aws-sdk-securityhub 1.63.0 → 1.67.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +585 -10
- data/lib/aws-sdk-securityhub/client_api.rb +407 -0
- data/lib/aws-sdk-securityhub/types.rb +3842 -102
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -2667,6 +2667,181 @@ module Aws::SecurityHub
|
|
2667
2667
|
include Aws::Structure
|
2668
2668
|
end
|
2669
2669
|
|
2670
|
+
# Nests a stack as a resource in a top-level template. Nested stacks are
|
2671
|
+
# stacks created as resources for another stack.
|
2672
|
+
#
|
2673
|
+
# @note When making an API call, you may pass AwsCloudFormationStackDetails
|
2674
|
+
# data as a hash:
|
2675
|
+
#
|
2676
|
+
# {
|
2677
|
+
# capabilities: ["NonEmptyString"],
|
2678
|
+
# creation_time: "NonEmptyString",
|
2679
|
+
# description: "NonEmptyString",
|
2680
|
+
# disable_rollback: false,
|
2681
|
+
# drift_information: {
|
2682
|
+
# stack_drift_status: "NonEmptyString",
|
2683
|
+
# },
|
2684
|
+
# enable_termination_protection: false,
|
2685
|
+
# last_updated_time: "NonEmptyString",
|
2686
|
+
# notification_arns: ["NonEmptyString"],
|
2687
|
+
# outputs: [
|
2688
|
+
# {
|
2689
|
+
# description: "NonEmptyString",
|
2690
|
+
# output_key: "NonEmptyString",
|
2691
|
+
# output_value: "NonEmptyString",
|
2692
|
+
# },
|
2693
|
+
# ],
|
2694
|
+
# role_arn: "NonEmptyString",
|
2695
|
+
# stack_id: "NonEmptyString",
|
2696
|
+
# stack_name: "NonEmptyString",
|
2697
|
+
# stack_status: "NonEmptyString",
|
2698
|
+
# stack_status_reason: "NonEmptyString",
|
2699
|
+
# timeout_in_minutes: 1,
|
2700
|
+
# }
|
2701
|
+
#
|
2702
|
+
# @!attribute [rw] capabilities
|
2703
|
+
# The capabilities allowed in the stack.
|
2704
|
+
# @return [Array<String>]
|
2705
|
+
#
|
2706
|
+
# @!attribute [rw] creation_time
|
2707
|
+
# The time at which the stack was created.
|
2708
|
+
# @return [String]
|
2709
|
+
#
|
2710
|
+
# @!attribute [rw] description
|
2711
|
+
# A user-defined description associated with the stack.
|
2712
|
+
# @return [String]
|
2713
|
+
#
|
2714
|
+
# @!attribute [rw] disable_rollback
|
2715
|
+
# Boolean to enable or disable rollback on stack creation failures.
|
2716
|
+
# @return [Boolean]
|
2717
|
+
#
|
2718
|
+
# @!attribute [rw] drift_information
|
2719
|
+
# Information about whether a stack's actual configuration differs,
|
2720
|
+
# or has drifted, from its expected configuration, as defined in the
|
2721
|
+
# stack template and any values specified as template parameters.
|
2722
|
+
# @return [Types::AwsCloudFormationStackDriftInformationDetails]
|
2723
|
+
#
|
2724
|
+
# @!attribute [rw] enable_termination_protection
|
2725
|
+
# Whether termination protection is enabled for the stack.
|
2726
|
+
# @return [Boolean]
|
2727
|
+
#
|
2728
|
+
# @!attribute [rw] last_updated_time
|
2729
|
+
# The time the nested stack was last updated. This field will only be
|
2730
|
+
# returned if the stack has been updated at least once.
|
2731
|
+
# @return [String]
|
2732
|
+
#
|
2733
|
+
# @!attribute [rw] notification_arns
|
2734
|
+
# The Amazon Resource Names (ARNs) of the Amazon SNS topic to which
|
2735
|
+
# stack-related events are published.
|
2736
|
+
# @return [Array<String>]
|
2737
|
+
#
|
2738
|
+
# @!attribute [rw] outputs
|
2739
|
+
# A list of output structures.
|
2740
|
+
# @return [Array<Types::AwsCloudFormationStackOutputsDetails>]
|
2741
|
+
#
|
2742
|
+
# @!attribute [rw] role_arn
|
2743
|
+
# The ARN of an IAM role that's associated with the stack.
|
2744
|
+
# @return [String]
|
2745
|
+
#
|
2746
|
+
# @!attribute [rw] stack_id
|
2747
|
+
# Unique identifier of the stack.
|
2748
|
+
# @return [String]
|
2749
|
+
#
|
2750
|
+
# @!attribute [rw] stack_name
|
2751
|
+
# The name associated with the stack.
|
2752
|
+
# @return [String]
|
2753
|
+
#
|
2754
|
+
# @!attribute [rw] stack_status
|
2755
|
+
# Current status of the stack.
|
2756
|
+
# @return [String]
|
2757
|
+
#
|
2758
|
+
# @!attribute [rw] stack_status_reason
|
2759
|
+
# Success or failure message associated with the stack status.
|
2760
|
+
# @return [String]
|
2761
|
+
#
|
2762
|
+
# @!attribute [rw] timeout_in_minutes
|
2763
|
+
# The length of time, in minutes, that CloudFormation waits for the
|
2764
|
+
# nested stack to reach the `CREATE_COMPLETE` state.
|
2765
|
+
# @return [Integer]
|
2766
|
+
#
|
2767
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFormationStackDetails AWS API Documentation
|
2768
|
+
#
|
2769
|
+
class AwsCloudFormationStackDetails < Struct.new(
|
2770
|
+
:capabilities,
|
2771
|
+
:creation_time,
|
2772
|
+
:description,
|
2773
|
+
:disable_rollback,
|
2774
|
+
:drift_information,
|
2775
|
+
:enable_termination_protection,
|
2776
|
+
:last_updated_time,
|
2777
|
+
:notification_arns,
|
2778
|
+
:outputs,
|
2779
|
+
:role_arn,
|
2780
|
+
:stack_id,
|
2781
|
+
:stack_name,
|
2782
|
+
:stack_status,
|
2783
|
+
:stack_status_reason,
|
2784
|
+
:timeout_in_minutes)
|
2785
|
+
SENSITIVE = []
|
2786
|
+
include Aws::Structure
|
2787
|
+
end
|
2788
|
+
|
2789
|
+
# Provides information about the stack's conformity to its expected
|
2790
|
+
# template configuration.
|
2791
|
+
#
|
2792
|
+
# @note When making an API call, you may pass AwsCloudFormationStackDriftInformationDetails
|
2793
|
+
# data as a hash:
|
2794
|
+
#
|
2795
|
+
# {
|
2796
|
+
# stack_drift_status: "NonEmptyString",
|
2797
|
+
# }
|
2798
|
+
#
|
2799
|
+
# @!attribute [rw] stack_drift_status
|
2800
|
+
# Status of the stack's actual configuration compared to its expected
|
2801
|
+
# template configuration.
|
2802
|
+
# @return [String]
|
2803
|
+
#
|
2804
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFormationStackDriftInformationDetails AWS API Documentation
|
2805
|
+
#
|
2806
|
+
class AwsCloudFormationStackDriftInformationDetails < Struct.new(
|
2807
|
+
:stack_drift_status)
|
2808
|
+
SENSITIVE = []
|
2809
|
+
include Aws::Structure
|
2810
|
+
end
|
2811
|
+
|
2812
|
+
# Provides information about the CloudFormation stack output.
|
2813
|
+
#
|
2814
|
+
# @note When making an API call, you may pass AwsCloudFormationStackOutputsDetails
|
2815
|
+
# data as a hash:
|
2816
|
+
#
|
2817
|
+
# {
|
2818
|
+
# description: "NonEmptyString",
|
2819
|
+
# output_key: "NonEmptyString",
|
2820
|
+
# output_value: "NonEmptyString",
|
2821
|
+
# }
|
2822
|
+
#
|
2823
|
+
# @!attribute [rw] description
|
2824
|
+
# A user-defined description associated with the output.
|
2825
|
+
# @return [String]
|
2826
|
+
#
|
2827
|
+
# @!attribute [rw] output_key
|
2828
|
+
# The key associated with the output.
|
2829
|
+
# @return [String]
|
2830
|
+
#
|
2831
|
+
# @!attribute [rw] output_value
|
2832
|
+
# The value associated with the output.
|
2833
|
+
# @return [String]
|
2834
|
+
#
|
2835
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFormationStackOutputsDetails AWS API Documentation
|
2836
|
+
#
|
2837
|
+
class AwsCloudFormationStackOutputsDetails < Struct.new(
|
2838
|
+
:description,
|
2839
|
+
:output_key,
|
2840
|
+
:output_value)
|
2841
|
+
SENSITIVE = []
|
2842
|
+
include Aws::Structure
|
2843
|
+
end
|
2844
|
+
|
2670
2845
|
# Information about a cache behavior for the distribution.
|
2671
2846
|
#
|
2672
2847
|
# @note When making an API call, you may pass AwsCloudFrontDistributionCacheBehavior
|
@@ -2698,7 +2873,7 @@ module Aws::SecurityHub
|
|
2698
2873
|
include Aws::Structure
|
2699
2874
|
end
|
2700
2875
|
|
2701
|
-
# Provides information about caching for the distribution.
|
2876
|
+
# Provides information about caching for the CloudFront distribution.
|
2702
2877
|
#
|
2703
2878
|
# @note When making an API call, you may pass AwsCloudFrontDistributionCacheBehaviors
|
2704
2879
|
# data as a hash:
|
@@ -2724,7 +2899,7 @@ module Aws::SecurityHub
|
|
2724
2899
|
end
|
2725
2900
|
|
2726
2901
|
# Contains information about the default cache configuration for the
|
2727
|
-
# distribution.
|
2902
|
+
# CloudFront distribution.
|
2728
2903
|
#
|
2729
2904
|
# @note When making an API call, you may pass AwsCloudFrontDistributionDefaultCacheBehavior
|
2730
2905
|
# data as a hash:
|
@@ -2755,7 +2930,7 @@ module Aws::SecurityHub
|
|
2755
2930
|
include Aws::Structure
|
2756
2931
|
end
|
2757
2932
|
|
2758
|
-
# A distribution configuration.
|
2933
|
+
# A CloudFront distribution configuration.
|
2759
2934
|
#
|
2760
2935
|
# @note When making an API call, you may pass AwsCloudFrontDistributionDetails
|
2761
2936
|
# data as a hash:
|
@@ -2790,6 +2965,17 @@ module Aws::SecurityHub
|
|
2790
2965
|
# s3_origin_config: {
|
2791
2966
|
# origin_access_identity: "NonEmptyString",
|
2792
2967
|
# },
|
2968
|
+
# custom_origin_config: {
|
2969
|
+
# http_port: 1,
|
2970
|
+
# https_port: 1,
|
2971
|
+
# origin_keepalive_timeout: 1,
|
2972
|
+
# origin_protocol_policy: "NonEmptyString",
|
2973
|
+
# origin_read_timeout: 1,
|
2974
|
+
# origin_ssl_protocols: {
|
2975
|
+
# items: ["NonEmptyString"],
|
2976
|
+
# quantity: 1,
|
2977
|
+
# },
|
2978
|
+
# },
|
2793
2979
|
# },
|
2794
2980
|
# ],
|
2795
2981
|
# },
|
@@ -2903,7 +3089,7 @@ module Aws::SecurityHub
|
|
2903
3089
|
end
|
2904
3090
|
|
2905
3091
|
# A complex type that controls whether access logs are written for the
|
2906
|
-
# distribution.
|
3092
|
+
# CloudFront distribution.
|
2907
3093
|
#
|
2908
3094
|
# @note When making an API call, you may pass AwsCloudFrontDistributionLogging
|
2909
3095
|
# data as a hash:
|
@@ -2945,7 +3131,71 @@ module Aws::SecurityHub
|
|
2945
3131
|
include Aws::Structure
|
2946
3132
|
end
|
2947
3133
|
|
2948
|
-
#
|
3134
|
+
# A custom origin. A custom origin is any origin that is not an Amazon
|
3135
|
+
# S3 bucket, with one exception. An Amazon S3 bucket that is [configured
|
3136
|
+
# with static website hosting][1] is a custom origin.
|
3137
|
+
#
|
3138
|
+
#
|
3139
|
+
#
|
3140
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
|
3141
|
+
#
|
3142
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginCustomOriginConfig
|
3143
|
+
# data as a hash:
|
3144
|
+
#
|
3145
|
+
# {
|
3146
|
+
# http_port: 1,
|
3147
|
+
# https_port: 1,
|
3148
|
+
# origin_keepalive_timeout: 1,
|
3149
|
+
# origin_protocol_policy: "NonEmptyString",
|
3150
|
+
# origin_read_timeout: 1,
|
3151
|
+
# origin_ssl_protocols: {
|
3152
|
+
# items: ["NonEmptyString"],
|
3153
|
+
# quantity: 1,
|
3154
|
+
# },
|
3155
|
+
# }
|
3156
|
+
#
|
3157
|
+
# @!attribute [rw] http_port
|
3158
|
+
# The HTTP port that CloudFront uses to connect to the origin.
|
3159
|
+
# @return [Integer]
|
3160
|
+
#
|
3161
|
+
# @!attribute [rw] https_port
|
3162
|
+
# The HTTPS port that CloudFront uses to connect to the origin.
|
3163
|
+
# @return [Integer]
|
3164
|
+
#
|
3165
|
+
# @!attribute [rw] origin_keepalive_timeout
|
3166
|
+
# Specifies how long, in seconds, CloudFront persists its connection
|
3167
|
+
# to the origin.
|
3168
|
+
# @return [Integer]
|
3169
|
+
#
|
3170
|
+
# @!attribute [rw] origin_protocol_policy
|
3171
|
+
# Specifies the protocol (HTTP or HTTPS) that CloudFront uses to
|
3172
|
+
# connect to the origin.
|
3173
|
+
# @return [String]
|
3174
|
+
#
|
3175
|
+
# @!attribute [rw] origin_read_timeout
|
3176
|
+
# Specifies how long, in seconds, CloudFront waits for a response from
|
3177
|
+
# the origin.
|
3178
|
+
# @return [Integer]
|
3179
|
+
#
|
3180
|
+
# @!attribute [rw] origin_ssl_protocols
|
3181
|
+
# Specifies the minimum SSL/TLS protocol that CloudFront uses when
|
3182
|
+
# connecting to your origin over HTTPS.
|
3183
|
+
# @return [Types::AwsCloudFrontDistributionOriginSslProtocols]
|
3184
|
+
#
|
3185
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginCustomOriginConfig AWS API Documentation
|
3186
|
+
#
|
3187
|
+
class AwsCloudFrontDistributionOriginCustomOriginConfig < Struct.new(
|
3188
|
+
:http_port,
|
3189
|
+
:https_port,
|
3190
|
+
:origin_keepalive_timeout,
|
3191
|
+
:origin_protocol_policy,
|
3192
|
+
:origin_read_timeout,
|
3193
|
+
:origin_ssl_protocols)
|
3194
|
+
SENSITIVE = []
|
3195
|
+
include Aws::Structure
|
3196
|
+
end
|
3197
|
+
|
3198
|
+
# Information about an origin group for the CloudFront distribution.
|
2949
3199
|
#
|
2950
3200
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginGroup
|
2951
3201
|
# data as a hash:
|
@@ -3025,7 +3275,7 @@ module Aws::SecurityHub
|
|
3025
3275
|
end
|
3026
3276
|
|
3027
3277
|
# Provides information about origin groups that are associated with the
|
3028
|
-
# distribution.
|
3278
|
+
# CloudFront distribution.
|
3029
3279
|
#
|
3030
3280
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginGroups
|
3031
3281
|
# data as a hash:
|
@@ -3055,9 +3305,9 @@ module Aws::SecurityHub
|
|
3055
3305
|
include Aws::Structure
|
3056
3306
|
end
|
3057
3307
|
|
3058
|
-
# A complex type that describes the S3 bucket, HTTP server (for
|
3059
|
-
# a web server), AWS Elemental MediaStore, or other server from
|
3060
|
-
# CloudFront gets your files.
|
3308
|
+
# A complex type that describes the Amazon S3 bucket, HTTP server (for
|
3309
|
+
# example, a web server), AWS Elemental MediaStore, or other server from
|
3310
|
+
# which CloudFront gets your files.
|
3061
3311
|
#
|
3062
3312
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem
|
3063
3313
|
# data as a hash:
|
@@ -3069,6 +3319,17 @@ module Aws::SecurityHub
|
|
3069
3319
|
# s3_origin_config: {
|
3070
3320
|
# origin_access_identity: "NonEmptyString",
|
3071
3321
|
# },
|
3322
|
+
# custom_origin_config: {
|
3323
|
+
# http_port: 1,
|
3324
|
+
# https_port: 1,
|
3325
|
+
# origin_keepalive_timeout: 1,
|
3326
|
+
# origin_protocol_policy: "NonEmptyString",
|
3327
|
+
# origin_read_timeout: 1,
|
3328
|
+
# origin_ssl_protocols: {
|
3329
|
+
# items: ["NonEmptyString"],
|
3330
|
+
# quantity: 1,
|
3331
|
+
# },
|
3332
|
+
# },
|
3072
3333
|
# }
|
3073
3334
|
#
|
3074
3335
|
# @!attribute [rw] domain_name
|
@@ -3090,18 +3351,26 @@ module Aws::SecurityHub
|
|
3090
3351
|
# website hosting.
|
3091
3352
|
# @return [Types::AwsCloudFrontDistributionOriginS3OriginConfig]
|
3092
3353
|
#
|
3354
|
+
# @!attribute [rw] custom_origin_config
|
3355
|
+
# An origin that is not an Amazon S3 bucket, with one exception. If
|
3356
|
+
# the Amazon S3 bucket is configured with static website hosting, use
|
3357
|
+
# this attribute. If the Amazon S3 bucket is not configured with
|
3358
|
+
# static website hosting, use the `S3OriginConfig` type instead.
|
3359
|
+
# @return [Types::AwsCloudFrontDistributionOriginCustomOriginConfig]
|
3360
|
+
#
|
3093
3361
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginItem AWS API Documentation
|
3094
3362
|
#
|
3095
3363
|
class AwsCloudFrontDistributionOriginItem < Struct.new(
|
3096
3364
|
:domain_name,
|
3097
3365
|
:id,
|
3098
3366
|
:origin_path,
|
3099
|
-
:s3_origin_config
|
3367
|
+
:s3_origin_config,
|
3368
|
+
:custom_origin_config)
|
3100
3369
|
SENSITIVE = []
|
3101
3370
|
include Aws::Structure
|
3102
3371
|
end
|
3103
3372
|
|
3104
|
-
# Information about an origin that is an S3 bucket that is not
|
3373
|
+
# Information about an origin that is an Amazon S3 bucket that is not
|
3105
3374
|
# configured with static website hosting.
|
3106
3375
|
#
|
3107
3376
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginS3OriginConfig
|
@@ -3123,8 +3392,39 @@ module Aws::SecurityHub
|
|
3123
3392
|
include Aws::Structure
|
3124
3393
|
end
|
3125
3394
|
|
3395
|
+
# A complex type that contains information about the SSL/TLS protocols
|
3396
|
+
# that CloudFront can use when establishing an HTTPS connection with
|
3397
|
+
# your origin.
|
3398
|
+
#
|
3399
|
+
# @note When making an API call, you may pass AwsCloudFrontDistributionOriginSslProtocols
|
3400
|
+
# data as a hash:
|
3401
|
+
#
|
3402
|
+
# {
|
3403
|
+
# items: ["NonEmptyString"],
|
3404
|
+
# quantity: 1,
|
3405
|
+
# }
|
3406
|
+
#
|
3407
|
+
# @!attribute [rw] items
|
3408
|
+
# A list that contains allowed SSL/TLS protocols for this
|
3409
|
+
# distribution.
|
3410
|
+
# @return [Array<String>]
|
3411
|
+
#
|
3412
|
+
# @!attribute [rw] quantity
|
3413
|
+
# The number of SSL/TLS protocols that you want to allow CloudFront to
|
3414
|
+
# use when establishing an HTTPS connection with this origin.
|
3415
|
+
# @return [Integer]
|
3416
|
+
#
|
3417
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginSslProtocols AWS API Documentation
|
3418
|
+
#
|
3419
|
+
class AwsCloudFrontDistributionOriginSslProtocols < Struct.new(
|
3420
|
+
:items,
|
3421
|
+
:quantity)
|
3422
|
+
SENSITIVE = []
|
3423
|
+
include Aws::Structure
|
3424
|
+
end
|
3425
|
+
|
3126
3426
|
# A complex type that contains information about origins and origin
|
3127
|
-
# groups for this distribution.
|
3427
|
+
# groups for this CloudFront distribution.
|
3128
3428
|
#
|
3129
3429
|
# @note When making an API call, you may pass AwsCloudFrontDistributionOrigins
|
3130
3430
|
# data as a hash:
|
@@ -3138,6 +3438,17 @@ module Aws::SecurityHub
|
|
3138
3438
|
# s3_origin_config: {
|
3139
3439
|
# origin_access_identity: "NonEmptyString",
|
3140
3440
|
# },
|
3441
|
+
# custom_origin_config: {
|
3442
|
+
# http_port: 1,
|
3443
|
+
# https_port: 1,
|
3444
|
+
# origin_keepalive_timeout: 1,
|
3445
|
+
# origin_protocol_policy: "NonEmptyString",
|
3446
|
+
# origin_read_timeout: 1,
|
3447
|
+
# origin_ssl_protocols: {
|
3448
|
+
# items: ["NonEmptyString"],
|
3449
|
+
# quantity: 1,
|
3450
|
+
# },
|
3451
|
+
# },
|
3141
3452
|
# },
|
3142
3453
|
# ],
|
3143
3454
|
# }
|
@@ -3156,7 +3467,7 @@ module Aws::SecurityHub
|
|
3156
3467
|
end
|
3157
3468
|
|
3158
3469
|
# Provides information about the TLS/SSL configuration that the
|
3159
|
-
# distribution uses to communicate with viewers.
|
3470
|
+
# CloudFront distribution uses to communicate with viewers.
|
3160
3471
|
#
|
3161
3472
|
# @note When making an API call, you may pass AwsCloudFrontDistributionViewerCertificate
|
3162
3473
|
# data as a hash:
|
@@ -3335,6 +3646,217 @@ module Aws::SecurityHub
|
|
3335
3646
|
include Aws::Structure
|
3336
3647
|
end
|
3337
3648
|
|
3649
|
+
# Specifies an alarm and associates it with the specified metric or
|
3650
|
+
# metric math expression.
|
3651
|
+
#
|
3652
|
+
# @note When making an API call, you may pass AwsCloudWatchAlarmDetails
|
3653
|
+
# data as a hash:
|
3654
|
+
#
|
3655
|
+
# {
|
3656
|
+
# actions_enabled: false,
|
3657
|
+
# alarm_actions: ["NonEmptyString"],
|
3658
|
+
# alarm_arn: "NonEmptyString",
|
3659
|
+
# alarm_configuration_updated_timestamp: "NonEmptyString",
|
3660
|
+
# alarm_description: "NonEmptyString",
|
3661
|
+
# alarm_name: "NonEmptyString",
|
3662
|
+
# comparison_operator: "NonEmptyString",
|
3663
|
+
# datapoints_to_alarm: 1,
|
3664
|
+
# dimensions: [
|
3665
|
+
# {
|
3666
|
+
# name: "NonEmptyString",
|
3667
|
+
# value: "NonEmptyString",
|
3668
|
+
# },
|
3669
|
+
# ],
|
3670
|
+
# evaluate_low_sample_count_percentile: "NonEmptyString",
|
3671
|
+
# evaluation_periods: 1,
|
3672
|
+
# extended_statistic: "NonEmptyString",
|
3673
|
+
# insufficient_data_actions: ["NonEmptyString"],
|
3674
|
+
# metric_name: "NonEmptyString",
|
3675
|
+
# namespace: "NonEmptyString",
|
3676
|
+
# ok_actions: ["NonEmptyString"],
|
3677
|
+
# period: 1,
|
3678
|
+
# statistic: "NonEmptyString",
|
3679
|
+
# threshold: 1.0,
|
3680
|
+
# threshold_metric_id: "NonEmptyString",
|
3681
|
+
# treat_missing_data: "NonEmptyString",
|
3682
|
+
# unit: "NonEmptyString",
|
3683
|
+
# }
|
3684
|
+
#
|
3685
|
+
# @!attribute [rw] actions_enabled
|
3686
|
+
# Indicates whether actions should be executed during any changes to
|
3687
|
+
# the alarm state.
|
3688
|
+
# @return [Boolean]
|
3689
|
+
#
|
3690
|
+
# @!attribute [rw] alarm_actions
|
3691
|
+
# The list of actions, specified as Amazon Resource Names (ARNs) to
|
3692
|
+
# execute when this alarm transitions into an `ALARM` state from any
|
3693
|
+
# other state.
|
3694
|
+
# @return [Array<String>]
|
3695
|
+
#
|
3696
|
+
# @!attribute [rw] alarm_arn
|
3697
|
+
# The ARN of the alarm.
|
3698
|
+
# @return [String]
|
3699
|
+
#
|
3700
|
+
# @!attribute [rw] alarm_configuration_updated_timestamp
|
3701
|
+
# The time stamp of the last update to the alarm configuration.
|
3702
|
+
# @return [String]
|
3703
|
+
#
|
3704
|
+
# @!attribute [rw] alarm_description
|
3705
|
+
# The description of the alarm.
|
3706
|
+
# @return [String]
|
3707
|
+
#
|
3708
|
+
# @!attribute [rw] alarm_name
|
3709
|
+
# The name of the alarm. If you don't specify a name, CloudFront
|
3710
|
+
# generates a unique physical ID and uses that ID for the alarm name.
|
3711
|
+
# @return [String]
|
3712
|
+
#
|
3713
|
+
# @!attribute [rw] comparison_operator
|
3714
|
+
# The arithmetic operation to use when comparing the specified
|
3715
|
+
# statistic and threshold. The specified statistic value is used as
|
3716
|
+
# the first operand.
|
3717
|
+
# @return [String]
|
3718
|
+
#
|
3719
|
+
# @!attribute [rw] datapoints_to_alarm
|
3720
|
+
# The number of datapoints that must be breaching to trigger the
|
3721
|
+
# alarm.
|
3722
|
+
# @return [Integer]
|
3723
|
+
#
|
3724
|
+
# @!attribute [rw] dimensions
|
3725
|
+
# The dimensions for the metric associated with the alarm.
|
3726
|
+
# @return [Array<Types::AwsCloudWatchAlarmDimensionsDetails>]
|
3727
|
+
#
|
3728
|
+
# @!attribute [rw] evaluate_low_sample_count_percentile
|
3729
|
+
# Used only for alarms based on percentiles. If `ignore`, the alarm
|
3730
|
+
# state does not change during periods with too few data points to be
|
3731
|
+
# statistically significant. If `evaluate` or this parameter is not
|
3732
|
+
# used, the alarm is always evaluated and possibly changes state no
|
3733
|
+
# matter how many data points are available.
|
3734
|
+
# @return [String]
|
3735
|
+
#
|
3736
|
+
# @!attribute [rw] evaluation_periods
|
3737
|
+
# The number of periods over which data is compared to the specified
|
3738
|
+
# threshold.
|
3739
|
+
# @return [Integer]
|
3740
|
+
#
|
3741
|
+
# @!attribute [rw] extended_statistic
|
3742
|
+
# The percentile statistic for the metric associated with the alarm.
|
3743
|
+
# @return [String]
|
3744
|
+
#
|
3745
|
+
# @!attribute [rw] insufficient_data_actions
|
3746
|
+
# The actions to execute when this alarm transitions to the
|
3747
|
+
# `INSUFFICIENT_DATA` state from any other state. Each action is
|
3748
|
+
# specified as an ARN.
|
3749
|
+
# @return [Array<String>]
|
3750
|
+
#
|
3751
|
+
# @!attribute [rw] metric_name
|
3752
|
+
# The name of the metric associated with the alarm. This is required
|
3753
|
+
# for an alarm based on a metric. For an alarm based on a math
|
3754
|
+
# expression, you use `Metrics` instead and you can't specify
|
3755
|
+
# `MetricName`.
|
3756
|
+
# @return [String]
|
3757
|
+
#
|
3758
|
+
# @!attribute [rw] namespace
|
3759
|
+
# The namespace of the metric associated with the alarm. This is
|
3760
|
+
# required for an alarm based on a metric. For an alarm based on a
|
3761
|
+
# math expression, you can't specify `Namespace` and you use
|
3762
|
+
# `Metrics` instead.
|
3763
|
+
# @return [String]
|
3764
|
+
#
|
3765
|
+
# @!attribute [rw] ok_actions
|
3766
|
+
# The actions to execute when this alarm transitions to the `OK` state
|
3767
|
+
# from any other state. Each action is specified as an ARN.
|
3768
|
+
# @return [Array<String>]
|
3769
|
+
#
|
3770
|
+
# @!attribute [rw] period
|
3771
|
+
# The period, in seconds, over which the statistic is applied. This is
|
3772
|
+
# required for an alarm based on a metric.
|
3773
|
+
# @return [Integer]
|
3774
|
+
#
|
3775
|
+
# @!attribute [rw] statistic
|
3776
|
+
# The statistic for the metric associated with the alarm, other than
|
3777
|
+
# percentile. For percentile statistics, use `ExtendedStatistic`.
|
3778
|
+
#
|
3779
|
+
# For an alarm based on a metric, you must specify either `Statistic`
|
3780
|
+
# or `ExtendedStatistic` but not both.
|
3781
|
+
#
|
3782
|
+
# For an alarm based on a math expression, you can't specify
|
3783
|
+
# `Statistic`. Instead, you use `Metrics`.
|
3784
|
+
# @return [String]
|
3785
|
+
#
|
3786
|
+
# @!attribute [rw] threshold
|
3787
|
+
# The value to compare with the specified statistic.
|
3788
|
+
# @return [Float]
|
3789
|
+
#
|
3790
|
+
# @!attribute [rw] threshold_metric_id
|
3791
|
+
# n an alarm based on an anomaly detection model, this is the ID of
|
3792
|
+
# the `ANOMALY_DETECTION_BAND` function used as the threshold for the
|
3793
|
+
# alarm.
|
3794
|
+
# @return [String]
|
3795
|
+
#
|
3796
|
+
# @!attribute [rw] treat_missing_data
|
3797
|
+
# Sets how this alarm is to handle missing data points.
|
3798
|
+
# @return [String]
|
3799
|
+
#
|
3800
|
+
# @!attribute [rw] unit
|
3801
|
+
# The unit of the metric associated with the alarm.
|
3802
|
+
# @return [String]
|
3803
|
+
#
|
3804
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudWatchAlarmDetails AWS API Documentation
|
3805
|
+
#
|
3806
|
+
class AwsCloudWatchAlarmDetails < Struct.new(
|
3807
|
+
:actions_enabled,
|
3808
|
+
:alarm_actions,
|
3809
|
+
:alarm_arn,
|
3810
|
+
:alarm_configuration_updated_timestamp,
|
3811
|
+
:alarm_description,
|
3812
|
+
:alarm_name,
|
3813
|
+
:comparison_operator,
|
3814
|
+
:datapoints_to_alarm,
|
3815
|
+
:dimensions,
|
3816
|
+
:evaluate_low_sample_count_percentile,
|
3817
|
+
:evaluation_periods,
|
3818
|
+
:extended_statistic,
|
3819
|
+
:insufficient_data_actions,
|
3820
|
+
:metric_name,
|
3821
|
+
:namespace,
|
3822
|
+
:ok_actions,
|
3823
|
+
:period,
|
3824
|
+
:statistic,
|
3825
|
+
:threshold,
|
3826
|
+
:threshold_metric_id,
|
3827
|
+
:treat_missing_data,
|
3828
|
+
:unit)
|
3829
|
+
SENSITIVE = []
|
3830
|
+
include Aws::Structure
|
3831
|
+
end
|
3832
|
+
|
3833
|
+
# Details about the dimensions for the metric associated with the alarm.
|
3834
|
+
#
|
3835
|
+
# @note When making an API call, you may pass AwsCloudWatchAlarmDimensionsDetails
|
3836
|
+
# data as a hash:
|
3837
|
+
#
|
3838
|
+
# {
|
3839
|
+
# name: "NonEmptyString",
|
3840
|
+
# value: "NonEmptyString",
|
3841
|
+
# }
|
3842
|
+
#
|
3843
|
+
# @!attribute [rw] name
|
3844
|
+
# The name of a dimension.
|
3845
|
+
# @return [String]
|
3846
|
+
#
|
3847
|
+
# @!attribute [rw] value
|
3848
|
+
# The value of a dimension.
|
3849
|
+
# @return [String]
|
3850
|
+
#
|
3851
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudWatchAlarmDimensionsDetails AWS API Documentation
|
3852
|
+
#
|
3853
|
+
class AwsCloudWatchAlarmDimensionsDetails < Struct.new(
|
3854
|
+
:name,
|
3855
|
+
:value)
|
3856
|
+
SENSITIVE = []
|
3857
|
+
include Aws::Structure
|
3858
|
+
end
|
3859
|
+
|
3338
3860
|
# Information about the build artifacts for the CodeBuild project.
|
3339
3861
|
#
|
3340
3862
|
# @note When making an API call, you may pass AwsCodeBuildProjectArtifactsDetails
|
@@ -4857,7 +5379,7 @@ module Aws::SecurityHub
|
|
4857
5379
|
include Aws::Structure
|
4858
5380
|
end
|
4859
5381
|
|
4860
|
-
# The details of an EC2 instance.
|
5382
|
+
# The details of an Amazon EC2 instance.
|
4861
5383
|
#
|
4862
5384
|
# @note When making an API call, you may pass AwsEc2InstanceDetails
|
4863
5385
|
# data as a hash:
|
@@ -4877,6 +5399,14 @@ module Aws::SecurityHub
|
|
4877
5399
|
# network_interface_id: "NonEmptyString",
|
4878
5400
|
# },
|
4879
5401
|
# ],
|
5402
|
+
# virtualization_type: "NonEmptyString",
|
5403
|
+
# metadata_options: {
|
5404
|
+
# http_endpoint: "NonEmptyString",
|
5405
|
+
# http_protocol_ipv_6: "NonEmptyString",
|
5406
|
+
# http_put_response_hop_limit: 1,
|
5407
|
+
# http_tokens: "NonEmptyString",
|
5408
|
+
# instance_metadata_tags: "NonEmptyString",
|
5409
|
+
# },
|
4880
5410
|
# }
|
4881
5411
|
#
|
4882
5412
|
# @!attribute [rw] type
|
@@ -4929,6 +5459,15 @@ module Aws::SecurityHub
|
|
4929
5459
|
# `AwsEc2NetworkInterfacesDetails` object.
|
4930
5460
|
# @return [Array<Types::AwsEc2InstanceNetworkInterfacesDetails>]
|
4931
5461
|
#
|
5462
|
+
# @!attribute [rw] virtualization_type
|
5463
|
+
# The virtualization type of the Amazon Machine Image (AMI) required
|
5464
|
+
# to launch the instance.
|
5465
|
+
# @return [String]
|
5466
|
+
#
|
5467
|
+
# @!attribute [rw] metadata_options
|
5468
|
+
# Details about the metadata options for the Amazon EC2 instance.
|
5469
|
+
# @return [Types::AwsEc2InstanceMetadataOptions]
|
5470
|
+
#
|
4932
5471
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation
|
4933
5472
|
#
|
4934
5473
|
class AwsEc2InstanceDetails < Struct.new(
|
@@ -4941,12 +5480,64 @@ module Aws::SecurityHub
|
|
4941
5480
|
:vpc_id,
|
4942
5481
|
:subnet_id,
|
4943
5482
|
:launched_at,
|
4944
|
-
:network_interfaces
|
5483
|
+
:network_interfaces,
|
5484
|
+
:virtualization_type,
|
5485
|
+
:metadata_options)
|
5486
|
+
SENSITIVE = []
|
5487
|
+
include Aws::Structure
|
5488
|
+
end
|
5489
|
+
|
5490
|
+
# Metadata options that allow you to configure and secure the Amazon EC2
|
5491
|
+
# instance.
|
5492
|
+
#
|
5493
|
+
# @note When making an API call, you may pass AwsEc2InstanceMetadataOptions
|
5494
|
+
# data as a hash:
|
5495
|
+
#
|
5496
|
+
# {
|
5497
|
+
# http_endpoint: "NonEmptyString",
|
5498
|
+
# http_protocol_ipv_6: "NonEmptyString",
|
5499
|
+
# http_put_response_hop_limit: 1,
|
5500
|
+
# http_tokens: "NonEmptyString",
|
5501
|
+
# instance_metadata_tags: "NonEmptyString",
|
5502
|
+
# }
|
5503
|
+
#
|
5504
|
+
# @!attribute [rw] http_endpoint
|
5505
|
+
# Enables or disables the HTTP metadata endpoint on the instance.
|
5506
|
+
# @return [String]
|
5507
|
+
#
|
5508
|
+
# @!attribute [rw] http_protocol_ipv_6
|
5509
|
+
# Enables or disables the IPv6 endpoint for the instance metadata
|
5510
|
+
# service.
|
5511
|
+
# @return [String]
|
5512
|
+
#
|
5513
|
+
# @!attribute [rw] http_put_response_hop_limit
|
5514
|
+
# The desired HTTP PUT response hop limit for instance metadata
|
5515
|
+
# requests. The larger the number, the further instance metadata
|
5516
|
+
# requests can travel.
|
5517
|
+
# @return [Integer]
|
5518
|
+
#
|
5519
|
+
# @!attribute [rw] http_tokens
|
5520
|
+
# The state of token usage for your instance metadata requests.
|
5521
|
+
# @return [String]
|
5522
|
+
#
|
5523
|
+
# @!attribute [rw] instance_metadata_tags
|
5524
|
+
# Specifies whether to allow access to instance tags from the instance
|
5525
|
+
# metadata.
|
5526
|
+
# @return [String]
|
5527
|
+
#
|
5528
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceMetadataOptions AWS API Documentation
|
5529
|
+
#
|
5530
|
+
class AwsEc2InstanceMetadataOptions < Struct.new(
|
5531
|
+
:http_endpoint,
|
5532
|
+
:http_protocol_ipv_6,
|
5533
|
+
:http_put_response_hop_limit,
|
5534
|
+
:http_tokens,
|
5535
|
+
:instance_metadata_tags)
|
4945
5536
|
SENSITIVE = []
|
4946
5537
|
include Aws::Structure
|
4947
5538
|
end
|
4948
5539
|
|
4949
|
-
# Identifies a network interface for the EC2 instance.
|
5540
|
+
# Identifies a network interface for the Amazon EC2 instance.
|
4950
5541
|
#
|
4951
5542
|
# @note When making an API call, you may pass AwsEc2InstanceNetworkInterfacesDetails
|
4952
5543
|
# data as a hash:
|
@@ -5003,7 +5594,8 @@ module Aws::SecurityHub
|
|
5003
5594
|
include Aws::Structure
|
5004
5595
|
end
|
5005
5596
|
|
5006
|
-
# Contains details about an EC2 network access control list
|
5597
|
+
# Contains details about an Amazon EC2 network access control list
|
5598
|
+
# (ACL).
|
5007
5599
|
#
|
5008
5600
|
# @note When making an API call, you may pass AwsEc2NetworkAclDetails
|
5009
5601
|
# data as a hash:
|
@@ -5126,7 +5718,7 @@ module Aws::SecurityHub
|
|
5126
5718
|
#
|
5127
5719
|
# @!attribute [rw] protocol
|
5128
5720
|
# The protocol that the rule applies to. To deny or allow access to
|
5129
|
-
# all protocols, use the value
|
5721
|
+
# all protocols, use the value `-1`.
|
5130
5722
|
# @return [String]
|
5131
5723
|
#
|
5132
5724
|
# @!attribute [rw] rule_action
|
@@ -5384,7 +5976,7 @@ module Aws::SecurityHub
|
|
5384
5976
|
include Aws::Structure
|
5385
5977
|
end
|
5386
5978
|
|
5387
|
-
# Details about an EC2 security group.
|
5979
|
+
# Details about an Amazon EC2 security group.
|
5388
5980
|
#
|
5389
5981
|
# @note When making an API call, you may pass AwsEc2SecurityGroupDetails
|
5390
5982
|
# data as a hash:
|
@@ -5539,7 +6131,7 @@ module Aws::SecurityHub
|
|
5539
6131
|
#
|
5540
6132
|
# \[VPC only\] Use `-1` to specify all protocols.
|
5541
6133
|
#
|
5542
|
-
# When authorizing security group rules, specifying
|
6134
|
+
# When authorizing security group rules, specifying `-1` or a protocol
|
5543
6135
|
# number other than `tcp`, `udp`, `icmp`, or `icmpv6` allows traffic
|
5544
6136
|
# on all ports, regardless of any port range you specify.
|
5545
6137
|
#
|
@@ -5561,7 +6153,7 @@ module Aws::SecurityHub
|
|
5561
6153
|
# The end of the port range for the TCP and UDP protocols, or an
|
5562
6154
|
# ICMP/ICMPv6 code.
|
5563
6155
|
#
|
5564
|
-
# A value of
|
6156
|
+
# A value of `-1` indicates all ICMP/ICMPv6 codes. If you specify all
|
5565
6157
|
# ICMP/ICMPv6 types, you must specify all codes.
|
5566
6158
|
# @return [Integer]
|
5567
6159
|
#
|
@@ -5825,6 +6417,98 @@ module Aws::SecurityHub
|
|
5825
6417
|
include Aws::Structure
|
5826
6418
|
end
|
5827
6419
|
|
6420
|
+
# Information about an Amazon Web Services Amazon EC2 Transit Gateway
|
6421
|
+
# that interconnects virtual private clouds (VPCs) and on-premises
|
6422
|
+
# networks.
|
6423
|
+
#
|
6424
|
+
# @note When making an API call, you may pass AwsEc2TransitGatewayDetails
|
6425
|
+
# data as a hash:
|
6426
|
+
#
|
6427
|
+
# {
|
6428
|
+
# id: "NonEmptyString",
|
6429
|
+
# description: "NonEmptyString",
|
6430
|
+
# default_route_table_propagation: "NonEmptyString",
|
6431
|
+
# auto_accept_shared_attachments: "NonEmptyString",
|
6432
|
+
# default_route_table_association: "NonEmptyString",
|
6433
|
+
# transit_gateway_cidr_blocks: ["NonEmptyString"],
|
6434
|
+
# association_default_route_table_id: "NonEmptyString",
|
6435
|
+
# propagation_default_route_table_id: "NonEmptyString",
|
6436
|
+
# vpn_ecmp_support: "NonEmptyString",
|
6437
|
+
# dns_support: "NonEmptyString",
|
6438
|
+
# multicast_support: "NonEmptyString",
|
6439
|
+
# amazon_side_asn: 1,
|
6440
|
+
# }
|
6441
|
+
#
|
6442
|
+
# @!attribute [rw] id
|
6443
|
+
# The ID of the transit gateway.
|
6444
|
+
# @return [String]
|
6445
|
+
#
|
6446
|
+
# @!attribute [rw] description
|
6447
|
+
# The description of the transit gateway.
|
6448
|
+
# @return [String]
|
6449
|
+
#
|
6450
|
+
# @!attribute [rw] default_route_table_propagation
|
6451
|
+
# Turn on or turn off automatic propagation of routes to the default
|
6452
|
+
# propagation route table.
|
6453
|
+
# @return [String]
|
6454
|
+
#
|
6455
|
+
# @!attribute [rw] auto_accept_shared_attachments
|
6456
|
+
# Turn on or turn off automatic acceptance of attachment requests.
|
6457
|
+
# @return [String]
|
6458
|
+
#
|
6459
|
+
# @!attribute [rw] default_route_table_association
|
6460
|
+
# Turn on or turn off automatic association with the default
|
6461
|
+
# association route table.
|
6462
|
+
# @return [String]
|
6463
|
+
#
|
6464
|
+
# @!attribute [rw] transit_gateway_cidr_blocks
|
6465
|
+
# The transit gateway Classless Inter-Domain Routing (CIDR) blocks.
|
6466
|
+
# @return [Array<String>]
|
6467
|
+
#
|
6468
|
+
# @!attribute [rw] association_default_route_table_id
|
6469
|
+
# The ID of the default association route table.
|
6470
|
+
# @return [String]
|
6471
|
+
#
|
6472
|
+
# @!attribute [rw] propagation_default_route_table_id
|
6473
|
+
# The ID of the default propagation route table.
|
6474
|
+
# @return [String]
|
6475
|
+
#
|
6476
|
+
# @!attribute [rw] vpn_ecmp_support
|
6477
|
+
# Turn on or turn off Equal Cost Multipath Protocol (ECMP) support.
|
6478
|
+
# @return [String]
|
6479
|
+
#
|
6480
|
+
# @!attribute [rw] dns_support
|
6481
|
+
# Turn on or turn off DNS support.
|
6482
|
+
# @return [String]
|
6483
|
+
#
|
6484
|
+
# @!attribute [rw] multicast_support
|
6485
|
+
# Indicates whether multicast is supported on the transit gateway.
|
6486
|
+
# @return [String]
|
6487
|
+
#
|
6488
|
+
# @!attribute [rw] amazon_side_asn
|
6489
|
+
# A private Autonomous System Number (ASN) for the Amazon side of a
|
6490
|
+
# BGP session.
|
6491
|
+
# @return [Integer]
|
6492
|
+
#
|
6493
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2TransitGatewayDetails AWS API Documentation
|
6494
|
+
#
|
6495
|
+
class AwsEc2TransitGatewayDetails < Struct.new(
|
6496
|
+
:id,
|
6497
|
+
:description,
|
6498
|
+
:default_route_table_propagation,
|
6499
|
+
:auto_accept_shared_attachments,
|
6500
|
+
:default_route_table_association,
|
6501
|
+
:transit_gateway_cidr_blocks,
|
6502
|
+
:association_default_route_table_id,
|
6503
|
+
:propagation_default_route_table_id,
|
6504
|
+
:vpn_ecmp_support,
|
6505
|
+
:dns_support,
|
6506
|
+
:multicast_support,
|
6507
|
+
:amazon_side_asn)
|
6508
|
+
SENSITIVE = []
|
6509
|
+
include Aws::Structure
|
6510
|
+
end
|
6511
|
+
|
5828
6512
|
# An attachment to an Amazon EC2 volume.
|
5829
6513
|
#
|
5830
6514
|
# @note When making an API call, you may pass AwsEc2VolumeAttachment
|
@@ -5872,6 +6556,7 @@ module Aws::SecurityHub
|
|
5872
6556
|
#
|
5873
6557
|
# {
|
5874
6558
|
# create_time: "NonEmptyString",
|
6559
|
+
# device_name: "NonEmptyString",
|
5875
6560
|
# encrypted: false,
|
5876
6561
|
# size: 1,
|
5877
6562
|
# snapshot_id: "NonEmptyString",
|
@@ -5885,6 +6570,9 @@ module Aws::SecurityHub
|
|
5885
6570
|
# status: "NonEmptyString",
|
5886
6571
|
# },
|
5887
6572
|
# ],
|
6573
|
+
# volume_id: "NonEmptyString",
|
6574
|
+
# volume_type: "NonEmptyString",
|
6575
|
+
# volume_scan_status: "NonEmptyString",
|
5888
6576
|
# }
|
5889
6577
|
#
|
5890
6578
|
# @!attribute [rw] create_time
|
@@ -5899,8 +6587,12 @@ module Aws::SecurityHub
|
|
5899
6587
|
# [1]: https://tools.ietf.org/html/rfc3339#section-5.6
|
5900
6588
|
# @return [String]
|
5901
6589
|
#
|
6590
|
+
# @!attribute [rw] device_name
|
6591
|
+
# The device name for the volume that is attached to the instance.
|
6592
|
+
# @return [String]
|
6593
|
+
#
|
5902
6594
|
# @!attribute [rw] encrypted
|
5903
|
-
#
|
6595
|
+
# Specifies whether the volume is encrypted.
|
5904
6596
|
# @return [Boolean]
|
5905
6597
|
#
|
5906
6598
|
# @!attribute [rw] size
|
@@ -5924,16 +6616,32 @@ module Aws::SecurityHub
|
|
5924
6616
|
# The volume attachments.
|
5925
6617
|
# @return [Array<Types::AwsEc2VolumeAttachment>]
|
5926
6618
|
#
|
6619
|
+
# @!attribute [rw] volume_id
|
6620
|
+
# The ID of the volume.
|
6621
|
+
# @return [String]
|
6622
|
+
#
|
6623
|
+
# @!attribute [rw] volume_type
|
6624
|
+
# The volume type.
|
6625
|
+
# @return [String]
|
6626
|
+
#
|
6627
|
+
# @!attribute [rw] volume_scan_status
|
6628
|
+
# Indicates whether the volume was scanned or skipped.
|
6629
|
+
# @return [String]
|
6630
|
+
#
|
5927
6631
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VolumeDetails AWS API Documentation
|
5928
6632
|
#
|
5929
6633
|
class AwsEc2VolumeDetails < Struct.new(
|
5930
6634
|
:create_time,
|
6635
|
+
:device_name,
|
5931
6636
|
:encrypted,
|
5932
6637
|
:size,
|
5933
6638
|
:snapshot_id,
|
5934
6639
|
:status,
|
5935
6640
|
:kms_key_id,
|
5936
|
-
:attachments
|
6641
|
+
:attachments,
|
6642
|
+
:volume_id,
|
6643
|
+
:volume_type,
|
6644
|
+
:volume_scan_status)
|
5937
6645
|
SENSITIVE = []
|
5938
6646
|
include Aws::Structure
|
5939
6647
|
end
|
@@ -6099,6 +6807,194 @@ module Aws::SecurityHub
|
|
6099
6807
|
include Aws::Structure
|
6100
6808
|
end
|
6101
6809
|
|
6810
|
+
# Provides information about a VPC peering connection between two VPCs:
|
6811
|
+
# a requester VPC that you own and an accepter VPC with which to create
|
6812
|
+
# the connection.
|
6813
|
+
#
|
6814
|
+
# @note When making an API call, you may pass AwsEc2VpcPeeringConnectionDetails
|
6815
|
+
# data as a hash:
|
6816
|
+
#
|
6817
|
+
# {
|
6818
|
+
# accepter_vpc_info: {
|
6819
|
+
# cidr_block: "NonEmptyString",
|
6820
|
+
# cidr_block_set: [
|
6821
|
+
# {
|
6822
|
+
# cidr_block: "NonEmptyString",
|
6823
|
+
# },
|
6824
|
+
# ],
|
6825
|
+
# ipv_6_cidr_block_set: [
|
6826
|
+
# {
|
6827
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
6828
|
+
# },
|
6829
|
+
# ],
|
6830
|
+
# owner_id: "NonEmptyString",
|
6831
|
+
# peering_options: {
|
6832
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
6833
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
6834
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
6835
|
+
# },
|
6836
|
+
# region: "NonEmptyString",
|
6837
|
+
# vpc_id: "NonEmptyString",
|
6838
|
+
# },
|
6839
|
+
# expiration_time: "NonEmptyString",
|
6840
|
+
# requester_vpc_info: {
|
6841
|
+
# cidr_block: "NonEmptyString",
|
6842
|
+
# cidr_block_set: [
|
6843
|
+
# {
|
6844
|
+
# cidr_block: "NonEmptyString",
|
6845
|
+
# },
|
6846
|
+
# ],
|
6847
|
+
# ipv_6_cidr_block_set: [
|
6848
|
+
# {
|
6849
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
6850
|
+
# },
|
6851
|
+
# ],
|
6852
|
+
# owner_id: "NonEmptyString",
|
6853
|
+
# peering_options: {
|
6854
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
6855
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
6856
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
6857
|
+
# },
|
6858
|
+
# region: "NonEmptyString",
|
6859
|
+
# vpc_id: "NonEmptyString",
|
6860
|
+
# },
|
6861
|
+
# status: {
|
6862
|
+
# code: "NonEmptyString",
|
6863
|
+
# message: "NonEmptyString",
|
6864
|
+
# },
|
6865
|
+
# vpc_peering_connection_id: "NonEmptyString",
|
6866
|
+
# }
|
6867
|
+
#
|
6868
|
+
# @!attribute [rw] accepter_vpc_info
|
6869
|
+
# Information about the accepter VPC.
|
6870
|
+
# @return [Types::AwsEc2VpcPeeringConnectionVpcInfoDetails]
|
6871
|
+
#
|
6872
|
+
# @!attribute [rw] expiration_time
|
6873
|
+
# The time at which an unaccepted VPC peering connection will expire.
|
6874
|
+
# @return [String]
|
6875
|
+
#
|
6876
|
+
# @!attribute [rw] requester_vpc_info
|
6877
|
+
# Information about the requester VPC.
|
6878
|
+
# @return [Types::AwsEc2VpcPeeringConnectionVpcInfoDetails]
|
6879
|
+
#
|
6880
|
+
# @!attribute [rw] status
|
6881
|
+
# The status of the VPC peering connection.
|
6882
|
+
# @return [Types::AwsEc2VpcPeeringConnectionStatusDetails]
|
6883
|
+
#
|
6884
|
+
# @!attribute [rw] vpc_peering_connection_id
|
6885
|
+
# The ID of the VPC peering connection.
|
6886
|
+
# @return [String]
|
6887
|
+
#
|
6888
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcPeeringConnectionDetails AWS API Documentation
|
6889
|
+
#
|
6890
|
+
class AwsEc2VpcPeeringConnectionDetails < Struct.new(
|
6891
|
+
:accepter_vpc_info,
|
6892
|
+
:expiration_time,
|
6893
|
+
:requester_vpc_info,
|
6894
|
+
:status,
|
6895
|
+
:vpc_peering_connection_id)
|
6896
|
+
SENSITIVE = []
|
6897
|
+
include Aws::Structure
|
6898
|
+
end
|
6899
|
+
|
6900
|
+
# Details about the status of the VPC peering connection.
|
6901
|
+
#
|
6902
|
+
# @note When making an API call, you may pass AwsEc2VpcPeeringConnectionStatusDetails
|
6903
|
+
# data as a hash:
|
6904
|
+
#
|
6905
|
+
# {
|
6906
|
+
# code: "NonEmptyString",
|
6907
|
+
# message: "NonEmptyString",
|
6908
|
+
# }
|
6909
|
+
#
|
6910
|
+
# @!attribute [rw] code
|
6911
|
+
# The status of the VPC peering connection.
|
6912
|
+
# @return [String]
|
6913
|
+
#
|
6914
|
+
# @!attribute [rw] message
|
6915
|
+
# A message that provides more information about the status, if
|
6916
|
+
# applicable.
|
6917
|
+
# @return [String]
|
6918
|
+
#
|
6919
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcPeeringConnectionStatusDetails AWS API Documentation
|
6920
|
+
#
|
6921
|
+
class AwsEc2VpcPeeringConnectionStatusDetails < Struct.new(
|
6922
|
+
:code,
|
6923
|
+
:message)
|
6924
|
+
SENSITIVE = []
|
6925
|
+
include Aws::Structure
|
6926
|
+
end
|
6927
|
+
|
6928
|
+
# Describes a VPC in a VPC peering connection.
|
6929
|
+
#
|
6930
|
+
# @note When making an API call, you may pass AwsEc2VpcPeeringConnectionVpcInfoDetails
|
6931
|
+
# data as a hash:
|
6932
|
+
#
|
6933
|
+
# {
|
6934
|
+
# cidr_block: "NonEmptyString",
|
6935
|
+
# cidr_block_set: [
|
6936
|
+
# {
|
6937
|
+
# cidr_block: "NonEmptyString",
|
6938
|
+
# },
|
6939
|
+
# ],
|
6940
|
+
# ipv_6_cidr_block_set: [
|
6941
|
+
# {
|
6942
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
6943
|
+
# },
|
6944
|
+
# ],
|
6945
|
+
# owner_id: "NonEmptyString",
|
6946
|
+
# peering_options: {
|
6947
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
6948
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
6949
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
6950
|
+
# },
|
6951
|
+
# region: "NonEmptyString",
|
6952
|
+
# vpc_id: "NonEmptyString",
|
6953
|
+
# }
|
6954
|
+
#
|
6955
|
+
# @!attribute [rw] cidr_block
|
6956
|
+
# The IPv4 CIDR block for the VPC.
|
6957
|
+
# @return [String]
|
6958
|
+
#
|
6959
|
+
# @!attribute [rw] cidr_block_set
|
6960
|
+
# Information about the IPv4 CIDR blocks for the VPC.
|
6961
|
+
# @return [Array<Types::VpcInfoCidrBlockSetDetails>]
|
6962
|
+
#
|
6963
|
+
# @!attribute [rw] ipv_6_cidr_block_set
|
6964
|
+
# The IPv6 CIDR block for the VPC.
|
6965
|
+
# @return [Array<Types::VpcInfoIpv6CidrBlockSetDetails>]
|
6966
|
+
#
|
6967
|
+
# @!attribute [rw] owner_id
|
6968
|
+
# The ID of the Amazon Web Services account that owns the VPC.
|
6969
|
+
# @return [String]
|
6970
|
+
#
|
6971
|
+
# @!attribute [rw] peering_options
|
6972
|
+
# Information about the VPC peering connection options for the
|
6973
|
+
# accepter or requester VPC.
|
6974
|
+
# @return [Types::VpcInfoPeeringOptionsDetails]
|
6975
|
+
#
|
6976
|
+
# @!attribute [rw] region
|
6977
|
+
# The Amazon Web Services Region in which the VPC is located.
|
6978
|
+
# @return [String]
|
6979
|
+
#
|
6980
|
+
# @!attribute [rw] vpc_id
|
6981
|
+
# The ID of the VPC.
|
6982
|
+
# @return [String]
|
6983
|
+
#
|
6984
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcPeeringConnectionVpcInfoDetails AWS API Documentation
|
6985
|
+
#
|
6986
|
+
class AwsEc2VpcPeeringConnectionVpcInfoDetails < Struct.new(
|
6987
|
+
:cidr_block,
|
6988
|
+
:cidr_block_set,
|
6989
|
+
:ipv_6_cidr_block_set,
|
6990
|
+
:owner_id,
|
6991
|
+
:peering_options,
|
6992
|
+
:region,
|
6993
|
+
:vpc_id)
|
6994
|
+
SENSITIVE = []
|
6995
|
+
include Aws::Structure
|
6996
|
+
end
|
6997
|
+
|
6102
6998
|
# Details about an Amazon EC2 VPN connection.
|
6103
6999
|
#
|
6104
7000
|
# @note When making an API call, you may pass AwsEc2VpnConnectionDetails
|
@@ -6828,12 +7724,14 @@ module Aws::SecurityHub
|
|
6828
7724
|
include Aws::Structure
|
6829
7725
|
end
|
6830
7726
|
|
6831
|
-
#
|
7727
|
+
# Provides details about an Amazon ECS cluster.
|
6832
7728
|
#
|
6833
7729
|
# @note When making an API call, you may pass AwsEcsClusterDetails
|
6834
7730
|
# data as a hash:
|
6835
7731
|
#
|
6836
7732
|
# {
|
7733
|
+
# cluster_arn: "NonEmptyString",
|
7734
|
+
# active_services_count: 1,
|
6837
7735
|
# capacity_providers: ["NonEmptyString"],
|
6838
7736
|
# cluster_settings: [
|
6839
7737
|
# {
|
@@ -6861,8 +7759,26 @@ module Aws::SecurityHub
|
|
6861
7759
|
# weight: 1,
|
6862
7760
|
# },
|
6863
7761
|
# ],
|
7762
|
+
# cluster_name: "NonEmptyString",
|
7763
|
+
# registered_container_instances_count: 1,
|
7764
|
+
# running_tasks_count: 1,
|
7765
|
+
# status: "NonEmptyString",
|
6864
7766
|
# }
|
6865
7767
|
#
|
7768
|
+
# @!attribute [rw] cluster_arn
|
7769
|
+
# The Amazon Resource Name (ARN) that identifies the cluster.
|
7770
|
+
# @return [String]
|
7771
|
+
#
|
7772
|
+
# @!attribute [rw] active_services_count
|
7773
|
+
# The number of services that are running on the cluster in an
|
7774
|
+
# `ACTIVE` state. You can view these services with the Amazon ECS [
|
7775
|
+
# `ListServices` ][1] API operation.
|
7776
|
+
#
|
7777
|
+
#
|
7778
|
+
#
|
7779
|
+
# [1]: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ListServices.html
|
7780
|
+
# @return [Integer]
|
7781
|
+
#
|
6866
7782
|
# @!attribute [rw] capacity_providers
|
6867
7783
|
# The short name of one or more capacity providers to associate with
|
6868
7784
|
# the cluster.
|
@@ -6884,13 +7800,82 @@ module Aws::SecurityHub
|
|
6884
7800
|
# without a specified launch type or capacity provider strategy.
|
6885
7801
|
# @return [Array<Types::AwsEcsClusterDefaultCapacityProviderStrategyDetails>]
|
6886
7802
|
#
|
7803
|
+
# @!attribute [rw] cluster_name
|
7804
|
+
# A name that you use to identify your cluster.
|
7805
|
+
# @return [String]
|
7806
|
+
#
|
7807
|
+
# @!attribute [rw] registered_container_instances_count
|
7808
|
+
# The number of container instances registered into the cluster. This
|
7809
|
+
# includes container instances in both `ACTIVE` and `DRAINING` status.
|
7810
|
+
# @return [Integer]
|
7811
|
+
#
|
7812
|
+
# @!attribute [rw] running_tasks_count
|
7813
|
+
# The number of tasks in the cluster that are in the `RUNNING` state.
|
7814
|
+
# @return [Integer]
|
7815
|
+
#
|
7816
|
+
# @!attribute [rw] status
|
7817
|
+
# The status of the cluster.
|
7818
|
+
# @return [String]
|
7819
|
+
#
|
6887
7820
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterDetails AWS API Documentation
|
6888
7821
|
#
|
6889
7822
|
class AwsEcsClusterDetails < Struct.new(
|
7823
|
+
:cluster_arn,
|
7824
|
+
:active_services_count,
|
6890
7825
|
:capacity_providers,
|
6891
7826
|
:cluster_settings,
|
6892
7827
|
:configuration,
|
6893
|
-
:default_capacity_provider_strategy
|
7828
|
+
:default_capacity_provider_strategy,
|
7829
|
+
:cluster_name,
|
7830
|
+
:registered_container_instances_count,
|
7831
|
+
:running_tasks_count,
|
7832
|
+
:status)
|
7833
|
+
SENSITIVE = []
|
7834
|
+
include Aws::Structure
|
7835
|
+
end
|
7836
|
+
|
7837
|
+
# Provides information about an Amazon ECS container.
|
7838
|
+
#
|
7839
|
+
# @note When making an API call, you may pass AwsEcsContainerDetails
|
7840
|
+
# data as a hash:
|
7841
|
+
#
|
7842
|
+
# {
|
7843
|
+
# name: "NonEmptyString",
|
7844
|
+
# image: "NonEmptyString",
|
7845
|
+
# mount_points: [
|
7846
|
+
# {
|
7847
|
+
# source_volume: "NonEmptyString",
|
7848
|
+
# container_path: "NonEmptyString",
|
7849
|
+
# },
|
7850
|
+
# ],
|
7851
|
+
# privileged: false,
|
7852
|
+
# }
|
7853
|
+
#
|
7854
|
+
# @!attribute [rw] name
|
7855
|
+
# The name of the container.
|
7856
|
+
# @return [String]
|
7857
|
+
#
|
7858
|
+
# @!attribute [rw] image
|
7859
|
+
# The image used for the container.
|
7860
|
+
# @return [String]
|
7861
|
+
#
|
7862
|
+
# @!attribute [rw] mount_points
|
7863
|
+
# The mount points for data volumes in your container.
|
7864
|
+
# @return [Array<Types::AwsMountPoint>]
|
7865
|
+
#
|
7866
|
+
# @!attribute [rw] privileged
|
7867
|
+
# When this parameter is true, the container is given elevated
|
7868
|
+
# privileges on the host container instance (similar to the root
|
7869
|
+
# user).
|
7870
|
+
# @return [Boolean]
|
7871
|
+
#
|
7872
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsContainerDetails AWS API Documentation
|
7873
|
+
#
|
7874
|
+
class AwsEcsContainerDetails < Struct.new(
|
7875
|
+
:name,
|
7876
|
+
:image,
|
7877
|
+
:mount_points,
|
7878
|
+
:privileged)
|
6894
7879
|
SENSITIVE = []
|
6895
7880
|
include Aws::Structure
|
6896
7881
|
end
|
@@ -8634,7 +9619,7 @@ module Aws::SecurityHub
|
|
8634
9619
|
include Aws::Structure
|
8635
9620
|
end
|
8636
9621
|
|
8637
|
-
#
|
9622
|
+
# Details about a task definition. A task definition describes the
|
8638
9623
|
# container and volume definitions of an Amazon Elastic Container
|
8639
9624
|
# Service task.
|
8640
9625
|
#
|
@@ -9275,6 +10260,336 @@ module Aws::SecurityHub
|
|
9275
10260
|
include Aws::Structure
|
9276
10261
|
end
|
9277
10262
|
|
10263
|
+
# Provides details about a task in a cluster.
|
10264
|
+
#
|
10265
|
+
# @note When making an API call, you may pass AwsEcsTaskDetails
|
10266
|
+
# data as a hash:
|
10267
|
+
#
|
10268
|
+
# {
|
10269
|
+
# cluster_arn: "NonEmptyString",
|
10270
|
+
# task_definition_arn: "NonEmptyString",
|
10271
|
+
# version: "NonEmptyString",
|
10272
|
+
# created_at: "NonEmptyString",
|
10273
|
+
# started_at: "NonEmptyString",
|
10274
|
+
# started_by: "NonEmptyString",
|
10275
|
+
# group: "NonEmptyString",
|
10276
|
+
# volumes: [
|
10277
|
+
# {
|
10278
|
+
# name: "NonEmptyString",
|
10279
|
+
# host: {
|
10280
|
+
# source_path: "NonEmptyString",
|
10281
|
+
# },
|
10282
|
+
# },
|
10283
|
+
# ],
|
10284
|
+
# containers: [
|
10285
|
+
# {
|
10286
|
+
# name: "NonEmptyString",
|
10287
|
+
# image: "NonEmptyString",
|
10288
|
+
# mount_points: [
|
10289
|
+
# {
|
10290
|
+
# source_volume: "NonEmptyString",
|
10291
|
+
# container_path: "NonEmptyString",
|
10292
|
+
# },
|
10293
|
+
# ],
|
10294
|
+
# privileged: false,
|
10295
|
+
# },
|
10296
|
+
# ],
|
10297
|
+
# }
|
10298
|
+
#
|
10299
|
+
# @!attribute [rw] cluster_arn
|
10300
|
+
# The Amazon Resource Name (ARN) of the cluster that hosts the task.
|
10301
|
+
# @return [String]
|
10302
|
+
#
|
10303
|
+
# @!attribute [rw] task_definition_arn
|
10304
|
+
# The ARN of the task definition that creates the task.
|
10305
|
+
# @return [String]
|
10306
|
+
#
|
10307
|
+
# @!attribute [rw] version
|
10308
|
+
# The version counter for the task.
|
10309
|
+
# @return [String]
|
10310
|
+
#
|
10311
|
+
# @!attribute [rw] created_at
|
10312
|
+
# The Unix timestamp for the time when the task was created. More
|
10313
|
+
# specifically, it's for the time when the task entered the `PENDING`
|
10314
|
+
# state.
|
10315
|
+
# @return [String]
|
10316
|
+
#
|
10317
|
+
# @!attribute [rw] started_at
|
10318
|
+
# The Unix timestamp for the time when the task started. More
|
10319
|
+
# specifically, it's for the time when the task transitioned from the
|
10320
|
+
# `PENDING` state to the `RUNNING` state.
|
10321
|
+
# @return [String]
|
10322
|
+
#
|
10323
|
+
# @!attribute [rw] started_by
|
10324
|
+
# The tag specified when a task is started. If an Amazon ECS service
|
10325
|
+
# started the task, the `startedBy` parameter contains the deployment
|
10326
|
+
# ID of that service.
|
10327
|
+
# @return [String]
|
10328
|
+
#
|
10329
|
+
# @!attribute [rw] group
|
10330
|
+
# The name of the task group that's associated with the task.
|
10331
|
+
# @return [String]
|
10332
|
+
#
|
10333
|
+
# @!attribute [rw] volumes
|
10334
|
+
# Details about the data volume that is used in a task definition.
|
10335
|
+
# @return [Array<Types::AwsEcsTaskVolumeDetails>]
|
10336
|
+
#
|
10337
|
+
# @!attribute [rw] containers
|
10338
|
+
# The containers that are associated with the task.
|
10339
|
+
# @return [Array<Types::AwsEcsContainerDetails>]
|
10340
|
+
#
|
10341
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDetails AWS API Documentation
|
10342
|
+
#
|
10343
|
+
class AwsEcsTaskDetails < Struct.new(
|
10344
|
+
:cluster_arn,
|
10345
|
+
:task_definition_arn,
|
10346
|
+
:version,
|
10347
|
+
:created_at,
|
10348
|
+
:started_at,
|
10349
|
+
:started_by,
|
10350
|
+
:group,
|
10351
|
+
:volumes,
|
10352
|
+
:containers)
|
10353
|
+
SENSITIVE = []
|
10354
|
+
include Aws::Structure
|
10355
|
+
end
|
10356
|
+
|
10357
|
+
# Provides information about a data volume that's used in a task
|
10358
|
+
# definition.
|
10359
|
+
#
|
10360
|
+
# @note When making an API call, you may pass AwsEcsTaskVolumeDetails
|
10361
|
+
# data as a hash:
|
10362
|
+
#
|
10363
|
+
# {
|
10364
|
+
# name: "NonEmptyString",
|
10365
|
+
# host: {
|
10366
|
+
# source_path: "NonEmptyString",
|
10367
|
+
# },
|
10368
|
+
# }
|
10369
|
+
#
|
10370
|
+
# @!attribute [rw] name
|
10371
|
+
# The name of the volume. Up to 255 letters (uppercase and lowercase),
|
10372
|
+
# numbers, underscores, and hyphens are allowed. This name is
|
10373
|
+
# referenced in the `sourceVolume` parameter of container definition
|
10374
|
+
# `mountPoints`.
|
10375
|
+
# @return [String]
|
10376
|
+
#
|
10377
|
+
# @!attribute [rw] host
|
10378
|
+
# This parameter is specified when you use bind mount host volumes.
|
10379
|
+
# The contents of the `host` parameter determine whether your bind
|
10380
|
+
# mount host volume persists on the host container instance and where
|
10381
|
+
# it's stored.
|
10382
|
+
# @return [Types::AwsEcsTaskVolumeHostDetails]
|
10383
|
+
#
|
10384
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskVolumeDetails AWS API Documentation
|
10385
|
+
#
|
10386
|
+
class AwsEcsTaskVolumeDetails < Struct.new(
|
10387
|
+
:name,
|
10388
|
+
:host)
|
10389
|
+
SENSITIVE = []
|
10390
|
+
include Aws::Structure
|
10391
|
+
end
|
10392
|
+
|
10393
|
+
# Provides details on a container instance bind mount host volume.
|
10394
|
+
#
|
10395
|
+
# @note When making an API call, you may pass AwsEcsTaskVolumeHostDetails
|
10396
|
+
# data as a hash:
|
10397
|
+
#
|
10398
|
+
# {
|
10399
|
+
# source_path: "NonEmptyString",
|
10400
|
+
# }
|
10401
|
+
#
|
10402
|
+
# @!attribute [rw] source_path
|
10403
|
+
# When the `host` parameter is used, specify a `sourcePath` to declare
|
10404
|
+
# the path on the host container instance that's presented to the
|
10405
|
+
# container.
|
10406
|
+
# @return [String]
|
10407
|
+
#
|
10408
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskVolumeHostDetails AWS API Documentation
|
10409
|
+
#
|
10410
|
+
class AwsEcsTaskVolumeHostDetails < Struct.new(
|
10411
|
+
:source_path)
|
10412
|
+
SENSITIVE = []
|
10413
|
+
include Aws::Structure
|
10414
|
+
end
|
10415
|
+
|
10416
|
+
# Provides information about an Amazon EFS access point.
|
10417
|
+
#
|
10418
|
+
# @note When making an API call, you may pass AwsEfsAccessPointDetails
|
10419
|
+
# data as a hash:
|
10420
|
+
#
|
10421
|
+
# {
|
10422
|
+
# access_point_id: "NonEmptyString",
|
10423
|
+
# arn: "NonEmptyString",
|
10424
|
+
# client_token: "NonEmptyString",
|
10425
|
+
# file_system_id: "NonEmptyString",
|
10426
|
+
# posix_user: {
|
10427
|
+
# gid: "NonEmptyString",
|
10428
|
+
# secondary_gids: ["NonEmptyString"],
|
10429
|
+
# uid: "NonEmptyString",
|
10430
|
+
# },
|
10431
|
+
# root_directory: {
|
10432
|
+
# creation_info: {
|
10433
|
+
# owner_gid: "NonEmptyString",
|
10434
|
+
# owner_uid: "NonEmptyString",
|
10435
|
+
# permissions: "NonEmptyString",
|
10436
|
+
# },
|
10437
|
+
# path: "NonEmptyString",
|
10438
|
+
# },
|
10439
|
+
# }
|
10440
|
+
#
|
10441
|
+
# @!attribute [rw] access_point_id
|
10442
|
+
# The ID of the Amazon EFS access point.
|
10443
|
+
# @return [String]
|
10444
|
+
#
|
10445
|
+
# @!attribute [rw] arn
|
10446
|
+
# The Amazon Resource Name (ARN) of the Amazon EFS access point.
|
10447
|
+
# @return [String]
|
10448
|
+
#
|
10449
|
+
# @!attribute [rw] client_token
|
10450
|
+
# The opaque string specified in the request to ensure idempotent
|
10451
|
+
# creation.
|
10452
|
+
# @return [String]
|
10453
|
+
#
|
10454
|
+
# @!attribute [rw] file_system_id
|
10455
|
+
# The ID of the Amazon EFS file system that the access point applies
|
10456
|
+
# to.
|
10457
|
+
# @return [String]
|
10458
|
+
#
|
10459
|
+
# @!attribute [rw] posix_user
|
10460
|
+
# The full POSIX identity, including the user ID, group ID, and
|
10461
|
+
# secondary group IDs on the access point, that is used for all file
|
10462
|
+
# operations by NFS clients using the access point.
|
10463
|
+
# @return [Types::AwsEfsAccessPointPosixUserDetails]
|
10464
|
+
#
|
10465
|
+
# @!attribute [rw] root_directory
|
10466
|
+
# The directory on the Amazon EFS file system that the access point
|
10467
|
+
# exposes as the root directory to NFS clients using the access point.
|
10468
|
+
# @return [Types::AwsEfsAccessPointRootDirectoryDetails]
|
10469
|
+
#
|
10470
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEfsAccessPointDetails AWS API Documentation
|
10471
|
+
#
|
10472
|
+
class AwsEfsAccessPointDetails < Struct.new(
|
10473
|
+
:access_point_id,
|
10474
|
+
:arn,
|
10475
|
+
:client_token,
|
10476
|
+
:file_system_id,
|
10477
|
+
:posix_user,
|
10478
|
+
:root_directory)
|
10479
|
+
SENSITIVE = []
|
10480
|
+
include Aws::Structure
|
10481
|
+
end
|
10482
|
+
|
10483
|
+
# Provides details for all file system operations using this Amazon EFS
|
10484
|
+
# access point.
|
10485
|
+
#
|
10486
|
+
# @note When making an API call, you may pass AwsEfsAccessPointPosixUserDetails
|
10487
|
+
# data as a hash:
|
10488
|
+
#
|
10489
|
+
# {
|
10490
|
+
# gid: "NonEmptyString",
|
10491
|
+
# secondary_gids: ["NonEmptyString"],
|
10492
|
+
# uid: "NonEmptyString",
|
10493
|
+
# }
|
10494
|
+
#
|
10495
|
+
# @!attribute [rw] gid
|
10496
|
+
# The POSIX group ID used for all file system operations using this
|
10497
|
+
# access point.
|
10498
|
+
# @return [String]
|
10499
|
+
#
|
10500
|
+
# @!attribute [rw] secondary_gids
|
10501
|
+
# Secondary POSIX group IDs used for all file system operations using
|
10502
|
+
# this access point.
|
10503
|
+
# @return [Array<String>]
|
10504
|
+
#
|
10505
|
+
# @!attribute [rw] uid
|
10506
|
+
# The POSIX user ID used for all file system operations using this
|
10507
|
+
# access point.
|
10508
|
+
# @return [String]
|
10509
|
+
#
|
10510
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEfsAccessPointPosixUserDetails AWS API Documentation
|
10511
|
+
#
|
10512
|
+
class AwsEfsAccessPointPosixUserDetails < Struct.new(
|
10513
|
+
:gid,
|
10514
|
+
:secondary_gids,
|
10515
|
+
:uid)
|
10516
|
+
SENSITIVE = []
|
10517
|
+
include Aws::Structure
|
10518
|
+
end
|
10519
|
+
|
10520
|
+
# Provides information about the settings that Amazon EFS uses to create
|
10521
|
+
# the root directory when a client connects to an access point.
|
10522
|
+
#
|
10523
|
+
# @note When making an API call, you may pass AwsEfsAccessPointRootDirectoryCreationInfoDetails
|
10524
|
+
# data as a hash:
|
10525
|
+
#
|
10526
|
+
# {
|
10527
|
+
# owner_gid: "NonEmptyString",
|
10528
|
+
# owner_uid: "NonEmptyString",
|
10529
|
+
# permissions: "NonEmptyString",
|
10530
|
+
# }
|
10531
|
+
#
|
10532
|
+
# @!attribute [rw] owner_gid
|
10533
|
+
# Specifies the POSIX group ID to apply to the root directory.
|
10534
|
+
# @return [String]
|
10535
|
+
#
|
10536
|
+
# @!attribute [rw] owner_uid
|
10537
|
+
# Specifies the POSIX user ID to apply to the root directory.
|
10538
|
+
# @return [String]
|
10539
|
+
#
|
10540
|
+
# @!attribute [rw] permissions
|
10541
|
+
# Specifies the POSIX permissions to apply to the root directory, in
|
10542
|
+
# the format of an octal number representing the file's mode bits.
|
10543
|
+
# @return [String]
|
10544
|
+
#
|
10545
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEfsAccessPointRootDirectoryCreationInfoDetails AWS API Documentation
|
10546
|
+
#
|
10547
|
+
class AwsEfsAccessPointRootDirectoryCreationInfoDetails < Struct.new(
|
10548
|
+
:owner_gid,
|
10549
|
+
:owner_uid,
|
10550
|
+
:permissions)
|
10551
|
+
SENSITIVE = []
|
10552
|
+
include Aws::Structure
|
10553
|
+
end
|
10554
|
+
|
10555
|
+
# Provides information about the directory on the Amazon EFS file system
|
10556
|
+
# that the access point exposes as the root directory to NFS clients
|
10557
|
+
# using the access point.
|
10558
|
+
#
|
10559
|
+
# @note When making an API call, you may pass AwsEfsAccessPointRootDirectoryDetails
|
10560
|
+
# data as a hash:
|
10561
|
+
#
|
10562
|
+
# {
|
10563
|
+
# creation_info: {
|
10564
|
+
# owner_gid: "NonEmptyString",
|
10565
|
+
# owner_uid: "NonEmptyString",
|
10566
|
+
# permissions: "NonEmptyString",
|
10567
|
+
# },
|
10568
|
+
# path: "NonEmptyString",
|
10569
|
+
# }
|
10570
|
+
#
|
10571
|
+
# @!attribute [rw] creation_info
|
10572
|
+
# Specifies the POSIX IDs and permissions to apply to the access
|
10573
|
+
# point's root directory.
|
10574
|
+
# @return [Types::AwsEfsAccessPointRootDirectoryCreationInfoDetails]
|
10575
|
+
#
|
10576
|
+
# @!attribute [rw] path
|
10577
|
+
# Specifies the path on the Amazon EFS file system to expose as the
|
10578
|
+
# root directory to NFS clients using the access point to access the
|
10579
|
+
# EFS file system. A path can have up to four subdirectories. If the
|
10580
|
+
# specified path does not exist, you are required to provide
|
10581
|
+
# `CreationInfo`.
|
10582
|
+
# @return [String]
|
10583
|
+
#
|
10584
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEfsAccessPointRootDirectoryDetails AWS API Documentation
|
10585
|
+
#
|
10586
|
+
class AwsEfsAccessPointRootDirectoryDetails < Struct.new(
|
10587
|
+
:creation_info,
|
10588
|
+
:path)
|
10589
|
+
SENSITIVE = []
|
10590
|
+
include Aws::Structure
|
10591
|
+
end
|
10592
|
+
|
9278
10593
|
# Provides details about an Amazon EKS cluster.
|
9279
10594
|
#
|
9280
10595
|
# @note When making an API call, you may pass AwsEksClusterDetails
|
@@ -9969,7 +11284,8 @@ module Aws::SecurityHub
|
|
9969
11284
|
# @return [Boolean]
|
9970
11285
|
#
|
9971
11286
|
# @!attribute [rw] kms_key_id
|
9972
|
-
# The KMS key ID. Takes the form
|
11287
|
+
# The KMS key ID. Takes the form
|
11288
|
+
# `1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a`.
|
9973
11289
|
# @return [String]
|
9974
11290
|
#
|
9975
11291
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainEncryptionAtRestOptions AWS API Documentation
|
@@ -11938,6 +13254,87 @@ module Aws::SecurityHub
|
|
11938
13254
|
include Aws::Structure
|
11939
13255
|
end
|
11940
13256
|
|
13257
|
+
# Provides information about an Amazon Kinesis data stream.
|
13258
|
+
#
|
13259
|
+
# @note When making an API call, you may pass AwsKinesisStreamDetails
|
13260
|
+
# data as a hash:
|
13261
|
+
#
|
13262
|
+
# {
|
13263
|
+
# name: "NonEmptyString",
|
13264
|
+
# arn: "NonEmptyString",
|
13265
|
+
# stream_encryption: {
|
13266
|
+
# encryption_type: "NonEmptyString",
|
13267
|
+
# key_id: "NonEmptyString",
|
13268
|
+
# },
|
13269
|
+
# shard_count: 1,
|
13270
|
+
# retention_period_hours: 1,
|
13271
|
+
# }
|
13272
|
+
#
|
13273
|
+
# @!attribute [rw] name
|
13274
|
+
# The name of the Kinesis stream. If you don't specify a name,
|
13275
|
+
# CloudFront generates a unique physical ID and uses that ID for the
|
13276
|
+
# stream name.
|
13277
|
+
# @return [String]
|
13278
|
+
#
|
13279
|
+
# @!attribute [rw] arn
|
13280
|
+
# The Amazon Resource Name (ARN) of the Kinesis data stream.
|
13281
|
+
# @return [String]
|
13282
|
+
#
|
13283
|
+
# @!attribute [rw] stream_encryption
|
13284
|
+
# When specified, enables or updates server-side encryption using an
|
13285
|
+
# KMS key for a specified stream. Removing this property from your
|
13286
|
+
# stack template and updating your stack disables encryption.
|
13287
|
+
# @return [Types::AwsKinesisStreamStreamEncryptionDetails]
|
13288
|
+
#
|
13289
|
+
# @!attribute [rw] shard_count
|
13290
|
+
# The number of shards that the stream uses.
|
13291
|
+
# @return [Integer]
|
13292
|
+
#
|
13293
|
+
# @!attribute [rw] retention_period_hours
|
13294
|
+
# The number of hours for the data records that are stored in shards
|
13295
|
+
# to remain accessible.
|
13296
|
+
# @return [Integer]
|
13297
|
+
#
|
13298
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKinesisStreamDetails AWS API Documentation
|
13299
|
+
#
|
13300
|
+
class AwsKinesisStreamDetails < Struct.new(
|
13301
|
+
:name,
|
13302
|
+
:arn,
|
13303
|
+
:stream_encryption,
|
13304
|
+
:shard_count,
|
13305
|
+
:retention_period_hours)
|
13306
|
+
SENSITIVE = []
|
13307
|
+
include Aws::Structure
|
13308
|
+
end
|
13309
|
+
|
13310
|
+
# Provides information about stream encryption.
|
13311
|
+
#
|
13312
|
+
# @note When making an API call, you may pass AwsKinesisStreamStreamEncryptionDetails
|
13313
|
+
# data as a hash:
|
13314
|
+
#
|
13315
|
+
# {
|
13316
|
+
# encryption_type: "NonEmptyString",
|
13317
|
+
# key_id: "NonEmptyString",
|
13318
|
+
# }
|
13319
|
+
#
|
13320
|
+
# @!attribute [rw] encryption_type
|
13321
|
+
# The encryption type to use.
|
13322
|
+
# @return [String]
|
13323
|
+
#
|
13324
|
+
# @!attribute [rw] key_id
|
13325
|
+
# The globally unique identifier for the customer-managed KMS key to
|
13326
|
+
# use for encryption.
|
13327
|
+
# @return [String]
|
13328
|
+
#
|
13329
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKinesisStreamStreamEncryptionDetails AWS API Documentation
|
13330
|
+
#
|
13331
|
+
class AwsKinesisStreamStreamEncryptionDetails < Struct.new(
|
13332
|
+
:encryption_type,
|
13333
|
+
:key_id)
|
13334
|
+
SENSITIVE = []
|
13335
|
+
include Aws::Structure
|
13336
|
+
end
|
13337
|
+
|
11941
13338
|
# Contains metadata about an KMS key.
|
11942
13339
|
#
|
11943
13340
|
# @note When making an API call, you may pass AwsKmsKeyDetails
|
@@ -11998,7 +13395,7 @@ module Aws::SecurityHub
|
|
11998
13395
|
# @return [String]
|
11999
13396
|
#
|
12000
13397
|
# @!attribute [rw] description
|
12001
|
-
# A description of the key.
|
13398
|
+
# A description of the KMS key.
|
12002
13399
|
# @return [String]
|
12003
13400
|
#
|
12004
13401
|
# @!attribute [rw] key_rotation_status
|
@@ -12433,6 +13830,35 @@ module Aws::SecurityHub
|
|
12433
13830
|
include Aws::Structure
|
12434
13831
|
end
|
12435
13832
|
|
13833
|
+
# Details for a volume mount point that's used in a container
|
13834
|
+
# definition.
|
13835
|
+
#
|
13836
|
+
# @note When making an API call, you may pass AwsMountPoint
|
13837
|
+
# data as a hash:
|
13838
|
+
#
|
13839
|
+
# {
|
13840
|
+
# source_volume: "NonEmptyString",
|
13841
|
+
# container_path: "NonEmptyString",
|
13842
|
+
# }
|
13843
|
+
#
|
13844
|
+
# @!attribute [rw] source_volume
|
13845
|
+
# The name of the volume to mount. Must be a volume name referenced in
|
13846
|
+
# the `name` parameter of task definition `volume`.
|
13847
|
+
# @return [String]
|
13848
|
+
#
|
13849
|
+
# @!attribute [rw] container_path
|
13850
|
+
# The path on the container to mount the host volume at.
|
13851
|
+
# @return [String]
|
13852
|
+
#
|
13853
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsMountPoint AWS API Documentation
|
13854
|
+
#
|
13855
|
+
class AwsMountPoint < Struct.new(
|
13856
|
+
:source_volume,
|
13857
|
+
:container_path)
|
13858
|
+
SENSITIVE = []
|
13859
|
+
include Aws::Structure
|
13860
|
+
end
|
13861
|
+
|
12436
13862
|
# Details about an Network Firewall firewall.
|
12437
13863
|
#
|
12438
13864
|
# @note When making an API call, you may pass AwsNetworkFirewallFirewallDetails
|
@@ -12767,6 +14193,43 @@ module Aws::SecurityHub
|
|
12767
14193
|
include Aws::Structure
|
12768
14194
|
end
|
12769
14195
|
|
14196
|
+
# Provides information about domain access control options.
|
14197
|
+
#
|
14198
|
+
# @note When making an API call, you may pass AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
|
14199
|
+
# data as a hash:
|
14200
|
+
#
|
14201
|
+
# {
|
14202
|
+
# enabled: false,
|
14203
|
+
# internal_user_database_enabled: false,
|
14204
|
+
# master_user_options: {
|
14205
|
+
# master_user_arn: "NonEmptyString",
|
14206
|
+
# master_user_name: "NonEmptyString",
|
14207
|
+
# master_user_password: "NonEmptyString",
|
14208
|
+
# },
|
14209
|
+
# }
|
14210
|
+
#
|
14211
|
+
# @!attribute [rw] enabled
|
14212
|
+
# Enables fine-grained access control.
|
14213
|
+
# @return [Boolean]
|
14214
|
+
#
|
14215
|
+
# @!attribute [rw] internal_user_database_enabled
|
14216
|
+
# Enables the internal user database.
|
14217
|
+
# @return [Boolean]
|
14218
|
+
#
|
14219
|
+
# @!attribute [rw] master_user_options
|
14220
|
+
# Specifies information about the master user of the domain.
|
14221
|
+
# @return [Types::AwsOpenSearchServiceDomainMasterUserOptionsDetails]
|
14222
|
+
#
|
14223
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails AWS API Documentation
|
14224
|
+
#
|
14225
|
+
class AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails < Struct.new(
|
14226
|
+
:enabled,
|
14227
|
+
:internal_user_database_enabled,
|
14228
|
+
:master_user_options)
|
14229
|
+
SENSITIVE = []
|
14230
|
+
include Aws::Structure
|
14231
|
+
end
|
14232
|
+
|
12770
14233
|
# Details about the configuration of an OpenSearch cluster.
|
12771
14234
|
#
|
12772
14235
|
# @note When making an API call, you may pass AwsOpenSearchServiceDomainClusterConfigDetails
|
@@ -12950,6 +14413,15 @@ module Aws::SecurityHub
|
|
12950
14413
|
# domain_endpoints: {
|
12951
14414
|
# "NonEmptyString" => "NonEmptyString",
|
12952
14415
|
# },
|
14416
|
+
# advanced_security_options: {
|
14417
|
+
# enabled: false,
|
14418
|
+
# internal_user_database_enabled: false,
|
14419
|
+
# master_user_options: {
|
14420
|
+
# master_user_arn: "NonEmptyString",
|
14421
|
+
# master_user_name: "NonEmptyString",
|
14422
|
+
# master_user_password: "NonEmptyString",
|
14423
|
+
# },
|
14424
|
+
# },
|
12953
14425
|
# }
|
12954
14426
|
#
|
12955
14427
|
# @!attribute [rw] arn
|
@@ -13015,6 +14487,10 @@ module Aws::SecurityHub
|
|
13015
14487
|
# is the endpoint.
|
13016
14488
|
# @return [Hash<String,String>]
|
13017
14489
|
#
|
14490
|
+
# @!attribute [rw] advanced_security_options
|
14491
|
+
# Specifies options for fine-grained access control.
|
14492
|
+
# @return [Types::AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails]
|
14493
|
+
#
|
13018
14494
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainDetails AWS API Documentation
|
13019
14495
|
#
|
13020
14496
|
class AwsOpenSearchServiceDomainDetails < Struct.new(
|
@@ -13031,7 +14507,8 @@ module Aws::SecurityHub
|
|
13031
14507
|
:domain_endpoint_options,
|
13032
14508
|
:vpc_options,
|
13033
14509
|
:log_publishing_options,
|
13034
|
-
:domain_endpoints
|
14510
|
+
:domain_endpoints,
|
14511
|
+
:advanced_security_options)
|
13035
14512
|
SENSITIVE = []
|
13036
14513
|
include Aws::Structure
|
13037
14514
|
end
|
@@ -13180,6 +14657,39 @@ module Aws::SecurityHub
|
|
13180
14657
|
include Aws::Structure
|
13181
14658
|
end
|
13182
14659
|
|
14660
|
+
# Specifies information about the master user of the domain.
|
14661
|
+
#
|
14662
|
+
# @note When making an API call, you may pass AwsOpenSearchServiceDomainMasterUserOptionsDetails
|
14663
|
+
# data as a hash:
|
14664
|
+
#
|
14665
|
+
# {
|
14666
|
+
# master_user_arn: "NonEmptyString",
|
14667
|
+
# master_user_name: "NonEmptyString",
|
14668
|
+
# master_user_password: "NonEmptyString",
|
14669
|
+
# }
|
14670
|
+
#
|
14671
|
+
# @!attribute [rw] master_user_arn
|
14672
|
+
# The Amazon Resource Name (ARN) for the master user.
|
14673
|
+
# @return [String]
|
14674
|
+
#
|
14675
|
+
# @!attribute [rw] master_user_name
|
14676
|
+
# The username for the master user.
|
14677
|
+
# @return [String]
|
14678
|
+
#
|
14679
|
+
# @!attribute [rw] master_user_password
|
14680
|
+
# The password for the master user.
|
14681
|
+
# @return [String]
|
14682
|
+
#
|
14683
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainMasterUserOptionsDetails AWS API Documentation
|
14684
|
+
#
|
14685
|
+
class AwsOpenSearchServiceDomainMasterUserOptionsDetails < Struct.new(
|
14686
|
+
:master_user_arn,
|
14687
|
+
:master_user_name,
|
14688
|
+
:master_user_password)
|
14689
|
+
SENSITIVE = []
|
14690
|
+
include Aws::Structure
|
14691
|
+
end
|
14692
|
+
|
13183
14693
|
# Provides details about the configuration for node-to-node encryption.
|
13184
14694
|
#
|
13185
14695
|
# @note When making an API call, you may pass AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
|
@@ -15483,10 +16993,10 @@ module Aws::SecurityHub
|
|
15483
16993
|
# The number of days that manual snapshots are retained in the
|
15484
16994
|
# destination region after they are copied from a source region.
|
15485
16995
|
#
|
15486
|
-
# If the value is
|
16996
|
+
# If the value is `-1`, then the manual snapshot is retained
|
15487
16997
|
# indefinitely.
|
15488
16998
|
#
|
15489
|
-
# Valid values: Either
|
16999
|
+
# Valid values: Either `-1` or an integer between 1 and 3,653
|
15490
17000
|
# @return [Integer]
|
15491
17001
|
#
|
15492
17002
|
# @!attribute [rw] retention_period
|
@@ -15868,12 +17378,12 @@ module Aws::SecurityHub
|
|
15868
17378
|
# @!attribute [rw] manual_snapshot_retention_period
|
15869
17379
|
# The default number of days to retain a manual snapshot.
|
15870
17380
|
#
|
15871
|
-
# If the value is
|
17381
|
+
# If the value is `-1`, the snapshot is retained indefinitely.
|
15872
17382
|
#
|
15873
17383
|
# This setting doesn't change the retention period of existing
|
15874
17384
|
# snapshots.
|
15875
17385
|
#
|
15876
|
-
# Valid values: Either
|
17386
|
+
# Valid values: Either `-1` or an integer between 1 and 3,653
|
15877
17387
|
# @return [Integer]
|
15878
17388
|
#
|
15879
17389
|
# @!attribute [rw] master_username
|
@@ -17944,6 +19454,21 @@ module Aws::SecurityHub
|
|
17944
19454
|
# launched_at: "NonEmptyString",
|
17945
19455
|
# terminated_at: "NonEmptyString",
|
17946
19456
|
# },
|
19457
|
+
# threats: [
|
19458
|
+
# {
|
19459
|
+
# name: "NonEmptyString",
|
19460
|
+
# severity: "NonEmptyString",
|
19461
|
+
# item_count: 1,
|
19462
|
+
# file_paths: [
|
19463
|
+
# {
|
19464
|
+
# file_path: "NonEmptyString",
|
19465
|
+
# file_name: "NonEmptyString",
|
19466
|
+
# resource_id: "NonEmptyString",
|
19467
|
+
# hash: "NonEmptyString",
|
19468
|
+
# },
|
19469
|
+
# ],
|
19470
|
+
# },
|
19471
|
+
# ],
|
17947
19472
|
# threat_intel_indicators: [
|
17948
19473
|
# {
|
17949
19474
|
# type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL
|
@@ -18231,6 +19756,17 @@ module Aws::SecurityHub
|
|
18231
19756
|
# s3_origin_config: {
|
18232
19757
|
# origin_access_identity: "NonEmptyString",
|
18233
19758
|
# },
|
19759
|
+
# custom_origin_config: {
|
19760
|
+
# http_port: 1,
|
19761
|
+
# https_port: 1,
|
19762
|
+
# origin_keepalive_timeout: 1,
|
19763
|
+
# origin_protocol_policy: "NonEmptyString",
|
19764
|
+
# origin_read_timeout: 1,
|
19765
|
+
# origin_ssl_protocols: {
|
19766
|
+
# items: ["NonEmptyString"],
|
19767
|
+
# quantity: 1,
|
19768
|
+
# },
|
19769
|
+
# },
|
18234
19770
|
# },
|
18235
19771
|
# ],
|
18236
19772
|
# },
|
@@ -18273,6 +19809,14 @@ module Aws::SecurityHub
|
|
18273
19809
|
# network_interface_id: "NonEmptyString",
|
18274
19810
|
# },
|
18275
19811
|
# ],
|
19812
|
+
# virtualization_type: "NonEmptyString",
|
19813
|
+
# metadata_options: {
|
19814
|
+
# http_endpoint: "NonEmptyString",
|
19815
|
+
# http_protocol_ipv_6: "NonEmptyString",
|
19816
|
+
# http_put_response_hop_limit: 1,
|
19817
|
+
# http_tokens: "NonEmptyString",
|
19818
|
+
# instance_metadata_tags: "NonEmptyString",
|
19819
|
+
# },
|
18276
19820
|
# },
|
18277
19821
|
# aws_ec2_network_interface: {
|
18278
19822
|
# attachment: {
|
@@ -18378,6 +19922,7 @@ module Aws::SecurityHub
|
|
18378
19922
|
# },
|
18379
19923
|
# aws_ec2_volume: {
|
18380
19924
|
# create_time: "NonEmptyString",
|
19925
|
+
# device_name: "NonEmptyString",
|
18381
19926
|
# encrypted: false,
|
18382
19927
|
# size: 1,
|
18383
19928
|
# snapshot_id: "NonEmptyString",
|
@@ -18391,6 +19936,9 @@ module Aws::SecurityHub
|
|
18391
19936
|
# status: "NonEmptyString",
|
18392
19937
|
# },
|
18393
19938
|
# ],
|
19939
|
+
# volume_id: "NonEmptyString",
|
19940
|
+
# volume_type: "NonEmptyString",
|
19941
|
+
# volume_scan_status: "NonEmptyString",
|
18394
19942
|
# },
|
18395
19943
|
# aws_ec2_vpc: {
|
18396
19944
|
# cidr_block_association_set: [
|
@@ -19626,6 +21174,13 @@ module Aws::SecurityHub
|
|
19626
21174
|
# ],
|
19627
21175
|
# topic_name: "NonEmptyString",
|
19628
21176
|
# owner: "NonEmptyString",
|
21177
|
+
# sqs_success_feedback_role_arn: "NonEmptyString",
|
21178
|
+
# sqs_failure_feedback_role_arn: "NonEmptyString",
|
21179
|
+
# application_success_feedback_role_arn: "NonEmptyString",
|
21180
|
+
# firehose_success_feedback_role_arn: "NonEmptyString",
|
21181
|
+
# firehose_failure_feedback_role_arn: "NonEmptyString",
|
21182
|
+
# http_success_feedback_role_arn: "NonEmptyString",
|
21183
|
+
# http_failure_feedback_role_arn: "NonEmptyString",
|
19629
21184
|
# },
|
19630
21185
|
# aws_sqs_queue: {
|
19631
21186
|
# kms_data_key_reuse_period_seconds: 1,
|
@@ -19779,6 +21334,8 @@ module Aws::SecurityHub
|
|
19779
21334
|
# iam_database_authentication_enabled: false,
|
19780
21335
|
# },
|
19781
21336
|
# aws_ecs_cluster: {
|
21337
|
+
# cluster_arn: "NonEmptyString",
|
21338
|
+
# active_services_count: 1,
|
19782
21339
|
# capacity_providers: ["NonEmptyString"],
|
19783
21340
|
# cluster_settings: [
|
19784
21341
|
# {
|
@@ -19806,6 +21363,21 @@ module Aws::SecurityHub
|
|
19806
21363
|
# weight: 1,
|
19807
21364
|
# },
|
19808
21365
|
# ],
|
21366
|
+
# cluster_name: "NonEmptyString",
|
21367
|
+
# registered_container_instances_count: 1,
|
21368
|
+
# running_tasks_count: 1,
|
21369
|
+
# status: "NonEmptyString",
|
21370
|
+
# },
|
21371
|
+
# aws_ecs_container: {
|
21372
|
+
# name: "NonEmptyString",
|
21373
|
+
# image: "NonEmptyString",
|
21374
|
+
# mount_points: [
|
21375
|
+
# {
|
21376
|
+
# source_volume: "NonEmptyString",
|
21377
|
+
# container_path: "NonEmptyString",
|
21378
|
+
# },
|
21379
|
+
# ],
|
21380
|
+
# privileged: false,
|
19809
21381
|
# },
|
19810
21382
|
# aws_ecs_task_definition: {
|
19811
21383
|
# container_definitions: [
|
@@ -20020,10 +21592,18 @@ module Aws::SecurityHub
|
|
20020
21592
|
# ],
|
20021
21593
|
# },
|
20022
21594
|
# container: {
|
21595
|
+
# container_runtime: "NonEmptyString",
|
20023
21596
|
# name: "NonEmptyString",
|
20024
21597
|
# image_id: "NonEmptyString",
|
20025
21598
|
# image_name: "NonEmptyString",
|
20026
21599
|
# launched_at: "NonEmptyString",
|
21600
|
+
# volume_mounts: [
|
21601
|
+
# {
|
21602
|
+
# name: "NonEmptyString",
|
21603
|
+
# mount_path: "NonEmptyString",
|
21604
|
+
# },
|
21605
|
+
# ],
|
21606
|
+
# privileged: false,
|
20027
21607
|
# },
|
20028
21608
|
# other: {
|
20029
21609
|
# "NonEmptyString" => "NonEmptyString",
|
@@ -20273,6 +21853,15 @@ module Aws::SecurityHub
|
|
20273
21853
|
# domain_endpoints: {
|
20274
21854
|
# "NonEmptyString" => "NonEmptyString",
|
20275
21855
|
# },
|
21856
|
+
# advanced_security_options: {
|
21857
|
+
# enabled: false,
|
21858
|
+
# internal_user_database_enabled: false,
|
21859
|
+
# master_user_options: {
|
21860
|
+
# master_user_arn: "NonEmptyString",
|
21861
|
+
# master_user_name: "NonEmptyString",
|
21862
|
+
# master_user_password: "NonEmptyString",
|
21863
|
+
# },
|
21864
|
+
# },
|
20276
21865
|
# },
|
20277
21866
|
# aws_ec2_vpc_endpoint_service: {
|
20278
21867
|
# acceptance_required: false,
|
@@ -20530,6 +22119,256 @@ module Aws::SecurityHub
|
|
20530
22119
|
# owner_id: "NonEmptyString",
|
20531
22120
|
# vpc_id: "NonEmptyString",
|
20532
22121
|
# },
|
22122
|
+
# aws_kinesis_stream: {
|
22123
|
+
# name: "NonEmptyString",
|
22124
|
+
# arn: "NonEmptyString",
|
22125
|
+
# stream_encryption: {
|
22126
|
+
# encryption_type: "NonEmptyString",
|
22127
|
+
# key_id: "NonEmptyString",
|
22128
|
+
# },
|
22129
|
+
# shard_count: 1,
|
22130
|
+
# retention_period_hours: 1,
|
22131
|
+
# },
|
22132
|
+
# aws_ec2_transit_gateway: {
|
22133
|
+
# id: "NonEmptyString",
|
22134
|
+
# description: "NonEmptyString",
|
22135
|
+
# default_route_table_propagation: "NonEmptyString",
|
22136
|
+
# auto_accept_shared_attachments: "NonEmptyString",
|
22137
|
+
# default_route_table_association: "NonEmptyString",
|
22138
|
+
# transit_gateway_cidr_blocks: ["NonEmptyString"],
|
22139
|
+
# association_default_route_table_id: "NonEmptyString",
|
22140
|
+
# propagation_default_route_table_id: "NonEmptyString",
|
22141
|
+
# vpn_ecmp_support: "NonEmptyString",
|
22142
|
+
# dns_support: "NonEmptyString",
|
22143
|
+
# multicast_support: "NonEmptyString",
|
22144
|
+
# amazon_side_asn: 1,
|
22145
|
+
# },
|
22146
|
+
# aws_efs_access_point: {
|
22147
|
+
# access_point_id: "NonEmptyString",
|
22148
|
+
# arn: "NonEmptyString",
|
22149
|
+
# client_token: "NonEmptyString",
|
22150
|
+
# file_system_id: "NonEmptyString",
|
22151
|
+
# posix_user: {
|
22152
|
+
# gid: "NonEmptyString",
|
22153
|
+
# secondary_gids: ["NonEmptyString"],
|
22154
|
+
# uid: "NonEmptyString",
|
22155
|
+
# },
|
22156
|
+
# root_directory: {
|
22157
|
+
# creation_info: {
|
22158
|
+
# owner_gid: "NonEmptyString",
|
22159
|
+
# owner_uid: "NonEmptyString",
|
22160
|
+
# permissions: "NonEmptyString",
|
22161
|
+
# },
|
22162
|
+
# path: "NonEmptyString",
|
22163
|
+
# },
|
22164
|
+
# },
|
22165
|
+
# aws_cloud_formation_stack: {
|
22166
|
+
# capabilities: ["NonEmptyString"],
|
22167
|
+
# creation_time: "NonEmptyString",
|
22168
|
+
# description: "NonEmptyString",
|
22169
|
+
# disable_rollback: false,
|
22170
|
+
# drift_information: {
|
22171
|
+
# stack_drift_status: "NonEmptyString",
|
22172
|
+
# },
|
22173
|
+
# enable_termination_protection: false,
|
22174
|
+
# last_updated_time: "NonEmptyString",
|
22175
|
+
# notification_arns: ["NonEmptyString"],
|
22176
|
+
# outputs: [
|
22177
|
+
# {
|
22178
|
+
# description: "NonEmptyString",
|
22179
|
+
# output_key: "NonEmptyString",
|
22180
|
+
# output_value: "NonEmptyString",
|
22181
|
+
# },
|
22182
|
+
# ],
|
22183
|
+
# role_arn: "NonEmptyString",
|
22184
|
+
# stack_id: "NonEmptyString",
|
22185
|
+
# stack_name: "NonEmptyString",
|
22186
|
+
# stack_status: "NonEmptyString",
|
22187
|
+
# stack_status_reason: "NonEmptyString",
|
22188
|
+
# timeout_in_minutes: 1,
|
22189
|
+
# },
|
22190
|
+
# aws_cloud_watch_alarm: {
|
22191
|
+
# actions_enabled: false,
|
22192
|
+
# alarm_actions: ["NonEmptyString"],
|
22193
|
+
# alarm_arn: "NonEmptyString",
|
22194
|
+
# alarm_configuration_updated_timestamp: "NonEmptyString",
|
22195
|
+
# alarm_description: "NonEmptyString",
|
22196
|
+
# alarm_name: "NonEmptyString",
|
22197
|
+
# comparison_operator: "NonEmptyString",
|
22198
|
+
# datapoints_to_alarm: 1,
|
22199
|
+
# dimensions: [
|
22200
|
+
# {
|
22201
|
+
# name: "NonEmptyString",
|
22202
|
+
# value: "NonEmptyString",
|
22203
|
+
# },
|
22204
|
+
# ],
|
22205
|
+
# evaluate_low_sample_count_percentile: "NonEmptyString",
|
22206
|
+
# evaluation_periods: 1,
|
22207
|
+
# extended_statistic: "NonEmptyString",
|
22208
|
+
# insufficient_data_actions: ["NonEmptyString"],
|
22209
|
+
# metric_name: "NonEmptyString",
|
22210
|
+
# namespace: "NonEmptyString",
|
22211
|
+
# ok_actions: ["NonEmptyString"],
|
22212
|
+
# period: 1,
|
22213
|
+
# statistic: "NonEmptyString",
|
22214
|
+
# threshold: 1.0,
|
22215
|
+
# threshold_metric_id: "NonEmptyString",
|
22216
|
+
# treat_missing_data: "NonEmptyString",
|
22217
|
+
# unit: "NonEmptyString",
|
22218
|
+
# },
|
22219
|
+
# aws_ec2_vpc_peering_connection: {
|
22220
|
+
# accepter_vpc_info: {
|
22221
|
+
# cidr_block: "NonEmptyString",
|
22222
|
+
# cidr_block_set: [
|
22223
|
+
# {
|
22224
|
+
# cidr_block: "NonEmptyString",
|
22225
|
+
# },
|
22226
|
+
# ],
|
22227
|
+
# ipv_6_cidr_block_set: [
|
22228
|
+
# {
|
22229
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
22230
|
+
# },
|
22231
|
+
# ],
|
22232
|
+
# owner_id: "NonEmptyString",
|
22233
|
+
# peering_options: {
|
22234
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
22235
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
22236
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
22237
|
+
# },
|
22238
|
+
# region: "NonEmptyString",
|
22239
|
+
# vpc_id: "NonEmptyString",
|
22240
|
+
# },
|
22241
|
+
# expiration_time: "NonEmptyString",
|
22242
|
+
# requester_vpc_info: {
|
22243
|
+
# cidr_block: "NonEmptyString",
|
22244
|
+
# cidr_block_set: [
|
22245
|
+
# {
|
22246
|
+
# cidr_block: "NonEmptyString",
|
22247
|
+
# },
|
22248
|
+
# ],
|
22249
|
+
# ipv_6_cidr_block_set: [
|
22250
|
+
# {
|
22251
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
22252
|
+
# },
|
22253
|
+
# ],
|
22254
|
+
# owner_id: "NonEmptyString",
|
22255
|
+
# peering_options: {
|
22256
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
22257
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
22258
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
22259
|
+
# },
|
22260
|
+
# region: "NonEmptyString",
|
22261
|
+
# vpc_id: "NonEmptyString",
|
22262
|
+
# },
|
22263
|
+
# status: {
|
22264
|
+
# code: "NonEmptyString",
|
22265
|
+
# message: "NonEmptyString",
|
22266
|
+
# },
|
22267
|
+
# vpc_peering_connection_id: "NonEmptyString",
|
22268
|
+
# },
|
22269
|
+
# aws_waf_regional_rule_group: {
|
22270
|
+
# metric_name: "NonEmptyString",
|
22271
|
+
# name: "NonEmptyString",
|
22272
|
+
# rule_group_id: "NonEmptyString",
|
22273
|
+
# rules: [
|
22274
|
+
# {
|
22275
|
+
# action: {
|
22276
|
+
# type: "NonEmptyString",
|
22277
|
+
# },
|
22278
|
+
# priority: 1,
|
22279
|
+
# rule_id: "NonEmptyString",
|
22280
|
+
# type: "NonEmptyString",
|
22281
|
+
# },
|
22282
|
+
# ],
|
22283
|
+
# },
|
22284
|
+
# aws_waf_regional_rule: {
|
22285
|
+
# metric_name: "NonEmptyString",
|
22286
|
+
# name: "NonEmptyString",
|
22287
|
+
# predicate_list: [
|
22288
|
+
# {
|
22289
|
+
# data_id: "NonEmptyString",
|
22290
|
+
# negated: false,
|
22291
|
+
# type: "NonEmptyString",
|
22292
|
+
# },
|
22293
|
+
# ],
|
22294
|
+
# rule_id: "NonEmptyString",
|
22295
|
+
# },
|
22296
|
+
# aws_waf_regional_web_acl: {
|
22297
|
+
# default_action: "NonEmptyString",
|
22298
|
+
# metric_name: "NonEmptyString",
|
22299
|
+
# name: "NonEmptyString",
|
22300
|
+
# rules_list: [
|
22301
|
+
# {
|
22302
|
+
# action: {
|
22303
|
+
# type: "NonEmptyString",
|
22304
|
+
# },
|
22305
|
+
# override_action: {
|
22306
|
+
# type: "NonEmptyString",
|
22307
|
+
# },
|
22308
|
+
# priority: 1,
|
22309
|
+
# rule_id: "NonEmptyString",
|
22310
|
+
# type: "NonEmptyString",
|
22311
|
+
# },
|
22312
|
+
# ],
|
22313
|
+
# web_acl_id: "NonEmptyString",
|
22314
|
+
# },
|
22315
|
+
# aws_waf_rule: {
|
22316
|
+
# metric_name: "NonEmptyString",
|
22317
|
+
# name: "NonEmptyString",
|
22318
|
+
# predicate_list: [
|
22319
|
+
# {
|
22320
|
+
# data_id: "NonEmptyString",
|
22321
|
+
# negated: false,
|
22322
|
+
# type: "NonEmptyString",
|
22323
|
+
# },
|
22324
|
+
# ],
|
22325
|
+
# rule_id: "NonEmptyString",
|
22326
|
+
# },
|
22327
|
+
# aws_waf_rule_group: {
|
22328
|
+
# metric_name: "NonEmptyString",
|
22329
|
+
# name: "NonEmptyString",
|
22330
|
+
# rule_group_id: "NonEmptyString",
|
22331
|
+
# rules: [
|
22332
|
+
# {
|
22333
|
+
# action: {
|
22334
|
+
# type: "NonEmptyString",
|
22335
|
+
# },
|
22336
|
+
# priority: 1,
|
22337
|
+
# rule_id: "NonEmptyString",
|
22338
|
+
# type: "NonEmptyString",
|
22339
|
+
# },
|
22340
|
+
# ],
|
22341
|
+
# },
|
22342
|
+
# aws_ecs_task: {
|
22343
|
+
# cluster_arn: "NonEmptyString",
|
22344
|
+
# task_definition_arn: "NonEmptyString",
|
22345
|
+
# version: "NonEmptyString",
|
22346
|
+
# created_at: "NonEmptyString",
|
22347
|
+
# started_at: "NonEmptyString",
|
22348
|
+
# started_by: "NonEmptyString",
|
22349
|
+
# group: "NonEmptyString",
|
22350
|
+
# volumes: [
|
22351
|
+
# {
|
22352
|
+
# name: "NonEmptyString",
|
22353
|
+
# host: {
|
22354
|
+
# source_path: "NonEmptyString",
|
22355
|
+
# },
|
22356
|
+
# },
|
22357
|
+
# ],
|
22358
|
+
# containers: [
|
22359
|
+
# {
|
22360
|
+
# name: "NonEmptyString",
|
22361
|
+
# image: "NonEmptyString",
|
22362
|
+
# mount_points: [
|
22363
|
+
# {
|
22364
|
+
# source_volume: "NonEmptyString",
|
22365
|
+
# container_path: "NonEmptyString",
|
22366
|
+
# },
|
22367
|
+
# ],
|
22368
|
+
# privileged: false,
|
22369
|
+
# },
|
22370
|
+
# ],
|
22371
|
+
# },
|
20533
22372
|
# },
|
20534
22373
|
# },
|
20535
22374
|
# ],
|
@@ -20757,36 +22596,24 @@ module Aws::SecurityHub
|
|
20757
22596
|
# The name of the product that generated the finding.
|
20758
22597
|
#
|
20759
22598
|
# Security Hub populates this attribute automatically for each
|
20760
|
-
# finding. You cannot update
|
20761
|
-
# `BatchUpdateFindings`. The exception to this is
|
20762
|
-
#
|
20763
|
-
#
|
20764
|
-
# When you use the Security Hub console to filter findings by product
|
20765
|
-
# name, you use this attribute.
|
20766
|
-
#
|
20767
|
-
# When you use the Security Hub API to filter findings by product
|
20768
|
-
# name, you use the `aws/securityhub/ProductName` attribute under
|
20769
|
-
# `ProductFields`.
|
22599
|
+
# finding. You cannot update this attribute with `BatchImportFindings`
|
22600
|
+
# or `BatchUpdateFindings`. The exception to this is a custom
|
22601
|
+
# integration.
|
20770
22602
|
#
|
20771
|
-
# Security Hub
|
22603
|
+
# When you use the Security Hub console or API to filter findings by
|
22604
|
+
# product name, you use this attribute.
|
20772
22605
|
# @return [String]
|
20773
22606
|
#
|
20774
22607
|
# @!attribute [rw] company_name
|
20775
22608
|
# The name of the company for the product that generated the finding.
|
20776
22609
|
#
|
20777
22610
|
# Security Hub populates this attribute automatically for each
|
20778
|
-
# finding. You cannot
|
20779
|
-
# `BatchUpdateFindings`. The exception to this is
|
20780
|
-
#
|
20781
|
-
#
|
20782
|
-
# When you use the Security Hub console to filter findings by company
|
20783
|
-
# name, you use this attribute.
|
20784
|
-
#
|
20785
|
-
# When you use the Security Hub API to filter findings by company
|
20786
|
-
# name, you use the `aws/securityhub/CompanyName` attribute under
|
20787
|
-
# `ProductFields`.
|
22611
|
+
# finding. You cannot update this attribute with `BatchImportFindings`
|
22612
|
+
# or `BatchUpdateFindings`. The exception to this is a custom
|
22613
|
+
# integration.
|
20788
22614
|
#
|
20789
|
-
# Security Hub
|
22615
|
+
# When you use the Security Hub console or API to filter findings by
|
22616
|
+
# company name, you use this attribute.
|
20790
22617
|
# @return [String]
|
20791
22618
|
#
|
20792
22619
|
# @!attribute [rw] region
|
@@ -20949,6 +22776,11 @@ module Aws::SecurityHub
|
|
20949
22776
|
# The details of process-related information about a finding.
|
20950
22777
|
# @return [Types::ProcessDetails]
|
20951
22778
|
#
|
22779
|
+
# @!attribute [rw] threats
|
22780
|
+
# Details about the threat detected in a security finding and the file
|
22781
|
+
# paths that were affected by the threat.
|
22782
|
+
# @return [Array<Types::Threat>]
|
22783
|
+
#
|
20952
22784
|
# @!attribute [rw] threat_intel_indicators
|
20953
22785
|
# Threat intelligence details related to a finding.
|
20954
22786
|
# @return [Array<Types::ThreatIntelIndicator>]
|
@@ -21043,6 +22875,7 @@ module Aws::SecurityHub
|
|
21043
22875
|
:network,
|
21044
22876
|
:network_path,
|
21045
22877
|
:process,
|
22878
|
+
:threats,
|
21046
22879
|
:threat_intel_indicators,
|
21047
22880
|
:resources,
|
21048
22881
|
:compliance,
|
@@ -21805,19 +23638,11 @@ module Aws::SecurityHub
|
|
21805
23638
|
#
|
21806
23639
|
# @!attribute [rw] product_name
|
21807
23640
|
# The name of the solution (product) that generates findings.
|
21808
|
-
#
|
21809
|
-
# Note that this is a filter against the `aws/securityhub/ProductName`
|
21810
|
-
# field in `ProductFields`. It is not a filter for the top-level
|
21811
|
-
# `ProductName` field.
|
21812
23641
|
# @return [Array<Types::StringFilter>]
|
21813
23642
|
#
|
21814
23643
|
# @!attribute [rw] company_name
|
21815
23644
|
# The name of the findings provider (company) that owns the solution
|
21816
23645
|
# (product) that generates findings.
|
21817
|
-
#
|
21818
|
-
# Note that this is a filter against the `aws/securityhub/CompanyName`
|
21819
|
-
# field in `ProductFields`. It is not a filter for the top-level
|
21820
|
-
# `CompanyName` field.
|
21821
23646
|
# @return [Array<Types::StringFilter>]
|
21822
23647
|
#
|
21823
23648
|
# @!attribute [rw] user_defined_fields
|
@@ -22330,7 +24155,8 @@ module Aws::SecurityHub
|
|
22330
24155
|
include Aws::Structure
|
22331
24156
|
end
|
22332
24157
|
|
22333
|
-
#
|
24158
|
+
# Provides information about an Amazon SNS topic to which notifications
|
24159
|
+
# can be published.
|
22334
24160
|
#
|
22335
24161
|
# @note When making an API call, you may pass AwsSnsTopicDetails
|
22336
24162
|
# data as a hash:
|
@@ -22345,6 +24171,13 @@ module Aws::SecurityHub
|
|
22345
24171
|
# ],
|
22346
24172
|
# topic_name: "NonEmptyString",
|
22347
24173
|
# owner: "NonEmptyString",
|
24174
|
+
# sqs_success_feedback_role_arn: "NonEmptyString",
|
24175
|
+
# sqs_failure_feedback_role_arn: "NonEmptyString",
|
24176
|
+
# application_success_feedback_role_arn: "NonEmptyString",
|
24177
|
+
# firehose_success_feedback_role_arn: "NonEmptyString",
|
24178
|
+
# firehose_failure_feedback_role_arn: "NonEmptyString",
|
24179
|
+
# http_success_feedback_role_arn: "NonEmptyString",
|
24180
|
+
# http_failure_feedback_role_arn: "NonEmptyString",
|
22348
24181
|
# }
|
22349
24182
|
#
|
22350
24183
|
# @!attribute [rw] kms_master_key_id
|
@@ -22354,24 +24187,66 @@ module Aws::SecurityHub
|
|
22354
24187
|
#
|
22355
24188
|
# @!attribute [rw] subscription
|
22356
24189
|
# Subscription is an embedded property that describes the subscription
|
22357
|
-
# endpoints of an SNS topic.
|
24190
|
+
# endpoints of an Amazon SNS topic.
|
22358
24191
|
# @return [Array<Types::AwsSnsTopicSubscription>]
|
22359
24192
|
#
|
22360
24193
|
# @!attribute [rw] topic_name
|
22361
|
-
# The name of the topic.
|
24194
|
+
# The name of the Amazon SNS topic.
|
22362
24195
|
# @return [String]
|
22363
24196
|
#
|
22364
24197
|
# @!attribute [rw] owner
|
22365
24198
|
# The subscription's owner.
|
22366
24199
|
# @return [String]
|
22367
24200
|
#
|
24201
|
+
# @!attribute [rw] sqs_success_feedback_role_arn
|
24202
|
+
# Indicates successful message delivery status for an Amazon SNS topic
|
24203
|
+
# that is subscribed to an Amazon SQS endpoint.
|
24204
|
+
# @return [String]
|
24205
|
+
#
|
24206
|
+
# @!attribute [rw] sqs_failure_feedback_role_arn
|
24207
|
+
# Indicates failed message delivery status for an Amazon SNS topic
|
24208
|
+
# that is subscribed to an Amazon SQS endpoint.
|
24209
|
+
# @return [String]
|
24210
|
+
#
|
24211
|
+
# @!attribute [rw] application_success_feedback_role_arn
|
24212
|
+
# Indicates failed message delivery status for an Amazon SNS topic
|
24213
|
+
# that is subscribed to a platform application endpoint.
|
24214
|
+
# @return [String]
|
24215
|
+
#
|
24216
|
+
# @!attribute [rw] firehose_success_feedback_role_arn
|
24217
|
+
# Indicates successful message delivery status for an Amazon SNS topic
|
24218
|
+
# that is subscribed to an Amazon Kinesis Data Firehose endpoint.
|
24219
|
+
# @return [String]
|
24220
|
+
#
|
24221
|
+
# @!attribute [rw] firehose_failure_feedback_role_arn
|
24222
|
+
# Indicates failed message delivery status for an Amazon SNS topic
|
24223
|
+
# that is subscribed to an Amazon Kinesis Data Firehose endpoint.
|
24224
|
+
# @return [String]
|
24225
|
+
#
|
24226
|
+
# @!attribute [rw] http_success_feedback_role_arn
|
24227
|
+
# Indicates successful message delivery status for an Amazon SNS topic
|
24228
|
+
# that is subscribed to an HTTP endpoint.
|
24229
|
+
# @return [String]
|
24230
|
+
#
|
24231
|
+
# @!attribute [rw] http_failure_feedback_role_arn
|
24232
|
+
# Indicates failed message delivery status for an Amazon SNS topic
|
24233
|
+
# that is subscribed to an HTTP endpoint.
|
24234
|
+
# @return [String]
|
24235
|
+
#
|
22368
24236
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicDetails AWS API Documentation
|
22369
24237
|
#
|
22370
24238
|
class AwsSnsTopicDetails < Struct.new(
|
22371
24239
|
:kms_master_key_id,
|
22372
24240
|
:subscription,
|
22373
24241
|
:topic_name,
|
22374
|
-
:owner
|
24242
|
+
:owner,
|
24243
|
+
:sqs_success_feedback_role_arn,
|
24244
|
+
:sqs_failure_feedback_role_arn,
|
24245
|
+
:application_success_feedback_role_arn,
|
24246
|
+
:firehose_success_feedback_role_arn,
|
24247
|
+
:firehose_failure_feedback_role_arn,
|
24248
|
+
:http_success_feedback_role_arn,
|
24249
|
+
:http_failure_feedback_role_arn)
|
22375
24250
|
SENSITIVE = []
|
22376
24251
|
include Aws::Structure
|
22377
24252
|
end
|
@@ -22882,7 +24757,581 @@ module Aws::SecurityHub
|
|
22882
24757
|
include Aws::Structure
|
22883
24758
|
end
|
22884
24759
|
|
22885
|
-
#
|
24760
|
+
# Provides information about an WAF Regional rule. This rule identifies
|
24761
|
+
# the web requests that you want to allow, block, or count.
|
24762
|
+
#
|
24763
|
+
# @note When making an API call, you may pass AwsWafRegionalRuleDetails
|
24764
|
+
# data as a hash:
|
24765
|
+
#
|
24766
|
+
# {
|
24767
|
+
# metric_name: "NonEmptyString",
|
24768
|
+
# name: "NonEmptyString",
|
24769
|
+
# predicate_list: [
|
24770
|
+
# {
|
24771
|
+
# data_id: "NonEmptyString",
|
24772
|
+
# negated: false,
|
24773
|
+
# type: "NonEmptyString",
|
24774
|
+
# },
|
24775
|
+
# ],
|
24776
|
+
# rule_id: "NonEmptyString",
|
24777
|
+
# }
|
24778
|
+
#
|
24779
|
+
# @!attribute [rw] metric_name
|
24780
|
+
# A name for the metrics for the rule.
|
24781
|
+
# @return [String]
|
24782
|
+
#
|
24783
|
+
# @!attribute [rw] name
|
24784
|
+
# A descriptive name for the rule.
|
24785
|
+
# @return [String]
|
24786
|
+
#
|
24787
|
+
# @!attribute [rw] predicate_list
|
24788
|
+
# Specifies the `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`,
|
24789
|
+
# `XssMatchSet`, `RegexMatchSet`, `GeoMatchSet`, and
|
24790
|
+
# `SizeConstraintSet` objects that you want to add to a rule and, for
|
24791
|
+
# each object, indicates whether you want to negate the settings.
|
24792
|
+
# @return [Array<Types::AwsWafRegionalRulePredicateListDetails>]
|
24793
|
+
#
|
24794
|
+
# @!attribute [rw] rule_id
|
24795
|
+
# The ID of the rule.
|
24796
|
+
# @return [String]
|
24797
|
+
#
|
24798
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRuleDetails AWS API Documentation
|
24799
|
+
#
|
24800
|
+
class AwsWafRegionalRuleDetails < Struct.new(
|
24801
|
+
:metric_name,
|
24802
|
+
:name,
|
24803
|
+
:predicate_list,
|
24804
|
+
:rule_id)
|
24805
|
+
SENSITIVE = []
|
24806
|
+
include Aws::Structure
|
24807
|
+
end
|
24808
|
+
|
24809
|
+
# Provides information about an WAF Regional rule group. The rule group
|
24810
|
+
# is a collection of rules for inspecting and controlling web requests.
|
24811
|
+
#
|
24812
|
+
# @note When making an API call, you may pass AwsWafRegionalRuleGroupDetails
|
24813
|
+
# data as a hash:
|
24814
|
+
#
|
24815
|
+
# {
|
24816
|
+
# metric_name: "NonEmptyString",
|
24817
|
+
# name: "NonEmptyString",
|
24818
|
+
# rule_group_id: "NonEmptyString",
|
24819
|
+
# rules: [
|
24820
|
+
# {
|
24821
|
+
# action: {
|
24822
|
+
# type: "NonEmptyString",
|
24823
|
+
# },
|
24824
|
+
# priority: 1,
|
24825
|
+
# rule_id: "NonEmptyString",
|
24826
|
+
# type: "NonEmptyString",
|
24827
|
+
# },
|
24828
|
+
# ],
|
24829
|
+
# }
|
24830
|
+
#
|
24831
|
+
# @!attribute [rw] metric_name
|
24832
|
+
# A name for the metrics for this rule group.
|
24833
|
+
# @return [String]
|
24834
|
+
#
|
24835
|
+
# @!attribute [rw] name
|
24836
|
+
# The descriptive name of the rule group.
|
24837
|
+
# @return [String]
|
24838
|
+
#
|
24839
|
+
# @!attribute [rw] rule_group_id
|
24840
|
+
# The ID of the rule group.
|
24841
|
+
# @return [String]
|
24842
|
+
#
|
24843
|
+
# @!attribute [rw] rules
|
24844
|
+
# Provides information about the rule statements used to identify the
|
24845
|
+
# web requests that you want to allow, block, or count.
|
24846
|
+
# @return [Array<Types::AwsWafRegionalRuleGroupRulesDetails>]
|
24847
|
+
#
|
24848
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRuleGroupDetails AWS API Documentation
|
24849
|
+
#
|
24850
|
+
class AwsWafRegionalRuleGroupDetails < Struct.new(
|
24851
|
+
:metric_name,
|
24852
|
+
:name,
|
24853
|
+
:rule_group_id,
|
24854
|
+
:rules)
|
24855
|
+
SENSITIVE = []
|
24856
|
+
include Aws::Structure
|
24857
|
+
end
|
24858
|
+
|
24859
|
+
# Describes the action that AWS WAF should take on a web request when it
|
24860
|
+
# matches the criteria defined in the rule.
|
24861
|
+
#
|
24862
|
+
# @note When making an API call, you may pass AwsWafRegionalRuleGroupRulesActionDetails
|
24863
|
+
# data as a hash:
|
24864
|
+
#
|
24865
|
+
# {
|
24866
|
+
# type: "NonEmptyString",
|
24867
|
+
# }
|
24868
|
+
#
|
24869
|
+
# @!attribute [rw] type
|
24870
|
+
# Specifies the `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`,
|
24871
|
+
# `XssMatchSet`, `RegexMatchSet`, `GeoMatchSet`, and
|
24872
|
+
# `SizeConstraintSet` objects that you want to add to a rule and, for
|
24873
|
+
# each object, indicates whether you want to negate the settings.
|
24874
|
+
# @return [String]
|
24875
|
+
#
|
24876
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRuleGroupRulesActionDetails AWS API Documentation
|
24877
|
+
#
|
24878
|
+
class AwsWafRegionalRuleGroupRulesActionDetails < Struct.new(
|
24879
|
+
:type)
|
24880
|
+
SENSITIVE = []
|
24881
|
+
include Aws::Structure
|
24882
|
+
end
|
24883
|
+
|
24884
|
+
# Provides information about the rules attached to a rule group
|
24885
|
+
#
|
24886
|
+
# @note When making an API call, you may pass AwsWafRegionalRuleGroupRulesDetails
|
24887
|
+
# data as a hash:
|
24888
|
+
#
|
24889
|
+
# {
|
24890
|
+
# action: {
|
24891
|
+
# type: "NonEmptyString",
|
24892
|
+
# },
|
24893
|
+
# priority: 1,
|
24894
|
+
# rule_id: "NonEmptyString",
|
24895
|
+
# type: "NonEmptyString",
|
24896
|
+
# }
|
24897
|
+
#
|
24898
|
+
# @!attribute [rw] action
|
24899
|
+
# The action that WAF should take on a web request when it matches the
|
24900
|
+
# criteria defined in the rule.
|
24901
|
+
# @return [Types::AwsWafRegionalRuleGroupRulesActionDetails]
|
24902
|
+
#
|
24903
|
+
# @!attribute [rw] priority
|
24904
|
+
# If you define more than one rule in a web ACL, WAF evaluates each
|
24905
|
+
# request against the rules in order based on the value of `Priority`.
|
24906
|
+
# @return [Integer]
|
24907
|
+
#
|
24908
|
+
# @!attribute [rw] rule_id
|
24909
|
+
# The ID for a rule.
|
24910
|
+
# @return [String]
|
24911
|
+
#
|
24912
|
+
# @!attribute [rw] type
|
24913
|
+
# The type of rule in the rule group.
|
24914
|
+
# @return [String]
|
24915
|
+
#
|
24916
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRuleGroupRulesDetails AWS API Documentation
|
24917
|
+
#
|
24918
|
+
class AwsWafRegionalRuleGroupRulesDetails < Struct.new(
|
24919
|
+
:action,
|
24920
|
+
:priority,
|
24921
|
+
:rule_id,
|
24922
|
+
:type)
|
24923
|
+
SENSITIVE = []
|
24924
|
+
include Aws::Structure
|
24925
|
+
end
|
24926
|
+
|
24927
|
+
# Provides details about the `ByteMatchSet`, `IPSet`,
|
24928
|
+
# `SqlInjectionMatchSet`, `XssMatchSet`, `RegexMatchSet`, `GeoMatchSet`,
|
24929
|
+
# and `SizeConstraintSet` objects that you want to add to a rule and,
|
24930
|
+
# for each object, indicates whether you want to negate the settings.
|
24931
|
+
#
|
24932
|
+
# @note When making an API call, you may pass AwsWafRegionalRulePredicateListDetails
|
24933
|
+
# data as a hash:
|
24934
|
+
#
|
24935
|
+
# {
|
24936
|
+
# data_id: "NonEmptyString",
|
24937
|
+
# negated: false,
|
24938
|
+
# type: "NonEmptyString",
|
24939
|
+
# }
|
24940
|
+
#
|
24941
|
+
# @!attribute [rw] data_id
|
24942
|
+
# A unique identifier for a predicate in a rule, such as
|
24943
|
+
# `ByteMatchSetId` or `IPSetId`.
|
24944
|
+
# @return [String]
|
24945
|
+
#
|
24946
|
+
# @!attribute [rw] negated
|
24947
|
+
# Specifies if you want WAF to allow, block, or count requests based
|
24948
|
+
# on the settings in the `ByteMatchSet`, `IPSet`,
|
24949
|
+
# `SqlInjectionMatchSet`, `XssMatchSet`, `RegexMatchSet`,
|
24950
|
+
# `GeoMatchSet`, or `SizeConstraintSet`.
|
24951
|
+
# @return [Boolean]
|
24952
|
+
#
|
24953
|
+
# @!attribute [rw] type
|
24954
|
+
# The type of predicate in a rule, such as `ByteMatch` or `IPSet`.
|
24955
|
+
# @return [String]
|
24956
|
+
#
|
24957
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRulePredicateListDetails AWS API Documentation
|
24958
|
+
#
|
24959
|
+
class AwsWafRegionalRulePredicateListDetails < Struct.new(
|
24960
|
+
:data_id,
|
24961
|
+
:negated,
|
24962
|
+
:type)
|
24963
|
+
SENSITIVE = []
|
24964
|
+
include Aws::Structure
|
24965
|
+
end
|
24966
|
+
|
24967
|
+
# Provides information about the web access control list (web ACL). The
|
24968
|
+
# web ACL contains the rules that identify the requests that you want to
|
24969
|
+
# allow, block, or count.
|
24970
|
+
#
|
24971
|
+
# @note When making an API call, you may pass AwsWafRegionalWebAclDetails
|
24972
|
+
# data as a hash:
|
24973
|
+
#
|
24974
|
+
# {
|
24975
|
+
# default_action: "NonEmptyString",
|
24976
|
+
# metric_name: "NonEmptyString",
|
24977
|
+
# name: "NonEmptyString",
|
24978
|
+
# rules_list: [
|
24979
|
+
# {
|
24980
|
+
# action: {
|
24981
|
+
# type: "NonEmptyString",
|
24982
|
+
# },
|
24983
|
+
# override_action: {
|
24984
|
+
# type: "NonEmptyString",
|
24985
|
+
# },
|
24986
|
+
# priority: 1,
|
24987
|
+
# rule_id: "NonEmptyString",
|
24988
|
+
# type: "NonEmptyString",
|
24989
|
+
# },
|
24990
|
+
# ],
|
24991
|
+
# web_acl_id: "NonEmptyString",
|
24992
|
+
# }
|
24993
|
+
#
|
24994
|
+
# @!attribute [rw] default_action
|
24995
|
+
# The action to perform if none of the rules contained in the web ACL
|
24996
|
+
# match.
|
24997
|
+
# @return [String]
|
24998
|
+
#
|
24999
|
+
# @!attribute [rw] metric_name
|
25000
|
+
# A name for the metrics for this web ACL.
|
25001
|
+
# @return [String]
|
25002
|
+
#
|
25003
|
+
# @!attribute [rw] name
|
25004
|
+
# A descriptive name for the web ACL.
|
25005
|
+
# @return [String]
|
25006
|
+
#
|
25007
|
+
# @!attribute [rw] rules_list
|
25008
|
+
# An array that contains the action for each rule in a web ACL, the
|
25009
|
+
# priority of the rule, and the ID of the rule.
|
25010
|
+
# @return [Array<Types::AwsWafRegionalWebAclRulesListDetails>]
|
25011
|
+
#
|
25012
|
+
# @!attribute [rw] web_acl_id
|
25013
|
+
# The ID of the web ACL.
|
25014
|
+
# @return [String]
|
25015
|
+
#
|
25016
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalWebAclDetails AWS API Documentation
|
25017
|
+
#
|
25018
|
+
class AwsWafRegionalWebAclDetails < Struct.new(
|
25019
|
+
:default_action,
|
25020
|
+
:metric_name,
|
25021
|
+
:name,
|
25022
|
+
:rules_list,
|
25023
|
+
:web_acl_id)
|
25024
|
+
SENSITIVE = []
|
25025
|
+
include Aws::Structure
|
25026
|
+
end
|
25027
|
+
|
25028
|
+
# The action that WAF takes when a web request matches all conditions in
|
25029
|
+
# the rule, such as allow, block, or count the request.
|
25030
|
+
#
|
25031
|
+
# @note When making an API call, you may pass AwsWafRegionalWebAclRulesListActionDetails
|
25032
|
+
# data as a hash:
|
25033
|
+
#
|
25034
|
+
# {
|
25035
|
+
# type: "NonEmptyString",
|
25036
|
+
# }
|
25037
|
+
#
|
25038
|
+
# @!attribute [rw] type
|
25039
|
+
# For actions that are associated with a rule, the action that WAF
|
25040
|
+
# takes when a web request matches all conditions in a rule.
|
25041
|
+
# @return [String]
|
25042
|
+
#
|
25043
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalWebAclRulesListActionDetails AWS API Documentation
|
25044
|
+
#
|
25045
|
+
class AwsWafRegionalWebAclRulesListActionDetails < Struct.new(
|
25046
|
+
:type)
|
25047
|
+
SENSITIVE = []
|
25048
|
+
include Aws::Structure
|
25049
|
+
end
|
25050
|
+
|
25051
|
+
# A combination of `ByteMatchSet`, `IPSet`, and/or
|
25052
|
+
# `SqlInjectionMatchSet` objects that identify the web requests that you
|
25053
|
+
# want to allow, block, or count.
|
25054
|
+
#
|
25055
|
+
# @note When making an API call, you may pass AwsWafRegionalWebAclRulesListDetails
|
25056
|
+
# data as a hash:
|
25057
|
+
#
|
25058
|
+
# {
|
25059
|
+
# action: {
|
25060
|
+
# type: "NonEmptyString",
|
25061
|
+
# },
|
25062
|
+
# override_action: {
|
25063
|
+
# type: "NonEmptyString",
|
25064
|
+
# },
|
25065
|
+
# priority: 1,
|
25066
|
+
# rule_id: "NonEmptyString",
|
25067
|
+
# type: "NonEmptyString",
|
25068
|
+
# }
|
25069
|
+
#
|
25070
|
+
# @!attribute [rw] action
|
25071
|
+
# The action that AWS WAF takes when a web request matches all
|
25072
|
+
# conditions in the rule, such as allow, block, or count the request.
|
25073
|
+
# @return [Types::AwsWafRegionalWebAclRulesListActionDetails]
|
25074
|
+
#
|
25075
|
+
# @!attribute [rw] override_action
|
25076
|
+
# Overrides the rule evaluation result in the rule group.
|
25077
|
+
# @return [Types::AwsWafRegionalWebAclRulesListOverrideActionDetails]
|
25078
|
+
#
|
25079
|
+
# @!attribute [rw] priority
|
25080
|
+
# The order in which WAF evaluates the rules in a web ACL.
|
25081
|
+
# @return [Integer]
|
25082
|
+
#
|
25083
|
+
# @!attribute [rw] rule_id
|
25084
|
+
# The ID of an WAF Regional rule to associate with a web ACL.
|
25085
|
+
# @return [String]
|
25086
|
+
#
|
25087
|
+
# @!attribute [rw] type
|
25088
|
+
# For actions that are associated with a rule, the action that WAF
|
25089
|
+
# takes when a web request matches all conditions in a rule.
|
25090
|
+
# @return [String]
|
25091
|
+
#
|
25092
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalWebAclRulesListDetails AWS API Documentation
|
25093
|
+
#
|
25094
|
+
class AwsWafRegionalWebAclRulesListDetails < Struct.new(
|
25095
|
+
:action,
|
25096
|
+
:override_action,
|
25097
|
+
:priority,
|
25098
|
+
:rule_id,
|
25099
|
+
:type)
|
25100
|
+
SENSITIVE = []
|
25101
|
+
include Aws::Structure
|
25102
|
+
end
|
25103
|
+
|
25104
|
+
# Provides details about the action to use in the place of the action
|
25105
|
+
# that results from the rule group evaluation.
|
25106
|
+
#
|
25107
|
+
# @note When making an API call, you may pass AwsWafRegionalWebAclRulesListOverrideActionDetails
|
25108
|
+
# data as a hash:
|
25109
|
+
#
|
25110
|
+
# {
|
25111
|
+
# type: "NonEmptyString",
|
25112
|
+
# }
|
25113
|
+
#
|
25114
|
+
# @!attribute [rw] type
|
25115
|
+
# Overrides the rule evaluation result in the rule group.
|
25116
|
+
# @return [String]
|
25117
|
+
#
|
25118
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalWebAclRulesListOverrideActionDetails AWS API Documentation
|
25119
|
+
#
|
25120
|
+
class AwsWafRegionalWebAclRulesListOverrideActionDetails < Struct.new(
|
25121
|
+
:type)
|
25122
|
+
SENSITIVE = []
|
25123
|
+
include Aws::Structure
|
25124
|
+
end
|
25125
|
+
|
25126
|
+
# Provides information about a WAF rule. This rule specifies the web
|
25127
|
+
# requests that you want to allow, block, or count.
|
25128
|
+
#
|
25129
|
+
# @note When making an API call, you may pass AwsWafRuleDetails
|
25130
|
+
# data as a hash:
|
25131
|
+
#
|
25132
|
+
# {
|
25133
|
+
# metric_name: "NonEmptyString",
|
25134
|
+
# name: "NonEmptyString",
|
25135
|
+
# predicate_list: [
|
25136
|
+
# {
|
25137
|
+
# data_id: "NonEmptyString",
|
25138
|
+
# negated: false,
|
25139
|
+
# type: "NonEmptyString",
|
25140
|
+
# },
|
25141
|
+
# ],
|
25142
|
+
# rule_id: "NonEmptyString",
|
25143
|
+
# }
|
25144
|
+
#
|
25145
|
+
# @!attribute [rw] metric_name
|
25146
|
+
# The name of the metrics for this rule.
|
25147
|
+
# @return [String]
|
25148
|
+
#
|
25149
|
+
# @!attribute [rw] name
|
25150
|
+
# A descriptive name for the rule.
|
25151
|
+
# @return [String]
|
25152
|
+
#
|
25153
|
+
# @!attribute [rw] predicate_list
|
25154
|
+
# Specifies the `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`,
|
25155
|
+
# `XssMatchSet`, `RegexMatchSet`, `GeoMatchSet`, and
|
25156
|
+
# `SizeConstraintSet` objects that you want to add to a rule and, for
|
25157
|
+
# each object, indicates whether you want to negate the settings.
|
25158
|
+
# @return [Array<Types::AwsWafRulePredicateListDetails>]
|
25159
|
+
#
|
25160
|
+
# @!attribute [rw] rule_id
|
25161
|
+
# The ID of the WAF rule.
|
25162
|
+
# @return [String]
|
25163
|
+
#
|
25164
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRuleDetails AWS API Documentation
|
25165
|
+
#
|
25166
|
+
class AwsWafRuleDetails < Struct.new(
|
25167
|
+
:metric_name,
|
25168
|
+
:name,
|
25169
|
+
:predicate_list,
|
25170
|
+
:rule_id)
|
25171
|
+
SENSITIVE = []
|
25172
|
+
include Aws::Structure
|
25173
|
+
end
|
25174
|
+
|
25175
|
+
# Provides information about an WAF rule group. A rule group is a
|
25176
|
+
# collection of rules for inspecting and controlling web requests.
|
25177
|
+
#
|
25178
|
+
# @note When making an API call, you may pass AwsWafRuleGroupDetails
|
25179
|
+
# data as a hash:
|
25180
|
+
#
|
25181
|
+
# {
|
25182
|
+
# metric_name: "NonEmptyString",
|
25183
|
+
# name: "NonEmptyString",
|
25184
|
+
# rule_group_id: "NonEmptyString",
|
25185
|
+
# rules: [
|
25186
|
+
# {
|
25187
|
+
# action: {
|
25188
|
+
# type: "NonEmptyString",
|
25189
|
+
# },
|
25190
|
+
# priority: 1,
|
25191
|
+
# rule_id: "NonEmptyString",
|
25192
|
+
# type: "NonEmptyString",
|
25193
|
+
# },
|
25194
|
+
# ],
|
25195
|
+
# }
|
25196
|
+
#
|
25197
|
+
# @!attribute [rw] metric_name
|
25198
|
+
# The name of the metrics for this rule group.
|
25199
|
+
# @return [String]
|
25200
|
+
#
|
25201
|
+
# @!attribute [rw] name
|
25202
|
+
# The name of the rule group.
|
25203
|
+
# @return [String]
|
25204
|
+
#
|
25205
|
+
# @!attribute [rw] rule_group_id
|
25206
|
+
# The ID of the rule group.
|
25207
|
+
# @return [String]
|
25208
|
+
#
|
25209
|
+
# @!attribute [rw] rules
|
25210
|
+
# Provides information about the rules attached to the rule group.
|
25211
|
+
# These rules identify the web requests that you want to allow, block,
|
25212
|
+
# or count.
|
25213
|
+
# @return [Array<Types::AwsWafRuleGroupRulesDetails>]
|
25214
|
+
#
|
25215
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRuleGroupDetails AWS API Documentation
|
25216
|
+
#
|
25217
|
+
class AwsWafRuleGroupDetails < Struct.new(
|
25218
|
+
:metric_name,
|
25219
|
+
:name,
|
25220
|
+
:rule_group_id,
|
25221
|
+
:rules)
|
25222
|
+
SENSITIVE = []
|
25223
|
+
include Aws::Structure
|
25224
|
+
end
|
25225
|
+
|
25226
|
+
# Provides information about what action WAF should take on a web
|
25227
|
+
# request when it matches the criteria defined in the rule.
|
25228
|
+
#
|
25229
|
+
# @note When making an API call, you may pass AwsWafRuleGroupRulesActionDetails
|
25230
|
+
# data as a hash:
|
25231
|
+
#
|
25232
|
+
# {
|
25233
|
+
# type: "NonEmptyString",
|
25234
|
+
# }
|
25235
|
+
#
|
25236
|
+
# @!attribute [rw] type
|
25237
|
+
# The action that WAF should take on a web request when it matches the
|
25238
|
+
# rule's statement.
|
25239
|
+
# @return [String]
|
25240
|
+
#
|
25241
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRuleGroupRulesActionDetails AWS API Documentation
|
25242
|
+
#
|
25243
|
+
class AwsWafRuleGroupRulesActionDetails < Struct.new(
|
25244
|
+
:type)
|
25245
|
+
SENSITIVE = []
|
25246
|
+
include Aws::Structure
|
25247
|
+
end
|
25248
|
+
|
25249
|
+
# Provides information about the rules attached to the rule group. These
|
25250
|
+
# rules identify the web requests that you want to allow, block, or
|
25251
|
+
# count.
|
25252
|
+
#
|
25253
|
+
# @note When making an API call, you may pass AwsWafRuleGroupRulesDetails
|
25254
|
+
# data as a hash:
|
25255
|
+
#
|
25256
|
+
# {
|
25257
|
+
# action: {
|
25258
|
+
# type: "NonEmptyString",
|
25259
|
+
# },
|
25260
|
+
# priority: 1,
|
25261
|
+
# rule_id: "NonEmptyString",
|
25262
|
+
# type: "NonEmptyString",
|
25263
|
+
# }
|
25264
|
+
#
|
25265
|
+
# @!attribute [rw] action
|
25266
|
+
# Provides information about what action WAF should take on a web
|
25267
|
+
# request when it matches the criteria defined in the rule.
|
25268
|
+
# @return [Types::AwsWafRuleGroupRulesActionDetails]
|
25269
|
+
#
|
25270
|
+
# @!attribute [rw] priority
|
25271
|
+
# If you define more than one rule in a web ACL, WAF evaluates each
|
25272
|
+
# request against the rules in order based on the value of `Priority`.
|
25273
|
+
# @return [Integer]
|
25274
|
+
#
|
25275
|
+
# @!attribute [rw] rule_id
|
25276
|
+
# The rule ID for a rule.
|
25277
|
+
# @return [String]
|
25278
|
+
#
|
25279
|
+
# @!attribute [rw] type
|
25280
|
+
# The type of rule.
|
25281
|
+
# @return [String]
|
25282
|
+
#
|
25283
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRuleGroupRulesDetails AWS API Documentation
|
25284
|
+
#
|
25285
|
+
class AwsWafRuleGroupRulesDetails < Struct.new(
|
25286
|
+
:action,
|
25287
|
+
:priority,
|
25288
|
+
:rule_id,
|
25289
|
+
:type)
|
25290
|
+
SENSITIVE = []
|
25291
|
+
include Aws::Structure
|
25292
|
+
end
|
25293
|
+
|
25294
|
+
# Provides details about the `ByteMatchSet`, `IPSet`,
|
25295
|
+
# `SqlInjectionMatchSet`, `XssMatchSet`, `RegexMatchSet`, `GeoMatchSet`,
|
25296
|
+
# and `SizeConstraintSet` objects that you want to add to a rule and,
|
25297
|
+
# for each object, indicates whether you want to negate the settings.
|
25298
|
+
#
|
25299
|
+
# @note When making an API call, you may pass AwsWafRulePredicateListDetails
|
25300
|
+
# data as a hash:
|
25301
|
+
#
|
25302
|
+
# {
|
25303
|
+
# data_id: "NonEmptyString",
|
25304
|
+
# negated: false,
|
25305
|
+
# type: "NonEmptyString",
|
25306
|
+
# }
|
25307
|
+
#
|
25308
|
+
# @!attribute [rw] data_id
|
25309
|
+
# A unique identifier for a predicate in a rule, such as
|
25310
|
+
# `ByteMatchSetId` or `IPSetId`.
|
25311
|
+
# @return [String]
|
25312
|
+
#
|
25313
|
+
# @!attribute [rw] negated
|
25314
|
+
# Specifies if you want WAF to allow, block, or count requests based
|
25315
|
+
# on the settings in the `ByteMatchSet`, `IPSet`,
|
25316
|
+
# `SqlInjectionMatchSet`, `XssMatchSet`, `RegexMatchSet`,
|
25317
|
+
# `GeoMatchSet`, or `SizeConstraintSet`.
|
25318
|
+
# @return [Boolean]
|
25319
|
+
#
|
25320
|
+
# @!attribute [rw] type
|
25321
|
+
# The type of predicate in a rule, such as `ByteMatch` or `IPSet`.
|
25322
|
+
# @return [String]
|
25323
|
+
#
|
25324
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRulePredicateListDetails AWS API Documentation
|
25325
|
+
#
|
25326
|
+
class AwsWafRulePredicateListDetails < Struct.new(
|
25327
|
+
:data_id,
|
25328
|
+
:negated,
|
25329
|
+
:type)
|
25330
|
+
SENSITIVE = []
|
25331
|
+
include Aws::Structure
|
25332
|
+
end
|
25333
|
+
|
25334
|
+
# Provides information about an WAF web access control list (web ACL).
|
22886
25335
|
#
|
22887
25336
|
# @note When making an API call, you may pass AwsWafWebAclDetails
|
22888
25337
|
# data as a hash:
|
@@ -22912,22 +25361,22 @@ module Aws::SecurityHub
|
|
22912
25361
|
# }
|
22913
25362
|
#
|
22914
25363
|
# @!attribute [rw] name
|
22915
|
-
# A friendly name or description of the
|
22916
|
-
# name of a
|
25364
|
+
# A friendly name or description of the web ACL. You can't change the
|
25365
|
+
# name of a web ACL after you create it.
|
22917
25366
|
# @return [String]
|
22918
25367
|
#
|
22919
25368
|
# @!attribute [rw] default_action
|
22920
|
-
# The action to perform if none of the rules contained in the
|
25369
|
+
# The action to perform if none of the rules contained in the web ACL
|
22921
25370
|
# match.
|
22922
25371
|
# @return [String]
|
22923
25372
|
#
|
22924
25373
|
# @!attribute [rw] rules
|
22925
|
-
# An array that contains the action for each rule in a
|
25374
|
+
# An array that contains the action for each rule in a web ACL, the
|
22926
25375
|
# priority of the rule, and the ID of the rule.
|
22927
25376
|
# @return [Array<Types::AwsWafWebAclRule>]
|
22928
25377
|
#
|
22929
25378
|
# @!attribute [rw] web_acl_id
|
22930
|
-
# A unique identifier for a
|
25379
|
+
# A unique identifier for a web ACL.
|
22931
25380
|
# @return [String]
|
22932
25381
|
#
|
22933
25382
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafWebAclDetails AWS API Documentation
|
@@ -22941,7 +25390,7 @@ module Aws::SecurityHub
|
|
22941
25390
|
include Aws::Structure
|
22942
25391
|
end
|
22943
25392
|
|
22944
|
-
# Details for a rule in an WAF
|
25393
|
+
# Details for a rule in an WAF web ACL.
|
22945
25394
|
#
|
22946
25395
|
# @note When making an API call, you may pass AwsWafWebAclRule
|
22947
25396
|
# data as a hash:
|
@@ -22973,30 +25422,31 @@ module Aws::SecurityHub
|
|
22973
25422
|
# @return [Array<Types::WafExcludedRule>]
|
22974
25423
|
#
|
22975
25424
|
# @!attribute [rw] override_action
|
22976
|
-
# Use the `OverrideAction` to test your RuleGroup
|
25425
|
+
# Use the `OverrideAction` to test your `RuleGroup`.
|
22977
25426
|
#
|
22978
|
-
# Any rule in a RuleGroup can potentially block a request. If you
|
22979
|
-
# the `OverrideAction` to `None`, the RuleGroup blocks a request
|
22980
|
-
# any individual rule in the RuleGroup matches the request and is
|
25427
|
+
# Any rule in a `RuleGroup` can potentially block a request. If you
|
25428
|
+
# set the `OverrideAction` to `None`, the `RuleGroup` blocks a request
|
25429
|
+
# if any individual rule in the `RuleGroup` matches the request and is
|
22981
25430
|
# configured to block that request.
|
22982
25431
|
#
|
22983
|
-
# However, if you first want to test the RuleGroup
|
22984
|
-
# `OverrideAction` to `Count`. The RuleGroup then overrides any
|
22985
|
-
# action specified by individual rules contained within the
|
22986
|
-
# Instead of blocking matching requests, those requests are
|
25432
|
+
# However, if you first want to test the `RuleGroup`, set the
|
25433
|
+
# `OverrideAction` to `Count`. The `RuleGroup` then overrides any
|
25434
|
+
# block action specified by individual rules contained within the
|
25435
|
+
# group. Instead of blocking matching requests, those requests are
|
25436
|
+
# counted.
|
22987
25437
|
#
|
22988
25438
|
# `ActivatedRule`\|`OverrideAction` applies only when updating or
|
22989
|
-
# adding a RuleGroup to a
|
22990
|
-
# `ActivatedRule
|
22991
|
-
# `ActivatedRule
|
22992
|
-
# `
|
25439
|
+
# adding a `RuleGroup` to a web ACL. In this case you do not use
|
25440
|
+
# `ActivatedRule` `Action`. For all other update requests,
|
25441
|
+
# `ActivatedRule` `Action` is used instead of `ActivatedRule`
|
25442
|
+
# `OverrideAction`.
|
22993
25443
|
# @return [Types::WafOverrideAction]
|
22994
25444
|
#
|
22995
25445
|
# @!attribute [rw] priority
|
22996
|
-
# Specifies the order in which the rules in a
|
25446
|
+
# Specifies the order in which the rules in a web ACL are evaluated.
|
22997
25447
|
# Rules with a lower value for `Priority` are evaluated before rules
|
22998
25448
|
# with a higher value. The value must be a unique integer. If you add
|
22999
|
-
# multiple rules to a
|
25449
|
+
# multiple rules to a web ACL, the values do not need to be
|
23000
25450
|
# consecutive.
|
23001
25451
|
# @return [Integer]
|
23002
25452
|
#
|
@@ -23253,6 +25703,21 @@ module Aws::SecurityHub
|
|
23253
25703
|
# launched_at: "NonEmptyString",
|
23254
25704
|
# terminated_at: "NonEmptyString",
|
23255
25705
|
# },
|
25706
|
+
# threats: [
|
25707
|
+
# {
|
25708
|
+
# name: "NonEmptyString",
|
25709
|
+
# severity: "NonEmptyString",
|
25710
|
+
# item_count: 1,
|
25711
|
+
# file_paths: [
|
25712
|
+
# {
|
25713
|
+
# file_path: "NonEmptyString",
|
25714
|
+
# file_name: "NonEmptyString",
|
25715
|
+
# resource_id: "NonEmptyString",
|
25716
|
+
# hash: "NonEmptyString",
|
25717
|
+
# },
|
25718
|
+
# ],
|
25719
|
+
# },
|
25720
|
+
# ],
|
23256
25721
|
# threat_intel_indicators: [
|
23257
25722
|
# {
|
23258
25723
|
# type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL
|
@@ -23540,6 +26005,17 @@ module Aws::SecurityHub
|
|
23540
26005
|
# s3_origin_config: {
|
23541
26006
|
# origin_access_identity: "NonEmptyString",
|
23542
26007
|
# },
|
26008
|
+
# custom_origin_config: {
|
26009
|
+
# http_port: 1,
|
26010
|
+
# https_port: 1,
|
26011
|
+
# origin_keepalive_timeout: 1,
|
26012
|
+
# origin_protocol_policy: "NonEmptyString",
|
26013
|
+
# origin_read_timeout: 1,
|
26014
|
+
# origin_ssl_protocols: {
|
26015
|
+
# items: ["NonEmptyString"],
|
26016
|
+
# quantity: 1,
|
26017
|
+
# },
|
26018
|
+
# },
|
23543
26019
|
# },
|
23544
26020
|
# ],
|
23545
26021
|
# },
|
@@ -23582,6 +26058,14 @@ module Aws::SecurityHub
|
|
23582
26058
|
# network_interface_id: "NonEmptyString",
|
23583
26059
|
# },
|
23584
26060
|
# ],
|
26061
|
+
# virtualization_type: "NonEmptyString",
|
26062
|
+
# metadata_options: {
|
26063
|
+
# http_endpoint: "NonEmptyString",
|
26064
|
+
# http_protocol_ipv_6: "NonEmptyString",
|
26065
|
+
# http_put_response_hop_limit: 1,
|
26066
|
+
# http_tokens: "NonEmptyString",
|
26067
|
+
# instance_metadata_tags: "NonEmptyString",
|
26068
|
+
# },
|
23585
26069
|
# },
|
23586
26070
|
# aws_ec2_network_interface: {
|
23587
26071
|
# attachment: {
|
@@ -23687,6 +26171,7 @@ module Aws::SecurityHub
|
|
23687
26171
|
# },
|
23688
26172
|
# aws_ec2_volume: {
|
23689
26173
|
# create_time: "NonEmptyString",
|
26174
|
+
# device_name: "NonEmptyString",
|
23690
26175
|
# encrypted: false,
|
23691
26176
|
# size: 1,
|
23692
26177
|
# snapshot_id: "NonEmptyString",
|
@@ -23700,6 +26185,9 @@ module Aws::SecurityHub
|
|
23700
26185
|
# status: "NonEmptyString",
|
23701
26186
|
# },
|
23702
26187
|
# ],
|
26188
|
+
# volume_id: "NonEmptyString",
|
26189
|
+
# volume_type: "NonEmptyString",
|
26190
|
+
# volume_scan_status: "NonEmptyString",
|
23703
26191
|
# },
|
23704
26192
|
# aws_ec2_vpc: {
|
23705
26193
|
# cidr_block_association_set: [
|
@@ -24935,6 +27423,13 @@ module Aws::SecurityHub
|
|
24935
27423
|
# ],
|
24936
27424
|
# topic_name: "NonEmptyString",
|
24937
27425
|
# owner: "NonEmptyString",
|
27426
|
+
# sqs_success_feedback_role_arn: "NonEmptyString",
|
27427
|
+
# sqs_failure_feedback_role_arn: "NonEmptyString",
|
27428
|
+
# application_success_feedback_role_arn: "NonEmptyString",
|
27429
|
+
# firehose_success_feedback_role_arn: "NonEmptyString",
|
27430
|
+
# firehose_failure_feedback_role_arn: "NonEmptyString",
|
27431
|
+
# http_success_feedback_role_arn: "NonEmptyString",
|
27432
|
+
# http_failure_feedback_role_arn: "NonEmptyString",
|
24938
27433
|
# },
|
24939
27434
|
# aws_sqs_queue: {
|
24940
27435
|
# kms_data_key_reuse_period_seconds: 1,
|
@@ -25088,6 +27583,8 @@ module Aws::SecurityHub
|
|
25088
27583
|
# iam_database_authentication_enabled: false,
|
25089
27584
|
# },
|
25090
27585
|
# aws_ecs_cluster: {
|
27586
|
+
# cluster_arn: "NonEmptyString",
|
27587
|
+
# active_services_count: 1,
|
25091
27588
|
# capacity_providers: ["NonEmptyString"],
|
25092
27589
|
# cluster_settings: [
|
25093
27590
|
# {
|
@@ -25115,6 +27612,21 @@ module Aws::SecurityHub
|
|
25115
27612
|
# weight: 1,
|
25116
27613
|
# },
|
25117
27614
|
# ],
|
27615
|
+
# cluster_name: "NonEmptyString",
|
27616
|
+
# registered_container_instances_count: 1,
|
27617
|
+
# running_tasks_count: 1,
|
27618
|
+
# status: "NonEmptyString",
|
27619
|
+
# },
|
27620
|
+
# aws_ecs_container: {
|
27621
|
+
# name: "NonEmptyString",
|
27622
|
+
# image: "NonEmptyString",
|
27623
|
+
# mount_points: [
|
27624
|
+
# {
|
27625
|
+
# source_volume: "NonEmptyString",
|
27626
|
+
# container_path: "NonEmptyString",
|
27627
|
+
# },
|
27628
|
+
# ],
|
27629
|
+
# privileged: false,
|
25118
27630
|
# },
|
25119
27631
|
# aws_ecs_task_definition: {
|
25120
27632
|
# container_definitions: [
|
@@ -25329,10 +27841,18 @@ module Aws::SecurityHub
|
|
25329
27841
|
# ],
|
25330
27842
|
# },
|
25331
27843
|
# container: {
|
27844
|
+
# container_runtime: "NonEmptyString",
|
25332
27845
|
# name: "NonEmptyString",
|
25333
27846
|
# image_id: "NonEmptyString",
|
25334
27847
|
# image_name: "NonEmptyString",
|
25335
27848
|
# launched_at: "NonEmptyString",
|
27849
|
+
# volume_mounts: [
|
27850
|
+
# {
|
27851
|
+
# name: "NonEmptyString",
|
27852
|
+
# mount_path: "NonEmptyString",
|
27853
|
+
# },
|
27854
|
+
# ],
|
27855
|
+
# privileged: false,
|
25336
27856
|
# },
|
25337
27857
|
# other: {
|
25338
27858
|
# "NonEmptyString" => "NonEmptyString",
|
@@ -25582,6 +28102,15 @@ module Aws::SecurityHub
|
|
25582
28102
|
# domain_endpoints: {
|
25583
28103
|
# "NonEmptyString" => "NonEmptyString",
|
25584
28104
|
# },
|
28105
|
+
# advanced_security_options: {
|
28106
|
+
# enabled: false,
|
28107
|
+
# internal_user_database_enabled: false,
|
28108
|
+
# master_user_options: {
|
28109
|
+
# master_user_arn: "NonEmptyString",
|
28110
|
+
# master_user_name: "NonEmptyString",
|
28111
|
+
# master_user_password: "NonEmptyString",
|
28112
|
+
# },
|
28113
|
+
# },
|
25585
28114
|
# },
|
25586
28115
|
# aws_ec2_vpc_endpoint_service: {
|
25587
28116
|
# acceptance_required: false,
|
@@ -25839,6 +28368,256 @@ module Aws::SecurityHub
|
|
25839
28368
|
# owner_id: "NonEmptyString",
|
25840
28369
|
# vpc_id: "NonEmptyString",
|
25841
28370
|
# },
|
28371
|
+
# aws_kinesis_stream: {
|
28372
|
+
# name: "NonEmptyString",
|
28373
|
+
# arn: "NonEmptyString",
|
28374
|
+
# stream_encryption: {
|
28375
|
+
# encryption_type: "NonEmptyString",
|
28376
|
+
# key_id: "NonEmptyString",
|
28377
|
+
# },
|
28378
|
+
# shard_count: 1,
|
28379
|
+
# retention_period_hours: 1,
|
28380
|
+
# },
|
28381
|
+
# aws_ec2_transit_gateway: {
|
28382
|
+
# id: "NonEmptyString",
|
28383
|
+
# description: "NonEmptyString",
|
28384
|
+
# default_route_table_propagation: "NonEmptyString",
|
28385
|
+
# auto_accept_shared_attachments: "NonEmptyString",
|
28386
|
+
# default_route_table_association: "NonEmptyString",
|
28387
|
+
# transit_gateway_cidr_blocks: ["NonEmptyString"],
|
28388
|
+
# association_default_route_table_id: "NonEmptyString",
|
28389
|
+
# propagation_default_route_table_id: "NonEmptyString",
|
28390
|
+
# vpn_ecmp_support: "NonEmptyString",
|
28391
|
+
# dns_support: "NonEmptyString",
|
28392
|
+
# multicast_support: "NonEmptyString",
|
28393
|
+
# amazon_side_asn: 1,
|
28394
|
+
# },
|
28395
|
+
# aws_efs_access_point: {
|
28396
|
+
# access_point_id: "NonEmptyString",
|
28397
|
+
# arn: "NonEmptyString",
|
28398
|
+
# client_token: "NonEmptyString",
|
28399
|
+
# file_system_id: "NonEmptyString",
|
28400
|
+
# posix_user: {
|
28401
|
+
# gid: "NonEmptyString",
|
28402
|
+
# secondary_gids: ["NonEmptyString"],
|
28403
|
+
# uid: "NonEmptyString",
|
28404
|
+
# },
|
28405
|
+
# root_directory: {
|
28406
|
+
# creation_info: {
|
28407
|
+
# owner_gid: "NonEmptyString",
|
28408
|
+
# owner_uid: "NonEmptyString",
|
28409
|
+
# permissions: "NonEmptyString",
|
28410
|
+
# },
|
28411
|
+
# path: "NonEmptyString",
|
28412
|
+
# },
|
28413
|
+
# },
|
28414
|
+
# aws_cloud_formation_stack: {
|
28415
|
+
# capabilities: ["NonEmptyString"],
|
28416
|
+
# creation_time: "NonEmptyString",
|
28417
|
+
# description: "NonEmptyString",
|
28418
|
+
# disable_rollback: false,
|
28419
|
+
# drift_information: {
|
28420
|
+
# stack_drift_status: "NonEmptyString",
|
28421
|
+
# },
|
28422
|
+
# enable_termination_protection: false,
|
28423
|
+
# last_updated_time: "NonEmptyString",
|
28424
|
+
# notification_arns: ["NonEmptyString"],
|
28425
|
+
# outputs: [
|
28426
|
+
# {
|
28427
|
+
# description: "NonEmptyString",
|
28428
|
+
# output_key: "NonEmptyString",
|
28429
|
+
# output_value: "NonEmptyString",
|
28430
|
+
# },
|
28431
|
+
# ],
|
28432
|
+
# role_arn: "NonEmptyString",
|
28433
|
+
# stack_id: "NonEmptyString",
|
28434
|
+
# stack_name: "NonEmptyString",
|
28435
|
+
# stack_status: "NonEmptyString",
|
28436
|
+
# stack_status_reason: "NonEmptyString",
|
28437
|
+
# timeout_in_minutes: 1,
|
28438
|
+
# },
|
28439
|
+
# aws_cloud_watch_alarm: {
|
28440
|
+
# actions_enabled: false,
|
28441
|
+
# alarm_actions: ["NonEmptyString"],
|
28442
|
+
# alarm_arn: "NonEmptyString",
|
28443
|
+
# alarm_configuration_updated_timestamp: "NonEmptyString",
|
28444
|
+
# alarm_description: "NonEmptyString",
|
28445
|
+
# alarm_name: "NonEmptyString",
|
28446
|
+
# comparison_operator: "NonEmptyString",
|
28447
|
+
# datapoints_to_alarm: 1,
|
28448
|
+
# dimensions: [
|
28449
|
+
# {
|
28450
|
+
# name: "NonEmptyString",
|
28451
|
+
# value: "NonEmptyString",
|
28452
|
+
# },
|
28453
|
+
# ],
|
28454
|
+
# evaluate_low_sample_count_percentile: "NonEmptyString",
|
28455
|
+
# evaluation_periods: 1,
|
28456
|
+
# extended_statistic: "NonEmptyString",
|
28457
|
+
# insufficient_data_actions: ["NonEmptyString"],
|
28458
|
+
# metric_name: "NonEmptyString",
|
28459
|
+
# namespace: "NonEmptyString",
|
28460
|
+
# ok_actions: ["NonEmptyString"],
|
28461
|
+
# period: 1,
|
28462
|
+
# statistic: "NonEmptyString",
|
28463
|
+
# threshold: 1.0,
|
28464
|
+
# threshold_metric_id: "NonEmptyString",
|
28465
|
+
# treat_missing_data: "NonEmptyString",
|
28466
|
+
# unit: "NonEmptyString",
|
28467
|
+
# },
|
28468
|
+
# aws_ec2_vpc_peering_connection: {
|
28469
|
+
# accepter_vpc_info: {
|
28470
|
+
# cidr_block: "NonEmptyString",
|
28471
|
+
# cidr_block_set: [
|
28472
|
+
# {
|
28473
|
+
# cidr_block: "NonEmptyString",
|
28474
|
+
# },
|
28475
|
+
# ],
|
28476
|
+
# ipv_6_cidr_block_set: [
|
28477
|
+
# {
|
28478
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
28479
|
+
# },
|
28480
|
+
# ],
|
28481
|
+
# owner_id: "NonEmptyString",
|
28482
|
+
# peering_options: {
|
28483
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
28484
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
28485
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
28486
|
+
# },
|
28487
|
+
# region: "NonEmptyString",
|
28488
|
+
# vpc_id: "NonEmptyString",
|
28489
|
+
# },
|
28490
|
+
# expiration_time: "NonEmptyString",
|
28491
|
+
# requester_vpc_info: {
|
28492
|
+
# cidr_block: "NonEmptyString",
|
28493
|
+
# cidr_block_set: [
|
28494
|
+
# {
|
28495
|
+
# cidr_block: "NonEmptyString",
|
28496
|
+
# },
|
28497
|
+
# ],
|
28498
|
+
# ipv_6_cidr_block_set: [
|
28499
|
+
# {
|
28500
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
28501
|
+
# },
|
28502
|
+
# ],
|
28503
|
+
# owner_id: "NonEmptyString",
|
28504
|
+
# peering_options: {
|
28505
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
28506
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
28507
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
28508
|
+
# },
|
28509
|
+
# region: "NonEmptyString",
|
28510
|
+
# vpc_id: "NonEmptyString",
|
28511
|
+
# },
|
28512
|
+
# status: {
|
28513
|
+
# code: "NonEmptyString",
|
28514
|
+
# message: "NonEmptyString",
|
28515
|
+
# },
|
28516
|
+
# vpc_peering_connection_id: "NonEmptyString",
|
28517
|
+
# },
|
28518
|
+
# aws_waf_regional_rule_group: {
|
28519
|
+
# metric_name: "NonEmptyString",
|
28520
|
+
# name: "NonEmptyString",
|
28521
|
+
# rule_group_id: "NonEmptyString",
|
28522
|
+
# rules: [
|
28523
|
+
# {
|
28524
|
+
# action: {
|
28525
|
+
# type: "NonEmptyString",
|
28526
|
+
# },
|
28527
|
+
# priority: 1,
|
28528
|
+
# rule_id: "NonEmptyString",
|
28529
|
+
# type: "NonEmptyString",
|
28530
|
+
# },
|
28531
|
+
# ],
|
28532
|
+
# },
|
28533
|
+
# aws_waf_regional_rule: {
|
28534
|
+
# metric_name: "NonEmptyString",
|
28535
|
+
# name: "NonEmptyString",
|
28536
|
+
# predicate_list: [
|
28537
|
+
# {
|
28538
|
+
# data_id: "NonEmptyString",
|
28539
|
+
# negated: false,
|
28540
|
+
# type: "NonEmptyString",
|
28541
|
+
# },
|
28542
|
+
# ],
|
28543
|
+
# rule_id: "NonEmptyString",
|
28544
|
+
# },
|
28545
|
+
# aws_waf_regional_web_acl: {
|
28546
|
+
# default_action: "NonEmptyString",
|
28547
|
+
# metric_name: "NonEmptyString",
|
28548
|
+
# name: "NonEmptyString",
|
28549
|
+
# rules_list: [
|
28550
|
+
# {
|
28551
|
+
# action: {
|
28552
|
+
# type: "NonEmptyString",
|
28553
|
+
# },
|
28554
|
+
# override_action: {
|
28555
|
+
# type: "NonEmptyString",
|
28556
|
+
# },
|
28557
|
+
# priority: 1,
|
28558
|
+
# rule_id: "NonEmptyString",
|
28559
|
+
# type: "NonEmptyString",
|
28560
|
+
# },
|
28561
|
+
# ],
|
28562
|
+
# web_acl_id: "NonEmptyString",
|
28563
|
+
# },
|
28564
|
+
# aws_waf_rule: {
|
28565
|
+
# metric_name: "NonEmptyString",
|
28566
|
+
# name: "NonEmptyString",
|
28567
|
+
# predicate_list: [
|
28568
|
+
# {
|
28569
|
+
# data_id: "NonEmptyString",
|
28570
|
+
# negated: false,
|
28571
|
+
# type: "NonEmptyString",
|
28572
|
+
# },
|
28573
|
+
# ],
|
28574
|
+
# rule_id: "NonEmptyString",
|
28575
|
+
# },
|
28576
|
+
# aws_waf_rule_group: {
|
28577
|
+
# metric_name: "NonEmptyString",
|
28578
|
+
# name: "NonEmptyString",
|
28579
|
+
# rule_group_id: "NonEmptyString",
|
28580
|
+
# rules: [
|
28581
|
+
# {
|
28582
|
+
# action: {
|
28583
|
+
# type: "NonEmptyString",
|
28584
|
+
# },
|
28585
|
+
# priority: 1,
|
28586
|
+
# rule_id: "NonEmptyString",
|
28587
|
+
# type: "NonEmptyString",
|
28588
|
+
# },
|
28589
|
+
# ],
|
28590
|
+
# },
|
28591
|
+
# aws_ecs_task: {
|
28592
|
+
# cluster_arn: "NonEmptyString",
|
28593
|
+
# task_definition_arn: "NonEmptyString",
|
28594
|
+
# version: "NonEmptyString",
|
28595
|
+
# created_at: "NonEmptyString",
|
28596
|
+
# started_at: "NonEmptyString",
|
28597
|
+
# started_by: "NonEmptyString",
|
28598
|
+
# group: "NonEmptyString",
|
28599
|
+
# volumes: [
|
28600
|
+
# {
|
28601
|
+
# name: "NonEmptyString",
|
28602
|
+
# host: {
|
28603
|
+
# source_path: "NonEmptyString",
|
28604
|
+
# },
|
28605
|
+
# },
|
28606
|
+
# ],
|
28607
|
+
# containers: [
|
28608
|
+
# {
|
28609
|
+
# name: "NonEmptyString",
|
28610
|
+
# image: "NonEmptyString",
|
28611
|
+
# mount_points: [
|
28612
|
+
# {
|
28613
|
+
# source_volume: "NonEmptyString",
|
28614
|
+
# container_path: "NonEmptyString",
|
28615
|
+
# },
|
28616
|
+
# ],
|
28617
|
+
# privileged: false,
|
28618
|
+
# },
|
28619
|
+
# ],
|
28620
|
+
# },
|
25842
28621
|
# },
|
25843
28622
|
# },
|
25844
28623
|
# ],
|
@@ -26656,22 +29435,34 @@ module Aws::SecurityHub
|
|
26656
29435
|
# data as a hash:
|
26657
29436
|
#
|
26658
29437
|
# {
|
29438
|
+
# container_runtime: "NonEmptyString",
|
26659
29439
|
# name: "NonEmptyString",
|
26660
29440
|
# image_id: "NonEmptyString",
|
26661
29441
|
# image_name: "NonEmptyString",
|
26662
29442
|
# launched_at: "NonEmptyString",
|
29443
|
+
# volume_mounts: [
|
29444
|
+
# {
|
29445
|
+
# name: "NonEmptyString",
|
29446
|
+
# mount_path: "NonEmptyString",
|
29447
|
+
# },
|
29448
|
+
# ],
|
29449
|
+
# privileged: false,
|
26663
29450
|
# }
|
26664
29451
|
#
|
29452
|
+
# @!attribute [rw] container_runtime
|
29453
|
+
# The runtime of the container.
|
29454
|
+
# @return [String]
|
29455
|
+
#
|
26665
29456
|
# @!attribute [rw] name
|
26666
29457
|
# The name of the container related to a finding.
|
26667
29458
|
# @return [String]
|
26668
29459
|
#
|
26669
29460
|
# @!attribute [rw] image_id
|
26670
|
-
# The identifier of the image related to a finding.
|
29461
|
+
# The identifier of the container image related to a finding.
|
26671
29462
|
# @return [String]
|
26672
29463
|
#
|
26673
29464
|
# @!attribute [rw] image_name
|
26674
|
-
# The name of the image related to a finding.
|
29465
|
+
# The name of the container image related to a finding.
|
26675
29466
|
# @return [String]
|
26676
29467
|
#
|
26677
29468
|
# @!attribute [rw] launched_at
|
@@ -26686,13 +29477,26 @@ module Aws::SecurityHub
|
|
26686
29477
|
# [1]: https://tools.ietf.org/html/rfc3339#section-5.6
|
26687
29478
|
# @return [String]
|
26688
29479
|
#
|
29480
|
+
# @!attribute [rw] volume_mounts
|
29481
|
+
# Provides information about the mounting of a volume in a container.
|
29482
|
+
# @return [Array<Types::VolumeMount>]
|
29483
|
+
#
|
29484
|
+
# @!attribute [rw] privileged
|
29485
|
+
# When this parameter is `true`, the container is given elevated
|
29486
|
+
# privileges on the host container instance (similar to the root
|
29487
|
+
# user).
|
29488
|
+
# @return [Boolean]
|
29489
|
+
#
|
26689
29490
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ContainerDetails AWS API Documentation
|
26690
29491
|
#
|
26691
29492
|
class ContainerDetails < Struct.new(
|
29493
|
+
:container_runtime,
|
26692
29494
|
:name,
|
26693
29495
|
:image_id,
|
26694
29496
|
:image_name,
|
26695
|
-
:launched_at
|
29497
|
+
:launched_at,
|
29498
|
+
:volume_mounts,
|
29499
|
+
:privileged)
|
26696
29500
|
SENSITIVE = []
|
26697
29501
|
include Aws::Structure
|
26698
29502
|
end
|
@@ -28296,11 +31100,28 @@ module Aws::SecurityHub
|
|
28296
31100
|
# associated with the Security Hub administrator account.
|
28297
31101
|
# @return [Boolean]
|
28298
31102
|
#
|
31103
|
+
# @!attribute [rw] auto_enable_standards
|
31104
|
+
# Whether to automatically enable Security Hub [default standards][1]
|
31105
|
+
# for new member accounts in the organization.
|
31106
|
+
#
|
31107
|
+
# The default value of this parameter is equal to `DEFAULT`.
|
31108
|
+
#
|
31109
|
+
# If equal to `DEFAULT`, then Security Hub default standards are
|
31110
|
+
# automatically enabled for new member accounts. If equal to `NONE`,
|
31111
|
+
# then default standards are not automatically enabled for new member
|
31112
|
+
# accounts.
|
31113
|
+
#
|
31114
|
+
#
|
31115
|
+
#
|
31116
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
31117
|
+
# @return [String]
|
31118
|
+
#
|
28299
31119
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
|
28300
31120
|
#
|
28301
31121
|
class DescribeOrganizationConfigurationResponse < Struct.new(
|
28302
31122
|
:auto_enable,
|
28303
|
-
:member_account_limit_reached
|
31123
|
+
:member_account_limit_reached,
|
31124
|
+
:auto_enable_standards)
|
28304
31125
|
SENSITIVE = []
|
28305
31126
|
include Aws::Structure
|
28306
31127
|
end
|
@@ -28689,6 +31510,49 @@ module Aws::SecurityHub
|
|
28689
31510
|
#
|
28690
31511
|
class EnableSecurityHubResponse < Aws::EmptyStructure; end
|
28691
31512
|
|
31513
|
+
# Provides information about the file paths that were affected by the
|
31514
|
+
# threat.
|
31515
|
+
#
|
31516
|
+
# @note When making an API call, you may pass FilePaths
|
31517
|
+
# data as a hash:
|
31518
|
+
#
|
31519
|
+
# {
|
31520
|
+
# file_path: "NonEmptyString",
|
31521
|
+
# file_name: "NonEmptyString",
|
31522
|
+
# resource_id: "NonEmptyString",
|
31523
|
+
# hash: "NonEmptyString",
|
31524
|
+
# }
|
31525
|
+
#
|
31526
|
+
# @!attribute [rw] file_path
|
31527
|
+
# Path to the infected or suspicious file on the resource it was
|
31528
|
+
# detected on.
|
31529
|
+
# @return [String]
|
31530
|
+
#
|
31531
|
+
# @!attribute [rw] file_name
|
31532
|
+
# The name of the infected or suspicious file corresponding to the
|
31533
|
+
# hash.
|
31534
|
+
# @return [String]
|
31535
|
+
#
|
31536
|
+
# @!attribute [rw] resource_id
|
31537
|
+
# The Amazon Resource Name (ARN) of the resource on which the threat
|
31538
|
+
# was detected.
|
31539
|
+
# @return [String]
|
31540
|
+
#
|
31541
|
+
# @!attribute [rw] hash
|
31542
|
+
# The hash value for the infected or suspicious file.
|
31543
|
+
# @return [String]
|
31544
|
+
#
|
31545
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FilePaths AWS API Documentation
|
31546
|
+
#
|
31547
|
+
class FilePaths < Struct.new(
|
31548
|
+
:file_path,
|
31549
|
+
:file_name,
|
31550
|
+
:resource_id,
|
31551
|
+
:hash)
|
31552
|
+
SENSITIVE = []
|
31553
|
+
include Aws::Structure
|
31554
|
+
end
|
31555
|
+
|
28692
31556
|
# A finding aggregator. A finding aggregator contains the configuration
|
28693
31557
|
# for finding aggregation.
|
28694
31558
|
#
|
@@ -29981,12 +32845,12 @@ module Aws::SecurityHub
|
|
29981
32845
|
#
|
29982
32846
|
# @!attribute [rw] code
|
29983
32847
|
# The ICMP code for which to deny or allow access. To deny or allow
|
29984
|
-
# all codes, use the value
|
32848
|
+
# all codes, use the value `-1`.
|
29985
32849
|
# @return [Integer]
|
29986
32850
|
#
|
29987
32851
|
# @!attribute [rw] type
|
29988
32852
|
# The ICMP type for which to deny or allow access. To deny or allow
|
29989
|
-
# all types, use the value
|
32853
|
+
# all types, use the value `-1`.
|
29990
32854
|
# @return [Integer]
|
29991
32855
|
#
|
29992
32856
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IcmpTypeCode AWS API Documentation
|
@@ -32281,6 +35145,17 @@ module Aws::SecurityHub
|
|
32281
35145
|
# s3_origin_config: {
|
32282
35146
|
# origin_access_identity: "NonEmptyString",
|
32283
35147
|
# },
|
35148
|
+
# custom_origin_config: {
|
35149
|
+
# http_port: 1,
|
35150
|
+
# https_port: 1,
|
35151
|
+
# origin_keepalive_timeout: 1,
|
35152
|
+
# origin_protocol_policy: "NonEmptyString",
|
35153
|
+
# origin_read_timeout: 1,
|
35154
|
+
# origin_ssl_protocols: {
|
35155
|
+
# items: ["NonEmptyString"],
|
35156
|
+
# quantity: 1,
|
35157
|
+
# },
|
35158
|
+
# },
|
32284
35159
|
# },
|
32285
35160
|
# ],
|
32286
35161
|
# },
|
@@ -32323,6 +35198,14 @@ module Aws::SecurityHub
|
|
32323
35198
|
# network_interface_id: "NonEmptyString",
|
32324
35199
|
# },
|
32325
35200
|
# ],
|
35201
|
+
# virtualization_type: "NonEmptyString",
|
35202
|
+
# metadata_options: {
|
35203
|
+
# http_endpoint: "NonEmptyString",
|
35204
|
+
# http_protocol_ipv_6: "NonEmptyString",
|
35205
|
+
# http_put_response_hop_limit: 1,
|
35206
|
+
# http_tokens: "NonEmptyString",
|
35207
|
+
# instance_metadata_tags: "NonEmptyString",
|
35208
|
+
# },
|
32326
35209
|
# },
|
32327
35210
|
# aws_ec2_network_interface: {
|
32328
35211
|
# attachment: {
|
@@ -32428,6 +35311,7 @@ module Aws::SecurityHub
|
|
32428
35311
|
# },
|
32429
35312
|
# aws_ec2_volume: {
|
32430
35313
|
# create_time: "NonEmptyString",
|
35314
|
+
# device_name: "NonEmptyString",
|
32431
35315
|
# encrypted: false,
|
32432
35316
|
# size: 1,
|
32433
35317
|
# snapshot_id: "NonEmptyString",
|
@@ -32441,6 +35325,9 @@ module Aws::SecurityHub
|
|
32441
35325
|
# status: "NonEmptyString",
|
32442
35326
|
# },
|
32443
35327
|
# ],
|
35328
|
+
# volume_id: "NonEmptyString",
|
35329
|
+
# volume_type: "NonEmptyString",
|
35330
|
+
# volume_scan_status: "NonEmptyString",
|
32444
35331
|
# },
|
32445
35332
|
# aws_ec2_vpc: {
|
32446
35333
|
# cidr_block_association_set: [
|
@@ -33676,6 +36563,13 @@ module Aws::SecurityHub
|
|
33676
36563
|
# ],
|
33677
36564
|
# topic_name: "NonEmptyString",
|
33678
36565
|
# owner: "NonEmptyString",
|
36566
|
+
# sqs_success_feedback_role_arn: "NonEmptyString",
|
36567
|
+
# sqs_failure_feedback_role_arn: "NonEmptyString",
|
36568
|
+
# application_success_feedback_role_arn: "NonEmptyString",
|
36569
|
+
# firehose_success_feedback_role_arn: "NonEmptyString",
|
36570
|
+
# firehose_failure_feedback_role_arn: "NonEmptyString",
|
36571
|
+
# http_success_feedback_role_arn: "NonEmptyString",
|
36572
|
+
# http_failure_feedback_role_arn: "NonEmptyString",
|
33679
36573
|
# },
|
33680
36574
|
# aws_sqs_queue: {
|
33681
36575
|
# kms_data_key_reuse_period_seconds: 1,
|
@@ -33829,6 +36723,8 @@ module Aws::SecurityHub
|
|
33829
36723
|
# iam_database_authentication_enabled: false,
|
33830
36724
|
# },
|
33831
36725
|
# aws_ecs_cluster: {
|
36726
|
+
# cluster_arn: "NonEmptyString",
|
36727
|
+
# active_services_count: 1,
|
33832
36728
|
# capacity_providers: ["NonEmptyString"],
|
33833
36729
|
# cluster_settings: [
|
33834
36730
|
# {
|
@@ -33856,6 +36752,21 @@ module Aws::SecurityHub
|
|
33856
36752
|
# weight: 1,
|
33857
36753
|
# },
|
33858
36754
|
# ],
|
36755
|
+
# cluster_name: "NonEmptyString",
|
36756
|
+
# registered_container_instances_count: 1,
|
36757
|
+
# running_tasks_count: 1,
|
36758
|
+
# status: "NonEmptyString",
|
36759
|
+
# },
|
36760
|
+
# aws_ecs_container: {
|
36761
|
+
# name: "NonEmptyString",
|
36762
|
+
# image: "NonEmptyString",
|
36763
|
+
# mount_points: [
|
36764
|
+
# {
|
36765
|
+
# source_volume: "NonEmptyString",
|
36766
|
+
# container_path: "NonEmptyString",
|
36767
|
+
# },
|
36768
|
+
# ],
|
36769
|
+
# privileged: false,
|
33859
36770
|
# },
|
33860
36771
|
# aws_ecs_task_definition: {
|
33861
36772
|
# container_definitions: [
|
@@ -34070,10 +36981,18 @@ module Aws::SecurityHub
|
|
34070
36981
|
# ],
|
34071
36982
|
# },
|
34072
36983
|
# container: {
|
36984
|
+
# container_runtime: "NonEmptyString",
|
34073
36985
|
# name: "NonEmptyString",
|
34074
36986
|
# image_id: "NonEmptyString",
|
34075
36987
|
# image_name: "NonEmptyString",
|
34076
36988
|
# launched_at: "NonEmptyString",
|
36989
|
+
# volume_mounts: [
|
36990
|
+
# {
|
36991
|
+
# name: "NonEmptyString",
|
36992
|
+
# mount_path: "NonEmptyString",
|
36993
|
+
# },
|
36994
|
+
# ],
|
36995
|
+
# privileged: false,
|
34077
36996
|
# },
|
34078
36997
|
# other: {
|
34079
36998
|
# "NonEmptyString" => "NonEmptyString",
|
@@ -34323,6 +37242,15 @@ module Aws::SecurityHub
|
|
34323
37242
|
# domain_endpoints: {
|
34324
37243
|
# "NonEmptyString" => "NonEmptyString",
|
34325
37244
|
# },
|
37245
|
+
# advanced_security_options: {
|
37246
|
+
# enabled: false,
|
37247
|
+
# internal_user_database_enabled: false,
|
37248
|
+
# master_user_options: {
|
37249
|
+
# master_user_arn: "NonEmptyString",
|
37250
|
+
# master_user_name: "NonEmptyString",
|
37251
|
+
# master_user_password: "NonEmptyString",
|
37252
|
+
# },
|
37253
|
+
# },
|
34326
37254
|
# },
|
34327
37255
|
# aws_ec2_vpc_endpoint_service: {
|
34328
37256
|
# acceptance_required: false,
|
@@ -34580,6 +37508,256 @@ module Aws::SecurityHub
|
|
34580
37508
|
# owner_id: "NonEmptyString",
|
34581
37509
|
# vpc_id: "NonEmptyString",
|
34582
37510
|
# },
|
37511
|
+
# aws_kinesis_stream: {
|
37512
|
+
# name: "NonEmptyString",
|
37513
|
+
# arn: "NonEmptyString",
|
37514
|
+
# stream_encryption: {
|
37515
|
+
# encryption_type: "NonEmptyString",
|
37516
|
+
# key_id: "NonEmptyString",
|
37517
|
+
# },
|
37518
|
+
# shard_count: 1,
|
37519
|
+
# retention_period_hours: 1,
|
37520
|
+
# },
|
37521
|
+
# aws_ec2_transit_gateway: {
|
37522
|
+
# id: "NonEmptyString",
|
37523
|
+
# description: "NonEmptyString",
|
37524
|
+
# default_route_table_propagation: "NonEmptyString",
|
37525
|
+
# auto_accept_shared_attachments: "NonEmptyString",
|
37526
|
+
# default_route_table_association: "NonEmptyString",
|
37527
|
+
# transit_gateway_cidr_blocks: ["NonEmptyString"],
|
37528
|
+
# association_default_route_table_id: "NonEmptyString",
|
37529
|
+
# propagation_default_route_table_id: "NonEmptyString",
|
37530
|
+
# vpn_ecmp_support: "NonEmptyString",
|
37531
|
+
# dns_support: "NonEmptyString",
|
37532
|
+
# multicast_support: "NonEmptyString",
|
37533
|
+
# amazon_side_asn: 1,
|
37534
|
+
# },
|
37535
|
+
# aws_efs_access_point: {
|
37536
|
+
# access_point_id: "NonEmptyString",
|
37537
|
+
# arn: "NonEmptyString",
|
37538
|
+
# client_token: "NonEmptyString",
|
37539
|
+
# file_system_id: "NonEmptyString",
|
37540
|
+
# posix_user: {
|
37541
|
+
# gid: "NonEmptyString",
|
37542
|
+
# secondary_gids: ["NonEmptyString"],
|
37543
|
+
# uid: "NonEmptyString",
|
37544
|
+
# },
|
37545
|
+
# root_directory: {
|
37546
|
+
# creation_info: {
|
37547
|
+
# owner_gid: "NonEmptyString",
|
37548
|
+
# owner_uid: "NonEmptyString",
|
37549
|
+
# permissions: "NonEmptyString",
|
37550
|
+
# },
|
37551
|
+
# path: "NonEmptyString",
|
37552
|
+
# },
|
37553
|
+
# },
|
37554
|
+
# aws_cloud_formation_stack: {
|
37555
|
+
# capabilities: ["NonEmptyString"],
|
37556
|
+
# creation_time: "NonEmptyString",
|
37557
|
+
# description: "NonEmptyString",
|
37558
|
+
# disable_rollback: false,
|
37559
|
+
# drift_information: {
|
37560
|
+
# stack_drift_status: "NonEmptyString",
|
37561
|
+
# },
|
37562
|
+
# enable_termination_protection: false,
|
37563
|
+
# last_updated_time: "NonEmptyString",
|
37564
|
+
# notification_arns: ["NonEmptyString"],
|
37565
|
+
# outputs: [
|
37566
|
+
# {
|
37567
|
+
# description: "NonEmptyString",
|
37568
|
+
# output_key: "NonEmptyString",
|
37569
|
+
# output_value: "NonEmptyString",
|
37570
|
+
# },
|
37571
|
+
# ],
|
37572
|
+
# role_arn: "NonEmptyString",
|
37573
|
+
# stack_id: "NonEmptyString",
|
37574
|
+
# stack_name: "NonEmptyString",
|
37575
|
+
# stack_status: "NonEmptyString",
|
37576
|
+
# stack_status_reason: "NonEmptyString",
|
37577
|
+
# timeout_in_minutes: 1,
|
37578
|
+
# },
|
37579
|
+
# aws_cloud_watch_alarm: {
|
37580
|
+
# actions_enabled: false,
|
37581
|
+
# alarm_actions: ["NonEmptyString"],
|
37582
|
+
# alarm_arn: "NonEmptyString",
|
37583
|
+
# alarm_configuration_updated_timestamp: "NonEmptyString",
|
37584
|
+
# alarm_description: "NonEmptyString",
|
37585
|
+
# alarm_name: "NonEmptyString",
|
37586
|
+
# comparison_operator: "NonEmptyString",
|
37587
|
+
# datapoints_to_alarm: 1,
|
37588
|
+
# dimensions: [
|
37589
|
+
# {
|
37590
|
+
# name: "NonEmptyString",
|
37591
|
+
# value: "NonEmptyString",
|
37592
|
+
# },
|
37593
|
+
# ],
|
37594
|
+
# evaluate_low_sample_count_percentile: "NonEmptyString",
|
37595
|
+
# evaluation_periods: 1,
|
37596
|
+
# extended_statistic: "NonEmptyString",
|
37597
|
+
# insufficient_data_actions: ["NonEmptyString"],
|
37598
|
+
# metric_name: "NonEmptyString",
|
37599
|
+
# namespace: "NonEmptyString",
|
37600
|
+
# ok_actions: ["NonEmptyString"],
|
37601
|
+
# period: 1,
|
37602
|
+
# statistic: "NonEmptyString",
|
37603
|
+
# threshold: 1.0,
|
37604
|
+
# threshold_metric_id: "NonEmptyString",
|
37605
|
+
# treat_missing_data: "NonEmptyString",
|
37606
|
+
# unit: "NonEmptyString",
|
37607
|
+
# },
|
37608
|
+
# aws_ec2_vpc_peering_connection: {
|
37609
|
+
# accepter_vpc_info: {
|
37610
|
+
# cidr_block: "NonEmptyString",
|
37611
|
+
# cidr_block_set: [
|
37612
|
+
# {
|
37613
|
+
# cidr_block: "NonEmptyString",
|
37614
|
+
# },
|
37615
|
+
# ],
|
37616
|
+
# ipv_6_cidr_block_set: [
|
37617
|
+
# {
|
37618
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
37619
|
+
# },
|
37620
|
+
# ],
|
37621
|
+
# owner_id: "NonEmptyString",
|
37622
|
+
# peering_options: {
|
37623
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
37624
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
37625
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
37626
|
+
# },
|
37627
|
+
# region: "NonEmptyString",
|
37628
|
+
# vpc_id: "NonEmptyString",
|
37629
|
+
# },
|
37630
|
+
# expiration_time: "NonEmptyString",
|
37631
|
+
# requester_vpc_info: {
|
37632
|
+
# cidr_block: "NonEmptyString",
|
37633
|
+
# cidr_block_set: [
|
37634
|
+
# {
|
37635
|
+
# cidr_block: "NonEmptyString",
|
37636
|
+
# },
|
37637
|
+
# ],
|
37638
|
+
# ipv_6_cidr_block_set: [
|
37639
|
+
# {
|
37640
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
37641
|
+
# },
|
37642
|
+
# ],
|
37643
|
+
# owner_id: "NonEmptyString",
|
37644
|
+
# peering_options: {
|
37645
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
37646
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
37647
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
37648
|
+
# },
|
37649
|
+
# region: "NonEmptyString",
|
37650
|
+
# vpc_id: "NonEmptyString",
|
37651
|
+
# },
|
37652
|
+
# status: {
|
37653
|
+
# code: "NonEmptyString",
|
37654
|
+
# message: "NonEmptyString",
|
37655
|
+
# },
|
37656
|
+
# vpc_peering_connection_id: "NonEmptyString",
|
37657
|
+
# },
|
37658
|
+
# aws_waf_regional_rule_group: {
|
37659
|
+
# metric_name: "NonEmptyString",
|
37660
|
+
# name: "NonEmptyString",
|
37661
|
+
# rule_group_id: "NonEmptyString",
|
37662
|
+
# rules: [
|
37663
|
+
# {
|
37664
|
+
# action: {
|
37665
|
+
# type: "NonEmptyString",
|
37666
|
+
# },
|
37667
|
+
# priority: 1,
|
37668
|
+
# rule_id: "NonEmptyString",
|
37669
|
+
# type: "NonEmptyString",
|
37670
|
+
# },
|
37671
|
+
# ],
|
37672
|
+
# },
|
37673
|
+
# aws_waf_regional_rule: {
|
37674
|
+
# metric_name: "NonEmptyString",
|
37675
|
+
# name: "NonEmptyString",
|
37676
|
+
# predicate_list: [
|
37677
|
+
# {
|
37678
|
+
# data_id: "NonEmptyString",
|
37679
|
+
# negated: false,
|
37680
|
+
# type: "NonEmptyString",
|
37681
|
+
# },
|
37682
|
+
# ],
|
37683
|
+
# rule_id: "NonEmptyString",
|
37684
|
+
# },
|
37685
|
+
# aws_waf_regional_web_acl: {
|
37686
|
+
# default_action: "NonEmptyString",
|
37687
|
+
# metric_name: "NonEmptyString",
|
37688
|
+
# name: "NonEmptyString",
|
37689
|
+
# rules_list: [
|
37690
|
+
# {
|
37691
|
+
# action: {
|
37692
|
+
# type: "NonEmptyString",
|
37693
|
+
# },
|
37694
|
+
# override_action: {
|
37695
|
+
# type: "NonEmptyString",
|
37696
|
+
# },
|
37697
|
+
# priority: 1,
|
37698
|
+
# rule_id: "NonEmptyString",
|
37699
|
+
# type: "NonEmptyString",
|
37700
|
+
# },
|
37701
|
+
# ],
|
37702
|
+
# web_acl_id: "NonEmptyString",
|
37703
|
+
# },
|
37704
|
+
# aws_waf_rule: {
|
37705
|
+
# metric_name: "NonEmptyString",
|
37706
|
+
# name: "NonEmptyString",
|
37707
|
+
# predicate_list: [
|
37708
|
+
# {
|
37709
|
+
# data_id: "NonEmptyString",
|
37710
|
+
# negated: false,
|
37711
|
+
# type: "NonEmptyString",
|
37712
|
+
# },
|
37713
|
+
# ],
|
37714
|
+
# rule_id: "NonEmptyString",
|
37715
|
+
# },
|
37716
|
+
# aws_waf_rule_group: {
|
37717
|
+
# metric_name: "NonEmptyString",
|
37718
|
+
# name: "NonEmptyString",
|
37719
|
+
# rule_group_id: "NonEmptyString",
|
37720
|
+
# rules: [
|
37721
|
+
# {
|
37722
|
+
# action: {
|
37723
|
+
# type: "NonEmptyString",
|
37724
|
+
# },
|
37725
|
+
# priority: 1,
|
37726
|
+
# rule_id: "NonEmptyString",
|
37727
|
+
# type: "NonEmptyString",
|
37728
|
+
# },
|
37729
|
+
# ],
|
37730
|
+
# },
|
37731
|
+
# aws_ecs_task: {
|
37732
|
+
# cluster_arn: "NonEmptyString",
|
37733
|
+
# task_definition_arn: "NonEmptyString",
|
37734
|
+
# version: "NonEmptyString",
|
37735
|
+
# created_at: "NonEmptyString",
|
37736
|
+
# started_at: "NonEmptyString",
|
37737
|
+
# started_by: "NonEmptyString",
|
37738
|
+
# group: "NonEmptyString",
|
37739
|
+
# volumes: [
|
37740
|
+
# {
|
37741
|
+
# name: "NonEmptyString",
|
37742
|
+
# host: {
|
37743
|
+
# source_path: "NonEmptyString",
|
37744
|
+
# },
|
37745
|
+
# },
|
37746
|
+
# ],
|
37747
|
+
# containers: [
|
37748
|
+
# {
|
37749
|
+
# name: "NonEmptyString",
|
37750
|
+
# image: "NonEmptyString",
|
37751
|
+
# mount_points: [
|
37752
|
+
# {
|
37753
|
+
# source_volume: "NonEmptyString",
|
37754
|
+
# container_path: "NonEmptyString",
|
37755
|
+
# },
|
37756
|
+
# ],
|
37757
|
+
# privileged: false,
|
37758
|
+
# },
|
37759
|
+
# ],
|
37760
|
+
# },
|
34583
37761
|
# },
|
34584
37762
|
# }
|
34585
37763
|
#
|
@@ -34818,6 +37996,17 @@ module Aws::SecurityHub
|
|
34818
37996
|
# s3_origin_config: {
|
34819
37997
|
# origin_access_identity: "NonEmptyString",
|
34820
37998
|
# },
|
37999
|
+
# custom_origin_config: {
|
38000
|
+
# http_port: 1,
|
38001
|
+
# https_port: 1,
|
38002
|
+
# origin_keepalive_timeout: 1,
|
38003
|
+
# origin_protocol_policy: "NonEmptyString",
|
38004
|
+
# origin_read_timeout: 1,
|
38005
|
+
# origin_ssl_protocols: {
|
38006
|
+
# items: ["NonEmptyString"],
|
38007
|
+
# quantity: 1,
|
38008
|
+
# },
|
38009
|
+
# },
|
34821
38010
|
# },
|
34822
38011
|
# ],
|
34823
38012
|
# },
|
@@ -34860,6 +38049,14 @@ module Aws::SecurityHub
|
|
34860
38049
|
# network_interface_id: "NonEmptyString",
|
34861
38050
|
# },
|
34862
38051
|
# ],
|
38052
|
+
# virtualization_type: "NonEmptyString",
|
38053
|
+
# metadata_options: {
|
38054
|
+
# http_endpoint: "NonEmptyString",
|
38055
|
+
# http_protocol_ipv_6: "NonEmptyString",
|
38056
|
+
# http_put_response_hop_limit: 1,
|
38057
|
+
# http_tokens: "NonEmptyString",
|
38058
|
+
# instance_metadata_tags: "NonEmptyString",
|
38059
|
+
# },
|
34863
38060
|
# },
|
34864
38061
|
# aws_ec2_network_interface: {
|
34865
38062
|
# attachment: {
|
@@ -34965,6 +38162,7 @@ module Aws::SecurityHub
|
|
34965
38162
|
# },
|
34966
38163
|
# aws_ec2_volume: {
|
34967
38164
|
# create_time: "NonEmptyString",
|
38165
|
+
# device_name: "NonEmptyString",
|
34968
38166
|
# encrypted: false,
|
34969
38167
|
# size: 1,
|
34970
38168
|
# snapshot_id: "NonEmptyString",
|
@@ -34978,6 +38176,9 @@ module Aws::SecurityHub
|
|
34978
38176
|
# status: "NonEmptyString",
|
34979
38177
|
# },
|
34980
38178
|
# ],
|
38179
|
+
# volume_id: "NonEmptyString",
|
38180
|
+
# volume_type: "NonEmptyString",
|
38181
|
+
# volume_scan_status: "NonEmptyString",
|
34981
38182
|
# },
|
34982
38183
|
# aws_ec2_vpc: {
|
34983
38184
|
# cidr_block_association_set: [
|
@@ -36213,6 +39414,13 @@ module Aws::SecurityHub
|
|
36213
39414
|
# ],
|
36214
39415
|
# topic_name: "NonEmptyString",
|
36215
39416
|
# owner: "NonEmptyString",
|
39417
|
+
# sqs_success_feedback_role_arn: "NonEmptyString",
|
39418
|
+
# sqs_failure_feedback_role_arn: "NonEmptyString",
|
39419
|
+
# application_success_feedback_role_arn: "NonEmptyString",
|
39420
|
+
# firehose_success_feedback_role_arn: "NonEmptyString",
|
39421
|
+
# firehose_failure_feedback_role_arn: "NonEmptyString",
|
39422
|
+
# http_success_feedback_role_arn: "NonEmptyString",
|
39423
|
+
# http_failure_feedback_role_arn: "NonEmptyString",
|
36216
39424
|
# },
|
36217
39425
|
# aws_sqs_queue: {
|
36218
39426
|
# kms_data_key_reuse_period_seconds: 1,
|
@@ -36366,6 +39574,8 @@ module Aws::SecurityHub
|
|
36366
39574
|
# iam_database_authentication_enabled: false,
|
36367
39575
|
# },
|
36368
39576
|
# aws_ecs_cluster: {
|
39577
|
+
# cluster_arn: "NonEmptyString",
|
39578
|
+
# active_services_count: 1,
|
36369
39579
|
# capacity_providers: ["NonEmptyString"],
|
36370
39580
|
# cluster_settings: [
|
36371
39581
|
# {
|
@@ -36393,6 +39603,21 @@ module Aws::SecurityHub
|
|
36393
39603
|
# weight: 1,
|
36394
39604
|
# },
|
36395
39605
|
# ],
|
39606
|
+
# cluster_name: "NonEmptyString",
|
39607
|
+
# registered_container_instances_count: 1,
|
39608
|
+
# running_tasks_count: 1,
|
39609
|
+
# status: "NonEmptyString",
|
39610
|
+
# },
|
39611
|
+
# aws_ecs_container: {
|
39612
|
+
# name: "NonEmptyString",
|
39613
|
+
# image: "NonEmptyString",
|
39614
|
+
# mount_points: [
|
39615
|
+
# {
|
39616
|
+
# source_volume: "NonEmptyString",
|
39617
|
+
# container_path: "NonEmptyString",
|
39618
|
+
# },
|
39619
|
+
# ],
|
39620
|
+
# privileged: false,
|
36396
39621
|
# },
|
36397
39622
|
# aws_ecs_task_definition: {
|
36398
39623
|
# container_definitions: [
|
@@ -36607,10 +39832,18 @@ module Aws::SecurityHub
|
|
36607
39832
|
# ],
|
36608
39833
|
# },
|
36609
39834
|
# container: {
|
39835
|
+
# container_runtime: "NonEmptyString",
|
36610
39836
|
# name: "NonEmptyString",
|
36611
39837
|
# image_id: "NonEmptyString",
|
36612
39838
|
# image_name: "NonEmptyString",
|
36613
39839
|
# launched_at: "NonEmptyString",
|
39840
|
+
# volume_mounts: [
|
39841
|
+
# {
|
39842
|
+
# name: "NonEmptyString",
|
39843
|
+
# mount_path: "NonEmptyString",
|
39844
|
+
# },
|
39845
|
+
# ],
|
39846
|
+
# privileged: false,
|
36614
39847
|
# },
|
36615
39848
|
# other: {
|
36616
39849
|
# "NonEmptyString" => "NonEmptyString",
|
@@ -36860,6 +40093,15 @@ module Aws::SecurityHub
|
|
36860
40093
|
# domain_endpoints: {
|
36861
40094
|
# "NonEmptyString" => "NonEmptyString",
|
36862
40095
|
# },
|
40096
|
+
# advanced_security_options: {
|
40097
|
+
# enabled: false,
|
40098
|
+
# internal_user_database_enabled: false,
|
40099
|
+
# master_user_options: {
|
40100
|
+
# master_user_arn: "NonEmptyString",
|
40101
|
+
# master_user_name: "NonEmptyString",
|
40102
|
+
# master_user_password: "NonEmptyString",
|
40103
|
+
# },
|
40104
|
+
# },
|
36863
40105
|
# },
|
36864
40106
|
# aws_ec2_vpc_endpoint_service: {
|
36865
40107
|
# acceptance_required: false,
|
@@ -37117,6 +40359,256 @@ module Aws::SecurityHub
|
|
37117
40359
|
# owner_id: "NonEmptyString",
|
37118
40360
|
# vpc_id: "NonEmptyString",
|
37119
40361
|
# },
|
40362
|
+
# aws_kinesis_stream: {
|
40363
|
+
# name: "NonEmptyString",
|
40364
|
+
# arn: "NonEmptyString",
|
40365
|
+
# stream_encryption: {
|
40366
|
+
# encryption_type: "NonEmptyString",
|
40367
|
+
# key_id: "NonEmptyString",
|
40368
|
+
# },
|
40369
|
+
# shard_count: 1,
|
40370
|
+
# retention_period_hours: 1,
|
40371
|
+
# },
|
40372
|
+
# aws_ec2_transit_gateway: {
|
40373
|
+
# id: "NonEmptyString",
|
40374
|
+
# description: "NonEmptyString",
|
40375
|
+
# default_route_table_propagation: "NonEmptyString",
|
40376
|
+
# auto_accept_shared_attachments: "NonEmptyString",
|
40377
|
+
# default_route_table_association: "NonEmptyString",
|
40378
|
+
# transit_gateway_cidr_blocks: ["NonEmptyString"],
|
40379
|
+
# association_default_route_table_id: "NonEmptyString",
|
40380
|
+
# propagation_default_route_table_id: "NonEmptyString",
|
40381
|
+
# vpn_ecmp_support: "NonEmptyString",
|
40382
|
+
# dns_support: "NonEmptyString",
|
40383
|
+
# multicast_support: "NonEmptyString",
|
40384
|
+
# amazon_side_asn: 1,
|
40385
|
+
# },
|
40386
|
+
# aws_efs_access_point: {
|
40387
|
+
# access_point_id: "NonEmptyString",
|
40388
|
+
# arn: "NonEmptyString",
|
40389
|
+
# client_token: "NonEmptyString",
|
40390
|
+
# file_system_id: "NonEmptyString",
|
40391
|
+
# posix_user: {
|
40392
|
+
# gid: "NonEmptyString",
|
40393
|
+
# secondary_gids: ["NonEmptyString"],
|
40394
|
+
# uid: "NonEmptyString",
|
40395
|
+
# },
|
40396
|
+
# root_directory: {
|
40397
|
+
# creation_info: {
|
40398
|
+
# owner_gid: "NonEmptyString",
|
40399
|
+
# owner_uid: "NonEmptyString",
|
40400
|
+
# permissions: "NonEmptyString",
|
40401
|
+
# },
|
40402
|
+
# path: "NonEmptyString",
|
40403
|
+
# },
|
40404
|
+
# },
|
40405
|
+
# aws_cloud_formation_stack: {
|
40406
|
+
# capabilities: ["NonEmptyString"],
|
40407
|
+
# creation_time: "NonEmptyString",
|
40408
|
+
# description: "NonEmptyString",
|
40409
|
+
# disable_rollback: false,
|
40410
|
+
# drift_information: {
|
40411
|
+
# stack_drift_status: "NonEmptyString",
|
40412
|
+
# },
|
40413
|
+
# enable_termination_protection: false,
|
40414
|
+
# last_updated_time: "NonEmptyString",
|
40415
|
+
# notification_arns: ["NonEmptyString"],
|
40416
|
+
# outputs: [
|
40417
|
+
# {
|
40418
|
+
# description: "NonEmptyString",
|
40419
|
+
# output_key: "NonEmptyString",
|
40420
|
+
# output_value: "NonEmptyString",
|
40421
|
+
# },
|
40422
|
+
# ],
|
40423
|
+
# role_arn: "NonEmptyString",
|
40424
|
+
# stack_id: "NonEmptyString",
|
40425
|
+
# stack_name: "NonEmptyString",
|
40426
|
+
# stack_status: "NonEmptyString",
|
40427
|
+
# stack_status_reason: "NonEmptyString",
|
40428
|
+
# timeout_in_minutes: 1,
|
40429
|
+
# },
|
40430
|
+
# aws_cloud_watch_alarm: {
|
40431
|
+
# actions_enabled: false,
|
40432
|
+
# alarm_actions: ["NonEmptyString"],
|
40433
|
+
# alarm_arn: "NonEmptyString",
|
40434
|
+
# alarm_configuration_updated_timestamp: "NonEmptyString",
|
40435
|
+
# alarm_description: "NonEmptyString",
|
40436
|
+
# alarm_name: "NonEmptyString",
|
40437
|
+
# comparison_operator: "NonEmptyString",
|
40438
|
+
# datapoints_to_alarm: 1,
|
40439
|
+
# dimensions: [
|
40440
|
+
# {
|
40441
|
+
# name: "NonEmptyString",
|
40442
|
+
# value: "NonEmptyString",
|
40443
|
+
# },
|
40444
|
+
# ],
|
40445
|
+
# evaluate_low_sample_count_percentile: "NonEmptyString",
|
40446
|
+
# evaluation_periods: 1,
|
40447
|
+
# extended_statistic: "NonEmptyString",
|
40448
|
+
# insufficient_data_actions: ["NonEmptyString"],
|
40449
|
+
# metric_name: "NonEmptyString",
|
40450
|
+
# namespace: "NonEmptyString",
|
40451
|
+
# ok_actions: ["NonEmptyString"],
|
40452
|
+
# period: 1,
|
40453
|
+
# statistic: "NonEmptyString",
|
40454
|
+
# threshold: 1.0,
|
40455
|
+
# threshold_metric_id: "NonEmptyString",
|
40456
|
+
# treat_missing_data: "NonEmptyString",
|
40457
|
+
# unit: "NonEmptyString",
|
40458
|
+
# },
|
40459
|
+
# aws_ec2_vpc_peering_connection: {
|
40460
|
+
# accepter_vpc_info: {
|
40461
|
+
# cidr_block: "NonEmptyString",
|
40462
|
+
# cidr_block_set: [
|
40463
|
+
# {
|
40464
|
+
# cidr_block: "NonEmptyString",
|
40465
|
+
# },
|
40466
|
+
# ],
|
40467
|
+
# ipv_6_cidr_block_set: [
|
40468
|
+
# {
|
40469
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
40470
|
+
# },
|
40471
|
+
# ],
|
40472
|
+
# owner_id: "NonEmptyString",
|
40473
|
+
# peering_options: {
|
40474
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
40475
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
40476
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
40477
|
+
# },
|
40478
|
+
# region: "NonEmptyString",
|
40479
|
+
# vpc_id: "NonEmptyString",
|
40480
|
+
# },
|
40481
|
+
# expiration_time: "NonEmptyString",
|
40482
|
+
# requester_vpc_info: {
|
40483
|
+
# cidr_block: "NonEmptyString",
|
40484
|
+
# cidr_block_set: [
|
40485
|
+
# {
|
40486
|
+
# cidr_block: "NonEmptyString",
|
40487
|
+
# },
|
40488
|
+
# ],
|
40489
|
+
# ipv_6_cidr_block_set: [
|
40490
|
+
# {
|
40491
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
40492
|
+
# },
|
40493
|
+
# ],
|
40494
|
+
# owner_id: "NonEmptyString",
|
40495
|
+
# peering_options: {
|
40496
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
40497
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
40498
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
40499
|
+
# },
|
40500
|
+
# region: "NonEmptyString",
|
40501
|
+
# vpc_id: "NonEmptyString",
|
40502
|
+
# },
|
40503
|
+
# status: {
|
40504
|
+
# code: "NonEmptyString",
|
40505
|
+
# message: "NonEmptyString",
|
40506
|
+
# },
|
40507
|
+
# vpc_peering_connection_id: "NonEmptyString",
|
40508
|
+
# },
|
40509
|
+
# aws_waf_regional_rule_group: {
|
40510
|
+
# metric_name: "NonEmptyString",
|
40511
|
+
# name: "NonEmptyString",
|
40512
|
+
# rule_group_id: "NonEmptyString",
|
40513
|
+
# rules: [
|
40514
|
+
# {
|
40515
|
+
# action: {
|
40516
|
+
# type: "NonEmptyString",
|
40517
|
+
# },
|
40518
|
+
# priority: 1,
|
40519
|
+
# rule_id: "NonEmptyString",
|
40520
|
+
# type: "NonEmptyString",
|
40521
|
+
# },
|
40522
|
+
# ],
|
40523
|
+
# },
|
40524
|
+
# aws_waf_regional_rule: {
|
40525
|
+
# metric_name: "NonEmptyString",
|
40526
|
+
# name: "NonEmptyString",
|
40527
|
+
# predicate_list: [
|
40528
|
+
# {
|
40529
|
+
# data_id: "NonEmptyString",
|
40530
|
+
# negated: false,
|
40531
|
+
# type: "NonEmptyString",
|
40532
|
+
# },
|
40533
|
+
# ],
|
40534
|
+
# rule_id: "NonEmptyString",
|
40535
|
+
# },
|
40536
|
+
# aws_waf_regional_web_acl: {
|
40537
|
+
# default_action: "NonEmptyString",
|
40538
|
+
# metric_name: "NonEmptyString",
|
40539
|
+
# name: "NonEmptyString",
|
40540
|
+
# rules_list: [
|
40541
|
+
# {
|
40542
|
+
# action: {
|
40543
|
+
# type: "NonEmptyString",
|
40544
|
+
# },
|
40545
|
+
# override_action: {
|
40546
|
+
# type: "NonEmptyString",
|
40547
|
+
# },
|
40548
|
+
# priority: 1,
|
40549
|
+
# rule_id: "NonEmptyString",
|
40550
|
+
# type: "NonEmptyString",
|
40551
|
+
# },
|
40552
|
+
# ],
|
40553
|
+
# web_acl_id: "NonEmptyString",
|
40554
|
+
# },
|
40555
|
+
# aws_waf_rule: {
|
40556
|
+
# metric_name: "NonEmptyString",
|
40557
|
+
# name: "NonEmptyString",
|
40558
|
+
# predicate_list: [
|
40559
|
+
# {
|
40560
|
+
# data_id: "NonEmptyString",
|
40561
|
+
# negated: false,
|
40562
|
+
# type: "NonEmptyString",
|
40563
|
+
# },
|
40564
|
+
# ],
|
40565
|
+
# rule_id: "NonEmptyString",
|
40566
|
+
# },
|
40567
|
+
# aws_waf_rule_group: {
|
40568
|
+
# metric_name: "NonEmptyString",
|
40569
|
+
# name: "NonEmptyString",
|
40570
|
+
# rule_group_id: "NonEmptyString",
|
40571
|
+
# rules: [
|
40572
|
+
# {
|
40573
|
+
# action: {
|
40574
|
+
# type: "NonEmptyString",
|
40575
|
+
# },
|
40576
|
+
# priority: 1,
|
40577
|
+
# rule_id: "NonEmptyString",
|
40578
|
+
# type: "NonEmptyString",
|
40579
|
+
# },
|
40580
|
+
# ],
|
40581
|
+
# },
|
40582
|
+
# aws_ecs_task: {
|
40583
|
+
# cluster_arn: "NonEmptyString",
|
40584
|
+
# task_definition_arn: "NonEmptyString",
|
40585
|
+
# version: "NonEmptyString",
|
40586
|
+
# created_at: "NonEmptyString",
|
40587
|
+
# started_at: "NonEmptyString",
|
40588
|
+
# started_by: "NonEmptyString",
|
40589
|
+
# group: "NonEmptyString",
|
40590
|
+
# volumes: [
|
40591
|
+
# {
|
40592
|
+
# name: "NonEmptyString",
|
40593
|
+
# host: {
|
40594
|
+
# source_path: "NonEmptyString",
|
40595
|
+
# },
|
40596
|
+
# },
|
40597
|
+
# ],
|
40598
|
+
# containers: [
|
40599
|
+
# {
|
40600
|
+
# name: "NonEmptyString",
|
40601
|
+
# image: "NonEmptyString",
|
40602
|
+
# mount_points: [
|
40603
|
+
# {
|
40604
|
+
# source_volume: "NonEmptyString",
|
40605
|
+
# container_path: "NonEmptyString",
|
40606
|
+
# },
|
40607
|
+
# ],
|
40608
|
+
# privileged: false,
|
40609
|
+
# },
|
40610
|
+
# ],
|
40611
|
+
# },
|
37120
40612
|
# }
|
37121
40613
|
#
|
37122
40614
|
# @!attribute [rw] aws_auto_scaling_auto_scaling_group
|
@@ -37144,11 +40636,11 @@ module Aws::SecurityHub
|
|
37144
40636
|
# @return [Types::AwsEc2SecurityGroupDetails]
|
37145
40637
|
#
|
37146
40638
|
# @!attribute [rw] aws_ec2_volume
|
37147
|
-
# Details for an EC2 volume.
|
40639
|
+
# Details for an Amazon EC2 volume.
|
37148
40640
|
# @return [Types::AwsEc2VolumeDetails]
|
37149
40641
|
#
|
37150
40642
|
# @!attribute [rw] aws_ec2_vpc
|
37151
|
-
# Details for an EC2 VPC.
|
40643
|
+
# Details for an Amazon EC2 VPC.
|
37152
40644
|
# @return [Types::AwsEc2VpcDetails]
|
37153
40645
|
#
|
37154
40646
|
# @!attribute [rw] aws_ec2_eip
|
@@ -37279,7 +40771,7 @@ module Aws::SecurityHub
|
|
37279
40771
|
# @return [Types::AwsSqsQueueDetails]
|
37280
40772
|
#
|
37281
40773
|
# @!attribute [rw] aws_waf_web_acl
|
37282
|
-
# Details for an WAF
|
40774
|
+
# Details for an WAF web ACL.
|
37283
40775
|
# @return [Types::AwsWafWebAclDetails]
|
37284
40776
|
#
|
37285
40777
|
# @!attribute [rw] aws_rds_db_snapshot
|
@@ -37295,9 +40787,14 @@ module Aws::SecurityHub
|
|
37295
40787
|
# @return [Types::AwsRdsDbClusterDetails]
|
37296
40788
|
#
|
37297
40789
|
# @!attribute [rw] aws_ecs_cluster
|
37298
|
-
# Details about an ECS cluster.
|
40790
|
+
# Details about an Amazon ECS cluster.
|
37299
40791
|
# @return [Types::AwsEcsClusterDetails]
|
37300
40792
|
#
|
40793
|
+
# @!attribute [rw] aws_ecs_container
|
40794
|
+
# Provides information about a Docker container that's part of a
|
40795
|
+
# task.
|
40796
|
+
# @return [Types::AwsEcsContainerDetails]
|
40797
|
+
#
|
37301
40798
|
# @!attribute [rw] aws_ecs_task_definition
|
37302
40799
|
# Details about a task definition. A task definition describes the
|
37303
40800
|
# container and volume definitions of an Amazon Elastic Container
|
@@ -37335,7 +40832,7 @@ module Aws::SecurityHub
|
|
37335
40832
|
# @return [Types::AwsAutoScalingLaunchConfigurationDetails]
|
37336
40833
|
#
|
37337
40834
|
# @!attribute [rw] aws_ec2_vpn_connection
|
37338
|
-
# Details about an EC2 VPN connection.
|
40835
|
+
# Details about an Amazon EC2 VPN connection.
|
37339
40836
|
# @return [Types::AwsEc2VpnConnectionDetails]
|
37340
40837
|
#
|
37341
40838
|
# @!attribute [rw] aws_ecr_container_image
|
@@ -37386,6 +40883,64 @@ module Aws::SecurityHub
|
|
37386
40883
|
# Details about an Amazon RDS DB security group.
|
37387
40884
|
# @return [Types::AwsRdsDbSecurityGroupDetails]
|
37388
40885
|
#
|
40886
|
+
# @!attribute [rw] aws_kinesis_stream
|
40887
|
+
# Details about an Amazon Kinesis data stream.
|
40888
|
+
# @return [Types::AwsKinesisStreamDetails]
|
40889
|
+
#
|
40890
|
+
# @!attribute [rw] aws_ec2_transit_gateway
|
40891
|
+
# Details about an Amazon EC2 transit gateway that interconnects your
|
40892
|
+
# virtual private clouds (VPC) and on-premises networks.
|
40893
|
+
# @return [Types::AwsEc2TransitGatewayDetails]
|
40894
|
+
#
|
40895
|
+
# @!attribute [rw] aws_efs_access_point
|
40896
|
+
# Details about an Amazon EFS access point. An access point is an
|
40897
|
+
# application-specific view into an EFS file system that applies an
|
40898
|
+
# operating system user and group, and a file system path, to any file
|
40899
|
+
# system request made through the access point.
|
40900
|
+
# @return [Types::AwsEfsAccessPointDetails]
|
40901
|
+
#
|
40902
|
+
# @!attribute [rw] aws_cloud_formation_stack
|
40903
|
+
# Details about an CloudFormation stack. A stack is a collection of
|
40904
|
+
# Amazon Web Services resources that you can manage as a single unit.
|
40905
|
+
# @return [Types::AwsCloudFormationStackDetails]
|
40906
|
+
#
|
40907
|
+
# @!attribute [rw] aws_cloud_watch_alarm
|
40908
|
+
# Details about an Amazon CloudWatch alarm. An alarm allows you to
|
40909
|
+
# monitor and receive alerts about your Amazon Web Services resources
|
40910
|
+
# and applications across multiple Regions.
|
40911
|
+
# @return [Types::AwsCloudWatchAlarmDetails]
|
40912
|
+
#
|
40913
|
+
# @!attribute [rw] aws_ec2_vpc_peering_connection
|
40914
|
+
# Details about an Amazon EC2 VPC peering connection. A VPC peering
|
40915
|
+
# connection is a networking connection between two VPCs that enables
|
40916
|
+
# you to route traffic between them privately.
|
40917
|
+
# @return [Types::AwsEc2VpcPeeringConnectionDetails]
|
40918
|
+
#
|
40919
|
+
# @!attribute [rw] aws_waf_regional_rule_group
|
40920
|
+
# Details about an WAF rule group for Regional resources.
|
40921
|
+
# @return [Types::AwsWafRegionalRuleGroupDetails]
|
40922
|
+
#
|
40923
|
+
# @!attribute [rw] aws_waf_regional_rule
|
40924
|
+
# Details about an WAF rule for Regional resources.
|
40925
|
+
# @return [Types::AwsWafRegionalRuleDetails]
|
40926
|
+
#
|
40927
|
+
# @!attribute [rw] aws_waf_regional_web_acl
|
40928
|
+
# Details about an WAF web access control list (web ACL) for Regional
|
40929
|
+
# resources.
|
40930
|
+
# @return [Types::AwsWafRegionalWebAclDetails]
|
40931
|
+
#
|
40932
|
+
# @!attribute [rw] aws_waf_rule
|
40933
|
+
# Details about an WAF rule for global resources.
|
40934
|
+
# @return [Types::AwsWafRuleDetails]
|
40935
|
+
#
|
40936
|
+
# @!attribute [rw] aws_waf_rule_group
|
40937
|
+
# Details about an WAF rule group for global resources.
|
40938
|
+
# @return [Types::AwsWafRuleGroupDetails]
|
40939
|
+
#
|
40940
|
+
# @!attribute [rw] aws_ecs_task
|
40941
|
+
# Details about a task in a cluster.
|
40942
|
+
# @return [Types::AwsEcsTaskDetails]
|
40943
|
+
#
|
37389
40944
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
37390
40945
|
#
|
37391
40946
|
class ResourceDetails < Struct.new(
|
@@ -37433,6 +40988,7 @@ module Aws::SecurityHub
|
|
37433
40988
|
:aws_rds_db_cluster_snapshot,
|
37434
40989
|
:aws_rds_db_cluster,
|
37435
40990
|
:aws_ecs_cluster,
|
40991
|
+
:aws_ecs_container,
|
37436
40992
|
:aws_ecs_task_definition,
|
37437
40993
|
:container,
|
37438
40994
|
:other,
|
@@ -37451,7 +41007,19 @@ module Aws::SecurityHub
|
|
37451
41007
|
:aws_network_firewall_firewall_policy,
|
37452
41008
|
:aws_network_firewall_firewall,
|
37453
41009
|
:aws_network_firewall_rule_group,
|
37454
|
-
:aws_rds_db_security_group
|
41010
|
+
:aws_rds_db_security_group,
|
41011
|
+
:aws_kinesis_stream,
|
41012
|
+
:aws_ec2_transit_gateway,
|
41013
|
+
:aws_efs_access_point,
|
41014
|
+
:aws_cloud_formation_stack,
|
41015
|
+
:aws_cloud_watch_alarm,
|
41016
|
+
:aws_ec2_vpc_peering_connection,
|
41017
|
+
:aws_waf_regional_rule_group,
|
41018
|
+
:aws_waf_regional_rule,
|
41019
|
+
:aws_waf_regional_web_acl,
|
41020
|
+
:aws_waf_rule,
|
41021
|
+
:aws_waf_rule_group,
|
41022
|
+
:aws_ecs_task)
|
37455
41023
|
SENSITIVE = []
|
37456
41024
|
include Aws::Structure
|
37457
41025
|
end
|
@@ -39258,6 +42826,54 @@ module Aws::SecurityHub
|
|
39258
42826
|
#
|
39259
42827
|
class TagResourceResponse < Aws::EmptyStructure; end
|
39260
42828
|
|
42829
|
+
# Provides information about the threat detected in a security finding
|
42830
|
+
# and the file paths that were affected by the threat.
|
42831
|
+
#
|
42832
|
+
# @note When making an API call, you may pass Threat
|
42833
|
+
# data as a hash:
|
42834
|
+
#
|
42835
|
+
# {
|
42836
|
+
# name: "NonEmptyString",
|
42837
|
+
# severity: "NonEmptyString",
|
42838
|
+
# item_count: 1,
|
42839
|
+
# file_paths: [
|
42840
|
+
# {
|
42841
|
+
# file_path: "NonEmptyString",
|
42842
|
+
# file_name: "NonEmptyString",
|
42843
|
+
# resource_id: "NonEmptyString",
|
42844
|
+
# hash: "NonEmptyString",
|
42845
|
+
# },
|
42846
|
+
# ],
|
42847
|
+
# }
|
42848
|
+
#
|
42849
|
+
# @!attribute [rw] name
|
42850
|
+
# The name of the threat.
|
42851
|
+
# @return [String]
|
42852
|
+
#
|
42853
|
+
# @!attribute [rw] severity
|
42854
|
+
# The severity of the threat.
|
42855
|
+
# @return [String]
|
42856
|
+
#
|
42857
|
+
# @!attribute [rw] item_count
|
42858
|
+
# This total number of items in which the threat has been detected.
|
42859
|
+
# @return [Integer]
|
42860
|
+
#
|
42861
|
+
# @!attribute [rw] file_paths
|
42862
|
+
# Provides information about the file paths that were affected by the
|
42863
|
+
# threat.
|
42864
|
+
# @return [Array<Types::FilePaths>]
|
42865
|
+
#
|
42866
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Threat AWS API Documentation
|
42867
|
+
#
|
42868
|
+
class Threat < Struct.new(
|
42869
|
+
:name,
|
42870
|
+
:severity,
|
42871
|
+
:item_count,
|
42872
|
+
:file_paths)
|
42873
|
+
SENSITIVE = []
|
42874
|
+
include Aws::Structure
|
42875
|
+
end
|
42876
|
+
|
39261
42877
|
# Details about the threat intelligence related to a finding.
|
39262
42878
|
#
|
39263
42879
|
# @note When making an API call, you may pass ThreatIntelIndicator
|
@@ -40801,6 +44417,7 @@ module Aws::SecurityHub
|
|
40801
44417
|
#
|
40802
44418
|
# {
|
40803
44419
|
# auto_enable: false, # required
|
44420
|
+
# auto_enable_standards: "NONE", # accepts NONE, DEFAULT
|
40804
44421
|
# }
|
40805
44422
|
#
|
40806
44423
|
# @!attribute [rw] auto_enable
|
@@ -40814,10 +44431,27 @@ module Aws::SecurityHub
|
|
40814
44431
|
# `true`.
|
40815
44432
|
# @return [Boolean]
|
40816
44433
|
#
|
44434
|
+
# @!attribute [rw] auto_enable_standards
|
44435
|
+
# Whether to automatically enable Security Hub [default standards][1]
|
44436
|
+
# for new member accounts in the organization.
|
44437
|
+
#
|
44438
|
+
# By default, this parameter is equal to `DEFAULT`, and new member
|
44439
|
+
# accounts are automatically enabled with default Security Hub
|
44440
|
+
# standards.
|
44441
|
+
#
|
44442
|
+
# To opt out of enabling default standards for new member accounts,
|
44443
|
+
# set this parameter equal to `NONE`.
|
44444
|
+
#
|
44445
|
+
#
|
44446
|
+
#
|
44447
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
44448
|
+
# @return [String]
|
44449
|
+
#
|
40817
44450
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
|
40818
44451
|
#
|
40819
44452
|
class UpdateOrganizationConfigurationRequest < Struct.new(
|
40820
|
-
:auto_enable
|
44453
|
+
:auto_enable,
|
44454
|
+
:auto_enable_standards)
|
40821
44455
|
SENSITIVE = []
|
40822
44456
|
include Aws::Structure
|
40823
44457
|
end
|
@@ -40891,6 +44525,112 @@ module Aws::SecurityHub
|
|
40891
44525
|
#
|
40892
44526
|
class UpdateStandardsControlResponse < Aws::EmptyStructure; end
|
40893
44527
|
|
44528
|
+
# Describes the mounting of a volume in a container.
|
44529
|
+
#
|
44530
|
+
# @note When making an API call, you may pass VolumeMount
|
44531
|
+
# data as a hash:
|
44532
|
+
#
|
44533
|
+
# {
|
44534
|
+
# name: "NonEmptyString",
|
44535
|
+
# mount_path: "NonEmptyString",
|
44536
|
+
# }
|
44537
|
+
#
|
44538
|
+
# @!attribute [rw] name
|
44539
|
+
# The name of the volume.
|
44540
|
+
# @return [String]
|
44541
|
+
#
|
44542
|
+
# @!attribute [rw] mount_path
|
44543
|
+
# The path in the container at which the volume should be mounted.
|
44544
|
+
# @return [String]
|
44545
|
+
#
|
44546
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/VolumeMount AWS API Documentation
|
44547
|
+
#
|
44548
|
+
class VolumeMount < Struct.new(
|
44549
|
+
:name,
|
44550
|
+
:mount_path)
|
44551
|
+
SENSITIVE = []
|
44552
|
+
include Aws::Structure
|
44553
|
+
end
|
44554
|
+
|
44555
|
+
# Provides details about the IPv4 CIDR blocks for the VPC.
|
44556
|
+
#
|
44557
|
+
# @note When making an API call, you may pass VpcInfoCidrBlockSetDetails
|
44558
|
+
# data as a hash:
|
44559
|
+
#
|
44560
|
+
# {
|
44561
|
+
# cidr_block: "NonEmptyString",
|
44562
|
+
# }
|
44563
|
+
#
|
44564
|
+
# @!attribute [rw] cidr_block
|
44565
|
+
# The IPv4 CIDR block for the VPC.
|
44566
|
+
# @return [String]
|
44567
|
+
#
|
44568
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/VpcInfoCidrBlockSetDetails AWS API Documentation
|
44569
|
+
#
|
44570
|
+
class VpcInfoCidrBlockSetDetails < Struct.new(
|
44571
|
+
:cidr_block)
|
44572
|
+
SENSITIVE = []
|
44573
|
+
include Aws::Structure
|
44574
|
+
end
|
44575
|
+
|
44576
|
+
# Provides details about the IPv6 CIDR blocks for the VPC.
|
44577
|
+
#
|
44578
|
+
# @note When making an API call, you may pass VpcInfoIpv6CidrBlockSetDetails
|
44579
|
+
# data as a hash:
|
44580
|
+
#
|
44581
|
+
# {
|
44582
|
+
# ipv_6_cidr_block: "NonEmptyString",
|
44583
|
+
# }
|
44584
|
+
#
|
44585
|
+
# @!attribute [rw] ipv_6_cidr_block
|
44586
|
+
# The IPv6 CIDR block for the VPC.
|
44587
|
+
# @return [String]
|
44588
|
+
#
|
44589
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/VpcInfoIpv6CidrBlockSetDetails AWS API Documentation
|
44590
|
+
#
|
44591
|
+
class VpcInfoIpv6CidrBlockSetDetails < Struct.new(
|
44592
|
+
:ipv_6_cidr_block)
|
44593
|
+
SENSITIVE = []
|
44594
|
+
include Aws::Structure
|
44595
|
+
end
|
44596
|
+
|
44597
|
+
# Provides information about the VPC peering connection options for the
|
44598
|
+
# accepter or requester VPC.
|
44599
|
+
#
|
44600
|
+
# @note When making an API call, you may pass VpcInfoPeeringOptionsDetails
|
44601
|
+
# data as a hash:
|
44602
|
+
#
|
44603
|
+
# {
|
44604
|
+
# allow_dns_resolution_from_remote_vpc: false,
|
44605
|
+
# allow_egress_from_local_classic_link_to_remote_vpc: false,
|
44606
|
+
# allow_egress_from_local_vpc_to_remote_classic_link: false,
|
44607
|
+
# }
|
44608
|
+
#
|
44609
|
+
# @!attribute [rw] allow_dns_resolution_from_remote_vpc
|
44610
|
+
# Indicates whether a local VPC can resolve public DNS hostnames to
|
44611
|
+
# private IP addresses when queried from instances in a peer VPC.
|
44612
|
+
# @return [Boolean]
|
44613
|
+
#
|
44614
|
+
# @!attribute [rw] allow_egress_from_local_classic_link_to_remote_vpc
|
44615
|
+
# Indicates whether a local ClassicLink connection can communicate
|
44616
|
+
# with the peer VPC over the VPC peering connection.
|
44617
|
+
# @return [Boolean]
|
44618
|
+
#
|
44619
|
+
# @!attribute [rw] allow_egress_from_local_vpc_to_remote_classic_link
|
44620
|
+
# Indicates whether a local VPC can communicate with a ClassicLink
|
44621
|
+
# connection in the peer VPC over the VPC peering connection.
|
44622
|
+
# @return [Boolean]
|
44623
|
+
#
|
44624
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/VpcInfoPeeringOptionsDetails AWS API Documentation
|
44625
|
+
#
|
44626
|
+
class VpcInfoPeeringOptionsDetails < Struct.new(
|
44627
|
+
:allow_dns_resolution_from_remote_vpc,
|
44628
|
+
:allow_egress_from_local_classic_link_to_remote_vpc,
|
44629
|
+
:allow_egress_from_local_vpc_to_remote_classic_link)
|
44630
|
+
SENSITIVE = []
|
44631
|
+
include Aws::Structure
|
44632
|
+
end
|
44633
|
+
|
40894
44634
|
# A vulnerability associated with a finding.
|
40895
44635
|
#
|
40896
44636
|
# @note When making an API call, you may pass Vulnerability
|
@@ -41057,7 +44797,7 @@ module Aws::SecurityHub
|
|
41057
44797
|
# * `COUNT` - WAF increments a counter of the requests that match all
|
41058
44798
|
# of the conditions in the rule. WAF then continues to inspect the
|
41059
44799
|
# web request based on the remaining rules in the web ACL. You
|
41060
|
-
# can't specify `COUNT` for the default action for a
|
44800
|
+
# can't specify `COUNT` for the default action for a web ACL.
|
41061
44801
|
# @return [String]
|
41062
44802
|
#
|
41063
44803
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WafAction AWS API Documentation
|