aws-sdk-securityhub 1.68.0 → 1.70.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-securityhub/client.rb +161 -3
  5. data/lib/aws-sdk-securityhub/client_api.rb +108 -0
  6. data/lib/aws-sdk-securityhub/endpoint_parameters.rb +66 -0
  7. data/lib/aws-sdk-securityhub/endpoint_provider.rb +112 -0
  8. data/lib/aws-sdk-securityhub/endpoints.rb +799 -0
  9. data/lib/aws-sdk-securityhub/plugins/endpoints.rb +180 -0
  10. data/lib/aws-sdk-securityhub/types.rb +1702 -78
  11. data/lib/aws-sdk-securityhub.rb +5 -1
  12. metadata +8 -4
data/lib/aws-sdk-securityhub/types.rb CHANGED
@@ -1491,7 +1491,8 @@ module Aws::SecurityHub
1491
1491
  # @return [Array<String>]
1492
1492
  #
1493
1493
  # @!attribute [rw] health_check_type
1494
- # The service to use for the health checks.
1494
+ # The service to use for the health checks. Valid values are `EC2` or
1495
+ # `ELB`.
1495
1496
  # @return [String]
1496
1497
  #
1497
1498
  # @!attribute [rw] health_check_grace_period
@@ -1645,7 +1646,8 @@ module Aws::SecurityHub
1645
1646
  # }
1646
1647
  #
1647
1648
  # @!attribute [rw] on_demand_allocation_strategy
1648
- # How to allocate instance types to fulfill On-Demand capacity.
1649
+ # How to allocate instance types to fulfill On-Demand capacity. The
1650
+ # valid value is `prioritized`.
1649
1651
  # @return [String]
1650
1652
  #
1651
1653
  # @!attribute [rw] on_demand_base_capacity
@@ -1659,7 +1661,14 @@ module Aws::SecurityHub
1659
1661
  # @return [Integer]
1660
1662
  #
1661
1663
  # @!attribute [rw] spot_allocation_strategy
1662
- # How to allocate instances across Spot Instance pools.
1664
+ # How to allocate instances across Spot Instance pools. Valid values
1665
+ # are as follows:
1666
+ #
1667
+ # * `lowest-price`
1668
+ #
1669
+ # * `capacity-optimized`
1670
+ #
1671
+ # * `capacity-optimized-prioritized`
1663
1672
  # @return [String]
1664
1673
  #
1665
1674
  # @!attribute [rw] spot_instance_pools
@@ -1896,7 +1905,19 @@ module Aws::SecurityHub
1896
1905
  # @return [Integer]
1897
1906
  #
1898
1907
  # @!attribute [rw] volume_type
1899
- # The volume type.
1908
+ # The volume type. Valid values are as follows:
1909
+ #
1910
+ # * `gp2`
1911
+ #
1912
+ # * `gp3`
1913
+ #
1914
+ # * `io1`
1915
+ #
1916
+ # * `sc1`
1917
+ #
1918
+ # * `st1`
1919
+ #
1920
+ # * `standard`
1900
1921
  # @return [String]
1901
1922
  #
1902
1923
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails AWS API Documentation
@@ -2141,6 +2162,746 @@ module Aws::SecurityHub
2141
2162
  include Aws::Structure
2142
2163
  end
2143
2164
 
2165
+ # Provides a list of backup options for each resource type.
2166
+ #
2167
+ # @note When making an API call, you may pass AwsBackupBackupPlanAdvancedBackupSettingsDetails
2168
+ # data as a hash:
2169
+ #
2170
+ # {
2171
+ # backup_options: {
2172
+ # "NonEmptyString" => "NonEmptyString",
2173
+ # },
2174
+ # resource_type: "NonEmptyString",
2175
+ # }
2176
+ #
2177
+ # @!attribute [rw] backup_options
2178
+ # Specifies the backup option for a selected resource. This option is
2179
+ # only available for Windows Volume Shadow Copy Service (VSS) backup
2180
+ # jobs. Valid values are as follows:
2181
+ #
2182
+ # * Set to `WindowsVSS: enabled` to enable the WindowsVSS backup
2183
+ # option and create a Windows VSS backup.
2184
+ #
2185
+ # * Set to `WindowsVSS: disabled` to create a regular backup. The
2186
+ # `WindowsVSS` option is not enabled by default.
2187
+ # @return [Hash<String,String>]
2188
+ #
2189
+ # @!attribute [rw] resource_type
2190
+ # The name of a resource type. The only supported resource type is
2191
+ # Amazon EC2 instances with Windows VSS.
2192
+ #
2193
+ # The only valid value is `EC2`.
2194
+ # @return [String]
2195
+ #
2196
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupPlanAdvancedBackupSettingsDetails AWS API Documentation
2197
+ #
2198
+ class AwsBackupBackupPlanAdvancedBackupSettingsDetails < Struct.new(
2199
+ :backup_options,
2200
+ :resource_type)
2201
+ SENSITIVE = []
2202
+ include Aws::Structure
2203
+ end
2204
+
2205
+ # Provides details about an Backup backup plan and an array of
2206
+ # `BackupRule` objects, each of which specifies a backup rule.
2207
+ #
2208
+ # @note When making an API call, you may pass AwsBackupBackupPlanBackupPlanDetails
2209
+ # data as a hash:
2210
+ #
2211
+ # {
2212
+ # backup_plan_name: "NonEmptyString",
2213
+ # advanced_backup_settings: [
2214
+ # {
2215
+ # backup_options: {
2216
+ # "NonEmptyString" => "NonEmptyString",
2217
+ # },
2218
+ # resource_type: "NonEmptyString",
2219
+ # },
2220
+ # ],
2221
+ # backup_plan_rule: [
2222
+ # {
2223
+ # target_backup_vault: "NonEmptyString",
2224
+ # start_window_minutes: 1,
2225
+ # schedule_expression: "NonEmptyString",
2226
+ # rule_name: "NonEmptyString",
2227
+ # rule_id: "NonEmptyString",
2228
+ # enable_continuous_backup: false,
2229
+ # completion_window_minutes: 1,
2230
+ # copy_actions: [
2231
+ # {
2232
+ # destination_backup_vault_arn: "NonEmptyString",
2233
+ # lifecycle: {
2234
+ # delete_after_days: 1,
2235
+ # move_to_cold_storage_after_days: 1,
2236
+ # },
2237
+ # },
2238
+ # ],
2239
+ # lifecycle: {
2240
+ # delete_after_days: 1,
2241
+ # move_to_cold_storage_after_days: 1,
2242
+ # },
2243
+ # },
2244
+ # ],
2245
+ # }
2246
+ #
2247
+ # @!attribute [rw] backup_plan_name
2248
+ # The display name of a backup plan.
2249
+ # @return [String]
2250
+ #
2251
+ # @!attribute [rw] advanced_backup_settings
2252
+ # A list of backup options for each resource type.
2253
+ # @return [Array<Types::AwsBackupBackupPlanAdvancedBackupSettingsDetails>]
2254
+ #
2255
+ # @!attribute [rw] backup_plan_rule
2256
+ # An array of `BackupRule` objects, each of which specifies a
2257
+ # scheduled task that is used to back up a selection of resources.
2258
+ # @return [Array<Types::AwsBackupBackupPlanRuleDetails>]
2259
+ #
2260
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupPlanBackupPlanDetails AWS API Documentation
2261
+ #
2262
+ class AwsBackupBackupPlanBackupPlanDetails < Struct.new(
2263
+ :backup_plan_name,
2264
+ :advanced_backup_settings,
2265
+ :backup_plan_rule)
2266
+ SENSITIVE = []
2267
+ include Aws::Structure
2268
+ end
2269
+
2270
+ # Provides details about an Backup backup plan and an array of
2271
+ # `BackupRule` objects, each of which specifies a backup rule.
2272
+ #
2273
+ # @note When making an API call, you may pass AwsBackupBackupPlanDetails
2274
+ # data as a hash:
2275
+ #
2276
+ # {
2277
+ # backup_plan: {
2278
+ # backup_plan_name: "NonEmptyString",
2279
+ # advanced_backup_settings: [
2280
+ # {
2281
+ # backup_options: {
2282
+ # "NonEmptyString" => "NonEmptyString",
2283
+ # },
2284
+ # resource_type: "NonEmptyString",
2285
+ # },
2286
+ # ],
2287
+ # backup_plan_rule: [
2288
+ # {
2289
+ # target_backup_vault: "NonEmptyString",
2290
+ # start_window_minutes: 1,
2291
+ # schedule_expression: "NonEmptyString",
2292
+ # rule_name: "NonEmptyString",
2293
+ # rule_id: "NonEmptyString",
2294
+ # enable_continuous_backup: false,
2295
+ # completion_window_minutes: 1,
2296
+ # copy_actions: [
2297
+ # {
2298
+ # destination_backup_vault_arn: "NonEmptyString",
2299
+ # lifecycle: {
2300
+ # delete_after_days: 1,
2301
+ # move_to_cold_storage_after_days: 1,
2302
+ # },
2303
+ # },
2304
+ # ],
2305
+ # lifecycle: {
2306
+ # delete_after_days: 1,
2307
+ # move_to_cold_storage_after_days: 1,
2308
+ # },
2309
+ # },
2310
+ # ],
2311
+ # },
2312
+ # backup_plan_arn: "NonEmptyString",
2313
+ # backup_plan_id: "NonEmptyString",
2314
+ # version_id: "NonEmptyString",
2315
+ # }
2316
+ #
2317
+ # @!attribute [rw] backup_plan
2318
+ # Uniquely identifies the backup plan to be associated with the
2319
+ # selection of resources.
2320
+ # @return [Types::AwsBackupBackupPlanBackupPlanDetails]
2321
+ #
2322
+ # @!attribute [rw] backup_plan_arn
2323
+ # An Amazon Resource Name (ARN) that uniquely identifies the backup
2324
+ # plan.
2325
+ # @return [String]
2326
+ #
2327
+ # @!attribute [rw] backup_plan_id
2328
+ # A unique ID for the backup plan.
2329
+ # @return [String]
2330
+ #
2331
+ # @!attribute [rw] version_id
2332
+ # Unique, randomly generated, Unicode, UTF-8 encoded strings. Version
2333
+ # IDs cannot be edited.
2334
+ # @return [String]
2335
+ #
2336
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupPlanDetails AWS API Documentation
2337
+ #
2338
+ class AwsBackupBackupPlanDetails < Struct.new(
2339
+ :backup_plan,
2340
+ :backup_plan_arn,
2341
+ :backup_plan_id,
2342
+ :version_id)
2343
+ SENSITIVE = []
2344
+ include Aws::Structure
2345
+ end
2346
+
2347
+ # Provides lifecycle details for the backup plan. A lifecycle defines
2348
+ # when a backup is transitioned to cold storage and when it expires.
2349
+ #
2350
+ # @note When making an API call, you may pass AwsBackupBackupPlanLifecycleDetails
2351
+ # data as a hash:
2352
+ #
2353
+ # {
2354
+ # delete_after_days: 1,
2355
+ # move_to_cold_storage_after_days: 1,
2356
+ # }
2357
+ #
2358
+ # @!attribute [rw] delete_after_days
2359
+ # Specifies the number of days after creation that a recovery point is
2360
+ # deleted. Must be greater than 90 days plus
2361
+ # `MoveToColdStorageAfterDays`.
2362
+ # @return [Integer]
2363
+ #
2364
+ # @!attribute [rw] move_to_cold_storage_after_days
2365
+ # Specifies the number of days after creation that a recovery point is
2366
+ # moved to cold storage.
2367
+ # @return [Integer]
2368
+ #
2369
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupPlanLifecycleDetails AWS API Documentation
2370
+ #
2371
+ class AwsBackupBackupPlanLifecycleDetails < Struct.new(
2372
+ :delete_after_days,
2373
+ :move_to_cold_storage_after_days)
2374
+ SENSITIVE = []
2375
+ include Aws::Structure
2376
+ end
2377
+
2378
+ # An array of `CopyAction` objects, which contains the details of the
2379
+ # copy operation.
2380
+ #
2381
+ # @note When making an API call, you may pass AwsBackupBackupPlanRuleCopyActionsDetails
2382
+ # data as a hash:
2383
+ #
2384
+ # {
2385
+ # destination_backup_vault_arn: "NonEmptyString",
2386
+ # lifecycle: {
2387
+ # delete_after_days: 1,
2388
+ # move_to_cold_storage_after_days: 1,
2389
+ # },
2390
+ # }
2391
+ #
2392
+ # @!attribute [rw] destination_backup_vault_arn
2393
+ # An Amazon Resource Name (ARN) that uniquely identifies the
2394
+ # destination backup vault for the copied backup.
2395
+ # @return [String]
2396
+ #
2397
+ # @!attribute [rw] lifecycle
2398
+ # Defines when a protected resource is transitioned to cold storage
2399
+ # and when it expires. Backup transitions and expires backups
2400
+ # automatically according to the lifecycle that you define. If you do
2401
+ # not specify a lifecycle, Backup applies the lifecycle policy of the
2402
+ # source backup to the destination backup.
2403
+ #
2404
+ # Backups transitioned to cold storage must be stored in cold storage
2405
+ # for a minimum of 90 days.
2406
+ # @return [Types::AwsBackupBackupPlanLifecycleDetails]
2407
+ #
2408
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupPlanRuleCopyActionsDetails AWS API Documentation
2409
+ #
2410
+ class AwsBackupBackupPlanRuleCopyActionsDetails < Struct.new(
2411
+ :destination_backup_vault_arn,
2412
+ :lifecycle)
2413
+ SENSITIVE = []
2414
+ include Aws::Structure
2415
+ end
2416
+
2417
+ # Provides details about an array of `BackupRule` objects, each of which
2418
+ # specifies a scheduled task that is used to back up a selection of
2419
+ # resources.
2420
+ #
2421
+ # @note When making an API call, you may pass AwsBackupBackupPlanRuleDetails
2422
+ # data as a hash:
2423
+ #
2424
+ # {
2425
+ # target_backup_vault: "NonEmptyString",
2426
+ # start_window_minutes: 1,
2427
+ # schedule_expression: "NonEmptyString",
2428
+ # rule_name: "NonEmptyString",
2429
+ # rule_id: "NonEmptyString",
2430
+ # enable_continuous_backup: false,
2431
+ # completion_window_minutes: 1,
2432
+ # copy_actions: [
2433
+ # {
2434
+ # destination_backup_vault_arn: "NonEmptyString",
2435
+ # lifecycle: {
2436
+ # delete_after_days: 1,
2437
+ # move_to_cold_storage_after_days: 1,
2438
+ # },
2439
+ # },
2440
+ # ],
2441
+ # lifecycle: {
2442
+ # delete_after_days: 1,
2443
+ # move_to_cold_storage_after_days: 1,
2444
+ # },
2445
+ # }
2446
+ #
2447
+ # @!attribute [rw] target_backup_vault
2448
+ # The name of a logical container where backups are stored. Backup
2449
+ # vaults are identified by names that are unique to the Amazon Web
2450
+ # Services account used to create them and the Amazon Web Services
2451
+ # Region where they are created. They consist of letters, numbers, and
2452
+ # hyphens.
2453
+ # @return [String]
2454
+ #
2455
+ # @!attribute [rw] start_window_minutes
2456
+ # A value in minutes after a backup is scheduled before a job will be
2457
+ # canceled if it doesn't start successfully.
2458
+ # @return [Integer]
2459
+ #
2460
+ # @!attribute [rw] schedule_expression
2461
+ # A cron expression in UTC specifying when Backup initiates a backup
2462
+ # job.
2463
+ # @return [String]
2464
+ #
2465
+ # @!attribute [rw] rule_name
2466
+ # A display name for a backup rule. Must contain 1 to 50 alphanumeric
2467
+ # or '-\_.' characters.
2468
+ # @return [String]
2469
+ #
2470
+ # @!attribute [rw] rule_id
2471
+ # Uniquely identifies a rule that is used to schedule the backup of a
2472
+ # selection of resources.
2473
+ # @return [String]
2474
+ #
2475
+ # @!attribute [rw] enable_continuous_backup
2476
+ # Specifies whether Backup creates continuous backups capable of
2477
+ # point-in-time restore (PITR).
2478
+ # @return [Boolean]
2479
+ #
2480
+ # @!attribute [rw] completion_window_minutes
2481
+ # A value in minutes after a backup job is successfully started before
2482
+ # it must be completed, or it is canceled by Backup.
2483
+ # @return [Integer]
2484
+ #
2485
+ # @!attribute [rw] copy_actions
2486
+ # An array of `CopyAction` objects, which contains the details of the
2487
+ # copy operation.
2488
+ # @return [Array<Types::AwsBackupBackupPlanRuleCopyActionsDetails>]
2489
+ #
2490
+ # @!attribute [rw] lifecycle
2491
+ # Defines when a protected resource is transitioned to cold storage
2492
+ # and when it expires. Backup transitions and expires backups
2493
+ # automatically according to the lifecycle that you define. If you do
2494
+ # not specify a lifecycle, Backup applies the lifecycle policy of the
2495
+ # source backup to the destination backup.
2496
+ #
2497
+ # Backups transitioned to cold storage must be stored in cold storage
2498
+ # for a minimum of 90 days.
2499
+ # @return [Types::AwsBackupBackupPlanLifecycleDetails]
2500
+ #
2501
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupPlanRuleDetails AWS API Documentation
2502
+ #
2503
+ class AwsBackupBackupPlanRuleDetails < Struct.new(
2504
+ :target_backup_vault,
2505
+ :start_window_minutes,
2506
+ :schedule_expression,
2507
+ :rule_name,
2508
+ :rule_id,
2509
+ :enable_continuous_backup,
2510
+ :completion_window_minutes,
2511
+ :copy_actions,
2512
+ :lifecycle)
2513
+ SENSITIVE = []
2514
+ include Aws::Structure
2515
+ end
2516
+
2517
+ # Provides details about an Backup backup vault. In Backup, a backup
2518
+ # vault is a container that stores and organizes your backups.
2519
+ #
2520
+ # @note When making an API call, you may pass AwsBackupBackupVaultDetails
2521
+ # data as a hash:
2522
+ #
2523
+ # {
2524
+ # backup_vault_arn: "NonEmptyString",
2525
+ # backup_vault_name: "NonEmptyString",
2526
+ # encryption_key_arn: "NonEmptyString",
2527
+ # notifications: {
2528
+ # backup_vault_events: ["NonEmptyString"],
2529
+ # sns_topic_arn: "NonEmptyString",
2530
+ # },
2531
+ # access_policy: "NonEmptyString",
2532
+ # }
2533
+ #
2534
+ # @!attribute [rw] backup_vault_arn
2535
+ # An Amazon Resource Name (ARN) that uniquely identifies a backup
2536
+ # vault.
2537
+ # @return [String]
2538
+ #
2539
+ # @!attribute [rw] backup_vault_name
2540
+ # The name of a logical container where backups are stored. Backup
2541
+ # vaults are identified by names that are unique to the Amazon Web
2542
+ # Services account used to create them and the Amazon Web Services
2543
+ # Region where they are created. They consist of lowercase letters,
2544
+ # numbers, and hyphens.
2545
+ # @return [String]
2546
+ #
2547
+ # @!attribute [rw] encryption_key_arn
2548
+ # The unique ARN associated with the server-side encryption key. You
2549
+ # can specify a key to encrypt your backups from services that support
2550
+ # full Backup management. If you do not specify a key, Backup creates
2551
+ # an KMS key for you by default.
2552
+ # @return [String]
2553
+ #
2554
+ # @!attribute [rw] notifications
2555
+ # The Amazon SNS event notifications for the specified backup vault.
2556
+ # @return [Types::AwsBackupBackupVaultNotificationsDetails]
2557
+ #
2558
+ # @!attribute [rw] access_policy
2559
+ # A resource-based policy that is used to manage access permissions on
2560
+ # the target backup vault.
2561
+ # @return [String]
2562
+ #
2563
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupVaultDetails AWS API Documentation
2564
+ #
2565
+ class AwsBackupBackupVaultDetails < Struct.new(
2566
+ :backup_vault_arn,
2567
+ :backup_vault_name,
2568
+ :encryption_key_arn,
2569
+ :notifications,
2570
+ :access_policy)
2571
+ SENSITIVE = []
2572
+ include Aws::Structure
2573
+ end
2574
+
2575
+ # Provides details about the Amazon SNS event notifications for the
2576
+ # specified backup vault.
2577
+ #
2578
+ # @note When making an API call, you may pass AwsBackupBackupVaultNotificationsDetails
2579
+ # data as a hash:
2580
+ #
2581
+ # {
2582
+ # backup_vault_events: ["NonEmptyString"],
2583
+ # sns_topic_arn: "NonEmptyString",
2584
+ # }
2585
+ #
2586
+ # @!attribute [rw] backup_vault_events
2587
+ # An array of events that indicate the status of jobs to back up
2588
+ # resources to the backup vault. The following events are supported:
2589
+ #
2590
+ # * `BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED`
2591
+ #
2592
+ # * `COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED`
2593
+ #
2594
+ # * `RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED |
2595
+ # RECOVERY_POINT_MODIFIED`
2596
+ #
2597
+ # * `S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED`
2598
+ # @return [Array<String>]
2599
+ #
2600
+ # @!attribute [rw] sns_topic_arn
2601
+ # An ARN that uniquely identifies the Amazon SNS topic for a backup
2602
+ # vault’s events.
2603
+ # @return [String]
2604
+ #
2605
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupBackupVaultNotificationsDetails AWS API Documentation
2606
+ #
2607
+ class AwsBackupBackupVaultNotificationsDetails < Struct.new(
2608
+ :backup_vault_events,
2609
+ :sns_topic_arn)
2610
+ SENSITIVE = []
2611
+ include Aws::Structure
2612
+ end
2613
+
2614
+ # Specifies how long in days before a recovery point transitions to cold
2615
+ # storage or is deleted.
2616
+ #
2617
+ # @note When making an API call, you may pass AwsBackupRecoveryPointCalculatedLifecycleDetails
2618
+ # data as a hash:
2619
+ #
2620
+ # {
2621
+ # delete_at: "NonEmptyString",
2622
+ # move_to_cold_storage_at: "NonEmptyString",
2623
+ # }
2624
+ #
2625
+ # @!attribute [rw] delete_at
2626
+ # Specifies the number of days after creation that a recovery point is
2627
+ # deleted. Must be greater than 90 days plus
2628
+ # `MoveToColdStorageAfterDays`.
2629
+ # @return [String]
2630
+ #
2631
+ # @!attribute [rw] move_to_cold_storage_at
2632
+ # Specifies the number of days after creation that a recovery point is
2633
+ # moved to cold storage.
2634
+ # @return [String]
2635
+ #
2636
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupRecoveryPointCalculatedLifecycleDetails AWS API Documentation
2637
+ #
2638
+ class AwsBackupRecoveryPointCalculatedLifecycleDetails < Struct.new(
2639
+ :delete_at,
2640
+ :move_to_cold_storage_at)
2641
+ SENSITIVE = []
2642
+ include Aws::Structure
2643
+ end
2644
+
2645
+ # Contains information about the backup plan and rule that Backup used
2646
+ # to initiate the recovery point backup.
2647
+ #
2648
+ # @note When making an API call, you may pass AwsBackupRecoveryPointCreatedByDetails
2649
+ # data as a hash:
2650
+ #
2651
+ # {
2652
+ # backup_plan_arn: "NonEmptyString",
2653
+ # backup_plan_id: "NonEmptyString",
2654
+ # backup_plan_version: "NonEmptyString",
2655
+ # backup_rule_id: "NonEmptyString",
2656
+ # }
2657
+ #
2658
+ # @!attribute [rw] backup_plan_arn
2659
+ # An Amazon Resource Name (ARN) that uniquely identifies a backup
2660
+ # plan.
2661
+ # @return [String]
2662
+ #
2663
+ # @!attribute [rw] backup_plan_id
2664
+ # Uniquely identifies a backup plan.
2665
+ # @return [String]
2666
+ #
2667
+ # @!attribute [rw] backup_plan_version
2668
+ # Unique, randomly generated, Unicode, UTF-8 encoded strings that are
2669
+ # at most 1,024 bytes long. Version IDs cannot be edited.
2670
+ # @return [String]
2671
+ #
2672
+ # @!attribute [rw] backup_rule_id
2673
+ # Uniquely identifies a rule used to schedule the backup of a
2674
+ # selection of resources.
2675
+ # @return [String]
2676
+ #
2677
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupRecoveryPointCreatedByDetails AWS API Documentation
2678
+ #
2679
+ class AwsBackupRecoveryPointCreatedByDetails < Struct.new(
2680
+ :backup_plan_arn,
2681
+ :backup_plan_id,
2682
+ :backup_plan_version,
2683
+ :backup_rule_id)
2684
+ SENSITIVE = []
2685
+ include Aws::Structure
2686
+ end
2687
+
2688
+ # Contains detailed information about the recovery points stored in an
2689
+ # Backup backup vault. A backup, or recovery point, represents the
2690
+ # content of a resource at a specified time.
2691
+ #
2692
+ # @note When making an API call, you may pass AwsBackupRecoveryPointDetails
2693
+ # data as a hash:
2694
+ #
2695
+ # {
2696
+ # backup_size_in_bytes: 1,
2697
+ # backup_vault_arn: "NonEmptyString",
2698
+ # backup_vault_name: "NonEmptyString",
2699
+ # calculated_lifecycle: {
2700
+ # delete_at: "NonEmptyString",
2701
+ # move_to_cold_storage_at: "NonEmptyString",
2702
+ # },
2703
+ # completion_date: "NonEmptyString",
2704
+ # created_by: {
2705
+ # backup_plan_arn: "NonEmptyString",
2706
+ # backup_plan_id: "NonEmptyString",
2707
+ # backup_plan_version: "NonEmptyString",
2708
+ # backup_rule_id: "NonEmptyString",
2709
+ # },
2710
+ # creation_date: "NonEmptyString",
2711
+ # encryption_key_arn: "NonEmptyString",
2712
+ # iam_role_arn: "NonEmptyString",
2713
+ # is_encrypted: false,
2714
+ # last_restore_time: "NonEmptyString",
2715
+ # lifecycle: {
2716
+ # delete_after_days: 1,
2717
+ # move_to_cold_storage_after_days: 1,
2718
+ # },
2719
+ # recovery_point_arn: "NonEmptyString",
2720
+ # resource_arn: "NonEmptyString",
2721
+ # resource_type: "NonEmptyString",
2722
+ # source_backup_vault_arn: "NonEmptyString",
2723
+ # status: "NonEmptyString",
2724
+ # status_message: "NonEmptyString",
2725
+ # storage_class: "NonEmptyString",
2726
+ # }
2727
+ #
2728
+ # @!attribute [rw] backup_size_in_bytes
2729
+ # The size, in bytes, of a backup.
2730
+ # @return [Integer]
2731
+ #
2732
+ # @!attribute [rw] backup_vault_arn
2733
+ # An Amazon Resource Name (ARN) that uniquely identifies a backup
2734
+ # vault.
2735
+ # @return [String]
2736
+ #
2737
+ # @!attribute [rw] backup_vault_name
2738
+ # The name of a logical container where backups are stored. Backup
2739
+ # vaults are identified by names that are unique to the Amazon Web
2740
+ # Services account used to create them and the Amazon Web Services
2741
+ # Region where they are created. They consist of lowercase letters,
2742
+ # numbers, and hyphens.
2743
+ # @return [String]
2744
+ #
2745
+ # @!attribute [rw] calculated_lifecycle
2746
+ # A `CalculatedLifecycle` object containing `DeleteAt` and
2747
+ # `MoveToColdStorageAt` timestamps.
2748
+ # @return [Types::AwsBackupRecoveryPointCalculatedLifecycleDetails]
2749
+ #
2750
+ # @!attribute [rw] completion_date
2751
+ # The date and time that a job to create a recovery point is
2752
+ # completed, in Unix format and UTC. The value of `CompletionDate` is
2753
+ # accurate to milliseconds. For example, the value 1516925490.087
2754
+ # represents Friday, January 26, 2018 12:11:30.087 AM.
2755
+ # @return [String]
2756
+ #
2757
+ # @!attribute [rw] created_by
2758
+ # Contains identifying information about the creation of a recovery
2759
+ # point, including the `BackupPlanArn`, `BackupPlanId`,
2760
+ # `BackupPlanVersion`, and `BackupRuleId` of the backup plan that is
2761
+ # used to create it.
2762
+ # @return [Types::AwsBackupRecoveryPointCreatedByDetails]
2763
+ #
2764
+ # @!attribute [rw] creation_date
2765
+ # The date and time a recovery point is created, in Unix format and
2766
+ # UTC. The value of `CreationDate` is accurate to milliseconds. For
2767
+ # example, the value 1516925490.087 represents Friday, January 26,
2768
+ # 2018 12:11:30.087 AM.
2769
+ # @return [String]
2770
+ #
2771
+ # @!attribute [rw] encryption_key_arn
2772
+ # The ARN for the server-side encryption key that is used to protect
2773
+ # your backups.
2774
+ # @return [String]
2775
+ #
2776
+ # @!attribute [rw] iam_role_arn
2777
+ # Specifies the IAM role ARN used to create the target recovery point
2778
+ # @return [String]
2779
+ #
2780
+ # @!attribute [rw] is_encrypted
2781
+ # A Boolean value that is returned as `TRUE` if the specified recovery
2782
+ # point is encrypted, or `FALSE` if the recovery point is not
2783
+ # encrypted.
2784
+ # @return [Boolean]
2785
+ #
2786
+ # @!attribute [rw] last_restore_time
2787
+ # The date and time that a recovery point was last restored, in Unix
2788
+ # format and UTC. The value of `LastRestoreTime` is accurate to
2789
+ # milliseconds. For example, the value 1516925490.087 represents
2790
+ # Friday, January 26, 2018 12:11:30.087 AM.
2791
+ # @return [String]
2792
+ #
2793
+ # @!attribute [rw] lifecycle
2794
+ # The lifecycle defines when a protected resource is transitioned to
2795
+ # cold storage and when it expires. Backup transitions and expires
2796
+ # backups automatically according to the lifecycle that you define
2797
+ # @return [Types::AwsBackupRecoveryPointLifecycleDetails]
2798
+ #
2799
+ # @!attribute [rw] recovery_point_arn
2800
+ # An ARN that uniquely identifies a recovery point.
2801
+ # @return [String]
2802
+ #
2803
+ # @!attribute [rw] resource_arn
2804
+ # An ARN that uniquely identifies a resource. The format of the ARN
2805
+ # depends on the resource type.
2806
+ # @return [String]
2807
+ #
2808
+ # @!attribute [rw] resource_type
2809
+ # The type of Amazon Web Services resource saved as a recovery point,
2810
+ # such as an Amazon EBS volume or an Amazon RDS database.
2811
+ # @return [String]
2812
+ #
2813
+ # @!attribute [rw] source_backup_vault_arn
2814
+ # The ARN for the backup vault where the recovery point was originally
2815
+ # copied from. If the recovery point is restored to the same account,
2816
+ # this value will be null.
2817
+ # @return [String]
2818
+ #
2819
+ # @!attribute [rw] status
2820
+ # A status code specifying the state of the recovery point. Valid
2821
+ # values are as follows:
2822
+ #
2823
+ # * `COMPLETED`
2824
+ #
2825
+ # * `DELETING`
2826
+ #
2827
+ # * `EXPIRED`
2828
+ #
2829
+ # * `PARTIAL`
2830
+ # @return [String]
2831
+ #
2832
+ # @!attribute [rw] status_message
2833
+ # A message explaining the reason of the recovery point deletion
2834
+ # failure.
2835
+ # @return [String]
2836
+ #
2837
+ # @!attribute [rw] storage_class
2838
+ # Specifies the storage class of the recovery point. Valid values are
2839
+ # as follows:
2840
+ #
2841
+ # * `COLD`
2842
+ #
2843
+ # * `DELETED`
2844
+ #
2845
+ # * `WARM`
2846
+ # @return [String]
2847
+ #
2848
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupRecoveryPointDetails AWS API Documentation
2849
+ #
2850
+ class AwsBackupRecoveryPointDetails < Struct.new(
2851
+ :backup_size_in_bytes,
2852
+ :backup_vault_arn,
2853
+ :backup_vault_name,
2854
+ :calculated_lifecycle,
2855
+ :completion_date,
2856
+ :created_by,
2857
+ :creation_date,
2858
+ :encryption_key_arn,
2859
+ :iam_role_arn,
2860
+ :is_encrypted,
2861
+ :last_restore_time,
2862
+ :lifecycle,
2863
+ :recovery_point_arn,
2864
+ :resource_arn,
2865
+ :resource_type,
2866
+ :source_backup_vault_arn,
2867
+ :status,
2868
+ :status_message,
2869
+ :storage_class)
2870
+ SENSITIVE = []
2871
+ include Aws::Structure
2872
+ end
2873
+
2874
+ # Contains an array of Transition objects specifying how long in days
2875
+ # before a recovery point transitions to cold storage or is deleted.
2876
+ #
2877
+ # @note When making an API call, you may pass AwsBackupRecoveryPointLifecycleDetails
2878
+ # data as a hash:
2879
+ #
2880
+ # {
2881
+ # delete_after_days: 1,
2882
+ # move_to_cold_storage_after_days: 1,
2883
+ # }
2884
+ #
2885
+ # @!attribute [rw] delete_after_days
2886
+ # Specifies the number of days after creation that a recovery point is
2887
+ # deleted. Must be greater than 90 days plus
2888
+ # `MoveToColdStorageAfterDays`.
2889
+ # @return [Integer]
2890
+ #
2891
+ # @!attribute [rw] move_to_cold_storage_after_days
2892
+ # Specifies the number of days after creation that a recovery point is
2893
+ # moved to cold storage.
2894
+ # @return [Integer]
2895
+ #
2896
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsBackupRecoveryPointLifecycleDetails AWS API Documentation
2897
+ #
2898
+ class AwsBackupRecoveryPointLifecycleDetails < Struct.new(
2899
+ :delete_after_days,
2900
+ :move_to_cold_storage_after_days)
2901
+ SENSITIVE = []
2902
+ include Aws::Structure
2903
+ end
2904
+
2144
2905
  # Provides details about an Certificate Manager certificate.
2145
2906
  #
2146
2907
  # @note When making an API call, you may pass AwsCertificateManagerCertificateDetails
@@ -2598,7 +3359,8 @@ module Aws::SecurityHub
2598
3359
  # @return [String]
2599
3360
  #
2600
3361
  # @!attribute [rw] renewal_status_reason
2601
- # The reason that a renewal request was unsuccessful.
3362
+ # The reason that a renewal request was unsuccessful. This attribute
3363
+ # is used only when `RenewalStatus` is `FAILED`.
2602
3364
  #
2603
3365
  # Valid values: `NO_AVAILABLE_CONTACTS` \|
2604
3366
  # `ADDITIONAL_VERIFICATION_REQUIRED` \| `DOMAIN_NOT_ALLOWED` \|
@@ -4776,7 +5538,21 @@ module Aws::SecurityHub
4776
5538
  # @return [Integer]
4777
5539
  #
4778
5540
  # @!attribute [rw] table_status
4779
- # The current status of the table.
5541
+ # The current status of the table. Valid values are as follows:
5542
+ #
5543
+ # * `ACTIVE`
5544
+ #
5545
+ # * `ARCHIVED`
5546
+ #
5547
+ # * `ARCHIVING`
5548
+ #
5549
+ # * `CREATING`
5550
+ #
5551
+ # * `DELETING`
5552
+ #
5553
+ # * `INACCESSIBLE_ENCRYPTION_CREDENTIALS`
5554
+ #
5555
+ # * `UPDATING`
4780
5556
  # @return [String]
4781
5557
  #
4782
5558
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableDetails AWS API Documentation
@@ -4854,6 +5630,14 @@ module Aws::SecurityHub
4854
5630
  #
4855
5631
  # @!attribute [rw] index_status
4856
5632
  # The current status of the index.
5633
+ #
5634
+ # * `ACTIVE`
5635
+ #
5636
+ # * `CREATING`
5637
+ #
5638
+ # * `DELETING`
5639
+ #
5640
+ # * `UPDATING`
4857
5641
  # @return [String]
4858
5642
  #
4859
5643
  # @!attribute [rw] item_count
@@ -4905,7 +5689,8 @@ module Aws::SecurityHub
4905
5689
  # @return [String]
4906
5690
  #
4907
5691
  # @!attribute [rw] key_type
4908
- # The type of key used for the key schema attribute.
5692
+ # The type of key used for the key schema attribute. Valid values are
5693
+ # `HASH` or `RANGE`.
4909
5694
  # @return [String]
4910
5695
  #
4911
5696
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableKeySchema AWS API Documentation
@@ -4983,7 +5768,14 @@ module Aws::SecurityHub
4983
5768
  # @return [Array<String>]
4984
5769
  #
4985
5770
  # @!attribute [rw] projection_type
4986
- # The types of attributes that are projected into the index.
5771
+ # The types of attributes that are projected into the index. Valid
5772
+ # values are as follows:
5773
+ #
5774
+ # * `ALL`
5775
+ #
5776
+ # * `INCLUDE`
5777
+ #
5778
+ # * `KEYS_ONLY`
4987
5779
  # @return [String]
4988
5780
  #
4989
5781
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableProjection AWS API Documentation
@@ -5122,7 +5914,17 @@ module Aws::SecurityHub
5122
5914
  # @return [String]
5123
5915
  #
5124
5916
  # @!attribute [rw] replica_status
5125
- # The current status of the replica.
5917
+ # The current status of the replica. Valid values are as follows:
5918
+ #
5919
+ # * `ACTIVE`
5920
+ #
5921
+ # * `CREATING`
5922
+ #
5923
+ # * `CREATION_FAILED`
5924
+ #
5925
+ # * `DELETING`
5926
+ #
5927
+ # * `UPDATING`
5126
5928
  # @return [String]
5127
5929
  #
5128
5930
  # @!attribute [rw] replica_status_description
@@ -6378,7 +7180,8 @@ module Aws::SecurityHub
6378
7180
  # @return [String]
6379
7181
  #
6380
7182
  # @!attribute [rw] state
6381
- # The current state of the subnet.
7183
+ # The current state of the subnet. Valid values are `available` or
7184
+ # `pending`.
6382
7185
  # @return [String]
6383
7186
  #
6384
7187
  # @!attribute [rw] subnet_arn
@@ -6535,7 +7338,17 @@ module Aws::SecurityHub
6535
7338
  # @return [String]
6536
7339
  #
6537
7340
  # @!attribute [rw] status
6538
- # The attachment state of the volume.
7341
+ # The attachment state of the volume. Valid values are as follows:
7342
+ #
7343
+ # * `attaching`
7344
+ #
7345
+ # * `attached`
7346
+ #
7347
+ # * `busy`
7348
+ #
7349
+ # * `detaching`
7350
+ #
7351
+ # * `detached`
6539
7352
  # @return [String]
6540
7353
  #
6541
7354
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VolumeAttachment AWS API Documentation
@@ -6604,7 +7417,19 @@ module Aws::SecurityHub
6604
7417
  # @return [String]
6605
7418
  #
6606
7419
  # @!attribute [rw] status
6607
- # The volume state.
7420
+ # The volume state. Valid values are as follows:
7421
+ #
7422
+ # * `available`
7423
+ #
7424
+ # * `creating`
7425
+ #
7426
+ # * `deleted`
7427
+ #
7428
+ # * `deleting`
7429
+ #
7430
+ # * `error`
7431
+ #
7432
+ # * `in-use`
6608
7433
  # @return [String]
6609
7434
  #
6610
7435
  # @!attribute [rw] kms_key_id
@@ -6685,7 +7510,8 @@ module Aws::SecurityHub
6685
7510
  # @return [String]
6686
7511
  #
6687
7512
  # @!attribute [rw] state
6688
- # The current state of the VPC.
7513
+ # The current state of the VPC. Valid values are `available` or
7514
+ # `pending`.
6689
7515
  # @return [String]
6690
7516
  #
6691
7517
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcDetails AWS API Documentation
@@ -6761,7 +7587,17 @@ module Aws::SecurityHub
6761
7587
  # @return [String]
6762
7588
  #
6763
7589
  # @!attribute [rw] service_state
6764
- # The current state of the service.
7590
+ # The current state of the service. Valid values are as follows:
7591
+ #
7592
+ # * `Available`
7593
+ #
7594
+ # * `Deleted`
7595
+ #
7596
+ # * `Deleting`
7597
+ #
7598
+ # * `Failed`
7599
+ #
7600
+ # * `Pending`
6765
7601
  # @return [String]
6766
7602
  #
6767
7603
  # @!attribute [rw] service_type
@@ -7055,7 +7891,16 @@ module Aws::SecurityHub
7055
7891
  # @return [String]
7056
7892
  #
7057
7893
  # @!attribute [rw] state
7058
- # The current state of the VPN connection.
7894
+ # The current state of the VPN connection. Valid values are as
7895
+ # follows:
7896
+ #
7897
+ # * `available`
7898
+ #
7899
+ # * `deleted`
7900
+ #
7901
+ # * `deleting`
7902
+ #
7903
+ # * `pending`
7059
7904
  # @return [String]
7060
7905
  #
7061
7906
  # @!attribute [rw] customer_gateway_id
@@ -7356,7 +8201,7 @@ module Aws::SecurityHub
7356
8201
  # @return [String]
7357
8202
  #
7358
8203
  # @!attribute [rw] status
7359
- # The status of the VPN tunnel.
8204
+ # The status of the VPN tunnel. Valid values are `DOWN` or `UP`.
7360
8205
  # @return [String]
7361
8206
  #
7362
8207
  # @!attribute [rw] status_message
@@ -7400,7 +8245,13 @@ module Aws::SecurityHub
7400
8245
  # @return [String]
7401
8246
  #
7402
8247
  # @!attribute [rw] architecture
7403
- # The architecture of the image.
8248
+ # The architecture of the image. Valid values are as follows:
8249
+ #
8250
+ # * `arm64`
8251
+ #
8252
+ # * `i386`
8253
+ #
8254
+ # * `x86_64`
7404
8255
  # @return [String]
7405
8256
  #
7406
8257
  # @!attribute [rw] image_digest
@@ -7465,7 +8316,8 @@ module Aws::SecurityHub
7465
8316
  # @return [Types::AwsEcrRepositoryImageScanningConfigurationDetails]
7466
8317
  #
7467
8318
  # @!attribute [rw] image_tag_mutability
7468
- # The tag mutability setting for the repository.
8319
+ # The tag mutability setting for the repository. Valid values are
8320
+ # `IMMUTABLE` or `MUTABLE`.
7469
8321
  # @return [String]
7470
8322
  #
7471
8323
  # @!attribute [rw] lifecycle_policy
@@ -7554,11 +8406,11 @@ module Aws::SecurityHub
7554
8406
  # }
7555
8407
  #
7556
8408
  # @!attribute [rw] name
7557
- # The name of the setting.
8409
+ # The name of the setting. The valid value is `containerInsights`.
7558
8410
  # @return [String]
7559
8411
  #
7560
8412
  # @!attribute [rw] value
7561
- # The value of the setting.
8413
+ # The value of the setting. Valid values are `disabled` or `enabled`.
7562
8414
  # @return [String]
7563
8415
  #
7564
8416
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterClusterSettingsDetails AWS API Documentation
@@ -8549,7 +9401,15 @@ module Aws::SecurityHub
8549
9401
  # @!attribute [rw] condition
8550
9402
  # The dependency condition of the dependent container. Indicates the
8551
9403
  # required status of the dependent container before the current
8552
- # container can start.
9404
+ # container can start. Valid values are as follows:
9405
+ #
9406
+ # * `COMPLETE`
9407
+ #
9408
+ # * `HEALTHY`
9409
+ #
9410
+ # * `SUCCESS`
9411
+ #
9412
+ # * `START`
8553
9413
  # @return [String]
8554
9414
  #
8555
9415
  # @!attribute [rw] container_name
@@ -8994,7 +9854,7 @@ module Aws::SecurityHub
8994
9854
  # }
8995
9855
  #
8996
9856
  # @!attribute [rw] type
8997
- # The type of environment file.
9857
+ # The type of environment file. The valid value is `s3`.
8998
9858
  # @return [String]
8999
9859
  #
9000
9860
  # @!attribute [rw] value
@@ -9065,7 +9925,7 @@ module Aws::SecurityHub
9065
9925
  # @return [Hash<String,String>]
9066
9926
  #
9067
9927
  # @!attribute [rw] type
9068
- # The log router to use.
9928
+ # The log router to use. Valid values are `fluentbit` or `fluentd`.
9069
9929
  # @return [String]
9070
9930
  #
9071
9931
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails AWS API Documentation
@@ -9142,12 +10002,37 @@ module Aws::SecurityHub
9142
10002
  #
9143
10003
  # @!attribute [rw] add
9144
10004
  # The Linux capabilities for the container that are added to the
9145
- # default configuration provided by Docker.
10005
+ # default configuration provided by Docker. Valid values are as
10006
+ # follows:
10007
+ #
10008
+ # Valid values: `"ALL"` \| `"AUDIT_CONTROL"` \|` "AUDIT_WRITE"` \|
10009
+ # `"BLOCK_SUSPEND"` \| `"CHOWN"` \| `"DAC_OVERRIDE"` \|
10010
+ # `"DAC_READ_SEARCH"` \| `"FOWNER"` \| `"FSETID"` \| `"IPC_LOCK"` \|
10011
+ # `"IPC_OWNER"` \| `"KILL"` \| `"LEASE"` \| `"LINUX_IMMUTABLE"` \|
10012
+ # `"MAC_ADMIN"` \|` "MAC_OVERRIDE"` \| `"MKNOD"` \| `"NET_ADMIN"` \|
10013
+ # `"NET_BIND_SERVICE"` \| `"NET_BROADCAST"` \| `"NET_RAW"` \|
10014
+ # `"SETFCAP"` \| `"SETGID"` \| `"SETPCAP"` \| `"SETUID"` \|
10015
+ # `"SYS_ADMIN"` \| `"SYS_BOOT"` \| `"SYS_CHROOT"` \| `"SYS_MODULE"` \|
10016
+ # `"SYS_NICE"` \| `"SYS_PACCT"` \| `"SYS_PTRACE"` \| `"SYS_RAWIO"` \|
10017
+ # `"SYS_RESOURCE"` \| `"SYS_TIME"` \| `"SYS_TTY_CONFIG"` \| `"SYSLOG"`
10018
+ # \| `"WAKE_ALARM"`
9146
10019
  # @return [Array<String>]
9147
10020
  #
9148
10021
  # @!attribute [rw] drop
9149
10022
  # The Linux capabilities for the container that are dropped from the
9150
10023
  # default configuration provided by Docker.
10024
+ #
10025
+ # Valid values: `"ALL"` \| `"AUDIT_CONTROL"` \|` "AUDIT_WRITE"` \|
10026
+ # `"BLOCK_SUSPEND"` \| `"CHOWN"` \| `"DAC_OVERRIDE"` \|
10027
+ # `"DAC_READ_SEARCH"` \| `"FOWNER"` \| `"FSETID"` \| `"IPC_LOCK"` \|
10028
+ # `"IPC_OWNER"` \| `"KILL"` \| `"LEASE"` \| `"LINUX_IMMUTABLE"` \|
10029
+ # `"MAC_ADMIN"` \|` "MAC_OVERRIDE"` \| `"MKNOD"` \| `"NET_ADMIN"` \|
10030
+ # `"NET_BIND_SERVICE"` \| `"NET_BROADCAST"` \| `"NET_RAW"` \|
10031
+ # `"SETFCAP"` \| `"SETGID"` \| `"SETPCAP"` \| `"SETUID"` \|
10032
+ # `"SYS_ADMIN"` \| `"SYS_BOOT"` \| `"SYS_CHROOT"` \| `"SYS_MODULE"` \|
10033
+ # `"SYS_NICE"` \| `"SYS_PACCT"` \| `"SYS_PTRACE"` \| `"SYS_RAWIO"` \|
10034
+ # `"SYS_RESOURCE"` \| `"SYS_TIME"` \| `"SYS_TTY_CONFIG"` \| `"SYSLOG"`
10035
+ # \| `"WAKE_ALARM"`
9151
10036
  # @return [Array<String>]
9152
10037
  #
9153
10038
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails AWS API Documentation
@@ -9289,6 +10174,16 @@ module Aws::SecurityHub
9289
10174
  #
9290
10175
  # @!attribute [rw] mount_options
9291
10176
  # The list of tmpfs volume mount options.
10177
+ #
10178
+ # Valid values: `"defaults"` \| `"ro"` \| `"rw"` \| `"suid"` \|
10179
+ # `"nosuid"` \| `"dev"` \| `"nodev"` \|` "exec"` \| `"noexec"` \|
10180
+ # `"sync"` \| `"async"` \| `"dirsync"` \| `"remount"` \| `"mand"` \|
10181
+ # `"nomand"` \| `"atime"` \| `"noatime"` \| `"diratime"` \|
10182
+ # `"nodiratime"` \| `"bind"` \| `"rbind"` \| `"unbindable"` \|
10183
+ # `"runbindable"` \| `"private"` \| `"rprivate"` \| `"shared"` \|
10184
+ # `"rshared"` \| `"slave"` \| `"rslave"` \| `"relatime"` \|
10185
+ # `"norelatime"` \| `"strictatime"` \| `"nostrictatime"` \|` "mode"`
10186
+ # \| `"uid"` \| `"gid"` \| `"nr_inodes"` \|` "nr_blocks"` \| `"mpol"`
9292
10187
  # @return [Array<String>]
9293
10188
  #
9294
10189
  # @!attribute [rw] size
@@ -9325,6 +10220,34 @@ module Aws::SecurityHub
9325
10220
  #
9326
10221
  # @!attribute [rw] log_driver
9327
10222
  # The log driver to use for the container.
10223
+ #
10224
+ # Valid values on Fargate are as follows:
10225
+ #
10226
+ # * `awsfirelens`
10227
+ #
10228
+ # * `awslogs`
10229
+ #
10230
+ # * `splunk`
10231
+ #
10232
+ # Valid values on Amazon EC2 are as follows:
10233
+ #
10234
+ # * `awsfirelens`
10235
+ #
10236
+ # * `awslogs`
10237
+ #
10238
+ # * `fluentd`
10239
+ #
10240
+ # * `gelf`
10241
+ #
10242
+ # * `journald`
10243
+ #
10244
+ # * `json-file`
10245
+ #
10246
+ # * `logentries`
10247
+ #
10248
+ # * `splunk`
10249
+ #
10250
+ # * `syslog`
9328
10251
  # @return [String]
9329
10252
  #
9330
10253
  # @!attribute [rw] options
@@ -9480,7 +10403,8 @@ module Aws::SecurityHub
9480
10403
  # }
9481
10404
  #
9482
10405
  # @!attribute [rw] type
9483
- # The type of resource to assign to a container.
10406
+ # The type of resource to assign to a container. Valid values are
10407
+ # `GPU` or `InferenceAccelerator`.
9484
10408
  # @return [String]
9485
10409
  #
9486
10410
  # @!attribute [rw] value
@@ -9574,7 +10498,37 @@ module Aws::SecurityHub
9574
10498
  # @return [Integer]
9575
10499
  #
9576
10500
  # @!attribute [rw] name
9577
- # The type of the ulimit.
10501
+ # The type of the ulimit. Valid values are as follows:
10502
+ #
10503
+ # * `core`
10504
+ #
10505
+ # * `cpu`
10506
+ #
10507
+ # * `data`
10508
+ #
10509
+ # * `fsize`
10510
+ #
10511
+ # * `locks`
10512
+ #
10513
+ # * `memlock`
10514
+ #
10515
+ # * `msgqueue`
10516
+ #
10517
+ # * `nice`
10518
+ #
10519
+ # * `nofile`
10520
+ #
10521
+ # * `nproc`
10522
+ #
10523
+ # * `rss`
10524
+ #
10525
+ # * `rtprio`
10526
+ #
10527
+ # * `rttime`
10528
+ #
10529
+ # * `sigpending`
10530
+ #
10531
+ # * `stack`
9578
10532
  # @return [String]
9579
10533
  #
9580
10534
  # @!attribute [rw] soft_limit
@@ -9845,7 +10799,18 @@ module Aws::SecurityHub
9845
10799
  # @return [Array<Types::AwsEcsTaskDefinitionContainerDefinitionsDetails>]
9846
10800
  #
9847
10801
  # @!attribute [rw] cpu
9848
- # The number of CPU units used by the task.
10802
+ # The number of CPU units used by the task.Valid values are as
10803
+ # follows:
10804
+ #
10805
+ # * `256 (.25 vCPU)`
10806
+ #
10807
+ # * `512 (.5 vCPU)`
10808
+ #
10809
+ # * `1024 (1 vCPU)`
10810
+ #
10811
+ # * `2048 (2 vCPU)`
10812
+ #
10813
+ # * `4096 (4 vCPU)`
9849
10814
  # @return [String]
9850
10815
  #
9851
10816
  # @!attribute [rw] execution_role_arn
@@ -9863,19 +10828,47 @@ module Aws::SecurityHub
9863
10828
  # @return [Array<Types::AwsEcsTaskDefinitionInferenceAcceleratorsDetails>]
9864
10829
  #
9865
10830
  # @!attribute [rw] ipc_mode
9866
- # The IPC resource namespace to use for the containers in the task.
10831
+ # The inter-process communication (IPC) resource namespace to use for
10832
+ # the containers in the task. Valid values are as follows:
10833
+ #
10834
+ # * `host`
10835
+ #
10836
+ # * `none`
10837
+ #
10838
+ # * `task`
9867
10839
  # @return [String]
9868
10840
  #
9869
10841
  # @!attribute [rw] memory
9870
10842
  # The amount (in MiB) of memory used by the task.
10843
+ #
10844
+ # For tasks that are hosted on Amazon EC2, you can provide a
10845
+ # task-level memory value or a container-level memory value. For tasks
10846
+ # that are hosted on Fargate, you must use one of the [specified
10847
+ # values][1] in the <i> <i>Amazon Elastic Container Service Developer
10848
+ # Guide</i> </i>, which determines your range of supported values for
10849
+ # the `Cpu` and `Memory` parameters.
10850
+ #
10851
+ #
10852
+ #
10853
+ # [1]: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size
9871
10854
  # @return [String]
9872
10855
  #
9873
10856
  # @!attribute [rw] network_mode
9874
10857
  # The Docker networking mode to use for the containers in the task.
10858
+ # Valid values are as follows:
10859
+ #
10860
+ # * `awsvpc`
10861
+ #
10862
+ # * `bridge`
10863
+ #
10864
+ # * `host`
10865
+ #
10866
+ # * `none`
9875
10867
  # @return [String]
9876
10868
  #
9877
10869
  # @!attribute [rw] pid_mode
9878
- # The process namespace to use for the containers in the task.
10870
+ # The process namespace to use for the containers in the task. Valid
10871
+ # values are `host` or `task`.
9879
10872
  # @return [String]
9880
10873
  #
9881
10874
  # @!attribute [rw] placement_constraints
@@ -10145,6 +11138,7 @@ module Aws::SecurityHub
10145
11138
  # Docker volumes that are scoped to a task are provisioned
10146
11139
  # automatically when the task starts and destroyed when the task
10147
11140
  # stops. Docker volumes that are shared persist after the task stops.
11141
+ # Valid values are `shared` or `task`.
10148
11142
  # @return [String]
10149
11143
  #
10150
11144
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails AWS API Documentation
@@ -10626,7 +11620,19 @@ module Aws::SecurityHub
10626
11620
  # @return [String]
10627
11621
  #
10628
11622
  # @!attribute [rw] cluster_status
10629
- # The status of the cluster.
11623
+ # The status of the cluster. Valid values are as follows:
11624
+ #
11625
+ # * `ACTIVE`
11626
+ #
11627
+ # * `CREATING`
11628
+ #
11629
+ # * `DELETING`
11630
+ #
11631
+ # * `FAILED`
11632
+ #
11633
+ # * `PENDING`
11634
+ #
11635
+ # * `UPDATING`
10630
11636
  # @return [String]
10631
11637
  #
10632
11638
  # @!attribute [rw] endpoint
@@ -10686,7 +11692,17 @@ module Aws::SecurityHub
10686
11692
  # @return [Boolean]
10687
11693
  #
10688
11694
  # @!attribute [rw] types
10689
- # A list of logging types.
11695
+ # A list of logging types. Valid values are as follows:
11696
+ #
11697
+ # * `api`
11698
+ #
11699
+ # * `audit`
11700
+ #
11701
+ # * `authenticator`
11702
+ #
11703
+ # * `controllerManager`
11704
+ #
11705
+ # * `scheduler`
10690
11706
  # @return [Array<String>]
10691
11707
  #
10692
11708
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterLoggingClusterLoggingDetails AWS API Documentation
@@ -10850,7 +11866,24 @@ module Aws::SecurityHub
10850
11866
  # @return [String]
10851
11867
  #
10852
11868
  # @!attribute [rw] status
10853
- # The current operational status of the environment.
11869
+ # The current operational status of the environment. Valid values are
11870
+ # as follows:
11871
+ #
11872
+ # * `Aborting`
11873
+ #
11874
+ # * `Launching`
11875
+ #
11876
+ # * `LinkingFrom`
11877
+ #
11878
+ # * `LinkingTo`
11879
+ #
11880
+ # * `Ready`
11881
+ #
11882
+ # * `Terminated`
11883
+ #
11884
+ # * `Terminating`
11885
+ #
11886
+ # * `Updating`
10854
11887
  # @return [String]
10855
11888
  #
10856
11889
  # @!attribute [rw] tier
@@ -10964,11 +11997,13 @@ module Aws::SecurityHub
10964
11997
  # }
10965
11998
  #
10966
11999
  # @!attribute [rw] name
10967
- # The name of the environment tier.
12000
+ # The name of the environment tier. Valid values are `WebServer` or
12001
+ # `Worker`.
10968
12002
  # @return [String]
10969
12003
  #
10970
12004
  # @!attribute [rw] type
10971
- # The type of environment tier.
12005
+ # The type of environment tier. Valid values are `Standard` or
12006
+ # `SQS/HTTP`.
10972
12007
  # @return [String]
10973
12008
  #
10974
12009
  # @!attribute [rw] version
@@ -11206,9 +12241,17 @@ module Aws::SecurityHub
11206
12241
  #
11207
12242
  # @!attribute [rw] dedicated_master_type
11208
12243
  # The hardware configuration of the computer that hosts the dedicated
11209
- # master node. For example, `m3.medium.elasticsearch`. If this
12244
+ # master node. A sample value is `m3.medium.elasticsearch`. If this
11210
12245
  # attribute is specified, then `DedicatedMasterEnabled` must be
11211
12246
  # `true`.
12247
+ #
12248
+ # For a list of valid values, see [Supported instance types in Amazon
12249
+ # OpenSearch Service][1] in the *Amazon OpenSearch Service Developer
12250
+ # Guide*.
12251
+ #
12252
+ #
12253
+ #
12254
+ # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html
11212
12255
  # @return [String]
11213
12256
  #
11214
12257
  # @!attribute [rw] instance_count
@@ -11218,6 +12261,14 @@ module Aws::SecurityHub
11218
12261
  # @!attribute [rw] instance_type
11219
12262
  # The instance type for your data nodes. For example,
11220
12263
  # `m3.medium.elasticsearch`.
12264
+ #
12265
+ # For a list of valid values, see [Supported instance types in Amazon
12266
+ # OpenSearch Service][1] in the *Amazon OpenSearch Service Developer
12267
+ # Guide*.
12268
+ #
12269
+ #
12270
+ #
12271
+ # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html
11221
12272
  # @return [String]
11222
12273
  #
11223
12274
  # @!attribute [rw] zone_awareness_config
@@ -11432,7 +12483,18 @@ module Aws::SecurityHub
11432
12483
  # @return [Boolean]
11433
12484
  #
11434
12485
  # @!attribute [rw] update_status
11435
- # The status of the service software update.
12486
+ # The status of the service software update. Valid values are as
12487
+ # follows:
12488
+ #
12489
+ # * `COMPLETED`
12490
+ #
12491
+ # * `ELIGIBLE`
12492
+ #
12493
+ # * `IN_PROGRESS`
12494
+ #
12495
+ # * `NOT_ELIGIBLE`
12496
+ #
12497
+ # * `PENDING_UPDATE`
11436
12498
  # @return [String]
11437
12499
  #
11438
12500
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainServiceSoftwareOptions AWS API Documentation
@@ -13378,7 +14440,17 @@ module Aws::SecurityHub
13378
14440
  # @return [String]
13379
14441
  #
13380
14442
  # @!attribute [rw] key_state
13381
- # The state of the KMS key.
14443
+ # The state of the KMS key. Valid values are as follows:
14444
+ #
14445
+ # * `Disabled`
14446
+ #
14447
+ # * `Enabled`
14448
+ #
14449
+ # * `PendingDeletion`
14450
+ #
14451
+ # * `PendingImport`
14452
+ #
14453
+ # * `Unavailable`
13382
14454
  # @return [String]
13383
14455
  #
13384
14456
  # @!attribute [rw] origin
@@ -14281,6 +15353,14 @@ module Aws::SecurityHub
14281
15353
  #
14282
15354
  # @!attribute [rw] instance_type
14283
15355
  # The instance type for your data nodes.
15356
+ #
15357
+ # For a list of valid values, see [Supported instance types in Amazon
15358
+ # OpenSearch Service][1] in the *Amazon OpenSearch Service Developer
15359
+ # Guide*.
15360
+ #
15361
+ #
15362
+ #
15363
+ # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html
14284
15364
  # @return [String]
14285
15365
  #
14286
15366
  # @!attribute [rw] warm_type
@@ -14331,7 +15411,7 @@ module Aws::SecurityHub
14331
15411
  #
14332
15412
  # @!attribute [rw] availability_zone_count
14333
15413
  # The number of Availability Zones that the domain uses. Valid values
14334
- # are 2 and 3. The default is 2.
15414
+ # are `2` or `3`. The default is `2`.
14335
15415
  # @return [Integer]
14336
15416
  #
14337
15417
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails AWS API Documentation
@@ -14756,7 +15836,18 @@ module Aws::SecurityHub
14756
15836
  # @return [Boolean]
14757
15837
  #
14758
15838
  # @!attribute [rw] update_status
14759
- # The status of the service software update.
15839
+ # The status of the service software update. Valid values are as
15840
+ # follows:
15841
+ #
15842
+ # * `COMPLETED`
15843
+ #
15844
+ # * `ELIGIBLE`
15845
+ #
15846
+ # * `IN_PROGRESS`
15847
+ #
15848
+ # * `NOT_ELIGIBLE`
15849
+ #
15850
+ # * `PENDING_UPDATE`
14760
15851
  # @return [String]
14761
15852
  #
14762
15853
  # @!attribute [rw] optional_deployment
@@ -14824,7 +15915,13 @@ module Aws::SecurityHub
14824
15915
  #
14825
15916
  # @!attribute [rw] status
14826
15917
  # The status of the association between the IAM role and the DB
14827
- # cluster.
15918
+ # cluster. Valid values are as follows:
15919
+ #
15920
+ # * `ACTIVE`
15921
+ #
15922
+ # * `INVALID`
15923
+ #
15924
+ # * `PENDING`
14828
15925
  # @return [String]
14829
15926
  #
14830
15927
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterAssociatedRole AWS API Documentation
@@ -14949,7 +16046,14 @@ module Aws::SecurityHub
14949
16046
  # @return [Boolean]
14950
16047
  #
14951
16048
  # @!attribute [rw] engine
14952
- # The name of the database engine to use for this DB cluster.
16049
+ # The name of the database engine to use for this DB cluster. Valid
16050
+ # values are as follows:
16051
+ #
16052
+ # * `aurora`
16053
+ #
16054
+ # * `aurora-mysql`
16055
+ #
16056
+ # * `aurora-postgresql`
14953
16057
  # @return [String]
14954
16058
  #
14955
16059
  # @!attribute [rw] engine_version
@@ -15035,7 +16139,18 @@ module Aws::SecurityHub
15035
16139
  # @return [Array<String>]
15036
16140
  #
15037
16141
  # @!attribute [rw] engine_mode
15038
- # The database engine mode of the DB cluster.
16142
+ # The database engine mode of the DB cluster.Valid values are as
16143
+ # follows:
16144
+ #
16145
+ # * `global`
16146
+ #
16147
+ # * `multimaster`
16148
+ #
16149
+ # * `parallelquery`
16150
+ #
16151
+ # * `provisioned`
16152
+ #
16153
+ # * `serverless`
15039
16154
  # @return [String]
15040
16155
  #
15041
16156
  # @!attribute [rw] deletion_protection
@@ -15048,7 +16163,16 @@ module Aws::SecurityHub
15048
16163
  # @return [Boolean]
15049
16164
  #
15050
16165
  # @!attribute [rw] activity_stream_status
15051
- # The status of the database activity stream.
16166
+ # The status of the database activity stream. Valid values are as
16167
+ # follows:
16168
+ #
16169
+ # * `started`
16170
+ #
16171
+ # * `starting`
16172
+ #
16173
+ # * `stopped`
16174
+ #
16175
+ # * `stopping`
15052
16176
  # @return [String]
15053
16177
  #
15054
16178
  # @!attribute [rw] copy_tags_to_snapshot
@@ -16211,7 +17335,8 @@ module Aws::SecurityHub
16211
17335
  # }
16212
17336
  #
16213
17337
  # @!attribute [rw] name
16214
- # The name of the processor feature.
17338
+ # The name of the processor feature. Valid values are `coreCount` or
17339
+ # `threadsPerCore`.
16215
17340
  # @return [String]
16216
17341
  #
16217
17342
  # @!attribute [rw] value
@@ -16418,7 +17543,36 @@ module Aws::SecurityHub
16418
17543
  # @return [String]
16419
17544
  #
16420
17545
  # @!attribute [rw] engine
16421
- # The name of the database engine to use for this DB instance.
17546
+ # The name of the database engine to use for this DB instance. Valid
17547
+ # values are as follows:
17548
+ #
17549
+ # * `aurora`
17550
+ #
17551
+ # * `aurora-mysql`
17552
+ #
17553
+ # * `aurora-postgresql`
17554
+ #
17555
+ # * `c`
17556
+ #
17557
+ # * `mariadb`
17558
+ #
17559
+ # * `mysql`
17560
+ #
17561
+ # * `oracle-ee`
17562
+ #
17563
+ # * `oracle-se`
17564
+ #
17565
+ # * `oracle-se1`
17566
+ #
17567
+ # * `oracle-se2`
17568
+ #
17569
+ # * `sqlserver-ee`
17570
+ #
17571
+ # * `sqlserver-ex`
17572
+ #
17573
+ # * `sqlserver-se`
17574
+ #
17575
+ # * `sqlserver-web`
16422
17576
  # @return [String]
16423
17577
  #
16424
17578
  # @!attribute [rw] allocated_storage
@@ -16488,7 +17642,14 @@ module Aws::SecurityHub
16488
17642
  # @return [String]
16489
17643
  #
16490
17644
  # @!attribute [rw] storage_type
16491
- # The storage type associated with the DB snapshot.
17645
+ # The storage type associated with the DB snapshot. Valid values are
17646
+ # as follows:
17647
+ #
17648
+ # * `gp2`
17649
+ #
17650
+ # * `io1`
17651
+ #
17652
+ # * `standard`
16492
17653
  # @return [String]
16493
17654
  #
16494
17655
  # @!attribute [rw] tde_credential_arn
@@ -18277,7 +19438,8 @@ module Aws::SecurityHub
18277
19438
  # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails]
18278
19439
  #
18279
19440
  # @!attribute [rw] type
18280
- # Whether to use `AND` or `OR` to join the operands.
19441
+ # Whether to use `AND` or `OR` to join the operands. Valid values are
19442
+ # `LifecycleAndOperator` or `LifecycleOrOperator`.
18281
19443
  # @return [String]
18282
19444
  #
18283
19445
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails AWS API Documentation
@@ -18314,7 +19476,8 @@ module Aws::SecurityHub
18314
19476
  # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails]
18315
19477
  #
18316
19478
  # @!attribute [rw] type
18317
- # The type of filter value.
19479
+ # The type of filter value. Valid values are
19480
+ # `LifecyclePrefixPredicate` or `LifecycleTagPredicate`.
18318
19481
  # @return [String]
18319
19482
  #
18320
19483
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails AWS API Documentation
@@ -18442,7 +19605,18 @@ module Aws::SecurityHub
18442
19605
  # @return [Integer]
18443
19606
  #
18444
19607
  # @!attribute [rw] storage_class
18445
- # The storage class to transition the object to.
19608
+ # The storage class to transition the object to. Valid values are as
19609
+ # follows:
19610
+ #
19611
+ # * `DEEP_ARCHIVE`
19612
+ #
19613
+ # * `GLACIER`
19614
+ #
19615
+ # * `INTELLIGENT_TIERING`
19616
+ #
19617
+ # * `ONEZONE_IA`
19618
+ #
19619
+ # * `STANDARD_IA`
18446
19620
  # @return [String]
18447
19621
  #
18448
19622
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails AWS API Documentation
@@ -18472,7 +19646,8 @@ module Aws::SecurityHub
18472
19646
  # @return [Boolean]
18473
19647
  #
18474
19648
  # @!attribute [rw] status
18475
- # The versioning status of the S3 bucket.
19649
+ # The versioning status of the S3 bucket. Valid values are `Enabled`
19650
+ # or `Suspended`.
18476
19651
  # @return [String]
18477
19652
  #
18478
19653
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketVersioningConfiguration AWS API Documentation
@@ -18790,7 +19965,14 @@ module Aws::SecurityHub
18790
19965
  #
18791
19966
  # @!attribute [rw] type
18792
19967
  # Indicates the type of notification. Notifications can be generated
18793
- # using Lambda functions, Amazon SQS queues or Amazon SNS topics.
19968
+ # using Lambda functions, Amazon SQS queues, or Amazon SNS topics,
19969
+ # with corresponding valid values as follows:
19970
+ #
19971
+ # * `LambdaConfiguration`
19972
+ #
19973
+ # * `QueueConfiguration`
19974
+ #
19975
+ # * `TopicConfiguration`
18794
19976
  # @return [String]
18795
19977
  #
18796
19978
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationDetail AWS API Documentation
@@ -18900,6 +20082,7 @@ module Aws::SecurityHub
18900
20082
  #
18901
20083
  # @!attribute [rw] sse_algorithm
18902
20084
  # Server-side encryption algorithm to use for the default encryption.
20085
+ # Valid values are `aws: kms` or `AES256`.
18903
20086
  # @return [String]
18904
20087
  #
18905
20088
  # @!attribute [rw] kms_master_key_id
@@ -19040,8 +20223,9 @@ module Aws::SecurityHub
19040
20223
  # @return [String]
19041
20224
  #
19042
20225
  # @!attribute [rw] protocol
19043
- # The protocol to use when redirecting requests. By default, uses the
19044
- # same protocol as the original request.
20226
+ # The protocol to use when redirecting requests. By default, this
20227
+ # field uses the same protocol as the original request. Valid values
20228
+ # are `http` or `https`.
19045
20229
  # @return [String]
19046
20230
  #
19047
20231
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRedirectTo AWS API Documentation
@@ -19322,10 +20506,9 @@ module Aws::SecurityHub
19322
20506
  include Aws::Structure
19323
20507
  end
19324
20508
 
19325
- # Provides consistent format for the contents of the Security
19326
- # Hub-aggregated findings. `AwsSecurityFinding` format enables you to
19327
- # share findings between Amazon Web Services security services and
19328
- # third-party solutions, and security standards checks.
20509
+ # Provides a consistent format for Security Hub findings.
20510
+ # `AwsSecurityFinding` format allows you to share findings between
20511
+ # Amazon Web Services security services and third-party solutions.
19329
20512
  #
19330
20513
  # <note markdown="1"> A finding is a potential security issue generated either by Amazon Web
19331
20514
  # Services services or by the integrated third-party solutions and
@@ -22369,6 +23552,88 @@ module Aws::SecurityHub
22369
23552
  # },
22370
23553
  # ],
22371
23554
  # },
23555
+ # aws_backup_backup_vault: {
23556
+ # backup_vault_arn: "NonEmptyString",
23557
+ # backup_vault_name: "NonEmptyString",
23558
+ # encryption_key_arn: "NonEmptyString",
23559
+ # notifications: {
23560
+ # backup_vault_events: ["NonEmptyString"],
23561
+ # sns_topic_arn: "NonEmptyString",
23562
+ # },
23563
+ # access_policy: "NonEmptyString",
23564
+ # },
23565
+ # aws_backup_backup_plan: {
23566
+ # backup_plan: {
23567
+ # backup_plan_name: "NonEmptyString",
23568
+ # advanced_backup_settings: [
23569
+ # {
23570
+ # backup_options: {
23571
+ # "NonEmptyString" => "NonEmptyString",
23572
+ # },
23573
+ # resource_type: "NonEmptyString",
23574
+ # },
23575
+ # ],
23576
+ # backup_plan_rule: [
23577
+ # {
23578
+ # target_backup_vault: "NonEmptyString",
23579
+ # start_window_minutes: 1,
23580
+ # schedule_expression: "NonEmptyString",
23581
+ # rule_name: "NonEmptyString",
23582
+ # rule_id: "NonEmptyString",
23583
+ # enable_continuous_backup: false,
23584
+ # completion_window_minutes: 1,
23585
+ # copy_actions: [
23586
+ # {
23587
+ # destination_backup_vault_arn: "NonEmptyString",
23588
+ # lifecycle: {
23589
+ # delete_after_days: 1,
23590
+ # move_to_cold_storage_after_days: 1,
23591
+ # },
23592
+ # },
23593
+ # ],
23594
+ # lifecycle: {
23595
+ # delete_after_days: 1,
23596
+ # move_to_cold_storage_after_days: 1,
23597
+ # },
23598
+ # },
23599
+ # ],
23600
+ # },
23601
+ # backup_plan_arn: "NonEmptyString",
23602
+ # backup_plan_id: "NonEmptyString",
23603
+ # version_id: "NonEmptyString",
23604
+ # },
23605
+ # aws_backup_recovery_point: {
23606
+ # backup_size_in_bytes: 1,
23607
+ # backup_vault_arn: "NonEmptyString",
23608
+ # backup_vault_name: "NonEmptyString",
23609
+ # calculated_lifecycle: {
23610
+ # delete_at: "NonEmptyString",
23611
+ # move_to_cold_storage_at: "NonEmptyString",
23612
+ # },
23613
+ # completion_date: "NonEmptyString",
23614
+ # created_by: {
23615
+ # backup_plan_arn: "NonEmptyString",
23616
+ # backup_plan_id: "NonEmptyString",
23617
+ # backup_plan_version: "NonEmptyString",
23618
+ # backup_rule_id: "NonEmptyString",
23619
+ # },
23620
+ # creation_date: "NonEmptyString",
23621
+ # encryption_key_arn: "NonEmptyString",
23622
+ # iam_role_arn: "NonEmptyString",
23623
+ # is_encrypted: false,
23624
+ # last_restore_time: "NonEmptyString",
23625
+ # lifecycle: {
23626
+ # delete_after_days: 1,
23627
+ # move_to_cold_storage_after_days: 1,
23628
+ # },
23629
+ # recovery_point_arn: "NonEmptyString",
23630
+ # resource_arn: "NonEmptyString",
23631
+ # resource_type: "NonEmptyString",
23632
+ # source_backup_vault_arn: "NonEmptyString",
23633
+ # status: "NonEmptyString",
23634
+ # status_message: "NonEmptyString",
23635
+ # storage_class: "NonEmptyString",
23636
+ # },
22372
23637
  # },
22373
23638
  # },
22374
23639
  # ],
@@ -22411,6 +23676,8 @@ module Aws::SecurityHub
22411
23676
  # architecture: "NonEmptyString",
22412
23677
  # package_manager: "NonEmptyString",
22413
23678
  # file_path: "NonEmptyString",
23679
+ # fixed_in_version: "NonEmptyString",
23680
+ # remediation: "NonEmptyString",
22414
23681
  # },
22415
23682
  # ],
22416
23683
  # cvss: [
@@ -22436,6 +23703,7 @@ module Aws::SecurityHub
22436
23703
  # vendor_updated_at: "NonEmptyString",
22437
23704
  # },
22438
23705
  # reference_urls: ["NonEmptyString"],
23706
+ # fix_available: "YES", # accepts YES, NO, PARTIAL
22439
23707
  # },
22440
23708
  # ],
22441
23709
  # patch_summary: {
@@ -24347,9 +25615,7 @@ module Aws::SecurityHub
24347
25615
  # }
24348
25616
  #
24349
25617
  # @!attribute [rw] status
24350
- # The current patch compliance status.
24351
- #
24352
- # The possible status values are:
25618
+ # The current patch compliance status. Valid values are as follows:
24353
25619
  #
24354
25620
  # * `COMPLIANT`
24355
25621
  #
@@ -24423,7 +25689,19 @@ module Aws::SecurityHub
24423
25689
  # @return [String]
24424
25690
  #
24425
25691
  # @!attribute [rw] overall_severity
24426
- # The highest severity for the patches.
25692
+ # The highest severity for the patches. Valid values are as follows:
25693
+ #
25694
+ # * `CRITICAL`
25695
+ #
25696
+ # * `HIGH`
25697
+ #
25698
+ # * `MEDIUM`
25699
+ #
25700
+ # * `LOW`
25701
+ #
25702
+ # * `INFORMATIONAL`
25703
+ #
25704
+ # * `UNSPECIFIED`
24427
25705
  # @return [String]
24428
25706
  #
24429
25707
  # @!attribute [rw] non_compliant_medium_count
@@ -24640,7 +25918,21 @@ module Aws::SecurityHub
24640
25918
  # @return [Boolean]
24641
25919
  #
24642
25920
  # @!attribute [rw] type
24643
- # The type of predicate.
25921
+ # The type of predicate. Valid values are as follows:
25922
+ #
25923
+ # * `ByteMatch`
25924
+ #
25925
+ # * `GeoMatch`
25926
+ #
25927
+ # * `IPMatch`
25928
+ #
25929
+ # * `RegexMatch`
25930
+ #
25931
+ # * `SizeConstraint`
25932
+ #
25933
+ # * `SqlInjectionMatch`
25934
+ #
25935
+ # * `XssMatch`
24644
25936
  # @return [String]
24645
25937
  #
24646
25938
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRateBasedRuleMatchPredicate AWS API Documentation
@@ -24744,7 +26036,21 @@ module Aws::SecurityHub
24744
26036
  # @return [Boolean]
24745
26037
  #
24746
26038
  # @!attribute [rw] type
24747
- # The type of predicate.
26039
+ # The type of predicate. Valid values are as follows:
26040
+ #
26041
+ # * `ByteMatch`
26042
+ #
26043
+ # * `GeoMatch`
26044
+ #
26045
+ # * `IPMatch`
26046
+ #
26047
+ # * `RegexMatch`
26048
+ #
26049
+ # * `SizeConstraint`
26050
+ #
26051
+ # * `SqlInjectionMatch`
26052
+ #
26053
+ # * `XssMatch`
24748
26054
  # @return [String]
24749
26055
  #
24750
26056
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRateBasedRuleMatchPredicate AWS API Documentation
@@ -25492,13 +26798,16 @@ module Aws::SecurityHub
25492
26798
  # @return [String]
25493
26799
  #
25494
26800
  # @!attribute [rw] status
25495
- # The current status of the encryption configuration. When `Status` is
25496
- # `UPDATING`, X-Ray might use both the old and new encryption.
26801
+ # The current status of the encryption configuration. Valid values are
26802
+ # `ACTIVE` or `UPDATING`.
26803
+ #
26804
+ # When `Status` is equal to `UPDATING`, X-Ray might use both the old
26805
+ # and new encryption.
25497
26806
  # @return [String]
25498
26807
  #
25499
26808
  # @!attribute [rw] type
25500
26809
  # The type of encryption. `KMS` indicates that the encryption uses KMS
25501
- # keys. `NONE` indicates to use the default encryption.
26810
+ # keys. `NONE` indicates the default encryption.
25502
26811
  # @return [String]
25503
26812
  #
25504
26813
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsXrayEncryptionConfigDetails AWS API Documentation
@@ -28618,6 +29927,88 @@ module Aws::SecurityHub
28618
29927
  # },
28619
29928
  # ],
28620
29929
  # },
29930
+ # aws_backup_backup_vault: {
29931
+ # backup_vault_arn: "NonEmptyString",
29932
+ # backup_vault_name: "NonEmptyString",
29933
+ # encryption_key_arn: "NonEmptyString",
29934
+ # notifications: {
29935
+ # backup_vault_events: ["NonEmptyString"],
29936
+ # sns_topic_arn: "NonEmptyString",
29937
+ # },
29938
+ # access_policy: "NonEmptyString",
29939
+ # },
29940
+ # aws_backup_backup_plan: {
29941
+ # backup_plan: {
29942
+ # backup_plan_name: "NonEmptyString",
29943
+ # advanced_backup_settings: [
29944
+ # {
29945
+ # backup_options: {
29946
+ # "NonEmptyString" => "NonEmptyString",
29947
+ # },
29948
+ # resource_type: "NonEmptyString",
29949
+ # },
29950
+ # ],
29951
+ # backup_plan_rule: [
29952
+ # {
29953
+ # target_backup_vault: "NonEmptyString",
29954
+ # start_window_minutes: 1,
29955
+ # schedule_expression: "NonEmptyString",
29956
+ # rule_name: "NonEmptyString",
29957
+ # rule_id: "NonEmptyString",
29958
+ # enable_continuous_backup: false,
29959
+ # completion_window_minutes: 1,
29960
+ # copy_actions: [
29961
+ # {
29962
+ # destination_backup_vault_arn: "NonEmptyString",
29963
+ # lifecycle: {
29964
+ # delete_after_days: 1,
29965
+ # move_to_cold_storage_after_days: 1,
29966
+ # },
29967
+ # },
29968
+ # ],
29969
+ # lifecycle: {
29970
+ # delete_after_days: 1,
29971
+ # move_to_cold_storage_after_days: 1,
29972
+ # },
29973
+ # },
29974
+ # ],
29975
+ # },
29976
+ # backup_plan_arn: "NonEmptyString",
29977
+ # backup_plan_id: "NonEmptyString",
29978
+ # version_id: "NonEmptyString",
29979
+ # },
29980
+ # aws_backup_recovery_point: {
29981
+ # backup_size_in_bytes: 1,
29982
+ # backup_vault_arn: "NonEmptyString",
29983
+ # backup_vault_name: "NonEmptyString",
29984
+ # calculated_lifecycle: {
29985
+ # delete_at: "NonEmptyString",
29986
+ # move_to_cold_storage_at: "NonEmptyString",
29987
+ # },
29988
+ # completion_date: "NonEmptyString",
29989
+ # created_by: {
29990
+ # backup_plan_arn: "NonEmptyString",
29991
+ # backup_plan_id: "NonEmptyString",
29992
+ # backup_plan_version: "NonEmptyString",
29993
+ # backup_rule_id: "NonEmptyString",
29994
+ # },
29995
+ # creation_date: "NonEmptyString",
29996
+ # encryption_key_arn: "NonEmptyString",
29997
+ # iam_role_arn: "NonEmptyString",
29998
+ # is_encrypted: false,
29999
+ # last_restore_time: "NonEmptyString",
30000
+ # lifecycle: {
30001
+ # delete_after_days: 1,
30002
+ # move_to_cold_storage_after_days: 1,
30003
+ # },
30004
+ # recovery_point_arn: "NonEmptyString",
30005
+ # resource_arn: "NonEmptyString",
30006
+ # resource_type: "NonEmptyString",
30007
+ # source_backup_vault_arn: "NonEmptyString",
30008
+ # status: "NonEmptyString",
30009
+ # status_message: "NonEmptyString",
30010
+ # storage_class: "NonEmptyString",
30011
+ # },
28621
30012
  # },
28622
30013
  # },
28623
30014
  # ],
@@ -28660,6 +30051,8 @@ module Aws::SecurityHub
28660
30051
  # architecture: "NonEmptyString",
28661
30052
  # package_manager: "NonEmptyString",
28662
30053
  # file_path: "NonEmptyString",
30054
+ # fixed_in_version: "NonEmptyString",
30055
+ # remediation: "NonEmptyString",
28663
30056
  # },
28664
30057
  # ],
28665
30058
  # cvss: [
@@ -28685,6 +30078,7 @@ module Aws::SecurityHub
28685
30078
  # vendor_updated_at: "NonEmptyString",
28686
30079
  # },
28687
30080
  # reference_urls: ["NonEmptyString"],
30081
+ # fix_available: "YES", # accepts YES, NO, PARTIAL
28688
30082
  # },
28689
30083
  # ],
28690
30084
  # patch_summary: {
@@ -29032,28 +30426,32 @@ module Aws::SecurityHub
29032
30426
  # @!attribute [rw] error_code
29033
30427
  # The code associated with the error. Possible values are:
29034
30428
  #
29035
- # * `ConcurrentUpdateError` - Another process or request attempted to
29036
- # update the finding while this request was being processed
30429
+ # * `ConcurrentUpdateError` - Another request attempted to update the
30430
+ # finding while this request was being processed. This error may
30431
+ # also occur if you call [ `BatchUpdateFindings` ][1] and [
30432
+ # `BatchImportFindings` ][2] at the same time.
29037
30433
  #
29038
30434
  # * `DuplicatedFindingIdentifier` - The request included two or more
29039
- # findings with the same `FindingIdentifier`
30435
+ # findings with the same `FindingIdentifier`.
29040
30436
  #
29041
30437
  # * `FindingNotFound` - The `FindingIdentifier` included in the
29042
- # request did not match an existing finding
30438
+ # request did not match an existing finding.
29043
30439
  #
29044
30440
  # * `FindingSizeExceeded` - The finding size was greater than the
29045
- # permissible value of 240 KB
30441
+ # permissible value of 240 KB.
29046
30442
  #
29047
30443
  # * `InternalFailure` - An internal service failure occurred when
29048
- # updating the finding
30444
+ # updating the finding.
29049
30445
  #
29050
30446
  # * `InvalidInput` - The finding update contained an invalid value
29051
30447
  # that did not satisfy the [Amazon Web Services Security Finding
29052
- # Format][1] syntax
30448
+ # Format][3] syntax.
29053
30449
  #
29054
30450
  #
29055
30451
  #
29056
- # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
30452
+ # [1]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html
30453
+ # [2]: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html
30454
+ # [3]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html
29057
30455
  # @return [String]
29058
30456
  #
29059
30457
  # @!attribute [rw] error_message
@@ -33207,7 +34605,20 @@ module Aws::SecurityHub
33207
34605
  # @return [String]
33208
34606
  #
33209
34607
  # @!attribute [rw] cidr_block_state
33210
- # Information about the state of the CIDR block.
34608
+ # Information about the state of the CIDR block. Valid values are as
34609
+ # follows:
34610
+ #
34611
+ # * `associating`
34612
+ #
34613
+ # * `associated`
34614
+ #
34615
+ # * `disassociating`
34616
+ #
34617
+ # * `disassociated`
34618
+ #
34619
+ # * `failed`
34620
+ #
34621
+ # * `failing`
33211
34622
  # @return [String]
33212
34623
  #
33213
34624
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Ipv6CidrBlockAssociation AWS API Documentation
@@ -37793,6 +39204,88 @@ module Aws::SecurityHub
37793
39204
  # },
37794
39205
  # ],
37795
39206
  # },
39207
+ # aws_backup_backup_vault: {
39208
+ # backup_vault_arn: "NonEmptyString",
39209
+ # backup_vault_name: "NonEmptyString",
39210
+ # encryption_key_arn: "NonEmptyString",
39211
+ # notifications: {
39212
+ # backup_vault_events: ["NonEmptyString"],
39213
+ # sns_topic_arn: "NonEmptyString",
39214
+ # },
39215
+ # access_policy: "NonEmptyString",
39216
+ # },
39217
+ # aws_backup_backup_plan: {
39218
+ # backup_plan: {
39219
+ # backup_plan_name: "NonEmptyString",
39220
+ # advanced_backup_settings: [
39221
+ # {
39222
+ # backup_options: {
39223
+ # "NonEmptyString" => "NonEmptyString",
39224
+ # },
39225
+ # resource_type: "NonEmptyString",
39226
+ # },
39227
+ # ],
39228
+ # backup_plan_rule: [
39229
+ # {
39230
+ # target_backup_vault: "NonEmptyString",
39231
+ # start_window_minutes: 1,
39232
+ # schedule_expression: "NonEmptyString",
39233
+ # rule_name: "NonEmptyString",
39234
+ # rule_id: "NonEmptyString",
39235
+ # enable_continuous_backup: false,
39236
+ # completion_window_minutes: 1,
39237
+ # copy_actions: [
39238
+ # {
39239
+ # destination_backup_vault_arn: "NonEmptyString",
39240
+ # lifecycle: {
39241
+ # delete_after_days: 1,
39242
+ # move_to_cold_storage_after_days: 1,
39243
+ # },
39244
+ # },
39245
+ # ],
39246
+ # lifecycle: {
39247
+ # delete_after_days: 1,
39248
+ # move_to_cold_storage_after_days: 1,
39249
+ # },
39250
+ # },
39251
+ # ],
39252
+ # },
39253
+ # backup_plan_arn: "NonEmptyString",
39254
+ # backup_plan_id: "NonEmptyString",
39255
+ # version_id: "NonEmptyString",
39256
+ # },
39257
+ # aws_backup_recovery_point: {
39258
+ # backup_size_in_bytes: 1,
39259
+ # backup_vault_arn: "NonEmptyString",
39260
+ # backup_vault_name: "NonEmptyString",
39261
+ # calculated_lifecycle: {
39262
+ # delete_at: "NonEmptyString",
39263
+ # move_to_cold_storage_at: "NonEmptyString",
39264
+ # },
39265
+ # completion_date: "NonEmptyString",
39266
+ # created_by: {
39267
+ # backup_plan_arn: "NonEmptyString",
39268
+ # backup_plan_id: "NonEmptyString",
39269
+ # backup_plan_version: "NonEmptyString",
39270
+ # backup_rule_id: "NonEmptyString",
39271
+ # },
39272
+ # creation_date: "NonEmptyString",
39273
+ # encryption_key_arn: "NonEmptyString",
39274
+ # iam_role_arn: "NonEmptyString",
39275
+ # is_encrypted: false,
39276
+ # last_restore_time: "NonEmptyString",
39277
+ # lifecycle: {
39278
+ # delete_after_days: 1,
39279
+ # move_to_cold_storage_after_days: 1,
39280
+ # },
39281
+ # recovery_point_arn: "NonEmptyString",
39282
+ # resource_arn: "NonEmptyString",
39283
+ # resource_type: "NonEmptyString",
39284
+ # source_backup_vault_arn: "NonEmptyString",
39285
+ # status: "NonEmptyString",
39286
+ # status_message: "NonEmptyString",
39287
+ # storage_class: "NonEmptyString",
39288
+ # },
37796
39289
  # },
37797
39290
  # }
37798
39291
  #
@@ -40644,6 +42137,88 @@ module Aws::SecurityHub
40644
42137
  # },
40645
42138
  # ],
40646
42139
  # },
42140
+ # aws_backup_backup_vault: {
42141
+ # backup_vault_arn: "NonEmptyString",
42142
+ # backup_vault_name: "NonEmptyString",
42143
+ # encryption_key_arn: "NonEmptyString",
42144
+ # notifications: {
42145
+ # backup_vault_events: ["NonEmptyString"],
42146
+ # sns_topic_arn: "NonEmptyString",
42147
+ # },
42148
+ # access_policy: "NonEmptyString",
42149
+ # },
42150
+ # aws_backup_backup_plan: {
42151
+ # backup_plan: {
42152
+ # backup_plan_name: "NonEmptyString",
42153
+ # advanced_backup_settings: [
42154
+ # {
42155
+ # backup_options: {
42156
+ # "NonEmptyString" => "NonEmptyString",
42157
+ # },
42158
+ # resource_type: "NonEmptyString",
42159
+ # },
42160
+ # ],
42161
+ # backup_plan_rule: [
42162
+ # {
42163
+ # target_backup_vault: "NonEmptyString",
42164
+ # start_window_minutes: 1,
42165
+ # schedule_expression: "NonEmptyString",
42166
+ # rule_name: "NonEmptyString",
42167
+ # rule_id: "NonEmptyString",
42168
+ # enable_continuous_backup: false,
42169
+ # completion_window_minutes: 1,
42170
+ # copy_actions: [
42171
+ # {
42172
+ # destination_backup_vault_arn: "NonEmptyString",
42173
+ # lifecycle: {
42174
+ # delete_after_days: 1,
42175
+ # move_to_cold_storage_after_days: 1,
42176
+ # },
42177
+ # },
42178
+ # ],
42179
+ # lifecycle: {
42180
+ # delete_after_days: 1,
42181
+ # move_to_cold_storage_after_days: 1,
42182
+ # },
42183
+ # },
42184
+ # ],
42185
+ # },
42186
+ # backup_plan_arn: "NonEmptyString",
42187
+ # backup_plan_id: "NonEmptyString",
42188
+ # version_id: "NonEmptyString",
42189
+ # },
42190
+ # aws_backup_recovery_point: {
42191
+ # backup_size_in_bytes: 1,
42192
+ # backup_vault_arn: "NonEmptyString",
42193
+ # backup_vault_name: "NonEmptyString",
42194
+ # calculated_lifecycle: {
42195
+ # delete_at: "NonEmptyString",
42196
+ # move_to_cold_storage_at: "NonEmptyString",
42197
+ # },
42198
+ # completion_date: "NonEmptyString",
42199
+ # created_by: {
42200
+ # backup_plan_arn: "NonEmptyString",
42201
+ # backup_plan_id: "NonEmptyString",
42202
+ # backup_plan_version: "NonEmptyString",
42203
+ # backup_rule_id: "NonEmptyString",
42204
+ # },
42205
+ # creation_date: "NonEmptyString",
42206
+ # encryption_key_arn: "NonEmptyString",
42207
+ # iam_role_arn: "NonEmptyString",
42208
+ # is_encrypted: false,
42209
+ # last_restore_time: "NonEmptyString",
42210
+ # lifecycle: {
42211
+ # delete_after_days: 1,
42212
+ # move_to_cold_storage_after_days: 1,
42213
+ # },
42214
+ # recovery_point_arn: "NonEmptyString",
42215
+ # resource_arn: "NonEmptyString",
42216
+ # resource_type: "NonEmptyString",
42217
+ # source_backup_vault_arn: "NonEmptyString",
42218
+ # status: "NonEmptyString",
42219
+ # status_message: "NonEmptyString",
42220
+ # storage_class: "NonEmptyString",
42221
+ # },
40647
42222
  # }
40648
42223
  #
40649
42224
  # @!attribute [rw] aws_auto_scaling_auto_scaling_group
@@ -40976,6 +42551,18 @@ module Aws::SecurityHub
40976
42551
  # Details about a task in a cluster.
40977
42552
  # @return [Types::AwsEcsTaskDetails]
40978
42553
  #
42554
+ # @!attribute [rw] aws_backup_backup_vault
42555
+ # Provides details about an Backup backup vault.
42556
+ # @return [Types::AwsBackupBackupVaultDetails]
42557
+ #
42558
+ # @!attribute [rw] aws_backup_backup_plan
42559
+ # Provides details about an Backup backup plan.
42560
+ # @return [Types::AwsBackupBackupPlanDetails]
42561
+ #
42562
+ # @!attribute [rw] aws_backup_recovery_point
42563
+ # Provides details about an Backup backup, or recovery point.
42564
+ # @return [Types::AwsBackupRecoveryPointDetails]
42565
+ #
40979
42566
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
40980
42567
  #
40981
42568
  class ResourceDetails < Struct.new(
@@ -41054,7 +42641,10 @@ module Aws::SecurityHub
41054
42641
  :aws_waf_regional_web_acl,
41055
42642
  :aws_waf_rule,
41056
42643
  :aws_waf_rule_group,
41057
- :aws_ecs_task)
42644
+ :aws_ecs_task,
42645
+ :aws_backup_backup_vault,
42646
+ :aws_backup_backup_plan,
42647
+ :aws_backup_recovery_point)
41058
42648
  SENSITIVE = []
41059
42649
  include Aws::Structure
41060
42650
  end
@@ -42354,6 +43944,8 @@ module Aws::SecurityHub
42354
43944
  # architecture: "NonEmptyString",
42355
43945
  # package_manager: "NonEmptyString",
42356
43946
  # file_path: "NonEmptyString",
43947
+ # fixed_in_version: "NonEmptyString",
43948
+ # remediation: "NonEmptyString",
42357
43949
  # }
42358
43950
  #
42359
43951
  # @!attribute [rw] name
@@ -42384,6 +43976,16 @@ module Aws::SecurityHub
42384
43976
  # The file system path to the package manager inventory file.
42385
43977
  # @return [String]
42386
43978
  #
43979
+ # @!attribute [rw] fixed_in_version
43980
+ # The version of the software package in which the vulnerability has
43981
+ # been resolved.
43982
+ # @return [String]
43983
+ #
43984
+ # @!attribute [rw] remediation
43985
+ # Describes the actions a customer can take to resolve the
43986
+ # vulnerability in the software package.
43987
+ # @return [String]
43988
+ #
42387
43989
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SoftwarePackage AWS API Documentation
42388
43990
  #
42389
43991
  class SoftwarePackage < Struct.new(
@@ -42393,7 +43995,9 @@ module Aws::SecurityHub
42393
43995
  :release,
42394
43996
  :architecture,
42395
43997
  :package_manager,
42396
- :file_path)
43998
+ :file_path,
43999
+ :fixed_in_version,
44000
+ :remediation)
42397
44001
  SENSITIVE = []
42398
44002
  include Aws::Structure
42399
44003
  end
@@ -44682,6 +46286,8 @@ module Aws::SecurityHub
44682
46286
  # architecture: "NonEmptyString",
44683
46287
  # package_manager: "NonEmptyString",
44684
46288
  # file_path: "NonEmptyString",
46289
+ # fixed_in_version: "NonEmptyString",
46290
+ # remediation: "NonEmptyString",
44685
46291
  # },
44686
46292
  # ],
44687
46293
  # cvss: [
@@ -44707,6 +46313,7 @@ module Aws::SecurityHub
44707
46313
  # vendor_updated_at: "NonEmptyString",
44708
46314
  # },
44709
46315
  # reference_urls: ["NonEmptyString"],
46316
+ # fix_available: "YES", # accepts YES, NO, PARTIAL
44710
46317
  # }
44711
46318
  #
44712
46319
  # @!attribute [rw] id
@@ -44735,6 +46342,22 @@ module Aws::SecurityHub
44735
46342
  # vulnerability.
44736
46343
  # @return [Array<String>]
44737
46344
  #
46345
+ # @!attribute [rw] fix_available
46346
+ # Specifies if all vulnerable packages in a finding have a value for
46347
+ # `FixedInVersion` and `Remediation`. This field is evaluated for each
46348
+ # vulnerability `Id` based on the number of vulnerable packages that
46349
+ # have a value for both `FixedInVersion` and `Remediation`. Valid
46350
+ # values are as follows:
46351
+ #
46352
+ # * `YES` if all vulnerable packages have a value for both
46353
+ # `FixedInVersion` and `Remediation`
46354
+ #
46355
+ # * `NO` if no vulnerable packages have a value for `FixedInVersion`
46356
+ # and `Remediation`
46357
+ #
46358
+ # * `PARTIAL` otherwise
46359
+ # @return [String]
46360
+ #
44738
46361
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Vulnerability AWS API Documentation
44739
46362
  #
44740
46363
  class Vulnerability < Struct.new(
@@ -44743,7 +46366,8 @@ module Aws::SecurityHub
44743
46366
  :cvss,
44744
46367
  :related_vulnerabilities,
44745
46368
  :vendor,
44746
- :reference_urls)
46369
+ :reference_urls,
46370
+ :fix_available)
44747
46371
  SENSITIVE = []
44748
46372
  include Aws::Structure
44749
46373
  end