aws-sdk-securityhub 1.35.0 → 1.36.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 787663e24fb4efd17a0ea33a6aa1de712c1596b9cd980dd2894bd58a752770fb
-  data.tar.gz: 70630a040eb2db1d87bb0c2615c4c5d8c1c7ff9267793f6c36a75cf649cbf773
+  metadata.gz: dfd2b4dd950ff3c25ffe4aa522baa557f0e9b09f17eb33f4d8b28390d478e8e9
+  data.tar.gz: 86aa091badb2a21ef8ff863b04aeb46648c99e0c682923f8d5380a655c4978ed
 SHA512:
-  metadata.gz: cba4b2e2a3afeafa08e72eea8f8e9d0cb7eabda7c1112cf833c87093b165c7f87bb277fc1e1d35a40a5247e9d7316547e31b95aea41c33c2566217af45e35fc8
-  data.tar.gz: 320767e4236588323474da4e9ae2844186b391503b768b3a72be373d14c27701848c7eb29924a64a834bef6d8a6f5529296a34e93bef2c63da6014b46a691c58
+  metadata.gz: 3c8d78f445024a95159b48fb25c611bc089179fa9e76acba2cf14293b56f0eb354448ebf2586540b98f16420e9ba13150e6b4a9205adb574e43470e0362e77ae
+  data.tar.gz: 7be711077e56e1bdb730542a70eab2b5036eb5ad04ebcf707b3977608264365df7a27473a0543a21adeab03bc9a889bed5efd6705e2371d717c3d256aabe69af

data/lib/aws-sdk-securityhub.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-securityhub/customizations'
 # @!group service
 module Aws::SecurityHub
 
-  GEM_VERSION = '1.35.0'
+  GEM_VERSION = '1.36.0'
 
 end

data/lib/aws-sdk-securityhub/client.rb

@@ -330,6 +330,9 @@ module Aws::SecurityHub
     # Accepts the invitation to be a member account and be monitored by the
     # Security Hub master account that the invitation was sent from.
     #
+    # This operation is only used by member accounts that are not added
+    # through Organizations.
+    #
     # When the member account accepts the invitation, permission is granted
     # to the master account to view findings generated in the member
     # account.
@@ -2854,29 +2857,48 @@ module Aws::SecurityHub
 
     # Creates a member association in Security Hub between the specified
     # accounts and the account used to make the request, which is the master
-    # account. To successfully create a member, you must use this action
-    # from an account that already has Security Hub enabled. To enable
-    # Security Hub, you can use the ` EnableSecurityHub ` operation.
+    # account. If you are integrated with Organizations, then the master
+    # account is the Security Hub administrator account that is designated
+    # by the organization management account.
+    #
+    # `CreateMembers` is always used to add accounts that are not
+    # organization members.
+    #
+    # For accounts that are part of an organization, `CreateMembers` is only
+    # used in the following cases:
+    #
+    # * Security Hub is not configured to automatically add new accounts in
+    #   an organization.
+    #
+    # * The account was disassociated or deleted in Security Hub.
+    #
+    # This action can only be used by an account that has Security Hub
+    # enabled. To enable Security Hub, you can use the ` EnableSecurityHub `
+    # operation.
     #
-    # After you use `CreateMembers` to create member account associations in
-    # Security Hub, you must use the ` InviteMembers ` operation to invite
-    # the accounts to enable Security Hub and become member accounts in
-    # Security Hub.
+    # For accounts that are not organization members, you create the account
+    # association and then send an invitation to the member account. To send
+    # the invitation, you use the ` InviteMembers ` operation. If the
+    # account owner accepts the invitation, the account becomes a member
+    # account in Security Hub.
     #
-    # If the account owner accepts the invitation, the account becomes a
-    # member account in Security Hub. A permissions policy is added that
-    # permits the master account to view the findings generated in the
-    # member account. When Security Hub is enabled in the invited account,
-    # findings start to be sent to both the member and master accounts.
+    # Accounts that are part of an organization do not receive an
+    # invitation. They automatically become a member account in Security
+    # Hub.
+    #
+    # A permissions policy is added that permits the master account to view
+    # the findings generated in the member account. When Security Hub is
+    # enabled in a member account, findings are sent to both the member and
+    # master accounts.
     #
     # To remove the association between the master and member accounts, use
     # the ` DisassociateFromMasterAccount ` or ` DisassociateMembers `
     # operation.
     #
-    # @option params [Array<Types::AccountDetails>] :account_details
+    # @option params [required, Array<Types::AccountDetails>] :account_details
     #   The list of accounts to associate with the Security Hub master
-    #   account. For each account, the list includes the account ID and the
-    #   email address.
+    #   account. For each account, the list includes the account ID and
+    #   optionally the email address.
     #
     # @return [Types::CreateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2885,9 +2907,9 @@ module Aws::SecurityHub
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_members({
-    #     account_details: [
+    #     account_details: [ # required
     #       {
-    #         account_id: "AccountId",
+    #         account_id: "AccountId", # required
     #         email: "NonEmptyString",
     #       },
     #     ],
@@ -2910,6 +2932,9 @@ module Aws::SecurityHub
 
     # Declines invitations to become a member account.
     #
+    # This operation is only used by accounts that are not part of an
+    # organization. Organization accounts do not receive invitations.
+    #
     # @option params [required, Array<String>] :account_ids
     #   The list of account IDs for the accounts from which to decline the
     #   invitations to Security Hub.
@@ -3002,6 +3027,9 @@ module Aws::SecurityHub
     # Deletes invitations received by the AWS account to become a member
     # account.
     #
+    # This operation is only used by accounts that are not part of an
+    # organization. Organization accounts do not receive invitations.
+    #
     # @option params [required, Array<String>] :account_ids
     #   The list of the account IDs that sent the invitations to delete.
     #
@@ -3032,7 +3060,10 @@ module Aws::SecurityHub
 
     # Deletes the specified member accounts from Security Hub.
     #
-    # @option params [Array<String>] :account_ids
+    # Can be used to delete member accounts that belong to an organization
+    # as well as member accounts that were invited manually.
+    #
+    # @option params [required, Array<String>] :account_ids
     #   The list of account IDs for the member accounts to delete.
     #
     # @return [Types::DeleteMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -3042,7 +3073,7 @@ module Aws::SecurityHub
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_members({
-    #     account_ids: ["NonEmptyString"],
+    #     account_ids: ["NonEmptyString"], # required
     #   })
     #
     # @example Response structure
@@ -3144,6 +3175,28 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Returns information about the Organizations configuration for Security
+    # Hub. Can only be called from a Security Hub administrator account.
+    #
+    # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
+    #   * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
+    #
+    # @example Response structure
+    #
+    #   resp.auto_enable #=> Boolean
+    #   resp.member_account_limit_reached #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
+    #
+    # @overload describe_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_organization_configuration(params = {}, options = {})
+      req = build_request(:describe_organization_configuration, params)
+      req.send_request(options)
+    end
+
     # Returns information about the available products that you can
     # subscribe to and integrate with Security Hub in order to consolidate
     # findings.
@@ -3256,7 +3309,8 @@ module Aws::SecurityHub
     #
     # @option params [required, String] :standards_subscription_arn
     #   The ARN of a resource that represents your subscription to a supported
-    #   standard.
+    #   standard. To get the subscription ARNs of the standards you have
+    #   enabled, use the ` GetEnabledStandards ` operation.
     #
     # @option params [String] :next_token
     #   The token that is required for pagination. On your first call to the
@@ -3334,6 +3388,29 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Disables a Security Hub administrator account. Can only be called by
+    # the organization management account.
+    #
+    # @option params [required, String] :admin_account_id
+    #   The AWS account identifier of the Security Hub administrator account.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disable_organization_admin_account({
+    #     admin_account_id: "NonEmptyString", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload disable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def disable_organization_admin_account(params = {}, options = {})
+      req = build_request(:disable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Disables Security Hub in your account only in the current Region. To
     # disable Security Hub in all Regions, you must submit one request per
     # Region where you have enabled Security Hub.
@@ -3363,6 +3440,11 @@ module Aws::SecurityHub
     # Disassociates the current Security Hub member account from the
     # associated master account.
     #
+    # This operation is only used by accounts that are not part of an
+    # organization. For organization accounts, only the master account (the
+    # designated Security Hub administrator) can disassociate a member
+    # account.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount AWS API Documentation
@@ -3377,7 +3459,10 @@ module Aws::SecurityHub
     # Disassociates the specified member accounts from the associated master
     # account.
     #
-    # @option params [Array<String>] :account_ids
+    # Can be used to disassociate both accounts that are in an organization
+    # and accounts that were invited manually.
+    #
+    # @option params [required, Array<String>] :account_ids
     #   The account IDs of the member accounts to disassociate from the master
     #   account.
     #
@@ -3386,7 +3471,7 @@ module Aws::SecurityHub
     # @example Request syntax with placeholder values
     #
     #   resp = client.disassociate_members({
-    #     account_ids: ["NonEmptyString"],
+    #     account_ids: ["NonEmptyString"], # required
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembers AWS API Documentation
@@ -3431,6 +3516,30 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Designates the Security Hub administrator account for an organization.
+    # Can only be called by the organization management account.
+    #
+    # @option params [required, String] :admin_account_id
+    #   The AWS account identifier of the account to designate as the Security
+    #   Hub administrator account.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_organization_admin_account({
+    #     admin_account_id: "NonEmptyString", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccount AWS API Documentation
+    #
+    # @overload enable_organization_admin_account(params = {})
+    # @param [Hash] params ({})
+    def enable_organization_admin_account(params = {}, options = {})
+      req = build_request(:enable_organization_admin_account, params)
+      req.send_request(options)
+    end
+
     # Enables Security Hub for your account in the current Region or the
     # Region you specify in the request.
     #
@@ -5586,6 +5695,9 @@ module Aws::SecurityHub
     # Provides the details for the Security Hub master account for the
     # current member account.
     #
+    # Can be used by both member accounts that are in an organization and
+    # accounts that were invited manually.
+    #
     # @return [Types::GetMasterAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetMasterAccountResponse#master #master} => Types::Invitation
@@ -5609,6 +5721,13 @@ module Aws::SecurityHub
     # Returns the details for the Security Hub member accounts for the
     # specified account IDs.
     #
+    # A master account can be either a delegated Security Hub administrator
+    # account for an organization or a master account that enabled Security
+    # Hub manually.
+    #
+    # The results include both member accounts that are in an organization
+    # and accounts that were invited manually.
+    #
     # @option params [required, Array<String>] :account_ids
     #   The list of account IDs for the Security Hub member accounts to return
     #   the details for.
@@ -5649,15 +5768,18 @@ module Aws::SecurityHub
     # Invites other AWS accounts to become member accounts for the Security
     # Hub master account that the invitation is sent from.
     #
+    # This operation is only used to invite accounts that do not belong to
+    # an organization. Organization accounts do not receive invitations.
+    #
     # Before you can use this action to invite a member, you must first use
     # the ` CreateMembers ` action to create the member account in Security
     # Hub.
     #
-    # When the account owner accepts the invitation to become a member
-    # account and enables Security Hub, the master account can view the
-    # findings generated from the member account.
+    # When the account owner enables Security Hub and accepts the invitation
+    # to become a member account, the master account can view the findings
+    # generated from the member account.
     #
-    # @option params [Array<String>] :account_ids
+    # @option params [required, Array<String>] :account_ids
     #   The list of account IDs of the AWS accounts to invite to Security Hub
     #   as members.
     #
@@ -5668,7 +5790,7 @@ module Aws::SecurityHub
     # @example Request syntax with placeholder values
     #
     #   resp = client.invite_members({
-    #     account_ids: ["NonEmptyString"],
+    #     account_ids: ["NonEmptyString"], # required
     #   })
     #
     # @example Response structure
@@ -5733,6 +5855,9 @@ module Aws::SecurityHub
     # Lists all Security Hub membership invitations that were sent to the
     # current AWS account.
     #
+    # This operation is only used by accounts that do not belong to an
+    # organization. Organization accounts do not receive invitations.
+    #
     # @option params [Integer] :max_results
     #   The maximum number of items to return in the response.
     #
@@ -5780,14 +5905,17 @@ module Aws::SecurityHub
     # Lists details about all member accounts for the current Security Hub
     # master account.
     #
+    # The results include both member accounts that belong to an
+    # organization and member accounts that were invited manually.
+    #
     # @option params [Boolean] :only_associated
     #   Specifies which member accounts to include in the response based on
     #   their relationship status with the master account. The default value
     #   is `TRUE`.
     #
     #   If `OnlyAssociated` is set to `TRUE`, the response includes member
-    #   accounts whose relationship status with the master is set to `ENABLED`
-    #   or `DISABLED`.
+    #   accounts whose relationship status with the master is set to
+    #   `ENABLED`.
     #
     #   If `OnlyAssociated` is set to `FALSE`, the response includes all
     #   existing member accounts.
@@ -5838,6 +5966,49 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Lists the Security Hub administrator accounts. Can only be called by
+    # the organization management account.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of items to return in the response.
+    #
+    # @option params [String] :next_token
+    #   The token that is required for pagination. On your first call to the
+    #   `ListOrganizationAdminAccounts` operation, set the value of this
+    #   parameter to `NULL`. For subsequent calls to the operation, to
+    #   continue listing data, set the value of this parameter to the value
+    #   returned from the previous response.
+    #
+    # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListOrganizationAdminAccountsResponse#admin_accounts #admin_accounts} => Array&lt;Types::AdminAccount&gt;
+    #   * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_organization_admin_accounts({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.admin_accounts #=> Array
+    #   resp.admin_accounts[0].account_id #=> String
+    #   resp.admin_accounts[0].status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccounts AWS API Documentation
+    #
+    # @overload list_organization_admin_accounts(params = {})
+    # @param [Hash] params ({})
+    def list_organization_admin_accounts(params = {}, options = {})
+      req = build_request(:list_organization_admin_accounts, params)
+      req.send_request(options)
+    end
+
     # Returns a list of tags associated with a resource.
     #
     # @option params [required, String] :resource_arn
@@ -7134,6 +7305,36 @@ module Aws::SecurityHub
       req.send_request(options)
     end
 
+    # Used to update the configuration related to Organizations. Can only be
+    # called from a Security Hub administrator account.
+    #
+    # @option params [required, Boolean] :auto_enable
+    #   Whether to automatically enable Security Hub for new accounts in the
+    #   organization.
+    #
+    #   By default, this is `false`, and new accounts are not added
+    #   automatically.
+    #
+    #   To automatically enable Security Hub for new accounts, set this to
+    #   `true`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_organization_configuration({
+    #     auto_enable: false, # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
+    #
+    # @overload update_organization_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_organization_configuration(params = {}, options = {})
+      req = build_request(:update_organization_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates configuration options for Security Hub.
     #
     # @option params [Boolean] :auto_enable_controls
@@ -7206,7 +7407,7 @@ module Aws::SecurityHub
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-securityhub'
-      context[:gem_version] = '1.35.0'
+      context[:gem_version] = '1.36.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityhub/client_api.rb

@@ -22,6 +22,10 @@ module Aws::SecurityHub
     AccountIdList = Shapes::ListShape.new(name: 'AccountIdList')
     ActionTarget = Shapes::StructureShape.new(name: 'ActionTarget')
     ActionTargetList = Shapes::ListShape.new(name: 'ActionTargetList')
+    AdminAccount = Shapes::StructureShape.new(name: 'AdminAccount')
+    AdminAccounts = Shapes::ListShape.new(name: 'AdminAccounts')
+    AdminStatus = Shapes::StringShape.new(name: 'AdminStatus')
+    AdminsMaxResults = Shapes::IntegerShape.new(name: 'AdminsMaxResults')
     ArnList = Shapes::ListShape.new(name: 'ArnList')
     AvailabilityZone = Shapes::StructureShape.new(name: 'AvailabilityZone')
     AvailabilityZones = Shapes::ListShape.new(name: 'AvailabilityZones')
@@ -270,6 +274,7 @@ module Aws::SecurityHub
     CreateInsightResponse = Shapes::StructureShape.new(name: 'CreateInsightResponse')
     CreateMembersRequest = Shapes::StructureShape.new(name: 'CreateMembersRequest')
     CreateMembersResponse = Shapes::StructureShape.new(name: 'CreateMembersResponse')
+    CrossAccountMaxResults = Shapes::IntegerShape.new(name: 'CrossAccountMaxResults')
     Cvss = Shapes::StructureShape.new(name: 'Cvss')
     CvssList = Shapes::ListShape.new(name: 'CvssList')
     DateFilter = Shapes::StructureShape.new(name: 'DateFilter')
@@ -290,6 +295,8 @@ module Aws::SecurityHub
     DescribeActionTargetsResponse = Shapes::StructureShape.new(name: 'DescribeActionTargetsResponse')
     DescribeHubRequest = Shapes::StructureShape.new(name: 'DescribeHubRequest')
     DescribeHubResponse = Shapes::StructureShape.new(name: 'DescribeHubResponse')
+    DescribeOrganizationConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeOrganizationConfigurationRequest')
+    DescribeOrganizationConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeOrganizationConfigurationResponse')
     DescribeProductsRequest = Shapes::StructureShape.new(name: 'DescribeProductsRequest')
     DescribeProductsResponse = Shapes::StructureShape.new(name: 'DescribeProductsResponse')
     DescribeStandardsControlsRequest = Shapes::StructureShape.new(name: 'DescribeStandardsControlsRequest')
@@ -298,6 +305,8 @@ module Aws::SecurityHub
     DescribeStandardsResponse = Shapes::StructureShape.new(name: 'DescribeStandardsResponse')
     DisableImportFindingsForProductRequest = Shapes::StructureShape.new(name: 'DisableImportFindingsForProductRequest')
     DisableImportFindingsForProductResponse = Shapes::StructureShape.new(name: 'DisableImportFindingsForProductResponse')
+    DisableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'DisableOrganizationAdminAccountRequest')
+    DisableOrganizationAdminAccountResponse = Shapes::StructureShape.new(name: 'DisableOrganizationAdminAccountResponse')
     DisableSecurityHubRequest = Shapes::StructureShape.new(name: 'DisableSecurityHubRequest')
     DisableSecurityHubResponse = Shapes::StructureShape.new(name: 'DisableSecurityHubResponse')
     DisassociateFromMasterAccountRequest = Shapes::StructureShape.new(name: 'DisassociateFromMasterAccountRequest')
@@ -307,6 +316,8 @@ module Aws::SecurityHub
     Double = Shapes::FloatShape.new(name: 'Double')
     EnableImportFindingsForProductRequest = Shapes::StructureShape.new(name: 'EnableImportFindingsForProductRequest')
     EnableImportFindingsForProductResponse = Shapes::StructureShape.new(name: 'EnableImportFindingsForProductResponse')
+    EnableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountRequest')
+    EnableOrganizationAdminAccountResponse = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountResponse')
     EnableSecurityHubRequest = Shapes::StructureShape.new(name: 'EnableSecurityHubRequest')
     EnableSecurityHubResponse = Shapes::StructureShape.new(name: 'EnableSecurityHubResponse')
     FieldMap = Shapes::MapShape.new(name: 'FieldMap')
@@ -354,6 +365,8 @@ module Aws::SecurityHub
     ListInvitationsResponse = Shapes::StructureShape.new(name: 'ListInvitationsResponse')
     ListMembersRequest = Shapes::StructureShape.new(name: 'ListMembersRequest')
     ListMembersResponse = Shapes::StructureShape.new(name: 'ListMembersResponse')
+    ListOrganizationAdminAccountsRequest = Shapes::StructureShape.new(name: 'ListOrganizationAdminAccountsRequest')
+    ListOrganizationAdminAccountsResponse = Shapes::StructureShape.new(name: 'ListOrganizationAdminAccountsResponse')
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     LoadBalancerState = Shapes::StructureShape.new(name: 'LoadBalancerState')
@@ -452,6 +465,8 @@ module Aws::SecurityHub
     UpdateFindingsResponse = Shapes::StructureShape.new(name: 'UpdateFindingsResponse')
     UpdateInsightRequest = Shapes::StructureShape.new(name: 'UpdateInsightRequest')
     UpdateInsightResponse = Shapes::StructureShape.new(name: 'UpdateInsightResponse')
+    UpdateOrganizationConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateOrganizationConfigurationRequest')
+    UpdateOrganizationConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateOrganizationConfigurationResponse')
     UpdateSecurityHubConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateSecurityHubConfigurationRequest')
     UpdateSecurityHubConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateSecurityHubConfigurationResponse')
     UpdateStandardsControlRequest = Shapes::StructureShape.new(name: 'UpdateStandardsControlRequest')
@@ -479,7 +494,7 @@ module Aws::SecurityHub
     AccessDeniedException.add_member(:code, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Code"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
 
-    AccountDetails.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
+    AccountDetails.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, required: true, location_name: "AccountId"))
     AccountDetails.add_member(:email, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "Email"))
     AccountDetails.struct_class = Types::AccountDetails
 
@@ -494,6 +509,12 @@ module Aws::SecurityHub
 
     ActionTargetList.member = Shapes::ShapeRef.new(shape: ActionTarget)
 
+    AdminAccount.add_member(:account_id, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "AccountId"))
+    AdminAccount.add_member(:status, Shapes::ShapeRef.new(shape: AdminStatus, location_name: "Status"))
+    AdminAccount.struct_class = Types::AdminAccount
+
+    AdminAccounts.member = Shapes::ShapeRef.new(shape: AdminAccount)
+
     ArnList.member = Shapes::ShapeRef.new(shape: NonEmptyString)
 
     AvailabilityZone.add_member(:zone_name, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ZoneName"))
@@ -1985,7 +2006,7 @@ module Aws::SecurityHub
     CreateInsightResponse.add_member(:insight_arn, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "InsightArn"))
     CreateInsightResponse.struct_class = Types::CreateInsightResponse
 
-    CreateMembersRequest.add_member(:account_details, Shapes::ShapeRef.new(shape: AccountDetailsList, location_name: "AccountDetails"))
+    CreateMembersRequest.add_member(:account_details, Shapes::ShapeRef.new(shape: AccountDetailsList, required: true, location_name: "AccountDetails"))
     CreateMembersRequest.struct_class = Types::CreateMembersRequest
 
     CreateMembersResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: ResultList, location_name: "UnprocessedAccounts"))
@@ -2033,7 +2054,7 @@ module Aws::SecurityHub
     DeleteInvitationsResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: ResultList, location_name: "UnprocessedAccounts"))
     DeleteInvitationsResponse.struct_class = Types::DeleteInvitationsResponse
 
-    DeleteMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, location_name: "AccountIds"))
+    DeleteMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, required: true, location_name: "AccountIds"))
     DeleteMembersRequest.struct_class = Types::DeleteMembersRequest
 
     DeleteMembersResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: ResultList, location_name: "UnprocessedAccounts"))
@@ -2056,6 +2077,12 @@ module Aws::SecurityHub
     DescribeHubResponse.add_member(:auto_enable_controls, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnableControls"))
     DescribeHubResponse.struct_class = Types::DescribeHubResponse
 
+    DescribeOrganizationConfigurationRequest.struct_class = Types::DescribeOrganizationConfigurationRequest
+
+    DescribeOrganizationConfigurationResponse.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnable"))
+    DescribeOrganizationConfigurationResponse.add_member(:member_account_limit_reached, Shapes::ShapeRef.new(shape: Boolean, location_name: "MemberAccountLimitReached"))
+    DescribeOrganizationConfigurationResponse.struct_class = Types::DescribeOrganizationConfigurationResponse
+
     DescribeProductsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "NextToken"))
     DescribeProductsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "MaxResults"))
     DescribeProductsRequest.struct_class = Types::DescribeProductsRequest
@@ -2086,6 +2113,11 @@ module Aws::SecurityHub
 
     DisableImportFindingsForProductResponse.struct_class = Types::DisableImportFindingsForProductResponse
 
+    DisableOrganizationAdminAccountRequest.add_member(:admin_account_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "AdminAccountId"))
+    DisableOrganizationAdminAccountRequest.struct_class = Types::DisableOrganizationAdminAccountRequest
+
+    DisableOrganizationAdminAccountResponse.struct_class = Types::DisableOrganizationAdminAccountResponse
+
     DisableSecurityHubRequest.struct_class = Types::DisableSecurityHubRequest
 
     DisableSecurityHubResponse.struct_class = Types::DisableSecurityHubResponse
@@ -2094,7 +2126,7 @@ module Aws::SecurityHub
 
     DisassociateFromMasterAccountResponse.struct_class = Types::DisassociateFromMasterAccountResponse
 
-    DisassociateMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, location_name: "AccountIds"))
+    DisassociateMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, required: true, location_name: "AccountIds"))
     DisassociateMembersRequest.struct_class = Types::DisassociateMembersRequest
 
     DisassociateMembersResponse.struct_class = Types::DisassociateMembersResponse
@@ -2105,6 +2137,11 @@ module Aws::SecurityHub
     EnableImportFindingsForProductResponse.add_member(:product_subscription_arn, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "ProductSubscriptionArn"))
     EnableImportFindingsForProductResponse.struct_class = Types::EnableImportFindingsForProductResponse
 
+    EnableOrganizationAdminAccountRequest.add_member(:admin_account_id, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "AdminAccountId"))
+    EnableOrganizationAdminAccountRequest.struct_class = Types::EnableOrganizationAdminAccountRequest
+
+    EnableOrganizationAdminAccountResponse.struct_class = Types::EnableOrganizationAdminAccountResponse
+
     EnableSecurityHubRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "Tags"))
     EnableSecurityHubRequest.add_member(:enable_default_standards, Shapes::ShapeRef.new(shape: Boolean, location_name: "EnableDefaultStandards"))
     EnableSecurityHubRequest.struct_class = Types::EnableSecurityHubRequest
@@ -2213,7 +2250,7 @@ module Aws::SecurityHub
 
     InvitationList.member = Shapes::ShapeRef.new(shape: Invitation)
 
-    InviteMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, location_name: "AccountIds"))
+    InviteMembersRequest.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, required: true, location_name: "AccountIds"))
     InviteMembersRequest.struct_class = Types::InviteMembersRequest
 
     InviteMembersResponse.add_member(:unprocessed_accounts, Shapes::ShapeRef.new(shape: ResultList, location_name: "UnprocessedAccounts"))
@@ -2248,7 +2285,7 @@ module Aws::SecurityHub
     ListEnabledProductsForImportResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListEnabledProductsForImportResponse.struct_class = Types::ListEnabledProductsForImportResponse
 
-    ListInvitationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "MaxResults"))
+    ListInvitationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: CrossAccountMaxResults, location: "querystring", location_name: "MaxResults"))
     ListInvitationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "NextToken"))
     ListInvitationsRequest.struct_class = Types::ListInvitationsRequest
 
@@ -2257,7 +2294,7 @@ module Aws::SecurityHub
     ListInvitationsResponse.struct_class = Types::ListInvitationsResponse
 
     ListMembersRequest.add_member(:only_associated, Shapes::ShapeRef.new(shape: Boolean, location: "querystring", location_name: "OnlyAssociated"))
-    ListMembersRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "MaxResults"))
+    ListMembersRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: CrossAccountMaxResults, location: "querystring", location_name: "MaxResults"))
     ListMembersRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "NextToken"))
     ListMembersRequest.struct_class = Types::ListMembersRequest
 
@@ -2265,6 +2302,14 @@ module Aws::SecurityHub
     ListMembersResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NonEmptyString, location_name: "NextToken"))
     ListMembersResponse.struct_class = Types::ListMembersResponse
 
+    ListOrganizationAdminAccountsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: AdminsMaxResults, location: "querystring", location_name: "MaxResults"))
+    ListOrganizationAdminAccountsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "NextToken"))
+    ListOrganizationAdminAccountsRequest.struct_class = Types::ListOrganizationAdminAccountsRequest
+
+    ListOrganizationAdminAccountsResponse.add_member(:admin_accounts, Shapes::ShapeRef.new(shape: AdminAccounts, location_name: "AdminAccounts"))
+    ListOrganizationAdminAccountsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
+    ListOrganizationAdminAccountsResponse.struct_class = Types::ListOrganizationAdminAccountsResponse
+
     ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location: "uri", location_name: "ResourceArn"))
     ListTagsForResourceRequest.struct_class = Types::ListTagsForResourceRequest
 
@@ -2607,6 +2652,11 @@ module Aws::SecurityHub
 
     UpdateInsightResponse.struct_class = Types::UpdateInsightResponse
 
+    UpdateOrganizationConfigurationRequest.add_member(:auto_enable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "AutoEnable"))
+    UpdateOrganizationConfigurationRequest.struct_class = Types::UpdateOrganizationConfigurationRequest
+
+    UpdateOrganizationConfigurationResponse.struct_class = Types::UpdateOrganizationConfigurationResponse
+
     UpdateSecurityHubConfigurationRequest.add_member(:auto_enable_controls, Shapes::ShapeRef.new(shape: Boolean, location_name: "AutoEnableControls"))
     UpdateSecurityHubConfigurationRequest.struct_class = Types::UpdateSecurityHubConfigurationRequest
 
@@ -2865,6 +2915,18 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:describe_organization_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeOrganizationConfiguration"
+        o.http_method = "GET"
+        o.http_request_uri = "/organization/configuration"
+        o.input = Shapes::ShapeRef.new(shape: DescribeOrganizationConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeOrganizationConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+      end)
+
       api.add_operation(:describe_products, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeProducts"
         o.http_method = "GET"
@@ -2931,6 +2993,18 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
 
+      api.add_operation(:disable_organization_admin_account, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisableOrganizationAdminAccount"
+        o.http_method = "POST"
+        o.http_request_uri = "/organization/admin/disable"
+        o.input = Shapes::ShapeRef.new(shape: DisableOrganizationAdminAccountRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisableOrganizationAdminAccountResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+      end)
+
       api.add_operation(:disable_security_hub, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DisableSecurityHub"
         o.http_method = "DELETE"
@@ -2982,6 +3056,18 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
 
+      api.add_operation(:enable_organization_admin_account, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "EnableOrganizationAdminAccount"
+        o.http_method = "POST"
+        o.http_request_uri = "/organization/admin/enable"
+        o.input = Shapes::ShapeRef.new(shape: EnableOrganizationAdminAccountRequest)
+        o.output = Shapes::ShapeRef.new(shape: EnableOrganizationAdminAccountResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+      end)
+
       api.add_operation(:enable_security_hub, Seahorse::Model::Operation.new.tap do |o|
         o.name = "EnableSecurityHub"
         o.http_method = "POST"
@@ -3167,6 +3253,24 @@ module Aws::SecurityHub
         )
       end)
 
+      api.add_operation(:list_organization_admin_accounts, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListOrganizationAdminAccounts"
+        o.http_method = "GET"
+        o.http_request_uri = "/organization/admin"
+        o.input = Shapes::ShapeRef.new(shape: ListOrganizationAdminAccountsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListOrganizationAdminAccountsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListTagsForResource"
         o.http_method = "GET"
@@ -3239,6 +3343,18 @@ module Aws::SecurityHub
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:update_organization_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateOrganizationConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/organization/configuration"
+        o.input = Shapes::ShapeRef.new(shape: UpdateOrganizationConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateOrganizationConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InternalException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidAccessException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+      end)
+
       api.add_operation(:update_security_hub_configuration, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateSecurityHubConfiguration"
         o.http_method = "PATCH"

data/lib/aws-sdk-securityhub/types.rb

@@ -64,7 +64,7 @@ module Aws::SecurityHub
     #   data as a hash:
     #
     #       {
-    #         account_id: "AccountId",
+    #         account_id: "AccountId", # required
     #         email: "NonEmptyString",
     #       }
     #
@@ -109,6 +109,29 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # Represents a Security Hub administrator account designated by an
+    # organization management account.
+    #
+    # @!attribute [rw] account_id
+    #   The AWS account identifier of the Security Hub administrator
+    #   account.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the Security Hub administrator account.
+    #   Indicates whether the account is currently enabled as a Security Hub
+    #   administrator.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AdminAccount AWS API Documentation
+    #
+    class AdminAccount < Struct.new(
+      :account_id,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about an Availability Zone.
     #
     # @note When making an API call, you may pass AvailabilityZone
@@ -15207,9 +15230,9 @@ module Aws::SecurityHub
     #   data as a hash:
     #
     #       {
-    #         account_details: [
+    #         account_details: [ # required
     #           {
-    #             account_id: "AccountId",
+    #             account_id: "AccountId", # required
     #             email: "NonEmptyString",
     #           },
     #         ],
@@ -15217,8 +15240,8 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] account_details
     #   The list of accounts to associate with the Security Hub master
-    #   account. For each account, the list includes the account ID and the
-    #   email address.
+    #   account. For each account, the list includes the account ID and
+    #   optionally the email address.
     #   @return [Array<Types::AccountDetails>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateMembersRequest AWS API Documentation
@@ -15470,7 +15493,7 @@ module Aws::SecurityHub
     #   data as a hash:
     #
     #       {
-    #         account_ids: ["NonEmptyString"],
+    #         account_ids: ["NonEmptyString"], # required
     #       }
     #
     # @!attribute [rw] account_ids
@@ -15601,6 +15624,34 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationRequest AWS API Documentation
+    #
+    class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] auto_enable
+    #   Whether to automatically enable Security Hub for new accounts in the
+    #   organization.
+    #
+    #   If set to `true`, then Security Hub is enabled for new accounts. If
+    #   set to false, then new accounts are not added automatically.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] member_account_limit_reached
+    #   Whether the maximum number of allowed member accounts are already
+    #   associated with the Security Hub administrator account.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation
+    #
+    class DescribeOrganizationConfigurationResponse < Struct.new(
+      :auto_enable,
+      :member_account_limit_reached)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeProductsRequest
     #   data as a hash:
     #
@@ -15660,7 +15711,8 @@ module Aws::SecurityHub
     #
     # @!attribute [rw] standards_subscription_arn
     #   The ARN of a resource that represents your subscription to a
-    #   supported standard.
+    #   supported standard. To get the subscription ARNs of the standards
+    #   you have enabled, use the ` GetEnabledStandards ` operation.
     #   @return [String]
     #
     # @!attribute [rw] next_token
@@ -15775,6 +15827,30 @@ module Aws::SecurityHub
     #
     class DisableImportFindingsForProductResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass DisableOrganizationAdminAccountRequest
+    #   data as a hash:
+    #
+    #       {
+    #         admin_account_id: "NonEmptyString", # required
+    #       }
+    #
+    # @!attribute [rw] admin_account_id
+    #   The AWS account identifier of the Security Hub administrator
+    #   account.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountRequest AWS API Documentation
+    #
+    class DisableOrganizationAdminAccountRequest < Struct.new(
+      :admin_account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountResponse AWS API Documentation
+    #
+    class DisableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableSecurityHubRequest AWS API Documentation
@@ -15799,7 +15875,7 @@ module Aws::SecurityHub
     #   data as a hash:
     #
     #       {
-    #         account_ids: ["NonEmptyString"],
+    #         account_ids: ["NonEmptyString"], # required
     #       }
     #
     # @!attribute [rw] account_ids
@@ -15851,6 +15927,30 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
+    #   data as a hash:
+    #
+    #       {
+    #         admin_account_id: "NonEmptyString", # required
+    #       }
+    #
+    # @!attribute [rw] admin_account_id
+    #   The AWS account identifier of the account to designate as the
+    #   Security Hub administrator account.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountRequest AWS API Documentation
+    #
+    class EnableOrganizationAdminAccountRequest < Struct.new(
+      :admin_account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation
+    #
+    class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass EnableSecurityHubRequest
     #   data as a hash:
     #
@@ -16858,8 +16958,9 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
-    # AWS Security Hub isn't enabled for the account used to make this
-    # request.
+    # There is an issue with the account used to make the request. Either
+    # Security Hub is not enabled for the account, or the account does not
+    # have permission to perform this action.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -16929,7 +17030,7 @@ module Aws::SecurityHub
     #   data as a hash:
     #
     #       {
-    #         account_ids: ["NonEmptyString"],
+    #         account_ids: ["NonEmptyString"], # required
     #       }
     #
     # @!attribute [rw] account_ids
@@ -17034,8 +17135,8 @@ module Aws::SecurityHub
     end
 
     # The request was rejected because it attempted to create resources
-    # beyond the current AWS account limits. The error code describes the
-    # limit exceeded.
+    # beyond the current AWS account or throttling limits. The error code
+    # describes the limit exceeded.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -17165,7 +17266,7 @@ module Aws::SecurityHub
     #
     #   If `OnlyAssociated` is set to `TRUE`, the response includes member
     #   accounts whose relationship status with the master is set to
-    #   `ENABLED` or `DISABLED`.
+    #   `ENABLED`.
     #
     #   If `OnlyAssociated` is set to `FALSE`, the response includes all
     #   existing member accounts.
@@ -17211,6 +17312,52 @@ module Aws::SecurityHub
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "NextToken",
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return in the response.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token that is required for pagination. On your first call to the
+    #   `ListOrganizationAdminAccounts` operation, set the value of this
+    #   parameter to `NULL`. For subsequent calls to the operation, to
+    #   continue listing data, set the value of this parameter to the value
+    #   returned from the previous response.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsRequest AWS API Documentation
+    #
+    class ListOrganizationAdminAccountsRequest < Struct.new(
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] admin_accounts
+    #   The list of Security Hub administrator accounts.
+    #   @return [Array<Types::AdminAccount>]
+    #
+    # @!attribute [rw] next_token
+    #   The pagination token to use to request the next page of results.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsResponse AWS API Documentation
+    #
+    class ListOrganizationAdminAccountsResponse < Struct.new(
+      :admin_accounts,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListTagsForResourceRequest
     #   data as a hash:
     #
@@ -17401,8 +17548,9 @@ module Aws::SecurityHub
     #     account. The member account has not yet responded to the
     #     invitation.
     #
-    #   * `ASSOCIATED` - Indicates that the member account accepted the
-    #     invitation.
+    #   * `ENABLED` - Indicates that the member account is currently active.
+    #     For manually invited member accounts, indicates that the member
+    #     account accepted the invitation.
     #
     #   * `REMOVED` - Indicates that the master account disassociated the
     #     member account.
@@ -22984,6 +23132,36 @@ module Aws::SecurityHub
     #
     class UpdateInsightResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         auto_enable: false, # required
+    #       }
+    #
+    # @!attribute [rw] auto_enable
+    #   Whether to automatically enable Security Hub for new accounts in the
+    #   organization.
+    #
+    #   By default, this is `false`, and new accounts are not added
+    #   automatically.
+    #
+    #   To automatically enable Security Hub for new accounts, set this to
+    #   `true`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation
+    #
+    class UpdateOrganizationConfigurationRequest < Struct.new(
+      :auto_enable)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationResponse AWS API Documentation
+    #
+    class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass UpdateSecurityHubConfigurationRequest
     #   data as a hash:
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityhub
 version: !ruby/object:Gem::Version
-  version: 1.35.0
+  version: 1.36.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-30 00:00:00.000000000 Z
+date: 2020-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core