@aws-sdk/client-securityhub 3.1028.0 → 3.1030.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -606,6 +606,8 @@ const _ANct = "ActionName";
606
606
  const _ANp = "ApplicationName";
607
607
  const _ANt = "AttributeName";
608
608
  const _AO = "AllowOrigins";
609
+ const _AOS = "AwsOrganizationScope";
610
+ const _AOSL = "AwsOrganizationScopeList";
609
611
  const _AOSSD = "AwsOpenSearchServiceDomain";
610
612
  const _AOSSDASOD = "AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails";
611
613
  const _AOSSDCCD = "AwsOpenSearchServiceDomainClusterConfigDetails";
@@ -622,6 +624,7 @@ const _AOSSDVOD = "AwsOpenSearchServiceDomainVpcOptionsDetails";
622
624
  const _AOd = "AdditionalOccurrences";
623
625
  const _AOs = "AsnOrg";
624
626
  const _AOu = "AuthenticationOptions";
627
+ const _AOw = "AwsOrganizations";
625
628
  const _AP = "AccessPolicy";
626
629
  const _APA = "AccessPointArn";
627
630
  const _API = "AssignPublicIp";
@@ -1742,7 +1745,8 @@ const _FS = "FirstSeen";
1742
1745
  const _FSA = "FirstSeenAt";
1743
1746
  const _FSFRA = "FirehoseSuccessFeedbackRoleArn";
1744
1747
  const _FSI = "FileSystemId";
1745
- const _FSi = "FindingsSummary";
1748
+ const _FSi = "FindingScopes";
1749
+ const _FSin = "FindingsSummary";
1746
1750
  const _FT = "FindingType";
1747
1751
  const _FTCF = "FindingsTrendsCompositeFilter";
1748
1752
  const _FTCFL = "FindingsTrendsCompositeFilterList";
@@ -2416,6 +2420,7 @@ const _OIA = "OutsideIpAddress";
2416
2420
  const _OICC = "OpenIdConnectConfig";
2417
2421
  const _OIF = "OcsfIpFilter";
2418
2422
  const _OIFL = "OcsfIpFilterList";
2423
+ const _OIr = "OrganizationId";
2419
2424
  const _OIw = "OwnerId";
2420
2425
  const _OK = "OutputKey";
2421
2426
  const _OKT = "OriginKeepaliveTimeout";
@@ -2425,6 +2430,7 @@ const _OMF = "OcsfMapFilter";
2425
2430
  const _OMFL = "OcsfMapFilterList";
2426
2431
  const _ON = "OptionName";
2427
2432
  const _ONF = "OcsfNumberFilter";
2433
+ const _ONFE = "OrganizationNotFoundException";
2428
2434
  const _ONFL = "OcsfNumberFilterList";
2429
2435
  const _ONw = "OwnerName";
2430
2436
  const _OP = "OriginPath";
@@ -2442,6 +2448,7 @@ const _OST = "OperationStartTime";
2442
2448
  const _OSv = "OverallSeverity";
2443
2449
  const _OU = "OwnerUid";
2444
2450
  const _OUI = "OrganizationalUnitId";
2451
+ const _OUNFE = "OrganizationalUnitNotFoundException";
2445
2452
  const _OV = "OutputValue";
2446
2453
  const _OVl = "OldValue";
2447
2454
  const _Oc = "Occurrences";
@@ -2812,6 +2819,7 @@ const _RSen = "RenewalSummary";
2812
2819
  const _RSene = "RenewalStatus";
2813
2820
  const _RSep = "ReplicaStatus";
2814
2821
  const _RSes = "RestoreSummary";
2822
+ const _RSeso = "ResourceScopes";
2815
2823
  const _RSest = "RestoreStatus";
2816
2824
  const _RSo = "RouteSettings";
2817
2825
  const _RSou = "RouteSet";
@@ -3121,6 +3129,7 @@ const _Sa = "Sasl";
3121
3129
  const _Sam = "Sample";
3122
3130
  const _Sc = "Scope";
3123
3131
  const _Sch = "Scheme";
3132
+ const _Sco = "Scopes";
3124
3133
  const _Scr = "Scram";
3125
3134
  const _Se = "Severity";
3126
3135
  const _Sec = "Secrets";
@@ -3423,7 +3432,7 @@ const _se = "server";
3423
3432
  const _tK = "tagKeys";
3424
3433
  const n0 = "com.amazonaws.securityhub";
3425
3434
  import { TypeRegistry } from "@smithy/core/schema";
3426
- import { AccessDeniedException, ConflictException, InternalException, InternalServerException, InvalidAccessException, InvalidInputException, LimitExceededException, ResourceConflictException, ResourceInUseException, ResourceNotFoundException, ServiceQuotaExceededException, ThrottlingException, ValidationException, } from "../models/errors";
3435
+ import { AccessDeniedException, ConflictException, InternalException, InternalServerException, InvalidAccessException, InvalidInputException, LimitExceededException, OrganizationalUnitNotFoundException, OrganizationNotFoundException, ResourceConflictException, ResourceInUseException, ResourceNotFoundException, ServiceQuotaExceededException, ThrottlingException, ValidationException, } from "../models/errors";
3427
3436
  import { SecurityHubServiceException } from "../models/SecurityHubServiceException";
3428
3437
  const _s_registry = TypeRegistry.for(_s);
3429
3438
  export var SecurityHubServiceException$ = [-3, _s, "SecurityHubServiceException", 0, [], []];
@@ -3471,6 +3480,18 @@ export var LimitExceededException$ = [-3, n0, _LEE,
3471
3480
  [0, 0]
3472
3481
  ];
3473
3482
  n0_registry.registerError(LimitExceededException$, LimitExceededException);
3483
+ export var OrganizationalUnitNotFoundException$ = [-3, n0, _OUNFE,
3484
+ { [_e]: _c, [_hE]: 400 },
3485
+ [_M, _C],
3486
+ [0, 0]
3487
+ ];
3488
+ n0_registry.registerError(OrganizationalUnitNotFoundException$, OrganizationalUnitNotFoundException);
3489
+ export var OrganizationNotFoundException$ = [-3, n0, _ONFE,
3490
+ { [_e]: _c, [_hE]: 400 },
3491
+ [_M, _C],
3492
+ [0, 0]
3493
+ ];
3494
+ n0_registry.registerError(OrganizationNotFoundException$, OrganizationNotFoundException);
3474
3495
  export var ResourceConflictException$ = [-3, n0, _RCE,
3475
3496
  { [_e]: _c, [_hE]: 409 },
3476
3497
  [_M, _C],
@@ -5481,6 +5502,11 @@ export var AwsOpenSearchServiceDomainVpcOptionsDetails$ = [3, n0, _AOSSDVOD,
5481
5502
  [_SGI, _SIub],
5482
5503
  [64 | 0, 64 | 0]
5483
5504
  ];
5505
+ export var AwsOrganizationScope$ = [3, n0, _AOS,
5506
+ 0,
5507
+ [_OIr, _OUI],
5508
+ [0, 0]
5509
+ ];
5484
5510
  export var AwsRdsDbClusterAssociatedRole$ = [3, n0, _ARDCAR,
5485
5511
  0,
5486
5512
  [_RAo, _St],
@@ -6856,6 +6882,11 @@ export var FindingProviderSeverity$ = [3, n0, _FPS,
6856
6882
  [_Lab, _Orig],
6857
6883
  [0, 0]
6858
6884
  ];
6885
+ export var FindingScopes$ = [3, n0, _FSi,
6886
+ 0,
6887
+ [_AOw],
6888
+ [() => AwsOrganizationScopeList]
6889
+ ];
6859
6890
  export var FindingsTrendsCompositeFilter$ = [3, n0, _FTCF,
6860
6891
  0,
6861
6892
  [_SF, _NCF, _Oper],
@@ -7003,8 +7034,8 @@ export var GetFindingsResponse$ = [3, n0, _GFRe,
7003
7034
  ];
7004
7035
  export var GetFindingStatisticsV2Request$ = [3, n0, _GFSVR,
7005
7036
  0,
7006
- [_GBR, _SOo, _MSR],
7007
- [() => GroupByRules, 0, 1], 1
7037
+ [_GBR, _Sco, _SOo, _MSR],
7038
+ [() => GroupByRules, () => FindingScopes$, 0, 1], 1
7008
7039
  ];
7009
7040
  export var GetFindingStatisticsV2Response$ = [3, n0, _GFSVRe,
7010
7041
  0,
@@ -7023,8 +7054,8 @@ export var GetFindingsTrendsV2Response$ = [3, n0, _GFTVRe,
7023
7054
  ];
7024
7055
  export var GetFindingsV2Request$ = [3, n0, _GFVR,
7025
7056
  0,
7026
- [_Filt, _SCor, _NTe, _MRa],
7027
- [() => OcsfFindingFilters$, () => SortCriteria, 0, 1]
7057
+ [_Filt, _Sco, _SCor, _NTe, _MRa],
7058
+ [() => OcsfFindingFilters$, () => FindingScopes$, () => SortCriteria, 0, 1]
7028
7059
  ];
7029
7060
  export var GetFindingsV2Response$ = [3, n0, _GFVRe,
7030
7061
  0,
@@ -7083,8 +7114,8 @@ export var GetMembersResponse$ = [3, n0, _GMRe,
7083
7114
  ];
7084
7115
  export var GetResourcesStatisticsV2Request$ = [3, n0, _GRSVR,
7085
7116
  0,
7086
- [_GBR, _SOo, _MSR],
7087
- [() => ResourceGroupByRules, 0, 1], 1
7117
+ [_GBR, _Sco, _SOo, _MSR],
7118
+ [() => ResourceGroupByRules, () => ResourceScopes$, 0, 1], 1
7088
7119
  ];
7089
7120
  export var GetResourcesStatisticsV2Response$ = [3, n0, _GRSVRe,
7090
7121
  0,
@@ -7103,8 +7134,8 @@ export var GetResourcesTrendsV2Response$ = [3, n0, _GRTVRe,
7103
7134
  ];
7104
7135
  export var GetResourcesV2Request$ = [3, n0, _GRVR,
7105
7136
  0,
7106
- [_Filt, _SCor, _NTe, _MRa],
7107
- [() => ResourcesFilters$, () => SortCriteria, 0, 1]
7137
+ [_Filt, _Sco, _SCor, _NTe, _MRa],
7138
+ [() => ResourcesFilters$, () => ResourceScopes$, () => SortCriteria, 0, 1]
7108
7139
  ];
7109
7140
  export var GetResourcesV2Response$ = [3, n0, _GRVRe,
7110
7141
  0,
@@ -7623,7 +7654,7 @@ export var ResourceGroupByRule$ = [3, n0, _RGBR,
7623
7654
  ];
7624
7655
  export var ResourceResult$ = [3, n0, _RResou,
7625
7656
  0,
7626
- [_RI, _AIc, _Reg, _RDCTD, _RCeso, _RGe, _RCesou, _RT, _RNes, _RCTD, _FSi, _RTe],
7657
+ [_RI, _AIc, _Reg, _RDCTD, _RCeso, _RGe, _RCesou, _RT, _RNes, _RCTD, _FSin, _RTe],
7627
7658
  [0, 0, 0, 0, 15, 0, 0, 0, 0, 0, () => ResourceFindingsSummaryList, () => ResourceTagList], 5
7628
7659
  ];
7629
7660
  export var ResourcesCompositeFilter$ = [3, n0, _RCF,
@@ -7631,6 +7662,11 @@ export var ResourcesCompositeFilter$ = [3, n0, _RCF,
7631
7662
  [_SF, _DF, _NF, _MF, _NCF, _Oper],
7632
7663
  [() => ResourcesStringFilterList, () => ResourcesDateFilterList, () => ResourcesNumberFilterList, () => ResourcesMapFilterList, () => ResourcesCompositeFilterList, 0]
7633
7664
  ];
7665
+ export var ResourceScopes$ = [3, n0, _RSeso,
7666
+ 0,
7667
+ [_AOw],
7668
+ [() => AwsOrganizationScopeList]
7669
+ ];
7634
7670
  export var ResourcesCount$ = [3, n0, _RCesour,
7635
7671
  0,
7636
7672
  [_ARl],
@@ -8606,6 +8642,9 @@ var AwsMountPointList = [1, n0, _AMPL,
8606
8642
  var AwsNetworkFirewallFirewallSubnetMappingsList = [1, n0, _ANFFSML,
8607
8643
  0, () => AwsNetworkFirewallFirewallSubnetMappingsDetails$
8608
8644
  ];
8645
+ var AwsOrganizationScopeList = [1, n0, _AOSL,
8646
+ 0, () => AwsOrganizationScope$
8647
+ ];
8609
8648
  var AwsRdsDbClusterAssociatedRoles = [1, n0, _ARDCARw,
8610
8649
  0, () => AwsRdsDbClusterAssociatedRole$
8611
8650
  ];
@@ -27,12 +27,14 @@ declare const BatchUpdateFindingsV2Command_base: {
27
27
  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
28
28
  };
29
29
  /**
30
- * <p>Used by customers to update information about their investigation into a finding.
31
- * Requested by delegated administrator accounts or member accounts.
32
- * Delegated administrator accounts can update findings for their account and their member accounts.
33
- * Member accounts can update findings for their account. <code>BatchUpdateFindings</code> and <code>BatchUpdateFindingV2</code> both use <code>securityhub:BatchUpdateFindings</code> in the <code>Action</code> element of an IAM policy statement.
30
+ * <p>Updates information about a customer's investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account.</p>
31
+ * <p>
32
+ * <code>BatchUpdateFindings</code> and <code>BatchUpdateFindingsV2</code> both use <code>securityhub:BatchUpdateFindings</code> in the <code>Action</code> element of an IAM policy statement.
34
33
  * You must have permission to perform the <code>securityhub:BatchUpdateFindings</code> action.
35
- * Updates from <code>BatchUpdateFindingsV2</code> don't affect the value of f<code>inding_info.modified_time</code>, <code>finding_info.modified_time_dt</code>, <code>time</code>, <code>time_dt for a finding</code>.</p>
34
+ * You can configure IAM policies to restrict access to specific finding fields or field values by using the <code>securityhub:OCSFSyntaxPath/<fieldName></code> condition key, where <code><fieldName></code> is one of the following supported fields: <code>SeverityId</code>, <code>StatusId</code>, or <code>Comment</code>.</p>
35
+ * <p>To prevent a user from updating a specific field, use a <code>Null</code> condition with <code>securityhub:OCSFSyntaxPath/<fieldName></code> set to <code>"false"</code>.
36
+ * To prevent a user from setting a field to a specific value, use a <code>StringEquals</code> condition with <code>securityhub:OCSFSyntaxPath/<fieldName></code> set to the disallowed value or list of values.</p>
37
+ * <p>Updates from <code>BatchUpdateFindingsV2</code> don't affect the value of <code>finding_info.modified_time</code>, <code>finding_info.modified_time_dt</code>, <code>time</code>, or <code>time_dt</code> for a finding.</p>
36
38
  * @example
37
39
  * Use a bare-bones client and the command you need to make an API call.
38
40
  * ```javascript
@@ -28,9 +28,11 @@ declare const GetFindingStatisticsV2Command_base: {
28
28
  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
29
29
  };
30
30
  /**
31
- * <p>Returns aggregated statistical data about findings.
32
- * <code>GetFindingStatisticsV2</code> use <code>securityhub:GetAdhocInsightResults</code> in the <code>Action</code> element of an IAM policy statement.
33
- * You must have permission to perform the <code>s</code> action.</p>
31
+ * <p>Returns aggregated statistical data about findings.</p>
32
+ * <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you aggregate findings from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
33
+ * <p>
34
+ * <code>GetFindingStatisticsV2</code> uses <code>securityhub:GetAdhocInsightResults</code> in the <code>Action</code> element of an IAM policy statement.
35
+ * You must have permission to perform the <code>securityhub:GetAdhocInsightResults</code> action.</p>
34
36
  * @example
35
37
  * Use a bare-bones client and the command you need to make an API call.
36
38
  * ```javascript
@@ -179,6 +181,14 @@ declare const GetFindingStatisticsV2Command_base: {
179
181
  * GroupByField: "activity_name" || "cloud.account.uid" || "cloud.provider" || "cloud.region" || "compliance.assessments.name" || "compliance.status" || "compliance.control" || "finding_info.title" || "finding_info.related_events.traits.category" || "finding_info.types" || "metadata.product.name" || "metadata.product.uid" || "resources.type" || "resources.uid" || "severity" || "status" || "vulnerabilities.fix_coverage" || "class_name" || "vulnerabilities.affected_packages.name" || "finding_info.analytic.name" || "compliance.standards" || "cloud.account.name" || "vendor_attributes.severity" || "metadata.product.vendor_name", // required
180
182
  * },
181
183
  * ],
184
+ * Scopes: { // FindingScopes
185
+ * AwsOrganizations: [ // AwsOrganizationScopeList
186
+ * { // AwsOrganizationScope
187
+ * OrganizationId: "STRING_VALUE",
188
+ * OrganizationalUnitId: "STRING_VALUE",
189
+ * },
190
+ * ],
191
+ * },
182
192
  * SortOrder: "asc" || "desc",
183
193
  * MaxStatisticResults: Number("int"),
184
194
  * };
@@ -217,6 +227,12 @@ declare const GetFindingStatisticsV2Command_base: {
217
227
  * The request has failed due to an internal failure of the service.
218
228
  * </p>
219
229
  *
230
+ * @throws {@link OrganizationalUnitNotFoundException} (client fault)
231
+ * <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
232
+ *
233
+ * @throws {@link OrganizationNotFoundException} (client fault)
234
+ * <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
235
+ *
220
236
  * @throws {@link ThrottlingException} (client fault)
221
237
  * <p>
222
238
  * The limit on the number of requests per second was exceeded.
@@ -28,8 +28,11 @@ declare const GetFindingsV2Command_base: {
28
28
  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
29
29
  };
30
30
  /**
31
- * <p>Return a list of findings that match the specified criteria.
32
- * <code>GetFindings</code> and <code>GetFindingsV2</code> both use <code>securityhub:GetFindings</code> in the <code>Action</code> element of an IAM policy statement.
31
+ * <p>Returns a list of findings that match the specified criteria.</p>
32
+ * <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you retrieve findings from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
33
+ * <p>You can use the <code>Filters</code> parameter to refine results based on finding attributes. You can use <code>Scopes</code> and <code>Filters</code> independently or together. When both are provided, <code>Scopes</code> narrows the data set first, and then <code>Filters</code> refines results within that scoped data set.</p>
34
+ * <p>
35
+ * <code>GetFindings</code> and <code>GetFindingsV2</code> both use <code>securityhub:GetFindings</code> in the <code>Action</code> element of an IAM policy statement.
33
36
  * You must have permission to perform the <code>securityhub:GetFindings</code> action.</p>
34
37
  * @example
35
38
  * Use a bare-bones client and the command you need to make an API call.
@@ -174,6 +177,14 @@ declare const GetFindingsV2Command_base: {
174
177
  * ],
175
178
  * CompositeOperator: "AND" || "OR",
176
179
  * },
180
+ * Scopes: { // FindingScopes
181
+ * AwsOrganizations: [ // AwsOrganizationScopeList
182
+ * { // AwsOrganizationScope
183
+ * OrganizationId: "STRING_VALUE",
184
+ * OrganizationalUnitId: "STRING_VALUE",
185
+ * },
186
+ * ],
187
+ * },
177
188
  * SortCriteria: [ // SortCriteria
178
189
  * { // SortCriterion
179
190
  * Field: "STRING_VALUE",
@@ -211,6 +222,12 @@ declare const GetFindingsV2Command_base: {
211
222
  * The request has failed due to an internal failure of the service.
212
223
  * </p>
213
224
  *
225
+ * @throws {@link OrganizationalUnitNotFoundException} (client fault)
226
+ * <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
227
+ *
228
+ * @throws {@link OrganizationNotFoundException} (client fault)
229
+ * <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
230
+ *
214
231
  * @throws {@link ThrottlingException} (client fault)
215
232
  * <p>
216
233
  * The limit on the number of requests per second was exceeded.
@@ -29,6 +29,7 @@ declare const GetResourcesStatisticsV2Command_base: {
29
29
  };
30
30
  /**
31
31
  * <p>Retrieves statistical information about Amazon Web Services resources and their associated security findings.</p>
32
+ * <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you aggregate resources from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
32
33
  * @example
33
34
  * Use a bare-bones client and the command you need to make an API call.
34
35
  * ```javascript
@@ -145,6 +146,14 @@ declare const GetResourcesStatisticsV2Command_base: {
145
146
  * },
146
147
  * },
147
148
  * ],
149
+ * Scopes: { // ResourceScopes
150
+ * AwsOrganizations: [ // AwsOrganizationScopeList
151
+ * { // AwsOrganizationScope
152
+ * OrganizationId: "STRING_VALUE",
153
+ * OrganizationalUnitId: "STRING_VALUE",
154
+ * },
155
+ * ],
156
+ * },
148
157
  * SortOrder: "asc" || "desc",
149
158
  * MaxStatisticResults: Number("int"),
150
159
  * };
@@ -183,6 +192,12 @@ declare const GetResourcesStatisticsV2Command_base: {
183
192
  * The request has failed due to an internal failure of the service.
184
193
  * </p>
185
194
  *
195
+ * @throws {@link OrganizationalUnitNotFoundException} (client fault)
196
+ * <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
197
+ *
198
+ * @throws {@link OrganizationNotFoundException} (client fault)
199
+ * <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
200
+ *
186
201
  * @throws {@link ResourceNotFoundException} (client fault)
187
202
  * <p>The request was rejected because we can't find the specified resource.</p>
188
203
  *
@@ -29,6 +29,8 @@ declare const GetResourcesV2Command_base: {
29
29
  };
30
30
  /**
31
31
  * <p>Returns a list of resources.</p>
32
+ * <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you retrieve resources from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
33
+ * <p>You can use the <code>Filters</code> parameter to refine results based on resource attributes. You can use <code>Scopes</code> and <code>Filters</code> independently or together. When both are provided, <code>Scopes</code> narrows the data set first, and then <code>Filters</code> refines results within that scoped data set.</p>
32
34
  * @example
33
35
  * Use a bare-bones client and the command you need to make an API call.
34
36
  * ```javascript
@@ -140,6 +142,14 @@ declare const GetResourcesV2Command_base: {
140
142
  * ],
141
143
  * CompositeOperator: "AND" || "OR",
142
144
  * },
145
+ * Scopes: { // ResourceScopes
146
+ * AwsOrganizations: [ // AwsOrganizationScopeList
147
+ * { // AwsOrganizationScope
148
+ * OrganizationId: "STRING_VALUE",
149
+ * OrganizationalUnitId: "STRING_VALUE",
150
+ * },
151
+ * ],
152
+ * },
143
153
  * SortCriteria: [ // SortCriteria
144
154
  * { // SortCriterion
145
155
  * Field: "STRING_VALUE",
@@ -211,6 +221,12 @@ declare const GetResourcesV2Command_base: {
211
221
  * The request has failed due to an internal failure of the service.
212
222
  * </p>
213
223
  *
224
+ * @throws {@link OrganizationalUnitNotFoundException} (client fault)
225
+ * <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
226
+ *
227
+ * @throws {@link OrganizationNotFoundException} (client fault)
228
+ * <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
229
+ *
214
230
  * @throws {@link ResourceNotFoundException} (client fault)
215
231
  * <p>The request was rejected because we can't find the specified resource.</p>
216
232
  *
@@ -1,6 +1,7 @@
1
1
  import { Command as $Command } from "@smithy/smithy-client";
2
2
  import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
3
- import type { ListStandardsControlAssociationsRequest, ListStandardsControlAssociationsResponse } from "../models/models_2";
3
+ import type { ListStandardsControlAssociationsRequest } from "../models/models_2";
4
+ import type { ListStandardsControlAssociationsResponse } from "../models/models_3";
4
5
  import type { SecurityHubClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityHubClient";
5
6
  /**
6
7
  * @public
@@ -1,7 +1,6 @@
1
1
  import { Command as $Command } from "@smithy/smithy-client";
2
2
  import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
3
- import type { ListTagsForResourceRequest } from "../models/models_2";
4
- import type { ListTagsForResourceResponse } from "../models/models_3";
3
+ import type { ListTagsForResourceRequest, ListTagsForResourceResponse } from "../models/models_3";
5
4
  import type { SecurityHubClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityHubClient";
6
5
  /**
7
6
  * @public
@@ -174,6 +174,34 @@ export declare class ServiceQuotaExceededException extends __BaseException {
174
174
  */
175
175
  constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
176
176
  }
177
+ /**
178
+ * <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
179
+ * @public
180
+ */
181
+ export declare class OrganizationalUnitNotFoundException extends __BaseException {
182
+ readonly name: "OrganizationalUnitNotFoundException";
183
+ readonly $fault: "client";
184
+ Message?: string | undefined;
185
+ Code?: string | undefined;
186
+ /**
187
+ * @internal
188
+ */
189
+ constructor(opts: __ExceptionOptionType<OrganizationalUnitNotFoundException, __BaseException>);
190
+ }
191
+ /**
192
+ * <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
193
+ * @public
194
+ */
195
+ export declare class OrganizationNotFoundException extends __BaseException {
196
+ readonly name: "OrganizationNotFoundException";
197
+ readonly $fault: "client";
198
+ Message?: string | undefined;
199
+ Code?: string | undefined;
200
+ /**
201
+ * @internal
202
+ */
203
+ constructor(opts: __ExceptionOptionType<OrganizationNotFoundException, __BaseException>);
204
+ }
177
205
  /**
178
206
  * <p>
179
207
  * The request was rejected because it conflicts with the resource's availability. For example, you tried
@@ -1163,7 +1163,7 @@ export interface StringFilter {
1163
1163
  * </ul>
1164
1164
  * <p>
1165
1165
  * <code>CONTAINS</code> and <code>NOT_CONTAINS</code> operators can be used only with automation rules V1.
1166
- * <code>CONTAINS_WORD</code> operator is only supported in <code>GetFindingsV2</code>, <code>GetFindingStatisticsV2</code>, <code>GetResourcesV2</code>, and <code>GetResourceStatisticsV2</code> APIs.
1166
+ * <code>CONTAINS_WORD</code> operator is only supported in <code>GetFindingsV2</code>, <code>GetFindingStatisticsV2</code>, <code>GetResourcesV2</code>, and <code>GetResourcesStatisticsV2</code> APIs.
1167
1167
  * For more information, see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html">Automation rules</a> in the <i>Security Hub CSPM User Guide</i>.</p>
1168
1168
  * @public
1169
1169
  */
@@ -4187,6 +4187,27 @@ export interface AwsOpenSearchServiceDomainDetails {
4187
4187
  */
4188
4188
  AdvancedSecurityOptions?: AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails | undefined;
4189
4189
  }
4190
+ /**
4191
+ * <p>Specifies an Organizations scope. Data from the specified organization or organizational unit is included in the response.</p>
4192
+ * <p>To scope to a specific organizational unit, provide <code>OrganizationalUnitId</code>. You can optionally include <code>OrganizationId</code>. If you omit <code>OrganizationId</code>, Security Hub uses the caller's organization ID.
4193
+ * To scope to the delegated administrator's entire organization, provide only <code>OrganizationId</code>.</p>
4194
+ * <p>The organization ID and organizational unit must belong to the delegated administrator's own organization.
4195
+ * Each request must use one scoping approach: either scope to the entire organization by providing an <code>AwsOrganizationScope</code> entry with only <code>OrganizationId</code>, or scope to specific organizational units by providing <code>AwsOrganizationScope</code> entries with <code>OrganizationalUnitId</code>. You can't combine both approaches in the same request.</p>
4196
+ * @public
4197
+ */
4198
+ export interface AwsOrganizationScope {
4199
+ /**
4200
+ * <p>The unique identifier (ID) of the organization (for example, <code>o-abcd1234567890</code>). The organization must be the delegated administrator's own organization.
4201
+ * If you omit this value and provide <code>OrganizationalUnitId</code>, Security Hub uses the caller's organization ID.</p>
4202
+ * @public
4203
+ */
4204
+ OrganizationId?: string | undefined;
4205
+ /**
4206
+ * <p>The unique identifier (ID) of the organizational unit (OU) (for example, <code>ou-ab12-cd345678</code>). The OU must exist within the delegated administrator's own organization. When specified, the results include only data from accounts in this OU.</p>
4207
+ * @public
4208
+ */
4209
+ OrganizationalUnitId?: string | undefined;
4210
+ }
4190
4211
  /**
4191
4212
  * <p>An IAM role that is associated with the Amazon RDS DB cluster.</p>
4192
4213
  * @public
@@ -9919,25 +9940,3 @@ export interface AwsWafRuleGroupDetails {
9919
9940
  */
9920
9941
  Rules?: AwsWafRuleGroupRulesDetails[] | undefined;
9921
9942
  }
9922
- /**
9923
- * <p>
9924
- * A custom header for custom request and response handling.
9925
- * </p>
9926
- * @public
9927
- */
9928
- export interface AwsWafv2CustomHttpHeader {
9929
- /**
9930
- * <p>
9931
- * The name of the custom header.
9932
- * </p>
9933
- * @public
9934
- */
9935
- Name?: string | undefined;
9936
- /**
9937
- * <p>
9938
- * The value of the custom header.
9939
- * </p>
9940
- * @public
9941
- */
9942
- Value?: string | undefined;
9943
- }