@aws-sdk/client-detective 3.45.0 → 3.47.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -0
- package/README.md +41 -13
- package/dist-cjs/Detective.js +75 -0
- package/dist-cjs/commands/DescribeOrganizationConfigurationCommand.js +36 -0
- package/dist-cjs/commands/DisableOrganizationAdminAccountCommand.js +35 -0
- package/dist-cjs/commands/EnableOrganizationAdminAccountCommand.js +36 -0
- package/dist-cjs/commands/ListOrganizationAdminAccountsCommand.js +36 -0
- package/dist-cjs/commands/UpdateOrganizationConfigurationCommand.js +36 -0
- package/dist-cjs/commands/index.js +5 -0
- package/dist-cjs/endpoints.js +0 -24
- package/dist-cjs/models/models_0.js +48 -31
- package/dist-cjs/pagination/ListOrganizationAdminAccountsPaginator.js +35 -0
- package/dist-cjs/pagination/index.js +1 -0
- package/dist-cjs/protocols/Aws_restJson1.js +451 -1
- package/dist-cjs/runtimeConfig.browser.js +7 -2
- package/dist-cjs/runtimeConfig.js +9 -3
- package/dist-es/Detective.js +75 -0
- package/dist-es/commands/DescribeOrganizationConfigurationCommand.js +39 -0
- package/dist-es/commands/DisableOrganizationAdminAccountCommand.js +38 -0
- package/dist-es/commands/EnableOrganizationAdminAccountCommand.js +39 -0
- package/dist-es/commands/ListOrganizationAdminAccountsCommand.js +39 -0
- package/dist-es/commands/UpdateOrganizationConfigurationCommand.js +39 -0
- package/dist-es/commands/index.js +5 -0
- package/dist-es/endpoints.js +0 -24
- package/dist-es/models/models_0.js +33 -20
- package/dist-es/pagination/ListOrganizationAdminAccountsPaginator.js +74 -0
- package/dist-es/pagination/index.js +1 -0
- package/dist-es/protocols/Aws_restJson1.js +533 -1
- package/dist-es/runtimeConfig.browser.js +12 -3
- package/dist-es/runtimeConfig.js +13 -6
- package/dist-types/Detective.d.ts +154 -42
- package/dist-types/DetectiveClient.d.ts +54 -17
- package/dist-types/commands/CreateGraphCommand.d.ts +9 -9
- package/dist-types/commands/CreateMembersCommand.d.ts +17 -7
- package/dist-types/commands/DeleteGraphCommand.d.ts +1 -1
- package/dist-types/commands/DeleteMembersCommand.d.ts +13 -5
- package/dist-types/commands/DescribeOrganizationConfigurationCommand.d.ts +38 -0
- package/dist-types/commands/DisableOrganizationAdminAccountCommand.d.ts +38 -0
- package/dist-types/commands/DisassociateMembershipCommand.d.ts +6 -1
- package/dist-types/commands/EnableOrganizationAdminAccountCommand.d.ts +42 -0
- package/dist-types/commands/ListInvitationsCommand.d.ts +1 -1
- package/dist-types/commands/ListMembersCommand.d.ts +6 -2
- package/dist-types/commands/ListOrganizationAdminAccountsCommand.d.ts +36 -0
- package/dist-types/commands/RejectInvitationCommand.d.ts +6 -1
- package/dist-types/commands/StartMonitoringMemberCommand.d.ts +1 -1
- package/dist-types/commands/UpdateOrganizationConfigurationCommand.d.ts +37 -0
- package/dist-types/commands/index.d.ts +5 -0
- package/dist-types/models/models_0.d.ts +228 -101
- package/dist-types/pagination/ListOrganizationAdminAccountsPaginator.d.ts +4 -0
- package/dist-types/pagination/index.d.ts +1 -0
- package/dist-types/protocols/Aws_restJson1.d.ts +15 -0
- package/dist-types/runtimeConfig.browser.d.ts +3 -2
- package/dist-types/runtimeConfig.d.ts +4 -3
- package/dist-types/runtimeConfig.native.d.ts +1 -0
- package/dist-types/ts3.4/Detective.d.ts +25 -0
- package/dist-types/ts3.4/DetectiveClient.d.ts +10 -3
- package/dist-types/ts3.4/commands/DescribeOrganizationConfigurationCommand.d.ts +17 -0
- package/dist-types/ts3.4/commands/DisableOrganizationAdminAccountCommand.d.ts +16 -0
- package/dist-types/ts3.4/commands/EnableOrganizationAdminAccountCommand.d.ts +17 -0
- package/dist-types/ts3.4/commands/ListOrganizationAdminAccountsCommand.d.ts +17 -0
- package/dist-types/ts3.4/commands/UpdateOrganizationConfigurationCommand.d.ts +17 -0
- package/dist-types/ts3.4/commands/index.d.ts +5 -0
- package/dist-types/ts3.4/models/models_0.d.ts +79 -20
- package/dist-types/ts3.4/pagination/ListOrganizationAdminAccountsPaginator.d.ts +4 -0
- package/dist-types/ts3.4/pagination/index.d.ts +1 -0
- package/dist-types/ts3.4/protocols/Aws_restJson1.d.ts +15 -0
- package/dist-types/ts3.4/runtimeConfig.browser.d.ts +3 -2
- package/dist-types/ts3.4/runtimeConfig.d.ts +4 -3
- package/dist-types/ts3.4/runtimeConfig.native.d.ts +1 -0
- package/package.json +39 -46
package/dist-es/runtimeConfig.js
CHANGED
|
@@ -1,21 +1,28 @@
|
|
|
1
|
-
import { __assign } from "tslib";
|
|
1
|
+
import { __assign, __awaiter, __generator } from "tslib";
|
|
2
2
|
import packageInfo from "../package.json";
|
|
3
3
|
import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts";
|
|
4
4
|
import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@aws-sdk/config-resolver";
|
|
5
5
|
import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
|
|
6
6
|
import { Hash } from "@aws-sdk/hash-node";
|
|
7
|
-
import { NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS } from "@aws-sdk/middleware-retry";
|
|
7
|
+
import { DEFAULT_RETRY_MODE, NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS, } from "@aws-sdk/middleware-retry";
|
|
8
8
|
import { loadConfig as loadNodeConfig } from "@aws-sdk/node-config-provider";
|
|
9
|
-
import { NodeHttpHandler, streamCollector } from "@aws-sdk/node-http-handler";
|
|
9
|
+
import { NodeHttpHandler as RequestHandler, streamCollector } from "@aws-sdk/node-http-handler";
|
|
10
10
|
import { fromBase64, toBase64 } from "@aws-sdk/util-base64-node";
|
|
11
11
|
import { calculateBodyLength } from "@aws-sdk/util-body-length-node";
|
|
12
12
|
import { defaultUserAgent } from "@aws-sdk/util-user-agent-node";
|
|
13
13
|
import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-node";
|
|
14
14
|
import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";
|
|
15
|
-
import {
|
|
15
|
+
import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client";
|
|
16
|
+
import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-node";
|
|
16
17
|
export var getRuntimeConfig = function (config) {
|
|
17
18
|
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q;
|
|
18
|
-
|
|
19
|
+
var defaultsMode = resolveDefaultsModeConfig(config);
|
|
20
|
+
var defaultConfigProvider = function () { return defaultsMode().then(loadConfigsForDefaultMode); };
|
|
19
21
|
var clientSharedValues = getSharedRuntimeConfig(config);
|
|
20
|
-
return __assign(__assign(__assign({}, clientSharedValues), config), { runtime: "node", base64Decoder: (_a = config === null || config === void 0 ? void 0 : config.base64Decoder) !== null && _a !== void 0 ? _a : fromBase64, base64Encoder: (_b = config === null || config === void 0 ? void 0 : config.base64Encoder) !== null && _b !== void 0 ? _b : toBase64, bodyLengthChecker: (_c = config === null || config === void 0 ? void 0 : config.bodyLengthChecker) !== null && _c !== void 0 ? _c : calculateBodyLength, credentialDefaultProvider: (_d = config === null || config === void 0 ? void 0 : config.credentialDefaultProvider) !== null && _d !== void 0 ? _d : decorateDefaultCredentialProvider(credentialDefaultProvider), defaultUserAgentProvider: (_e = config === null || config === void 0 ? void 0 : config.defaultUserAgentProvider) !== null && _e !== void 0 ? _e : defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), maxAttempts: (_f = config === null || config === void 0 ? void 0 : config.maxAttempts) !== null && _f !== void 0 ? _f : loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), region: (_g = config === null || config === void 0 ? void 0 : config.region) !== null && _g !== void 0 ? _g : loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), requestHandler: (_h = config === null || config === void 0 ? void 0 : config.requestHandler) !== null && _h !== void 0 ? _h : new
|
|
22
|
+
return __assign(__assign(__assign({}, clientSharedValues), config), { runtime: "node", defaultsMode: defaultsMode, base64Decoder: (_a = config === null || config === void 0 ? void 0 : config.base64Decoder) !== null && _a !== void 0 ? _a : fromBase64, base64Encoder: (_b = config === null || config === void 0 ? void 0 : config.base64Encoder) !== null && _b !== void 0 ? _b : toBase64, bodyLengthChecker: (_c = config === null || config === void 0 ? void 0 : config.bodyLengthChecker) !== null && _c !== void 0 ? _c : calculateBodyLength, credentialDefaultProvider: (_d = config === null || config === void 0 ? void 0 : config.credentialDefaultProvider) !== null && _d !== void 0 ? _d : decorateDefaultCredentialProvider(credentialDefaultProvider), defaultUserAgentProvider: (_e = config === null || config === void 0 ? void 0 : config.defaultUserAgentProvider) !== null && _e !== void 0 ? _e : defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), maxAttempts: (_f = config === null || config === void 0 ? void 0 : config.maxAttempts) !== null && _f !== void 0 ? _f : loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), region: (_g = config === null || config === void 0 ? void 0 : config.region) !== null && _g !== void 0 ? _g : loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), requestHandler: (_h = config === null || config === void 0 ? void 0 : config.requestHandler) !== null && _h !== void 0 ? _h : new RequestHandler(defaultConfigProvider), retryMode: (_j = config === null || config === void 0 ? void 0 : config.retryMode) !== null && _j !== void 0 ? _j : loadNodeConfig(__assign(__assign({}, NODE_RETRY_MODE_CONFIG_OPTIONS), { default: function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) {
|
|
23
|
+
switch (_a.label) {
|
|
24
|
+
case 0: return [4, defaultConfigProvider()];
|
|
25
|
+
case 1: return [2, (_a.sent()).retryMode || DEFAULT_RETRY_MODE];
|
|
26
|
+
}
|
|
27
|
+
}); }); } })), sha256: (_k = config === null || config === void 0 ? void 0 : config.sha256) !== null && _k !== void 0 ? _k : Hash.bind(null, "sha256"), streamCollector: (_l = config === null || config === void 0 ? void 0 : config.streamCollector) !== null && _l !== void 0 ? _l : streamCollector, useDualstackEndpoint: (_m = config === null || config === void 0 ? void 0 : config.useDualstackEndpoint) !== null && _m !== void 0 ? _m : loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS), useFipsEndpoint: (_o = config === null || config === void 0 ? void 0 : config.useFipsEndpoint) !== null && _o !== void 0 ? _o : loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS), utf8Decoder: (_p = config === null || config === void 0 ? void 0 : config.utf8Decoder) !== null && _p !== void 0 ? _p : fromUtf8, utf8Encoder: (_q = config === null || config === void 0 ? void 0 : config.utf8Encoder) !== null && _q !== void 0 ? _q : toUtf8 });
|
|
21
28
|
};
|
|
@@ -4,32 +4,49 @@ import { CreateGraphCommandInput, CreateGraphCommandOutput } from "./commands/Cr
|
|
|
4
4
|
import { CreateMembersCommandInput, CreateMembersCommandOutput } from "./commands/CreateMembersCommand";
|
|
5
5
|
import { DeleteGraphCommandInput, DeleteGraphCommandOutput } from "./commands/DeleteGraphCommand";
|
|
6
6
|
import { DeleteMembersCommandInput, DeleteMembersCommandOutput } from "./commands/DeleteMembersCommand";
|
|
7
|
+
import { DescribeOrganizationConfigurationCommandInput, DescribeOrganizationConfigurationCommandOutput } from "./commands/DescribeOrganizationConfigurationCommand";
|
|
8
|
+
import { DisableOrganizationAdminAccountCommandInput, DisableOrganizationAdminAccountCommandOutput } from "./commands/DisableOrganizationAdminAccountCommand";
|
|
7
9
|
import { DisassociateMembershipCommandInput, DisassociateMembershipCommandOutput } from "./commands/DisassociateMembershipCommand";
|
|
10
|
+
import { EnableOrganizationAdminAccountCommandInput, EnableOrganizationAdminAccountCommandOutput } from "./commands/EnableOrganizationAdminAccountCommand";
|
|
8
11
|
import { GetMembersCommandInput, GetMembersCommandOutput } from "./commands/GetMembersCommand";
|
|
9
12
|
import { ListGraphsCommandInput, ListGraphsCommandOutput } from "./commands/ListGraphsCommand";
|
|
10
13
|
import { ListInvitationsCommandInput, ListInvitationsCommandOutput } from "./commands/ListInvitationsCommand";
|
|
11
14
|
import { ListMembersCommandInput, ListMembersCommandOutput } from "./commands/ListMembersCommand";
|
|
15
|
+
import { ListOrganizationAdminAccountsCommandInput, ListOrganizationAdminAccountsCommandOutput } from "./commands/ListOrganizationAdminAccountsCommand";
|
|
12
16
|
import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
|
|
13
17
|
import { RejectInvitationCommandInput, RejectInvitationCommandOutput } from "./commands/RejectInvitationCommand";
|
|
14
18
|
import { StartMonitoringMemberCommandInput, StartMonitoringMemberCommandOutput } from "./commands/StartMonitoringMemberCommand";
|
|
15
19
|
import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
|
|
16
20
|
import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
|
|
21
|
+
import { UpdateOrganizationConfigurationCommandInput, UpdateOrganizationConfigurationCommandOutput } from "./commands/UpdateOrganizationConfigurationCommand";
|
|
17
22
|
import { DetectiveClient } from "./DetectiveClient";
|
|
18
23
|
/**
|
|
19
|
-
* <p>Detective uses machine learning and purpose-built visualizations to help you
|
|
20
|
-
* investigate security issues across your Amazon Web Services (
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
-
*
|
|
24
|
-
*
|
|
25
|
-
*
|
|
26
|
-
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
* <p>
|
|
24
|
+
* <p>Detective uses machine learning and purpose-built visualizations to help you to
|
|
25
|
+
* analyze and investigate security issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based events such
|
|
26
|
+
* as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by
|
|
27
|
+
* Amazon GuardDuty.</p>
|
|
28
|
+
* <p>The Detective API primarily supports the creation and management of behavior
|
|
29
|
+
* graphs. A behavior graph contains the extracted data from a set of member accounts, and is
|
|
30
|
+
* created and managed by an administrator account.</p>
|
|
31
|
+
* <p>To add a member account to the behavior graph, the administrator account sends an
|
|
32
|
+
* invitation to the account. When the account accepts the invitation, it becomes a member
|
|
33
|
+
* account in the behavior graph.</p>
|
|
34
|
+
* <p>Detective is also integrated with Organizations. The organization
|
|
35
|
+
* management account designates the Detective administrator account for the
|
|
36
|
+
* organization. That account becomes the administrator account for the organization behavior
|
|
37
|
+
* graph. The Detective administrator account can enable any organization account as
|
|
38
|
+
* a member account in the organization behavior graph. The organization accounts do not
|
|
39
|
+
* receive invitations. The Detective administrator account can also invite other
|
|
40
|
+
* accounts to the organization behavior graph.</p>
|
|
41
|
+
* <p>Every behavior graph is specific to a Region. You can only use the API to manage
|
|
42
|
+
* behavior graphs that belong to the Region that is associated with the currently selected
|
|
43
|
+
* endpoint.</p>
|
|
44
|
+
* <p>The administrator account for a behavior graph can use the Detective API to do
|
|
45
|
+
* the following:</p>
|
|
30
46
|
* <ul>
|
|
31
47
|
* <li>
|
|
32
|
-
* <p>Enable and disable Detective. Enabling Detective creates a new
|
|
48
|
+
* <p>Enable and disable Detective. Enabling Detective creates a new
|
|
49
|
+
* behavior graph.</p>
|
|
33
50
|
* </li>
|
|
34
51
|
* <li>
|
|
35
52
|
* <p>View the list of member accounts in a behavior graph.</p>
|
|
@@ -40,8 +57,23 @@ import { DetectiveClient } from "./DetectiveClient";
|
|
|
40
57
|
* <li>
|
|
41
58
|
* <p>Remove member accounts from a behavior graph.</p>
|
|
42
59
|
* </li>
|
|
60
|
+
* <li>
|
|
61
|
+
* <p>Apply tags to a behavior graph.</p>
|
|
62
|
+
* </li>
|
|
63
|
+
* </ul>
|
|
64
|
+
* <p>The organization management account can use the Detective API to select the
|
|
65
|
+
* delegated administrator for Detective.</p>
|
|
66
|
+
* <p>The Detective administrator account for an organization can use the Detective API to do the following:</p>
|
|
67
|
+
* <ul>
|
|
68
|
+
* <li>
|
|
69
|
+
* <p>Perform all of the functions of an administrator account.</p>
|
|
70
|
+
* </li>
|
|
71
|
+
* <li>
|
|
72
|
+
* <p>Determine whether to automatically enable new organization accounts as member
|
|
73
|
+
* accounts in the organization behavior graph.</p>
|
|
74
|
+
* </li>
|
|
43
75
|
* </ul>
|
|
44
|
-
* <p>
|
|
76
|
+
* <p>An invited member account can use the Detective API to do the following:</p>
|
|
45
77
|
* <ul>
|
|
46
78
|
* <li>
|
|
47
79
|
* <p>View the list of behavior graphs that they are invited to.</p>
|
|
@@ -60,7 +92,8 @@ import { DetectiveClient } from "./DetectiveClient";
|
|
|
60
92
|
* <note>
|
|
61
93
|
* <p>We replaced the term "master account" with the term "administrator account." An
|
|
62
94
|
* administrator account is used to centrally manage multiple accounts. In the case of
|
|
63
|
-
*
|
|
95
|
+
* Detective, the administrator account manages the accounts in their behavior
|
|
96
|
+
* graph.</p>
|
|
64
97
|
* </note>
|
|
65
98
|
*/
|
|
66
99
|
export declare class Detective extends DetectiveClient {
|
|
@@ -75,15 +108,15 @@ export declare class Detective extends DetectiveClient {
|
|
|
75
108
|
acceptInvitation(args: AcceptInvitationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AcceptInvitationCommandOutput) => void): void;
|
|
76
109
|
/**
|
|
77
110
|
* <p>Creates a new behavior graph for the calling account, and sets that account as the
|
|
78
|
-
* administrator account. This operation is called by the account that is enabling
|
|
79
|
-
*
|
|
80
|
-
*
|
|
81
|
-
*
|
|
82
|
-
*
|
|
83
|
-
*
|
|
84
|
-
*
|
|
85
|
-
* <p>The operation also enables Detective for the calling account in the currently
|
|
86
|
-
* Region. It returns the ARN of the new behavior graph.</p>
|
|
111
|
+
* administrator account. This operation is called by the account that is enabling Detective.</p>
|
|
112
|
+
* <p>Before you try to enable Detective, make sure that your account has been
|
|
113
|
+
* enrolled in Amazon GuardDuty for at least 48 hours. If you do not meet this
|
|
114
|
+
* requirement, you cannot enable Detective. If you do meet the GuardDuty
|
|
115
|
+
* prerequisite, then when you make the request to enable Detective, it checks
|
|
116
|
+
* whether your data volume is within the Detective quota. If it exceeds the quota,
|
|
117
|
+
* then you cannot enable Detective. </p>
|
|
118
|
+
* <p>The operation also enables Detective for the calling account in the currently
|
|
119
|
+
* selected Region. It returns the ARN of the new behavior graph.</p>
|
|
87
120
|
* <p>
|
|
88
121
|
* <code>CreateGraph</code> triggers a process to create the corresponding data tables for
|
|
89
122
|
* the new behavior graph.</p>
|
|
@@ -95,21 +128,31 @@ export declare class Detective extends DetectiveClient {
|
|
|
95
128
|
createGraph(args: CreateGraphCommandInput, cb: (err: any, data?: CreateGraphCommandOutput) => void): void;
|
|
96
129
|
createGraph(args: CreateGraphCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateGraphCommandOutput) => void): void;
|
|
97
130
|
/**
|
|
98
|
-
* <p>
|
|
99
|
-
*
|
|
100
|
-
* behavior graph
|
|
131
|
+
* <p>
|
|
132
|
+
* <code>CreateMembers</code> is used to send invitations to accounts. For the organization
|
|
133
|
+
* behavior graph, the Detective administrator account uses
|
|
134
|
+
* <code>CreateMembers</code> to enable organization accounts as member accounts.</p>
|
|
135
|
+
* <p>For invited accounts, <code>CreateMembers</code> sends a request to invite the specified
|
|
136
|
+
* Amazon Web Services accounts to be member accounts in the behavior graph. This operation
|
|
137
|
+
* can only be called by the administrator account for a behavior graph. </p>
|
|
101
138
|
* <p>
|
|
102
139
|
* <code>CreateMembers</code> verifies the accounts and then invites the verified accounts.
|
|
103
140
|
* The administrator can optionally specify to not send invitation emails to the member
|
|
104
141
|
* accounts. This would be used when the administrator manages their member accounts
|
|
105
142
|
* centrally.</p>
|
|
106
|
-
* <p>
|
|
143
|
+
* <p>For organization accounts in the organization behavior graph, <code>CreateMembers</code>
|
|
144
|
+
* attempts to enable the accounts. The organization accounts do not receive
|
|
145
|
+
* invitations.</p>
|
|
146
|
+
* <p>The request provides the behavior graph ARN and the list of accounts to invite or to
|
|
147
|
+
* enable.</p>
|
|
107
148
|
* <p>The response separates the requested accounts into two lists:</p>
|
|
108
149
|
* <ul>
|
|
109
150
|
* <li>
|
|
110
|
-
* <p>The accounts that <code>CreateMembers</code> was able to
|
|
111
|
-
*
|
|
112
|
-
* verification and are to be invited, and that have failed verification
|
|
151
|
+
* <p>The accounts that <code>CreateMembers</code> was able to process. For invited
|
|
152
|
+
* accounts, includes member accounts that are being verified, that have passed
|
|
153
|
+
* verification and are to be invited, and that have failed verification. For
|
|
154
|
+
* organization accounts in the organization behavior graph, includes accounts that can
|
|
155
|
+
* be enabled and that cannot be enabled.</p>
|
|
113
156
|
* </li>
|
|
114
157
|
* <li>
|
|
115
158
|
* <p>The accounts that <code>CreateMembers</code> was unable to process. This list
|
|
@@ -123,7 +166,7 @@ export declare class Detective extends DetectiveClient {
|
|
|
123
166
|
createMembers(args: CreateMembersCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CreateMembersCommandOutput) => void): void;
|
|
124
167
|
/**
|
|
125
168
|
* <p>Disables the specified behavior graph and queues it to be deleted. This operation
|
|
126
|
-
* removes the graph from each member account's list of behavior graphs.</p>
|
|
169
|
+
* removes the behavior graph from each member account's list of behavior graphs.</p>
|
|
127
170
|
* <p>
|
|
128
171
|
* <code>DeleteGraph</code> can only be called by the administrator account for a behavior
|
|
129
172
|
* graph.</p>
|
|
@@ -132,22 +175,67 @@ export declare class Detective extends DetectiveClient {
|
|
|
132
175
|
deleteGraph(args: DeleteGraphCommandInput, cb: (err: any, data?: DeleteGraphCommandOutput) => void): void;
|
|
133
176
|
deleteGraph(args: DeleteGraphCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteGraphCommandOutput) => void): void;
|
|
134
177
|
/**
|
|
135
|
-
* <p>
|
|
136
|
-
* This operation can only be called by
|
|
137
|
-
*
|
|
138
|
-
*
|
|
139
|
-
*
|
|
178
|
+
* <p>Removes the specified member accounts from the behavior graph. The removed accounts no
|
|
179
|
+
* longer contribute data to the behavior graph. This operation can only be called by the
|
|
180
|
+
* administrator account for the behavior graph.</p>
|
|
181
|
+
* <p>For invited accounts, the removed accounts are deleted from the list of accounts in the
|
|
182
|
+
* behavior graph. To restore the account, the administrator account must send another
|
|
183
|
+
* invitation.</p>
|
|
184
|
+
* <p>For organization accounts in the organization behavior graph, the Detective
|
|
185
|
+
* administrator account can always enable the organization account again. Organization
|
|
186
|
+
* accounts that are not enabled as member accounts are not included in the
|
|
187
|
+
* <code>ListMembers</code> results for the organization behavior graph.</p>
|
|
188
|
+
* <p>An administrator account cannot use <code>DeleteMembers</code> to remove their own
|
|
189
|
+
* account from the behavior graph. To disable a behavior graph, the administrator account
|
|
190
|
+
* uses the <code>DeleteGraph</code> API method.</p>
|
|
140
191
|
*/
|
|
141
192
|
deleteMembers(args: DeleteMembersCommandInput, options?: __HttpHandlerOptions): Promise<DeleteMembersCommandOutput>;
|
|
142
193
|
deleteMembers(args: DeleteMembersCommandInput, cb: (err: any, data?: DeleteMembersCommandOutput) => void): void;
|
|
143
194
|
deleteMembers(args: DeleteMembersCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteMembersCommandOutput) => void): void;
|
|
195
|
+
/**
|
|
196
|
+
* <p>Returns information about the configuration for the organization behavior graph.
|
|
197
|
+
* Currently indicates whether to automatically enable new organization accounts as member
|
|
198
|
+
* accounts.</p>
|
|
199
|
+
* <p>Can only be called by the Detective administrator account for the organization. </p>
|
|
200
|
+
*/
|
|
201
|
+
describeOrganizationConfiguration(args: DescribeOrganizationConfigurationCommandInput, options?: __HttpHandlerOptions): Promise<DescribeOrganizationConfigurationCommandOutput>;
|
|
202
|
+
describeOrganizationConfiguration(args: DescribeOrganizationConfigurationCommandInput, cb: (err: any, data?: DescribeOrganizationConfigurationCommandOutput) => void): void;
|
|
203
|
+
describeOrganizationConfiguration(args: DescribeOrganizationConfigurationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DescribeOrganizationConfigurationCommandOutput) => void): void;
|
|
204
|
+
/**
|
|
205
|
+
* <p>Removes the Detective administrator account for the organization in the current
|
|
206
|
+
* Region. Deletes the behavior graph for that account.</p>
|
|
207
|
+
* <p>Can only be called by the organization management account. Before you can select a
|
|
208
|
+
* different Detective administrator account, you must remove the Detective
|
|
209
|
+
* administrator account in all Regions.</p>
|
|
210
|
+
*/
|
|
211
|
+
disableOrganizationAdminAccount(args: DisableOrganizationAdminAccountCommandInput, options?: __HttpHandlerOptions): Promise<DisableOrganizationAdminAccountCommandOutput>;
|
|
212
|
+
disableOrganizationAdminAccount(args: DisableOrganizationAdminAccountCommandInput, cb: (err: any, data?: DisableOrganizationAdminAccountCommandOutput) => void): void;
|
|
213
|
+
disableOrganizationAdminAccount(args: DisableOrganizationAdminAccountCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DisableOrganizationAdminAccountCommandOutput) => void): void;
|
|
144
214
|
/**
|
|
145
215
|
* <p>Removes the member account from the specified behavior graph. This operation can only be
|
|
146
|
-
* called by
|
|
216
|
+
* called by an invited member account that has the <code>ENABLED</code> status.</p>
|
|
217
|
+
* <p>
|
|
218
|
+
* <code>DisassociateMembership</code> cannot be called by an organization account in the
|
|
219
|
+
* organization behavior graph. For the organization behavior graph, the Detective
|
|
220
|
+
* administrator account determines which organization accounts to enable or disable as member
|
|
221
|
+
* accounts.</p>
|
|
147
222
|
*/
|
|
148
223
|
disassociateMembership(args: DisassociateMembershipCommandInput, options?: __HttpHandlerOptions): Promise<DisassociateMembershipCommandOutput>;
|
|
149
224
|
disassociateMembership(args: DisassociateMembershipCommandInput, cb: (err: any, data?: DisassociateMembershipCommandOutput) => void): void;
|
|
150
225
|
disassociateMembership(args: DisassociateMembershipCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DisassociateMembershipCommandOutput) => void): void;
|
|
226
|
+
/**
|
|
227
|
+
* <p>Designates the Detective administrator account for the organization in the
|
|
228
|
+
* current Region.</p>
|
|
229
|
+
* <p>If the account does not have Detective enabled, then enables Detective
|
|
230
|
+
* for that account and creates a new behavior graph.</p>
|
|
231
|
+
* <p>Can only be called by the organization management account.</p>
|
|
232
|
+
* <p>The Detective administrator account for an organization must be the same in all
|
|
233
|
+
* Regions. If you already designated a Detective administrator account in another
|
|
234
|
+
* Region, then you must designate the same account.</p>
|
|
235
|
+
*/
|
|
236
|
+
enableOrganizationAdminAccount(args: EnableOrganizationAdminAccountCommandInput, options?: __HttpHandlerOptions): Promise<EnableOrganizationAdminAccountCommandOutput>;
|
|
237
|
+
enableOrganizationAdminAccount(args: EnableOrganizationAdminAccountCommandInput, cb: (err: any, data?: EnableOrganizationAdminAccountCommandOutput) => void): void;
|
|
238
|
+
enableOrganizationAdminAccount(args: EnableOrganizationAdminAccountCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: EnableOrganizationAdminAccountCommandOutput) => void): void;
|
|
151
239
|
/**
|
|
152
240
|
* <p>Returns the membership details for specified member accounts for a behavior
|
|
153
241
|
* graph.</p>
|
|
@@ -166,7 +254,7 @@ export declare class Detective extends DetectiveClient {
|
|
|
166
254
|
listGraphs(args: ListGraphsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListGraphsCommandOutput) => void): void;
|
|
167
255
|
/**
|
|
168
256
|
* <p>Retrieves the list of open and accepted behavior graph invitations for the member
|
|
169
|
-
* account. This operation can only be called by
|
|
257
|
+
* account. This operation can only be called by an invited member account.</p>
|
|
170
258
|
* <p>Open invitations are invitations that the member account has not responded to.</p>
|
|
171
259
|
* <p>The results do not include behavior graphs for which the member account declined the
|
|
172
260
|
* invitation. The results also do not include behavior graphs that the member account
|
|
@@ -176,12 +264,23 @@ export declare class Detective extends DetectiveClient {
|
|
|
176
264
|
listInvitations(args: ListInvitationsCommandInput, cb: (err: any, data?: ListInvitationsCommandOutput) => void): void;
|
|
177
265
|
listInvitations(args: ListInvitationsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListInvitationsCommandOutput) => void): void;
|
|
178
266
|
/**
|
|
179
|
-
* <p>Retrieves the list of member accounts for a behavior graph
|
|
180
|
-
* accounts that were removed from
|
|
267
|
+
* <p>Retrieves the list of member accounts for a behavior graph.</p>
|
|
268
|
+
* <p>For invited accounts, the results do not include member accounts that were removed from
|
|
269
|
+
* the behavior graph.</p>
|
|
270
|
+
* <p>For the organization behavior graph, the results do not include organization accounts
|
|
271
|
+
* that the Detective administrator account has not enabled as member
|
|
272
|
+
* accounts.</p>
|
|
181
273
|
*/
|
|
182
274
|
listMembers(args: ListMembersCommandInput, options?: __HttpHandlerOptions): Promise<ListMembersCommandOutput>;
|
|
183
275
|
listMembers(args: ListMembersCommandInput, cb: (err: any, data?: ListMembersCommandOutput) => void): void;
|
|
184
276
|
listMembers(args: ListMembersCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListMembersCommandOutput) => void): void;
|
|
277
|
+
/**
|
|
278
|
+
* <p>Returns information about the Detective administrator account for an
|
|
279
|
+
* organization. Can only be called by the organization management account.</p>
|
|
280
|
+
*/
|
|
281
|
+
listOrganizationAdminAccounts(args: ListOrganizationAdminAccountsCommandInput, options?: __HttpHandlerOptions): Promise<ListOrganizationAdminAccountsCommandOutput>;
|
|
282
|
+
listOrganizationAdminAccounts(args: ListOrganizationAdminAccountsCommandInput, cb: (err: any, data?: ListOrganizationAdminAccountsCommandOutput) => void): void;
|
|
283
|
+
listOrganizationAdminAccounts(args: ListOrganizationAdminAccountsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListOrganizationAdminAccountsCommandOutput) => void): void;
|
|
185
284
|
/**
|
|
186
285
|
* <p>Returns the tag values that are assigned to a behavior graph.</p>
|
|
187
286
|
*/
|
|
@@ -190,7 +289,12 @@ export declare class Detective extends DetectiveClient {
|
|
|
190
289
|
listTagsForResource(args: ListTagsForResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListTagsForResourceCommandOutput) => void): void;
|
|
191
290
|
/**
|
|
192
291
|
* <p>Rejects an invitation to contribute the account data to a behavior graph. This operation
|
|
193
|
-
* must be called by
|
|
292
|
+
* must be called by an invited member account that has the <code>INVITED</code>
|
|
293
|
+
* status.</p>
|
|
294
|
+
* <p>
|
|
295
|
+
* <code>RejectInvitation</code> cannot be called by an organization account in the
|
|
296
|
+
* organization behavior graph. In the organization behavior graph, organization accounts do
|
|
297
|
+
* not receive an invitation.</p>
|
|
194
298
|
*/
|
|
195
299
|
rejectInvitation(args: RejectInvitationCommandInput, options?: __HttpHandlerOptions): Promise<RejectInvitationCommandOutput>;
|
|
196
300
|
rejectInvitation(args: RejectInvitationCommandInput, cb: (err: any, data?: RejectInvitationCommandOutput) => void): void;
|
|
@@ -202,7 +306,7 @@ export declare class Detective extends DetectiveClient {
|
|
|
202
306
|
* <ul>
|
|
203
307
|
* <li>
|
|
204
308
|
* <p>If Detective enabled the member account, then the new status is
|
|
205
|
-
*
|
|
309
|
+
* <code>ENABLED</code>.</p>
|
|
206
310
|
* </li>
|
|
207
311
|
* <li>
|
|
208
312
|
* <p>If Detective cannot enable the member account, the status remains
|
|
@@ -225,4 +329,12 @@ export declare class Detective extends DetectiveClient {
|
|
|
225
329
|
untagResource(args: UntagResourceCommandInput, options?: __HttpHandlerOptions): Promise<UntagResourceCommandOutput>;
|
|
226
330
|
untagResource(args: UntagResourceCommandInput, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
|
|
227
331
|
untagResource(args: UntagResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
|
|
332
|
+
/**
|
|
333
|
+
* <p>Updates the configuration for the Organizations integration in the current Region.
|
|
334
|
+
* Can only be called by the Detective administrator account for the
|
|
335
|
+
* organization.</p>
|
|
336
|
+
*/
|
|
337
|
+
updateOrganizationConfiguration(args: UpdateOrganizationConfigurationCommandInput, options?: __HttpHandlerOptions): Promise<UpdateOrganizationConfigurationCommandOutput>;
|
|
338
|
+
updateOrganizationConfiguration(args: UpdateOrganizationConfigurationCommandInput, cb: (err: any, data?: UpdateOrganizationConfigurationCommandOutput) => void): void;
|
|
339
|
+
updateOrganizationConfiguration(args: UpdateOrganizationConfigurationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateOrganizationConfigurationCommandOutput) => void): void;
|
|
228
340
|
}
|
|
@@ -4,25 +4,30 @@ import { RetryInputConfig, RetryResolvedConfig } from "@aws-sdk/middleware-retry
|
|
|
4
4
|
import { AwsAuthInputConfig, AwsAuthResolvedConfig } from "@aws-sdk/middleware-signing";
|
|
5
5
|
import { UserAgentInputConfig, UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
|
|
6
6
|
import { HttpHandler as __HttpHandler } from "@aws-sdk/protocol-http";
|
|
7
|
-
import { Client as __Client, SmithyConfiguration as __SmithyConfiguration, SmithyResolvedConfiguration as __SmithyResolvedConfiguration } from "@aws-sdk/smithy-client";
|
|
7
|
+
import { Client as __Client, DefaultsMode, SmithyConfiguration as __SmithyConfiguration, SmithyResolvedConfiguration as __SmithyResolvedConfiguration } from "@aws-sdk/smithy-client";
|
|
8
8
|
import { Credentials as __Credentials, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, Provider, RegionInfoProvider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@aws-sdk/types";
|
|
9
9
|
import { AcceptInvitationCommandInput, AcceptInvitationCommandOutput } from "./commands/AcceptInvitationCommand";
|
|
10
10
|
import { CreateGraphCommandInput, CreateGraphCommandOutput } from "./commands/CreateGraphCommand";
|
|
11
11
|
import { CreateMembersCommandInput, CreateMembersCommandOutput } from "./commands/CreateMembersCommand";
|
|
12
12
|
import { DeleteGraphCommandInput, DeleteGraphCommandOutput } from "./commands/DeleteGraphCommand";
|
|
13
13
|
import { DeleteMembersCommandInput, DeleteMembersCommandOutput } from "./commands/DeleteMembersCommand";
|
|
14
|
+
import { DescribeOrganizationConfigurationCommandInput, DescribeOrganizationConfigurationCommandOutput } from "./commands/DescribeOrganizationConfigurationCommand";
|
|
15
|
+
import { DisableOrganizationAdminAccountCommandInput, DisableOrganizationAdminAccountCommandOutput } from "./commands/DisableOrganizationAdminAccountCommand";
|
|
14
16
|
import { DisassociateMembershipCommandInput, DisassociateMembershipCommandOutput } from "./commands/DisassociateMembershipCommand";
|
|
17
|
+
import { EnableOrganizationAdminAccountCommandInput, EnableOrganizationAdminAccountCommandOutput } from "./commands/EnableOrganizationAdminAccountCommand";
|
|
15
18
|
import { GetMembersCommandInput, GetMembersCommandOutput } from "./commands/GetMembersCommand";
|
|
16
19
|
import { ListGraphsCommandInput, ListGraphsCommandOutput } from "./commands/ListGraphsCommand";
|
|
17
20
|
import { ListInvitationsCommandInput, ListInvitationsCommandOutput } from "./commands/ListInvitationsCommand";
|
|
18
21
|
import { ListMembersCommandInput, ListMembersCommandOutput } from "./commands/ListMembersCommand";
|
|
22
|
+
import { ListOrganizationAdminAccountsCommandInput, ListOrganizationAdminAccountsCommandOutput } from "./commands/ListOrganizationAdminAccountsCommand";
|
|
19
23
|
import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
|
|
20
24
|
import { RejectInvitationCommandInput, RejectInvitationCommandOutput } from "./commands/RejectInvitationCommand";
|
|
21
25
|
import { StartMonitoringMemberCommandInput, StartMonitoringMemberCommandOutput } from "./commands/StartMonitoringMemberCommand";
|
|
22
26
|
import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
|
|
23
27
|
import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
|
|
24
|
-
|
|
25
|
-
export declare type
|
|
28
|
+
import { UpdateOrganizationConfigurationCommandInput, UpdateOrganizationConfigurationCommandOutput } from "./commands/UpdateOrganizationConfigurationCommand";
|
|
29
|
+
export declare type ServiceInputTypes = AcceptInvitationCommandInput | CreateGraphCommandInput | CreateMembersCommandInput | DeleteGraphCommandInput | DeleteMembersCommandInput | DescribeOrganizationConfigurationCommandInput | DisableOrganizationAdminAccountCommandInput | DisassociateMembershipCommandInput | EnableOrganizationAdminAccountCommandInput | GetMembersCommandInput | ListGraphsCommandInput | ListInvitationsCommandInput | ListMembersCommandInput | ListOrganizationAdminAccountsCommandInput | ListTagsForResourceCommandInput | RejectInvitationCommandInput | StartMonitoringMemberCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateOrganizationConfigurationCommandInput;
|
|
30
|
+
export declare type ServiceOutputTypes = AcceptInvitationCommandOutput | CreateGraphCommandOutput | CreateMembersCommandOutput | DeleteGraphCommandOutput | DeleteMembersCommandOutput | DescribeOrganizationConfigurationCommandOutput | DisableOrganizationAdminAccountCommandOutput | DisassociateMembershipCommandOutput | EnableOrganizationAdminAccountCommandOutput | GetMembersCommandOutput | ListGraphsCommandOutput | ListInvitationsCommandOutput | ListMembersCommandOutput | ListOrganizationAdminAccountsCommandOutput | ListTagsForResourceCommandOutput | RejectInvitationCommandOutput | StartMonitoringMemberCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateOrganizationConfigurationCommandOutput;
|
|
26
31
|
export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> {
|
|
27
32
|
/**
|
|
28
33
|
* The HTTP handler to use. Fetch in browser and Https in Nodejs.
|
|
@@ -123,6 +128,10 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__
|
|
|
123
128
|
* @internal
|
|
124
129
|
*/
|
|
125
130
|
defaultUserAgentProvider?: Provider<__UserAgent>;
|
|
131
|
+
/**
|
|
132
|
+
* The {@link DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
|
|
133
|
+
*/
|
|
134
|
+
defaultsMode?: DefaultsMode | Provider<DefaultsMode>;
|
|
126
135
|
}
|
|
127
136
|
declare type DetectiveClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & RegionInputConfig & EndpointsInputConfig & RetryInputConfig & HostHeaderInputConfig & AwsAuthInputConfig & UserAgentInputConfig;
|
|
128
137
|
/**
|
|
@@ -137,20 +146,32 @@ declare type DetectiveClientResolvedConfigType = __SmithyResolvedConfiguration<_
|
|
|
137
146
|
export interface DetectiveClientResolvedConfig extends DetectiveClientResolvedConfigType {
|
|
138
147
|
}
|
|
139
148
|
/**
|
|
140
|
-
* <p>Detective uses machine learning and purpose-built visualizations to help you
|
|
141
|
-
* investigate security issues across your Amazon Web Services (
|
|
142
|
-
*
|
|
143
|
-
*
|
|
144
|
-
*
|
|
145
|
-
*
|
|
146
|
-
*
|
|
147
|
-
*
|
|
148
|
-
*
|
|
149
|
-
*
|
|
150
|
-
* <p>
|
|
149
|
+
* <p>Detective uses machine learning and purpose-built visualizations to help you to
|
|
150
|
+
* analyze and investigate security issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based events such
|
|
151
|
+
* as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by
|
|
152
|
+
* Amazon GuardDuty.</p>
|
|
153
|
+
* <p>The Detective API primarily supports the creation and management of behavior
|
|
154
|
+
* graphs. A behavior graph contains the extracted data from a set of member accounts, and is
|
|
155
|
+
* created and managed by an administrator account.</p>
|
|
156
|
+
* <p>To add a member account to the behavior graph, the administrator account sends an
|
|
157
|
+
* invitation to the account. When the account accepts the invitation, it becomes a member
|
|
158
|
+
* account in the behavior graph.</p>
|
|
159
|
+
* <p>Detective is also integrated with Organizations. The organization
|
|
160
|
+
* management account designates the Detective administrator account for the
|
|
161
|
+
* organization. That account becomes the administrator account for the organization behavior
|
|
162
|
+
* graph. The Detective administrator account can enable any organization account as
|
|
163
|
+
* a member account in the organization behavior graph. The organization accounts do not
|
|
164
|
+
* receive invitations. The Detective administrator account can also invite other
|
|
165
|
+
* accounts to the organization behavior graph.</p>
|
|
166
|
+
* <p>Every behavior graph is specific to a Region. You can only use the API to manage
|
|
167
|
+
* behavior graphs that belong to the Region that is associated with the currently selected
|
|
168
|
+
* endpoint.</p>
|
|
169
|
+
* <p>The administrator account for a behavior graph can use the Detective API to do
|
|
170
|
+
* the following:</p>
|
|
151
171
|
* <ul>
|
|
152
172
|
* <li>
|
|
153
|
-
* <p>Enable and disable Detective. Enabling Detective creates a new
|
|
173
|
+
* <p>Enable and disable Detective. Enabling Detective creates a new
|
|
174
|
+
* behavior graph.</p>
|
|
154
175
|
* </li>
|
|
155
176
|
* <li>
|
|
156
177
|
* <p>View the list of member accounts in a behavior graph.</p>
|
|
@@ -161,8 +182,23 @@ export interface DetectiveClientResolvedConfig extends DetectiveClientResolvedCo
|
|
|
161
182
|
* <li>
|
|
162
183
|
* <p>Remove member accounts from a behavior graph.</p>
|
|
163
184
|
* </li>
|
|
185
|
+
* <li>
|
|
186
|
+
* <p>Apply tags to a behavior graph.</p>
|
|
187
|
+
* </li>
|
|
188
|
+
* </ul>
|
|
189
|
+
* <p>The organization management account can use the Detective API to select the
|
|
190
|
+
* delegated administrator for Detective.</p>
|
|
191
|
+
* <p>The Detective administrator account for an organization can use the Detective API to do the following:</p>
|
|
192
|
+
* <ul>
|
|
193
|
+
* <li>
|
|
194
|
+
* <p>Perform all of the functions of an administrator account.</p>
|
|
195
|
+
* </li>
|
|
196
|
+
* <li>
|
|
197
|
+
* <p>Determine whether to automatically enable new organization accounts as member
|
|
198
|
+
* accounts in the organization behavior graph.</p>
|
|
199
|
+
* </li>
|
|
164
200
|
* </ul>
|
|
165
|
-
* <p>
|
|
201
|
+
* <p>An invited member account can use the Detective API to do the following:</p>
|
|
166
202
|
* <ul>
|
|
167
203
|
* <li>
|
|
168
204
|
* <p>View the list of behavior graphs that they are invited to.</p>
|
|
@@ -181,7 +217,8 @@ export interface DetectiveClientResolvedConfig extends DetectiveClientResolvedCo
|
|
|
181
217
|
* <note>
|
|
182
218
|
* <p>We replaced the term "master account" with the term "administrator account." An
|
|
183
219
|
* administrator account is used to centrally manage multiple accounts. In the case of
|
|
184
|
-
*
|
|
220
|
+
* Detective, the administrator account manages the accounts in their behavior
|
|
221
|
+
* graph.</p>
|
|
185
222
|
* </note>
|
|
186
223
|
*/
|
|
187
224
|
export declare class DetectiveClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, DetectiveClientResolvedConfig> {
|
|
@@ -8,15 +8,15 @@ export interface CreateGraphCommandOutput extends CreateGraphResponse, __Metadat
|
|
|
8
8
|
}
|
|
9
9
|
/**
|
|
10
10
|
* <p>Creates a new behavior graph for the calling account, and sets that account as the
|
|
11
|
-
* administrator account. This operation is called by the account that is enabling
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
15
|
-
*
|
|
16
|
-
*
|
|
17
|
-
*
|
|
18
|
-
* <p>The operation also enables Detective for the calling account in the currently
|
|
19
|
-
* Region. It returns the ARN of the new behavior graph.</p>
|
|
11
|
+
* administrator account. This operation is called by the account that is enabling Detective.</p>
|
|
12
|
+
* <p>Before you try to enable Detective, make sure that your account has been
|
|
13
|
+
* enrolled in Amazon GuardDuty for at least 48 hours. If you do not meet this
|
|
14
|
+
* requirement, you cannot enable Detective. If you do meet the GuardDuty
|
|
15
|
+
* prerequisite, then when you make the request to enable Detective, it checks
|
|
16
|
+
* whether your data volume is within the Detective quota. If it exceeds the quota,
|
|
17
|
+
* then you cannot enable Detective. </p>
|
|
18
|
+
* <p>The operation also enables Detective for the calling account in the currently
|
|
19
|
+
* selected Region. It returns the ARN of the new behavior graph.</p>
|
|
20
20
|
* <p>
|
|
21
21
|
* <code>CreateGraph</code> triggers a process to create the corresponding data tables for
|
|
22
22
|
* the new behavior graph.</p>
|
|
@@ -7,21 +7,31 @@ export interface CreateMembersCommandInput extends CreateMembersRequest {
|
|
|
7
7
|
export interface CreateMembersCommandOutput extends CreateMembersResponse, __MetadataBearer {
|
|
8
8
|
}
|
|
9
9
|
/**
|
|
10
|
-
* <p>
|
|
11
|
-
*
|
|
12
|
-
* behavior graph
|
|
10
|
+
* <p>
|
|
11
|
+
* <code>CreateMembers</code> is used to send invitations to accounts. For the organization
|
|
12
|
+
* behavior graph, the Detective administrator account uses
|
|
13
|
+
* <code>CreateMembers</code> to enable organization accounts as member accounts.</p>
|
|
14
|
+
* <p>For invited accounts, <code>CreateMembers</code> sends a request to invite the specified
|
|
15
|
+
* Amazon Web Services accounts to be member accounts in the behavior graph. This operation
|
|
16
|
+
* can only be called by the administrator account for a behavior graph. </p>
|
|
13
17
|
* <p>
|
|
14
18
|
* <code>CreateMembers</code> verifies the accounts and then invites the verified accounts.
|
|
15
19
|
* The administrator can optionally specify to not send invitation emails to the member
|
|
16
20
|
* accounts. This would be used when the administrator manages their member accounts
|
|
17
21
|
* centrally.</p>
|
|
18
|
-
* <p>
|
|
22
|
+
* <p>For organization accounts in the organization behavior graph, <code>CreateMembers</code>
|
|
23
|
+
* attempts to enable the accounts. The organization accounts do not receive
|
|
24
|
+
* invitations.</p>
|
|
25
|
+
* <p>The request provides the behavior graph ARN and the list of accounts to invite or to
|
|
26
|
+
* enable.</p>
|
|
19
27
|
* <p>The response separates the requested accounts into two lists:</p>
|
|
20
28
|
* <ul>
|
|
21
29
|
* <li>
|
|
22
|
-
* <p>The accounts that <code>CreateMembers</code> was able to
|
|
23
|
-
*
|
|
24
|
-
* verification and are to be invited, and that have failed verification
|
|
30
|
+
* <p>The accounts that <code>CreateMembers</code> was able to process. For invited
|
|
31
|
+
* accounts, includes member accounts that are being verified, that have passed
|
|
32
|
+
* verification and are to be invited, and that have failed verification. For
|
|
33
|
+
* organization accounts in the organization behavior graph, includes accounts that can
|
|
34
|
+
* be enabled and that cannot be enabled.</p>
|
|
25
35
|
* </li>
|
|
26
36
|
* <li>
|
|
27
37
|
* <p>The accounts that <code>CreateMembers</code> was unable to process. This list
|
|
@@ -8,7 +8,7 @@ export interface DeleteGraphCommandOutput extends __MetadataBearer {
|
|
|
8
8
|
}
|
|
9
9
|
/**
|
|
10
10
|
* <p>Disables the specified behavior graph and queues it to be deleted. This operation
|
|
11
|
-
* removes the graph from each member account's list of behavior graphs.</p>
|
|
11
|
+
* removes the behavior graph from each member account's list of behavior graphs.</p>
|
|
12
12
|
* <p>
|
|
13
13
|
* <code>DeleteGraph</code> can only be called by the administrator account for a behavior
|
|
14
14
|
* graph.</p>
|
|
@@ -7,11 +7,19 @@ export interface DeleteMembersCommandInput extends DeleteMembersRequest {
|
|
|
7
7
|
export interface DeleteMembersCommandOutput extends DeleteMembersResponse, __MetadataBearer {
|
|
8
8
|
}
|
|
9
9
|
/**
|
|
10
|
-
* <p>
|
|
11
|
-
* This operation can only be called by
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
10
|
+
* <p>Removes the specified member accounts from the behavior graph. The removed accounts no
|
|
11
|
+
* longer contribute data to the behavior graph. This operation can only be called by the
|
|
12
|
+
* administrator account for the behavior graph.</p>
|
|
13
|
+
* <p>For invited accounts, the removed accounts are deleted from the list of accounts in the
|
|
14
|
+
* behavior graph. To restore the account, the administrator account must send another
|
|
15
|
+
* invitation.</p>
|
|
16
|
+
* <p>For organization accounts in the organization behavior graph, the Detective
|
|
17
|
+
* administrator account can always enable the organization account again. Organization
|
|
18
|
+
* accounts that are not enabled as member accounts are not included in the
|
|
19
|
+
* <code>ListMembers</code> results for the organization behavior graph.</p>
|
|
20
|
+
* <p>An administrator account cannot use <code>DeleteMembers</code> to remove their own
|
|
21
|
+
* account from the behavior graph. To disable a behavior graph, the administrator account
|
|
22
|
+
* uses the <code>DeleteGraph</code> API method.</p>
|
|
15
23
|
* @example
|
|
16
24
|
* Use a bare-bones client and the command you need to make an API call.
|
|
17
25
|
* ```javascript
|