aws-sdk-securityhub 1.98.0 → 1.99.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d44eea6b83551cedfe6fada0cce8308f6fa8a1b38984d0971b92b00be0b9d200
-  data.tar.gz: 6b3085b82582600cfdf6a64652faa52d635ad257d871048c8c0053bc324b657d
+  metadata.gz: '03597bb188e03772414545438b8bb1724a05ba114937a072cddd53b95e44d300'
+  data.tar.gz: 8b433491b250ec1fa95bd8bef557501d443c45adad98bebb32f27b3aef33d8f0
 SHA512:
-  metadata.gz: 72bcacda573ed17616e438d6a8e9013cae9b7b5c0a061c769eedac591eaec7eebf1462ba666b37dc6e8b96d86858ff86ec19189eafca8357eef56d856ee927fc
-  data.tar.gz: de52bd8e71ba28f28646836fecfad1c0f50e5c6aa242d937acbe1c297e695f897920a79373e487ddc77388b602226870c3722cf46eb3d354e22c6b538e203ce9
+  metadata.gz: 179c2d590277fdbb178e4a51d4a7079f4ead307a5fdacde140935b470a844d24db4a09c3c5a6801ae6b71a519f5642ce7e7d8646730396c9bc3ccb51003c5179
+  data.tar.gz: efffed5c7352c23543ef813316f18e0ae9ca02902ac87397fb274e47789898a39de86acb277da20ed6073f50eb81b75ac691f67adebcd5151b0afb18a5e5e23f

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.99.0 (2023-12-11)
+------------------
+
+* Feature - Added new resource detail objects to ASFF, including resources for AwsDynamoDbTable, AwsEc2ClientVpnEndpoint, AwsMskCluster, AwsS3AccessPoint, AwsS3Bucket
+
 1.98.0 (2023-11-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.98.0
+1.99.0

data/lib/aws-sdk-securityhub/client.rb

@@ -2599,7 +2599,8 @@ module Aws::SecurityHub
     # from the home Region.
     #
     # @option params [required, String] :name
-    #   The name of the configuration policy.
+    #   The name of the configuration policy. Alphanumeric characters and the
+    #   following ASCII characters are permitted: `-, ., !, *, /`.
     #
     # @option params [String] :description
     #   The description of the configuration policy.
@@ -8306,7 +8307,8 @@ module Aws::SecurityHub
     #   of the configuration policy.
     #
     # @option params [String] :name
-    #   The name of the configuration policy.
+    #   The name of the configuration policy. Alphanumeric characters and the
+    #   following ASCII characters are permitted: `-, ., !, *, /`.
     #
     # @option params [String] :description
     #   The description of the configuration policy.
@@ -10346,7 +10348,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.98.0'
+      context[:gem_version] = '1.99.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -196,6 +196,16 @@ module Aws::SecurityHub
     AwsDynamoDbTableRestoreSummary = Shapes::StructureShape.new(name: 'AwsDynamoDbTableRestoreSummary')
     AwsDynamoDbTableSseDescription = Shapes::StructureShape.new(name: 'AwsDynamoDbTableSseDescription')
     AwsDynamoDbTableStreamSpecification = Shapes::StructureShape.new(name: 'AwsDynamoDbTableStreamSpecification')
+    AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails')
+    AwsEc2ClientVpnEndpointAuthenticationOptionsDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointAuthenticationOptionsDetails')
+    AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails')
+    AwsEc2ClientVpnEndpointAuthenticationOptionsList = Shapes::ListShape.new(name: 'AwsEc2ClientVpnEndpointAuthenticationOptionsList')
+    AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails')
+    AwsEc2ClientVpnEndpointClientConnectOptionsDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointClientConnectOptionsDetails')
+    AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails')
+    AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails')
+    AwsEc2ClientVpnEndpointConnectionLogOptionsDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointConnectionLogOptionsDetails')
+    AwsEc2ClientVpnEndpointDetails = Shapes::StructureShape.new(name: 'AwsEc2ClientVpnEndpointDetails')
     AwsEc2EipDetails = Shapes::StructureShape.new(name: 'AwsEc2EipDetails')
     AwsEc2InstanceDetails = Shapes::StructureShape.new(name: 'AwsEc2InstanceDetails')
     AwsEc2InstanceMetadataOptions = Shapes::StructureShape.new(name: 'AwsEc2InstanceMetadataOptions')
@@ -586,6 +596,8 @@ module Aws::SecurityHub
     AwsRoute53HostedZoneVpcDetails = Shapes::StructureShape.new(name: 'AwsRoute53HostedZoneVpcDetails')
     AwsRoute53HostedZoneVpcsList = Shapes::ListShape.new(name: 'AwsRoute53HostedZoneVpcsList')
     AwsRoute53QueryLoggingConfigDetails = Shapes::StructureShape.new(name: 'AwsRoute53QueryLoggingConfigDetails')
+    AwsS3AccessPointDetails = Shapes::StructureShape.new(name: 'AwsS3AccessPointDetails')
+    AwsS3AccessPointVpcConfigurationDetails = Shapes::StructureShape.new(name: 'AwsS3AccessPointVpcConfigurationDetails')
     AwsS3AccountPublicAccessBlockDetails = Shapes::StructureShape.new(name: 'AwsS3AccountPublicAccessBlockDetails')
     AwsS3BucketBucketLifecycleConfigurationDetails = Shapes::StructureShape.new(name: 'AwsS3BucketBucketLifecycleConfigurationDetails')
     AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails = Shapes::StructureShape.new(name: 'AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails')
@@ -2135,6 +2147,7 @@ module Aws::SecurityHub
     AwsDynamoDbTableDetails.add_member(:table_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "TableName"))
     AwsDynamoDbTableDetails.add_member(:table_size_bytes, Shapes::ShapeRef.new(shape: SizeBytes, location_name: "TableSizeBytes"))
     AwsDynamoDbTableDetails.add_member(:table_status, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "TableStatus"))
+    AwsDynamoDbTableDetails.add_member(:deletion_protection_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "DeletionProtectionEnabled"))
     AwsDynamoDbTableDetails.struct_class = Types::AwsDynamoDbTableDetails
 
     AwsDynamoDbTableGlobalSecondaryIndex.add_member(:backfilling, Shapes::ShapeRef.new(shape: Boolean, location_name: "Backfilling"))
@@ -2210,6 +2223,60 @@ module Aws::SecurityHub
     AwsDynamoDbTableStreamSpecification.add_member(:stream_view_type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "StreamViewType"))
     AwsDynamoDbTableStreamSpecification.struct_class = Types::AwsDynamoDbTableStreamSpecification
 
+    AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails.add_member(:directory_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "DirectoryId"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails.struct_class = Types::AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails
+
+    AwsEc2ClientVpnEndpointAuthenticationOptionsDetails.add_member(:type, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Type"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsDetails.add_member(:active_directory, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails, location_name: "ActiveDirectory"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsDetails.add_member(:mutual_authentication, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails, location_name: "MutualAuthentication"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsDetails.add_member(:federated_authentication, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails, location_name: "FederatedAuthentication"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsDetails.struct_class = Types::AwsEc2ClientVpnEndpointAuthenticationOptionsDetails
+
+    AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SamlProviderArn"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails.add_member(:self_service_saml_provider_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SelfServiceSamlProviderArn"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails.struct_class = Types::AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails
+
+    AwsEc2ClientVpnEndpointAuthenticationOptionsList.member = Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointAuthenticationOptionsDetails)
+
+    AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails.add_member(:client_root_certificate_chain, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ClientRootCertificateChain"))
+    AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails.struct_class = Types::AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails
+
+    AwsEc2ClientVpnEndpointClientConnectOptionsDetails.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    AwsEc2ClientVpnEndpointClientConnectOptionsDetails.add_member(:lambda_function_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "LambdaFunctionArn"))
+    AwsEc2ClientVpnEndpointClientConnectOptionsDetails.add_member(:status, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails, location_name: "Status"))
+    AwsEc2ClientVpnEndpointClientConnectOptionsDetails.struct_class = Types::AwsEc2ClientVpnEndpointClientConnectOptionsDetails
+
+    AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails.add_member(:code, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Code"))
+    AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails.add_member(:message, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Message"))
+    AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails.struct_class = Types::AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails
+
+    AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails.add_member(:banner_text, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "BannerText"))
+    AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails.struct_class = Types::AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails
+
+    AwsEc2ClientVpnEndpointConnectionLogOptionsDetails.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
+    AwsEc2ClientVpnEndpointConnectionLogOptionsDetails.add_member(:cloudwatch_log_group, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "CloudwatchLogGroup"))
+    AwsEc2ClientVpnEndpointConnectionLogOptionsDetails.add_member(:cloudwatch_log_stream, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "CloudwatchLogStream"))
+    AwsEc2ClientVpnEndpointConnectionLogOptionsDetails.struct_class = Types::AwsEc2ClientVpnEndpointConnectionLogOptionsDetails
+
+    AwsEc2ClientVpnEndpointDetails.add_member(:client_vpn_endpoint_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ClientVpnEndpointId"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:description, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Description"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:client_cidr_block, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ClientCidrBlock"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:dns_server, Shapes::ShapeRef.new(shape: StringList, location_name: "DnsServer"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:split_tunnel, Shapes::ShapeRef.new(shape: Boolean, location_name: "SplitTunnel"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:transport_protocol, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "TransportProtocol"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:vpn_port, Shapes::ShapeRef.new(shape: Integer, location_name: "VpnPort"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:server_certificate_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ServerCertificateArn"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:authentication_options, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointAuthenticationOptionsList, location_name: "AuthenticationOptions"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:connection_log_options, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointConnectionLogOptionsDetails, location_name: "ConnectionLogOptions"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:security_group_id_set, Shapes::ShapeRef.new(shape: StringList, location_name: "SecurityGroupIdSet"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:vpc_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "VpcId"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:self_service_portal_url, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "SelfServicePortalUrl"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:client_connect_options, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointClientConnectOptionsDetails, location_name: "ClientConnectOptions"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:session_timeout_hours, Shapes::ShapeRef.new(shape: Integer, location_name: "SessionTimeoutHours"))
+    AwsEc2ClientVpnEndpointDetails.add_member(:client_login_banner_options, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails, location_name: "ClientLoginBannerOptions"))
+    AwsEc2ClientVpnEndpointDetails.struct_class = Types::AwsEc2ClientVpnEndpointDetails
+
     AwsEc2EipDetails.add_member(:instance_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "InstanceId"))
     AwsEc2EipDetails.add_member(:public_ip, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "PublicIp"))
     AwsEc2EipDetails.add_member(:allocation_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "AllocationId"))
@@ -3745,6 +3812,7 @@ module Aws::SecurityHub
     AwsMskClusterClusterInfoDetails.add_member(:number_of_broker_nodes, Shapes::ShapeRef.new(shape: Integer, location_name: "NumberOfBrokerNodes"))
     AwsMskClusterClusterInfoDetails.add_member(:cluster_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ClusterName"))
     AwsMskClusterClusterInfoDetails.add_member(:client_authentication, Shapes::ShapeRef.new(shape: AwsMskClusterClusterInfoClientAuthenticationDetails, location_name: "ClientAuthentication"))
+    AwsMskClusterClusterInfoDetails.add_member(:enhanced_monitoring, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "EnhancedMonitoring"))
     AwsMskClusterClusterInfoDetails.struct_class = Types::AwsMskClusterClusterInfoDetails
 
     AwsMskClusterClusterInfoEncryptionInfoDetails.add_member(:encryption_in_transit, Shapes::ShapeRef.new(shape: AwsMskClusterClusterInfoEncryptionInfoEncryptionInTransitDetails, location_name: "EncryptionInTransit"))
@@ -4343,6 +4411,19 @@ module Aws::SecurityHub
     AwsRoute53QueryLoggingConfigDetails.add_member(:cloud_watch_logs_log_group_arn, Shapes::ShapeRef.new(shape: CloudWatchLogsLogGroupArnConfigDetails, location_name: "CloudWatchLogsLogGroupArn"))
     AwsRoute53QueryLoggingConfigDetails.struct_class = Types::AwsRoute53QueryLoggingConfigDetails
 
+    AwsS3AccessPointDetails.add_member(:access_point_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "AccessPointArn"))
+    AwsS3AccessPointDetails.add_member(:alias, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Alias"))
+    AwsS3AccessPointDetails.add_member(:bucket, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Bucket"))
+    AwsS3AccessPointDetails.add_member(:bucket_account_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "BucketAccountId"))
+    AwsS3AccessPointDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
+    AwsS3AccessPointDetails.add_member(:network_origin, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "NetworkOrigin"))
+    AwsS3AccessPointDetails.add_member(:public_access_block_configuration, Shapes::ShapeRef.new(shape: AwsS3AccountPublicAccessBlockDetails, location_name: "PublicAccessBlockConfiguration"))
+    AwsS3AccessPointDetails.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: AwsS3AccessPointVpcConfigurationDetails, location_name: "VpcConfiguration"))
+    AwsS3AccessPointDetails.struct_class = Types::AwsS3AccessPointDetails
+
+    AwsS3AccessPointVpcConfigurationDetails.add_member(:vpc_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "VpcId"))
+    AwsS3AccessPointVpcConfigurationDetails.struct_class = Types::AwsS3AccessPointVpcConfigurationDetails
+
     AwsS3AccountPublicAccessBlockDetails.add_member(:block_public_acls, Shapes::ShapeRef.new(shape: Boolean, location_name: "BlockPublicAcls"))
     AwsS3AccountPublicAccessBlockDetails.add_member(:block_public_policy, Shapes::ShapeRef.new(shape: Boolean, location_name: "BlockPublicPolicy"))
     AwsS3AccountPublicAccessBlockDetails.add_member(:ignore_public_acls, Shapes::ShapeRef.new(shape: Boolean, location_name: "IgnorePublicAcls"))
@@ -4424,6 +4505,7 @@ module Aws::SecurityHub
     AwsS3BucketDetails.add_member(:bucket_notification_configuration, Shapes::ShapeRef.new(shape: AwsS3BucketNotificationConfiguration, location_name: "BucketNotificationConfiguration"))
     AwsS3BucketDetails.add_member(:bucket_versioning_configuration, Shapes::ShapeRef.new(shape: AwsS3BucketBucketVersioningConfiguration, location_name: "BucketVersioningConfiguration"))
     AwsS3BucketDetails.add_member(:object_lock_configuration, Shapes::ShapeRef.new(shape: AwsS3BucketObjectLockConfiguration, location_name: "ObjectLockConfiguration"))
+    AwsS3BucketDetails.add_member(:name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Name"))
     AwsS3BucketDetails.struct_class = Types::AwsS3BucketDetails
 
     AwsS3BucketLoggingConfiguration.add_member(:destination_bucket_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "DestinationBucketName"))
@@ -6199,6 +6281,8 @@ module Aws::SecurityHub
     ResourceDetails.add_member(:aws_dms_replication_instance, Shapes::ShapeRef.new(shape: AwsDmsReplicationInstanceDetails, location_name: "AwsDmsReplicationInstance"))
     ResourceDetails.add_member(:aws_route_53_hosted_zone, Shapes::ShapeRef.new(shape: AwsRoute53HostedZoneDetails, location_name: "AwsRoute53HostedZone"))
     ResourceDetails.add_member(:aws_msk_cluster, Shapes::ShapeRef.new(shape: AwsMskClusterDetails, location_name: "AwsMskCluster"))
+    ResourceDetails.add_member(:aws_s3_access_point, Shapes::ShapeRef.new(shape: AwsS3AccessPointDetails, location_name: "AwsS3AccessPoint"))
+    ResourceDetails.add_member(:aws_ec2_client_vpn_endpoint, Shapes::ShapeRef.new(shape: AwsEc2ClientVpnEndpointDetails, location_name: "AwsEc2ClientVpnEndpoint"))
     ResourceDetails.struct_class = Types::ResourceDetails
 
     ResourceInUseException.add_member(:message, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Message"))
@@ -7937,6 +8021,8 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
       end)
 
       api.add_operation(:update_security_hub_configuration, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-securityhub/types.rb

@@ -5600,6 +5600,11 @@ module Aws::SecurityHub
     #   * `UPDATING`
     #   @return [String]
     #
+    # @!attribute [rw] deletion_protection_enabled
+    #   Indicates whether deletion protection is to be enabled (true) or
+    #   disabled (false) on the table.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableDetails AWS API Documentation
     #
     class AwsDynamoDbTableDetails < Struct.new(
@@ -5621,7 +5626,8 @@ module Aws::SecurityHub
       :table_id,
       :table_name,
       :table_size_bytes,
-      :table_status)
+      :table_status,
+      :deletion_protection_enabled)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6006,6 +6012,281 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Provides details about an Active Directory that’s used to authenticate
+    # an Client VPN endpoint.
+    #
+    # @!attribute [rw] directory_id
+    #   The ID of the Active Directory used for authentication.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails < Struct.new(
+      :directory_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the authentication method used by the Client VPN
+    # endpoint.
+    #
+    # @!attribute [rw] type
+    #   The authentication type used.
+    #   @return [String]
+    #
+    # @!attribute [rw] active_directory
+    #   Information about the Active Directory, if applicable. With Active
+    #   Directory authentication, clients are authenticated against existing
+    #   Active Directory groups.
+    #   @return [Types::AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails]
+    #
+    # @!attribute [rw] mutual_authentication
+    #   Information about the authentication certificates, if applicable.
+    #   @return [Types::AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails]
+    #
+    # @!attribute [rw] federated_authentication
+    #   Information about the IAM SAML identity provider, if applicable.
+    #   @return [Types::AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointAuthenticationOptionsDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointAuthenticationOptionsDetails < Struct.new(
+      :type,
+      :active_directory,
+      :mutual_authentication,
+      :federated_authentication)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the IAM SAML identity providers used for federated
+    # authentication.
+    #
+    # @!attribute [rw] saml_provider_arn
+    #   The Amazon Resource Name (ARN) of the IAM SAML identity provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] self_service_saml_provider_arn
+    #   The Amazon Resource Name (ARN) of the IAM SAML identity provider for
+    #   the self-service portal.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails < Struct.new(
+      :saml_provider_arn,
+      :self_service_saml_provider_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the client certificate used for authentication.
+    #
+    # @!attribute [rw] client_root_certificate_chain
+    #   The Amazon Resource Name (ARN) of the client certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails < Struct.new(
+      :client_root_certificate_chain)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The options for managing connection authorization for new client
+    # connections.
+    #
+    # @!attribute [rw] enabled
+    #   Indicates whether client connect options are enabled.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] lambda_function_arn
+    #   The Amazon Resource Name (ARN) of the Lambda function used for
+    #   connection authorization.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of any updates to the client connect options.
+    #   @return [Types::AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointClientConnectOptionsDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointClientConnectOptionsDetails < Struct.new(
+      :enabled,
+      :lambda_function_arn,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes the status of the Client VPN endpoint attribute.
+    #
+    # @!attribute [rw] code
+    #   The status code.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   The status message.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails < Struct.new(
+      :code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Options for enabling a customizable text banner that will be displayed
+    # on Amazon Web Services provided clients when a VPN session is
+    # established.
+    #
+    # @!attribute [rw] enabled
+    #   Current state of text banner feature.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] banner_text
+    #   Customizable text that will be displayed in a banner on Amazon Web
+    #   Services provided clients when a VPN session is established.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails < Struct.new(
+      :enabled,
+      :banner_text)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the client connection logging options for the Client
+    # VPN endpoint.
+    #
+    # @!attribute [rw] enabled
+    #   Indicates whether client connection logging is enabled for the
+    #   Client VPN endpoint.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] cloudwatch_log_group
+    #   The name of the Amazon CloudWatch Logs log group to which connection
+    #   logging data is published.
+    #   @return [String]
+    #
+    # @!attribute [rw] cloudwatch_log_stream
+    #   The name of the Amazon CloudWatch Logs log stream to which
+    #   connection logging data is published.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointConnectionLogOptionsDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointConnectionLogOptionsDetails < Struct.new(
+      :enabled,
+      :cloudwatch_log_group,
+      :cloudwatch_log_stream)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes an Client VPN endpoint. A Client VPN endpoint is the
+    # resource that you create and configure to enable and manage client VPN
+    # sessions. It's the termination point for all client VPN sessions.
+    #
+    # @!attribute [rw] client_vpn_endpoint_id
+    #   The ID of the Client VPN endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A brief description of the endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_cidr_block
+    #   The IPv4 address range, in CIDR notation, from which client IP
+    #   addresses are assigned.
+    #   @return [String]
+    #
+    # @!attribute [rw] dns_server
+    #   Information about the DNS servers to be used for DNS resolution.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] split_tunnel
+    #   Indicates whether split-tunnel is enabled in the Client VPN
+    #   endpoint.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] transport_protocol
+    #   The transport protocol used by the Client VPN endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpn_port
+    #   The port number for the Client VPN endpoint.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] server_certificate_arn
+    #   The Amazon Resource Name (ARN) of the server certificate.
+    #   @return [String]
+    #
+    # @!attribute [rw] authentication_options
+    #   Information about the authentication method used by the Client VPN
+    #   endpoint.
+    #   @return [Array<Types::AwsEc2ClientVpnEndpointAuthenticationOptionsDetails>]
+    #
+    # @!attribute [rw] connection_log_options
+    #   Information about the client connection logging options for the
+    #   Client VPN endpoint.
+    #   @return [Types::AwsEc2ClientVpnEndpointConnectionLogOptionsDetails]
+    #
+    # @!attribute [rw] security_group_id_set
+    #   The IDs of the security groups for the target network.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] vpc_id
+    #   The ID of the VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] self_service_portal_url
+    #   The URL of the self-service portal.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_connect_options
+    #   The options for managing connection authorization for new client
+    #   connections.
+    #   @return [Types::AwsEc2ClientVpnEndpointClientConnectOptionsDetails]
+    #
+    # @!attribute [rw] session_timeout_hours
+    #   The maximum VPN session duration time in hours.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] client_login_banner_options
+    #   Options for enabling a customizable text banner that will be
+    #   displayed on Amazon Web Services provided clients when a VPN session
+    #   is established.
+    #   @return [Types::AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2ClientVpnEndpointDetails AWS API Documentation
+    #
+    class AwsEc2ClientVpnEndpointDetails < Struct.new(
+      :client_vpn_endpoint_id,
+      :description,
+      :client_cidr_block,
+      :dns_server,
+      :split_tunnel,
+      :transport_protocol,
+      :vpn_port,
+      :server_certificate_arn,
+      :authentication_options,
+      :connection_log_options,
+      :security_group_id_set,
+      :vpc_id,
+      :self_service_portal_url,
+      :client_connect_options,
+      :session_timeout_hours,
+      :client_login_banner_options)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about an Elastic IP address.
     #
     # @!attribute [rw] instance_id
@@ -14031,7 +14312,8 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # Provide details about an Amazon MSK cluster.
+    # Provide details about an Amazon Managed Streaming for Apache Kafka
+    # (Amazon MSK) cluster.
     #
     # @!attribute [rw] encryption_info
     #   Includes encryption-related information, such as the KMS key used
@@ -14040,7 +14322,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsMskClusterClusterInfoEncryptionInfoDetails]
     #
     # @!attribute [rw] current_version
-    #   The current version of the MSK cluster.
+    #   The current version of the cluster.
     #   @return [String]
     #
     # @!attribute [rw] number_of_broker_nodes
@@ -14055,6 +14337,10 @@ module Aws::SecurityHub
     #   Provides information for different modes of client authentication.
     #   @return [Types::AwsMskClusterClusterInfoClientAuthenticationDetails]
     #
+    # @!attribute [rw] enhanced_monitoring
+    #   Specifies the level of monitoring for the cluster.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsMskClusterClusterInfoDetails AWS API Documentation
     #
     class AwsMskClusterClusterInfoDetails < Struct.new(
@@ -14062,7 +14348,8 @@ module Aws::SecurityHub
       :current_version,
       :number_of_broker_nodes,
       :cluster_name,
-      :client_authentication)
+      :client_authentication,
+      :enhanced_monitoring)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -17307,6 +17594,78 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Returns configuration information about the specified Amazon S3 access
+    # point. S3 access points are named network endpoints that are attached
+    # to buckets that you can use to perform S3 object operations.
+    #
+    # @!attribute [rw] access_point_arn
+    #   The Amazon Resource Name (ARN) of the access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] alias
+    #   The name or alias of the access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket
+    #   The name of the S3 bucket associated with the specified access
+    #   point.
+    #   @return [String]
+    #
+    # @!attribute [rw] bucket_account_id
+    #   The Amazon Web Services account ID associated with the S3 bucket
+    #   associated with this access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the specified access point.
+    #   @return [String]
+    #
+    # @!attribute [rw] network_origin
+    #   Indicates whether this access point allows access from the public
+    #   internet.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_access_block_configuration
+    #   provides information about the Amazon S3 Public Access Block
+    #   configuration for accounts.
+    #   @return [Types::AwsS3AccountPublicAccessBlockDetails]
+    #
+    # @!attribute [rw] vpc_configuration
+    #   Contains the virtual private cloud (VPC) configuration for the
+    #   specified access point.
+    #   @return [Types::AwsS3AccessPointVpcConfigurationDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3AccessPointDetails AWS API Documentation
+    #
+    class AwsS3AccessPointDetails < Struct.new(
+      :access_point_arn,
+      :alias,
+      :bucket,
+      :bucket_account_id,
+      :name,
+      :network_origin,
+      :public_access_block_configuration,
+      :vpc_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The virtual private cloud (VPC) configuration for an Amazon S3 access
+    # point.
+    #
+    # @!attribute [rw] vpc_id
+    #   If this field is specified, this access point will only allow
+    #   connections from the specified VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3AccessPointVpcConfigurationDetails AWS API Documentation
+    #
+    class AwsS3AccessPointVpcConfigurationDetails < Struct.new(
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # provides information about the Amazon S3 Public Access Block
     # configuration for accounts.
     #
@@ -17657,7 +18016,7 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # The details of an Amazon S3 bucket.
+    # The details of an Amazon Simple Storage Service (Amazon S3) bucket.
     #
     # @!attribute [rw] owner_id
     #   The canonical user ID of the owner of the S3 bucket.
@@ -17690,7 +18049,7 @@ module Aws::SecurityHub
     #   @return [Types::AwsS3BucketServerSideEncryptionConfiguration]
     #
     # @!attribute [rw] bucket_lifecycle_configuration
-    #   The lifecycle configuration for objects in the S3 bucket.
+    #   The lifecycle configuration for objects in the specified bucket.
     #   @return [Types::AwsS3BucketBucketLifecycleConfigurationDetails]
     #
     # @!attribute [rw] public_access_block_configuration
@@ -17720,9 +18079,13 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] object_lock_configuration
     #   Specifies which rule Amazon S3 applies by default to every new
-    #   object placed in the specified bucket.
+    #   object placed in the bucket.
     #   @return [Types::AwsS3BucketObjectLockConfiguration]
     #
+    # @!attribute [rw] name
+    #   The name of the bucket.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation
     #
     class AwsS3BucketDetails < Struct.new(
@@ -17738,7 +18101,8 @@ module Aws::SecurityHub
       :bucket_website_configuration,
       :bucket_notification_configuration,
       :bucket_versioning_configuration,
-      :object_lock_configuration)
+      :object_lock_configuration,
+      :name)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -22025,7 +22389,8 @@ module Aws::SecurityHub
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The name of the configuration policy.
+    #   The name of the configuration policy. Alphanumeric characters and
+    #   the following ASCII characters are permitted: `-, ., !, *, /`.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -22246,7 +22611,8 @@ module Aws::SecurityHub
     end
 
     # @!attribute [rw] name
-    #   The name of the configuration policy.
+    #   The name of the configuration policy. Alphanumeric characters and
+    #   the following ASCII characters are permitted: `-, ., !, *, /`.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -25861,7 +26227,16 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] value_type
     #   Identifies whether a control parameter uses a custom user-defined
-    #   value or the Security Hub default value.
+    #   value or subscribes to the default Security Hub behavior.
+    #
+    #   When `ValueType` is set equal to `DEFAULT`, the default behavior can
+    #   be a specific Security Hub default value, or the default behavior
+    #   can be to ignore a specific parameter. When `ValueType` is set equal
+    #   to `DEFAULT`, Security Hub ignores user-provided input for the
+    #   `Value` field.
+    #
+    #   When `ValueType` is set equal to `CUSTOM`, the `Value` field can't
+    #   be empty.
     #   @return [String]
     #
     # @!attribute [rw] value
@@ -26972,6 +27347,20 @@ module Aws::SecurityHub
     #   (Amazon MSK) cluster.
     #   @return [Types::AwsMskClusterDetails]
     #
+    # @!attribute [rw] aws_s3_access_point
+    #   Provides details about an Amazon Simple Storage Service (Amazon S3)
+    #   access point. S3 access points are named network endpoints that are
+    #   attached to S3 buckets that you can use to perform S3 object
+    #   operations.
+    #   @return [Types::AwsS3AccessPointDetails]
+    #
+    # @!attribute [rw] aws_ec2_client_vpn_endpoint
+    #   Provides details about an Client VPN endpoint. A Client VPN endpoint
+    #   is the resource that you create and configure to enable and manage
+    #   client VPN sessions. It's the termination point for all client VPN
+    #   sessions.
+    #   @return [Types::AwsEc2ClientVpnEndpointDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation
     #
     class ResourceDetails < Struct.new(
@@ -27071,7 +27460,9 @@ module Aws::SecurityHub
       :aws_dms_replication_task,
       :aws_dms_replication_instance,
       :aws_route_53_hosted_zone,
-      :aws_msk_cluster)
+      :aws_msk_cluster,
+      :aws_s3_access_point,
+      :aws_ec2_client_vpn_endpoint)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -29373,7 +29764,8 @@ module Aws::SecurityHub
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The name of the configuration policy.
+    #   The name of the configuration policy. Alphanumeric characters and
+    #   the following ASCII characters are permitted: `-, ., !, *, /`.
     #   @return [String]
     #
     # @!attribute [rw] description

data/lib/aws-sdk-securityhub.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @!group service
 module Aws::SecurityHub
 
-  GEM_VERSION = '1.98.0'
+  GEM_VERSION = '1.99.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityhub
 version: !ruby/object:Gem::Version
-  version: 1.98.0
+  version: 1.99.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-11-28 00:00:00.000000000 Z
+date: 2023-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core