_action: {
|
28337
|
+
# dimensions: [
|
28338
|
+
# {
|
28339
|
+
# value: "NonEmptyString",
|
28340
|
+
# },
|
28341
|
+
# ],
|
28342
|
+
# },
|
28343
|
+
# },
|
28344
|
+
# action_name: "NonEmptyString",
|
28345
|
+
# },
|
28346
|
+
# ],
|
28347
|
+
# stateless_default_actions: ["NonEmptyString"],
|
28348
|
+
# stateless_fragment_default_actions: ["NonEmptyString"],
|
28349
|
+
# stateless_rule_group_references: [
|
28350
|
+
# {
|
28351
|
+
# priority: 1,
|
28352
|
+
# resource_arn: "NonEmptyString",
|
28353
|
+
# },
|
28354
|
+
# ],
|
28355
|
+
# }
|
28356
|
+
#
|
28357
|
+
# @!attribute [rw] stateful_rule_group_references
|
28358
|
+
# The stateful rule groups that are used in the firewall policy.
|
28359
|
+
# @return [Array<Types::FirewallPolicyStatefulRuleGroupReferencesDetails>]
|
28360
|
+
#
|
28361
|
+
# @!attribute [rw] stateless_custom_actions
|
28362
|
+
# The custom action definitions that are available to use in the
|
28363
|
+
# firewall policy's `StatelessDefaultActions` setting.
|
28364
|
+
# @return [Array<Types::FirewallPolicyStatelessCustomActionsDetails>]
|
28365
|
+
#
|
28366
|
+
# @!attribute [rw] stateless_default_actions
|
28367
|
+
# The actions to take on a packet if it doesn't match any of the
|
28368
|
+
# stateless rules in the policy.
|
28369
|
+
#
|
28370
|
+
# You must specify a standard action (`aws:pass`, `aws:drop`,
|
28371
|
+
# `aws:forward_to_sfe`), and can optionally include a custom action
|
28372
|
+
# from `StatelessCustomActions`.
|
28373
|
+
# @return [Array<String>]
|
28374
|
+
#
|
28375
|
+
# @!attribute [rw] stateless_fragment_default_actions
|
28376
|
+
# The actions to take on a fragmented UDP packet if it doesn't match
|
28377
|
+
# any of the stateless rules in the policy.
|
28378
|
+
#
|
28379
|
+
# You must specify a standard action (`aws:pass`, `aws:drop`,
|
28380
|
+
# `aws:forward_to_sfe`), and can optionally include a custom action
|
28381
|
+
# from `StatelessCustomActions`.
|
28382
|
+
# @return [Array<String>]
|
28383
|
+
#
|
28384
|
+
# @!attribute [rw] stateless_rule_group_references
|
28385
|
+
# The stateless rule groups that are used in the firewall policy.
|
28386
|
+
# @return [Array<Types::FirewallPolicyStatelessRuleGroupReferencesDetails>]
|
28387
|
+
#
|
28388
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyDetails AWS API Documentation
|
28389
|
+
#
|
28390
|
+
class FirewallPolicyDetails < Struct.new(
|
28391
|
+
:stateful_rule_group_references,
|
28392
|
+
:stateless_custom_actions,
|
28393
|
+
:stateless_default_actions,
|
28394
|
+
:stateless_fragment_default_actions,
|
28395
|
+
:stateless_rule_group_references)
|
28396
|
+
SENSITIVE = []
|
28397
|
+
include Aws::Structure
|
28398
|
+
end
|
28399
|
+
|
28400
|
+
# A stateful rule group that is used by the firewall policy.
|
28401
|
+
#
|
28402
|
+
# @note When making an API call, you may pass FirewallPolicyStatefulRuleGroupReferencesDetails
|
28403
|
+
# data as a hash:
|
28404
|
+
#
|
28405
|
+
# {
|
28406
|
+
# resource_arn: "NonEmptyString",
|
28407
|
+
# }
|
28408
|
+
#
|
28409
|
+
# @!attribute [rw] resource_arn
|
28410
|
+
# The ARN of the stateful rule group.
|
28411
|
+
# @return [String]
|
28412
|
+
#
|
28413
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatefulRuleGroupReferencesDetails AWS API Documentation
|
28414
|
+
#
|
28415
|
+
class FirewallPolicyStatefulRuleGroupReferencesDetails < Struct.new(
|
28416
|
+
:resource_arn)
|
28417
|
+
SENSITIVE = []
|
28418
|
+
include Aws::Structure
|
28419
|
+
end
|
28420
|
+
|
28421
|
+
# A custom action that can be used for stateless packet handling.
|
28422
|
+
#
|
28423
|
+
# @note When making an API call, you may pass FirewallPolicyStatelessCustomActionsDetails
|
28424
|
+
# data as a hash:
|
28425
|
+
#
|
28426
|
+
# {
|
28427
|
+
# action_definition: {
|
28428
|
+
# publish_metric_action: {
|
28429
|
+
# dimensions: [
|
28430
|
+
# {
|
28431
|
+
# value: "NonEmptyString",
|
28432
|
+
# },
|
28433
|
+
# ],
|
28434
|
+
# },
|
28435
|
+
# },
|
28436
|
+
# action_name: "NonEmptyString",
|
28437
|
+
# }
|
28438
|
+
#
|
28439
|
+
# @!attribute [rw] action_definition
|
28440
|
+
# The definition of the custom action.
|
28441
|
+
# @return [Types::StatelessCustomActionDefinition]
|
28442
|
+
#
|
28443
|
+
# @!attribute [rw] action_name
|
28444
|
+
# The name of the custom action.
|
28445
|
+
# @return [String]
|
28446
|
+
#
|
28447
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessCustomActionsDetails AWS API Documentation
|
28448
|
+
#
|
28449
|
+
class FirewallPolicyStatelessCustomActionsDetails < Struct.new(
|
28450
|
+
:action_definition,
|
28451
|
+
:action_name)
|
28452
|
+
SENSITIVE = []
|
28453
|
+
include Aws::Structure
|
28454
|
+
end
|
28455
|
+
|
28456
|
+
# A stateless rule group that is used by the firewall policy.
|
28457
|
+
#
|
28458
|
+
# @note When making an API call, you may pass FirewallPolicyStatelessRuleGroupReferencesDetails
|
28459
|
+
# data as a hash:
|
28460
|
+
#
|
28461
|
+
# {
|
28462
|
+
# priority: 1,
|
28463
|
+
# resource_arn: "NonEmptyString",
|
28464
|
+
# }
|
28465
|
+
#
|
28466
|
+
# @!attribute [rw] priority
|
28467
|
+
# The order in which to run the stateless rule group.
|
28468
|
+
# @return [Integer]
|
28469
|
+
#
|
28470
|
+
# @!attribute [rw] resource_arn
|
28471
|
+
# The ARN of the stateless rule group.
|
28472
|
+
# @return [String]
|
28473
|
+
#
|
28474
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessRuleGroupReferencesDetails AWS API Documentation
|
28475
|
+
#
|
28476
|
+
class FirewallPolicyStatelessRuleGroupReferencesDetails < Struct.new(
|
28477
|
+
:priority,
|
28478
|
+
:resource_arn)
|
28479
|
+
SENSITIVE = []
|
28480
|
+
include Aws::Structure
|
28481
|
+
end
|
28482
|
+
|
27235
28483
|
# Provides the latitude and longitude coordinates of a location.
|
27236
28484
|
#
|
27237
28485
|
# @note When making an API call, you may pass GeoLocation
|
@@ -30408,6 +31656,34 @@ module Aws::SecurityHub
|
|
30408
31656
|
# health_check_type: "NonEmptyString",
|
30409
31657
|
# health_check_grace_period: 1,
|
30410
31658
|
# created_time: "NonEmptyString",
|
31659
|
+
# mixed_instances_policy: {
|
31660
|
+
# instances_distribution: {
|
31661
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
31662
|
+
# on_demand_base_capacity: 1,
|
31663
|
+
# on_demand_percentage_above_base_capacity: 1,
|
31664
|
+
# spot_allocation_strategy: "NonEmptyString",
|
31665
|
+
# spot_instance_pools: 1,
|
31666
|
+
# spot_max_price: "NonEmptyString",
|
31667
|
+
# },
|
31668
|
+
# launch_template: {
|
31669
|
+
# launch_template_specification: {
|
31670
|
+
# launch_template_id: "NonEmptyString",
|
31671
|
+
# launch_template_name: "NonEmptyString",
|
31672
|
+
# version: "NonEmptyString",
|
31673
|
+
# },
|
31674
|
+
# overrides: [
|
31675
|
+
# {
|
31676
|
+
# instance_type: "NonEmptyString",
|
31677
|
+
# weighted_capacity: "NonEmptyString",
|
31678
|
+
# },
|
31679
|
+
# ],
|
31680
|
+
# },
|
31681
|
+
# },
|
31682
|
+
# availability_zones: [
|
31683
|
+
# {
|
31684
|
+
# value: "NonEmptyString",
|
31685
|
+
# },
|
31686
|
+
# ],
|
30411
31687
|
# },
|
30412
31688
|
# aws_code_build_project: {
|
30413
31689
|
# encryption_key: "NonEmptyString",
|
@@ -30978,6 +32254,10 @@ module Aws::SecurityHub
|
|
30978
32254
|
# },
|
30979
32255
|
# ],
|
30980
32256
|
# },
|
32257
|
+
# bucket_versioning_configuration: {
|
32258
|
+
# is_mfa_delete_enabled: false,
|
32259
|
+
# status: "NonEmptyString",
|
32260
|
+
# },
|
30981
32261
|
# },
|
30982
32262
|
# aws_s3_account_public_access_block: {
|
30983
32263
|
# block_public_acls: false,
|
@@ -32392,6 +33672,11 @@ module Aws::SecurityHub
|
|
32392
33672
|
# security_groups: ["NonEmptyString"],
|
32393
33673
|
# spot_price: "NonEmptyString",
|
32394
33674
|
# user_data: "NonEmptyString",
|
33675
|
+
# metadata_options: {
|
33676
|
+
# http_endpoint: "NonEmptyString",
|
33677
|
+
# http_put_response_hop_limit: 1,
|
33678
|
+
# http_tokens: "NonEmptyString",
|
33679
|
+
# },
|
32395
33680
|
# },
|
32396
33681
|
# aws_ec2_vpn_connection: {
|
32397
33682
|
# vpn_connection_id: "NonEmptyString",
|
@@ -32601,6 +33886,157 @@ module Aws::SecurityHub
|
|
32601
33886
|
# ],
|
32602
33887
|
# },
|
32603
33888
|
# },
|
33889
|
+
# aws_network_firewall_firewall_policy: {
|
33890
|
+
# firewall_policy: {
|
33891
|
+
# stateful_rule_group_references: [
|
33892
|
+
# {
|
33893
|
+
# resource_arn: "NonEmptyString",
|
33894
|
+
# },
|
33895
|
+
# ],
|
33896
|
+
# stateless_custom_actions: [
|
33897
|
+
# {
|
33898
|
+
# action_definition: {
|
33899
|
+
# publish_metric_action: {
|
33900
|
+
# dimensions: [
|
33901
|
+
# {
|
33902
|
+
# value: "NonEmptyString",
|
33903
|
+
# },
|
33904
|
+
# ],
|
33905
|
+
# },
|
33906
|
+
# },
|
33907
|
+
# action_name: "NonEmptyString",
|
33908
|
+
# },
|
33909
|
+
# ],
|
33910
|
+
# stateless_default_actions: ["NonEmptyString"],
|
33911
|
+
# stateless_fragment_default_actions: ["NonEmptyString"],
|
33912
|
+
# stateless_rule_group_references: [
|
33913
|
+
# {
|
33914
|
+
# priority: 1,
|
33915
|
+
# resource_arn: "NonEmptyString",
|
33916
|
+
# },
|
33917
|
+
# ],
|
33918
|
+
# },
|
33919
|
+
# firewall_policy_arn: "NonEmptyString",
|
33920
|
+
# firewall_policy_id: "NonEmptyString",
|
33921
|
+
# firewall_policy_name: "NonEmptyString",
|
33922
|
+
# description: "NonEmptyString",
|
33923
|
+
# },
|
33924
|
+
# aws_network_firewall_firewall: {
|
33925
|
+
# delete_protection: false,
|
33926
|
+
# description: "NonEmptyString",
|
33927
|
+
# firewall_arn: "NonEmptyString",
|
33928
|
+
# firewall_id: "NonEmptyString",
|
33929
|
+
# firewall_name: "NonEmptyString",
|
33930
|
+
# firewall_policy_arn: "NonEmptyString",
|
33931
|
+
# firewall_policy_change_protection: false,
|
33932
|
+
# subnet_change_protection: false,
|
33933
|
+
# subnet_mappings: [
|
33934
|
+
# {
|
33935
|
+
# subnet_id: "NonEmptyString",
|
33936
|
+
# },
|
33937
|
+
# ],
|
33938
|
+
# vpc_id: "NonEmptyString",
|
33939
|
+
# },
|
33940
|
+
# aws_network_firewall_rule_group: {
|
33941
|
+
# capacity: 1,
|
33942
|
+
# description: "NonEmptyString",
|
33943
|
+
# rule_group: {
|
33944
|
+
# rule_variables: {
|
33945
|
+
# ip_sets: {
|
33946
|
+
# definition: ["NonEmptyString"],
|
33947
|
+
# },
|
33948
|
+
# port_sets: {
|
33949
|
+
# definition: ["NonEmptyString"],
|
33950
|
+
# },
|
33951
|
+
# },
|
33952
|
+
# rules_source: {
|
33953
|
+
# rules_source_list: {
|
33954
|
+
# generated_rules_type: "NonEmptyString",
|
33955
|
+
# target_types: ["NonEmptyString"],
|
33956
|
+
# targets: ["NonEmptyString"],
|
33957
|
+
# },
|
33958
|
+
# rules_string: "NonEmptyString",
|
33959
|
+
# stateful_rules: [
|
33960
|
+
# {
|
33961
|
+
# action: "NonEmptyString",
|
33962
|
+
# header: {
|
33963
|
+
# destination: "NonEmptyString",
|
33964
|
+
# destination_port: "NonEmptyString",
|
33965
|
+
# direction: "NonEmptyString",
|
33966
|
+
# protocol: "NonEmptyString",
|
33967
|
+
# source: "NonEmptyString",
|
33968
|
+
# source_port: "NonEmptyString",
|
33969
|
+
# },
|
33970
|
+
# rule_options: [
|
33971
|
+
# {
|
33972
|
+
# keyword: "NonEmptyString",
|
33973
|
+
# settings: ["NonEmptyString"],
|
33974
|
+
# },
|
33975
|
+
# ],
|
33976
|
+
# },
|
33977
|
+
# ],
|
33978
|
+
# stateless_rules_and_custom_actions: {
|
33979
|
+
# custom_actions: [
|
33980
|
+
# {
|
33981
|
+
# action_definition: {
|
33982
|
+
# publish_metric_action: {
|
33983
|
+
# dimensions: [
|
33984
|
+
# {
|
33985
|
+
# value: "NonEmptyString",
|
33986
|
+
# },
|
33987
|
+
# ],
|
33988
|
+
# },
|
33989
|
+
# },
|
33990
|
+
# action_name: "NonEmptyString",
|
33991
|
+
# },
|
33992
|
+
# ],
|
33993
|
+
# stateless_rules: [
|
33994
|
+
# {
|
33995
|
+
# priority: 1,
|
33996
|
+
# rule_definition: {
|
33997
|
+
# actions: ["NonEmptyString"],
|
33998
|
+
# match_attributes: {
|
33999
|
+
# destination_ports: [
|
34000
|
+
# {
|
34001
|
+
# from_port: 1,
|
34002
|
+
# to_port: 1,
|
34003
|
+
# },
|
34004
|
+
# ],
|
34005
|
+
# destinations: [
|
34006
|
+
# {
|
34007
|
+
# address_definition: "NonEmptyString",
|
34008
|
+
# },
|
34009
|
+
# ],
|
34010
|
+
# protocols: [1],
|
34011
|
+
# source_ports: [
|
34012
|
+
# {
|
34013
|
+
# from_port: 1,
|
34014
|
+
# to_port: 1,
|
34015
|
+
# },
|
34016
|
+
# ],
|
34017
|
+
# sources: [
|
34018
|
+
# {
|
34019
|
+
# address_definition: "NonEmptyString",
|
34020
|
+
# },
|
34021
|
+
# ],
|
34022
|
+
# tcp_flags: [
|
34023
|
+
# {
|
34024
|
+
# flags: ["NonEmptyString"],
|
34025
|
+
# masks: ["NonEmptyString"],
|
34026
|
+
# },
|
34027
|
+
# ],
|
34028
|
+
# },
|
34029
|
+
# },
|
34030
|
+
# },
|
34031
|
+
# ],
|
34032
|
+
# },
|
34033
|
+
# },
|
34034
|
+
# },
|
34035
|
+
# rule_group_arn: "NonEmptyString",
|
34036
|
+
# rule_group_id: "NonEmptyString",
|
34037
|
+
# rule_group_name: "NonEmptyString",
|
34038
|
+
# type: "NonEmptyString",
|
34039
|
+
# },
|
32604
34040
|
# },
|
32605
34041
|
# }
|
32606
34042
|
#
|
@@ -32703,6 +34139,34 @@ module Aws::SecurityHub
|
|
32703
34139
|
# health_check_type: "NonEmptyString",
|
32704
34140
|
# health_check_grace_period: 1,
|
32705
34141
|
# created_time: "NonEmptyString",
|
34142
|
+
# mixed_instances_policy: {
|
34143
|
+
# instances_distribution: {
|
34144
|
+
# on_demand_allocation_strategy: "NonEmptyString",
|
34145
|
+
# on_demand_base_capacity: 1,
|
34146
|
+
# on_demand_percentage_above_base_capacity: 1,
|
34147
|
+
# spot_allocation_strategy: "NonEmptyString",
|
34148
|
+
# spot_instance_pools: 1,
|
34149
|
+
# spot_max_price: "NonEmptyString",
|
34150
|
+
# },
|
34151
|
+
# launch_template: {
|
34152
|
+
# launch_template_specification: {
|
34153
|
+
# launch_template_id: "NonEmptyString",
|
34154
|
+
# launch_template_name: "NonEmptyString",
|
34155
|
+
# version: "NonEmptyString",
|
34156
|
+
# },
|
34157
|
+
# overrides: [
|
34158
|
+
# {
|
34159
|
+
# instance_type: "NonEmptyString",
|
34160
|
+
# weighted_capacity: "NonEmptyString",
|
34161
|
+
# },
|
34162
|
+
# ],
|
34163
|
+
# },
|
34164
|
+
# },
|
34165
|
+
# availability_zones: [
|
34166
|
+
# {
|
34167
|
+
# value: "NonEmptyString",
|
34168
|
+
# },
|
34169
|
+
# ],
|
32706
34170
|
# },
|
32707
34171
|
# aws_code_build_project: {
|
32708
34172
|
# encryption_key: "NonEmptyString",
|
@@ -33273,6 +34737,10 @@ module Aws::SecurityHub
|
|
33273
34737
|
# },
|
33274
34738
|
# ],
|
33275
34739
|
# },
|
34740
|
+
# bucket_versioning_configuration: {
|
34741
|
+
# is_mfa_delete_enabled: false,
|
34742
|
+
# status: "NonEmptyString",
|
34743
|
+
# },
|
33276
34744
|
# },
|
33277
34745
|
# aws_s3_account_public_access_block: {
|
33278
34746
|
# block_public_acls: false,
|
@@ -34687,6 +36155,11 @@ module Aws::SecurityHub
|
|
34687
36155
|
# security_groups: ["NonEmptyString"],
|
34688
36156
|
# spot_price: "NonEmptyString",
|
34689
36157
|
# user_data: "NonEmptyString",
|
36158
|
+
# metadata_options: {
|
36159
|
+
# http_endpoint: "NonEmptyString",
|
36160
|
+
# http_put_response_hop_limit: 1,
|
36161
|
+
# http_tokens: "NonEmptyString",
|
36162
|
+
# },
|
34690
36163
|
# },
|
34691
36164
|
# aws_ec2_vpn_connection: {
|
34692
36165
|
# vpn_connection_id: "NonEmptyString",
|
@@ -34896,6 +36369,157 @@ module Aws::SecurityHub
|
|
34896
36369
|
# ],
|
34897
36370
|
# },
|
34898
36371
|
# },
|
36372
|
+
# aws_network_firewall_firewall_policy: {
|
36373
|
+
# firewall_policy: {
|
36374
|
+
# stateful_rule_group_references: [
|
36375
|
+
# {
|
36376
|
+
# resource_arn: "NonEmptyString",
|
36377
|
+
# },
|
36378
|
+
# ],
|
36379
|
+
# stateless_custom_actions: [
|
36380
|
+
# {
|
36381
|
+
# action_definition: {
|
36382
|
+
# publish_metric_action: {
|
36383
|
+
# dimensions: [
|
36384
|
+
# {
|
36385
|
+
# value: "NonEmptyString",
|
36386
|
+
# },
|
36387
|
+
# ],
|
36388
|
+
# },
|
36389
|
+
# },
|
36390
|
+
# action_name: "NonEmptyString",
|
36391
|
+
# },
|
36392
|
+
# ],
|
36393
|
+
# stateless_default_actions: ["NonEmptyString"],
|
36394
|
+
# stateless_fragment_default_actions: ["NonEmptyString"],
|
36395
|
+
# stateless_rule_group_references: [
|
36396
|
+
# {
|
36397
|
+
# priority: 1,
|
36398
|
+
# resource_arn: "NonEmptyString",
|
36399
|
+
# },
|
36400
|
+
# ],
|
36401
|
+
# },
|
36402
|
+
# firewall_policy_arn: "NonEmptyString",
|
36403
|
+
# firewall_policy_id: "NonEmptyString",
|
36404
|
+
# firewall_policy_name: "NonEmptyString",
|
36405
|
+
# description: "NonEmptyString",
|
36406
|
+
# },
|
36407
|
+
# aws_network_firewall_firewall: {
|
36408
|
+
# delete_protection: false,
|
36409
|
+
# description: "NonEmptyString",
|
36410
|
+
# firewall_arn: "NonEmptyString",
|
36411
|
+
# firewall_id: "NonEmptyString",
|
36412
|
+
# firewall_name: "NonEmptyString",
|
36413
|
+
# firewall_policy_arn: "NonEmptyString",
|
36414
|
+
# firewall_policy_change_protection: false,
|
36415
|
+
# subnet_change_protection: false,
|
36416
|
+
# subnet_mappings: [
|
36417
|
+
# {
|
36418
|
+
# subnet_id: "NonEmptyString",
|
36419
|
+
# },
|
36420
|
+
# ],
|
36421
|
+
# vpc_id: "NonEmptyString",
|
36422
|
+
# },
|
36423
|
+
# aws_network_firewall_rule_group: {
|
36424
|
+
# capacity: 1,
|
36425
|
+
# description: "NonEmptyString",
|
36426
|
+
# rule_group: {
|
36427
|
+
# rule_variables: {
|
36428
|
+
# ip_sets: {
|
36429
|
+
# definition: ["NonEmptyString"],
|
36430
|
+
# },
|
36431
|
+
# port_sets: {
|
36432
|
+
# definition: ["NonEmptyString"],
|
36433
|
+
# },
|
36434
|
+
# },
|
36435
|
+
# rules_source: {
|
36436
|
+
# rules_source_list: {
|
36437
|
+
# generated_rules_type: "NonEmptyString",
|
36438
|
+
# target_types: ["NonEmptyString"],
|
36439
|
+
# targets: ["NonEmptyString"],
|
36440
|
+
# },
|
36441
|
+
# rules_string: "NonEmptyString",
|
36442
|
+
# stateful_rules: [
|
36443
|
+
# {
|
36444
|
+
# action: "NonEmptyString",
|
36445
|
+
# header: {
|
36446
|
+
# destination: "NonEmptyString",
|
36447
|
+
# destination_port: "NonEmptyString",
|
36448
|
+
# direction: "NonEmptyString",
|
36449
|
+
# protocol: "NonEmptyString",
|
36450
|
+
# source: "NonEmptyString",
|
36451
|
+
# source_port: "NonEmptyString",
|
36452
|
+
# },
|
36453
|
+
# rule_options: [
|
36454
|
+
# {
|
36455
|
+
# keyword: "NonEmptyString",
|
36456
|
+
# settings: ["NonEmptyString"],
|
36457
|
+
# },
|
36458
|
+
# ],
|
36459
|
+
# },
|
36460
|
+
# ],
|
36461
|
+
# stateless_rules_and_custom_actions: {
|
36462
|
+
# custom_actions: [
|
36463
|
+
# {
|
36464
|
+
# action_definition: {
|
36465
|
+
# publish_metric_action: {
|
36466
|
+
# dimensions: [
|
36467
|
+
# {
|
36468
|
+
# value: "NonEmptyString",
|
36469
|
+
# },
|
36470
|
+
# ],
|
36471
|
+
# },
|
36472
|
+
# },
|
36473
|
+
# action_name: "NonEmptyString",
|
36474
|
+
# },
|
36475
|
+
# ],
|
36476
|
+
# stateless_rules: [
|
36477
|
+
# {
|
36478
|
+
# priority: 1,
|
36479
|
+
# rule_definition: {
|
36480
|
+
# actions: ["NonEmptyString"],
|
36481
|
+
# match_attributes: {
|
36482
|
+
# destination_ports: [
|
36483
|
+
# {
|
36484
|
+
# from_port: 1,
|
36485
|
+
# to_port: 1,
|
36486
|
+
# },
|
36487
|
+
# ],
|
36488
|
+
# destinations: [
|
36489
|
+
# {
|
36490
|
+
# address_definition: "NonEmptyString",
|
36491
|
+
# },
|
36492
|
+
# ],
|
36493
|
+
# protocols: [1],
|
36494
|
+
# source_ports: [
|
36495
|
+
# {
|
36496
|
+
# from_port: 1,
|
36497
|
+
# to_port: 1,
|
36498
|
+
# },
|
36499
|
+
# ],
|
36500
|
+
# sources: [
|
36501
|
+
# {
|
36502
|
+
# address_definition: "NonEmptyString",
|
36503
|
+
# },
|
36504
|
+
# ],
|
36505
|
+
# tcp_flags: [
|
36506
|
+
# {
|
36507
|
+
# flags: ["NonEmptyString"],
|
36508
|
+
# masks: ["NonEmptyString"],
|
36509
|
+
# },
|
36510
|
+
# ],
|
36511
|
+
# },
|
36512
|
+
# },
|
36513
|
+
# },
|
36514
|
+
# ],
|
36515
|
+
# },
|
36516
|
+
# },
|
36517
|
+
# },
|
36518
|
+
# rule_group_arn: "NonEmptyString",
|
36519
|
+
# rule_group_id: "NonEmptyString",
|
36520
|
+
# rule_group_name: "NonEmptyString",
|
36521
|
+
# type: "NonEmptyString",
|
36522
|
+
# },
|
34899
36523
|
# }
|
34900
36524
|
#
|
34901
36525
|
# @!attribute [rw] aws_auto_scaling_auto_scaling_group
|
@@ -35149,6 +36773,18 @@ module Aws::SecurityHub
|
|
35149
36773
|
# Details about an Amazon EKS cluster.
|
35150
36774
|
# @return [Types::AwsEksClusterDetails]
|
35151
36775
|
#
|
36776
|
+
# @!attribute [rw] aws_network_firewall_firewall_policy
|
36777
|
+
# Details about an Network Firewall firewall policy.
|
36778
|
+
# @return [Types::AwsNetworkFirewallFirewallPolicyDetails]
|
36779
|
+
#
|
36780
|
+
# @!attribute [rw] aws_network_firewall_firewall
|
36781
|
+
# Details about an Network Firewall firewall.
|
36782
|
+
# @return [Types::AwsNetworkFirewallFirewallDetails]
|
36783
|
+
#
|
36784
|
+
# @!attribute [rw] aws_network_firewall_rule_group
|
36785
|
+
# Details about an Network Firewall rule group.
|
36786
|
+
# @return [Types::AwsNetworkFirewallRuleGroupDetails]
|
36787
|
+
#
|
35152
36788
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
35153
36789
|
#
|
35154
36790
|
class ResourceDetails < Struct.new(
|
@@ -35210,7 +36846,10 @@ module Aws::SecurityHub
|
|
35210
36846
|
:aws_waf_rate_based_rule,
|
35211
36847
|
:aws_waf_regional_rate_based_rule,
|
35212
36848
|
:aws_ecr_repository,
|
35213
|
-
:aws_eks_cluster
|
36849
|
+
:aws_eks_cluster,
|
36850
|
+
:aws_network_firewall_firewall_policy,
|
36851
|
+
:aws_network_firewall_firewall,
|
36852
|
+
:aws_network_firewall_rule_group)
|
35214
36853
|
SENSITIVE = []
|
35215
36854
|
include Aws::Structure
|
35216
36855
|
end
|
@@ -35253,6 +36892,931 @@ module Aws::SecurityHub
|
|
35253
36892
|
include Aws::Structure
|
35254
36893
|
end
|
35255
36894
|
|
36895
|
+
# Details about the rule group.
|
36896
|
+
#
|
36897
|
+
# @note When making an API call, you may pass RuleGroupDetails
|
36898
|
+
# data as a hash:
|
36899
|
+
#
|
36900
|
+
# {
|
36901
|
+
# rule_variables: {
|
36902
|
+
# ip_sets: {
|
36903
|
+
# definition: ["NonEmptyString"],
|
36904
|
+
# },
|
36905
|
+
# port_sets: {
|
36906
|
+
# definition: ["NonEmptyString"],
|
36907
|
+
# },
|
36908
|
+
# },
|
36909
|
+
# rules_source: {
|
36910
|
+
# rules_source_list: {
|
36911
|
+
# generated_rules_type: "NonEmptyString",
|
36912
|
+
# target_types: ["NonEmptyString"],
|
36913
|
+
# targets: ["NonEmptyString"],
|
36914
|
+
# },
|
36915
|
+
# rules_string: "NonEmptyString",
|
36916
|
+
# stateful_rules: [
|
36917
|
+
# {
|
36918
|
+
# action: "NonEmptyString",
|
36919
|
+
# header: {
|
36920
|
+
# destination: "NonEmptyString",
|
36921
|
+
# destination_port: "NonEmptyString",
|
36922
|
+
# direction: "NonEmptyString",
|
36923
|
+
# protocol: "NonEmptyString",
|
36924
|
+
# source: "NonEmptyString",
|
36925
|
+
# source_port: "NonEmptyString",
|
36926
|
+
# },
|
36927
|
+
# rule_options: [
|
36928
|
+
# {
|
36929
|
+
# keyword: "NonEmptyString",
|
36930
|
+
# settings: ["NonEmptyString"],
|
36931
|
+
# },
|
36932
|
+
# ],
|
36933
|
+
# },
|
36934
|
+
# ],
|
36935
|
+
# stateless_rules_and_custom_actions: {
|
36936
|
+
# custom_actions: [
|
36937
|
+
# {
|
36938
|
+
# action_definition: {
|
36939
|
+
# publish_metric_action: {
|
36940
|
+
# dimensions: [
|
36941
|
+
# {
|
36942
|
+
# value: "NonEmptyString",
|
36943
|
+
# },
|
36944
|
+
# ],
|
36945
|
+
# },
|
36946
|
+
# },
|
36947
|
+
# action_name: "NonEmptyString",
|
36948
|
+
# },
|
36949
|
+
# ],
|
36950
|
+
# stateless_rules: [
|
36951
|
+
# {
|
36952
|
+
# priority: 1,
|
36953
|
+
# rule_definition: {
|
36954
|
+
# actions: ["NonEmptyString"],
|
36955
|
+
# match_attributes: {
|
36956
|
+
# destination_ports: [
|
36957
|
+
# {
|
36958
|
+
# from_port: 1,
|
36959
|
+
# to_port: 1,
|
36960
|
+
# },
|
36961
|
+
# ],
|
36962
|
+
# destinations: [
|
36963
|
+
# {
|
36964
|
+
# address_definition: "NonEmptyString",
|
36965
|
+
# },
|
36966
|
+
# ],
|
36967
|
+
# protocols: [1],
|
36968
|
+
# source_ports: [
|
36969
|
+
# {
|
36970
|
+
# from_port: 1,
|
36971
|
+
# to_port: 1,
|
36972
|
+
# },
|
36973
|
+
# ],
|
36974
|
+
# sources: [
|
36975
|
+
# {
|
36976
|
+
# address_definition: "NonEmptyString",
|
36977
|
+
# },
|
36978
|
+
# ],
|
36979
|
+
# tcp_flags: [
|
36980
|
+
# {
|
36981
|
+
# flags: ["NonEmptyString"],
|
36982
|
+
# masks: ["NonEmptyString"],
|
36983
|
+
# },
|
36984
|
+
# ],
|
36985
|
+
# },
|
36986
|
+
# },
|
36987
|
+
# },
|
36988
|
+
# ],
|
36989
|
+
# },
|
36990
|
+
# },
|
36991
|
+
# }
|
36992
|
+
#
|
36993
|
+
# @!attribute [rw] rule_variables
|
36994
|
+
# Additional settings to use in the specified rules.
|
36995
|
+
# @return [Types::RuleGroupVariables]
|
36996
|
+
#
|
36997
|
+
# @!attribute [rw] rules_source
|
36998
|
+
# The rules and actions for the rule group.
|
36999
|
+
#
|
37000
|
+
# For stateful rule groups, can contain `RulesString`,
|
37001
|
+
# `RulesSourceList`, or `StatefulRules`.
|
37002
|
+
#
|
37003
|
+
# For stateless rule groups, contains
|
37004
|
+
# `StatelessRulesAndCustomActions`.
|
37005
|
+
# @return [Types::RuleGroupSource]
|
37006
|
+
#
|
37007
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupDetails AWS API Documentation
|
37008
|
+
#
|
37009
|
+
class RuleGroupDetails < Struct.new(
|
37010
|
+
:rule_variables,
|
37011
|
+
:rules_source)
|
37012
|
+
SENSITIVE = []
|
37013
|
+
include Aws::Structure
|
37014
|
+
end
|
37015
|
+
|
37016
|
+
# The rules and actions for the rule group.
|
37017
|
+
#
|
37018
|
+
# @note When making an API call, you may pass RuleGroupSource
|
37019
|
+
# data as a hash:
|
37020
|
+
#
|
37021
|
+
# {
|
37022
|
+
# rules_source_list: {
|
37023
|
+
# generated_rules_type: "NonEmptyString",
|
37024
|
+
# target_types: ["NonEmptyString"],
|
37025
|
+
# targets: ["NonEmptyString"],
|
37026
|
+
# },
|
37027
|
+
# rules_string: "NonEmptyString",
|
37028
|
+
# stateful_rules: [
|
37029
|
+
# {
|
37030
|
+
# action: "NonEmptyString",
|
37031
|
+
# header: {
|
37032
|
+
# destination: "NonEmptyString",
|
37033
|
+
# destination_port: "NonEmptyString",
|
37034
|
+
# direction: "NonEmptyString",
|
37035
|
+
# protocol: "NonEmptyString",
|
37036
|
+
# source: "NonEmptyString",
|
37037
|
+
# source_port: "NonEmptyString",
|
37038
|
+
# },
|
37039
|
+
# rule_options: [
|
37040
|
+
# {
|
37041
|
+
# keyword: "NonEmptyString",
|
37042
|
+
# settings: ["NonEmptyString"],
|
37043
|
+
# },
|
37044
|
+
# ],
|
37045
|
+
# },
|
37046
|
+
# ],
|
37047
|
+
# stateless_rules_and_custom_actions: {
|
37048
|
+
# custom_actions: [
|
37049
|
+
# {
|
37050
|
+
# action_definition: {
|
37051
|
+
# publish_metric_action: {
|
37052
|
+
# dimensions: [
|
37053
|
+
# {
|
37054
|
+
# value: "NonEmptyString",
|
37055
|
+
# },
|
37056
|
+
# ],
|
37057
|
+
# },
|
37058
|
+
# },
|
37059
|
+
# action_name: "NonEmptyString",
|
37060
|
+
# },
|
37061
|
+
# ],
|
37062
|
+
# stateless_rules: [
|
37063
|
+
# {
|
37064
|
+
# priority: 1,
|
37065
|
+
# rule_definition: {
|
37066
|
+
# actions: ["NonEmptyString"],
|
37067
|
+
# match_attributes: {
|
37068
|
+
# destination_ports: [
|
37069
|
+
# {
|
37070
|
+
# from_port: 1,
|
37071
|
+
# to_port: 1,
|
37072
|
+
# },
|
37073
|
+
# ],
|
37074
|
+
# destinations: [
|
37075
|
+
# {
|
37076
|
+
# address_definition: "NonEmptyString",
|
37077
|
+
# },
|
37078
|
+
# ],
|
37079
|
+
# protocols: [1],
|
37080
|
+
# source_ports: [
|
37081
|
+
# {
|
37082
|
+
# from_port: 1,
|
37083
|
+
# to_port: 1,
|
37084
|
+
# },
|
37085
|
+
# ],
|
37086
|
+
# sources: [
|
37087
|
+
# {
|
37088
|
+
# address_definition: "NonEmptyString",
|
37089
|
+
# },
|
37090
|
+
# ],
|
37091
|
+
# tcp_flags: [
|
37092
|
+
# {
|
37093
|
+
# flags: ["NonEmptyString"],
|
37094
|
+
# masks: ["NonEmptyString"],
|
37095
|
+
# },
|
37096
|
+
# ],
|
37097
|
+
# },
|
37098
|
+
# },
|
37099
|
+
# },
|
37100
|
+
# ],
|
37101
|
+
# },
|
37102
|
+
# }
|
37103
|
+
#
|
37104
|
+
# @!attribute [rw] rules_source_list
|
37105
|
+
# Stateful inspection criteria for a domain list rule group. A domain
|
37106
|
+
# list rule group determines access by specific protocols to specific
|
37107
|
+
# domains.
|
37108
|
+
# @return [Types::RuleGroupSourceListDetails]
|
37109
|
+
#
|
37110
|
+
# @!attribute [rw] rules_string
|
37111
|
+
# Stateful inspection criteria, provided in Suricata compatible
|
37112
|
+
# intrusion prevention system (IPS) rules.
|
37113
|
+
# @return [String]
|
37114
|
+
#
|
37115
|
+
# @!attribute [rw] stateful_rules
|
37116
|
+
# Suricata rule specifications.
|
37117
|
+
# @return [Array<Types::RuleGroupSourceStatefulRulesDetails>]
|
37118
|
+
#
|
37119
|
+
# @!attribute [rw] stateless_rules_and_custom_actions
|
37120
|
+
# The stateless rules and custom actions used by a stateless rule
|
37121
|
+
# group.
|
37122
|
+
# @return [Types::RuleGroupSourceStatelessRulesAndCustomActionsDetails]
|
37123
|
+
#
|
37124
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSource AWS API Documentation
|
37125
|
+
#
|
37126
|
+
class RuleGroupSource < Struct.new(
|
37127
|
+
:rules_source_list,
|
37128
|
+
:rules_string,
|
37129
|
+
:stateful_rules,
|
37130
|
+
:stateless_rules_and_custom_actions)
|
37131
|
+
SENSITIVE = []
|
37132
|
+
include Aws::Structure
|
37133
|
+
end
|
37134
|
+
|
37135
|
+
# A custom action definition. A custom action is an optional,
|
37136
|
+
# non-standard action to use for stateless packet handling.
|
37137
|
+
#
|
37138
|
+
# @note When making an API call, you may pass RuleGroupSourceCustomActionsDetails
|
37139
|
+
# data as a hash:
|
37140
|
+
#
|
37141
|
+
# {
|
37142
|
+
# action_definition: {
|
37143
|
+
# publish_metric_action: {
|
37144
|
+
# dimensions: [
|
37145
|
+
# {
|
37146
|
+
# value: "NonEmptyString",
|
37147
|
+
# },
|
37148
|
+
# ],
|
37149
|
+
# },
|
37150
|
+
# },
|
37151
|
+
# action_name: "NonEmptyString",
|
37152
|
+
# }
|
37153
|
+
#
|
37154
|
+
# @!attribute [rw] action_definition
|
37155
|
+
# The definition of a custom action.
|
37156
|
+
# @return [Types::StatelessCustomActionDefinition]
|
37157
|
+
#
|
37158
|
+
# @!attribute [rw] action_name
|
37159
|
+
# A descriptive name of the custom action.
|
37160
|
+
# @return [String]
|
37161
|
+
#
|
37162
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceCustomActionsDetails AWS API Documentation
|
37163
|
+
#
|
37164
|
+
class RuleGroupSourceCustomActionsDetails < Struct.new(
|
37165
|
+
:action_definition,
|
37166
|
+
:action_name)
|
37167
|
+
SENSITIVE = []
|
37168
|
+
include Aws::Structure
|
37169
|
+
end
|
37170
|
+
|
37171
|
+
# Stateful inspection criteria for a domain list rule group.
|
37172
|
+
#
|
37173
|
+
# @note When making an API call, you may pass RuleGroupSourceListDetails
|
37174
|
+
# data as a hash:
|
37175
|
+
#
|
37176
|
+
# {
|
37177
|
+
# generated_rules_type: "NonEmptyString",
|
37178
|
+
# target_types: ["NonEmptyString"],
|
37179
|
+
# targets: ["NonEmptyString"],
|
37180
|
+
# }
|
37181
|
+
#
|
37182
|
+
# @!attribute [rw] generated_rules_type
|
37183
|
+
# Indicates whether to allow or deny access to the domains listed in
|
37184
|
+
# `Targets`.
|
37185
|
+
# @return [String]
|
37186
|
+
#
|
37187
|
+
# @!attribute [rw] target_types
|
37188
|
+
# The protocols that you want to inspect. Specify `LS_SNI` for HTTPS.
|
37189
|
+
# Specify `HTTP_HOST` for HTTP. You can specify either or both.
|
37190
|
+
# @return [Array<String>]
|
37191
|
+
#
|
37192
|
+
# @!attribute [rw] targets
|
37193
|
+
# The domains that you want to inspect for in your traffic flows. You
|
37194
|
+
# can provide full domain names, or use the '.' prefix as a
|
37195
|
+
# wildcard. For example, `.example.com` matches all domains that end
|
37196
|
+
# with `example.com`.
|
37197
|
+
# @return [Array<String>]
|
37198
|
+
#
|
37199
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceListDetails AWS API Documentation
|
37200
|
+
#
|
37201
|
+
class RuleGroupSourceListDetails < Struct.new(
|
37202
|
+
:generated_rules_type,
|
37203
|
+
:target_types,
|
37204
|
+
:targets)
|
37205
|
+
SENSITIVE = []
|
37206
|
+
include Aws::Structure
|
37207
|
+
end
|
37208
|
+
|
37209
|
+
# A Suricata rule specification.
|
37210
|
+
#
|
37211
|
+
# @note When making an API call, you may pass RuleGroupSourceStatefulRulesDetails
|
37212
|
+
# data as a hash:
|
37213
|
+
#
|
37214
|
+
# {
|
37215
|
+
# action: "NonEmptyString",
|
37216
|
+
# header: {
|
37217
|
+
# destination: "NonEmptyString",
|
37218
|
+
# destination_port: "NonEmptyString",
|
37219
|
+
# direction: "NonEmptyString",
|
37220
|
+
# protocol: "NonEmptyString",
|
37221
|
+
# source: "NonEmptyString",
|
37222
|
+
# source_port: "NonEmptyString",
|
37223
|
+
# },
|
37224
|
+
# rule_options: [
|
37225
|
+
# {
|
37226
|
+
# keyword: "NonEmptyString",
|
37227
|
+
# settings: ["NonEmptyString"],
|
37228
|
+
# },
|
37229
|
+
# ],
|
37230
|
+
# }
|
37231
|
+
#
|
37232
|
+
# @!attribute [rw] action
|
37233
|
+
# Defines what Network Firewall should do with the packets in a
|
37234
|
+
# traffic flow when the flow matches the stateful rule criteria.
|
37235
|
+
# @return [String]
|
37236
|
+
#
|
37237
|
+
# @!attribute [rw] header
|
37238
|
+
# The stateful inspection criteria for the rule.
|
37239
|
+
# @return [Types::RuleGroupSourceStatefulRulesHeaderDetails]
|
37240
|
+
#
|
37241
|
+
# @!attribute [rw] rule_options
|
37242
|
+
# Additional options for the rule.
|
37243
|
+
# @return [Array<Types::RuleGroupSourceStatefulRulesOptionsDetails>]
|
37244
|
+
#
|
37245
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesDetails AWS API Documentation
|
37246
|
+
#
|
37247
|
+
class RuleGroupSourceStatefulRulesDetails < Struct.new(
|
37248
|
+
:action,
|
37249
|
+
:header,
|
37250
|
+
:rule_options)
|
37251
|
+
SENSITIVE = []
|
37252
|
+
include Aws::Structure
|
37253
|
+
end
|
37254
|
+
|
37255
|
+
# The inspection criteria for a stateful rule.
|
37256
|
+
#
|
37257
|
+
# @note When making an API call, you may pass RuleGroupSourceStatefulRulesHeaderDetails
|
37258
|
+
# data as a hash:
|
37259
|
+
#
|
37260
|
+
# {
|
37261
|
+
# destination: "NonEmptyString",
|
37262
|
+
# destination_port: "NonEmptyString",
|
37263
|
+
# direction: "NonEmptyString",
|
37264
|
+
# protocol: "NonEmptyString",
|
37265
|
+
# source: "NonEmptyString",
|
37266
|
+
# source_port: "NonEmptyString",
|
37267
|
+
# }
|
37268
|
+
#
|
37269
|
+
# @!attribute [rw] destination
|
37270
|
+
# The destination IP address or address range to inspect for, in CIDR
|
37271
|
+
# notation. To match with any address, specify `ANY`.
|
37272
|
+
# @return [String]
|
37273
|
+
#
|
37274
|
+
# @!attribute [rw] destination_port
|
37275
|
+
# The destination port to inspect for. You can specify an individual
|
37276
|
+
# port, such as `1994`. You also can specify a port range, such as
|
37277
|
+
# `1990:1994`. To match with any port, specify `ANY`.
|
37278
|
+
# @return [String]
|
37279
|
+
#
|
37280
|
+
# @!attribute [rw] direction
|
37281
|
+
# The direction of traffic flow to inspect. If set to `ANY`, the
|
37282
|
+
# inspection matches bidirectional traffic, both from the source to
|
37283
|
+
# the destination and from the destination to the source. If set to
|
37284
|
+
# `FORWARD`, the inspection only matches traffic going from the source
|
37285
|
+
# to the destination.
|
37286
|
+
# @return [String]
|
37287
|
+
#
|
37288
|
+
# @!attribute [rw] protocol
|
37289
|
+
# The protocol to inspect for. To inspector for all protocols, use
|
37290
|
+
# `IP`.
|
37291
|
+
# @return [String]
|
37292
|
+
#
|
37293
|
+
# @!attribute [rw] source
|
37294
|
+
# The source IP address or address range to inspect for, in CIDR
|
37295
|
+
# notation. To match with any address, specify `ANY`.
|
37296
|
+
# @return [String]
|
37297
|
+
#
|
37298
|
+
# @!attribute [rw] source_port
|
37299
|
+
# The source port to inspect for. You can specify an individual port,
|
37300
|
+
# such as `1994`. You also can specify a port range, such as
|
37301
|
+
# `1990:1994`. To match with any port, specify `ANY`.
|
37302
|
+
# @return [String]
|
37303
|
+
#
|
37304
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesHeaderDetails AWS API Documentation
|
37305
|
+
#
|
37306
|
+
class RuleGroupSourceStatefulRulesHeaderDetails < Struct.new(
|
37307
|
+
:destination,
|
37308
|
+
:destination_port,
|
37309
|
+
:direction,
|
37310
|
+
:protocol,
|
37311
|
+
:source,
|
37312
|
+
:source_port)
|
37313
|
+
SENSITIVE = []
|
37314
|
+
include Aws::Structure
|
37315
|
+
end
|
37316
|
+
|
37317
|
+
# A rule option for a stateful rule.
|
37318
|
+
#
|
37319
|
+
# @note When making an API call, you may pass RuleGroupSourceStatefulRulesOptionsDetails
|
37320
|
+
# data as a hash:
|
37321
|
+
#
|
37322
|
+
# {
|
37323
|
+
# keyword: "NonEmptyString",
|
37324
|
+
# settings: ["NonEmptyString"],
|
37325
|
+
# }
|
37326
|
+
#
|
37327
|
+
# @!attribute [rw] keyword
|
37328
|
+
# A keyword to look for.
|
37329
|
+
# @return [String]
|
37330
|
+
#
|
37331
|
+
# @!attribute [rw] settings
|
37332
|
+
# A list of settings.
|
37333
|
+
# @return [Array<String>]
|
37334
|
+
#
|
37335
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesOptionsDetails AWS API Documentation
|
37336
|
+
#
|
37337
|
+
class RuleGroupSourceStatefulRulesOptionsDetails < Struct.new(
|
37338
|
+
:keyword,
|
37339
|
+
:settings)
|
37340
|
+
SENSITIVE = []
|
37341
|
+
include Aws::Structure
|
37342
|
+
end
|
37343
|
+
|
37344
|
+
# The definition of the stateless rule.
|
37345
|
+
#
|
37346
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleDefinition
|
37347
|
+
# data as a hash:
|
37348
|
+
#
|
37349
|
+
# {
|
37350
|
+
# actions: ["NonEmptyString"],
|
37351
|
+
# match_attributes: {
|
37352
|
+
# destination_ports: [
|
37353
|
+
# {
|
37354
|
+
# from_port: 1,
|
37355
|
+
# to_port: 1,
|
37356
|
+
# },
|
37357
|
+
# ],
|
37358
|
+
# destinations: [
|
37359
|
+
# {
|
37360
|
+
# address_definition: "NonEmptyString",
|
37361
|
+
# },
|
37362
|
+
# ],
|
37363
|
+
# protocols: [1],
|
37364
|
+
# source_ports: [
|
37365
|
+
# {
|
37366
|
+
# from_port: 1,
|
37367
|
+
# to_port: 1,
|
37368
|
+
# },
|
37369
|
+
# ],
|
37370
|
+
# sources: [
|
37371
|
+
# {
|
37372
|
+
# address_definition: "NonEmptyString",
|
37373
|
+
# },
|
37374
|
+
# ],
|
37375
|
+
# tcp_flags: [
|
37376
|
+
# {
|
37377
|
+
# flags: ["NonEmptyString"],
|
37378
|
+
# masks: ["NonEmptyString"],
|
37379
|
+
# },
|
37380
|
+
# ],
|
37381
|
+
# },
|
37382
|
+
# }
|
37383
|
+
#
|
37384
|
+
# @!attribute [rw] actions
|
37385
|
+
# The actions to take on a packet that matches one of the stateless
|
37386
|
+
# rule definition's match attributes. You must specify a standard
|
37387
|
+
# action (`aws:pass`, `aws:drop`, or `aws:forward_to_sfe`). You can
|
37388
|
+
# then add custom actions.
|
37389
|
+
# @return [Array<String>]
|
37390
|
+
#
|
37391
|
+
# @!attribute [rw] match_attributes
|
37392
|
+
# The criteria for Network Firewall to use to inspect an individual
|
37393
|
+
# packet in a stateless rule inspection.
|
37394
|
+
# @return [Types::RuleGroupSourceStatelessRuleMatchAttributes]
|
37395
|
+
#
|
37396
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleDefinition AWS API Documentation
|
37397
|
+
#
|
37398
|
+
class RuleGroupSourceStatelessRuleDefinition < Struct.new(
|
37399
|
+
:actions,
|
37400
|
+
:match_attributes)
|
37401
|
+
SENSITIVE = []
|
37402
|
+
include Aws::Structure
|
37403
|
+
end
|
37404
|
+
|
37405
|
+
# Criteria for the stateless rule.
|
37406
|
+
#
|
37407
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributes
|
37408
|
+
# data as a hash:
|
37409
|
+
#
|
37410
|
+
# {
|
37411
|
+
# destination_ports: [
|
37412
|
+
# {
|
37413
|
+
# from_port: 1,
|
37414
|
+
# to_port: 1,
|
37415
|
+
# },
|
37416
|
+
# ],
|
37417
|
+
# destinations: [
|
37418
|
+
# {
|
37419
|
+
# address_definition: "NonEmptyString",
|
37420
|
+
# },
|
37421
|
+
# ],
|
37422
|
+
# protocols: [1],
|
37423
|
+
# source_ports: [
|
37424
|
+
# {
|
37425
|
+
# from_port: 1,
|
37426
|
+
# to_port: 1,
|
37427
|
+
# },
|
37428
|
+
# ],
|
37429
|
+
# sources: [
|
37430
|
+
# {
|
37431
|
+
# address_definition: "NonEmptyString",
|
37432
|
+
# },
|
37433
|
+
# ],
|
37434
|
+
# tcp_flags: [
|
37435
|
+
# {
|
37436
|
+
# flags: ["NonEmptyString"],
|
37437
|
+
# masks: ["NonEmptyString"],
|
37438
|
+
# },
|
37439
|
+
# ],
|
37440
|
+
# }
|
37441
|
+
#
|
37442
|
+
# @!attribute [rw] destination_ports
|
37443
|
+
# A list of port ranges to specify the destination ports to inspect
|
37444
|
+
# for.
|
37445
|
+
# @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts>]
|
37446
|
+
#
|
37447
|
+
# @!attribute [rw] destinations
|
37448
|
+
# The destination IP addresses and address ranges to inspect for, in
|
37449
|
+
# CIDR notation.
|
37450
|
+
# @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesDestinations>]
|
37451
|
+
#
|
37452
|
+
# @!attribute [rw] protocols
|
37453
|
+
# The protocols to inspect for.
|
37454
|
+
# @return [Array<Integer>]
|
37455
|
+
#
|
37456
|
+
# @!attribute [rw] source_ports
|
37457
|
+
# A list of port ranges to specify the source ports to inspect for.
|
37458
|
+
# @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesSourcePorts>]
|
37459
|
+
#
|
37460
|
+
# @!attribute [rw] sources
|
37461
|
+
# The source IP addresses and address ranges to inspect for, in CIDR
|
37462
|
+
# notation.
|
37463
|
+
# @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesSources>]
|
37464
|
+
#
|
37465
|
+
# @!attribute [rw] tcp_flags
|
37466
|
+
# The TCP flags and masks to inspect for.
|
37467
|
+
# @return [Array<Types::RuleGroupSourceStatelessRuleMatchAttributesTcpFlags>]
|
37468
|
+
#
|
37469
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributes AWS API Documentation
|
37470
|
+
#
|
37471
|
+
class RuleGroupSourceStatelessRuleMatchAttributes < Struct.new(
|
37472
|
+
:destination_ports,
|
37473
|
+
:destinations,
|
37474
|
+
:protocols,
|
37475
|
+
:source_ports,
|
37476
|
+
:sources,
|
37477
|
+
:tcp_flags)
|
37478
|
+
SENSITIVE = []
|
37479
|
+
include Aws::Structure
|
37480
|
+
end
|
37481
|
+
|
37482
|
+
# A port range to specify the destination ports to inspect for.
|
37483
|
+
#
|
37484
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
|
37485
|
+
# data as a hash:
|
37486
|
+
#
|
37487
|
+
# {
|
37488
|
+
# from_port: 1,
|
37489
|
+
# to_port: 1,
|
37490
|
+
# }
|
37491
|
+
#
|
37492
|
+
# @!attribute [rw] from_port
|
37493
|
+
# The starting port value for the port range.
|
37494
|
+
# @return [Integer]
|
37495
|
+
#
|
37496
|
+
# @!attribute [rw] to_port
|
37497
|
+
# The ending port value for the port range.
|
37498
|
+
# @return [Integer]
|
37499
|
+
#
|
37500
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts AWS API Documentation
|
37501
|
+
#
|
37502
|
+
class RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts < Struct.new(
|
37503
|
+
:from_port,
|
37504
|
+
:to_port)
|
37505
|
+
SENSITIVE = []
|
37506
|
+
include Aws::Structure
|
37507
|
+
end
|
37508
|
+
|
37509
|
+
# A destination IP address or range.
|
37510
|
+
#
|
37511
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinations
|
37512
|
+
# data as a hash:
|
37513
|
+
#
|
37514
|
+
# {
|
37515
|
+
# address_definition: "NonEmptyString",
|
37516
|
+
# }
|
37517
|
+
#
|
37518
|
+
# @!attribute [rw] address_definition
|
37519
|
+
# An IP address or a block of IP addresses.
|
37520
|
+
# @return [String]
|
37521
|
+
#
|
37522
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinations AWS API Documentation
|
37523
|
+
#
|
37524
|
+
class RuleGroupSourceStatelessRuleMatchAttributesDestinations < Struct.new(
|
37525
|
+
:address_definition)
|
37526
|
+
SENSITIVE = []
|
37527
|
+
include Aws::Structure
|
37528
|
+
end
|
37529
|
+
|
37530
|
+
# A port range to specify the source ports to inspect for.
|
37531
|
+
#
|
37532
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
|
37533
|
+
# data as a hash:
|
37534
|
+
#
|
37535
|
+
# {
|
37536
|
+
# from_port: 1,
|
37537
|
+
# to_port: 1,
|
37538
|
+
# }
|
37539
|
+
#
|
37540
|
+
# @!attribute [rw] from_port
|
37541
|
+
# The starting port value for the port range.
|
37542
|
+
# @return [Integer]
|
37543
|
+
#
|
37544
|
+
# @!attribute [rw] to_port
|
37545
|
+
# The ending port value for the port range.
|
37546
|
+
# @return [Integer]
|
37547
|
+
#
|
37548
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts AWS API Documentation
|
37549
|
+
#
|
37550
|
+
class RuleGroupSourceStatelessRuleMatchAttributesSourcePorts < Struct.new(
|
37551
|
+
:from_port,
|
37552
|
+
:to_port)
|
37553
|
+
SENSITIVE = []
|
37554
|
+
include Aws::Structure
|
37555
|
+
end
|
37556
|
+
|
37557
|
+
# A source IP addresses and address range to inspect for.
|
37558
|
+
#
|
37559
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSources
|
37560
|
+
# data as a hash:
|
37561
|
+
#
|
37562
|
+
# {
|
37563
|
+
# address_definition: "NonEmptyString",
|
37564
|
+
# }
|
37565
|
+
#
|
37566
|
+
# @!attribute [rw] address_definition
|
37567
|
+
# An IP address or a block of IP addresses.
|
37568
|
+
# @return [String]
|
37569
|
+
#
|
37570
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSources AWS API Documentation
|
37571
|
+
#
|
37572
|
+
class RuleGroupSourceStatelessRuleMatchAttributesSources < Struct.new(
|
37573
|
+
:address_definition)
|
37574
|
+
SENSITIVE = []
|
37575
|
+
include Aws::Structure
|
37576
|
+
end
|
37577
|
+
|
37578
|
+
# A set of TCP flags and masks to inspect for.
|
37579
|
+
#
|
37580
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
|
37581
|
+
# data as a hash:
|
37582
|
+
#
|
37583
|
+
# {
|
37584
|
+
# flags: ["NonEmptyString"],
|
37585
|
+
# masks: ["NonEmptyString"],
|
37586
|
+
# }
|
37587
|
+
#
|
37588
|
+
# @!attribute [rw] flags
|
37589
|
+
# Defines the flags from the `Masks` setting that must be set in order
|
37590
|
+
# for the packet to match. Flags that are listed must be set. Flags
|
37591
|
+
# that are not listed must not be set.
|
37592
|
+
# @return [Array<String>]
|
37593
|
+
#
|
37594
|
+
# @!attribute [rw] masks
|
37595
|
+
# The set of flags to consider in the inspection. If not specified,
|
37596
|
+
# then all flags are inspected.
|
37597
|
+
# @return [Array<String>]
|
37598
|
+
#
|
37599
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags AWS API Documentation
|
37600
|
+
#
|
37601
|
+
class RuleGroupSourceStatelessRuleMatchAttributesTcpFlags < Struct.new(
|
37602
|
+
:flags,
|
37603
|
+
:masks)
|
37604
|
+
SENSITIVE = []
|
37605
|
+
include Aws::Structure
|
37606
|
+
end
|
37607
|
+
|
37608
|
+
# Stateless rules and custom actions for a stateless rule group.
|
37609
|
+
#
|
37610
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRulesAndCustomActionsDetails
|
37611
|
+
# data as a hash:
|
37612
|
+
#
|
37613
|
+
# {
|
37614
|
+
# custom_actions: [
|
37615
|
+
# {
|
37616
|
+
# action_definition: {
|
37617
|
+
# publish_metric_action: {
|
37618
|
+
# dimensions: [
|
37619
|
+
# {
|
37620
|
+
# value: "NonEmptyString",
|
37621
|
+
# },
|
37622
|
+
# ],
|
37623
|
+
# },
|
37624
|
+
# },
|
37625
|
+
# action_name: "NonEmptyString",
|
37626
|
+
# },
|
37627
|
+
# ],
|
37628
|
+
# stateless_rules: [
|
37629
|
+
# {
|
37630
|
+
# priority: 1,
|
37631
|
+
# rule_definition: {
|
37632
|
+
# actions: ["NonEmptyString"],
|
37633
|
+
# match_attributes: {
|
37634
|
+
# destination_ports: [
|
37635
|
+
# {
|
37636
|
+
# from_port: 1,
|
37637
|
+
# to_port: 1,
|
37638
|
+
# },
|
37639
|
+
# ],
|
37640
|
+
# destinations: [
|
37641
|
+
# {
|
37642
|
+
# address_definition: "NonEmptyString",
|
37643
|
+
# },
|
37644
|
+
# ],
|
37645
|
+
# protocols: [1],
|
37646
|
+
# source_ports: [
|
37647
|
+
# {
|
37648
|
+
# from_port: 1,
|
37649
|
+
# to_port: 1,
|
37650
|
+
# },
|
37651
|
+
# ],
|
37652
|
+
# sources: [
|
37653
|
+
# {
|
37654
|
+
# address_definition: "NonEmptyString",
|
37655
|
+
# },
|
37656
|
+
# ],
|
37657
|
+
# tcp_flags: [
|
37658
|
+
# {
|
37659
|
+
# flags: ["NonEmptyString"],
|
37660
|
+
# masks: ["NonEmptyString"],
|
37661
|
+
# },
|
37662
|
+
# ],
|
37663
|
+
# },
|
37664
|
+
# },
|
37665
|
+
# },
|
37666
|
+
# ],
|
37667
|
+
# }
|
37668
|
+
#
|
37669
|
+
# @!attribute [rw] custom_actions
|
37670
|
+
# Custom actions for the rule group.
|
37671
|
+
# @return [Array<Types::RuleGroupSourceCustomActionsDetails>]
|
37672
|
+
#
|
37673
|
+
# @!attribute [rw] stateless_rules
|
37674
|
+
# Stateless rules for the rule group.
|
37675
|
+
# @return [Array<Types::RuleGroupSourceStatelessRulesDetails>]
|
37676
|
+
#
|
37677
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesAndCustomActionsDetails AWS API Documentation
|
37678
|
+
#
|
37679
|
+
class RuleGroupSourceStatelessRulesAndCustomActionsDetails < Struct.new(
|
37680
|
+
:custom_actions,
|
37681
|
+
:stateless_rules)
|
37682
|
+
SENSITIVE = []
|
37683
|
+
include Aws::Structure
|
37684
|
+
end
|
37685
|
+
|
37686
|
+
# A stateless rule in the rule group.
|
37687
|
+
#
|
37688
|
+
# @note When making an API call, you may pass RuleGroupSourceStatelessRulesDetails
|
37689
|
+
# data as a hash:
|
37690
|
+
#
|
37691
|
+
# {
|
37692
|
+
# priority: 1,
|
37693
|
+
# rule_definition: {
|
37694
|
+
# actions: ["NonEmptyString"],
|
37695
|
+
# match_attributes: {
|
37696
|
+
# destination_ports: [
|
37697
|
+
# {
|
37698
|
+
# from_port: 1,
|
37699
|
+
# to_port: 1,
|
37700
|
+
# },
|
37701
|
+
# ],
|
37702
|
+
# destinations: [
|
37703
|
+
# {
|
37704
|
+
# address_definition: "NonEmptyString",
|
37705
|
+
# },
|
37706
|
+
# ],
|
37707
|
+
# protocols: [1],
|
37708
|
+
# source_ports: [
|
37709
|
+
# {
|
37710
|
+
# from_port: 1,
|
37711
|
+
# to_port: 1,
|
37712
|
+
# },
|
37713
|
+
# ],
|
37714
|
+
# sources: [
|
37715
|
+
# {
|
37716
|
+
# address_definition: "NonEmptyString",
|
37717
|
+
# },
|
37718
|
+
# ],
|
37719
|
+
# tcp_flags: [
|
37720
|
+
# {
|
37721
|
+
# flags: ["NonEmptyString"],
|
37722
|
+
# masks: ["NonEmptyString"],
|
37723
|
+
# },
|
37724
|
+
# ],
|
37725
|
+
# },
|
37726
|
+
# },
|
37727
|
+
# }
|
37728
|
+
#
|
37729
|
+
# @!attribute [rw] priority
|
37730
|
+
# Indicates the order in which to run this rule relative to all of the
|
37731
|
+
# rules in the stateless rule group.
|
37732
|
+
# @return [Integer]
|
37733
|
+
#
|
37734
|
+
# @!attribute [rw] rule_definition
|
37735
|
+
# Provides the definition of the stateless rule.
|
37736
|
+
# @return [Types::RuleGroupSourceStatelessRuleDefinition]
|
37737
|
+
#
|
37738
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesDetails AWS API Documentation
|
37739
|
+
#
|
37740
|
+
class RuleGroupSourceStatelessRulesDetails < Struct.new(
|
37741
|
+
:priority,
|
37742
|
+
:rule_definition)
|
37743
|
+
SENSITIVE = []
|
37744
|
+
include Aws::Structure
|
37745
|
+
end
|
37746
|
+
|
37747
|
+
# Additional settings to use in the specified rules.
|
37748
|
+
#
|
37749
|
+
# @note When making an API call, you may pass RuleGroupVariables
|
37750
|
+
# data as a hash:
|
37751
|
+
#
|
37752
|
+
# {
|
37753
|
+
# ip_sets: {
|
37754
|
+
# definition: ["NonEmptyString"],
|
37755
|
+
# },
|
37756
|
+
# port_sets: {
|
37757
|
+
# definition: ["NonEmptyString"],
|
37758
|
+
# },
|
37759
|
+
# }
|
37760
|
+
#
|
37761
|
+
# @!attribute [rw] ip_sets
|
37762
|
+
# A list of IP addresses and address ranges, in CIDR notation.
|
37763
|
+
# @return [Types::RuleGroupVariablesIpSetsDetails]
|
37764
|
+
#
|
37765
|
+
# @!attribute [rw] port_sets
|
37766
|
+
# A list of port ranges.
|
37767
|
+
# @return [Types::RuleGroupVariablesPortSetsDetails]
|
37768
|
+
#
|
37769
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariables AWS API Documentation
|
37770
|
+
#
|
37771
|
+
class RuleGroupVariables < Struct.new(
|
37772
|
+
:ip_sets,
|
37773
|
+
:port_sets)
|
37774
|
+
SENSITIVE = []
|
37775
|
+
include Aws::Structure
|
37776
|
+
end
|
37777
|
+
|
37778
|
+
# A list of IP addresses and address ranges, in CIDR notation.
|
37779
|
+
#
|
37780
|
+
# @note When making an API call, you may pass RuleGroupVariablesIpSetsDetails
|
37781
|
+
# data as a hash:
|
37782
|
+
#
|
37783
|
+
# {
|
37784
|
+
# definition: ["NonEmptyString"],
|
37785
|
+
# }
|
37786
|
+
#
|
37787
|
+
# @!attribute [rw] definition
|
37788
|
+
# The list of IP addresses and ranges.
|
37789
|
+
# @return [Array<String>]
|
37790
|
+
#
|
37791
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesIpSetsDetails AWS API Documentation
|
37792
|
+
#
|
37793
|
+
class RuleGroupVariablesIpSetsDetails < Struct.new(
|
37794
|
+
:definition)
|
37795
|
+
SENSITIVE = []
|
37796
|
+
include Aws::Structure
|
37797
|
+
end
|
37798
|
+
|
37799
|
+
# A list of port ranges.
|
37800
|
+
#
|
37801
|
+
# @note When making an API call, you may pass RuleGroupVariablesPortSetsDetails
|
37802
|
+
# data as a hash:
|
37803
|
+
#
|
37804
|
+
# {
|
37805
|
+
# definition: ["NonEmptyString"],
|
37806
|
+
# }
|
37807
|
+
#
|
37808
|
+
# @!attribute [rw] definition
|
37809
|
+
# The list of port ranges.
|
37810
|
+
# @return [Array<String>]
|
37811
|
+
#
|
37812
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesPortSetsDetails AWS API Documentation
|
37813
|
+
#
|
37814
|
+
class RuleGroupVariablesPortSetsDetails < Struct.new(
|
37815
|
+
:definition)
|
37816
|
+
SENSITIVE = []
|
37817
|
+
include Aws::Structure
|
37818
|
+
end
|
37819
|
+
|
35256
37820
|
# The list of detected instances of sensitive data.
|
35257
37821
|
#
|
35258
37822
|
# @note When making an API call, you may pass SensitiveDataDetections
|
@@ -35761,6 +38325,21 @@ module Aws::SecurityHub
|
|
35761
38325
|
include Aws::Structure
|
35762
38326
|
end
|
35763
38327
|
|
38328
|
+
# The reason for the current status of a standard subscription.
|
38329
|
+
#
|
38330
|
+
# @!attribute [rw] status_reason_code
|
38331
|
+
# The reason code that represents the reason for the current status of
|
38332
|
+
# a standard subscription.
|
38333
|
+
# @return [String]
|
38334
|
+
#
|
38335
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsStatusReason AWS API Documentation
|
38336
|
+
#
|
38337
|
+
class StandardsStatusReason < Struct.new(
|
38338
|
+
:status_reason_code)
|
38339
|
+
SENSITIVE = []
|
38340
|
+
include Aws::Structure
|
38341
|
+
end
|
38342
|
+
|
35764
38343
|
# A resource that represents your subscription to a supported standard.
|
35765
38344
|
#
|
35766
38345
|
# @!attribute [rw] standards_subscription_arn
|
@@ -35793,13 +38372,18 @@ module Aws::SecurityHub
|
|
35793
38372
|
# * `FAILED` - Standard could not be disabled.
|
35794
38373
|
# @return [String]
|
35795
38374
|
#
|
38375
|
+
# @!attribute [rw] standards_status_reason
|
38376
|
+
# The reason for the current status.
|
38377
|
+
# @return [Types::StandardsStatusReason]
|
38378
|
+
#
|
35796
38379
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation
|
35797
38380
|
#
|
35798
38381
|
class StandardsSubscription < Struct.new(
|
35799
38382
|
:standards_subscription_arn,
|
35800
38383
|
:standards_arn,
|
35801
38384
|
:standards_input,
|
35802
|
-
:standards_status
|
38385
|
+
:standards_status,
|
38386
|
+
:standards_status_reason)
|
35803
38387
|
SENSITIVE = []
|
35804
38388
|
include Aws::Structure
|
35805
38389
|
end
|
@@ -35835,6 +38419,80 @@ module Aws::SecurityHub
|
|
35835
38419
|
include Aws::Structure
|
35836
38420
|
end
|
35837
38421
|
|
38422
|
+
# The definition of a custom action that can be used for stateless
|
38423
|
+
# packet handling.
|
38424
|
+
#
|
38425
|
+
# @note When making an API call, you may pass StatelessCustomActionDefinition
|
38426
|
+
# data as a hash:
|
38427
|
+
#
|
38428
|
+
# {
|
38429
|
+
# publish_metric_action: {
|
38430
|
+
# dimensions: [
|
38431
|
+
# {
|
38432
|
+
# value: "NonEmptyString",
|
38433
|
+
# },
|
38434
|
+
# ],
|
38435
|
+
# },
|
38436
|
+
# }
|
38437
|
+
#
|
38438
|
+
# @!attribute [rw] publish_metric_action
|
38439
|
+
# Information about metrics to publish to CloudWatch.
|
38440
|
+
# @return [Types::StatelessCustomPublishMetricAction]
|
38441
|
+
#
|
38442
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomActionDefinition AWS API Documentation
|
38443
|
+
#
|
38444
|
+
class StatelessCustomActionDefinition < Struct.new(
|
38445
|
+
:publish_metric_action)
|
38446
|
+
SENSITIVE = []
|
38447
|
+
include Aws::Structure
|
38448
|
+
end
|
38449
|
+
|
38450
|
+
# Information about metrics to publish to CloudWatch.
|
38451
|
+
#
|
38452
|
+
# @note When making an API call, you may pass StatelessCustomPublishMetricAction
|
38453
|
+
# data as a hash:
|
38454
|
+
#
|
38455
|
+
# {
|
38456
|
+
# dimensions: [
|
38457
|
+
# {
|
38458
|
+
# value: "NonEmptyString",
|
38459
|
+
# },
|
38460
|
+
# ],
|
38461
|
+
# }
|
38462
|
+
#
|
38463
|
+
# @!attribute [rw] dimensions
|
38464
|
+
# Defines CloudWatch dimension values to publish.
|
38465
|
+
# @return [Array<Types::StatelessCustomPublishMetricActionDimension>]
|
38466
|
+
#
|
38467
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricAction AWS API Documentation
|
38468
|
+
#
|
38469
|
+
class StatelessCustomPublishMetricAction < Struct.new(
|
38470
|
+
:dimensions)
|
38471
|
+
SENSITIVE = []
|
38472
|
+
include Aws::Structure
|
38473
|
+
end
|
38474
|
+
|
38475
|
+
# Defines a CloudWatch dimension value to publish.
|
38476
|
+
#
|
38477
|
+
# @note When making an API call, you may pass StatelessCustomPublishMetricActionDimension
|
38478
|
+
# data as a hash:
|
38479
|
+
#
|
38480
|
+
# {
|
38481
|
+
# value: "NonEmptyString",
|
38482
|
+
# }
|
38483
|
+
#
|
38484
|
+
# @!attribute [rw] value
|
38485
|
+
# The value to use for the custom metric dimension.
|
38486
|
+
# @return [String]
|
38487
|
+
#
|
38488
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricActionDimension AWS API Documentation
|
38489
|
+
#
|
38490
|
+
class StatelessCustomPublishMetricActionDimension < Struct.new(
|
38491
|
+
:value)
|
38492
|
+
SENSITIVE = []
|
38493
|
+
include Aws::Structure
|
38494
|
+
end
|
38495
|
+
|
35838
38496
|
# Provides additional context for the value of `Compliance.Status`.
|
35839
38497
|
#
|
35840
38498
|
# @note When making an API call, you may pass StatusReason
|