@aws-sdk/client-guardduty 3.48.0 → 3.52.0

package/dist-types/models/models_0.d.ts

@@ -334,6 +334,7 @@ export interface AwsApiCallAction {
      * <p>The error code of the failed Amazon Web Services API action.</p>
      */
     ErrorCode?: string;
+    UserAgent?: string;
     /**
      * <p>The remote IP information of the connection that initiated the Amazon Web Services API call.</p>
      */
@@ -368,6 +369,45 @@ export declare namespace DnsRequestAction {
      */
     const filterSensitiveLog: (obj: DnsRequestAction) => any;
 }
+/**
+ * <p>Information about the Kubernetes API call action described in this finding.</p>
+ */
+export interface KubernetesApiCallAction {
+    /**
+     * <p>The Kubernetes API request URI.</p>
+     */
+    RequestUri?: string;
+    /**
+     * <p>The Kubernetes API request HTTP verb.</p>
+     */
+    Verb?: string;
+    /**
+     * <p>The IP of the  Kubernetes API caller and the IPs of any proxies or load balancers between the caller and the API endpoint.</p>
+     */
+    SourceIps?: string[];
+    /**
+     * <p>The user agent of the caller of the Kubernetes API.</p>
+     */
+    UserAgent?: string;
+    /**
+     * <p>Contains information about the remote IP address of the connection.</p>
+     */
+    RemoteIpDetails?: RemoteIpDetails;
+    /**
+     * <p>The resulting HTTP response code of the Kubernetes API call action.</p>
+     */
+    StatusCode?: number;
+    /**
+     * <p>Parameters related to the Kubernetes API call action.</p>
+     */
+    Parameters?: string;
+}
+export declare namespace KubernetesApiCallAction {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesApiCallAction) => any;
+}
 /**
  * <p>Contains information about the local IP address of the connection.</p>
  */
@@ -526,6 +566,10 @@ export interface Action {
      * <p>Information about the PORT_PROBE action described in this finding.</p>
      */
     PortProbeAction?: PortProbeAction;
+    /**
+     * <p>Information about the Kubernetes API call action described in this finding.</p>
+     */
+    KubernetesApiCallAction?: KubernetesApiCallAction;
 }
 export declare namespace Action {
     /**
@@ -731,6 +775,109 @@ export declare namespace Condition {
      */
     const filterSensitiveLog: (obj: Condition) => any;
 }
+/**
+ * <p>Container security context.</p>
+ */
+export interface SecurityContext {
+    /**
+     * <p>Whether the container is privileged.</p>
+     */
+    Privileged?: boolean;
+}
+export declare namespace SecurityContext {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: SecurityContext) => any;
+}
+/**
+ * <p>Container volume mount.</p>
+ */
+export interface VolumeMount {
+    /**
+     * <p>Volume mount name.</p>
+     */
+    Name?: string;
+    /**
+     * <p>Volume mount path.</p>
+     */
+    MountPath?: string;
+}
+export declare namespace VolumeMount {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: VolumeMount) => any;
+}
+/**
+ * <p>Details of a container.</p>
+ */
+export interface Container {
+    /**
+     * <p>The container runtime (such as, Docker or containerd) used to run the container.</p>
+     */
+    ContainerRuntime?: string;
+    /**
+     * <p>Container ID.</p>
+     */
+    Id?: string;
+    /**
+     * <p>Container name.</p>
+     */
+    Name?: string;
+    /**
+     * <p>Container image.</p>
+     */
+    Image?: string;
+    /**
+     * <p>Part of the image name before the last slash. For example, imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would be public.ecr.aws/amazonlinux. If the image name is relative and does not have a slash, this field is empty.</p>
+     */
+    ImagePrefix?: string;
+    /**
+     * <p>Container volume mounts.</p>
+     */
+    VolumeMounts?: VolumeMount[];
+    /**
+     * <p>Container security context.</p>
+     */
+    SecurityContext?: SecurityContext;
+}
+export declare namespace Container {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: Container) => any;
+}
+/**
+ * <p>Describes whether Kubernetes audit logs are enabled as a data source.</p>
+ */
+export interface KubernetesAuditLogsConfiguration {
+    /**
+     * <p>The status of Kubernetes audit logs as a data source.</p>
+     */
+    Enable: boolean | undefined;
+}
+export declare namespace KubernetesAuditLogsConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesAuditLogsConfiguration) => any;
+}
+/**
+ * <p>Describes whether any Kubernetes data sources are enabled.</p>
+ */
+export interface KubernetesConfiguration {
+    /**
+     * <p>The status of Kubernetes audit logs as a data source.</p>
+     */
+    AuditLogs: KubernetesAuditLogsConfiguration | undefined;
+}
+export declare namespace KubernetesConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesConfiguration) => any;
+}
 /**
  * <p>Describes whether S3 data event logs will be enabled as a data source.</p>
  */
@@ -754,6 +901,10 @@ export interface DataSourceConfigurations {
      * <p>Describes whether S3 data event logs are enabled as a data source.</p>
      */
     S3Logs?: S3LogsConfiguration;
+    /**
+     * <p>Describes whether any Kubernetes logs are enabled as data sources.</p>
+     */
+    Kubernetes?: KubernetesConfiguration;
 }
 export declare namespace DataSourceConfigurations {
     /**
@@ -1326,6 +1477,7 @@ export declare enum DataSource {
     CLOUD_TRAIL = "CLOUD_TRAIL",
     DNS_LOGS = "DNS_LOGS",
     FLOW_LOGS = "FLOW_LOGS",
+    KUBERNETES_AUDIT_LOGS = "KUBERNETES_AUDIT_LOGS",
     S3_LOGS = "S3_LOGS"
 }
 /**
@@ -1358,6 +1510,36 @@ export declare namespace FlowLogsConfigurationResult {
      */
     const filterSensitiveLog: (obj: FlowLogsConfigurationResult) => any;
 }
+/**
+ * <p>Describes whether Kubernetes audit logs are enabled as a data source.</p>
+ */
+export interface KubernetesAuditLogsConfigurationResult {
+    /**
+     * <p>A value that describes whether Kubernetes audit logs are enabled as a data source.</p>
+     */
+    Status: DataSourceStatus | string | undefined;
+}
+export declare namespace KubernetesAuditLogsConfigurationResult {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesAuditLogsConfigurationResult) => any;
+}
+/**
+ * <p>Describes whether any Kubernetes logs will be enabled as a data source.</p>
+ */
+export interface KubernetesConfigurationResult {
+    /**
+     * <p>Describes whether Kubernetes audit logs are enabled as a data source.</p>
+     */
+    AuditLogs: KubernetesAuditLogsConfigurationResult | undefined;
+}
+export declare namespace KubernetesConfigurationResult {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesConfigurationResult) => any;
+}
 /**
  * <p>Describes whether S3 data event logs will be enabled as a data source.</p>
  */
@@ -1396,6 +1578,10 @@ export interface DataSourceConfigurationsResult {
      *       source.</p>
      */
     S3Logs: S3LogsConfigurationResult | undefined;
+    /**
+     * <p>An object that contains information on the status of all Kubernetes data sources.</p>
+     */
+    Kubernetes?: KubernetesConfigurationResult;
 }
 export declare namespace DataSourceConfigurationsResult {
     /**
@@ -1635,6 +1821,36 @@ export declare namespace DescribeOrganizationConfigurationRequest {
      */
     const filterSensitiveLog: (obj: DescribeOrganizationConfigurationRequest) => any;
 }
+/**
+ * <p>The current configuration of Kubernetes audit logs as a data source for the organization.</p>
+ */
+export interface OrganizationKubernetesAuditLogsConfigurationResult {
+    /**
+     * <p>Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.</p>
+     */
+    AutoEnable: boolean | undefined;
+}
+export declare namespace OrganizationKubernetesAuditLogsConfigurationResult {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: OrganizationKubernetesAuditLogsConfigurationResult) => any;
+}
+/**
+ * <p>The current configuration of all Kubernetes data sources for the organization.</p>
+ */
+export interface OrganizationKubernetesConfigurationResult {
+    /**
+     * <p>The current configuration of Kubernetes audit logs as a data source for the organization.</p>
+     */
+    AuditLogs: OrganizationKubernetesAuditLogsConfigurationResult | undefined;
+}
+export declare namespace OrganizationKubernetesConfigurationResult {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: OrganizationKubernetesConfigurationResult) => any;
+}
 /**
  * <p>The current configuration of S3 data event logs as a data source for the
  *       organization.</p>
@@ -1661,6 +1877,10 @@ export interface OrganizationDataSourceConfigurationsResult {
      * <p>Describes whether S3 data event logs are enabled as a data source.</p>
      */
     S3Logs: OrganizationS3LogsConfigurationResult | undefined;
+    /**
+     * <p>Describes the configuration of Kubernetes data sources.</p>
+     */
+    Kubernetes?: OrganizationKubernetesConfigurationResult;
 }
 export declare namespace OrganizationDataSourceConfigurationsResult {
     /**
@@ -1846,6 +2066,60 @@ export declare namespace DisassociateMembersResponse {
      */
     const filterSensitiveLog: (obj: DisassociateMembersResponse) => any;
 }
+/**
+ * <p>Contains information about a tag associated with the EC2 instance.</p>
+ */
+export interface Tag {
+    /**
+     * <p>The EC2 instance tag key.</p>
+     */
+    Key?: string;
+    /**
+     * <p>The EC2 instance tag value.</p>
+     */
+    Value?: string;
+}
+export declare namespace Tag {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: Tag) => any;
+}
+/**
+ * <p>Details about the EKS cluster involved in a Kubernetes finding.</p>
+ */
+export interface EksClusterDetails {
+    /**
+     * <p>EKS cluster name.</p>
+     */
+    Name?: string;
+    /**
+     * <p>EKS cluster ARN.</p>
+     */
+    Arn?: string;
+    /**
+     * <p>The VPC ID to which the EKS cluster is attached.</p>
+     */
+    VpcId?: string;
+    /**
+     * <p>The EKS cluster status.</p>
+     */
+    Status?: string;
+    /**
+     * <p>The EKS cluster tags.</p>
+     */
+    Tags?: Tag[];
+    /**
+     * <p>The timestamp when the EKS cluster was created.</p>
+     */
+    CreatedAt?: Date;
+}
+export declare namespace EksClusterDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: EksClusterDetails) => any;
+}
 export interface EnableOrganizationAdminAccountRequest {
     /**
      * <p>The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated
@@ -2034,25 +2308,6 @@ export declare namespace ProductCode {
      */
     const filterSensitiveLog: (obj: ProductCode) => any;
 }
-/**
- * <p>Contains information about a tag associated with the EC2 instance.</p>
- */
-export interface Tag {
-    /**
-     * <p>The EC2 instance tag key.</p>
-     */
-    Key?: string;
-    /**
-     * <p>The EC2 instance tag value.</p>
-     */
-    Value?: string;
-}
-export declare namespace Tag {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: Tag) => any;
-}
 /**
  * <p>Contains information about the details of an instance.</p>
  */
@@ -2117,6 +2372,121 @@ export declare namespace InstanceDetails {
      */
     const filterSensitiveLog: (obj: InstanceDetails) => any;
 }
+/**
+ * <p>Details about the Kubernetes user involved in a Kubernetes finding.</p>
+ */
+export interface KubernetesUserDetails {
+    /**
+     * <p>The username of the user who called the Kubernetes API.</p>
+     */
+    Username?: string;
+    /**
+     * <p>The user ID of the user who called the Kubernetes API.</p>
+     */
+    Uid?: string;
+    /**
+     * <p>The groups that include the user who called the Kubernetes API.</p>
+     */
+    Groups?: string[];
+}
+export declare namespace KubernetesUserDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesUserDetails) => any;
+}
+/**
+ * <p>Represents a pre-existing file or directory on the host machine that the volume maps to.</p>
+ */
+export interface HostPath {
+    /**
+     * <p>Path of the file or directory on the host that the volume maps to.</p>
+     */
+    Path?: string;
+}
+export declare namespace HostPath {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: HostPath) => any;
+}
+/**
+ * <p>Volume used by the Kubernetes workload.</p>
+ */
+export interface Volume {
+    /**
+     * <p>Volume name.</p>
+     */
+    Name?: string;
+    /**
+     * <p>Represents a pre-existing file or directory on the host machine that the volume maps to.</p>
+     */
+    HostPath?: HostPath;
+}
+export declare namespace Volume {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: Volume) => any;
+}
+/**
+ * <p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>
+ */
+export interface KubernetesWorkloadDetails {
+    /**
+     * <p>Kubernetes workload name.</p>
+     */
+    Name?: string;
+    /**
+     * <p>Kubernetes workload type (e.g. Pod, Deployment, etc.).</p>
+     */
+    Type?: string;
+    /**
+     * <p>Kubernetes workload ID.</p>
+     */
+    Uid?: string;
+    /**
+     * <p>Kubernetes namespace that the workload is part of.</p>
+     */
+    Namespace?: string;
+    /**
+     * <p>Whether the hostNetwork flag is enabled for the pods included in the workload.</p>
+     */
+    HostNetwork?: boolean;
+    /**
+     * <p>Containers running as part of the Kubernetes workload.</p>
+     */
+    Containers?: Container[];
+    /**
+     * <p>Volumes used by the Kubernetes workload.</p>
+     */
+    Volumes?: Volume[];
+}
+export declare namespace KubernetesWorkloadDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesWorkloadDetails) => any;
+}
+/**
+ * <p>Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.</p>
+ */
+export interface KubernetesDetails {
+    /**
+     * <p>Details about the Kubernetes user involved in a Kubernetes finding.</p>
+     */
+    KubernetesUserDetails?: KubernetesUserDetails;
+    /**
+     * <p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>
+     */
+    KubernetesWorkloadDetails?: KubernetesWorkloadDetails;
+}
+export declare namespace KubernetesDetails {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: KubernetesDetails) => any;
+}
 /**
  * <p>Contains information on the owner of the bucket.</p>
  */
@@ -2236,6 +2606,14 @@ export interface Resource {
      *       GuardDuty to generate a finding.</p>
      */
     InstanceDetails?: InstanceDetails;
+    /**
+     * <p>Details about the EKS cluster involved in a Kubernetes finding.</p>
+     */
+    EksClusterDetails?: EksClusterDetails;
+    /**
+     * <p>Details about the Kubernetes user and workload involved in a Kubernetes finding.</p>
+     */
+    KubernetesDetails?: KubernetesDetails;
     /**
      * <p>The type of Amazon Web Services resource.</p>
      */
@@ -4011,6 +4389,37 @@ export declare namespace UpdateMemberDetectorsResponse {
      */
     const filterSensitiveLog: (obj: UpdateMemberDetectorsResponse) => any;
 }
+/**
+ * <p>Organization-wide Kubernetes audit logs configuration.</p>
+ */
+export interface OrganizationKubernetesAuditLogsConfiguration {
+    /**
+     * <p>A value that contains information on whether Kubernetes audit logs should be enabled
+     *       automatically as a data source for the organization.</p>
+     */
+    AutoEnable: boolean | undefined;
+}
+export declare namespace OrganizationKubernetesAuditLogsConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: OrganizationKubernetesAuditLogsConfiguration) => any;
+}
+/**
+ * <p>Organization-wide Kubernetes data sources configurations.</p>
+ */
+export interface OrganizationKubernetesConfiguration {
+    /**
+     * <p>Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.</p>
+     */
+    AuditLogs: OrganizationKubernetesAuditLogsConfiguration | undefined;
+}
+export declare namespace OrganizationKubernetesConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: OrganizationKubernetesConfiguration) => any;
+}
 /**
  * <p>Describes whether S3 data event logs will be automatically enabled for new members of the
  *       organization.</p>
@@ -4038,6 +4447,10 @@ export interface OrganizationDataSourceConfigurations {
      *       organization.</p>
      */
     S3Logs?: OrganizationS3LogsConfiguration;
+    /**
+     * <p>Describes the configuration of Kubernetes data sources for new members of the organization.</p>
+     */
+    Kubernetes?: OrganizationKubernetesConfiguration;
 }
 export declare namespace OrganizationDataSourceConfigurations {
     /**