@aws-sdk/client-securityhub 3.1028.0 → 3.1030.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-cjs/models/errors.js +35 -1
- package/dist-cjs/schemas/schemas_0.js +71 -32
- package/dist-es/models/errors.js +32 -0
- package/dist-es/schemas/schemas_0.js +50 -11
- package/dist-types/commands/BatchUpdateFindingsV2Command.d.ts +7 -5
- package/dist-types/commands/GetFindingStatisticsV2Command.d.ts +19 -3
- package/dist-types/commands/GetFindingsV2Command.d.ts +19 -2
- package/dist-types/commands/GetResourcesStatisticsV2Command.d.ts +15 -0
- package/dist-types/commands/GetResourcesV2Command.d.ts +16 -0
- package/dist-types/commands/ListStandardsControlAssociationsCommand.d.ts +2 -1
- package/dist-types/commands/ListTagsForResourceCommand.d.ts +1 -2
- package/dist-types/models/errors.d.ts +28 -0
- package/dist-types/models/models_0.d.ts +1 -1
- package/dist-types/models/models_1.d.ts +21 -22
- package/dist-types/models/models_2.d.ts +49 -100
- package/dist-types/models/models_3.d.ts +130 -3
- package/dist-types/schemas/schemas_0.d.ts +5 -0
- package/dist-types/ts3.4/commands/ListStandardsControlAssociationsCommand.d.ts +2 -4
- package/dist-types/ts3.4/commands/ListTagsForResourceCommand.d.ts +4 -2
- package/dist-types/ts3.4/models/errors.d.ts +21 -0
- package/dist-types/ts3.4/models/models_1.d.ts +4 -4
- package/dist-types/ts3.4/models/models_2.d.ts +11 -21
- package/dist-types/ts3.4/models/models_3.d.ts +27 -0
- package/dist-types/ts3.4/schemas/schemas_0.d.ts +5 -0
- package/package.json +1 -1
|
@@ -606,6 +606,8 @@ const _ANct = "ActionName";
|
|
|
606
606
|
const _ANp = "ApplicationName";
|
|
607
607
|
const _ANt = "AttributeName";
|
|
608
608
|
const _AO = "AllowOrigins";
|
|
609
|
+
const _AOS = "AwsOrganizationScope";
|
|
610
|
+
const _AOSL = "AwsOrganizationScopeList";
|
|
609
611
|
const _AOSSD = "AwsOpenSearchServiceDomain";
|
|
610
612
|
const _AOSSDASOD = "AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails";
|
|
611
613
|
const _AOSSDCCD = "AwsOpenSearchServiceDomainClusterConfigDetails";
|
|
@@ -622,6 +624,7 @@ const _AOSSDVOD = "AwsOpenSearchServiceDomainVpcOptionsDetails";
|
|
|
622
624
|
const _AOd = "AdditionalOccurrences";
|
|
623
625
|
const _AOs = "AsnOrg";
|
|
624
626
|
const _AOu = "AuthenticationOptions";
|
|
627
|
+
const _AOw = "AwsOrganizations";
|
|
625
628
|
const _AP = "AccessPolicy";
|
|
626
629
|
const _APA = "AccessPointArn";
|
|
627
630
|
const _API = "AssignPublicIp";
|
|
@@ -1742,7 +1745,8 @@ const _FS = "FirstSeen";
|
|
|
1742
1745
|
const _FSA = "FirstSeenAt";
|
|
1743
1746
|
const _FSFRA = "FirehoseSuccessFeedbackRoleArn";
|
|
1744
1747
|
const _FSI = "FileSystemId";
|
|
1745
|
-
const _FSi = "
|
|
1748
|
+
const _FSi = "FindingScopes";
|
|
1749
|
+
const _FSin = "FindingsSummary";
|
|
1746
1750
|
const _FT = "FindingType";
|
|
1747
1751
|
const _FTCF = "FindingsTrendsCompositeFilter";
|
|
1748
1752
|
const _FTCFL = "FindingsTrendsCompositeFilterList";
|
|
@@ -2416,6 +2420,7 @@ const _OIA = "OutsideIpAddress";
|
|
|
2416
2420
|
const _OICC = "OpenIdConnectConfig";
|
|
2417
2421
|
const _OIF = "OcsfIpFilter";
|
|
2418
2422
|
const _OIFL = "OcsfIpFilterList";
|
|
2423
|
+
const _OIr = "OrganizationId";
|
|
2419
2424
|
const _OIw = "OwnerId";
|
|
2420
2425
|
const _OK = "OutputKey";
|
|
2421
2426
|
const _OKT = "OriginKeepaliveTimeout";
|
|
@@ -2425,6 +2430,7 @@ const _OMF = "OcsfMapFilter";
|
|
|
2425
2430
|
const _OMFL = "OcsfMapFilterList";
|
|
2426
2431
|
const _ON = "OptionName";
|
|
2427
2432
|
const _ONF = "OcsfNumberFilter";
|
|
2433
|
+
const _ONFE = "OrganizationNotFoundException";
|
|
2428
2434
|
const _ONFL = "OcsfNumberFilterList";
|
|
2429
2435
|
const _ONw = "OwnerName";
|
|
2430
2436
|
const _OP = "OriginPath";
|
|
@@ -2442,6 +2448,7 @@ const _OST = "OperationStartTime";
|
|
|
2442
2448
|
const _OSv = "OverallSeverity";
|
|
2443
2449
|
const _OU = "OwnerUid";
|
|
2444
2450
|
const _OUI = "OrganizationalUnitId";
|
|
2451
|
+
const _OUNFE = "OrganizationalUnitNotFoundException";
|
|
2445
2452
|
const _OV = "OutputValue";
|
|
2446
2453
|
const _OVl = "OldValue";
|
|
2447
2454
|
const _Oc = "Occurrences";
|
|
@@ -2812,6 +2819,7 @@ const _RSen = "RenewalSummary";
|
|
|
2812
2819
|
const _RSene = "RenewalStatus";
|
|
2813
2820
|
const _RSep = "ReplicaStatus";
|
|
2814
2821
|
const _RSes = "RestoreSummary";
|
|
2822
|
+
const _RSeso = "ResourceScopes";
|
|
2815
2823
|
const _RSest = "RestoreStatus";
|
|
2816
2824
|
const _RSo = "RouteSettings";
|
|
2817
2825
|
const _RSou = "RouteSet";
|
|
@@ -3121,6 +3129,7 @@ const _Sa = "Sasl";
|
|
|
3121
3129
|
const _Sam = "Sample";
|
|
3122
3130
|
const _Sc = "Scope";
|
|
3123
3131
|
const _Sch = "Scheme";
|
|
3132
|
+
const _Sco = "Scopes";
|
|
3124
3133
|
const _Scr = "Scram";
|
|
3125
3134
|
const _Se = "Severity";
|
|
3126
3135
|
const _Sec = "Secrets";
|
|
@@ -3423,7 +3432,7 @@ const _se = "server";
|
|
|
3423
3432
|
const _tK = "tagKeys";
|
|
3424
3433
|
const n0 = "com.amazonaws.securityhub";
|
|
3425
3434
|
import { TypeRegistry } from "@smithy/core/schema";
|
|
3426
|
-
import { AccessDeniedException, ConflictException, InternalException, InternalServerException, InvalidAccessException, InvalidInputException, LimitExceededException, ResourceConflictException, ResourceInUseException, ResourceNotFoundException, ServiceQuotaExceededException, ThrottlingException, ValidationException, } from "../models/errors";
|
|
3435
|
+
import { AccessDeniedException, ConflictException, InternalException, InternalServerException, InvalidAccessException, InvalidInputException, LimitExceededException, OrganizationalUnitNotFoundException, OrganizationNotFoundException, ResourceConflictException, ResourceInUseException, ResourceNotFoundException, ServiceQuotaExceededException, ThrottlingException, ValidationException, } from "../models/errors";
|
|
3427
3436
|
import { SecurityHubServiceException } from "../models/SecurityHubServiceException";
|
|
3428
3437
|
const _s_registry = TypeRegistry.for(_s);
|
|
3429
3438
|
export var SecurityHubServiceException$ = [-3, _s, "SecurityHubServiceException", 0, [], []];
|
|
@@ -3471,6 +3480,18 @@ export var LimitExceededException$ = [-3, n0, _LEE,
|
|
|
3471
3480
|
[0, 0]
|
|
3472
3481
|
];
|
|
3473
3482
|
n0_registry.registerError(LimitExceededException$, LimitExceededException);
|
|
3483
|
+
export var OrganizationalUnitNotFoundException$ = [-3, n0, _OUNFE,
|
|
3484
|
+
{ [_e]: _c, [_hE]: 400 },
|
|
3485
|
+
[_M, _C],
|
|
3486
|
+
[0, 0]
|
|
3487
|
+
];
|
|
3488
|
+
n0_registry.registerError(OrganizationalUnitNotFoundException$, OrganizationalUnitNotFoundException);
|
|
3489
|
+
export var OrganizationNotFoundException$ = [-3, n0, _ONFE,
|
|
3490
|
+
{ [_e]: _c, [_hE]: 400 },
|
|
3491
|
+
[_M, _C],
|
|
3492
|
+
[0, 0]
|
|
3493
|
+
];
|
|
3494
|
+
n0_registry.registerError(OrganizationNotFoundException$, OrganizationNotFoundException);
|
|
3474
3495
|
export var ResourceConflictException$ = [-3, n0, _RCE,
|
|
3475
3496
|
{ [_e]: _c, [_hE]: 409 },
|
|
3476
3497
|
[_M, _C],
|
|
@@ -5481,6 +5502,11 @@ export var AwsOpenSearchServiceDomainVpcOptionsDetails$ = [3, n0, _AOSSDVOD,
|
|
|
5481
5502
|
[_SGI, _SIub],
|
|
5482
5503
|
[64 | 0, 64 | 0]
|
|
5483
5504
|
];
|
|
5505
|
+
export var AwsOrganizationScope$ = [3, n0, _AOS,
|
|
5506
|
+
0,
|
|
5507
|
+
[_OIr, _OUI],
|
|
5508
|
+
[0, 0]
|
|
5509
|
+
];
|
|
5484
5510
|
export var AwsRdsDbClusterAssociatedRole$ = [3, n0, _ARDCAR,
|
|
5485
5511
|
0,
|
|
5486
5512
|
[_RAo, _St],
|
|
@@ -6856,6 +6882,11 @@ export var FindingProviderSeverity$ = [3, n0, _FPS,
|
|
|
6856
6882
|
[_Lab, _Orig],
|
|
6857
6883
|
[0, 0]
|
|
6858
6884
|
];
|
|
6885
|
+
export var FindingScopes$ = [3, n0, _FSi,
|
|
6886
|
+
0,
|
|
6887
|
+
[_AOw],
|
|
6888
|
+
[() => AwsOrganizationScopeList]
|
|
6889
|
+
];
|
|
6859
6890
|
export var FindingsTrendsCompositeFilter$ = [3, n0, _FTCF,
|
|
6860
6891
|
0,
|
|
6861
6892
|
[_SF, _NCF, _Oper],
|
|
@@ -7003,8 +7034,8 @@ export var GetFindingsResponse$ = [3, n0, _GFRe,
|
|
|
7003
7034
|
];
|
|
7004
7035
|
export var GetFindingStatisticsV2Request$ = [3, n0, _GFSVR,
|
|
7005
7036
|
0,
|
|
7006
|
-
[_GBR, _SOo, _MSR],
|
|
7007
|
-
[() => GroupByRules, 0, 1], 1
|
|
7037
|
+
[_GBR, _Sco, _SOo, _MSR],
|
|
7038
|
+
[() => GroupByRules, () => FindingScopes$, 0, 1], 1
|
|
7008
7039
|
];
|
|
7009
7040
|
export var GetFindingStatisticsV2Response$ = [3, n0, _GFSVRe,
|
|
7010
7041
|
0,
|
|
@@ -7023,8 +7054,8 @@ export var GetFindingsTrendsV2Response$ = [3, n0, _GFTVRe,
|
|
|
7023
7054
|
];
|
|
7024
7055
|
export var GetFindingsV2Request$ = [3, n0, _GFVR,
|
|
7025
7056
|
0,
|
|
7026
|
-
[_Filt, _SCor, _NTe, _MRa],
|
|
7027
|
-
[() => OcsfFindingFilters$, () => SortCriteria, 0, 1]
|
|
7057
|
+
[_Filt, _Sco, _SCor, _NTe, _MRa],
|
|
7058
|
+
[() => OcsfFindingFilters$, () => FindingScopes$, () => SortCriteria, 0, 1]
|
|
7028
7059
|
];
|
|
7029
7060
|
export var GetFindingsV2Response$ = [3, n0, _GFVRe,
|
|
7030
7061
|
0,
|
|
@@ -7083,8 +7114,8 @@ export var GetMembersResponse$ = [3, n0, _GMRe,
|
|
|
7083
7114
|
];
|
|
7084
7115
|
export var GetResourcesStatisticsV2Request$ = [3, n0, _GRSVR,
|
|
7085
7116
|
0,
|
|
7086
|
-
[_GBR, _SOo, _MSR],
|
|
7087
|
-
[() => ResourceGroupByRules, 0, 1], 1
|
|
7117
|
+
[_GBR, _Sco, _SOo, _MSR],
|
|
7118
|
+
[() => ResourceGroupByRules, () => ResourceScopes$, 0, 1], 1
|
|
7088
7119
|
];
|
|
7089
7120
|
export var GetResourcesStatisticsV2Response$ = [3, n0, _GRSVRe,
|
|
7090
7121
|
0,
|
|
@@ -7103,8 +7134,8 @@ export var GetResourcesTrendsV2Response$ = [3, n0, _GRTVRe,
|
|
|
7103
7134
|
];
|
|
7104
7135
|
export var GetResourcesV2Request$ = [3, n0, _GRVR,
|
|
7105
7136
|
0,
|
|
7106
|
-
[_Filt, _SCor, _NTe, _MRa],
|
|
7107
|
-
[() => ResourcesFilters$, () => SortCriteria, 0, 1]
|
|
7137
|
+
[_Filt, _Sco, _SCor, _NTe, _MRa],
|
|
7138
|
+
[() => ResourcesFilters$, () => ResourceScopes$, () => SortCriteria, 0, 1]
|
|
7108
7139
|
];
|
|
7109
7140
|
export var GetResourcesV2Response$ = [3, n0, _GRVRe,
|
|
7110
7141
|
0,
|
|
@@ -7623,7 +7654,7 @@ export var ResourceGroupByRule$ = [3, n0, _RGBR,
|
|
|
7623
7654
|
];
|
|
7624
7655
|
export var ResourceResult$ = [3, n0, _RResou,
|
|
7625
7656
|
0,
|
|
7626
|
-
[_RI, _AIc, _Reg, _RDCTD, _RCeso, _RGe, _RCesou, _RT, _RNes, _RCTD,
|
|
7657
|
+
[_RI, _AIc, _Reg, _RDCTD, _RCeso, _RGe, _RCesou, _RT, _RNes, _RCTD, _FSin, _RTe],
|
|
7627
7658
|
[0, 0, 0, 0, 15, 0, 0, 0, 0, 0, () => ResourceFindingsSummaryList, () => ResourceTagList], 5
|
|
7628
7659
|
];
|
|
7629
7660
|
export var ResourcesCompositeFilter$ = [3, n0, _RCF,
|
|
@@ -7631,6 +7662,11 @@ export var ResourcesCompositeFilter$ = [3, n0, _RCF,
|
|
|
7631
7662
|
[_SF, _DF, _NF, _MF, _NCF, _Oper],
|
|
7632
7663
|
[() => ResourcesStringFilterList, () => ResourcesDateFilterList, () => ResourcesNumberFilterList, () => ResourcesMapFilterList, () => ResourcesCompositeFilterList, 0]
|
|
7633
7664
|
];
|
|
7665
|
+
export var ResourceScopes$ = [3, n0, _RSeso,
|
|
7666
|
+
0,
|
|
7667
|
+
[_AOw],
|
|
7668
|
+
[() => AwsOrganizationScopeList]
|
|
7669
|
+
];
|
|
7634
7670
|
export var ResourcesCount$ = [3, n0, _RCesour,
|
|
7635
7671
|
0,
|
|
7636
7672
|
[_ARl],
|
|
@@ -8606,6 +8642,9 @@ var AwsMountPointList = [1, n0, _AMPL,
|
|
|
8606
8642
|
var AwsNetworkFirewallFirewallSubnetMappingsList = [1, n0, _ANFFSML,
|
|
8607
8643
|
0, () => AwsNetworkFirewallFirewallSubnetMappingsDetails$
|
|
8608
8644
|
];
|
|
8645
|
+
var AwsOrganizationScopeList = [1, n0, _AOSL,
|
|
8646
|
+
0, () => AwsOrganizationScope$
|
|
8647
|
+
];
|
|
8609
8648
|
var AwsRdsDbClusterAssociatedRoles = [1, n0, _ARDCARw,
|
|
8610
8649
|
0, () => AwsRdsDbClusterAssociatedRole$
|
|
8611
8650
|
];
|
|
@@ -27,12 +27,14 @@ declare const BatchUpdateFindingsV2Command_base: {
|
|
|
27
27
|
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
|
|
28
28
|
};
|
|
29
29
|
/**
|
|
30
|
-
* <p>
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
* Member accounts can update findings for their account. <code>BatchUpdateFindings</code> and <code>BatchUpdateFindingV2</code> both use <code>securityhub:BatchUpdateFindings</code> in the <code>Action</code> element of an IAM policy statement.
|
|
30
|
+
* <p>Updates information about a customer's investigation into a finding. Delegated administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their own account.</p>
|
|
31
|
+
* <p>
|
|
32
|
+
* <code>BatchUpdateFindings</code> and <code>BatchUpdateFindingsV2</code> both use <code>securityhub:BatchUpdateFindings</code> in the <code>Action</code> element of an IAM policy statement.
|
|
34
33
|
* You must have permission to perform the <code>securityhub:BatchUpdateFindings</code> action.
|
|
35
|
-
*
|
|
34
|
+
* You can configure IAM policies to restrict access to specific finding fields or field values by using the <code>securityhub:OCSFSyntaxPath/<fieldName></code> condition key, where <code><fieldName></code> is one of the following supported fields: <code>SeverityId</code>, <code>StatusId</code>, or <code>Comment</code>.</p>
|
|
35
|
+
* <p>To prevent a user from updating a specific field, use a <code>Null</code> condition with <code>securityhub:OCSFSyntaxPath/<fieldName></code> set to <code>"false"</code>.
|
|
36
|
+
* To prevent a user from setting a field to a specific value, use a <code>StringEquals</code> condition with <code>securityhub:OCSFSyntaxPath/<fieldName></code> set to the disallowed value or list of values.</p>
|
|
37
|
+
* <p>Updates from <code>BatchUpdateFindingsV2</code> don't affect the value of <code>finding_info.modified_time</code>, <code>finding_info.modified_time_dt</code>, <code>time</code>, or <code>time_dt</code> for a finding.</p>
|
|
36
38
|
* @example
|
|
37
39
|
* Use a bare-bones client and the command you need to make an API call.
|
|
38
40
|
* ```javascript
|
|
@@ -28,9 +28,11 @@ declare const GetFindingStatisticsV2Command_base: {
|
|
|
28
28
|
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
|
|
29
29
|
};
|
|
30
30
|
/**
|
|
31
|
-
* <p>Returns aggregated statistical data about findings
|
|
32
|
-
* <
|
|
33
|
-
*
|
|
31
|
+
* <p>Returns aggregated statistical data about findings.</p>
|
|
32
|
+
* <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you aggregate findings from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
|
|
33
|
+
* <p>
|
|
34
|
+
* <code>GetFindingStatisticsV2</code> uses <code>securityhub:GetAdhocInsightResults</code> in the <code>Action</code> element of an IAM policy statement.
|
|
35
|
+
* You must have permission to perform the <code>securityhub:GetAdhocInsightResults</code> action.</p>
|
|
34
36
|
* @example
|
|
35
37
|
* Use a bare-bones client and the command you need to make an API call.
|
|
36
38
|
* ```javascript
|
|
@@ -179,6 +181,14 @@ declare const GetFindingStatisticsV2Command_base: {
|
|
|
179
181
|
* GroupByField: "activity_name" || "cloud.account.uid" || "cloud.provider" || "cloud.region" || "compliance.assessments.name" || "compliance.status" || "compliance.control" || "finding_info.title" || "finding_info.related_events.traits.category" || "finding_info.types" || "metadata.product.name" || "metadata.product.uid" || "resources.type" || "resources.uid" || "severity" || "status" || "vulnerabilities.fix_coverage" || "class_name" || "vulnerabilities.affected_packages.name" || "finding_info.analytic.name" || "compliance.standards" || "cloud.account.name" || "vendor_attributes.severity" || "metadata.product.vendor_name", // required
|
|
180
182
|
* },
|
|
181
183
|
* ],
|
|
184
|
+
* Scopes: { // FindingScopes
|
|
185
|
+
* AwsOrganizations: [ // AwsOrganizationScopeList
|
|
186
|
+
* { // AwsOrganizationScope
|
|
187
|
+
* OrganizationId: "STRING_VALUE",
|
|
188
|
+
* OrganizationalUnitId: "STRING_VALUE",
|
|
189
|
+
* },
|
|
190
|
+
* ],
|
|
191
|
+
* },
|
|
182
192
|
* SortOrder: "asc" || "desc",
|
|
183
193
|
* MaxStatisticResults: Number("int"),
|
|
184
194
|
* };
|
|
@@ -217,6 +227,12 @@ declare const GetFindingStatisticsV2Command_base: {
|
|
|
217
227
|
* The request has failed due to an internal failure of the service.
|
|
218
228
|
* </p>
|
|
219
229
|
*
|
|
230
|
+
* @throws {@link OrganizationalUnitNotFoundException} (client fault)
|
|
231
|
+
* <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
|
|
232
|
+
*
|
|
233
|
+
* @throws {@link OrganizationNotFoundException} (client fault)
|
|
234
|
+
* <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
|
|
235
|
+
*
|
|
220
236
|
* @throws {@link ThrottlingException} (client fault)
|
|
221
237
|
* <p>
|
|
222
238
|
* The limit on the number of requests per second was exceeded.
|
|
@@ -28,8 +28,11 @@ declare const GetFindingsV2Command_base: {
|
|
|
28
28
|
getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
|
|
29
29
|
};
|
|
30
30
|
/**
|
|
31
|
-
* <p>
|
|
32
|
-
*
|
|
31
|
+
* <p>Returns a list of findings that match the specified criteria.</p>
|
|
32
|
+
* <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you retrieve findings from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
|
|
33
|
+
* <p>You can use the <code>Filters</code> parameter to refine results based on finding attributes. You can use <code>Scopes</code> and <code>Filters</code> independently or together. When both are provided, <code>Scopes</code> narrows the data set first, and then <code>Filters</code> refines results within that scoped data set.</p>
|
|
34
|
+
* <p>
|
|
35
|
+
* <code>GetFindings</code> and <code>GetFindingsV2</code> both use <code>securityhub:GetFindings</code> in the <code>Action</code> element of an IAM policy statement.
|
|
33
36
|
* You must have permission to perform the <code>securityhub:GetFindings</code> action.</p>
|
|
34
37
|
* @example
|
|
35
38
|
* Use a bare-bones client and the command you need to make an API call.
|
|
@@ -174,6 +177,14 @@ declare const GetFindingsV2Command_base: {
|
|
|
174
177
|
* ],
|
|
175
178
|
* CompositeOperator: "AND" || "OR",
|
|
176
179
|
* },
|
|
180
|
+
* Scopes: { // FindingScopes
|
|
181
|
+
* AwsOrganizations: [ // AwsOrganizationScopeList
|
|
182
|
+
* { // AwsOrganizationScope
|
|
183
|
+
* OrganizationId: "STRING_VALUE",
|
|
184
|
+
* OrganizationalUnitId: "STRING_VALUE",
|
|
185
|
+
* },
|
|
186
|
+
* ],
|
|
187
|
+
* },
|
|
177
188
|
* SortCriteria: [ // SortCriteria
|
|
178
189
|
* { // SortCriterion
|
|
179
190
|
* Field: "STRING_VALUE",
|
|
@@ -211,6 +222,12 @@ declare const GetFindingsV2Command_base: {
|
|
|
211
222
|
* The request has failed due to an internal failure of the service.
|
|
212
223
|
* </p>
|
|
213
224
|
*
|
|
225
|
+
* @throws {@link OrganizationalUnitNotFoundException} (client fault)
|
|
226
|
+
* <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
|
|
227
|
+
*
|
|
228
|
+
* @throws {@link OrganizationNotFoundException} (client fault)
|
|
229
|
+
* <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
|
|
230
|
+
*
|
|
214
231
|
* @throws {@link ThrottlingException} (client fault)
|
|
215
232
|
* <p>
|
|
216
233
|
* The limit on the number of requests per second was exceeded.
|
|
@@ -29,6 +29,7 @@ declare const GetResourcesStatisticsV2Command_base: {
|
|
|
29
29
|
};
|
|
30
30
|
/**
|
|
31
31
|
* <p>Retrieves statistical information about Amazon Web Services resources and their associated security findings.</p>
|
|
32
|
+
* <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you aggregate resources from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
|
|
32
33
|
* @example
|
|
33
34
|
* Use a bare-bones client and the command you need to make an API call.
|
|
34
35
|
* ```javascript
|
|
@@ -145,6 +146,14 @@ declare const GetResourcesStatisticsV2Command_base: {
|
|
|
145
146
|
* },
|
|
146
147
|
* },
|
|
147
148
|
* ],
|
|
149
|
+
* Scopes: { // ResourceScopes
|
|
150
|
+
* AwsOrganizations: [ // AwsOrganizationScopeList
|
|
151
|
+
* { // AwsOrganizationScope
|
|
152
|
+
* OrganizationId: "STRING_VALUE",
|
|
153
|
+
* OrganizationalUnitId: "STRING_VALUE",
|
|
154
|
+
* },
|
|
155
|
+
* ],
|
|
156
|
+
* },
|
|
148
157
|
* SortOrder: "asc" || "desc",
|
|
149
158
|
* MaxStatisticResults: Number("int"),
|
|
150
159
|
* };
|
|
@@ -183,6 +192,12 @@ declare const GetResourcesStatisticsV2Command_base: {
|
|
|
183
192
|
* The request has failed due to an internal failure of the service.
|
|
184
193
|
* </p>
|
|
185
194
|
*
|
|
195
|
+
* @throws {@link OrganizationalUnitNotFoundException} (client fault)
|
|
196
|
+
* <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
|
|
197
|
+
*
|
|
198
|
+
* @throws {@link OrganizationNotFoundException} (client fault)
|
|
199
|
+
* <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
|
|
200
|
+
*
|
|
186
201
|
* @throws {@link ResourceNotFoundException} (client fault)
|
|
187
202
|
* <p>The request was rejected because we can't find the specified resource.</p>
|
|
188
203
|
*
|
|
@@ -29,6 +29,8 @@ declare const GetResourcesV2Command_base: {
|
|
|
29
29
|
};
|
|
30
30
|
/**
|
|
31
31
|
* <p>Returns a list of resources.</p>
|
|
32
|
+
* <p>You can use the <code>Scopes</code> parameter to define the data boundary for the query. Currently, <code>Scopes</code> supports <code>AwsOrganizations</code>, which lets you retrieve resources from your entire organization or from specific organizational units. Only the delegated administrator account can use <code>Scopes</code>.</p>
|
|
33
|
+
* <p>You can use the <code>Filters</code> parameter to refine results based on resource attributes. You can use <code>Scopes</code> and <code>Filters</code> independently or together. When both are provided, <code>Scopes</code> narrows the data set first, and then <code>Filters</code> refines results within that scoped data set.</p>
|
|
32
34
|
* @example
|
|
33
35
|
* Use a bare-bones client and the command you need to make an API call.
|
|
34
36
|
* ```javascript
|
|
@@ -140,6 +142,14 @@ declare const GetResourcesV2Command_base: {
|
|
|
140
142
|
* ],
|
|
141
143
|
* CompositeOperator: "AND" || "OR",
|
|
142
144
|
* },
|
|
145
|
+
* Scopes: { // ResourceScopes
|
|
146
|
+
* AwsOrganizations: [ // AwsOrganizationScopeList
|
|
147
|
+
* { // AwsOrganizationScope
|
|
148
|
+
* OrganizationId: "STRING_VALUE",
|
|
149
|
+
* OrganizationalUnitId: "STRING_VALUE",
|
|
150
|
+
* },
|
|
151
|
+
* ],
|
|
152
|
+
* },
|
|
143
153
|
* SortCriteria: [ // SortCriteria
|
|
144
154
|
* { // SortCriterion
|
|
145
155
|
* Field: "STRING_VALUE",
|
|
@@ -211,6 +221,12 @@ declare const GetResourcesV2Command_base: {
|
|
|
211
221
|
* The request has failed due to an internal failure of the service.
|
|
212
222
|
* </p>
|
|
213
223
|
*
|
|
224
|
+
* @throws {@link OrganizationalUnitNotFoundException} (client fault)
|
|
225
|
+
* <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
|
|
226
|
+
*
|
|
227
|
+
* @throws {@link OrganizationNotFoundException} (client fault)
|
|
228
|
+
* <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
|
|
229
|
+
*
|
|
214
230
|
* @throws {@link ResourceNotFoundException} (client fault)
|
|
215
231
|
* <p>The request was rejected because we can't find the specified resource.</p>
|
|
216
232
|
*
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Command as $Command } from "@smithy/smithy-client";
|
|
2
2
|
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
|
|
3
|
-
import type { ListStandardsControlAssociationsRequest
|
|
3
|
+
import type { ListStandardsControlAssociationsRequest } from "../models/models_2";
|
|
4
|
+
import type { ListStandardsControlAssociationsResponse } from "../models/models_3";
|
|
4
5
|
import type { SecurityHubClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityHubClient";
|
|
5
6
|
/**
|
|
6
7
|
* @public
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import { Command as $Command } from "@smithy/smithy-client";
|
|
2
2
|
import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
|
|
3
|
-
import type { ListTagsForResourceRequest } from "../models/
|
|
4
|
-
import type { ListTagsForResourceResponse } from "../models/models_3";
|
|
3
|
+
import type { ListTagsForResourceRequest, ListTagsForResourceResponse } from "../models/models_3";
|
|
5
4
|
import type { SecurityHubClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecurityHubClient";
|
|
6
5
|
/**
|
|
7
6
|
* @public
|
|
@@ -174,6 +174,34 @@ export declare class ServiceQuotaExceededException extends __BaseException {
|
|
|
174
174
|
*/
|
|
175
175
|
constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
|
|
176
176
|
}
|
|
177
|
+
/**
|
|
178
|
+
* <p>The request failed because one or more organizational units specified in the request don't exist within the caller's organization.</p>
|
|
179
|
+
* @public
|
|
180
|
+
*/
|
|
181
|
+
export declare class OrganizationalUnitNotFoundException extends __BaseException {
|
|
182
|
+
readonly name: "OrganizationalUnitNotFoundException";
|
|
183
|
+
readonly $fault: "client";
|
|
184
|
+
Message?: string | undefined;
|
|
185
|
+
Code?: string | undefined;
|
|
186
|
+
/**
|
|
187
|
+
* @internal
|
|
188
|
+
*/
|
|
189
|
+
constructor(opts: __ExceptionOptionType<OrganizationalUnitNotFoundException, __BaseException>);
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* <p>The request failed because one or more organizations specified in the request don't exist or don't belong to the caller's organization.</p>
|
|
193
|
+
* @public
|
|
194
|
+
*/
|
|
195
|
+
export declare class OrganizationNotFoundException extends __BaseException {
|
|
196
|
+
readonly name: "OrganizationNotFoundException";
|
|
197
|
+
readonly $fault: "client";
|
|
198
|
+
Message?: string | undefined;
|
|
199
|
+
Code?: string | undefined;
|
|
200
|
+
/**
|
|
201
|
+
* @internal
|
|
202
|
+
*/
|
|
203
|
+
constructor(opts: __ExceptionOptionType<OrganizationNotFoundException, __BaseException>);
|
|
204
|
+
}
|
|
177
205
|
/**
|
|
178
206
|
* <p>
|
|
179
207
|
* The request was rejected because it conflicts with the resource's availability. For example, you tried
|
|
@@ -1163,7 +1163,7 @@ export interface StringFilter {
|
|
|
1163
1163
|
* </ul>
|
|
1164
1164
|
* <p>
|
|
1165
1165
|
* <code>CONTAINS</code> and <code>NOT_CONTAINS</code> operators can be used only with automation rules V1.
|
|
1166
|
-
* <code>CONTAINS_WORD</code> operator is only supported in <code>GetFindingsV2</code>, <code>GetFindingStatisticsV2</code>, <code>GetResourcesV2</code>, and <code>
|
|
1166
|
+
* <code>CONTAINS_WORD</code> operator is only supported in <code>GetFindingsV2</code>, <code>GetFindingStatisticsV2</code>, <code>GetResourcesV2</code>, and <code>GetResourcesStatisticsV2</code> APIs.
|
|
1167
1167
|
* For more information, see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html">Automation rules</a> in the <i>Security Hub CSPM User Guide</i>.</p>
|
|
1168
1168
|
* @public
|
|
1169
1169
|
*/
|
|
@@ -4187,6 +4187,27 @@ export interface AwsOpenSearchServiceDomainDetails {
|
|
|
4187
4187
|
*/
|
|
4188
4188
|
AdvancedSecurityOptions?: AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails | undefined;
|
|
4189
4189
|
}
|
|
4190
|
+
/**
|
|
4191
|
+
* <p>Specifies an Organizations scope. Data from the specified organization or organizational unit is included in the response.</p>
|
|
4192
|
+
* <p>To scope to a specific organizational unit, provide <code>OrganizationalUnitId</code>. You can optionally include <code>OrganizationId</code>. If you omit <code>OrganizationId</code>, Security Hub uses the caller's organization ID.
|
|
4193
|
+
* To scope to the delegated administrator's entire organization, provide only <code>OrganizationId</code>.</p>
|
|
4194
|
+
* <p>The organization ID and organizational unit must belong to the delegated administrator's own organization.
|
|
4195
|
+
* Each request must use one scoping approach: either scope to the entire organization by providing an <code>AwsOrganizationScope</code> entry with only <code>OrganizationId</code>, or scope to specific organizational units by providing <code>AwsOrganizationScope</code> entries with <code>OrganizationalUnitId</code>. You can't combine both approaches in the same request.</p>
|
|
4196
|
+
* @public
|
|
4197
|
+
*/
|
|
4198
|
+
export interface AwsOrganizationScope {
|
|
4199
|
+
/**
|
|
4200
|
+
* <p>The unique identifier (ID) of the organization (for example, <code>o-abcd1234567890</code>). The organization must be the delegated administrator's own organization.
|
|
4201
|
+
* If you omit this value and provide <code>OrganizationalUnitId</code>, Security Hub uses the caller's organization ID.</p>
|
|
4202
|
+
* @public
|
|
4203
|
+
*/
|
|
4204
|
+
OrganizationId?: string | undefined;
|
|
4205
|
+
/**
|
|
4206
|
+
* <p>The unique identifier (ID) of the organizational unit (OU) (for example, <code>ou-ab12-cd345678</code>). The OU must exist within the delegated administrator's own organization. When specified, the results include only data from accounts in this OU.</p>
|
|
4207
|
+
* @public
|
|
4208
|
+
*/
|
|
4209
|
+
OrganizationalUnitId?: string | undefined;
|
|
4210
|
+
}
|
|
4190
4211
|
/**
|
|
4191
4212
|
* <p>An IAM role that is associated with the Amazon RDS DB cluster.</p>
|
|
4192
4213
|
* @public
|
|
@@ -9919,25 +9940,3 @@ export interface AwsWafRuleGroupDetails {
|
|
|
9919
9940
|
*/
|
|
9920
9941
|
Rules?: AwsWafRuleGroupRulesDetails[] | undefined;
|
|
9921
9942
|
}
|
|
9922
|
-
/**
|
|
9923
|
-
* <p>
|
|
9924
|
-
* A custom header for custom request and response handling.
|
|
9925
|
-
* </p>
|
|
9926
|
-
* @public
|
|
9927
|
-
*/
|
|
9928
|
-
export interface AwsWafv2CustomHttpHeader {
|
|
9929
|
-
/**
|
|
9930
|
-
* <p>
|
|
9931
|
-
* The name of the custom header.
|
|
9932
|
-
* </p>
|
|
9933
|
-
* @public
|
|
9934
|
-
*/
|
|
9935
|
-
Name?: string | undefined;
|
|
9936
|
-
/**
|
|
9937
|
-
* <p>
|
|
9938
|
-
* The value of the custom header.
|
|
9939
|
-
* </p>
|
|
9940
|
-
* @public
|
|
9941
|
-
*/
|
|
9942
|
-
Value?: string | undefined;
|
|
9943
|
-
}
|