aws-sdk-securityhub 1.96.0 → 1.98.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +1209 -28
- data/lib/aws-sdk-securityhub/client_api.rb +410 -0
- data/lib/aws-sdk-securityhub/endpoints.rb +140 -0
- data/lib/aws-sdk-securityhub/plugins/endpoints.rb +23 -2
- data/lib/aws-sdk-securityhub/types.rb +1090 -32
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
|
@@ -930,6 +930,15 @@ module Aws::SecurityHub
|
|
|
930
930
|
# resp.rules[0].criteria.user_defined_fields[0].key #=> String
|
|
931
931
|
# resp.rules[0].criteria.user_defined_fields[0].value #=> String
|
|
932
932
|
# resp.rules[0].criteria.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
933
|
+
# resp.rules[0].criteria.resource_application_arn #=> Array
|
|
934
|
+
# resp.rules[0].criteria.resource_application_arn[0].value #=> String
|
|
935
|
+
# resp.rules[0].criteria.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
936
|
+
# resp.rules[0].criteria.resource_application_name #=> Array
|
|
937
|
+
# resp.rules[0].criteria.resource_application_name[0].value #=> String
|
|
938
|
+
# resp.rules[0].criteria.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
939
|
+
# resp.rules[0].criteria.aws_account_name #=> Array
|
|
940
|
+
# resp.rules[0].criteria.aws_account_name[0].value #=> String
|
|
941
|
+
# resp.rules[0].criteria.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
933
942
|
# resp.rules[0].actions #=> Array
|
|
934
943
|
# resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE"
|
|
935
944
|
# resp.rules[0].actions[0].finding_fields_update.note.text #=> String
|
|
@@ -965,6 +974,108 @@ module Aws::SecurityHub
|
|
|
965
974
|
req.send_request(options)
|
|
966
975
|
end
|
|
967
976
|
|
|
977
|
+
# Returns associations between an Security Hub configuration and a batch
|
|
978
|
+
# of target accounts, organizational units, or the root. Only the
|
|
979
|
+
# Security Hub delegated administrator can invoke this operation from
|
|
980
|
+
# the home Region. A configuration can refer to a configuration policy
|
|
981
|
+
# or to a self-managed configuration.
|
|
982
|
+
#
|
|
983
|
+
# @option params [required, Array<Types::ConfigurationPolicyAssociation>] :configuration_policy_association_identifiers
|
|
984
|
+
# Specifies one or more target account IDs, organizational unit (OU)
|
|
985
|
+
# IDs, or the root ID to retrieve associations for.
|
|
986
|
+
#
|
|
987
|
+
# @return [Types::BatchGetConfigurationPolicyAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
988
|
+
#
|
|
989
|
+
# * {Types::BatchGetConfigurationPolicyAssociationsResponse#configuration_policy_associations #configuration_policy_associations} => Array<Types::ConfigurationPolicyAssociationSummary>
|
|
990
|
+
# * {Types::BatchGetConfigurationPolicyAssociationsResponse#unprocessed_configuration_policy_associations #unprocessed_configuration_policy_associations} => Array<Types::UnprocessedConfigurationPolicyAssociation>
|
|
991
|
+
#
|
|
992
|
+
#
|
|
993
|
+
# @example Example: To get configuration associations for a batch of targets
|
|
994
|
+
#
|
|
995
|
+
# # This operation provides details about configuration associations for a batch of target accounts, organizational units,
|
|
996
|
+
# # or the root.
|
|
997
|
+
#
|
|
998
|
+
# resp = client.batch_get_configuration_policy_associations({
|
|
999
|
+
# configuration_policy_association_identifiers: [
|
|
1000
|
+
# {
|
|
1001
|
+
# target: {
|
|
1002
|
+
# account_id: "111122223333",
|
|
1003
|
+
# },
|
|
1004
|
+
# },
|
|
1005
|
+
# {
|
|
1006
|
+
# target: {
|
|
1007
|
+
# root_id: "r-f6g7h8i9j0example",
|
|
1008
|
+
# },
|
|
1009
|
+
# },
|
|
1010
|
+
# ],
|
|
1011
|
+
# })
|
|
1012
|
+
#
|
|
1013
|
+
# resp.to_h outputs the following:
|
|
1014
|
+
# {
|
|
1015
|
+
# configuration_policy_associations: [
|
|
1016
|
+
# {
|
|
1017
|
+
# association_status: "SUCCESS",
|
|
1018
|
+
# association_status_message: "This field is only populated for a failed association",
|
|
1019
|
+
# association_type: "INHERITED",
|
|
1020
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
1021
|
+
# target_id: "111122223333",
|
|
1022
|
+
# target_type: "ACCOUNT",
|
|
1023
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
1024
|
+
# },
|
|
1025
|
+
# ],
|
|
1026
|
+
# unprocessed_configuration_policy_associations: [
|
|
1027
|
+
# {
|
|
1028
|
+
# configuration_policy_association_identifiers: {
|
|
1029
|
+
# target: {
|
|
1030
|
+
# root_id: "r-f6g7h8i9j0example",
|
|
1031
|
+
# },
|
|
1032
|
+
# },
|
|
1033
|
+
# error_code: "400",
|
|
1034
|
+
# error_reason: "You do not have sufficient access to perform this action.",
|
|
1035
|
+
# },
|
|
1036
|
+
# ],
|
|
1037
|
+
# }
|
|
1038
|
+
#
|
|
1039
|
+
# @example Request syntax with placeholder values
|
|
1040
|
+
#
|
|
1041
|
+
# resp = client.batch_get_configuration_policy_associations({
|
|
1042
|
+
# configuration_policy_association_identifiers: [ # required
|
|
1043
|
+
# {
|
|
1044
|
+
# target: {
|
|
1045
|
+
# account_id: "NonEmptyString",
|
|
1046
|
+
# organizational_unit_id: "NonEmptyString",
|
|
1047
|
+
# root_id: "NonEmptyString",
|
|
1048
|
+
# },
|
|
1049
|
+
# },
|
|
1050
|
+
# ],
|
|
1051
|
+
# })
|
|
1052
|
+
#
|
|
1053
|
+
# @example Response structure
|
|
1054
|
+
#
|
|
1055
|
+
# resp.configuration_policy_associations #=> Array
|
|
1056
|
+
# resp.configuration_policy_associations[0].configuration_policy_id #=> String
|
|
1057
|
+
# resp.configuration_policy_associations[0].target_id #=> String
|
|
1058
|
+
# resp.configuration_policy_associations[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
|
1059
|
+
# resp.configuration_policy_associations[0].association_type #=> String, one of "INHERITED", "APPLIED"
|
|
1060
|
+
# resp.configuration_policy_associations[0].updated_at #=> Time
|
|
1061
|
+
# resp.configuration_policy_associations[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
|
1062
|
+
# resp.configuration_policy_associations[0].association_status_message #=> String
|
|
1063
|
+
# resp.unprocessed_configuration_policy_associations #=> Array
|
|
1064
|
+
# resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.account_id #=> String
|
|
1065
|
+
# resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.organizational_unit_id #=> String
|
|
1066
|
+
# resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.root_id #=> String
|
|
1067
|
+
# resp.unprocessed_configuration_policy_associations[0].error_code #=> String
|
|
1068
|
+
# resp.unprocessed_configuration_policy_associations[0].error_reason #=> String
|
|
1069
|
+
#
|
|
1070
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociations AWS API Documentation
|
|
1071
|
+
#
|
|
1072
|
+
# @overload batch_get_configuration_policy_associations(params = {})
|
|
1073
|
+
# @param [Hash] params ({})
|
|
1074
|
+
def batch_get_configuration_policy_associations(params = {}, options = {})
|
|
1075
|
+
req = build_request(:batch_get_configuration_policy_associations, params)
|
|
1076
|
+
req.send_request(options)
|
|
1077
|
+
end
|
|
1078
|
+
|
|
968
1079
|
# Provides details about a batch of security controls for the current
|
|
969
1080
|
# Amazon Web Services account and Amazon Web Services Region.
|
|
970
1081
|
#
|
|
@@ -1606,6 +1717,24 @@ module Aws::SecurityHub
|
|
|
1606
1717
|
# comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
1607
1718
|
# },
|
|
1608
1719
|
# ],
|
|
1720
|
+
# resource_application_arn: [
|
|
1721
|
+
# {
|
|
1722
|
+
# value: "NonEmptyString",
|
|
1723
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
1724
|
+
# },
|
|
1725
|
+
# ],
|
|
1726
|
+
# resource_application_name: [
|
|
1727
|
+
# {
|
|
1728
|
+
# value: "NonEmptyString",
|
|
1729
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
1730
|
+
# },
|
|
1731
|
+
# ],
|
|
1732
|
+
# aws_account_name: [
|
|
1733
|
+
# {
|
|
1734
|
+
# value: "NonEmptyString",
|
|
1735
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
1736
|
+
# },
|
|
1737
|
+
# ],
|
|
1609
1738
|
# },
|
|
1610
1739
|
# actions: [
|
|
1611
1740
|
# {
|
|
@@ -2035,7 +2164,7 @@ module Aws::SecurityHub
|
|
|
2035
2164
|
# Creates an automation rule based on input parameters.
|
|
2036
2165
|
#
|
|
2037
2166
|
# @option params [Hash<String,String>] :tags
|
|
2038
|
-
# User-defined tags
|
|
2167
|
+
# User-defined tags associated with an automation rule.
|
|
2039
2168
|
#
|
|
2040
2169
|
# @option params [String] :rule_status
|
|
2041
2170
|
# Whether the rule is active after it is created. If this parameter is
|
|
@@ -2399,6 +2528,24 @@ module Aws::SecurityHub
|
|
|
2399
2528
|
# comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
2400
2529
|
# },
|
|
2401
2530
|
# ],
|
|
2531
|
+
# resource_application_arn: [
|
|
2532
|
+
# {
|
|
2533
|
+
# value: "NonEmptyString",
|
|
2534
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
2535
|
+
# },
|
|
2536
|
+
# ],
|
|
2537
|
+
# resource_application_name: [
|
|
2538
|
+
# {
|
|
2539
|
+
# value: "NonEmptyString",
|
|
2540
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
2541
|
+
# },
|
|
2542
|
+
# ],
|
|
2543
|
+
# aws_account_name: [
|
|
2544
|
+
# {
|
|
2545
|
+
# value: "NonEmptyString",
|
|
2546
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
2547
|
+
# },
|
|
2548
|
+
# ],
|
|
2402
2549
|
# },
|
|
2403
2550
|
# actions: [ # required
|
|
2404
2551
|
# {
|
|
@@ -2447,6 +2594,200 @@ module Aws::SecurityHub
|
|
|
2447
2594
|
req.send_request(options)
|
|
2448
2595
|
end
|
|
2449
2596
|
|
|
2597
|
+
# Creates a configuration policy with the defined configuration. Only
|
|
2598
|
+
# the Security Hub delegated administrator can invoke this operation
|
|
2599
|
+
# from the home Region.
|
|
2600
|
+
#
|
|
2601
|
+
# @option params [required, String] :name
|
|
2602
|
+
# The name of the configuration policy.
|
|
2603
|
+
#
|
|
2604
|
+
# @option params [String] :description
|
|
2605
|
+
# The description of the configuration policy.
|
|
2606
|
+
#
|
|
2607
|
+
# @option params [required, Types::Policy] :configuration_policy
|
|
2608
|
+
# An object that defines how Security Hub is configured. It includes
|
|
2609
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
|
2610
|
+
# security standards, a list of enabled or disabled security controls,
|
|
2611
|
+
# and a list of custom parameter values for specified controls. If you
|
|
2612
|
+
# provide a list of security controls that are enabled in the
|
|
2613
|
+
# configuration policy, Security Hub disables all other controls
|
|
2614
|
+
# (including newly released controls). If you provide a list of security
|
|
2615
|
+
# controls that are disabled in the configuration policy, Security Hub
|
|
2616
|
+
# enables all other controls (including newly released controls).
|
|
2617
|
+
#
|
|
2618
|
+
# @option params [Hash<String,String>] :tags
|
|
2619
|
+
# User-defined tags associated with a configuration policy. For more
|
|
2620
|
+
# information, see [Tagging Security Hub resources][1] in the *Security
|
|
2621
|
+
# Hub user guide*.
|
|
2622
|
+
#
|
|
2623
|
+
#
|
|
2624
|
+
#
|
|
2625
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
|
|
2626
|
+
#
|
|
2627
|
+
# @return [Types::CreateConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
2628
|
+
#
|
|
2629
|
+
# * {Types::CreateConfigurationPolicyResponse#arn #arn} => String
|
|
2630
|
+
# * {Types::CreateConfigurationPolicyResponse#id #id} => String
|
|
2631
|
+
# * {Types::CreateConfigurationPolicyResponse#name #name} => String
|
|
2632
|
+
# * {Types::CreateConfigurationPolicyResponse#description #description} => String
|
|
2633
|
+
# * {Types::CreateConfigurationPolicyResponse#updated_at #updated_at} => Time
|
|
2634
|
+
# * {Types::CreateConfigurationPolicyResponse#created_at #created_at} => Time
|
|
2635
|
+
# * {Types::CreateConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
|
|
2636
|
+
#
|
|
2637
|
+
#
|
|
2638
|
+
# @example Example: To create a configuration policy
|
|
2639
|
+
#
|
|
2640
|
+
# # This operation creates a configuration policy in Security Hub.
|
|
2641
|
+
#
|
|
2642
|
+
# resp = client.create_configuration_policy({
|
|
2643
|
+
# configuration_policy: {
|
|
2644
|
+
# security_hub: {
|
|
2645
|
+
# enabled_standard_identifiers: [
|
|
2646
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
|
2647
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
|
2648
|
+
# ],
|
|
2649
|
+
# security_controls_configuration: {
|
|
2650
|
+
# disabled_security_control_identifiers: [
|
|
2651
|
+
# "CloudWatch.1",
|
|
2652
|
+
# ],
|
|
2653
|
+
# security_control_custom_parameters: [
|
|
2654
|
+
# {
|
|
2655
|
+
# parameters: {
|
|
2656
|
+
# "daysToExpiration" => {
|
|
2657
|
+
# value: {
|
|
2658
|
+
# integer: 14,
|
|
2659
|
+
# },
|
|
2660
|
+
# value_type: "CUSTOM",
|
|
2661
|
+
# },
|
|
2662
|
+
# },
|
|
2663
|
+
# security_control_id: "ACM.1",
|
|
2664
|
+
# },
|
|
2665
|
+
# ],
|
|
2666
|
+
# },
|
|
2667
|
+
# service_enabled: true,
|
|
2668
|
+
# },
|
|
2669
|
+
# },
|
|
2670
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
|
2671
|
+
# name: "TestConfigurationPolicy",
|
|
2672
|
+
# })
|
|
2673
|
+
#
|
|
2674
|
+
# resp.to_h outputs the following:
|
|
2675
|
+
# {
|
|
2676
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
2677
|
+
# configuration_policy: {
|
|
2678
|
+
# security_hub: {
|
|
2679
|
+
# enabled_standard_identifiers: [
|
|
2680
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
|
2681
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
|
2682
|
+
# ],
|
|
2683
|
+
# security_controls_configuration: {
|
|
2684
|
+
# disabled_security_control_identifiers: [
|
|
2685
|
+
# "CloudWatch.1",
|
|
2686
|
+
# ],
|
|
2687
|
+
# security_control_custom_parameters: [
|
|
2688
|
+
# {
|
|
2689
|
+
# parameters: {
|
|
2690
|
+
# "daysToExpiration" => {
|
|
2691
|
+
# value: {
|
|
2692
|
+
# integer: 14,
|
|
2693
|
+
# },
|
|
2694
|
+
# value_type: "CUSTOM",
|
|
2695
|
+
# },
|
|
2696
|
+
# },
|
|
2697
|
+
# security_control_id: "ACM.1",
|
|
2698
|
+
# },
|
|
2699
|
+
# ],
|
|
2700
|
+
# },
|
|
2701
|
+
# service_enabled: true,
|
|
2702
|
+
# },
|
|
2703
|
+
# },
|
|
2704
|
+
# created_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
2705
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
|
2706
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
2707
|
+
# name: "TestConfigurationPolicy",
|
|
2708
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
2709
|
+
# }
|
|
2710
|
+
#
|
|
2711
|
+
# @example Request syntax with placeholder values
|
|
2712
|
+
#
|
|
2713
|
+
# resp = client.create_configuration_policy({
|
|
2714
|
+
# name: "NonEmptyString", # required
|
|
2715
|
+
# description: "NonEmptyString",
|
|
2716
|
+
# configuration_policy: { # required
|
|
2717
|
+
# security_hub: {
|
|
2718
|
+
# service_enabled: false,
|
|
2719
|
+
# enabled_standard_identifiers: ["NonEmptyString"],
|
|
2720
|
+
# security_controls_configuration: {
|
|
2721
|
+
# enabled_security_control_identifiers: ["NonEmptyString"],
|
|
2722
|
+
# disabled_security_control_identifiers: ["NonEmptyString"],
|
|
2723
|
+
# security_control_custom_parameters: [
|
|
2724
|
+
# {
|
|
2725
|
+
# security_control_id: "NonEmptyString",
|
|
2726
|
+
# parameters: {
|
|
2727
|
+
# "NonEmptyString" => {
|
|
2728
|
+
# value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
|
|
2729
|
+
# value: {
|
|
2730
|
+
# integer: 1,
|
|
2731
|
+
# integer_list: [1],
|
|
2732
|
+
# double: 1.0,
|
|
2733
|
+
# string: "NonEmptyString",
|
|
2734
|
+
# string_list: ["NonEmptyString"],
|
|
2735
|
+
# boolean: false,
|
|
2736
|
+
# enum: "NonEmptyString",
|
|
2737
|
+
# enum_list: ["NonEmptyString"],
|
|
2738
|
+
# },
|
|
2739
|
+
# },
|
|
2740
|
+
# },
|
|
2741
|
+
# },
|
|
2742
|
+
# ],
|
|
2743
|
+
# },
|
|
2744
|
+
# },
|
|
2745
|
+
# },
|
|
2746
|
+
# tags: {
|
|
2747
|
+
# "TagKey" => "TagValue",
|
|
2748
|
+
# },
|
|
2749
|
+
# })
|
|
2750
|
+
#
|
|
2751
|
+
# @example Response structure
|
|
2752
|
+
#
|
|
2753
|
+
# resp.arn #=> String
|
|
2754
|
+
# resp.id #=> String
|
|
2755
|
+
# resp.name #=> String
|
|
2756
|
+
# resp.description #=> String
|
|
2757
|
+
# resp.updated_at #=> Time
|
|
2758
|
+
# resp.created_at #=> Time
|
|
2759
|
+
# resp.configuration_policy.security_hub.service_enabled #=> Boolean
|
|
2760
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
|
|
2761
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
|
|
2762
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
|
|
2763
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
|
|
2764
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
|
|
2765
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
|
|
2766
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
|
|
2767
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
|
|
2768
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
|
|
2769
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
|
2770
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
|
|
2771
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
|
2772
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
|
2773
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
|
|
2774
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
|
|
2775
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
|
|
2776
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
|
2777
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
|
2778
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
|
|
2779
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
|
2780
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
|
2781
|
+
#
|
|
2782
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicy AWS API Documentation
|
|
2783
|
+
#
|
|
2784
|
+
# @overload create_configuration_policy(params = {})
|
|
2785
|
+
# @param [Hash] params ({})
|
|
2786
|
+
def create_configuration_policy(params = {}, options = {})
|
|
2787
|
+
req = build_request(:create_configuration_policy, params)
|
|
2788
|
+
req.send_request(options)
|
|
2789
|
+
end
|
|
2790
|
+
|
|
2450
2791
|
# Used to enable finding aggregation. Must be called from the
|
|
2451
2792
|
# aggregation Region.
|
|
2452
2793
|
#
|
|
@@ -3283,6 +3624,24 @@ module Aws::SecurityHub
|
|
|
3283
3624
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
3284
3625
|
# },
|
|
3285
3626
|
# ],
|
|
3627
|
+
# aws_account_name: [
|
|
3628
|
+
# {
|
|
3629
|
+
# value: "NonEmptyString",
|
|
3630
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
3631
|
+
# },
|
|
3632
|
+
# ],
|
|
3633
|
+
# resource_application_name: [
|
|
3634
|
+
# {
|
|
3635
|
+
# value: "NonEmptyString",
|
|
3636
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
3637
|
+
# },
|
|
3638
|
+
# ],
|
|
3639
|
+
# resource_application_arn: [
|
|
3640
|
+
# {
|
|
3641
|
+
# value: "NonEmptyString",
|
|
3642
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
3643
|
+
# },
|
|
3644
|
+
# ],
|
|
3286
3645
|
# },
|
|
3287
3646
|
# group_by_attribute: "NonEmptyString", # required
|
|
3288
3647
|
# })
|
|
@@ -3511,6 +3870,42 @@ module Aws::SecurityHub
|
|
|
3511
3870
|
req.send_request(options)
|
|
3512
3871
|
end
|
|
3513
3872
|
|
|
3873
|
+
# Deletes a configuration policy. Only the Security Hub delegated
|
|
3874
|
+
# administrator can invoke this operation from the home Region. For the
|
|
3875
|
+
# deletion to succeed, you must first disassociate a configuration
|
|
3876
|
+
# policy from target accounts, organizational units, or the root by
|
|
3877
|
+
# invoking the `StartConfigurationPolicyDisassociation` operation.
|
|
3878
|
+
#
|
|
3879
|
+
# @option params [required, String] :identifier
|
|
3880
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
|
3881
|
+
# of the configuration policy.
|
|
3882
|
+
#
|
|
3883
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
3884
|
+
#
|
|
3885
|
+
#
|
|
3886
|
+
# @example Example: To delete a configuration policy
|
|
3887
|
+
#
|
|
3888
|
+
# # This operation deletes the specified configuration policy.
|
|
3889
|
+
#
|
|
3890
|
+
# resp = client.delete_configuration_policy({
|
|
3891
|
+
# identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
3892
|
+
# })
|
|
3893
|
+
#
|
|
3894
|
+
# @example Request syntax with placeholder values
|
|
3895
|
+
#
|
|
3896
|
+
# resp = client.delete_configuration_policy({
|
|
3897
|
+
# identifier: "NonEmptyString", # required
|
|
3898
|
+
# })
|
|
3899
|
+
#
|
|
3900
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicy AWS API Documentation
|
|
3901
|
+
#
|
|
3902
|
+
# @overload delete_configuration_policy(params = {})
|
|
3903
|
+
# @param [Hash] params ({})
|
|
3904
|
+
def delete_configuration_policy(params = {}, options = {})
|
|
3905
|
+
req = build_request(:delete_configuration_policy, params)
|
|
3906
|
+
req.send_request(options)
|
|
3907
|
+
end
|
|
3908
|
+
|
|
3514
3909
|
# Deletes a finding aggregator. When you delete the finding aggregator,
|
|
3515
3910
|
# you stop finding aggregation.
|
|
3516
3911
|
#
|
|
@@ -3830,29 +4225,35 @@ module Aws::SecurityHub
|
|
|
3830
4225
|
req.send_request(options)
|
|
3831
4226
|
end
|
|
3832
4227
|
|
|
3833
|
-
# Returns information about the
|
|
3834
|
-
# Hub.
|
|
4228
|
+
# Returns information about the way your organization is configured in
|
|
4229
|
+
# Security Hub. Only the Security Hub administrator account can invoke
|
|
4230
|
+
# this operation.
|
|
3835
4231
|
#
|
|
3836
4232
|
# @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
3837
4233
|
#
|
|
3838
4234
|
# * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
|
|
3839
4235
|
# * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
|
|
3840
4236
|
# * {Types::DescribeOrganizationConfigurationResponse#auto_enable_standards #auto_enable_standards} => String
|
|
4237
|
+
# * {Types::DescribeOrganizationConfigurationResponse#organization_configuration #organization_configuration} => Types::OrganizationConfiguration
|
|
3841
4238
|
#
|
|
3842
4239
|
#
|
|
3843
|
-
# @example Example: To get information about
|
|
4240
|
+
# @example Example: To get information about organization configuration
|
|
3844
4241
|
#
|
|
3845
|
-
# #
|
|
3846
|
-
# #
|
|
4242
|
+
# # This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub
|
|
4243
|
+
# # administrator account can invoke this operation.
|
|
3847
4244
|
#
|
|
3848
4245
|
# resp = client.describe_organization_configuration({
|
|
3849
4246
|
# })
|
|
3850
4247
|
#
|
|
3851
4248
|
# resp.to_h outputs the following:
|
|
3852
4249
|
# {
|
|
3853
|
-
# auto_enable:
|
|
3854
|
-
# auto_enable_standards: "
|
|
3855
|
-
# member_account_limit_reached:
|
|
4250
|
+
# auto_enable: false,
|
|
4251
|
+
# auto_enable_standards: "NONE",
|
|
4252
|
+
# member_account_limit_reached: false,
|
|
4253
|
+
# organization_configuration: {
|
|
4254
|
+
# configuration_type: "CENTRAL",
|
|
4255
|
+
# status: "ENABLED",
|
|
4256
|
+
# },
|
|
3856
4257
|
# }
|
|
3857
4258
|
#
|
|
3858
4259
|
# @example Response structure
|
|
@@ -3860,6 +4261,9 @@ module Aws::SecurityHub
|
|
|
3860
4261
|
# resp.auto_enable #=> Boolean
|
|
3861
4262
|
# resp.member_account_limit_reached #=> Boolean
|
|
3862
4263
|
# resp.auto_enable_standards #=> String, one of "NONE", "DEFAULT"
|
|
4264
|
+
# resp.organization_configuration.configuration_type #=> String, one of "CENTRAL", "LOCAL"
|
|
4265
|
+
# resp.organization_configuration.status #=> String, one of "PENDING", "ENABLED", "FAILED"
|
|
4266
|
+
# resp.organization_configuration.status_message #=> String
|
|
3863
4267
|
#
|
|
3864
4268
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
|
|
3865
4269
|
#
|
|
@@ -4583,6 +4987,188 @@ module Aws::SecurityHub
|
|
|
4583
4987
|
req.send_request(options)
|
|
4584
4988
|
end
|
|
4585
4989
|
|
|
4990
|
+
# Provides information about a configuration policy. Only the Security
|
|
4991
|
+
# Hub delegated administrator can invoke this operation from the home
|
|
4992
|
+
# Region.
|
|
4993
|
+
#
|
|
4994
|
+
# @option params [required, String] :identifier
|
|
4995
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
|
4996
|
+
# of the configuration policy.
|
|
4997
|
+
#
|
|
4998
|
+
# @return [Types::GetConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
4999
|
+
#
|
|
5000
|
+
# * {Types::GetConfigurationPolicyResponse#arn #arn} => String
|
|
5001
|
+
# * {Types::GetConfigurationPolicyResponse#id #id} => String
|
|
5002
|
+
# * {Types::GetConfigurationPolicyResponse#name #name} => String
|
|
5003
|
+
# * {Types::GetConfigurationPolicyResponse#description #description} => String
|
|
5004
|
+
# * {Types::GetConfigurationPolicyResponse#updated_at #updated_at} => Time
|
|
5005
|
+
# * {Types::GetConfigurationPolicyResponse#created_at #created_at} => Time
|
|
5006
|
+
# * {Types::GetConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
|
|
5007
|
+
#
|
|
5008
|
+
#
|
|
5009
|
+
# @example Example: To get details about a configuration policy
|
|
5010
|
+
#
|
|
5011
|
+
# # This operation provides details about the specified configuration policy.
|
|
5012
|
+
#
|
|
5013
|
+
# resp = client.get_configuration_policy({
|
|
5014
|
+
# identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
5015
|
+
# })
|
|
5016
|
+
#
|
|
5017
|
+
# resp.to_h outputs the following:
|
|
5018
|
+
# {
|
|
5019
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
5020
|
+
# configuration_policy: {
|
|
5021
|
+
# security_hub: {
|
|
5022
|
+
# enabled_standard_identifiers: [
|
|
5023
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
|
5024
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
|
5025
|
+
# ],
|
|
5026
|
+
# security_controls_configuration: {
|
|
5027
|
+
# disabled_security_control_identifiers: [
|
|
5028
|
+
# "CloudWatch.1",
|
|
5029
|
+
# ],
|
|
5030
|
+
# security_control_custom_parameters: [
|
|
5031
|
+
# {
|
|
5032
|
+
# parameters: {
|
|
5033
|
+
# "daysToExpiration" => {
|
|
5034
|
+
# value: {
|
|
5035
|
+
# integer: 14,
|
|
5036
|
+
# },
|
|
5037
|
+
# value_type: "CUSTOM",
|
|
5038
|
+
# },
|
|
5039
|
+
# },
|
|
5040
|
+
# security_control_id: "ACM.1",
|
|
5041
|
+
# },
|
|
5042
|
+
# ],
|
|
5043
|
+
# },
|
|
5044
|
+
# service_enabled: true,
|
|
5045
|
+
# },
|
|
5046
|
+
# },
|
|
5047
|
+
# created_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
5048
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
|
5049
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
5050
|
+
# name: "TestConfigurationPolicy",
|
|
5051
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
5052
|
+
# }
|
|
5053
|
+
#
|
|
5054
|
+
# @example Request syntax with placeholder values
|
|
5055
|
+
#
|
|
5056
|
+
# resp = client.get_configuration_policy({
|
|
5057
|
+
# identifier: "NonEmptyString", # required
|
|
5058
|
+
# })
|
|
5059
|
+
#
|
|
5060
|
+
# @example Response structure
|
|
5061
|
+
#
|
|
5062
|
+
# resp.arn #=> String
|
|
5063
|
+
# resp.id #=> String
|
|
5064
|
+
# resp.name #=> String
|
|
5065
|
+
# resp.description #=> String
|
|
5066
|
+
# resp.updated_at #=> Time
|
|
5067
|
+
# resp.created_at #=> Time
|
|
5068
|
+
# resp.configuration_policy.security_hub.service_enabled #=> Boolean
|
|
5069
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
|
|
5070
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
|
|
5071
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
|
|
5072
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
|
|
5073
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
|
|
5074
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
|
|
5075
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
|
|
5076
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
|
|
5077
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
|
|
5078
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
|
5079
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
|
|
5080
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
|
5081
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
|
5082
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
|
|
5083
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
|
|
5084
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
|
|
5085
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
|
5086
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
|
5087
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
|
|
5088
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
|
5089
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
|
5090
|
+
#
|
|
5091
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicy AWS API Documentation
|
|
5092
|
+
#
|
|
5093
|
+
# @overload get_configuration_policy(params = {})
|
|
5094
|
+
# @param [Hash] params ({})
|
|
5095
|
+
def get_configuration_policy(params = {}, options = {})
|
|
5096
|
+
req = build_request(:get_configuration_policy, params)
|
|
5097
|
+
req.send_request(options)
|
|
5098
|
+
end
|
|
5099
|
+
|
|
5100
|
+
# Returns the association between a configuration and a target account,
|
|
5101
|
+
# organizational unit, or the root. The configuration can be a
|
|
5102
|
+
# configuration policy or self-managed behavior. Only the Security Hub
|
|
5103
|
+
# delegated administrator can invoke this operation from the home
|
|
5104
|
+
# Region.
|
|
5105
|
+
#
|
|
5106
|
+
# @option params [required, Types::Target] :target
|
|
5107
|
+
# The target account ID, organizational unit ID, or the root ID to
|
|
5108
|
+
# retrieve the association for.
|
|
5109
|
+
#
|
|
5110
|
+
# @return [Types::GetConfigurationPolicyAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
5111
|
+
#
|
|
5112
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#configuration_policy_id #configuration_policy_id} => String
|
|
5113
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#target_id #target_id} => String
|
|
5114
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#target_type #target_type} => String
|
|
5115
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#association_type #association_type} => String
|
|
5116
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#updated_at #updated_at} => Time
|
|
5117
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#association_status #association_status} => String
|
|
5118
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#association_status_message #association_status_message} => String
|
|
5119
|
+
#
|
|
5120
|
+
#
|
|
5121
|
+
# @example Example: To get details about a configuration association
|
|
5122
|
+
#
|
|
5123
|
+
# # This operation provides details about configuration associations for a specific target account, organizational unit, or
|
|
5124
|
+
# # the root.
|
|
5125
|
+
#
|
|
5126
|
+
# resp = client.get_configuration_policy_association({
|
|
5127
|
+
# target: {
|
|
5128
|
+
# account_id: "111122223333",
|
|
5129
|
+
# },
|
|
5130
|
+
# })
|
|
5131
|
+
#
|
|
5132
|
+
# resp.to_h outputs the following:
|
|
5133
|
+
# {
|
|
5134
|
+
# association_status: "FAILED",
|
|
5135
|
+
# association_status_message: "Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn\u2019t be applied to account 111122223333 in us-east-1 Region. Retry your request.",
|
|
5136
|
+
# association_type: "INHERITED",
|
|
5137
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
5138
|
+
# target_id: "111122223333",
|
|
5139
|
+
# target_type: "ACCOUNT",
|
|
5140
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
5141
|
+
# }
|
|
5142
|
+
#
|
|
5143
|
+
# @example Request syntax with placeholder values
|
|
5144
|
+
#
|
|
5145
|
+
# resp = client.get_configuration_policy_association({
|
|
5146
|
+
# target: { # required
|
|
5147
|
+
# account_id: "NonEmptyString",
|
|
5148
|
+
# organizational_unit_id: "NonEmptyString",
|
|
5149
|
+
# root_id: "NonEmptyString",
|
|
5150
|
+
# },
|
|
5151
|
+
# })
|
|
5152
|
+
#
|
|
5153
|
+
# @example Response structure
|
|
5154
|
+
#
|
|
5155
|
+
# resp.configuration_policy_id #=> String
|
|
5156
|
+
# resp.target_id #=> String
|
|
5157
|
+
# resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
|
5158
|
+
# resp.association_type #=> String, one of "INHERITED", "APPLIED"
|
|
5159
|
+
# resp.updated_at #=> Time
|
|
5160
|
+
# resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
|
5161
|
+
# resp.association_status_message #=> String
|
|
5162
|
+
#
|
|
5163
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociation AWS API Documentation
|
|
5164
|
+
#
|
|
5165
|
+
# @overload get_configuration_policy_association(params = {})
|
|
5166
|
+
# @param [Hash] params ({})
|
|
5167
|
+
def get_configuration_policy_association(params = {}, options = {})
|
|
5168
|
+
req = build_request(:get_configuration_policy_association, params)
|
|
5169
|
+
req.send_request(options)
|
|
5170
|
+
end
|
|
5171
|
+
|
|
4586
5172
|
# Returns a list of the standards that are currently enabled.
|
|
4587
5173
|
#
|
|
4588
5174
|
# @option params [Array<String>] :standards_subscription_arns
|
|
@@ -5695,6 +6281,24 @@ module Aws::SecurityHub
|
|
|
5695
6281
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
5696
6282
|
# },
|
|
5697
6283
|
# ],
|
|
6284
|
+
# aws_account_name: [
|
|
6285
|
+
# {
|
|
6286
|
+
# value: "NonEmptyString",
|
|
6287
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
6288
|
+
# },
|
|
6289
|
+
# ],
|
|
6290
|
+
# resource_application_name: [
|
|
6291
|
+
# {
|
|
6292
|
+
# value: "NonEmptyString",
|
|
6293
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
6294
|
+
# },
|
|
6295
|
+
# ],
|
|
6296
|
+
# resource_application_arn: [
|
|
6297
|
+
# {
|
|
6298
|
+
# value: "NonEmptyString",
|
|
6299
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
6300
|
+
# },
|
|
6301
|
+
# ],
|
|
5698
6302
|
# },
|
|
5699
6303
|
# sort_criteria: [
|
|
5700
6304
|
# {
|
|
@@ -6200,6 +6804,15 @@ module Aws::SecurityHub
|
|
|
6200
6804
|
# resp.insights[0].filters.compliance_security_control_parameters_value #=> Array
|
|
6201
6805
|
# resp.insights[0].filters.compliance_security_control_parameters_value[0].value #=> String
|
|
6202
6806
|
# resp.insights[0].filters.compliance_security_control_parameters_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
6807
|
+
# resp.insights[0].filters.aws_account_name #=> Array
|
|
6808
|
+
# resp.insights[0].filters.aws_account_name[0].value #=> String
|
|
6809
|
+
# resp.insights[0].filters.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
6810
|
+
# resp.insights[0].filters.resource_application_name #=> Array
|
|
6811
|
+
# resp.insights[0].filters.resource_application_name[0].value #=> String
|
|
6812
|
+
# resp.insights[0].filters.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
6813
|
+
# resp.insights[0].filters.resource_application_arn #=> Array
|
|
6814
|
+
# resp.insights[0].filters.resource_application_arn[0].value #=> String
|
|
6815
|
+
# resp.insights[0].filters.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
|
6203
6816
|
# resp.insights[0].group_by_attribute #=> String
|
|
6204
6817
|
# resp.next_token #=> String
|
|
6205
6818
|
#
|
|
@@ -6617,6 +7230,185 @@ module Aws::SecurityHub
|
|
|
6617
7230
|
req.send_request(options)
|
|
6618
7231
|
end
|
|
6619
7232
|
|
|
7233
|
+
# Lists the configuration policies that the Security Hub delegated
|
|
7234
|
+
# administrator has created for your organization. Only the delegated
|
|
7235
|
+
# administrator can invoke this operation from the home Region.
|
|
7236
|
+
#
|
|
7237
|
+
# @option params [String] :next_token
|
|
7238
|
+
# The NextToken value that's returned from a previous paginated
|
|
7239
|
+
# `ListConfigurationPolicies` request where `MaxResults` was used but
|
|
7240
|
+
# the results exceeded the value of that parameter. Pagination continues
|
|
7241
|
+
# from the `MaxResults` was used but the results exceeded the value of
|
|
7242
|
+
# that parameter. Pagination continues from the end of the previous
|
|
7243
|
+
# response that returned the `NextToken` value. This value is `null`
|
|
7244
|
+
# when there are no more results to return.
|
|
7245
|
+
#
|
|
7246
|
+
# @option params [Integer] :max_results
|
|
7247
|
+
# The maximum number of results that's returned by
|
|
7248
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
|
7249
|
+
# parameter is used, `ListConfigurationPolicies` returns the specified
|
|
7250
|
+
# number of results in a single page and a `NextToken` response element.
|
|
7251
|
+
# You can see the remaining results of the initial request by sending
|
|
7252
|
+
# another `ListConfigurationPolicies` request with the returned
|
|
7253
|
+
# `NextToken` value. A valid range for `MaxResults` is between 1 and
|
|
7254
|
+
# 100.
|
|
7255
|
+
#
|
|
7256
|
+
# @return [Types::ListConfigurationPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7257
|
+
#
|
|
7258
|
+
# * {Types::ListConfigurationPoliciesResponse#configuration_policy_summaries #configuration_policy_summaries} => Array<Types::ConfigurationPolicySummary>
|
|
7259
|
+
# * {Types::ListConfigurationPoliciesResponse#next_token #next_token} => String
|
|
7260
|
+
#
|
|
7261
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
|
7262
|
+
#
|
|
7263
|
+
#
|
|
7264
|
+
# @example Example: To view a list of configuration policies
|
|
7265
|
+
#
|
|
7266
|
+
# # This operation provides a list of your configuration policies, including metadata for each policy.
|
|
7267
|
+
#
|
|
7268
|
+
# resp = client.list_configuration_policies({
|
|
7269
|
+
# max_results: 1,
|
|
7270
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf",
|
|
7271
|
+
# })
|
|
7272
|
+
#
|
|
7273
|
+
# resp.to_h outputs the following:
|
|
7274
|
+
# {
|
|
7275
|
+
# configuration_policy_summaries: [
|
|
7276
|
+
# {
|
|
7277
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
7278
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
|
7279
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
7280
|
+
# name: "TestConfigurationPolicy",
|
|
7281
|
+
# service_enabled: true,
|
|
7282
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
7283
|
+
# },
|
|
7284
|
+
# ],
|
|
7285
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef",
|
|
7286
|
+
# }
|
|
7287
|
+
#
|
|
7288
|
+
# @example Request syntax with placeholder values
|
|
7289
|
+
#
|
|
7290
|
+
# resp = client.list_configuration_policies({
|
|
7291
|
+
# next_token: "NextToken",
|
|
7292
|
+
# max_results: 1,
|
|
7293
|
+
# })
|
|
7294
|
+
#
|
|
7295
|
+
# @example Response structure
|
|
7296
|
+
#
|
|
7297
|
+
# resp.configuration_policy_summaries #=> Array
|
|
7298
|
+
# resp.configuration_policy_summaries[0].arn #=> String
|
|
7299
|
+
# resp.configuration_policy_summaries[0].id #=> String
|
|
7300
|
+
# resp.configuration_policy_summaries[0].name #=> String
|
|
7301
|
+
# resp.configuration_policy_summaries[0].description #=> String
|
|
7302
|
+
# resp.configuration_policy_summaries[0].updated_at #=> Time
|
|
7303
|
+
# resp.configuration_policy_summaries[0].service_enabled #=> Boolean
|
|
7304
|
+
# resp.next_token #=> String
|
|
7305
|
+
#
|
|
7306
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicies AWS API Documentation
|
|
7307
|
+
#
|
|
7308
|
+
# @overload list_configuration_policies(params = {})
|
|
7309
|
+
# @param [Hash] params ({})
|
|
7310
|
+
def list_configuration_policies(params = {}, options = {})
|
|
7311
|
+
req = build_request(:list_configuration_policies, params)
|
|
7312
|
+
req.send_request(options)
|
|
7313
|
+
end
|
|
7314
|
+
|
|
7315
|
+
# Provides information about the associations for your configuration
|
|
7316
|
+
# policies and self-managed behavior. Only the Security Hub delegated
|
|
7317
|
+
# administrator can invoke this operation from the home Region.
|
|
7318
|
+
#
|
|
7319
|
+
# @option params [String] :next_token
|
|
7320
|
+
# The `NextToken` value that's returned from a previous paginated
|
|
7321
|
+
# `ListConfigurationPolicyAssociations` request where `MaxResults` was
|
|
7322
|
+
# used but the results exceeded the value of that parameter. Pagination
|
|
7323
|
+
# continues from the end of the previous response that returned the
|
|
7324
|
+
# `NextToken` value. This value is `null` when there are no more results
|
|
7325
|
+
# to return.
|
|
7326
|
+
#
|
|
7327
|
+
# @option params [Integer] :max_results
|
|
7328
|
+
# The maximum number of results that's returned by
|
|
7329
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
|
7330
|
+
# parameter is used, `ListConfigurationPolicyAssociations` returns the
|
|
7331
|
+
# specified number of results in a single page and a `NextToken`
|
|
7332
|
+
# response element. You can see the remaining results of the initial
|
|
7333
|
+
# request by sending another `ListConfigurationPolicyAssociations`
|
|
7334
|
+
# request with the returned `NextToken` value. A valid range for
|
|
7335
|
+
# `MaxResults` is between 1 and 100.
|
|
7336
|
+
#
|
|
7337
|
+
# @option params [Types::AssociationFilters] :filters
|
|
7338
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
|
7339
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
|
7340
|
+
# universally unique identifier (UUID) of a configuration,
|
|
7341
|
+
# `AssociationType`, or `AssociationStatus`.
|
|
7342
|
+
#
|
|
7343
|
+
# @return [Types::ListConfigurationPolicyAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
7344
|
+
#
|
|
7345
|
+
# * {Types::ListConfigurationPolicyAssociationsResponse#configuration_policy_association_summaries #configuration_policy_association_summaries} => Array<Types::ConfigurationPolicyAssociationSummary>
|
|
7346
|
+
# * {Types::ListConfigurationPolicyAssociationsResponse#next_token #next_token} => String
|
|
7347
|
+
#
|
|
7348
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
|
7349
|
+
#
|
|
7350
|
+
#
|
|
7351
|
+
# @example Example: To list configuration associations
|
|
7352
|
+
#
|
|
7353
|
+
# # This operation lists all of the associations between targets and configuration policies or self-managed behavior.
|
|
7354
|
+
# # Targets can include accounts, organizational units, or the root.
|
|
7355
|
+
#
|
|
7356
|
+
# resp = client.list_configuration_policy_associations({
|
|
7357
|
+
# filters: {
|
|
7358
|
+
# association_type: "APPLIED",
|
|
7359
|
+
# },
|
|
7360
|
+
# max_results: 1,
|
|
7361
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf",
|
|
7362
|
+
# })
|
|
7363
|
+
#
|
|
7364
|
+
# resp.to_h outputs the following:
|
|
7365
|
+
# {
|
|
7366
|
+
# configuration_policy_association_summaries: [
|
|
7367
|
+
# {
|
|
7368
|
+
# association_status: "PENDING",
|
|
7369
|
+
# association_type: "APPLIED",
|
|
7370
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
7371
|
+
# target_id: "123456789012",
|
|
7372
|
+
# target_type: "ACCOUNT",
|
|
7373
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
7374
|
+
# },
|
|
7375
|
+
# ],
|
|
7376
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef",
|
|
7377
|
+
# }
|
|
7378
|
+
#
|
|
7379
|
+
# @example Request syntax with placeholder values
|
|
7380
|
+
#
|
|
7381
|
+
# resp = client.list_configuration_policy_associations({
|
|
7382
|
+
# next_token: "NextToken",
|
|
7383
|
+
# max_results: 1,
|
|
7384
|
+
# filters: {
|
|
7385
|
+
# configuration_policy_id: "NonEmptyString",
|
|
7386
|
+
# association_type: "INHERITED", # accepts INHERITED, APPLIED
|
|
7387
|
+
# association_status: "PENDING", # accepts PENDING, SUCCESS, FAILED
|
|
7388
|
+
# },
|
|
7389
|
+
# })
|
|
7390
|
+
#
|
|
7391
|
+
# @example Response structure
|
|
7392
|
+
#
|
|
7393
|
+
# resp.configuration_policy_association_summaries #=> Array
|
|
7394
|
+
# resp.configuration_policy_association_summaries[0].configuration_policy_id #=> String
|
|
7395
|
+
# resp.configuration_policy_association_summaries[0].target_id #=> String
|
|
7396
|
+
# resp.configuration_policy_association_summaries[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
|
7397
|
+
# resp.configuration_policy_association_summaries[0].association_type #=> String, one of "INHERITED", "APPLIED"
|
|
7398
|
+
# resp.configuration_policy_association_summaries[0].updated_at #=> Time
|
|
7399
|
+
# resp.configuration_policy_association_summaries[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
|
7400
|
+
# resp.configuration_policy_association_summaries[0].association_status_message #=> String
|
|
7401
|
+
# resp.next_token #=> String
|
|
7402
|
+
#
|
|
7403
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociations AWS API Documentation
|
|
7404
|
+
#
|
|
7405
|
+
# @overload list_configuration_policy_associations(params = {})
|
|
7406
|
+
# @param [Hash] params ({})
|
|
7407
|
+
def list_configuration_policy_associations(params = {}, options = {})
|
|
7408
|
+
req = build_request(:list_configuration_policy_associations, params)
|
|
7409
|
+
req.send_request(options)
|
|
7410
|
+
end
|
|
7411
|
+
|
|
6620
7412
|
# Lists all findings-generating solutions (products) that you are
|
|
6621
7413
|
# subscribed to receive findings from in Security Hub.
|
|
6622
7414
|
#
|
|
@@ -7251,6 +8043,136 @@ module Aws::SecurityHub
|
|
|
7251
8043
|
req.send_request(options)
|
|
7252
8044
|
end
|
|
7253
8045
|
|
|
8046
|
+
# Associates a target account, organizational unit, or the root with a
|
|
8047
|
+
# specified configuration. The target can be associated with a
|
|
8048
|
+
# configuration policy or self-managed behavior. Only the Security Hub
|
|
8049
|
+
# delegated administrator can invoke this operation from the home
|
|
8050
|
+
# Region.
|
|
8051
|
+
#
|
|
8052
|
+
# @option params [required, String] :configuration_policy_identifier
|
|
8053
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
|
8054
|
+
# of the configuration policy.
|
|
8055
|
+
#
|
|
8056
|
+
# @option params [required, Types::Target] :target
|
|
8057
|
+
# The identifier of the target account, organizational unit, or the root
|
|
8058
|
+
# to associate with the specified configuration.
|
|
8059
|
+
#
|
|
8060
|
+
# @return [Types::StartConfigurationPolicyAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
8061
|
+
#
|
|
8062
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#configuration_policy_id #configuration_policy_id} => String
|
|
8063
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#target_id #target_id} => String
|
|
8064
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#target_type #target_type} => String
|
|
8065
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#association_type #association_type} => String
|
|
8066
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#updated_at #updated_at} => Time
|
|
8067
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#association_status #association_status} => String
|
|
8068
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#association_status_message #association_status_message} => String
|
|
8069
|
+
#
|
|
8070
|
+
#
|
|
8071
|
+
# @example Example: To associate a configuration with a target
|
|
8072
|
+
#
|
|
8073
|
+
# # This operation associates a configuration policy or self-managed behavior with the target account, organizational unit,
|
|
8074
|
+
# # or the root.
|
|
8075
|
+
#
|
|
8076
|
+
# resp = client.start_configuration_policy_association({
|
|
8077
|
+
# configuration_policy_identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
8078
|
+
# target: {
|
|
8079
|
+
# account_id: "111122223333",
|
|
8080
|
+
# },
|
|
8081
|
+
# })
|
|
8082
|
+
#
|
|
8083
|
+
# resp.to_h outputs the following:
|
|
8084
|
+
# {
|
|
8085
|
+
# association_status: "SUCCESS",
|
|
8086
|
+
# association_status_message: "This field is populated only if the association fails",
|
|
8087
|
+
# association_type: "APPLIED",
|
|
8088
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
8089
|
+
# target_id: "111122223333",
|
|
8090
|
+
# target_type: "ACCOUNT",
|
|
8091
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
8092
|
+
# }
|
|
8093
|
+
#
|
|
8094
|
+
# @example Request syntax with placeholder values
|
|
8095
|
+
#
|
|
8096
|
+
# resp = client.start_configuration_policy_association({
|
|
8097
|
+
# configuration_policy_identifier: "NonEmptyString", # required
|
|
8098
|
+
# target: { # required
|
|
8099
|
+
# account_id: "NonEmptyString",
|
|
8100
|
+
# organizational_unit_id: "NonEmptyString",
|
|
8101
|
+
# root_id: "NonEmptyString",
|
|
8102
|
+
# },
|
|
8103
|
+
# })
|
|
8104
|
+
#
|
|
8105
|
+
# @example Response structure
|
|
8106
|
+
#
|
|
8107
|
+
# resp.configuration_policy_id #=> String
|
|
8108
|
+
# resp.target_id #=> String
|
|
8109
|
+
# resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
|
8110
|
+
# resp.association_type #=> String, one of "INHERITED", "APPLIED"
|
|
8111
|
+
# resp.updated_at #=> Time
|
|
8112
|
+
# resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
|
8113
|
+
# resp.association_status_message #=> String
|
|
8114
|
+
#
|
|
8115
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociation AWS API Documentation
|
|
8116
|
+
#
|
|
8117
|
+
# @overload start_configuration_policy_association(params = {})
|
|
8118
|
+
# @param [Hash] params ({})
|
|
8119
|
+
def start_configuration_policy_association(params = {}, options = {})
|
|
8120
|
+
req = build_request(:start_configuration_policy_association, params)
|
|
8121
|
+
req.send_request(options)
|
|
8122
|
+
end
|
|
8123
|
+
|
|
8124
|
+
# Disassociates a target account, organizational unit, or the root from
|
|
8125
|
+
# a specified configuration. When you disassociate a configuration from
|
|
8126
|
+
# its target, the target inherits the configuration of the closest
|
|
8127
|
+
# parent. If there’s no configuration to inherit, the target retains its
|
|
8128
|
+
# settings but becomes a self-managed account. A target can be
|
|
8129
|
+
# disassociated from a configuration policy or self-managed behavior.
|
|
8130
|
+
# Only the Security Hub delegated administrator can invoke this
|
|
8131
|
+
# operation from the home Region.
|
|
8132
|
+
#
|
|
8133
|
+
# @option params [Types::Target] :target
|
|
8134
|
+
# The identifier of the target account, organizational unit, or the root
|
|
8135
|
+
# to disassociate from the specified configuration.
|
|
8136
|
+
#
|
|
8137
|
+
# @option params [required, String] :configuration_policy_identifier
|
|
8138
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
|
8139
|
+
# of the configuration policy.
|
|
8140
|
+
#
|
|
8141
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
8142
|
+
#
|
|
8143
|
+
#
|
|
8144
|
+
# @example Example: To disassociate a configuration from a target
|
|
8145
|
+
#
|
|
8146
|
+
# # This operation disassociates a configuration policy or self-managed behavior from the target account, organizational
|
|
8147
|
+
# # unit, or the root.
|
|
8148
|
+
#
|
|
8149
|
+
# resp = client.start_configuration_policy_disassociation({
|
|
8150
|
+
# configuration_policy_identifier: "SELF_MANAGED_SECURITY_HUB",
|
|
8151
|
+
# target: {
|
|
8152
|
+
# root_id: "r-f6g7h8i9j0example",
|
|
8153
|
+
# },
|
|
8154
|
+
# })
|
|
8155
|
+
#
|
|
8156
|
+
# @example Request syntax with placeholder values
|
|
8157
|
+
#
|
|
8158
|
+
# resp = client.start_configuration_policy_disassociation({
|
|
8159
|
+
# target: {
|
|
8160
|
+
# account_id: "NonEmptyString",
|
|
8161
|
+
# organizational_unit_id: "NonEmptyString",
|
|
8162
|
+
# root_id: "NonEmptyString",
|
|
8163
|
+
# },
|
|
8164
|
+
# configuration_policy_identifier: "NonEmptyString", # required
|
|
8165
|
+
# })
|
|
8166
|
+
#
|
|
8167
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociation AWS API Documentation
|
|
8168
|
+
#
|
|
8169
|
+
# @overload start_configuration_policy_disassociation(params = {})
|
|
8170
|
+
# @param [Hash] params ({})
|
|
8171
|
+
def start_configuration_policy_disassociation(params = {}, options = {})
|
|
8172
|
+
req = build_request(:start_configuration_policy_disassociation, params)
|
|
8173
|
+
req.send_request(options)
|
|
8174
|
+
end
|
|
8175
|
+
|
|
7254
8176
|
# Adds one or more tags to a resource.
|
|
7255
8177
|
#
|
|
7256
8178
|
# @option params [required, String] :resource_arn
|
|
@@ -7376,6 +8298,205 @@ module Aws::SecurityHub
|
|
|
7376
8298
|
req.send_request(options)
|
|
7377
8299
|
end
|
|
7378
8300
|
|
|
8301
|
+
# Updates a configuration policy. Only the Security Hub delegated
|
|
8302
|
+
# administrator can invoke this operation from the home Region.
|
|
8303
|
+
#
|
|
8304
|
+
# @option params [required, String] :identifier
|
|
8305
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
|
8306
|
+
# of the configuration policy.
|
|
8307
|
+
#
|
|
8308
|
+
# @option params [String] :name
|
|
8309
|
+
# The name of the configuration policy.
|
|
8310
|
+
#
|
|
8311
|
+
# @option params [String] :description
|
|
8312
|
+
# The description of the configuration policy.
|
|
8313
|
+
#
|
|
8314
|
+
# @option params [String] :updated_reason
|
|
8315
|
+
# The reason for updating the configuration policy.
|
|
8316
|
+
#
|
|
8317
|
+
# @option params [Types::Policy] :configuration_policy
|
|
8318
|
+
# An object that defines how Security Hub is configured. It includes
|
|
8319
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
|
8320
|
+
# security standards, a list of enabled or disabled security controls,
|
|
8321
|
+
# and a list of custom parameter values for specified controls. If you
|
|
8322
|
+
# provide a list of security controls that are enabled in the
|
|
8323
|
+
# configuration policy, Security Hub disables all other controls
|
|
8324
|
+
# (including newly released controls). If you provide a list of security
|
|
8325
|
+
# controls that are disabled in the configuration policy, Security Hub
|
|
8326
|
+
# enables all other controls (including newly released controls).
|
|
8327
|
+
#
|
|
8328
|
+
# When updating a configuration policy, provide a complete list of
|
|
8329
|
+
# standards that you want to enable and a complete list of controls that
|
|
8330
|
+
# you want to enable or disable. The updated configuration replaces the
|
|
8331
|
+
# current configuration.
|
|
8332
|
+
#
|
|
8333
|
+
# @return [Types::UpdateConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
8334
|
+
#
|
|
8335
|
+
# * {Types::UpdateConfigurationPolicyResponse#arn #arn} => String
|
|
8336
|
+
# * {Types::UpdateConfigurationPolicyResponse#id #id} => String
|
|
8337
|
+
# * {Types::UpdateConfigurationPolicyResponse#name #name} => String
|
|
8338
|
+
# * {Types::UpdateConfigurationPolicyResponse#description #description} => String
|
|
8339
|
+
# * {Types::UpdateConfigurationPolicyResponse#updated_at #updated_at} => Time
|
|
8340
|
+
# * {Types::UpdateConfigurationPolicyResponse#created_at #created_at} => Time
|
|
8341
|
+
# * {Types::UpdateConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
|
|
8342
|
+
#
|
|
8343
|
+
#
|
|
8344
|
+
# @example Example: To update a configuration policy
|
|
8345
|
+
#
|
|
8346
|
+
# # This operation updates the specified configuration policy.
|
|
8347
|
+
#
|
|
8348
|
+
# resp = client.update_configuration_policy({
|
|
8349
|
+
# configuration_policy: {
|
|
8350
|
+
# security_hub: {
|
|
8351
|
+
# enabled_standard_identifiers: [
|
|
8352
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
|
8353
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
|
8354
|
+
# ],
|
|
8355
|
+
# security_controls_configuration: {
|
|
8356
|
+
# disabled_security_control_identifiers: [
|
|
8357
|
+
# "CloudWatch.1",
|
|
8358
|
+
# "CloudWatch.2",
|
|
8359
|
+
# ],
|
|
8360
|
+
# security_control_custom_parameters: [
|
|
8361
|
+
# {
|
|
8362
|
+
# parameters: {
|
|
8363
|
+
# "daysToExpiration" => {
|
|
8364
|
+
# value: {
|
|
8365
|
+
# integer: 21,
|
|
8366
|
+
# },
|
|
8367
|
+
# value_type: "CUSTOM",
|
|
8368
|
+
# },
|
|
8369
|
+
# },
|
|
8370
|
+
# security_control_id: "ACM.1",
|
|
8371
|
+
# },
|
|
8372
|
+
# ],
|
|
8373
|
+
# },
|
|
8374
|
+
# service_enabled: true,
|
|
8375
|
+
# },
|
|
8376
|
+
# },
|
|
8377
|
+
# description: "Updated configuration policy for testing FSBP and CIS",
|
|
8378
|
+
# identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
8379
|
+
# name: "TestConfigurationPolicy",
|
|
8380
|
+
# updated_reason: "Enabling ACM.2",
|
|
8381
|
+
# })
|
|
8382
|
+
#
|
|
8383
|
+
# resp.to_h outputs the following:
|
|
8384
|
+
# {
|
|
8385
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
8386
|
+
# configuration_policy: {
|
|
8387
|
+
# security_hub: {
|
|
8388
|
+
# enabled_standard_identifiers: [
|
|
8389
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
|
8390
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
|
8391
|
+
# ],
|
|
8392
|
+
# security_controls_configuration: {
|
|
8393
|
+
# disabled_security_control_identifiers: [
|
|
8394
|
+
# "CloudWatch.1",
|
|
8395
|
+
# "CloudWatch.2",
|
|
8396
|
+
# ],
|
|
8397
|
+
# security_control_custom_parameters: [
|
|
8398
|
+
# {
|
|
8399
|
+
# parameters: {
|
|
8400
|
+
# "daysToExpiration" => {
|
|
8401
|
+
# value: {
|
|
8402
|
+
# integer: 21,
|
|
8403
|
+
# },
|
|
8404
|
+
# value_type: "CUSTOM",
|
|
8405
|
+
# },
|
|
8406
|
+
# },
|
|
8407
|
+
# security_control_id: "ACM.1",
|
|
8408
|
+
# },
|
|
8409
|
+
# ],
|
|
8410
|
+
# },
|
|
8411
|
+
# service_enabled: true,
|
|
8412
|
+
# },
|
|
8413
|
+
# },
|
|
8414
|
+
# created_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
|
8415
|
+
# description: "Updated configuration policy for testing FSBP and CIS",
|
|
8416
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
|
8417
|
+
# name: "TestConfigurationPolicy",
|
|
8418
|
+
# updated_at: Time.parse("2023-01-12T06:17:17.154Z"),
|
|
8419
|
+
# }
|
|
8420
|
+
#
|
|
8421
|
+
# @example Request syntax with placeholder values
|
|
8422
|
+
#
|
|
8423
|
+
# resp = client.update_configuration_policy({
|
|
8424
|
+
# identifier: "NonEmptyString", # required
|
|
8425
|
+
# name: "NonEmptyString",
|
|
8426
|
+
# description: "NonEmptyString",
|
|
8427
|
+
# updated_reason: "NonEmptyString",
|
|
8428
|
+
# configuration_policy: {
|
|
8429
|
+
# security_hub: {
|
|
8430
|
+
# service_enabled: false,
|
|
8431
|
+
# enabled_standard_identifiers: ["NonEmptyString"],
|
|
8432
|
+
# security_controls_configuration: {
|
|
8433
|
+
# enabled_security_control_identifiers: ["NonEmptyString"],
|
|
8434
|
+
# disabled_security_control_identifiers: ["NonEmptyString"],
|
|
8435
|
+
# security_control_custom_parameters: [
|
|
8436
|
+
# {
|
|
8437
|
+
# security_control_id: "NonEmptyString",
|
|
8438
|
+
# parameters: {
|
|
8439
|
+
# "NonEmptyString" => {
|
|
8440
|
+
# value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
|
|
8441
|
+
# value: {
|
|
8442
|
+
# integer: 1,
|
|
8443
|
+
# integer_list: [1],
|
|
8444
|
+
# double: 1.0,
|
|
8445
|
+
# string: "NonEmptyString",
|
|
8446
|
+
# string_list: ["NonEmptyString"],
|
|
8447
|
+
# boolean: false,
|
|
8448
|
+
# enum: "NonEmptyString",
|
|
8449
|
+
# enum_list: ["NonEmptyString"],
|
|
8450
|
+
# },
|
|
8451
|
+
# },
|
|
8452
|
+
# },
|
|
8453
|
+
# },
|
|
8454
|
+
# ],
|
|
8455
|
+
# },
|
|
8456
|
+
# },
|
|
8457
|
+
# },
|
|
8458
|
+
# })
|
|
8459
|
+
#
|
|
8460
|
+
# @example Response structure
|
|
8461
|
+
#
|
|
8462
|
+
# resp.arn #=> String
|
|
8463
|
+
# resp.id #=> String
|
|
8464
|
+
# resp.name #=> String
|
|
8465
|
+
# resp.description #=> String
|
|
8466
|
+
# resp.updated_at #=> Time
|
|
8467
|
+
# resp.created_at #=> Time
|
|
8468
|
+
# resp.configuration_policy.security_hub.service_enabled #=> Boolean
|
|
8469
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
|
|
8470
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
|
|
8471
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
|
|
8472
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
|
|
8473
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
|
|
8474
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
|
|
8475
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
|
|
8476
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
|
|
8477
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
|
|
8478
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
|
8479
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
|
|
8480
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
|
8481
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
|
8482
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
|
|
8483
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
|
|
8484
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
|
|
8485
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
|
8486
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
|
8487
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
|
|
8488
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
|
8489
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
|
8490
|
+
#
|
|
8491
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicy AWS API Documentation
|
|
8492
|
+
#
|
|
8493
|
+
# @overload update_configuration_policy(params = {})
|
|
8494
|
+
# @param [Hash] params ({})
|
|
8495
|
+
def update_configuration_policy(params = {}, options = {})
|
|
8496
|
+
req = build_request(:update_configuration_policy, params)
|
|
8497
|
+
req.send_request(options)
|
|
8498
|
+
end
|
|
8499
|
+
|
|
7379
8500
|
# Updates the finding aggregation configuration. Used to update the
|
|
7380
8501
|
# Region linking mode and the list of included or excluded Regions. You
|
|
7381
8502
|
# cannot use `UpdateFindingAggregator` to change the aggregation Region.
|
|
@@ -8180,6 +9301,24 @@ module Aws::SecurityHub
|
|
|
8180
9301
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
8181
9302
|
# },
|
|
8182
9303
|
# ],
|
|
9304
|
+
# aws_account_name: [
|
|
9305
|
+
# {
|
|
9306
|
+
# value: "NonEmptyString",
|
|
9307
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
9308
|
+
# },
|
|
9309
|
+
# ],
|
|
9310
|
+
# resource_application_name: [
|
|
9311
|
+
# {
|
|
9312
|
+
# value: "NonEmptyString",
|
|
9313
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
9314
|
+
# },
|
|
9315
|
+
# ],
|
|
9316
|
+
# resource_application_arn: [
|
|
9317
|
+
# {
|
|
9318
|
+
# value: "NonEmptyString",
|
|
9319
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
9320
|
+
# },
|
|
9321
|
+
# ],
|
|
8183
9322
|
# },
|
|
8184
9323
|
# note: {
|
|
8185
9324
|
# text: "NonEmptyString", # required
|
|
@@ -8920,6 +10059,24 @@ module Aws::SecurityHub
|
|
|
8920
10059
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
8921
10060
|
# },
|
|
8922
10061
|
# ],
|
|
10062
|
+
# aws_account_name: [
|
|
10063
|
+
# {
|
|
10064
|
+
# value: "NonEmptyString",
|
|
10065
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
10066
|
+
# },
|
|
10067
|
+
# ],
|
|
10068
|
+
# resource_application_name: [
|
|
10069
|
+
# {
|
|
10070
|
+
# value: "NonEmptyString",
|
|
10071
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
10072
|
+
# },
|
|
10073
|
+
# ],
|
|
10074
|
+
# resource_application_arn: [
|
|
10075
|
+
# {
|
|
10076
|
+
# value: "NonEmptyString",
|
|
10077
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
|
10078
|
+
# },
|
|
10079
|
+
# ],
|
|
8923
10080
|
# },
|
|
8924
10081
|
# group_by_attribute: "NonEmptyString",
|
|
8925
10082
|
# })
|
|
@@ -8933,44 +10090,63 @@ module Aws::SecurityHub
|
|
|
8933
10090
|
req.send_request(options)
|
|
8934
10091
|
end
|
|
8935
10092
|
|
|
8936
|
-
#
|
|
8937
|
-
#
|
|
10093
|
+
# Updates the configuration of your organization in Security Hub. Only
|
|
10094
|
+
# the Security Hub administrator account can invoke this operation.
|
|
8938
10095
|
#
|
|
8939
10096
|
# @option params [required, Boolean] :auto_enable
|
|
8940
|
-
# Whether to automatically enable Security Hub
|
|
8941
|
-
# organization.
|
|
10097
|
+
# Whether to automatically enable Security Hub in new member accounts
|
|
10098
|
+
# when they join the organization.
|
|
8942
10099
|
#
|
|
8943
|
-
#
|
|
8944
|
-
#
|
|
10100
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
|
10101
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
|
10102
|
+
# accounts automatically. The default value is `false`.
|
|
8945
10103
|
#
|
|
8946
|
-
#
|
|
8947
|
-
# `
|
|
10104
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
|
10105
|
+
# then this field is set to `false` and can't be changed in the home
|
|
10106
|
+
# Region and linked Regions. However, in that case, the delegated
|
|
10107
|
+
# administrator can create a configuration policy in which Security Hub
|
|
10108
|
+
# is enabled and associate the policy with new organization accounts.
|
|
8948
10109
|
#
|
|
8949
10110
|
# @option params [String] :auto_enable_standards
|
|
8950
|
-
# Whether to automatically enable Security Hub [default standards][1]
|
|
8951
|
-
#
|
|
10111
|
+
# Whether to automatically enable Security Hub [default standards][1] in
|
|
10112
|
+
# new member accounts when they join the organization.
|
|
8952
10113
|
#
|
|
8953
|
-
#
|
|
8954
|
-
#
|
|
8955
|
-
# standards
|
|
10114
|
+
# The default value of this parameter is equal to `DEFAULT`.
|
|
10115
|
+
#
|
|
10116
|
+
# If equal to `DEFAULT`, then Security Hub default standards are
|
|
10117
|
+
# automatically enabled for new member accounts. If equal to `NONE`,
|
|
10118
|
+
# then default standards are not automatically enabled for new member
|
|
10119
|
+
# accounts.
|
|
8956
10120
|
#
|
|
8957
|
-
#
|
|
8958
|
-
# this
|
|
10121
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
|
10122
|
+
# then this field is set to `NONE` and can't be changed in the home
|
|
10123
|
+
# Region and linked Regions. However, in that case, the delegated
|
|
10124
|
+
# administrator can create a configuration policy in which specific
|
|
10125
|
+
# security standards are enabled and associate the policy with new
|
|
10126
|
+
# organization accounts.
|
|
8959
10127
|
#
|
|
8960
10128
|
#
|
|
8961
10129
|
#
|
|
8962
10130
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
|
8963
10131
|
#
|
|
10132
|
+
# @option params [Types::OrganizationConfiguration] :organization_configuration
|
|
10133
|
+
# Provides information about the way an organization is configured in
|
|
10134
|
+
# Security Hub.
|
|
10135
|
+
#
|
|
8964
10136
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
8965
10137
|
#
|
|
8966
10138
|
#
|
|
8967
10139
|
# @example Example: To update organization configuration
|
|
8968
10140
|
#
|
|
8969
|
-
# #
|
|
8970
|
-
# #
|
|
10141
|
+
# # This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator
|
|
10142
|
+
# # account can invoke this operation.
|
|
8971
10143
|
#
|
|
8972
10144
|
# resp = client.update_organization_configuration({
|
|
8973
|
-
# auto_enable:
|
|
10145
|
+
# auto_enable: false,
|
|
10146
|
+
# auto_enable_standards: "NONE",
|
|
10147
|
+
# organization_configuration: {
|
|
10148
|
+
# configuration_type: "CENTRAL",
|
|
10149
|
+
# },
|
|
8974
10150
|
# })
|
|
8975
10151
|
#
|
|
8976
10152
|
# @example Request syntax with placeholder values
|
|
@@ -8978,6 +10154,11 @@ module Aws::SecurityHub
|
|
|
8978
10154
|
# resp = client.update_organization_configuration({
|
|
8979
10155
|
# auto_enable: false, # required
|
|
8980
10156
|
# auto_enable_standards: "NONE", # accepts NONE, DEFAULT
|
|
10157
|
+
# organization_configuration: {
|
|
10158
|
+
# configuration_type: "CENTRAL", # accepts CENTRAL, LOCAL
|
|
10159
|
+
# status: "PENDING", # accepts PENDING, ENABLED, FAILED
|
|
10160
|
+
# status_message: "NonEmptyString",
|
|
10161
|
+
# },
|
|
8981
10162
|
# })
|
|
8982
10163
|
#
|
|
8983
10164
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
|
|
@@ -9165,7 +10346,7 @@ module Aws::SecurityHub
|
|
|
9165
10346
|
params: params,
|
|
9166
10347
|
config: config)
|
|
9167
10348
|
context[:gem_name] = 'aws-sdk-securityhub'
|
|
9168
|
-
context[:gem_version] = '1.
|
|
10349
|
+
context[:gem_version] = '1.98.0'
|
|
9169
10350
|
Seahorse::Client::Request.new(handlers, context)
|
|
9170
10351
|
end
|
|
9171
10352
|
|