aws-sdk-securityhub 1.96.0 → 1.98.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -329,6 +329,36 @@ module Aws::SecurityHub
329
329
  include Aws::Structure
330
330
  end
331
331
 
332
+ # Options for filtering the `ListConfigurationPolicyAssociations`
333
+ # response. You can filter by the Amazon Resource Name (ARN) or
334
+ # universally unique identifier (UUID) of a configuration policy,
335
+ # `AssociationType`, or `AssociationStatus`.
336
+ #
337
+ # @!attribute [rw] configuration_policy_id
338
+ # The ARN or UUID of the configuration policy.
339
+ # @return [String]
340
+ #
341
+ # @!attribute [rw] association_type
342
+ # Indicates whether the association between a target and a
343
+ # configuration was directly applied by the Security Hub delegated
344
+ # administrator or inherited from a parent.
345
+ # @return [String]
346
+ #
347
+ # @!attribute [rw] association_status
348
+ # The current status of the association between a target and a
349
+ # configuration policy.
350
+ # @return [String]
351
+ #
352
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AssociationFilters AWS API Documentation
353
+ #
354
+ class AssociationFilters < Struct.new(
355
+ :configuration_policy_id,
356
+ :association_type,
357
+ :association_status)
358
+ SENSITIVE = []
359
+ include Aws::Structure
360
+ end
361
+
332
362
  # The associations between a route table and one or more subnets or a
333
363
  # gateway.
334
364
  #
@@ -886,6 +916,26 @@ module Aws::SecurityHub
886
916
  # Array Members: Minimum number of 1 item. Maximum number of 20 items.
887
917
  # @return [Array<Types::MapFilter>]
888
918
  #
919
+ # @!attribute [rw] resource_application_arn
920
+ # The Amazon Resource Name (ARN) of the application that is related to
921
+ # a finding.
922
+ #
923
+ # Array Members: Minimum number of 1 item. Maximum number of 20 items.
924
+ # @return [Array<Types::StringFilter>]
925
+ #
926
+ # @!attribute [rw] resource_application_name
927
+ # The name of the application that is related to a finding.
928
+ #
929
+ # Array Members: Minimum number of 1 item. Maximum number of 20 items.
930
+ # @return [Array<Types::StringFilter>]
931
+ #
932
+ # @!attribute [rw] aws_account_name
933
+ # The name of the Amazon Web Services account in which a finding was
934
+ # generated.
935
+ #
936
+ # Array Members: Minimum number of 1 item. Maximum number of 20 items.
937
+ # @return [Array<Types::StringFilter>]
938
+ #
889
939
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AutomationRulesFindingFilters AWS API Documentation
890
940
  #
891
941
  class AutomationRulesFindingFilters < Struct.new(
@@ -923,7 +973,10 @@ module Aws::SecurityHub
923
973
  :note_text,
924
974
  :note_updated_at,
925
975
  :note_updated_by,
926
- :user_defined_fields)
976
+ :user_defined_fields,
977
+ :resource_application_arn,
978
+ :resource_application_name,
979
+ :aws_account_name)
927
980
  SENSITIVE = []
928
981
  include Aws::Structure
929
982
  end
@@ -18641,6 +18694,25 @@ module Aws::SecurityHub
18641
18694
  # receives those findings.
18642
18695
  # @return [Types::GeneratorDetails]
18643
18696
  #
18697
+ # @!attribute [rw] processed_at
18698
+ # An ISO8601-formatted timestamp that indicates when Security Hub
18699
+ # received a finding and begins to process it.
18700
+ #
18701
+ # A correctly formatted example is `2020-05-21T20:16:34.724Z`. The
18702
+ # value cannot contain spaces, and date and time should be separated
18703
+ # by `T`. For more information, see [RFC 3339 section 5.6, Internet
18704
+ # Date/Time Format][1].
18705
+ #
18706
+ #
18707
+ #
18708
+ # [1]: https://www.rfc-editor.org/rfc/rfc3339#section-5.6
18709
+ # @return [String]
18710
+ #
18711
+ # @!attribute [rw] aws_account_name
18712
+ # The name of the Amazon Web Services account from which a finding was
18713
+ # generated.
18714
+ # @return [String]
18715
+ #
18644
18716
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation
18645
18717
  #
18646
18718
  class AwsSecurityFinding < Struct.new(
@@ -18685,7 +18757,9 @@ module Aws::SecurityHub
18685
18757
  :action,
18686
18758
  :finding_provider_fields,
18687
18759
  :sample,
18688
- :generator_details)
18760
+ :generator_details,
18761
+ :processed_at,
18762
+ :aws_account_name)
18689
18763
  SENSITIVE = []
18690
18764
  include Aws::Structure
18691
18765
  end
@@ -18704,7 +18778,7 @@ module Aws::SecurityHub
18704
18778
  # @return [Array<Types::StringFilter>]
18705
18779
  #
18706
18780
  # @!attribute [rw] aws_account_id
18707
- # The Amazon Web Services account ID that a finding is generated in.
18781
+ # The Amazon Web Services account ID in which a finding is generated.
18708
18782
  # @return [Array<Types::StringFilter>]
18709
18783
  #
18710
18784
  # @!attribute [rw] id
@@ -19292,6 +19366,19 @@ module Aws::SecurityHub
19292
19366
  # The current value of a security control parameter.
19293
19367
  # @return [Array<Types::StringFilter>]
19294
19368
  #
19369
+ # @!attribute [rw] aws_account_name
19370
+ # The name of the Amazon Web Services account in which a finding is
19371
+ # generated.
19372
+ # @return [Array<Types::StringFilter>]
19373
+ #
19374
+ # @!attribute [rw] resource_application_name
19375
+ # The name of the application that is related to a finding.
19376
+ # @return [Array<Types::StringFilter>]
19377
+ #
19378
+ # @!attribute [rw] resource_application_arn
19379
+ # The ARN of the application that is related to a finding.
19380
+ # @return [Array<Types::StringFilter>]
19381
+ #
19295
19382
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation
19296
19383
  #
19297
19384
  class AwsSecurityFindingFilters < Struct.new(
@@ -19395,7 +19482,10 @@ module Aws::SecurityHub
19395
19482
  :vulnerabilities_exploit_available,
19396
19483
  :vulnerabilities_fix_available,
19397
19484
  :compliance_security_control_parameters_name,
19398
- :compliance_security_control_parameters_value)
19485
+ :compliance_security_control_parameters_value,
19486
+ :aws_account_name,
19487
+ :resource_application_name,
19488
+ :resource_application_arn)
19399
19489
  SENSITIVE = []
19400
19490
  include Aws::Structure
19401
19491
  end
@@ -21099,6 +21189,38 @@ module Aws::SecurityHub
21099
21189
  include Aws::Structure
21100
21190
  end
21101
21191
 
21192
+ # @!attribute [rw] configuration_policy_association_identifiers
21193
+ # Specifies one or more target account IDs, organizational unit (OU)
21194
+ # IDs, or the root ID to retrieve associations for.
21195
+ # @return [Array<Types::ConfigurationPolicyAssociation>]
21196
+ #
21197
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsRequest AWS API Documentation
21198
+ #
21199
+ class BatchGetConfigurationPolicyAssociationsRequest < Struct.new(
21200
+ :configuration_policy_association_identifiers)
21201
+ SENSITIVE = []
21202
+ include Aws::Structure
21203
+ end
21204
+
21205
+ # @!attribute [rw] configuration_policy_associations
21206
+ # Describes associations for the target accounts, OUs, or the root.
21207
+ # @return [Array<Types::ConfigurationPolicyAssociationSummary>]
21208
+ #
21209
+ # @!attribute [rw] unprocessed_configuration_policy_associations
21210
+ # An array of configuration policy associations, one for each
21211
+ # configuration policy association identifier, that was specified in
21212
+ # the request but couldn’t be processed due to an error.
21213
+ # @return [Array<Types::UnprocessedConfigurationPolicyAssociation>]
21214
+ #
21215
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociationsResponse AWS API Documentation
21216
+ #
21217
+ class BatchGetConfigurationPolicyAssociationsResponse < Struct.new(
21218
+ :configuration_policy_associations,
21219
+ :unprocessed_configuration_policy_associations)
21220
+ SENSITIVE = []
21221
+ include Aws::Structure
21222
+ end
21223
+
21102
21224
  # @!attribute [rw] security_control_ids
21103
21225
  # A list of security controls (identified with `SecurityControlId`,
21104
21226
  # `SecurityControlArn`, or a mix of both parameters). The security
@@ -21820,6 +21942,119 @@ module Aws::SecurityHub
21820
21942
  class Unknown < ConfigurationOptions; end
21821
21943
  end
21822
21944
 
21945
+ # Provides details about the association between an Security Hub
21946
+ # configuration and a target account, organizational unit, or the root.
21947
+ # An association can exist between a target and a configuration policy,
21948
+ # or between a target and self-managed behavior.
21949
+ #
21950
+ # @!attribute [rw] target
21951
+ # The target account, organizational unit, or the root.
21952
+ # @return [Types::Target]
21953
+ #
21954
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociation AWS API Documentation
21955
+ #
21956
+ class ConfigurationPolicyAssociation < Struct.new(
21957
+ :target)
21958
+ SENSITIVE = []
21959
+ include Aws::Structure
21960
+ end
21961
+
21962
+ # An object that contains the details of a configuration policy
21963
+ # association that’s returned in a `ListConfigurationPolicyAssociations`
21964
+ # request.
21965
+ #
21966
+ # @!attribute [rw] configuration_policy_id
21967
+ # The universally unique identifier (UUID) of the configuration
21968
+ # policy.
21969
+ # @return [String]
21970
+ #
21971
+ # @!attribute [rw] target_id
21972
+ # The identifier of the target account, organizational unit, or the
21973
+ # root.
21974
+ # @return [String]
21975
+ #
21976
+ # @!attribute [rw] target_type
21977
+ # Specifies whether the target is an Amazon Web Services account,
21978
+ # organizational unit, or the root.
21979
+ # @return [String]
21980
+ #
21981
+ # @!attribute [rw] association_type
21982
+ # Indicates whether the association between the specified target and
21983
+ # the configuration was directly applied by the Security Hub delegated
21984
+ # administrator or inherited from a parent.
21985
+ # @return [String]
21986
+ #
21987
+ # @!attribute [rw] updated_at
21988
+ # The date and time, in UTC and ISO 8601 format, that the
21989
+ # configuration policy association was last updated.
21990
+ # @return [Time]
21991
+ #
21992
+ # @!attribute [rw] association_status
21993
+ # The current status of the association between the specified target
21994
+ # and the configuration.
21995
+ # @return [String]
21996
+ #
21997
+ # @!attribute [rw] association_status_message
21998
+ # The explanation for a `FAILED` value for `AssociationStatus`.
21999
+ # @return [String]
22000
+ #
22001
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicyAssociationSummary AWS API Documentation
22002
+ #
22003
+ class ConfigurationPolicyAssociationSummary < Struct.new(
22004
+ :configuration_policy_id,
22005
+ :target_id,
22006
+ :target_type,
22007
+ :association_type,
22008
+ :updated_at,
22009
+ :association_status,
22010
+ :association_status_message)
22011
+ SENSITIVE = []
22012
+ include Aws::Structure
22013
+ end
22014
+
22015
+ # An object that contains the details of an Security Hub configuration
22016
+ # policy that’s returned in a `ListConfigurationPolicies` request.
22017
+ #
22018
+ # @!attribute [rw] arn
22019
+ # The Amazon Resource Name (ARN) of the configuration policy.
22020
+ # @return [String]
22021
+ #
22022
+ # @!attribute [rw] id
22023
+ # The universally unique identifier (UUID) of the configuration
22024
+ # policy.
22025
+ # @return [String]
22026
+ #
22027
+ # @!attribute [rw] name
22028
+ # The name of the configuration policy.
22029
+ # @return [String]
22030
+ #
22031
+ # @!attribute [rw] description
22032
+ # The description of the configuration policy.
22033
+ # @return [String]
22034
+ #
22035
+ # @!attribute [rw] updated_at
22036
+ # The date and time, in UTC and ISO 8601 format, that the
22037
+ # configuration policy was last updated.
22038
+ # @return [Time]
22039
+ #
22040
+ # @!attribute [rw] service_enabled
22041
+ # Indicates whether the service that the configuration policy applies
22042
+ # to is enabled in the policy.
22043
+ # @return [Boolean]
22044
+ #
22045
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ConfigurationPolicySummary AWS API Documentation
22046
+ #
22047
+ class ConfigurationPolicySummary < Struct.new(
22048
+ :arn,
22049
+ :id,
22050
+ :name,
22051
+ :description,
22052
+ :updated_at,
22053
+ :service_enabled)
22054
+ SENSITIVE = []
22055
+ include Aws::Structure
22056
+ end
22057
+
21823
22058
  # Container details related to a finding.
21824
22059
  #
21825
22060
  # @!attribute [rw] container_runtime
@@ -21931,7 +22166,7 @@ module Aws::SecurityHub
21931
22166
  end
21932
22167
 
21933
22168
  # @!attribute [rw] tags
21934
- # User-defined tags that help you label the purpose of a rule.
22169
+ # User-defined tags associated with an automation rule.
21935
22170
  # @return [Hash<String,String>]
21936
22171
  #
21937
22172
  # @!attribute [rw] rule_status
@@ -22010,6 +22245,102 @@ module Aws::SecurityHub
22010
22245
  include Aws::Structure
22011
22246
  end
22012
22247
 
22248
+ # @!attribute [rw] name
22249
+ # The name of the configuration policy.
22250
+ # @return [String]
22251
+ #
22252
+ # @!attribute [rw] description
22253
+ # The description of the configuration policy.
22254
+ # @return [String]
22255
+ #
22256
+ # @!attribute [rw] configuration_policy
22257
+ # An object that defines how Security Hub is configured. It includes
22258
+ # whether Security Hub is enabled or disabled, a list of enabled
22259
+ # security standards, a list of enabled or disabled security controls,
22260
+ # and a list of custom parameter values for specified controls. If you
22261
+ # provide a list of security controls that are enabled in the
22262
+ # configuration policy, Security Hub disables all other controls
22263
+ # (including newly released controls). If you provide a list of
22264
+ # security controls that are disabled in the configuration policy,
22265
+ # Security Hub enables all other controls (including newly released
22266
+ # controls).
22267
+ # @return [Types::Policy]
22268
+ #
22269
+ # @!attribute [rw] tags
22270
+ # User-defined tags associated with a configuration policy. For more
22271
+ # information, see [Tagging Security Hub resources][1] in the
22272
+ # *Security Hub user guide*.
22273
+ #
22274
+ #
22275
+ #
22276
+ # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
22277
+ # @return [Hash<String,String>]
22278
+ #
22279
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyRequest AWS API Documentation
22280
+ #
22281
+ class CreateConfigurationPolicyRequest < Struct.new(
22282
+ :name,
22283
+ :description,
22284
+ :configuration_policy,
22285
+ :tags)
22286
+ SENSITIVE = []
22287
+ include Aws::Structure
22288
+ end
22289
+
22290
+ # @!attribute [rw] arn
22291
+ # The Amazon Resource Name (ARN) of the configuration policy.
22292
+ # @return [String]
22293
+ #
22294
+ # @!attribute [rw] id
22295
+ # The universally unique identifier (UUID) of the configuration
22296
+ # policy.
22297
+ # @return [String]
22298
+ #
22299
+ # @!attribute [rw] name
22300
+ # The name of the configuration policy.
22301
+ # @return [String]
22302
+ #
22303
+ # @!attribute [rw] description
22304
+ # The description of the configuration policy.
22305
+ # @return [String]
22306
+ #
22307
+ # @!attribute [rw] updated_at
22308
+ # The date and time, in UTC and ISO 8601 format, that the
22309
+ # configuration policy was last updated.
22310
+ # @return [Time]
22311
+ #
22312
+ # @!attribute [rw] created_at
22313
+ # The date and time, in UTC and ISO 8601 format, that the
22314
+ # configuration policy was created.
22315
+ # @return [Time]
22316
+ #
22317
+ # @!attribute [rw] configuration_policy
22318
+ # An object that defines how Security Hub is configured. It includes
22319
+ # whether Security Hub is enabled or disabled, a list of enabled
22320
+ # security standards, a list of enabled or disabled security controls,
22321
+ # and a list of custom parameter values for specified controls. If the
22322
+ # request included a list of security controls that are enabled in the
22323
+ # configuration policy, Security Hub disables all other controls
22324
+ # (including newly released controls). If the request included a list
22325
+ # of security controls that are disabled in the configuration policy,
22326
+ # Security Hub enables all other controls (including newly released
22327
+ # controls).
22328
+ # @return [Types::Policy]
22329
+ #
22330
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicyResponse AWS API Documentation
22331
+ #
22332
+ class CreateConfigurationPolicyResponse < Struct.new(
22333
+ :arn,
22334
+ :id,
22335
+ :name,
22336
+ :description,
22337
+ :updated_at,
22338
+ :created_at,
22339
+ :configuration_policy)
22340
+ SENSITIVE = []
22341
+ include Aws::Structure
22342
+ end
22343
+
22013
22344
  # @!attribute [rw] region_linking_mode
22014
22345
  # Indicates whether to aggregate findings from all of the available
22015
22346
  # Regions in the current partition. Also determines whether to
@@ -22372,6 +22703,23 @@ module Aws::SecurityHub
22372
22703
  include Aws::Structure
22373
22704
  end
22374
22705
 
22706
+ # @!attribute [rw] identifier
22707
+ # The Amazon Resource Name (ARN) or universally unique identifier
22708
+ # (UUID) of the configuration policy.
22709
+ # @return [String]
22710
+ #
22711
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyRequest AWS API Documentation
22712
+ #
22713
+ class DeleteConfigurationPolicyRequest < Struct.new(
22714
+ :identifier)
22715
+ SENSITIVE = []
22716
+ include Aws::Structure
22717
+ end
22718
+
22719
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicyResponse AWS API Documentation
22720
+ #
22721
+ class DeleteConfigurationPolicyResponse < Aws::EmptyStructure; end
22722
+
22375
22723
  # @!attribute [rw] finding_aggregator_arn
22376
22724
  # The ARN of the finding aggregator to delete. To obtain the ARN, use
22377
22725
  # `ListFindingAggregators`.
@@ -22578,11 +22926,19 @@ module Aws::SecurityHub
22578
22926
  class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
22579
22927
 
22580
22928
  # @!attribute [rw] auto_enable
22581
- # Whether to automatically enable Security Hub for new accounts in the
22582
- # organization.
22583
- #
22584
- # If set to `true`, then Security Hub is enabled for new accounts. If
22585
- # set to false, then new accounts are not added automatically.
22929
+ # Whether to automatically enable Security Hub in new member accounts
22930
+ # when they join the organization.
22931
+ #
22932
+ # If set to `true`, then Security Hub is automatically enabled in new
22933
+ # accounts. If set to `false`, then Security Hub isn't enabled in new
22934
+ # accounts automatically. The default value is `false`.
22935
+ #
22936
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
22937
+ # then this field is set to `false` and can't be changed in the home
22938
+ # Region and linked Regions. However, in that case, the delegated
22939
+ # administrator can create a configuration policy in which Security
22940
+ # Hub is enabled and associate the policy with new organization
22941
+ # accounts.
22586
22942
  # @return [Boolean]
22587
22943
  #
22588
22944
  # @!attribute [rw] member_account_limit_reached
@@ -22592,26 +22948,37 @@ module Aws::SecurityHub
22592
22948
  #
22593
22949
  # @!attribute [rw] auto_enable_standards
22594
22950
  # Whether to automatically enable Security Hub [default standards][1]
22595
- # for new member accounts in the organization.
22596
- #
22597
- # The default value of this parameter is equal to `DEFAULT`.
22951
+ # in new member accounts when they join the organization.
22598
22952
  #
22599
22953
  # If equal to `DEFAULT`, then Security Hub default standards are
22600
22954
  # automatically enabled for new member accounts. If equal to `NONE`,
22601
22955
  # then default standards are not automatically enabled for new member
22602
- # accounts.
22956
+ # accounts. The default value of this parameter is equal to `DEFAULT`.
22957
+ #
22958
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
22959
+ # then this field is set to `NONE` and can't be changed in the home
22960
+ # Region and linked Regions. However, in that case, the delegated
22961
+ # administrator can create a configuration policy in which specific
22962
+ # security standards are enabled and associate the policy with new
22963
+ # organization accounts.
22603
22964
  #
22604
22965
  #
22605
22966
  #
22606
22967
  # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
22607
22968
  # @return [String]
22608
22969
  #
22970
+ # @!attribute [rw] organization_configuration
22971
+ # Provides information about the way an organization is configured in
22972
+ # Security Hub.
22973
+ # @return [Types::OrganizationConfiguration]
22974
+ #
22609
22975
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
22610
22976
  #
22611
22977
  class DescribeOrganizationConfigurationResponse < Struct.new(
22612
22978
  :auto_enable,
22613
22979
  :member_account_limit_reached,
22614
- :auto_enable_standards)
22980
+ :auto_enable_standards,
22981
+ :organization_configuration)
22615
22982
  SENSITIVE = []
22616
22983
  include Aws::Structure
22617
22984
  end
@@ -23430,6 +23797,133 @@ module Aws::SecurityHub
23430
23797
  include Aws::Structure
23431
23798
  end
23432
23799
 
23800
+ # @!attribute [rw] target
23801
+ # The target account ID, organizational unit ID, or the root ID to
23802
+ # retrieve the association for.
23803
+ # @return [Types::Target]
23804
+ #
23805
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationRequest AWS API Documentation
23806
+ #
23807
+ class GetConfigurationPolicyAssociationRequest < Struct.new(
23808
+ :target)
23809
+ SENSITIVE = []
23810
+ include Aws::Structure
23811
+ end
23812
+
23813
+ # @!attribute [rw] configuration_policy_id
23814
+ # The universally unique identifier (UUID) of a configuration policy.
23815
+ # For self-managed behavior, the value is `SELF_MANAGED_SECURITY_HUB`.
23816
+ # @return [String]
23817
+ #
23818
+ # @!attribute [rw] target_id
23819
+ # The target account ID, organizational unit ID, or the root ID for
23820
+ # which the association is retrieved.
23821
+ # @return [String]
23822
+ #
23823
+ # @!attribute [rw] target_type
23824
+ # Specifies whether the target is an Amazon Web Services account,
23825
+ # organizational unit, or the organization root.
23826
+ # @return [String]
23827
+ #
23828
+ # @!attribute [rw] association_type
23829
+ # Indicates whether the association between the specified target and
23830
+ # the configuration was directly applied by the Security Hub delegated
23831
+ # administrator or inherited from a parent.
23832
+ # @return [String]
23833
+ #
23834
+ # @!attribute [rw] updated_at
23835
+ # The date and time, in UTC and ISO 8601 format, that the
23836
+ # configuration policy association was last updated.
23837
+ # @return [Time]
23838
+ #
23839
+ # @!attribute [rw] association_status
23840
+ # The current status of the association between the specified target
23841
+ # and the configuration.
23842
+ # @return [String]
23843
+ #
23844
+ # @!attribute [rw] association_status_message
23845
+ # The explanation for a `FAILED` value for `AssociationStatus`.
23846
+ # @return [String]
23847
+ #
23848
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociationResponse AWS API Documentation
23849
+ #
23850
+ class GetConfigurationPolicyAssociationResponse < Struct.new(
23851
+ :configuration_policy_id,
23852
+ :target_id,
23853
+ :target_type,
23854
+ :association_type,
23855
+ :updated_at,
23856
+ :association_status,
23857
+ :association_status_message)
23858
+ SENSITIVE = []
23859
+ include Aws::Structure
23860
+ end
23861
+
23862
+ # @!attribute [rw] identifier
23863
+ # The Amazon Resource Name (ARN) or universally unique identifier
23864
+ # (UUID) of the configuration policy.
23865
+ # @return [String]
23866
+ #
23867
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyRequest AWS API Documentation
23868
+ #
23869
+ class GetConfigurationPolicyRequest < Struct.new(
23870
+ :identifier)
23871
+ SENSITIVE = []
23872
+ include Aws::Structure
23873
+ end
23874
+
23875
+ # @!attribute [rw] arn
23876
+ # The ARN of the configuration policy.
23877
+ # @return [String]
23878
+ #
23879
+ # @!attribute [rw] id
23880
+ # The UUID of the configuration policy.
23881
+ # @return [String]
23882
+ #
23883
+ # @!attribute [rw] name
23884
+ # The name of the configuration policy.
23885
+ # @return [String]
23886
+ #
23887
+ # @!attribute [rw] description
23888
+ # The description of the configuration policy.
23889
+ # @return [String]
23890
+ #
23891
+ # @!attribute [rw] updated_at
23892
+ # The date and time, in UTC and ISO 8601 format, that the
23893
+ # configuration policy was last updated.
23894
+ # @return [Time]
23895
+ #
23896
+ # @!attribute [rw] created_at
23897
+ # The date and time, in UTC and ISO 8601 format, that the
23898
+ # configuration policy was created.
23899
+ # @return [Time]
23900
+ #
23901
+ # @!attribute [rw] configuration_policy
23902
+ # An object that defines how Security Hub is configured. It includes
23903
+ # whether Security Hub is enabled or disabled, a list of enabled
23904
+ # security standards, a list of enabled or disabled security controls,
23905
+ # and a list of custom parameter values for specified controls. If the
23906
+ # policy includes a list of security controls that are enabled,
23907
+ # Security Hub disables all other controls (including newly released
23908
+ # controls). If the policy includes a list of security controls that
23909
+ # are disabled, Security Hub enables all other controls (including
23910
+ # newly released controls).
23911
+ # @return [Types::Policy]
23912
+ #
23913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyResponse AWS API Documentation
23914
+ #
23915
+ class GetConfigurationPolicyResponse < Struct.new(
23916
+ :arn,
23917
+ :id,
23918
+ :name,
23919
+ :description,
23920
+ :updated_at,
23921
+ :created_at,
23922
+ :configuration_policy)
23923
+ SENSITIVE = []
23924
+ include Aws::Structure
23925
+ end
23926
+
23433
23927
  # @!attribute [rw] standards_subscription_arns
23434
23928
  # The list of the standards subscription ARNs for the standards to
23435
23929
  # retrieve.
@@ -24299,6 +24793,117 @@ module Aws::SecurityHub
24299
24793
  include Aws::Structure
24300
24794
  end
24301
24795
 
24796
+ # @!attribute [rw] next_token
24797
+ # The NextToken value that's returned from a previous paginated
24798
+ # `ListConfigurationPolicies` request where `MaxResults` was used but
24799
+ # the results exceeded the value of that parameter. Pagination
24800
+ # continues from the `MaxResults` was used but the results exceeded
24801
+ # the value of that parameter. Pagination continues from the end of
24802
+ # the previous response that returned the `NextToken` value. This
24803
+ # value is `null` when there are no more results to return.
24804
+ # @return [String]
24805
+ #
24806
+ # @!attribute [rw] max_results
24807
+ # The maximum number of results that's returned by
24808
+ # `ListConfigurationPolicies` in each page of the response. When this
24809
+ # parameter is used, `ListConfigurationPolicies` returns the specified
24810
+ # number of results in a single page and a `NextToken` response
24811
+ # element. You can see the remaining results of the initial request by
24812
+ # sending another `ListConfigurationPolicies` request with the
24813
+ # returned `NextToken` value. A valid range for `MaxResults` is
24814
+ # between 1 and 100.
24815
+ # @return [Integer]
24816
+ #
24817
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesRequest AWS API Documentation
24818
+ #
24819
+ class ListConfigurationPoliciesRequest < Struct.new(
24820
+ :next_token,
24821
+ :max_results)
24822
+ SENSITIVE = []
24823
+ include Aws::Structure
24824
+ end
24825
+
24826
+ # @!attribute [rw] configuration_policy_summaries
24827
+ # Provides metadata for each of your configuration policies.
24828
+ # @return [Array<Types::ConfigurationPolicySummary>]
24829
+ #
24830
+ # @!attribute [rw] next_token
24831
+ # The `NextToken` value to include in the next
24832
+ # `ListConfigurationPolicies` request. When the results of a
24833
+ # `ListConfigurationPolicies` request exceed `MaxResults`, this value
24834
+ # can be used to retrieve the next page of results. This value is
24835
+ # `null` when there are no more results to return.
24836
+ # @return [String]
24837
+ #
24838
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPoliciesResponse AWS API Documentation
24839
+ #
24840
+ class ListConfigurationPoliciesResponse < Struct.new(
24841
+ :configuration_policy_summaries,
24842
+ :next_token)
24843
+ SENSITIVE = []
24844
+ include Aws::Structure
24845
+ end
24846
+
24847
+ # @!attribute [rw] next_token
24848
+ # The `NextToken` value that's returned from a previous paginated
24849
+ # `ListConfigurationPolicyAssociations` request where `MaxResults` was
24850
+ # used but the results exceeded the value of that parameter.
24851
+ # Pagination continues from the end of the previous response that
24852
+ # returned the `NextToken` value. This value is `null` when there are
24853
+ # no more results to return.
24854
+ # @return [String]
24855
+ #
24856
+ # @!attribute [rw] max_results
24857
+ # The maximum number of results that's returned by
24858
+ # `ListConfigurationPolicies` in each page of the response. When this
24859
+ # parameter is used, `ListConfigurationPolicyAssociations` returns the
24860
+ # specified number of results in a single page and a `NextToken`
24861
+ # response element. You can see the remaining results of the initial
24862
+ # request by sending another `ListConfigurationPolicyAssociations`
24863
+ # request with the returned `NextToken` value. A valid range for
24864
+ # `MaxResults` is between 1 and 100.
24865
+ # @return [Integer]
24866
+ #
24867
+ # @!attribute [rw] filters
24868
+ # Options for filtering the `ListConfigurationPolicyAssociations`
24869
+ # response. You can filter by the Amazon Resource Name (ARN) or
24870
+ # universally unique identifier (UUID) of a configuration,
24871
+ # `AssociationType`, or `AssociationStatus`.
24872
+ # @return [Types::AssociationFilters]
24873
+ #
24874
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsRequest AWS API Documentation
24875
+ #
24876
+ class ListConfigurationPolicyAssociationsRequest < Struct.new(
24877
+ :next_token,
24878
+ :max_results,
24879
+ :filters)
24880
+ SENSITIVE = []
24881
+ include Aws::Structure
24882
+ end
24883
+
24884
+ # @!attribute [rw] configuration_policy_association_summaries
24885
+ # An object that contains the details of each configuration policy
24886
+ # association that’s returned in a
24887
+ # `ListConfigurationPolicyAssociations` request.
24888
+ # @return [Array<Types::ConfigurationPolicyAssociationSummary>]
24889
+ #
24890
+ # @!attribute [rw] next_token
24891
+ # The `NextToken` value to include in the next
24892
+ # `ListConfigurationPolicyAssociations` request. When the results of a
24893
+ # `ListConfigurationPolicyAssociations` request exceed `MaxResults`,
24894
+ # this value can be used to retrieve the next page of results. This
24895
+ # value is `null` when there are no more results to return.
24896
+ # @return [String]
24897
+ #
24898
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociationsResponse AWS API Documentation
24899
+ #
24900
+ class ListConfigurationPolicyAssociationsResponse < Struct.new(
24901
+ :configuration_policy_association_summaries,
24902
+ :next_token)
24903
+ SENSITIVE = []
24904
+ include Aws::Structure
24905
+ end
24906
+
24302
24907
  # @!attribute [rw] next_token
24303
24908
  # The token that is required for pagination. On your first call to the
24304
24909
  # `ListEnabledProductsForImport` operation, set the value of this
@@ -25177,6 +25782,53 @@ module Aws::SecurityHub
25177
25782
  include Aws::Structure
25178
25783
  end
25179
25784
 
25785
+ # Provides information about the way an organization is configured in
25786
+ # Security Hub.
25787
+ #
25788
+ # @!attribute [rw] configuration_type
25789
+ # Indicates whether the organization uses local or central
25790
+ # configuration.
25791
+ #
25792
+ # If you use local configuration, the Security Hub delegated
25793
+ # administrator can set `AutoEnable` to `true` and
25794
+ # `AutoEnableStandards` to `DEFAULT`. This automatically enables
25795
+ # Security Hub and default security standards in new organization
25796
+ # accounts. These new account settings must be set separately in each
25797
+ # Amazon Web Services Region, and settings may be different in each
25798
+ # Region.
25799
+ #
25800
+ # If you use central configuration, the delegated administrator can
25801
+ # create configuration policies. Configuration policies can be used to
25802
+ # configure Security Hub, security standards, and security controls in
25803
+ # multiple accounts and Regions. If you want new organization accounts
25804
+ # to use a specific configuration, you can create a configuration
25805
+ # policy and associate it with the root or specific organizational
25806
+ # units (OUs). New accounts will inherit the policy from the root or
25807
+ # their assigned OU.
25808
+ # @return [String]
25809
+ #
25810
+ # @!attribute [rw] status
25811
+ # Describes whether central configuration could be enabled as the
25812
+ # `ConfigurationType` for the organization. If your
25813
+ # `ConfigurationType` is local configuration, then the value of
25814
+ # `Status` is always `ENABLED`.
25815
+ # @return [String]
25816
+ #
25817
+ # @!attribute [rw] status_message
25818
+ # Provides an explanation if the value of `Status` is equal to
25819
+ # `FAILED` when `ConfigurationType` is equal to `CENTRAL`.
25820
+ # @return [String]
25821
+ #
25822
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/OrganizationConfiguration AWS API Documentation
25823
+ #
25824
+ class OrganizationConfiguration < Struct.new(
25825
+ :configuration_type,
25826
+ :status,
25827
+ :status_message)
25828
+ SENSITIVE = []
25829
+ include Aws::Structure
25830
+ end
25831
+
25180
25832
  # An occurrence of sensitive data in an Adobe Portable Document Format
25181
25833
  # (PDF) file.
25182
25834
  #
@@ -25404,6 +26056,37 @@ module Aws::SecurityHub
25404
26056
  include Aws::Structure
25405
26057
  end
25406
26058
 
26059
+ # An object that defines how Security Hub is configured. It includes
26060
+ # whether Security Hub is enabled or disabled, a list of enabled
26061
+ # security standards, a list of enabled or disabled security controls,
26062
+ # and a list of custom parameter values for specified controls. If you
26063
+ # provide a list of security controls that are enabled in the
26064
+ # configuration policy, Security Hub disables all other controls
26065
+ # (including newly released controls). If you provide a list of security
26066
+ # controls that are disabled in the configuration policy, Security Hub
26067
+ # enables all other controls (including newly released controls).
26068
+ #
26069
+ # @note Policy is a union - when making an API calls you must set exactly one of the members.
26070
+ #
26071
+ # @note Policy is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Policy corresponding to the set member.
26072
+ #
26073
+ # @!attribute [rw] security_hub
26074
+ # The Amazon Web Service that the configuration policy applies to.
26075
+ # @return [Types::SecurityHubPolicy]
26076
+ #
26077
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Policy AWS API Documentation
26078
+ #
26079
+ class Policy < Struct.new(
26080
+ :security_hub,
26081
+ :unknown)
26082
+ SENSITIVE = []
26083
+ include Aws::Structure
26084
+ include Aws::Structure::Union
26085
+
26086
+ class SecurityHub < Policy; end
26087
+ class Unknown < Policy; end
26088
+ end
26089
+
25407
26090
  # Provided if `ActionType` is `PORT_PROBE`. It provides details about
25408
26091
  # the attempted port probe that was detected.
25409
26092
  #
@@ -25788,6 +26471,15 @@ module Aws::SecurityHub
25788
26471
  # Additional details about the resource related to a finding.
25789
26472
  # @return [Types::ResourceDetails]
25790
26473
  #
26474
+ # @!attribute [rw] application_name
26475
+ # The name of the application that is related to a finding.
26476
+ # @return [String]
26477
+ #
26478
+ # @!attribute [rw] application_arn
26479
+ # The Amazon Resource Name (ARN) of the application that is related to
26480
+ # a finding.
26481
+ # @return [String]
26482
+ #
25791
26483
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Resource AWS API Documentation
25792
26484
  #
25793
26485
  class Resource < Struct.new(
@@ -25798,7 +26490,9 @@ module Aws::SecurityHub
25798
26490
  :resource_role,
25799
26491
  :tags,
25800
26492
  :data_classification,
25801
- :details)
26493
+ :details,
26494
+ :application_name,
26495
+ :application_arn)
25802
26496
  SENSITIVE = []
25803
26497
  include Aws::Structure
25804
26498
  end
@@ -27057,6 +27751,27 @@ module Aws::SecurityHub
27057
27751
  include Aws::Structure
27058
27752
  end
27059
27753
 
27754
+ # A list of security controls and control parameter values that are
27755
+ # included in a configuration policy.
27756
+ #
27757
+ # @!attribute [rw] security_control_id
27758
+ # The ID of the security control.
27759
+ # @return [String]
27760
+ #
27761
+ # @!attribute [rw] parameters
27762
+ # An object that specifies parameter values for a control in a
27763
+ # configuration policy.
27764
+ # @return [Hash<String,Types::ParameterConfiguration>]
27765
+ #
27766
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlCustomParameter AWS API Documentation
27767
+ #
27768
+ class SecurityControlCustomParameter < Struct.new(
27769
+ :security_control_id,
27770
+ :parameters)
27771
+ SENSITIVE = []
27772
+ include Aws::Structure
27773
+ end
27774
+
27060
27775
  # Provides metadata for a security control, including its unique
27061
27776
  # standard-agnostic identifier, title, description, severity,
27062
27777
  # availability in Amazon Web Services Regions, and a link to remediation
@@ -27149,6 +27864,73 @@ module Aws::SecurityHub
27149
27864
  include Aws::Structure
27150
27865
  end
27151
27866
 
27867
+ # An object that defines which security controls are enabled in an
27868
+ # Security Hub configuration policy. The enablement status of a control
27869
+ # is aligned across all of the enabled standards in an account.
27870
+ #
27871
+ # @!attribute [rw] enabled_security_control_identifiers
27872
+ # A list of security controls that are enabled in the configuration
27873
+ # policy. Security Hub disables all other controls (including newly
27874
+ # released controls) other than the listed controls.
27875
+ # @return [Array<String>]
27876
+ #
27877
+ # @!attribute [rw] disabled_security_control_identifiers
27878
+ # A list of security controls that are disabled in the configuration
27879
+ # policy. Security Hub enables all other controls (including newly
27880
+ # released controls) other than the listed controls.
27881
+ # @return [Array<String>]
27882
+ #
27883
+ # @!attribute [rw] security_control_custom_parameters
27884
+ # A list of security controls and control parameter values that are
27885
+ # included in a configuration policy.
27886
+ # @return [Array<Types::SecurityControlCustomParameter>]
27887
+ #
27888
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityControlsConfiguration AWS API Documentation
27889
+ #
27890
+ class SecurityControlsConfiguration < Struct.new(
27891
+ :enabled_security_control_identifiers,
27892
+ :disabled_security_control_identifiers,
27893
+ :security_control_custom_parameters)
27894
+ SENSITIVE = []
27895
+ include Aws::Structure
27896
+ end
27897
+
27898
+ # An object that defines how Security Hub is configured. The
27899
+ # configuration policy includes whether Security Hub is enabled or
27900
+ # disabled, a list of enabled security standards, a list of enabled or
27901
+ # disabled security controls, and a list of custom parameter values for
27902
+ # specified controls. If you provide a list of security controls that
27903
+ # are enabled in the configuration policy, Security Hub disables all
27904
+ # other controls (including newly released controls). If you provide a
27905
+ # list of security controls that are disabled in the configuration
27906
+ # policy, Security Hub enables all other controls (including newly
27907
+ # released controls).
27908
+ #
27909
+ # @!attribute [rw] service_enabled
27910
+ # Indicates whether Security Hub is enabled in the policy.
27911
+ # @return [Boolean]
27912
+ #
27913
+ # @!attribute [rw] enabled_standard_identifiers
27914
+ # A list that defines which security standards are enabled in the
27915
+ # configuration policy.
27916
+ # @return [Array<String>]
27917
+ #
27918
+ # @!attribute [rw] security_controls_configuration
27919
+ # An object that defines which security controls are enabled in the
27920
+ # configuration policy. The enablement status of a control is aligned
27921
+ # across all of the enabled standards in an account.
27922
+ # @return [Types::SecurityControlsConfiguration]
27923
+ #
27924
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SecurityHubPolicy AWS API Documentation
27925
+ #
27926
+ class SecurityHubPolicy < Struct.new(
27927
+ :service_enabled,
27928
+ :enabled_standard_identifiers,
27929
+ :security_controls_configuration)
27930
+ SENSITIVE = []
27931
+ include Aws::Structure
27932
+ end
27933
+
27152
27934
  # The list of detected instances of sensitive data.
27153
27935
  #
27154
27936
  # @!attribute [rw] count
@@ -27666,7 +28448,7 @@ module Aws::SecurityHub
27666
28448
  # @return [Time]
27667
28449
  #
27668
28450
  # @!attribute [rw] updated_reason
27669
- # The reason for updating the control's enablement status in a
28451
+ # The reason for updating a control's enablement status in a
27670
28452
  # specified standard.
27671
28453
  # @return [String]
27672
28454
  #
@@ -27839,6 +28621,96 @@ module Aws::SecurityHub
27839
28621
  include Aws::Structure
27840
28622
  end
27841
28623
 
28624
+ # @!attribute [rw] configuration_policy_identifier
28625
+ # The Amazon Resource Name (ARN) or universally unique identifier
28626
+ # (UUID) of the configuration policy.
28627
+ # @return [String]
28628
+ #
28629
+ # @!attribute [rw] target
28630
+ # The identifier of the target account, organizational unit, or the
28631
+ # root to associate with the specified configuration.
28632
+ # @return [Types::Target]
28633
+ #
28634
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationRequest AWS API Documentation
28635
+ #
28636
+ class StartConfigurationPolicyAssociationRequest < Struct.new(
28637
+ :configuration_policy_identifier,
28638
+ :target)
28639
+ SENSITIVE = []
28640
+ include Aws::Structure
28641
+ end
28642
+
28643
+ # @!attribute [rw] configuration_policy_id
28644
+ # The UUID of the configuration policy.
28645
+ # @return [String]
28646
+ #
28647
+ # @!attribute [rw] target_id
28648
+ # The identifier of the target account, organizational unit, or the
28649
+ # organization root with which the configuration is associated.
28650
+ # @return [String]
28651
+ #
28652
+ # @!attribute [rw] target_type
28653
+ # Indicates whether the target is an Amazon Web Services account,
28654
+ # organizational unit, or the organization root.
28655
+ # @return [String]
28656
+ #
28657
+ # @!attribute [rw] association_type
28658
+ # Indicates whether the association between the specified target and
28659
+ # the configuration was directly applied by the Security Hub delegated
28660
+ # administrator or inherited from a parent.
28661
+ # @return [String]
28662
+ #
28663
+ # @!attribute [rw] updated_at
28664
+ # The date and time, in UTC and ISO 8601 format, that the
28665
+ # configuration policy association was last updated.
28666
+ # @return [Time]
28667
+ #
28668
+ # @!attribute [rw] association_status
28669
+ # The current status of the association between the specified target
28670
+ # and the configuration.
28671
+ # @return [String]
28672
+ #
28673
+ # @!attribute [rw] association_status_message
28674
+ # An explanation for a `FAILED` value for `AssociationStatus`.
28675
+ # @return [String]
28676
+ #
28677
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociationResponse AWS API Documentation
28678
+ #
28679
+ class StartConfigurationPolicyAssociationResponse < Struct.new(
28680
+ :configuration_policy_id,
28681
+ :target_id,
28682
+ :target_type,
28683
+ :association_type,
28684
+ :updated_at,
28685
+ :association_status,
28686
+ :association_status_message)
28687
+ SENSITIVE = []
28688
+ include Aws::Structure
28689
+ end
28690
+
28691
+ # @!attribute [rw] target
28692
+ # The identifier of the target account, organizational unit, or the
28693
+ # root to disassociate from the specified configuration.
28694
+ # @return [Types::Target]
28695
+ #
28696
+ # @!attribute [rw] configuration_policy_identifier
28697
+ # The Amazon Resource Name (ARN) or universally unique identifier
28698
+ # (UUID) of the configuration policy.
28699
+ # @return [String]
28700
+ #
28701
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationRequest AWS API Documentation
28702
+ #
28703
+ class StartConfigurationPolicyDisassociationRequest < Struct.new(
28704
+ :target,
28705
+ :configuration_policy_identifier)
28706
+ SENSITIVE = []
28707
+ include Aws::Structure
28708
+ end
28709
+
28710
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociationResponse AWS API Documentation
28711
+ #
28712
+ class StartConfigurationPolicyDisassociationResponse < Aws::EmptyStructure; end
28713
+
27842
28714
  # The definition of a custom action that can be used for stateless
27843
28715
  # packet handling.
27844
28716
  #
@@ -28097,6 +28969,43 @@ module Aws::SecurityHub
28097
28969
  #
28098
28970
  class TagResourceResponse < Aws::EmptyStructure; end
28099
28971
 
28972
+ # The target account, organizational unit, or the root that is
28973
+ # associated with an Security Hub configuration. The configuration can
28974
+ # be a configuration policy or self-managed behavior.
28975
+ #
28976
+ # @note Target is a union - when making an API calls you must set exactly one of the members.
28977
+ #
28978
+ # @note Target is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Target corresponding to the set member.
28979
+ #
28980
+ # @!attribute [rw] account_id
28981
+ # The Amazon Web Services account ID of the target account.
28982
+ # @return [String]
28983
+ #
28984
+ # @!attribute [rw] organizational_unit_id
28985
+ # The organizational unit ID of the target organizational unit.
28986
+ # @return [String]
28987
+ #
28988
+ # @!attribute [rw] root_id
28989
+ # The ID of the organization root.
28990
+ # @return [String]
28991
+ #
28992
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Target AWS API Documentation
28993
+ #
28994
+ class Target < Struct.new(
28995
+ :account_id,
28996
+ :organizational_unit_id,
28997
+ :root_id,
28998
+ :unknown)
28999
+ SENSITIVE = []
29000
+ include Aws::Structure
29001
+ include Aws::Structure::Union
29002
+
29003
+ class AccountId < Target; end
29004
+ class OrganizationalUnitId < Target; end
29005
+ class RootId < Target; end
29006
+ class Unknown < Target; end
29007
+ end
29008
+
28100
29009
  # Provides information about the threat detected in a security finding
28101
29010
  # and the file paths that were affected by the threat.
28102
29011
  #
@@ -28205,6 +29114,37 @@ module Aws::SecurityHub
28205
29114
  include Aws::Structure
28206
29115
  end
28207
29116
 
29117
+ # An array of configuration policy associations, one for each
29118
+ # configuration policy association identifier, that was specified in a
29119
+ # `BatchGetConfigurationPolicyAssociations` request but couldn’t be
29120
+ # processed due to an error.
29121
+ #
29122
+ # @!attribute [rw] configuration_policy_association_identifiers
29123
+ # Configuration policy association identifiers that were specified in
29124
+ # a `BatchGetConfigurationPolicyAssociations` request but couldn’t be
29125
+ # processed due to an error.
29126
+ # @return [Types::ConfigurationPolicyAssociation]
29127
+ #
29128
+ # @!attribute [rw] error_code
29129
+ # An HTTP status code that identifies why the configuration policy
29130
+ # association failed.
29131
+ # @return [String]
29132
+ #
29133
+ # @!attribute [rw] error_reason
29134
+ # A string that identifies why the configuration policy association
29135
+ # failed.
29136
+ # @return [String]
29137
+ #
29138
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UnprocessedConfigurationPolicyAssociation AWS API Documentation
29139
+ #
29140
+ class UnprocessedConfigurationPolicyAssociation < Struct.new(
29141
+ :configuration_policy_association_identifiers,
29142
+ :error_code,
29143
+ :error_reason)
29144
+ SENSITIVE = []
29145
+ include Aws::Structure
29146
+ end
29147
+
28208
29148
  # Provides details about a security control for which a response
28209
29149
  # couldn't be returned.
28210
29150
  #
@@ -28427,6 +29367,106 @@ module Aws::SecurityHub
28427
29367
  include Aws::Structure
28428
29368
  end
28429
29369
 
29370
+ # @!attribute [rw] identifier
29371
+ # The Amazon Resource Name (ARN) or universally unique identifier
29372
+ # (UUID) of the configuration policy.
29373
+ # @return [String]
29374
+ #
29375
+ # @!attribute [rw] name
29376
+ # The name of the configuration policy.
29377
+ # @return [String]
29378
+ #
29379
+ # @!attribute [rw] description
29380
+ # The description of the configuration policy.
29381
+ # @return [String]
29382
+ #
29383
+ # @!attribute [rw] updated_reason
29384
+ # The reason for updating the configuration policy.
29385
+ # @return [String]
29386
+ #
29387
+ # @!attribute [rw] configuration_policy
29388
+ # An object that defines how Security Hub is configured. It includes
29389
+ # whether Security Hub is enabled or disabled, a list of enabled
29390
+ # security standards, a list of enabled or disabled security controls,
29391
+ # and a list of custom parameter values for specified controls. If you
29392
+ # provide a list of security controls that are enabled in the
29393
+ # configuration policy, Security Hub disables all other controls
29394
+ # (including newly released controls). If you provide a list of
29395
+ # security controls that are disabled in the configuration policy,
29396
+ # Security Hub enables all other controls (including newly released
29397
+ # controls).
29398
+ #
29399
+ # When updating a configuration policy, provide a complete list of
29400
+ # standards that you want to enable and a complete list of controls
29401
+ # that you want to enable or disable. The updated configuration
29402
+ # replaces the current configuration.
29403
+ # @return [Types::Policy]
29404
+ #
29405
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyRequest AWS API Documentation
29406
+ #
29407
+ class UpdateConfigurationPolicyRequest < Struct.new(
29408
+ :identifier,
29409
+ :name,
29410
+ :description,
29411
+ :updated_reason,
29412
+ :configuration_policy)
29413
+ SENSITIVE = []
29414
+ include Aws::Structure
29415
+ end
29416
+
29417
+ # @!attribute [rw] arn
29418
+ # The ARN of the configuration policy.
29419
+ # @return [String]
29420
+ #
29421
+ # @!attribute [rw] id
29422
+ # The UUID of the configuration policy.
29423
+ # @return [String]
29424
+ #
29425
+ # @!attribute [rw] name
29426
+ # The name of the configuration policy.
29427
+ # @return [String]
29428
+ #
29429
+ # @!attribute [rw] description
29430
+ # The description of the configuration policy.
29431
+ # @return [String]
29432
+ #
29433
+ # @!attribute [rw] updated_at
29434
+ # The date and time, in UTC and ISO 8601 format, that the
29435
+ # configuration policy was last updated.
29436
+ # @return [Time]
29437
+ #
29438
+ # @!attribute [rw] created_at
29439
+ # The date and time, in UTC and ISO 8601 format, that the
29440
+ # configuration policy was created.
29441
+ # @return [Time]
29442
+ #
29443
+ # @!attribute [rw] configuration_policy
29444
+ # An object that defines how Security Hub is configured. It includes
29445
+ # whether Security Hub is enabled or disabled, a list of enabled
29446
+ # security standards, a list of enabled or disabled security controls,
29447
+ # and a list of custom parameter values for specified controls. If the
29448
+ # request included a list of security controls that are enabled in the
29449
+ # configuration policy, Security Hub disables all other controls
29450
+ # (including newly released controls). If the request included a list
29451
+ # of security controls that are disabled in the configuration policy,
29452
+ # Security Hub enables all other controls (including newly released
29453
+ # controls).
29454
+ # @return [Types::Policy]
29455
+ #
29456
+ # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicyResponse AWS API Documentation
29457
+ #
29458
+ class UpdateConfigurationPolicyResponse < Struct.new(
29459
+ :arn,
29460
+ :id,
29461
+ :name,
29462
+ :description,
29463
+ :updated_at,
29464
+ :created_at,
29465
+ :configuration_policy)
29466
+ SENSITIVE = []
29467
+ include Aws::Structure
29468
+ end
29469
+
28430
29470
  # @!attribute [rw] finding_aggregator_arn
28431
29471
  # The ARN of the finding aggregator. To obtain the ARN, use
28432
29472
  # `ListFindingAggregators`.
@@ -28567,37 +29607,55 @@ module Aws::SecurityHub
28567
29607
  class UpdateInsightResponse < Aws::EmptyStructure; end
28568
29608
 
28569
29609
  # @!attribute [rw] auto_enable
28570
- # Whether to automatically enable Security Hub for new accounts in the
28571
- # organization.
28572
- #
28573
- # By default, this is `false`, and new accounts are not added
28574
- # automatically.
28575
- #
28576
- # To automatically enable Security Hub for new accounts, set this to
28577
- # `true`.
29610
+ # Whether to automatically enable Security Hub in new member accounts
29611
+ # when they join the organization.
29612
+ #
29613
+ # If set to `true`, then Security Hub is automatically enabled in new
29614
+ # accounts. If set to `false`, then Security Hub isn't enabled in new
29615
+ # accounts automatically. The default value is `false`.
29616
+ #
29617
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
29618
+ # then this field is set to `false` and can't be changed in the home
29619
+ # Region and linked Regions. However, in that case, the delegated
29620
+ # administrator can create a configuration policy in which Security
29621
+ # Hub is enabled and associate the policy with new organization
29622
+ # accounts.
28578
29623
  # @return [Boolean]
28579
29624
  #
28580
29625
  # @!attribute [rw] auto_enable_standards
28581
29626
  # Whether to automatically enable Security Hub [default standards][1]
28582
- # for new member accounts in the organization.
29627
+ # in new member accounts when they join the organization.
28583
29628
  #
28584
- # By default, this parameter is equal to `DEFAULT`, and new member
28585
- # accounts are automatically enabled with default Security Hub
28586
- # standards.
29629
+ # The default value of this parameter is equal to `DEFAULT`.
28587
29630
  #
28588
- # To opt out of enabling default standards for new member accounts,
28589
- # set this parameter equal to `NONE`.
29631
+ # If equal to `DEFAULT`, then Security Hub default standards are
29632
+ # automatically enabled for new member accounts. If equal to `NONE`,
29633
+ # then default standards are not automatically enabled for new member
29634
+ # accounts.
29635
+ #
29636
+ # If the `ConfigurationType` of your organization is set to `CENTRAL`,
29637
+ # then this field is set to `NONE` and can't be changed in the home
29638
+ # Region and linked Regions. However, in that case, the delegated
29639
+ # administrator can create a configuration policy in which specific
29640
+ # security standards are enabled and associate the policy with new
29641
+ # organization accounts.
28590
29642
  #
28591
29643
  #
28592
29644
  #
28593
29645
  # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
28594
29646
  # @return [String]
28595
29647
  #
29648
+ # @!attribute [rw] organization_configuration
29649
+ # Provides information about the way an organization is configured in
29650
+ # Security Hub.
29651
+ # @return [Types::OrganizationConfiguration]
29652
+ #
28596
29653
  # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
28597
29654
  #
28598
29655
  class UpdateOrganizationConfigurationRequest < Struct.new(
28599
29656
  :auto_enable,
28600
- :auto_enable_standards)
29657
+ :auto_enable_standards,
29658
+ :organization_configuration)
28601
29659
  SENSITIVE = []
28602
29660
  include Aws::Structure
28603
29661
  end