aws-sdk-securityhub 1.81.0 → 1.82.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +127 -3
- data/lib/aws-sdk-securityhub/client_api.rb +223 -0
- data/lib/aws-sdk-securityhub/types.rb +1011 -7
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -411,6 +411,319 @@ module Aws::SecurityHub
|
|
411
411
|
include Aws::Structure
|
412
412
|
end
|
413
413
|
|
414
|
+
# Provides details about an Amazon MQ message broker. A message broker
|
415
|
+
# allows software applications and components to communicate using
|
416
|
+
# various programming languages, operating systems, and formal messaging
|
417
|
+
# protocols.
|
418
|
+
#
|
419
|
+
# @!attribute [rw] authentication_strategy
|
420
|
+
# The authentication strategy used to secure the broker. The default
|
421
|
+
# is `SIMPLE`.
|
422
|
+
# @return [String]
|
423
|
+
#
|
424
|
+
# @!attribute [rw] auto_minor_version_upgrade
|
425
|
+
# Whether automatically upgrade new minor versions for brokers, as new
|
426
|
+
# versions are released and supported by Amazon MQ. Automatic upgrades
|
427
|
+
# occur during the scheduled maintenance window of the broker or after
|
428
|
+
# a manual broker reboot.
|
429
|
+
# @return [Boolean]
|
430
|
+
#
|
431
|
+
# @!attribute [rw] broker_arn
|
432
|
+
# The Amazon Resource Name (ARN) of the broker.
|
433
|
+
# @return [String]
|
434
|
+
#
|
435
|
+
# @!attribute [rw] broker_name
|
436
|
+
# The broker's name.
|
437
|
+
# @return [String]
|
438
|
+
#
|
439
|
+
# @!attribute [rw] deployment_mode
|
440
|
+
# The broker's deployment mode.
|
441
|
+
# @return [String]
|
442
|
+
#
|
443
|
+
# @!attribute [rw] encryption_options
|
444
|
+
# Encryption options for the broker. Doesn’t apply to RabbitMQ
|
445
|
+
# brokers.
|
446
|
+
# @return [Types::AwsAmazonMqBrokerEncryptionOptionsDetails]
|
447
|
+
#
|
448
|
+
# @!attribute [rw] engine_type
|
449
|
+
# The type of broker engine.
|
450
|
+
# @return [String]
|
451
|
+
#
|
452
|
+
# @!attribute [rw] engine_version
|
453
|
+
# The version of the broker engine.
|
454
|
+
# @return [String]
|
455
|
+
#
|
456
|
+
# @!attribute [rw] host_instance_type
|
457
|
+
# The broker's instance type.
|
458
|
+
# @return [String]
|
459
|
+
#
|
460
|
+
# @!attribute [rw] broker_id
|
461
|
+
# The unique ID that Amazon MQ generates for the broker.
|
462
|
+
# @return [String]
|
463
|
+
#
|
464
|
+
# @!attribute [rw] ldap_server_metadata
|
465
|
+
# The metadata of the Lightweight Directory Access Protocol (LDAP)
|
466
|
+
# server used to authenticate and authorize connections to the broker.
|
467
|
+
# This is an optional failover server.
|
468
|
+
# @return [Types::AwsAmazonMqBrokerLdapServerMetadataDetails]
|
469
|
+
#
|
470
|
+
# @!attribute [rw] logs
|
471
|
+
# Turns on Amazon CloudWatch logging for brokers.
|
472
|
+
# @return [Types::AwsAmazonMqBrokerLogsDetails]
|
473
|
+
#
|
474
|
+
# @!attribute [rw] maintenance_window_start_time
|
475
|
+
# The scheduled time period (UTC) during which Amazon MQ begins to
|
476
|
+
# apply pending updates or patches to the broker.
|
477
|
+
# @return [Types::AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails]
|
478
|
+
#
|
479
|
+
# @!attribute [rw] publicly_accessible
|
480
|
+
# Permits connections from applications outside of the VPC that hosts
|
481
|
+
# the broker's subnets.
|
482
|
+
# @return [Boolean]
|
483
|
+
#
|
484
|
+
# @!attribute [rw] security_groups
|
485
|
+
# The list of rules (one minimum, 125 maximum) that authorize
|
486
|
+
# connections to brokers.
|
487
|
+
# @return [Array<String>]
|
488
|
+
#
|
489
|
+
# @!attribute [rw] storage_type
|
490
|
+
# The broker's storage type.
|
491
|
+
# @return [String]
|
492
|
+
#
|
493
|
+
# @!attribute [rw] subnet_ids
|
494
|
+
# The list of groups that define which subnets and IP ranges the
|
495
|
+
# broker can use from different Availability Zones.
|
496
|
+
# @return [Array<String>]
|
497
|
+
#
|
498
|
+
# @!attribute [rw] users
|
499
|
+
# The list of all broker usernames for the specified broker. Doesn't
|
500
|
+
# apply to RabbitMQ brokers.
|
501
|
+
# @return [Array<Types::AwsAmazonMqBrokerUsersDetails>]
|
502
|
+
#
|
503
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerDetails AWS API Documentation
|
504
|
+
#
|
505
|
+
class AwsAmazonMqBrokerDetails < Struct.new(
|
506
|
+
:authentication_strategy,
|
507
|
+
:auto_minor_version_upgrade,
|
508
|
+
:broker_arn,
|
509
|
+
:broker_name,
|
510
|
+
:deployment_mode,
|
511
|
+
:encryption_options,
|
512
|
+
:engine_type,
|
513
|
+
:engine_version,
|
514
|
+
:host_instance_type,
|
515
|
+
:broker_id,
|
516
|
+
:ldap_server_metadata,
|
517
|
+
:logs,
|
518
|
+
:maintenance_window_start_time,
|
519
|
+
:publicly_accessible,
|
520
|
+
:security_groups,
|
521
|
+
:storage_type,
|
522
|
+
:subnet_ids,
|
523
|
+
:users)
|
524
|
+
SENSITIVE = []
|
525
|
+
include Aws::Structure
|
526
|
+
end
|
527
|
+
|
528
|
+
# Provides details about broker encryption options.
|
529
|
+
#
|
530
|
+
# @!attribute [rw] kms_key_id
|
531
|
+
# The KMS key that’s used to encrypt your data at rest. If not
|
532
|
+
# provided, Amazon MQ will use a default KMS key to encrypt your data.
|
533
|
+
# @return [String]
|
534
|
+
#
|
535
|
+
# @!attribute [rw] use_aws_owned_key
|
536
|
+
# Specifies that an KMS key should be used for at-rest encryption. Set
|
537
|
+
# to `true` by default if no value is provided (for example, for
|
538
|
+
# RabbitMQ brokers).
|
539
|
+
# @return [Boolean]
|
540
|
+
#
|
541
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerEncryptionOptionsDetails AWS API Documentation
|
542
|
+
#
|
543
|
+
class AwsAmazonMqBrokerEncryptionOptionsDetails < Struct.new(
|
544
|
+
:kms_key_id,
|
545
|
+
:use_aws_owned_key)
|
546
|
+
SENSITIVE = []
|
547
|
+
include Aws::Structure
|
548
|
+
end
|
549
|
+
|
550
|
+
# The metadata of the Lightweight Directory Access Protocol (LDAP)
|
551
|
+
# server used to authenticate and authorize connections to the broker.
|
552
|
+
# This is an optional failover server.
|
553
|
+
#
|
554
|
+
# @!attribute [rw] hosts
|
555
|
+
# Specifies the location of the LDAP server, such as Amazon Web
|
556
|
+
# Services Directory Service for Microsoft Active Directory.
|
557
|
+
# @return [Array<String>]
|
558
|
+
#
|
559
|
+
# @!attribute [rw] role_base
|
560
|
+
# The distinguished name of the node in the directory information tree
|
561
|
+
# (DIT) to search for roles or groups.
|
562
|
+
# @return [String]
|
563
|
+
#
|
564
|
+
# @!attribute [rw] role_name
|
565
|
+
# The group name attribute in a role entry whose value is the name of
|
566
|
+
# that role.
|
567
|
+
# @return [String]
|
568
|
+
#
|
569
|
+
# @!attribute [rw] role_search_matching
|
570
|
+
# The LDAP search filter used to find roles within the `roleBase`.
|
571
|
+
# @return [String]
|
572
|
+
#
|
573
|
+
# @!attribute [rw] role_search_subtree
|
574
|
+
# The directory search scope for the role. If set to `true`, the scope
|
575
|
+
# is to search the entire subtree.
|
576
|
+
# @return [Boolean]
|
577
|
+
#
|
578
|
+
# @!attribute [rw] service_account_username
|
579
|
+
# A username for the service account, which is an account in your LDAP
|
580
|
+
# server that has access to initiate a connection.
|
581
|
+
# @return [String]
|
582
|
+
#
|
583
|
+
# @!attribute [rw] user_base
|
584
|
+
# Selects a particular subtree of the directory information tree (DIT)
|
585
|
+
# to search for user entries.
|
586
|
+
# @return [String]
|
587
|
+
#
|
588
|
+
# @!attribute [rw] user_role_name
|
589
|
+
# The name of the LDAP attribute in the user's directory entry for
|
590
|
+
# the user's group membership.
|
591
|
+
# @return [String]
|
592
|
+
#
|
593
|
+
# @!attribute [rw] user_search_matching
|
594
|
+
# The LDAP search filter used to find users within the `userBase`.
|
595
|
+
# @return [String]
|
596
|
+
#
|
597
|
+
# @!attribute [rw] user_search_subtree
|
598
|
+
# The directory search scope for the user. If set to true, the scope
|
599
|
+
# is to search the entire subtree.
|
600
|
+
# @return [Boolean]
|
601
|
+
#
|
602
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerLdapServerMetadataDetails AWS API Documentation
|
603
|
+
#
|
604
|
+
class AwsAmazonMqBrokerLdapServerMetadataDetails < Struct.new(
|
605
|
+
:hosts,
|
606
|
+
:role_base,
|
607
|
+
:role_name,
|
608
|
+
:role_search_matching,
|
609
|
+
:role_search_subtree,
|
610
|
+
:service_account_username,
|
611
|
+
:user_base,
|
612
|
+
:user_role_name,
|
613
|
+
:user_search_matching,
|
614
|
+
:user_search_subtree)
|
615
|
+
SENSITIVE = []
|
616
|
+
include Aws::Structure
|
617
|
+
end
|
618
|
+
|
619
|
+
# Provides information about logs to be activated for the specified
|
620
|
+
# broker.
|
621
|
+
#
|
622
|
+
# @!attribute [rw] audit
|
623
|
+
# Activates audit logging. Every user management action made using JMX
|
624
|
+
# or the ActiveMQ Web Console is logged. Doesn't apply to RabbitMQ
|
625
|
+
# brokers.
|
626
|
+
# @return [Boolean]
|
627
|
+
#
|
628
|
+
# @!attribute [rw] general
|
629
|
+
# Activates general logging.
|
630
|
+
# @return [Boolean]
|
631
|
+
#
|
632
|
+
# @!attribute [rw] audit_log_group
|
633
|
+
# The location of the CloudWatch Logs log group where audit logs are
|
634
|
+
# sent.
|
635
|
+
# @return [String]
|
636
|
+
#
|
637
|
+
# @!attribute [rw] general_log_group
|
638
|
+
# The location of the CloudWatch Logs log group where general logs are
|
639
|
+
# sent.
|
640
|
+
# @return [String]
|
641
|
+
#
|
642
|
+
# @!attribute [rw] pending
|
643
|
+
# The list of information about logs that are to be turned on for the
|
644
|
+
# specified broker.
|
645
|
+
# @return [Types::AwsAmazonMqBrokerLogsPendingDetails]
|
646
|
+
#
|
647
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerLogsDetails AWS API Documentation
|
648
|
+
#
|
649
|
+
class AwsAmazonMqBrokerLogsDetails < Struct.new(
|
650
|
+
:audit,
|
651
|
+
:general,
|
652
|
+
:audit_log_group,
|
653
|
+
:general_log_group,
|
654
|
+
:pending)
|
655
|
+
SENSITIVE = []
|
656
|
+
include Aws::Structure
|
657
|
+
end
|
658
|
+
|
659
|
+
# Provides information about logs to be activated for the specified
|
660
|
+
# broker.
|
661
|
+
#
|
662
|
+
# @!attribute [rw] audit
|
663
|
+
# Activates audit logging. Every user management action made using JMX
|
664
|
+
# or the ActiveMQ Web Console is logged. Doesn't apply to RabbitMQ
|
665
|
+
# brokers.
|
666
|
+
# @return [Boolean]
|
667
|
+
#
|
668
|
+
# @!attribute [rw] general
|
669
|
+
# Activates general logging.
|
670
|
+
# @return [Boolean]
|
671
|
+
#
|
672
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerLogsPendingDetails AWS API Documentation
|
673
|
+
#
|
674
|
+
class AwsAmazonMqBrokerLogsPendingDetails < Struct.new(
|
675
|
+
:audit,
|
676
|
+
:general)
|
677
|
+
SENSITIVE = []
|
678
|
+
include Aws::Structure
|
679
|
+
end
|
680
|
+
|
681
|
+
# The scheduled time period (UTC) during which Amazon MQ begins to apply
|
682
|
+
# pending updates or patches to the broker.
|
683
|
+
#
|
684
|
+
# @!attribute [rw] day_of_week
|
685
|
+
# The day of the week on which the maintenance window falls.
|
686
|
+
# @return [String]
|
687
|
+
#
|
688
|
+
# @!attribute [rw] time_of_day
|
689
|
+
# The time, in 24-hour format, on which the maintenance window falls.
|
690
|
+
# @return [String]
|
691
|
+
#
|
692
|
+
# @!attribute [rw] time_zone
|
693
|
+
# The time zone in either the Country/City format or the UTC offset
|
694
|
+
# format. UTC is the default format.
|
695
|
+
# @return [String]
|
696
|
+
#
|
697
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails AWS API Documentation
|
698
|
+
#
|
699
|
+
class AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails < Struct.new(
|
700
|
+
:day_of_week,
|
701
|
+
:time_of_day,
|
702
|
+
:time_zone)
|
703
|
+
SENSITIVE = []
|
704
|
+
include Aws::Structure
|
705
|
+
end
|
706
|
+
|
707
|
+
# Provides details about the broker usernames for the specified broker.
|
708
|
+
# Doesn't apply to RabbitMQ brokers.
|
709
|
+
#
|
710
|
+
# @!attribute [rw] pending_change
|
711
|
+
# The type of change pending for the broker user.
|
712
|
+
# @return [String]
|
713
|
+
#
|
714
|
+
# @!attribute [rw] username
|
715
|
+
# The username of the broker user.
|
716
|
+
# @return [String]
|
717
|
+
#
|
718
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAmazonMqBrokerUsersDetails AWS API Documentation
|
719
|
+
#
|
720
|
+
class AwsAmazonMqBrokerUsersDetails < Struct.new(
|
721
|
+
:pending_change,
|
722
|
+
:username)
|
723
|
+
SENSITIVE = []
|
724
|
+
include Aws::Structure
|
725
|
+
end
|
726
|
+
|
414
727
|
# Provided if `ActionType` is `AWS_API_CALL`. It provides details about
|
415
728
|
# the API call that was detected.
|
416
729
|
#
|
@@ -1098,6 +1411,240 @@ module Aws::SecurityHub
|
|
1098
1411
|
include Aws::Structure
|
1099
1412
|
end
|
1100
1413
|
|
1414
|
+
# A list of additional authentication providers for the GraphqlApi API.
|
1415
|
+
#
|
1416
|
+
# @!attribute [rw] authentication_type
|
1417
|
+
# The type of security configuration for your GraphQL API: API key,
|
1418
|
+
# Identity and Access Management (IAM), OpenID Connect (OIDC), Amazon
|
1419
|
+
# Cognito user pools, or Lambda.
|
1420
|
+
# @return [String]
|
1421
|
+
#
|
1422
|
+
# @!attribute [rw] lambda_authorizer_config
|
1423
|
+
# The configuration for Lambda function authorization.
|
1424
|
+
# @return [Types::AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails]
|
1425
|
+
#
|
1426
|
+
# @!attribute [rw] open_id_connect_config
|
1427
|
+
# The OpenID Connect configuration.
|
1428
|
+
# @return [Types::AwsAppSyncGraphQlApiOpenIdConnectConfigDetails]
|
1429
|
+
#
|
1430
|
+
# @!attribute [rw] user_pool_config
|
1431
|
+
# The Amazon Cognito user pools configuration.
|
1432
|
+
# @return [Types::AwsAppSyncGraphQlApiUserPoolConfigDetails]
|
1433
|
+
#
|
1434
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails AWS API Documentation
|
1435
|
+
#
|
1436
|
+
class AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails < Struct.new(
|
1437
|
+
:authentication_type,
|
1438
|
+
:lambda_authorizer_config,
|
1439
|
+
:open_id_connect_config,
|
1440
|
+
:user_pool_config)
|
1441
|
+
SENSITIVE = []
|
1442
|
+
include Aws::Structure
|
1443
|
+
end
|
1444
|
+
|
1445
|
+
# Provides details about an AppSync Graph QL API, which lets you query
|
1446
|
+
# multiple databases, microservices, and APIs from a single GraphQL
|
1447
|
+
# endpoint.
|
1448
|
+
#
|
1449
|
+
# @!attribute [rw] api_id
|
1450
|
+
# The unique identifier for the API.
|
1451
|
+
# @return [String]
|
1452
|
+
#
|
1453
|
+
# @!attribute [rw] id
|
1454
|
+
# The unique identifier for the API.
|
1455
|
+
# @return [String]
|
1456
|
+
#
|
1457
|
+
# @!attribute [rw] open_id_connect_config
|
1458
|
+
# Specifies the authorization configuration for using an OpenID
|
1459
|
+
# Connect compliant service with an AppSync GraphQL API endpoint.
|
1460
|
+
# @return [Types::AwsAppSyncGraphQlApiOpenIdConnectConfigDetails]
|
1461
|
+
#
|
1462
|
+
# @!attribute [rw] name
|
1463
|
+
# The API name.
|
1464
|
+
# @return [String]
|
1465
|
+
#
|
1466
|
+
# @!attribute [rw] lambda_authorizer_config
|
1467
|
+
# Specifies the configuration for Lambda function authorization.
|
1468
|
+
# @return [Types::AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails]
|
1469
|
+
#
|
1470
|
+
# @!attribute [rw] xray_enabled
|
1471
|
+
# Indicates whether to use X-Ray tracing for the GraphQL API.
|
1472
|
+
# @return [Boolean]
|
1473
|
+
#
|
1474
|
+
# @!attribute [rw] arn
|
1475
|
+
# The Amazon Resource Name (ARN) of the API.
|
1476
|
+
# @return [String]
|
1477
|
+
#
|
1478
|
+
# @!attribute [rw] user_pool_config
|
1479
|
+
# The Amazon Cognito user pools configuration.
|
1480
|
+
# @return [Types::AwsAppSyncGraphQlApiUserPoolConfigDetails]
|
1481
|
+
#
|
1482
|
+
# @!attribute [rw] authentication_type
|
1483
|
+
# The type of security configuration for your GraphQL API: API key,
|
1484
|
+
# Identity and Access Management (IAM), OpenID Connect (OIDC), Amazon
|
1485
|
+
# Cognito user pools, or Lambda.
|
1486
|
+
# @return [String]
|
1487
|
+
#
|
1488
|
+
# @!attribute [rw] log_config
|
1489
|
+
# The Amazon CloudWatch Logs configuration.
|
1490
|
+
# @return [Types::AwsAppSyncGraphQlApiLogConfigDetails]
|
1491
|
+
#
|
1492
|
+
# @!attribute [rw] additional_authentication_providers
|
1493
|
+
# A list of additional authentication providers for the GraphQL API.
|
1494
|
+
# @return [Array<Types::AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails>]
|
1495
|
+
#
|
1496
|
+
# @!attribute [rw] waf_web_acl_arn
|
1497
|
+
# The Amazon Resource Name (ARN) of the WAF web access control list
|
1498
|
+
# (web ACL) associated with this GraphQL API, if one exists.
|
1499
|
+
# @return [String]
|
1500
|
+
#
|
1501
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAppSyncGraphQlApiDetails AWS API Documentation
|
1502
|
+
#
|
1503
|
+
class AwsAppSyncGraphQlApiDetails < Struct.new(
|
1504
|
+
:api_id,
|
1505
|
+
:id,
|
1506
|
+
:open_id_connect_config,
|
1507
|
+
:name,
|
1508
|
+
:lambda_authorizer_config,
|
1509
|
+
:xray_enabled,
|
1510
|
+
:arn,
|
1511
|
+
:user_pool_config,
|
1512
|
+
:authentication_type,
|
1513
|
+
:log_config,
|
1514
|
+
:additional_authentication_providers,
|
1515
|
+
:waf_web_acl_arn)
|
1516
|
+
SENSITIVE = []
|
1517
|
+
include Aws::Structure
|
1518
|
+
end
|
1519
|
+
|
1520
|
+
# Specifies the authorization configuration for using an Lambda function
|
1521
|
+
# with your AppSync GraphQL API endpoint.
|
1522
|
+
#
|
1523
|
+
# @!attribute [rw] authorizer_result_ttl_in_seconds
|
1524
|
+
# The number of seconds a response should be cached for. The default
|
1525
|
+
# is 5 minutes (300 seconds).
|
1526
|
+
# @return [Integer]
|
1527
|
+
#
|
1528
|
+
# @!attribute [rw] authorizer_uri
|
1529
|
+
# The Amazon Resource Name (ARN) of the Lambda function to be called
|
1530
|
+
# for authorization. This can be a standard Lambda ARN, a version ARN
|
1531
|
+
# (.../v3), or an alias ARN.
|
1532
|
+
# @return [String]
|
1533
|
+
#
|
1534
|
+
# @!attribute [rw] identity_validation_expression
|
1535
|
+
# A regular expression for validation of tokens before the Lambda
|
1536
|
+
# function is called.
|
1537
|
+
# @return [String]
|
1538
|
+
#
|
1539
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails AWS API Documentation
|
1540
|
+
#
|
1541
|
+
class AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails < Struct.new(
|
1542
|
+
:authorizer_result_ttl_in_seconds,
|
1543
|
+
:authorizer_uri,
|
1544
|
+
:identity_validation_expression)
|
1545
|
+
SENSITIVE = []
|
1546
|
+
include Aws::Structure
|
1547
|
+
end
|
1548
|
+
|
1549
|
+
# Specifies the logging configuration when writing GraphQL operations
|
1550
|
+
# and tracing to Amazon CloudWatch for an AppSync GraphQL API.
|
1551
|
+
#
|
1552
|
+
# @!attribute [rw] cloud_watch_logs_role_arn
|
1553
|
+
# The Amazon Resource Name (ARN) of the service role that AppSync
|
1554
|
+
# assumes to publish to CloudWatch Logs in your account.
|
1555
|
+
# @return [String]
|
1556
|
+
#
|
1557
|
+
# @!attribute [rw] exclude_verbose_content
|
1558
|
+
# Set to `TRUE` to exclude sections that contain information such as
|
1559
|
+
# headers, context, and evaluated mapping templates, regardless of
|
1560
|
+
# logging level.
|
1561
|
+
# @return [Boolean]
|
1562
|
+
#
|
1563
|
+
# @!attribute [rw] field_log_level
|
1564
|
+
# The field logging level.
|
1565
|
+
# @return [String]
|
1566
|
+
#
|
1567
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAppSyncGraphQlApiLogConfigDetails AWS API Documentation
|
1568
|
+
#
|
1569
|
+
class AwsAppSyncGraphQlApiLogConfigDetails < Struct.new(
|
1570
|
+
:cloud_watch_logs_role_arn,
|
1571
|
+
:exclude_verbose_content,
|
1572
|
+
:field_log_level)
|
1573
|
+
SENSITIVE = []
|
1574
|
+
include Aws::Structure
|
1575
|
+
end
|
1576
|
+
|
1577
|
+
# Specifies the authorization configuration for using an OpenID Connect
|
1578
|
+
# compliant service with your AppSync GraphQL API endpoint.
|
1579
|
+
#
|
1580
|
+
# @!attribute [rw] auth_tt_l
|
1581
|
+
# The number of milliseconds that a token is valid after being
|
1582
|
+
# authenticated.
|
1583
|
+
# @return [Integer]
|
1584
|
+
#
|
1585
|
+
# @!attribute [rw] client_id
|
1586
|
+
# The client identifier of the relying party at the OpenID identity
|
1587
|
+
# provider. This identifier is typically obtained when the relying
|
1588
|
+
# party is registered with the OpenID identity provider. You can
|
1589
|
+
# specify a regular expression so that AppSync can validate against
|
1590
|
+
# multiple client identifiers at a time.
|
1591
|
+
# @return [String]
|
1592
|
+
#
|
1593
|
+
# @!attribute [rw] iat_tt_l
|
1594
|
+
# The number of milliseconds that a token is valid after it's issued
|
1595
|
+
# to a user.
|
1596
|
+
# @return [Integer]
|
1597
|
+
#
|
1598
|
+
# @!attribute [rw] issuer
|
1599
|
+
# The issuer for the OIDC configuration. The issuer returned by
|
1600
|
+
# discovery must exactly match the value of `iss` in the ID token.
|
1601
|
+
# @return [String]
|
1602
|
+
#
|
1603
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAppSyncGraphQlApiOpenIdConnectConfigDetails AWS API Documentation
|
1604
|
+
#
|
1605
|
+
class AwsAppSyncGraphQlApiOpenIdConnectConfigDetails < Struct.new(
|
1606
|
+
:auth_tt_l,
|
1607
|
+
:client_id,
|
1608
|
+
:iat_tt_l,
|
1609
|
+
:issuer)
|
1610
|
+
SENSITIVE = []
|
1611
|
+
include Aws::Structure
|
1612
|
+
end
|
1613
|
+
|
1614
|
+
# Specifies the authorization configuration for using Amazon Cognito
|
1615
|
+
# user pools with your AppSync GraphQL API endpoint.
|
1616
|
+
#
|
1617
|
+
# @!attribute [rw] app_id_client_regex
|
1618
|
+
# A regular expression for validating the incoming Amazon Cognito user
|
1619
|
+
# pools app client ID. If this value isn't set, no filtering is
|
1620
|
+
# applied.
|
1621
|
+
# @return [String]
|
1622
|
+
#
|
1623
|
+
# @!attribute [rw] aws_region
|
1624
|
+
# The Amazon Web Services Region in which the user pool was created.
|
1625
|
+
# @return [String]
|
1626
|
+
#
|
1627
|
+
# @!attribute [rw] default_action
|
1628
|
+
# The action that you want your GraphQL API to take when a request
|
1629
|
+
# that uses Amazon Cognito user pools authentication doesn't match
|
1630
|
+
# the Amazon Cognito user pools configuration.
|
1631
|
+
# @return [String]
|
1632
|
+
#
|
1633
|
+
# @!attribute [rw] user_pool_id
|
1634
|
+
# The user pool ID.
|
1635
|
+
# @return [String]
|
1636
|
+
#
|
1637
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAppSyncGraphQlApiUserPoolConfigDetails AWS API Documentation
|
1638
|
+
#
|
1639
|
+
class AwsAppSyncGraphQlApiUserPoolConfigDetails < Struct.new(
|
1640
|
+
:app_id_client_regex,
|
1641
|
+
:aws_region,
|
1642
|
+
:default_action,
|
1643
|
+
:user_pool_id)
|
1644
|
+
SENSITIVE = []
|
1645
|
+
include Aws::Structure
|
1646
|
+
end
|
1647
|
+
|
1101
1648
|
# An Availability Zone for the automatic scaling group.
|
1102
1649
|
#
|
1103
1650
|
# @!attribute [rw] value
|
@@ -10729,6 +11276,290 @@ module Aws::SecurityHub
|
|
10729
11276
|
include Aws::Structure
|
10730
11277
|
end
|
10731
11278
|
|
11279
|
+
# A schema defines the structure of events that are sent to Amazon
|
11280
|
+
# EventBridge. Schema registries are containers for schemas. They
|
11281
|
+
# collect and organize schemas so that your schemas are in logical
|
11282
|
+
# groups.
|
11283
|
+
#
|
11284
|
+
# @!attribute [rw] description
|
11285
|
+
# A description of the registry to be created.
|
11286
|
+
# @return [String]
|
11287
|
+
#
|
11288
|
+
# @!attribute [rw] registry_arn
|
11289
|
+
# The Amazon Resource Name (ARN) of the registry.
|
11290
|
+
# @return [String]
|
11291
|
+
#
|
11292
|
+
# @!attribute [rw] registry_name
|
11293
|
+
# The name of the schema registry.
|
11294
|
+
# @return [String]
|
11295
|
+
#
|
11296
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEventSchemasRegistryDetails AWS API Documentation
|
11297
|
+
#
|
11298
|
+
class AwsEventSchemasRegistryDetails < Struct.new(
|
11299
|
+
:description,
|
11300
|
+
:registry_arn,
|
11301
|
+
:registry_name)
|
11302
|
+
SENSITIVE = []
|
11303
|
+
include Aws::Structure
|
11304
|
+
end
|
11305
|
+
|
11306
|
+
# An object that contains information on the status of CloudTrail as a
|
11307
|
+
# data source for the detector.
|
11308
|
+
#
|
11309
|
+
# @!attribute [rw] status
|
11310
|
+
# Specifies whether CloudTrail is activated as a data source for the
|
11311
|
+
# detector.
|
11312
|
+
# @return [String]
|
11313
|
+
#
|
11314
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesCloudTrailDetails AWS API Documentation
|
11315
|
+
#
|
11316
|
+
class AwsGuardDutyDetectorDataSourcesCloudTrailDetails < Struct.new(
|
11317
|
+
:status)
|
11318
|
+
SENSITIVE = []
|
11319
|
+
include Aws::Structure
|
11320
|
+
end
|
11321
|
+
|
11322
|
+
# Describes which data sources are activated for the detector.
|
11323
|
+
#
|
11324
|
+
# @!attribute [rw] cloud_trail
|
11325
|
+
# An object that contains information on the status of CloudTrail as a
|
11326
|
+
# data source for the detector.
|
11327
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesCloudTrailDetails]
|
11328
|
+
#
|
11329
|
+
# @!attribute [rw] dns_logs
|
11330
|
+
# An object that contains information on the status of DNS logs as a
|
11331
|
+
# data source for the detector.
|
11332
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesDnsLogsDetails]
|
11333
|
+
#
|
11334
|
+
# @!attribute [rw] flow_logs
|
11335
|
+
# An object that contains information on the status of VPC Flow Logs
|
11336
|
+
# as a data source for the detector.
|
11337
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesFlowLogsDetails]
|
11338
|
+
#
|
11339
|
+
# @!attribute [rw] kubernetes
|
11340
|
+
# An object that contains information on the status of Kubernetes data
|
11341
|
+
# sources for the detector.
|
11342
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesKubernetesDetails]
|
11343
|
+
#
|
11344
|
+
# @!attribute [rw] malware_protection
|
11345
|
+
# An object that contains information on the status of Malware
|
11346
|
+
# Protection as a data source for the detector.
|
11347
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails]
|
11348
|
+
#
|
11349
|
+
# @!attribute [rw] s3_logs
|
11350
|
+
# An object that contains information on the status of S3 Data event
|
11351
|
+
# logs as a data source for the detector.
|
11352
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesS3LogsDetails]
|
11353
|
+
#
|
11354
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesDetails AWS API Documentation
|
11355
|
+
#
|
11356
|
+
class AwsGuardDutyDetectorDataSourcesDetails < Struct.new(
|
11357
|
+
:cloud_trail,
|
11358
|
+
:dns_logs,
|
11359
|
+
:flow_logs,
|
11360
|
+
:kubernetes,
|
11361
|
+
:malware_protection,
|
11362
|
+
:s3_logs)
|
11363
|
+
SENSITIVE = []
|
11364
|
+
include Aws::Structure
|
11365
|
+
end
|
11366
|
+
|
11367
|
+
# An object that contains information on the status of DNS logs as a
|
11368
|
+
# data source for the detector.
|
11369
|
+
#
|
11370
|
+
# @!attribute [rw] status
|
11371
|
+
# Describes whether DNS logs is enabled as a data source for the
|
11372
|
+
# detector.
|
11373
|
+
# @return [String]
|
11374
|
+
#
|
11375
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesDnsLogsDetails AWS API Documentation
|
11376
|
+
#
|
11377
|
+
class AwsGuardDutyDetectorDataSourcesDnsLogsDetails < Struct.new(
|
11378
|
+
:status)
|
11379
|
+
SENSITIVE = []
|
11380
|
+
include Aws::Structure
|
11381
|
+
end
|
11382
|
+
|
11383
|
+
# An object that contains information on the status of VPC Flow Logs as
|
11384
|
+
# a data source for the detector.
|
11385
|
+
#
|
11386
|
+
# @!attribute [rw] status
|
11387
|
+
# Describes whether VPC Flow Logs are activated as a data source for
|
11388
|
+
# the detector.
|
11389
|
+
# @return [String]
|
11390
|
+
#
|
11391
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesFlowLogsDetails AWS API Documentation
|
11392
|
+
#
|
11393
|
+
class AwsGuardDutyDetectorDataSourcesFlowLogsDetails < Struct.new(
|
11394
|
+
:status)
|
11395
|
+
SENSITIVE = []
|
11396
|
+
include Aws::Structure
|
11397
|
+
end
|
11398
|
+
|
11399
|
+
# An object that contains information on the status of Kubernetes audit
|
11400
|
+
# logs as a data source for the detector.
|
11401
|
+
#
|
11402
|
+
# @!attribute [rw] status
|
11403
|
+
# Describes whether Kubernetes audit logs are activated as a data
|
11404
|
+
# source for the detector.
|
11405
|
+
# @return [String]
|
11406
|
+
#
|
11407
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails AWS API Documentation
|
11408
|
+
#
|
11409
|
+
class AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails < Struct.new(
|
11410
|
+
:status)
|
11411
|
+
SENSITIVE = []
|
11412
|
+
include Aws::Structure
|
11413
|
+
end
|
11414
|
+
|
11415
|
+
# An object that contains information on the status of Kubernetes data
|
11416
|
+
# sources for the detector.
|
11417
|
+
#
|
11418
|
+
# @!attribute [rw] audit_logs
|
11419
|
+
# Describes whether Kubernetes audit logs are activated as a data
|
11420
|
+
# source for the detector.
|
11421
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails]
|
11422
|
+
#
|
11423
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesKubernetesDetails AWS API Documentation
|
11424
|
+
#
|
11425
|
+
class AwsGuardDutyDetectorDataSourcesKubernetesDetails < Struct.new(
|
11426
|
+
:audit_logs)
|
11427
|
+
SENSITIVE = []
|
11428
|
+
include Aws::Structure
|
11429
|
+
end
|
11430
|
+
|
11431
|
+
# An object that contains information on the status of Malware
|
11432
|
+
# Protection as a data source for the detector.
|
11433
|
+
#
|
11434
|
+
# @!attribute [rw] scan_ec2_instance_with_findings
|
11435
|
+
# Describes the configuration of Malware Protection for EC2 instances
|
11436
|
+
# with findings.
|
11437
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails]
|
11438
|
+
#
|
11439
|
+
# @!attribute [rw] service_role
|
11440
|
+
# The GuardDuty Malware Protection service role.
|
11441
|
+
# @return [String]
|
11442
|
+
#
|
11443
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails AWS API Documentation
|
11444
|
+
#
|
11445
|
+
class AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails < Struct.new(
|
11446
|
+
:scan_ec2_instance_with_findings,
|
11447
|
+
:service_role)
|
11448
|
+
SENSITIVE = []
|
11449
|
+
include Aws::Structure
|
11450
|
+
end
|
11451
|
+
|
11452
|
+
# Describes the configuration of Malware Protection for EC2 instances
|
11453
|
+
# with findings.
|
11454
|
+
#
|
11455
|
+
# @!attribute [rw] ebs_volumes
|
11456
|
+
# Describes the configuration of scanning EBS volumes (Malware
|
11457
|
+
# Protection) as a data source.
|
11458
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails]
|
11459
|
+
#
|
11460
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails AWS API Documentation
|
11461
|
+
#
|
11462
|
+
class AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsDetails < Struct.new(
|
11463
|
+
:ebs_volumes)
|
11464
|
+
SENSITIVE = []
|
11465
|
+
include Aws::Structure
|
11466
|
+
end
|
11467
|
+
|
11468
|
+
# Describes the configuration of scanning EBS volumes (Malware
|
11469
|
+
# Protection) as a data source.
|
11470
|
+
#
|
11471
|
+
# @!attribute [rw] reason
|
11472
|
+
# Specifies the reason why scanning EBS volumes (Malware Protection)
|
11473
|
+
# isn’t activated as a data source.
|
11474
|
+
# @return [String]
|
11475
|
+
#
|
11476
|
+
# @!attribute [rw] status
|
11477
|
+
# Describes whether scanning EBS volumes is activated as a data source
|
11478
|
+
# for the detector.
|
11479
|
+
# @return [String]
|
11480
|
+
#
|
11481
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails AWS API Documentation
|
11482
|
+
#
|
11483
|
+
class AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails < Struct.new(
|
11484
|
+
:reason,
|
11485
|
+
:status)
|
11486
|
+
SENSITIVE = []
|
11487
|
+
include Aws::Structure
|
11488
|
+
end
|
11489
|
+
|
11490
|
+
# An object that contains information on the status of S3 data event
|
11491
|
+
# logs as a data source for the detector.
|
11492
|
+
#
|
11493
|
+
# @!attribute [rw] status
|
11494
|
+
# A value that describes whether S3 data event logs are automatically
|
11495
|
+
# enabled for new members of an organization.
|
11496
|
+
# @return [String]
|
11497
|
+
#
|
11498
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDataSourcesS3LogsDetails AWS API Documentation
|
11499
|
+
#
|
11500
|
+
class AwsGuardDutyDetectorDataSourcesS3LogsDetails < Struct.new(
|
11501
|
+
:status)
|
11502
|
+
SENSITIVE = []
|
11503
|
+
include Aws::Structure
|
11504
|
+
end
|
11505
|
+
|
11506
|
+
# Provides details about an Amazon GuardDuty detector. A detector is an
|
11507
|
+
# object that represents the GuardDuty service. A detector is required
|
11508
|
+
# for GuardDuty to become operational.
|
11509
|
+
#
|
11510
|
+
# @!attribute [rw] data_sources
|
11511
|
+
# Describes which data sources are activated for the detector.
|
11512
|
+
# @return [Types::AwsGuardDutyDetectorDataSourcesDetails]
|
11513
|
+
#
|
11514
|
+
# @!attribute [rw] features
|
11515
|
+
# Describes which features are activated for the detector.
|
11516
|
+
# @return [Array<Types::AwsGuardDutyDetectorFeaturesDetails>]
|
11517
|
+
#
|
11518
|
+
# @!attribute [rw] finding_publishing_frequency
|
11519
|
+
# The publishing frequency of the finding.
|
11520
|
+
# @return [String]
|
11521
|
+
#
|
11522
|
+
# @!attribute [rw] service_role
|
11523
|
+
# The GuardDuty service role.
|
11524
|
+
# @return [String]
|
11525
|
+
#
|
11526
|
+
# @!attribute [rw] status
|
11527
|
+
# The activation status of the detector.
|
11528
|
+
# @return [String]
|
11529
|
+
#
|
11530
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorDetails AWS API Documentation
|
11531
|
+
#
|
11532
|
+
class AwsGuardDutyDetectorDetails < Struct.new(
|
11533
|
+
:data_sources,
|
11534
|
+
:features,
|
11535
|
+
:finding_publishing_frequency,
|
11536
|
+
:service_role,
|
11537
|
+
:status)
|
11538
|
+
SENSITIVE = []
|
11539
|
+
include Aws::Structure
|
11540
|
+
end
|
11541
|
+
|
11542
|
+
# Describes which features are activated for the detector.
|
11543
|
+
#
|
11544
|
+
# @!attribute [rw] name
|
11545
|
+
# Indicates the name of the feature that is activated for the
|
11546
|
+
# detector.
|
11547
|
+
# @return [String]
|
11548
|
+
#
|
11549
|
+
# @!attribute [rw] status
|
11550
|
+
# Indicates the status of the feature that is activated for the
|
11551
|
+
# detector.
|
11552
|
+
# @return [String]
|
11553
|
+
#
|
11554
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsGuardDutyDetectorFeaturesDetails AWS API Documentation
|
11555
|
+
#
|
11556
|
+
class AwsGuardDutyDetectorFeaturesDetails < Struct.new(
|
11557
|
+
:name,
|
11558
|
+
:status)
|
11559
|
+
SENSITIVE = []
|
11560
|
+
include Aws::Structure
|
11561
|
+
end
|
11562
|
+
|
10732
11563
|
# IAM access key details related to a finding.
|
10733
11564
|
#
|
10734
11565
|
# @!attribute [rw] user_name
|
@@ -17250,6 +18081,142 @@ module Aws::SecurityHub
|
|
17250
18081
|
include Aws::Structure
|
17251
18082
|
end
|
17252
18083
|
|
18084
|
+
# Provides details about an Step Functions state machine, which is a
|
18085
|
+
# workflow consisting of a series of event- driven steps.
|
18086
|
+
#
|
18087
|
+
# @!attribute [rw] label
|
18088
|
+
# A user-defined or an auto-generated string that identifies a `Map`
|
18089
|
+
# state. This parameter is present only if the `stateMachineArn`
|
18090
|
+
# specified in input is a qualified state machine ARN.
|
18091
|
+
# @return [String]
|
18092
|
+
#
|
18093
|
+
# @!attribute [rw] logging_configuration
|
18094
|
+
# Used to set CloudWatch Logs options.
|
18095
|
+
# @return [Types::AwsStepFunctionStateMachineLoggingConfigurationDetails]
|
18096
|
+
#
|
18097
|
+
# @!attribute [rw] name
|
18098
|
+
# The name of the state machine.
|
18099
|
+
# @return [String]
|
18100
|
+
#
|
18101
|
+
# @!attribute [rw] role_arn
|
18102
|
+
# The Amazon Resource Name (ARN) of the IAM role used when creating
|
18103
|
+
# this state machine.
|
18104
|
+
# @return [String]
|
18105
|
+
#
|
18106
|
+
# @!attribute [rw] state_machine_arn
|
18107
|
+
# The ARN that identifies the state machine.
|
18108
|
+
# @return [String]
|
18109
|
+
#
|
18110
|
+
# @!attribute [rw] status
|
18111
|
+
# The current status of the state machine.
|
18112
|
+
# @return [String]
|
18113
|
+
#
|
18114
|
+
# @!attribute [rw] tracing_configuration
|
18115
|
+
# Specifies whether X-Ray tracing is enabled.
|
18116
|
+
# @return [Types::AwsStepFunctionStateMachineTracingConfigurationDetails]
|
18117
|
+
#
|
18118
|
+
# @!attribute [rw] type
|
18119
|
+
# The type of the state machine (STANDARD or EXPRESS).
|
18120
|
+
# @return [String]
|
18121
|
+
#
|
18122
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsStepFunctionStateMachineDetails AWS API Documentation
|
18123
|
+
#
|
18124
|
+
class AwsStepFunctionStateMachineDetails < Struct.new(
|
18125
|
+
:label,
|
18126
|
+
:logging_configuration,
|
18127
|
+
:name,
|
18128
|
+
:role_arn,
|
18129
|
+
:state_machine_arn,
|
18130
|
+
:status,
|
18131
|
+
:tracing_configuration,
|
18132
|
+
:type)
|
18133
|
+
SENSITIVE = []
|
18134
|
+
include Aws::Structure
|
18135
|
+
end
|
18136
|
+
|
18137
|
+
# An object describing a CloudWatch log group. For more information, see
|
18138
|
+
# [ Amazon Web Services::Logs::LogGroup][1] in the *CloudFormation User
|
18139
|
+
# Guide*.
|
18140
|
+
#
|
18141
|
+
#
|
18142
|
+
#
|
18143
|
+
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html
|
18144
|
+
#
|
18145
|
+
# @!attribute [rw] log_group_arn
|
18146
|
+
# The ARN (ends with `:*`) of the CloudWatch Logs log group to which
|
18147
|
+
# you want your logs emitted.
|
18148
|
+
# @return [String]
|
18149
|
+
#
|
18150
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails AWS API Documentation
|
18151
|
+
#
|
18152
|
+
class AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails < Struct.new(
|
18153
|
+
:log_group_arn)
|
18154
|
+
SENSITIVE = []
|
18155
|
+
include Aws::Structure
|
18156
|
+
end
|
18157
|
+
|
18158
|
+
# An array of objects that describes where your execution history events
|
18159
|
+
# will be logged.
|
18160
|
+
#
|
18161
|
+
# @!attribute [rw] cloud_watch_logs_log_group
|
18162
|
+
# An object describing a CloudWatch Logs log group. For more
|
18163
|
+
# information, see [ Amazon Web Services::Logs::LogGroup][1] in the
|
18164
|
+
# *CloudFormation User Guide*.
|
18165
|
+
#
|
18166
|
+
#
|
18167
|
+
#
|
18168
|
+
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html
|
18169
|
+
# @return [Types::AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails]
|
18170
|
+
#
|
18171
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails AWS API Documentation
|
18172
|
+
#
|
18173
|
+
class AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails < Struct.new(
|
18174
|
+
:cloud_watch_logs_log_group)
|
18175
|
+
SENSITIVE = []
|
18176
|
+
include Aws::Structure
|
18177
|
+
end
|
18178
|
+
|
18179
|
+
# The `LoggingConfiguration` data type is used to set CloudWatch Logs
|
18180
|
+
# options.
|
18181
|
+
#
|
18182
|
+
# @!attribute [rw] destinations
|
18183
|
+
# An array of objects that describes where your execution history
|
18184
|
+
# events will be logged.
|
18185
|
+
# @return [Array<Types::AwsStepFunctionStateMachineLoggingConfigurationDestinationsDetails>]
|
18186
|
+
#
|
18187
|
+
# @!attribute [rw] include_execution_data
|
18188
|
+
# Determines whether execution data is included in your log. When set
|
18189
|
+
# to false, data is excluded.
|
18190
|
+
# @return [Boolean]
|
18191
|
+
#
|
18192
|
+
# @!attribute [rw] level
|
18193
|
+
# Defines which category of execution history events are logged.
|
18194
|
+
# @return [String]
|
18195
|
+
#
|
18196
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsStepFunctionStateMachineLoggingConfigurationDetails AWS API Documentation
|
18197
|
+
#
|
18198
|
+
class AwsStepFunctionStateMachineLoggingConfigurationDetails < Struct.new(
|
18199
|
+
:destinations,
|
18200
|
+
:include_execution_data,
|
18201
|
+
:level)
|
18202
|
+
SENSITIVE = []
|
18203
|
+
include Aws::Structure
|
18204
|
+
end
|
18205
|
+
|
18206
|
+
# Specifies whether X-Ray tracing is enabled.
|
18207
|
+
#
|
18208
|
+
# @!attribute [rw] enabled
|
18209
|
+
# When set to true, X-Ray tracing is enabled.
|
18210
|
+
# @return [Boolean]
|
18211
|
+
#
|
18212
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsStepFunctionStateMachineTracingConfigurationDetails AWS API Documentation
|
18213
|
+
#
|
18214
|
+
class AwsStepFunctionStateMachineTracingConfigurationDetails < Struct.new(
|
18215
|
+
:enabled)
|
18216
|
+
SENSITIVE = []
|
18217
|
+
include Aws::Structure
|
18218
|
+
end
|
18219
|
+
|
17253
18220
|
# Details about a rate-based rule for global resources. A rate-based
|
17254
18221
|
# rule provides settings to indicate when to allow, block, or count a
|
17255
18222
|
# request. Rate-based rules include the number of requests that arrive
|
@@ -20075,12 +21042,13 @@ module Aws::SecurityHub
|
|
20075
21042
|
# @return [Types::AwsSecurityFindingIdentifier]
|
20076
21043
|
#
|
20077
21044
|
# @!attribute [rw] update_time
|
20078
|
-
# An ISO 8601-formatted timestamp that indicates when
|
20079
|
-
#
|
20080
|
-
#
|
20081
|
-
#
|
20082
|
-
#
|
20083
|
-
#
|
21045
|
+
# An ISO 8601-formatted timestamp that indicates when Security Hub
|
21046
|
+
# processed the updated finding record.
|
21047
|
+
#
|
21048
|
+
# A correctly formatted example is `2020-05-21T20:16:34.724Z`. The
|
21049
|
+
# value cannot contain spaces, and date and time should be separated
|
21050
|
+
# by `T`. For more information, see [RFC 3339 section 5.6, Internet
|
21051
|
+
# Date/Time Format][1].
|
20084
21052
|
#
|
20085
21053
|
#
|
20086
21054
|
#
|
@@ -22885,6 +23853,37 @@ module Aws::SecurityHub
|
|
22885
23853
|
# traffic from your subnet or gateway.
|
22886
23854
|
# @return [Types::AwsEc2RouteTableDetails]
|
22887
23855
|
#
|
23856
|
+
# @!attribute [rw] aws_amazon_mq_broker
|
23857
|
+
# Provides details about AppSync message broker. A message broker
|
23858
|
+
# allows software applications and components to communicate using
|
23859
|
+
# various programming languages, operating systems, and formal
|
23860
|
+
# messaging protocols.
|
23861
|
+
# @return [Types::AwsAmazonMqBrokerDetails]
|
23862
|
+
#
|
23863
|
+
# @!attribute [rw] aws_app_sync_graph_ql_api
|
23864
|
+
# Provides details about an AppSync Graph QL API, which lets you query
|
23865
|
+
# multiple databases, microservices, and APIs from a single GraphQL
|
23866
|
+
# endpoint.
|
23867
|
+
# @return [Types::AwsAppSyncGraphQlApiDetails]
|
23868
|
+
#
|
23869
|
+
# @!attribute [rw] aws_event_schemas_registry
|
23870
|
+
# A schema defines the structure of events that are sent to Amazon
|
23871
|
+
# EventBridge. Schema registries are containers for schemas. They
|
23872
|
+
# collect and organize schemas so that your schemas are in logical
|
23873
|
+
# groups.
|
23874
|
+
# @return [Types::AwsEventSchemasRegistryDetails]
|
23875
|
+
#
|
23876
|
+
# @!attribute [rw] aws_guard_duty_detector
|
23877
|
+
# Provides details about an Amazon GuardDuty detector. A detector is
|
23878
|
+
# an object that represents the GuardDuty service. A detector is
|
23879
|
+
# required for GuardDuty to become operational.
|
23880
|
+
# @return [Types::AwsGuardDutyDetectorDetails]
|
23881
|
+
#
|
23882
|
+
# @!attribute [rw] aws_step_function_state_machine
|
23883
|
+
# Provides details about an Step Functions state machine, which is a
|
23884
|
+
# workflow consisting of a series of event-driven steps.
|
23885
|
+
# @return [Types::AwsStepFunctionStateMachineDetails]
|
23886
|
+
#
|
22888
23887
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
|
22889
23888
|
#
|
22890
23889
|
class ResourceDetails < Struct.new(
|
@@ -22971,7 +23970,12 @@ module Aws::SecurityHub
|
|
22971
23970
|
:aws_sage_maker_notebook_instance,
|
22972
23971
|
:aws_wafv_2_web_acl,
|
22973
23972
|
:aws_wafv_2_rule_group,
|
22974
|
-
:aws_ec2_route_table
|
23973
|
+
:aws_ec2_route_table,
|
23974
|
+
:aws_amazon_mq_broker,
|
23975
|
+
:aws_app_sync_graph_ql_api,
|
23976
|
+
:aws_event_schemas_registry,
|
23977
|
+
:aws_guard_duty_detector,
|
23978
|
+
:aws_step_function_state_machine)
|
22975
23979
|
SENSITIVE = []
|
22976
23980
|
include Aws::Structure
|
22977
23981
|
end
|